메뉴 닫기

[ERROR] InnoDB: The innodb_system data file ‘ibdata1’ must be writable

테스트 환경 : IWINV rCore.P1
OS : Ubuntu 16.04 LTS(64bit)
 
# mysql -V
mysql  Ver 14.14 Distrib 5.7.16, for Linux (x86_64) using  EditLine wrapper
 
증상 : mysql datadir 변경을 위해 mysql.conf 파일을 수정후 데몬을 재시작하는 과정에서 아래와 같은 에러발생 
 
# tail -f /var/log/mysql/error.log
2016-12-14T05:02:36.050835Z 0 [Warning] Changed limits: max_open_files: 1024 (requested 5000)
2016-12-14T05:02:36.050880Z 0 [Warning] Changed limits: table_open_cache: 431 (requested 2000)
2016-12-14T05:02:36.206919Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use –explicit_defaults_for_timestamp server option (see documentation for more details).
2016-12-14T05:02:36.207217Z 0 [Warning] Can’t create test file /mnt/mysql/leekh-vm46.lower-test
2016-12-14T05:02:36.207249Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.16-0ubuntu0.16.04.1) starting as process 30872 …
2016-12-14T05:02:36.210197Z 0 [Warning] Can’t create test file /mnt/mysql/leekh-vm46.lower-test
2016-12-14T05:02:36.210226Z 0 [Warning] Can’t create test file /mnt/mysql/leekh-vm46.lower-test
2016-12-14T05:02:36.212774Z 0 [Note] InnoDB: PUNCH HOLE support available
2016-12-14T05:02:36.212821Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2016-12-14T05:02:36.212847Z 0 [Note] InnoDB: Uses event mutexes
2016-12-14T05:02:36.212865Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2016-12-14T05:02:36.212882Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.8
2016-12-14T05:02:36.212918Z 0 [Note] InnoDB: Using Linux native AIO
2016-12-14T05:02:36.213215Z 0 [Note] InnoDB: Number of pools: 1
2016-12-14T05:02:36.213366Z 0 [Note] InnoDB: Using CPU crc32 instructions
2016-12-14T05:02:36.214971Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2016-12-14T05:02:36.224290Z 0 [Note] InnoDB: Completed initialization of buffer pool
2016-12-14T05:02:36.226654Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2016-12-14T05:02:36.236736Z 0 [ERROR] InnoDB: The innodb_system data file ‘ibdata1’ must be writable
2016-12-14T05:02:36.236801Z 0 [ERROR] InnoDB: The innodb_system data file ‘ibdata1’ must be writable
2016-12-14T05:02:36.236820Z 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
2016-12-14T05:02:36.837736Z 0 [ERROR] Plugin ‘InnoDB’ init function returned error.
2016-12-14T05:02:36.837896Z 0 [ERROR] Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed.
2016-12-14T05:02:36.837946Z 0 [ERROR] Failed to initialize plugins.
2016-12-14T05:02:36.837989Z 0 [ERROR] Aborting
 
2016-12-14T05:02:36.838038Z 0 [Note] Binlog end
2016-12-14T05:02:36.838186Z 0 [Note] Shutting down plugin ‘CSV’
2016-12-14T05:02:36.838250Z 0 [Note] Shutting down plugin ‘MyISAM’
2016-12-14T05:02:36.838808Z 0 [Note] /usr/sbin/mysqld: Shutdown complete
 
# dmess -T 
[Wed Dec 14 14:00:03 2016] audit: type=1400 audit(1481691603.708:3941): apparmor=”DENIED” operation=”mknod” profile=”/usr/sbin/mysqld” name=”/mnt/mysql/leekh-vm46.lower-test” pid=30428 comm=”mysqld” requested_mask=”c” denied_mask=”c” fsuid=111 ouid=111
[Wed Dec 14 14:00:03 2016] audit: type=1400 audit(1481691603.708:3942): apparmor=”DENIED” operation=”mknod” profile=”/usr/sbin/mysqld” name=”/mnt/mysql/leekh-vm46.lower-test” pid=30428 comm=”mysqld” requested_mask=”c” denied_mask=”c” fsuid=111 ouid=111
[Wed Dec 14 14:00:03 2016] audit: type=1400 audit(1481691603.736:3943): apparmor=”DENIED” operation=”open” profile=”/usr/sbin/mysqld” name=”/mnt/mysql/ibdata1″ pid=30428 comm=”mysqld” requested_mask=”wr” denied_mask=”wr” fsuid=111 ouid=111
 
원인)
Ubuntu 보안패키지 Apparmor 이녀석때문입니다.

https://help.ubuntu.com/community/AppArmor

apparmor (“Application Armor”)는 시스템 관리자가 프로그램 프로필 별로 프로그램의 역량을 제한할 수 있게 해주는 리눅스 커널 보안 모듈로 mysqld 명령어도 제한사항에 포함되어있습니다.

아래와 같은 방법으로 조치가능하니 참고하기 바랍니다.
 
 
:: aa-status – Displays various information about the currently loaded AppArmor policy.
# aa-status 
apparmor module is loaded.
13 profiles are loaded.
13 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/lxc-start
   /usr/bin/ubuntu-core-launcher
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/lxd/lxd-bridge-proxy
   /usr/sbin/mysqld
   /usr/sbin/tcpdump
   lxc-container-default
   lxc-container-default-cgns
   lxc-container-default-with-mounting
   lxc-container-default-with-nesting
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode.
   /sbin/dhclient (951) 
   /sbin/dhclient (1010) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
 
 
조치
방법1) mysql 서비스 Apparmor 보안정책 disable
# apt install apparmor-utils
 
# aa-disable /etc/apparmor.d/usr.sbin.mysqld 
Disabling /etc/apparmor.d/usr.sbin.mysqld.
 
# aa-status 
apparmor module is loaded.
12 profiles are loaded.
12 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/lxc-start
   /usr/bin/ubuntu-core-launcher
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/lxd/lxd-bridge-proxy
   /usr/sbin/tcpdump
   lxc-container-default
   lxc-container-default-cgns
   lxc-container-default-with-mounting
   lxc-container-default-with-nesting
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode.
   /sbin/dhclient (951) 
   /sbin/dhclient (1010) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
 
 
방법2) Apparmor 서비스에 mysql 디렉토리 변경
# vim /etc/apparmor.d/usr.sbin/mysqld
# Allow data dir access
# 주석처리 /var/lib/mysql/ r,
# 주석처리 /var/lib/mysql/** rwk,
  /mnt/mysql/ r,
  /mnt/mysql/** rwk,
 
# service apparmor restart
# service mysql start
 
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x