Fix MySQL vagrant test vm build

[MMatten]

Allow MySQL service to run on vagrant CentOS box that comes with SELinux running in enforcing mode.

Resolves #568

[javornikolov]

Do we really need that change already? With ~> 8.2 we should be getting the latest 8.x >= 8.2.

[MMatten]

Ah, after reading the docs I thought this meant any 8.2.x but not 8.3.0 or later.

[MMatten]

I'm still not sure what's going on here. The docs

https://docs.chef.io/cookbook_versions.html

suggest that it wouldn't use 8.3.1 but it does end up in Berksfile.lock if I include the '~> 8.2' constraint.

[MMatten]

So why would we now want to keep this constraint?

[javornikolov]

~> 8.2 is pessimistic locking and means >= 8.2 and < 9.0. So 8.3.1 meets the constraint.

So why would we now want to keep this constraint?

Well, I don't know should we keep it or not. The old setting has the constraint, I guess we did it with idea that:

• It reminds us that versions < 8.2 are problematic and prevents us from using them.
• Also it would not automatically jump to 9.0 which might have breaking changes (mysql cookbook has proven to be a bit brittle).

Essentially the question is do we prefer ~> 8.2 or >= 8.2. The latter will give us signal that there is version >= 9.0. Maybe that's not a bad thing - we're anyway locking the versions with the Berksfile.lock and testing if things still work OK upon changing it.

Up to your judgement whether to remove the dependency constraint. It might be better to have it as separate PR since I believe it doesn't contribute to fixing the broken provisioning this time.

[MMatten]

I'm leaning towards >= 8.2 and falling back to ~> 8.2 if the mysql cookbook develops new issues in 9.x.

Agreed; a separate PR would be better.

[javornikolov]

I'm leaning towards >= 8.2 and falling back to ~> 8.2 if the mysql cookbook develops new issues in 9.x.

ok

[javornikolov]

Can we give that other name? There used it be some caveats for resources with same name (I think Chef treats is as a single entity and runs it only once).

[javornikolov]

Loosen SELinux enforcement to allow MySQL to run

The commit message is not quite reflecting the change (we had it loosened before but after reboot only).

[javornikolov]

Updates for latest mysql2_chef_gem version

It might be good to refine a bit that commit message too since we update some other cookbooks too.

[javornikolov]

Besides the other remarks, the approach implemented in selinux.rb looks good to me.

[MMatten]

Ooops. Accidentally closed. I'm not sure how I did that.

[javornikolov]

Ooops. Accidentally closed. I'm not sure how I did that.

No problem, there is reopen button which I just used :-)

[MMatten]

Ooops. Accidentally closed. I'm not sure how I did that.

No problem, there is reopen button which I just used :-)

Thanks! I've made a few tweaks. Let me know what you think.

[javornikolov]

Perm could mean permissive, permanent, ...

[MMatten]

Ah. True.

[MMatten]

I was also thinking that I should leave out the temporary false for the permanent mode change as false is the default but leaving in makes it more obvious. What's your view?

[javornikolov]

Explicit temporary flag looks OK.

[javornikolov]

If we come up with a good idea - we may try to get s support into selinux cookbook itself (e.g. scope=temporary|configuration-file|both.

[MMatten]

Pushed again.

[javornikolov]

Let's rebuild Berksfile.lock again

[MMatten]

Done.

[MMatten]

The VM is building well again 👍

Derby, HSQLDB, MySQL tests passing. Just PostgreSQL failing on CoreTests.CommonSuite.Symbols.

[javornikolov]

Thank you @MMatten! Looks good to me now, I'm merging it...