PKG-26 Create PS packages with telemetry - 8.4

build-ps/build-binary.sh

@@ -273,6 +273,7 @@ fi
         -DFORCE_INSOURCE_BUILD=1 \
         -DWITH_LIBEVENT=bundled \
         -DWITH_ZSTD=bundled \
+	-DWITH_PERCONA_TELEMETRY=ON \
         $WITH_MECAB_OPTION $OPENSSL_INCLUDE $OPENSSL_LIBRARY $CRYPTO_LIBRARY
 
     make $MAKE_JFLAG $QUIET

build-ps/debian/control

@@ -175,6 +175,7 @@ Pre-Depends: adduser,
              debconf (>= 0.2.17)
 Depends: percona-server-common (= ${binary:Version}),
          percona-server-client (= ${binary:Version}),
+	 percona-telemetry-agent,
          ${shlibs:Depends}, ${misc:Depends},
          psmisc,
          curl,

build-ps/debian/extra/apparmor.d/usr.sbin.mysqld.in2

@@ -0,0 +1,84 @@
+#include <tunables/global>
+
+/usr/sbin/mysqld flags=(complain) {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+  #include <abstractions/mysql>
+  #include <abstractions/winbind>
+
+# Allow system resource access
+  /sys/devices/system/cpu/ r,
+  /sys/devices/system/node/ r,
+  /sys/devices/system/node/** r,
+  /proc/*/status r,
+  capability sys_resource,
+  capability dac_override,
+  capability setuid,
+  capability setgid,
+  capability sys_nice,
+
+# Allow network access
+  network tcp,
+
+  /etc/hosts.allow r,
+  /etc/hosts.deny r,
+
+# Allow config access
+  /etc/mysql/** r,
+
+# Allow pid, socket, socket lock file access
+  /var/run/mysqld/mysqld.pid rw,
+  /var/run/mysqld/mysqld.sock rw,
+  /var/run/mysqld/mysqld.sock.lock rw,
+  /var/run/mysqld/mysqlx.sock rw,
+  /var/run/mysqld/mysqlx.sock.lock rw,
+  /run/mysqld/mysqld.pid rw,
+  /run/mysqld/mysqld.sock rw,
+  /run/mysqld/mysqld.sock.lock rw,
+  /run/mysqld/mysqlx.sock rw,
+  /run/mysqld/mysqlx.sock.lock rw,
+
+# Allow systemd notify messages
+  /{,var/}run/systemd/notify w,
+
+# Allow execution of server binary
+  /usr/sbin/mysqld mr,
+  /usr/sbin/mysqld-debug mr,
+
+# Allow plugin access
+  /usr/lib/mysql/plugin/ r,
+  /usr/lib/mysql/plugin/*.so* mr,
+
+# Allow error msg and charset access
+  /usr/share/mysql/ r,
+  /usr/share/mysql/** r,
+  /usr/share/mysql-@MYSQL_BASE_VERSION@/ r,
+  /usr/share/mysql-@MYSQL_BASE_VERSION@/** r,
+
+# Allow data dir access
+  /var/lib/mysql/ r,
+  /var/lib/mysql/** rwk,
+
+# Allow data files dir access
+  /var/lib/mysql-files/ r,
+  /var/lib/mysql-files/** rwk,
+
+# Allow keyring dir access
+  /var/lib/mysql-keyring/ r,
+  /var/lib/mysql-keyring/** rwk,
+
+# Allow log file access
+  /var/log/mysql/ r,
+  /var/log/mysql/** rw,
+
+# Allow access to openssl config
+  /etc/ssl/openssl.cnf r,
+
+# Allow access to PS telemetry directory
+  /usr/local/percona/telemetry/ps/ rw,
+  /usr/local/percona/telemetry/ps/** rw,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.mysqld>
+}

build-ps/debian/percona-server-server.install

@@ -23,7 +23,8 @@ debian/extra/mysql.cnf  etc/mysql/
 debian/extra/mysqld.cnf /etc/mysql/mysql.conf.d/
 
 # AppArmor profile
-debian/extra/apparmor.d/usr.sbin.mysqld.in etc/apparmor.d/
+debian/extra/apparmor.d/usr.sbin.mysqld.in2 etc/apparmor.d/
+debian/extra/apparmor.d/old_apparmor etc/apparmor.d/
 debian/extra/apparmor.d/local/usr.sbin.mysqld.in etc/apparmor.d/local/
 
 # debug binary
@@ -81,10 +82,12 @@ usr/lib/mysql/plugin/component_reference_cache.so
 usr/lib/mysql/plugin/component_keyring_file.so
 usr/lib/mysql/plugin/mysql_clone.so
 usr/lib/mysql/plugin/component_mysqlbackup.so
+usr/lib/mysql/plugin/component_percona_telemetry.so
 usr/lib/mysql/plugin/authentication_webauthn_client.so
 usr/lib/mysql/plugin/component_test_server_telemetry_metrics.so
 
 usr/lib/mysql/plugin/debug/component_mysqlbackup.so
+usr/lib/mysql/plugin/debug/component_percona_telemetry.so
 usr/lib/mysql/plugin/debug/mysql_clone.so
 usr/lib/mysql/plugin/debug/adt_null.so
 usr/lib/mysql/plugin/debug/auth_socket.so

build-ps/debian/percona-server-server.postinst

@@ -3,6 +3,16 @@
 . /usr/share/debconf/confmodule
 . /usr/share/mysql/mysql-helpers
 
+# Create directory for telemetry
+if [ -d /usr/local/percona/telemetry ]; then
+    mkdir -p /usr/local/percona/telemetry/ps
+    chown mysql:percona-telemetry /usr/local/percona/telemetry/ps
+    chmod 775 /usr/local/percona/telemetry/ps
+    chmod g+s /usr/local/percona/telemetry/ps
+    chmod u+s /usr/local/percona/telemetry/ps
+fi
+
+
 MYSQLDATA=$(my_print_defaults server mysqld | grep '^--datadir=' | sed -n 's/--datadir=//p' | tail -n 1)
 if [ -z "$MYSQLDATA" ];
 then
@@ -33,6 +43,28 @@ check_exit_status() {
         fi
 }
 
+# PKG-40 To check if the apparmor profile has been changed on the user's system
+# If the file has been changed, append telemetry rules to the file
+# If unchanged, install the new apparmor profile
+check_apparmor_files() {
+	if ! diff -q /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/old_apparmor >/dev/null; then
+		sed -i 's:  # Site-specific additions and overrides. See local/README for details.::' /etc/apparmor.d/usr.sbin.mysqld
+                sed -i 's:  #include <local/usr.sbin.mysqld>::' /etc/apparmor.d/usr.sbin.mysqld
+                sed -i '$ s/}//' /etc/apparmor.d/usr.sbin.mysqld
+                echo "# Allow access to PS telemetry directory" >> /etc/apparmor.d/usr.sbin.mysqld
+                echo "  /usr/local/percona/telemetry/ps/ rw," >> /etc/apparmor.d/usr.sbin.mysqld
+                echo "  /usr/local/percona/telemetry/ps/** rw," >> /etc/apparmor.d/usr.sbin.mysqld
+                echo "" >> /etc/apparmor.d/usr.sbin.mysqld
+                echo "  # Site-specific additions and overrides. See local/README for details." >> /etc/apparmor.d/usr.sbin.mysqld
+                echo "  #include <local/usr.sbin.mysqld>" >> /etc/apparmor.d/usr.sbin.mysqld
+                echo "}" >> /etc/apparmor.d/usr.sbin.mysqld
+                sed -r -i ':a; /^\s*$/ {N;ba}; s/( *\n *){2,}/\n/'  /etc/apparmor.d/usr.sbin.mysqld
+                rm -f /etc/apparmor.d/usr.sbin.mysqld.in2
+        else
+                mv -f /etc/apparmor.d/usr.sbin.mysqld.in2 /etc/apparmor.d/usr.sbin.mysqld
+        fi
+}
+
 MY_BASEDIR_VERSION=$(my_print_defaults --loose-verbose mysqld server | grep basedir | awk -F'=' '{print $2}')
 TOKUDB=$(dpkg -l | grep -c 'percona-server-tokudb')
 if [ $TOKUDB = 1 ]
@@ -123,22 +155,17 @@ case "$1" in
 
 		PROFILE_ACTION="Use NEW AppArmor profile"
 		# If the existing AppArmor module/local profile is the proper file, we back it up
-		if [ -f "/etc/apparmor.d/usr.sbin.mysqld" -o -f "/etc/apparmor.d/local/usr.sbin.mysqld" ]; then
-			db_input high percona-server-server/existing_profile_file || true
-			db_go
-			db_get percona-server-server/existing_config_file && PROFILE_ACTION=${RET}
-		fi
-		if [ "${PROFILE_ACTION}" = "Use NEW AppArmor profile" ]; then
-			DATE=`date +%Y-%m-%d-%H:%m:%S`
-			cp /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/usr.sbin.mysqld_$DATE.bak 2> /dev/null || true
-			cp /etc/apparmor.d/local/usr.sbin.mysqld /etc/apparmor.d/local/usr.sbin.mysqld_$DATE.bak 2> /dev/null || true
-
-			mv -f /etc/apparmor.d/usr.sbin.mysqld.in /etc/apparmor.d/usr.sbin.mysqld
+		if [ -f "/etc/apparmor.d/usr.sbin.mysqld" ]; then
+			check_apparmor_files
+		else
+			mv -f /etc/apparmor.d/usr.sbin.mysqld.in2 /etc/apparmor.d/usr.sbin.mysqld 2> /dev/null || true
+                fi
+		if [ -f "/etc/apparmor.d/local/usr.sbin.mysqld" ]; then
+			rm -f /etc/apparmor.d/local/usr.sbin.mysqld.in
+		else
 			mv -f /etc/apparmor.d/local/usr.sbin.mysqld.in /etc/apparmor.d/local/usr.sbin.mysqld
-
 		fi
-		rm -f /etc/apparmor.d/usr.sbin.mysqld.in
-		rm -f /etc/apparmor.d/local/usr.sbin.mysqld.in
+		rm -f /etc/apparmor.d/old_apparmor
 		if aa-status --enabled 2>/dev/null; then
 			apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.mysqld 2>/dev/null || true
 		fi
@@ -173,7 +200,15 @@ EOF
 			rm -f "$SQL"
 		fi
 		set +e
-
+	else
+		if [ -f "/etc/apparmor.d/usr.sbin.mysqld" ]; then
+			check_apparmor_files
+                fi
+		rm -f /etc/apparmor.d/old_apparmor
+		mv -f /etc/apparmor.d/usr.sbin.mysqld.in2 /etc/apparmor.d/usr.sbin.mysqld 2> /dev/null || true
+		if aa-status --enabled 2>/dev/null; then
+			apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.mysqld 2>/dev/null || true
+                fi
 	fi
 	chmod +x /etc/init.d/mysql || true
 	;;

build-ps/debian/percona-server-server.postrm

@@ -58,8 +58,14 @@ case "$1" in
 	remove)
 
 	set -e
+	PS_TELEMETRY=/usr/local/percona/telemetry/ps
 
 	place_upstart_job_back
+	# Remove PS Telemetry directory
+	if [ -d ${PS_TELEMETRY} ];
+	then
+                rm -rf ${PS_TELEMETRY}
+        fi
 	update-alternatives --remove my.cnf "/etc/mysql/mysql.cnf"
 
 	set +e

build-ps/debian/rules

@@ -95,6 +95,7 @@ ifeq ($(SKIP_DEBUG_BINARY),)
                 -DWITH_ENCRYPTION_UDF=ON \
 		-DWITH_NUMA=ON \
 		-DWITH_LDAP=system \
+		-DWITH_PERCONA_TELEMETRY=ON \
 		-DWITH_EXTRA_CHARSETS=all $(TOKUDB_OPTS_DEBUG) ..
 endif
 
@@ -143,6 +144,7 @@ endif
 		-DWITH_ENCRYPTION_UDF=ON \
 		-DWITH_NUMA=ON \
 		-DWITH_LDAP=system \
+		-DWITH_PERCONA_TELEMETRY=ON \
 		-DWITH_EXTRA_CHARSETS=all $(TOKUDB_OPTS_RELEASE) ..
 
 	touch $@

build-ps/percona-server-8.0_builder.sh

@@ -874,6 +874,8 @@ build_deb(){
     cat call-home.sh >> percona-server-server.postinst
     echo "CALLHOME" >> percona-server-server.postinst
     echo "bash +x /tmp/call-home.sh -f \"PRODUCT_FAMILY_PS\" -v \"${VERSION}-${RELEASE}-${DEB_RELEASE}\" -d \"PACKAGE\" &>/dev/null || :" >> percona-server-server.postinst
+    echo "chgrp percona-telemetry /usr/local/percona/telemetry_uuid &>/dev/null || :" >> percona-server-server"${postfix}".postinst
+    echo "chmod 664 /usr/local/percona/telemetry_uuid &>/dev/null || :" >> percona-server-server"${postfix}".postinst
     echo "rm -rf /tmp/call-home.sh" >> percona-server-server.postinst
     echo "exit 0" >> percona-server-server.postinst
     rm -f call-home.sh

build-ps/percona-server.spec

@@ -119,6 +119,9 @@
 
 %ifarch x86_64
 %global __isa_bits            64
+if 0%{?rhel} >= 8
+%global ps_telemetry          /usr/local/percona/telemetry/ps
+%endif
 %endif
 
 %global src_dir               %{src_base}-%{mysql_version}-%{percona_server_version}
@@ -246,6 +249,11 @@ Requires:       percona-server-client
 Requires:       percona-icu-data-files
 Requires:       curl
 Requires:       openssl
+%ifarch x86_64
+if 0%{?rhel} >= 8
+Requires:  percona-telemetry-agent
+%endif
+%endif
 Obsoletes:     community-mysql-bench
 Obsoletes:     mysql-bench
 Obsoletes:     mariadb-connector-c-config
@@ -550,6 +558,7 @@ mkdir debug
            -DWITH_ZSTD=bundled \
            -DWITH_EDITLINE=bundled \
            -DWITH_LIBEVENT=bundled \
+	   -DWITH_PERCONA_TELEMETRY=ON \
 %if 0%{?add_fido_plugins}
            -DWITH_FIDO=bundled \
 %else
@@ -605,6 +614,7 @@ mkdir release
            -DWITH_EDITLINE=bundled \
            -DWITH_LIBEVENT=bundled \
            -DWITH_ZSTD=bundled \
+	   -DWITH_PERCONA_TELEMETRY=ON \
 %if 0%{?add_fido_plugins}
            -DWITH_FIDO=bundled \
 %else
@@ -760,6 +770,18 @@ fi
   fi
 %endif
 
+%ifarch x86_64
+if 0%{?rhel} >= 8
+mkdir -p %{ps_telemetry}
+chown mysql:percona-telemetry %{ps_telemetry}
+chmod 775 %{ps_telemetry}
+chmod g+s %{ps_telemetry}
+chmod u+s %{ps_telemetry}
+chcon -t mysqld_db_t %{ps_telemetry}
+chcon -u system_u %{ps_telemetry}
+%endif
+%endif
+
 if [ -d /etc/percona-server.conf.d ]; then
     CONF_EXISTS=$(grep "percona-server.conf.d" /etc/my.cnf | wc -l)
     if [ ${CONF_EXISTS} = 0 ]; then
@@ -769,6 +791,8 @@ fi
 
 cp %SOURCE999 /tmp/ 2>/dev/null ||
 bash /tmp/call-home.sh -f "PRODUCT_FAMILY_PS" -v %{mysql_version}-%{percona_server_version}-%{rpm_release} -d "PACKAGE" &>/dev/null || :
+chgrp percona-telemetry /usr/local/percona/telemetry_uuid &>/dev/null || :
+chmod 664 /usr/local/percona/telemetry_uuid &>/dev/null || :
 rm -f /tmp/call-home.sh
 
 echo "Percona Server is distributed with several useful UDF (User Defined Function) from Percona Toolkit."
@@ -803,6 +827,11 @@ fi
     /sbin/service mysql condrestart >/dev/null 2>&1 || :
   fi
 %endif
+%ifarch x86_64
+if 0%{?rhel} >= 8
+rm -rf %{ps_telemetry}
+%endif
+%endif
 
 %posttrans -n percona-server-server
 if [ -d %{_datadir}/mysql ] && [ ! -L %{_datadir}/mysql ]; then
@@ -993,6 +1022,11 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_validate_password.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_audit_api_message_emit.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_query_attributes.so
+%ifarch x86_64
+if 0%{?rhel} >= 8
+%attr(755, root, root) %{_libdir}/mysql/plugin/component_percona_telemetry.so
+%endif
+%endif
 %attr(755, root, root) %{_libdir}/mysql/plugin/connection_control.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/ddl_rewriter.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/ha_example.so
@@ -1045,6 +1079,11 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_validate_password.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_audit_api_message_emit.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_query_attributes.so
+%ifarch x86_64
+if 0%{?rhel} >= 8
+%attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_percona_telemetry.so
+%endif
+%endif
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/connection_control.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/ddl_rewriter.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/ha_example.so