1 00:00:06,320 --> 00:00:11,499 [Music] 2 00:00:16,400 --> 00:00:20,480 hi i'm dania black i am the chief 3 00:00:18,640 --> 00:00:22,960 innovation officer at the marina bay 4 00:00:20,480 --> 00:00:25,760 foundation it's a pleasure to be at 5 00:00:22,960 --> 00:00:28,240 linux conf australia here uh today and 6 00:00:25,760 --> 00:00:30,400 especially talking about this topic 7 00:00:28,240 --> 00:00:32,160 of mourinho and systemd and the 8 00:00:30,400 --> 00:00:34,320 integration of it 9 00:00:32,160 --> 00:00:37,920 just as a little bit of a back story 10 00:00:34,320 --> 00:00:41,280 this uh funding of the initial work of 11 00:00:37,920 --> 00:00:44,239 uh systemd capabilities into marietv uh 12 00:00:41,280 --> 00:00:46,399 all six years ago seven years ago was 13 00:00:44,239 --> 00:00:49,039 actually funded by the open source 14 00:00:46,399 --> 00:00:51,920 developers club and so i'd like to you 15 00:00:49,039 --> 00:00:53,920 know give a little blatant thanks again 16 00:00:51,920 --> 00:00:55,840 for um funding the work and actually 17 00:00:53,920 --> 00:00:57,600 getting me through a few months but 18 00:00:55,840 --> 00:00:59,760 enough of the background 19 00:00:57,600 --> 00:01:02,800 let's start off with a demo and where 20 00:00:59,760 --> 00:01:03,600 i'll actually go through the aspects of 21 00:01:02,800 --> 00:01:05,840 how 22 00:01:03,600 --> 00:01:07,040 to set up a multi-instance version of 23 00:01:05,840 --> 00:01:10,159 marie db 24 00:01:07,040 --> 00:01:11,680 uh with the per user configuration 25 00:01:10,159 --> 00:01:15,040 don't worry about taking notes they'll 26 00:01:11,680 --> 00:01:19,040 be on the the website beside it and so 27 00:01:15,040 --> 00:01:20,880 enjoy the presentation thank you bye 28 00:01:19,040 --> 00:01:23,280 i'm sure you've all seen systemd 29 00:01:20,880 --> 00:01:26,479 services before but i'll just show you 30 00:01:23,280 --> 00:01:29,040 ready service for which begins with far 31 00:01:26,479 --> 00:01:31,040 too much documentation uh just go 32 00:01:29,040 --> 00:01:33,759 documentation is cool 33 00:01:31,040 --> 00:01:36,320 uh we see that it's a type equals notify 34 00:01:33,759 --> 00:01:38,640 service and has been since 35 00:01:36,320 --> 00:01:43,439 the 10.1 days 36 00:01:38,640 --> 00:01:44,960 we see that it's got a user and 37 00:01:43,439 --> 00:01:47,280 group of my 38 00:01:44,960 --> 00:01:48,880 sql there 39 00:01:47,280 --> 00:01:50,720 um we see it's got a bunch of 40 00:01:48,880 --> 00:01:52,720 capabilities 41 00:01:50,720 --> 00:01:54,960 we see in the middle there the protect 42 00:01:52,720 --> 00:01:57,119 home equals true which we're going to 43 00:01:54,960 --> 00:01:58,880 need to address because we're doing 44 00:01:57,119 --> 00:02:01,280 multiple instances 45 00:01:58,880 --> 00:02:04,320 um of in the user's home directory and 46 00:02:01,280 --> 00:02:07,280 we'll also scroll exec um start reading 47 00:02:04,320 --> 00:02:08,479 if it's true that we also need to 48 00:02:07,280 --> 00:02:10,319 address 49 00:02:08,479 --> 00:02:13,280 um when we 50 00:02:10,319 --> 00:02:16,319 do our service 51 00:02:13,280 --> 00:02:18,480 so for the more a student of you will 52 00:02:16,319 --> 00:02:21,840 notice actually on your system there's 53 00:02:18,480 --> 00:02:24,879 already a bunch of templated services 54 00:02:21,840 --> 00:02:27,280 are running on by default 55 00:02:24,879 --> 00:02:30,160 and these are denoted by the at symbol 56 00:02:27,280 --> 00:02:31,519 in the service file 57 00:02:30,160 --> 00:02:34,080 the 58 00:02:31,519 --> 00:02:38,319 element after the at symbol is the 59 00:02:34,080 --> 00:02:41,200 instance name and if we look at say the 60 00:02:38,319 --> 00:02:43,280 service file for the use of runtime 61 00:02:41,200 --> 00:02:44,239 service we see that it's pretty much the 62 00:02:43,280 --> 00:02:45,760 same 63 00:02:44,239 --> 00:02:48,239 except it's got this bunch of 64 00:02:45,760 --> 00:02:50,959 percentiles which is the templated 65 00:02:48,239 --> 00:02:53,120 aspect and there's numerous 66 00:02:50,959 --> 00:02:57,360 other variables but for the most part 67 00:02:53,120 --> 00:02:57,360 we'll just be using percent i today 68 00:02:57,599 --> 00:03:02,640 now marine db has had a multi-instance 69 00:03:01,040 --> 00:03:04,560 service for a while that was 70 00:03:02,640 --> 00:03:05,519 significantly improved 71 00:03:04,560 --> 00:03:08,000 in 72 00:03:05,519 --> 00:03:09,680 10.4 and above 73 00:03:08,000 --> 00:03:12,319 and that 74 00:03:09,680 --> 00:03:15,120 looks like this 75 00:03:12,319 --> 00:03:16,640 so also begins with much 76 00:03:15,120 --> 00:03:18,800 documentation 77 00:03:16,640 --> 00:03:20,640 and there's much more useful 78 00:03:18,800 --> 00:03:23,440 documentation here because there's a 79 00:03:20,640 --> 00:03:26,159 number of ways a user may want to run 80 00:03:23,440 --> 00:03:29,440 their multi-instance service 81 00:03:26,159 --> 00:03:33,040 and we've included a number of ways to 82 00:03:29,440 --> 00:03:34,640 configure all these easily 83 00:03:33,040 --> 00:03:37,040 we 84 00:03:34,640 --> 00:03:39,360 sort of set the the base line rather 85 00:03:37,040 --> 00:03:42,080 consistent with this mysql the 86 00:03:39,360 --> 00:03:43,920 multi-instance environment variable 87 00:03:42,080 --> 00:03:47,599 and that 88 00:03:43,920 --> 00:03:49,440 is used for not only the install db but 89 00:03:47,599 --> 00:03:50,640 starting it also 90 00:03:49,440 --> 00:03:53,040 once we've 91 00:03:50,640 --> 00:03:55,920 got those two consistent we 92 00:03:53,040 --> 00:03:58,480 can pretty much got a reliable system in 93 00:03:55,920 --> 00:03:58,480 that way 94 00:03:59,760 --> 00:04:05,120 there's a number of mdb 95 00:04:02,400 --> 00:04:05,920 system variables or command line options 96 00:04:05,120 --> 00:04:08,239 that 97 00:04:05,920 --> 00:04:11,040 uh by default will actually conflict if 98 00:04:08,239 --> 00:04:13,680 you try to run more than uh one instance 99 00:04:11,040 --> 00:04:18,720 of radio in your system and they are the 100 00:04:13,680 --> 00:04:18,720 socket the port and the data directory 101 00:04:18,959 --> 00:04:24,639 our goal here was to run a instance per 102 00:04:23,120 --> 00:04:27,360 user 103 00:04:24,639 --> 00:04:29,840 and that means that the socket and the 104 00:04:27,360 --> 00:04:31,759 data directory are quite easy we can 105 00:04:29,840 --> 00:04:33,120 just run those in a user's home 106 00:04:31,759 --> 00:04:36,479 directory 107 00:04:33,120 --> 00:04:39,520 the port number is a little bit trickier 108 00:04:36,479 --> 00:04:40,560 one way of doing it is to map 109 00:04:39,520 --> 00:04:44,080 the 110 00:04:40,560 --> 00:04:46,080 user id of the user and use that as the 111 00:04:44,080 --> 00:04:48,800 port number um 112 00:04:46,080 --> 00:04:51,759 on my system here like the default user 113 00:04:48,800 --> 00:04:55,280 id is like a thousand which is less than 114 00:04:51,759 --> 00:04:57,840 1024 so we're going to need to do a 115 00:04:55,280 --> 00:05:00,080 little bit a bit of a trick here to get 116 00:04:57,840 --> 00:05:00,080 that 117 00:05:01,360 --> 00:05:06,320 to make the deployment of this a little 118 00:05:03,520 --> 00:05:08,080 bit easier what i've got here is a 119 00:05:06,320 --> 00:05:09,759 little template file 120 00:05:08,080 --> 00:05:12,960 of the configuration that we're going to 121 00:05:09,759 --> 00:05:15,199 plop into every user's home directory 122 00:05:12,960 --> 00:05:17,199 that contains uh the user port and the 123 00:05:15,199 --> 00:05:19,360 socket and the data directory the the 124 00:05:17,199 --> 00:05:21,680 conflicting items 125 00:05:19,360 --> 00:05:22,960 um well the user isn't completing but 126 00:05:21,680 --> 00:05:26,160 let's um 127 00:05:22,960 --> 00:05:28,960 put each on their own user for 128 00:05:26,160 --> 00:05:30,720 just manageability 129 00:05:28,960 --> 00:05:33,600 now integrate this 130 00:05:30,720 --> 00:05:36,080 into system d by 131 00:05:33,600 --> 00:05:39,360 uh in the service file and we're going 132 00:05:36,080 --> 00:05:40,400 to do the system control edit media dot 133 00:05:39,360 --> 00:05:45,199 service 134 00:05:40,400 --> 00:05:45,199 and actually add an override file 135 00:05:45,759 --> 00:05:50,240 this is a bunch of 136 00:05:47,840 --> 00:05:53,120 options that override the 137 00:05:50,240 --> 00:05:55,360 default configurations so it should be 138 00:05:53,120 --> 00:05:58,720 fairly minimal 139 00:05:55,360 --> 00:06:00,160 we've got our user group both set to 140 00:05:58,720 --> 00:06:03,039 percent i 141 00:06:00,160 --> 00:06:06,000 uh such that it's a user 142 00:06:03,039 --> 00:06:07,919 of the system we've removed the project 143 00:06:06,000 --> 00:06:12,160 home privileges 144 00:06:07,919 --> 00:06:15,360 uh we've also removed the start 145 00:06:12,160 --> 00:06:16,720 only permissions not only so our all our 146 00:06:15,360 --> 00:06:21,199 exit priests 147 00:06:16,720 --> 00:06:23,919 scripts here don't actually run as root 148 00:06:21,199 --> 00:06:25,440 as before i mentioned the the mysql d 149 00:06:23,919 --> 00:06:28,639 multi-instance 150 00:06:25,440 --> 00:06:30,160 environment variable is used 151 00:06:28,639 --> 00:06:31,919 by the 152 00:06:30,160 --> 00:06:34,720 the marine to be installed to be in 153 00:06:31,919 --> 00:06:37,520 starting of the service and we 154 00:06:34,720 --> 00:06:40,240 to make it consistent 155 00:06:37,520 --> 00:06:41,520 our exit pre-line here is 156 00:06:40,240 --> 00:06:43,680 if the 157 00:06:41,520 --> 00:06:45,039 configuration file doesn't exist we 158 00:06:43,680 --> 00:06:49,360 crudely use 159 00:06:45,039 --> 00:06:51,759 set as a sudo templating uh tool to 160 00:06:49,360 --> 00:06:54,000 create the my.cmf file if it's not 161 00:06:51,759 --> 00:06:55,919 already there 162 00:06:54,000 --> 00:06:59,520 uh we see the trick that we did with the 163 00:06:55,919 --> 00:07:02,160 port we grant the user's id added 3000 164 00:06:59,520 --> 00:07:05,520 to it in a little bit of uh bash 165 00:07:02,160 --> 00:07:09,120 arithmetic and um 166 00:07:05,520 --> 00:07:09,120 and that's used for the port number 167 00:07:09,840 --> 00:07:16,560 in our mood to be installed db uh we 168 00:07:13,120 --> 00:07:20,960 notice we're using a 169 00:07:16,560 --> 00:07:23,039 root authentication mechanism of socket 170 00:07:20,960 --> 00:07:25,360 and a root authentic 171 00:07:23,039 --> 00:07:29,360 socket user equivalent to the username 172 00:07:25,360 --> 00:07:33,280 starting the service and we do that for 173 00:07:29,360 --> 00:07:35,360 um the security to ensure that 174 00:07:33,280 --> 00:07:36,880 the the unix user 175 00:07:35,360 --> 00:07:37,210 has to be 176 00:07:36,880 --> 00:07:38,319 um 177 00:07:37,210 --> 00:07:41,199 [Music] 178 00:07:38,319 --> 00:07:42,800 connecting to the socket for it to be 179 00:07:41,199 --> 00:07:46,240 authenticated properly and i'll show an 180 00:07:42,800 --> 00:07:49,840 example of that later 181 00:07:46,240 --> 00:07:52,560 we skipped the testdb here uh 182 00:07:49,840 --> 00:07:55,599 it's not only the testdb it's also the 183 00:07:52,560 --> 00:07:58,599 anonymous user that we typically don't 184 00:07:55,599 --> 00:07:58,599 want 185 00:07:58,879 --> 00:08:04,080 because a user on the command line could 186 00:08:01,599 --> 00:08:06,960 just go shut down and it will 187 00:08:04,080 --> 00:08:11,039 effectively shut down the service we put 188 00:08:06,960 --> 00:08:12,960 a restart always here so the service 189 00:08:11,039 --> 00:08:16,879 starts up if they happen to do it just 190 00:08:12,960 --> 00:08:16,879 to save some support calls 191 00:08:19,599 --> 00:08:24,319 if we 192 00:08:21,680 --> 00:08:27,039 name and reload 193 00:08:24,319 --> 00:08:31,039 let's use 194 00:08:27,039 --> 00:08:31,039 why this does it at this stage 195 00:08:31,280 --> 00:08:37,680 we look to see what 196 00:08:34,159 --> 00:08:40,000 files are there there's no sockets there 197 00:08:37,680 --> 00:08:42,159 and 198 00:08:40,000 --> 00:08:45,040 just to show that 199 00:08:42,159 --> 00:08:47,920 there's no my.cnf 200 00:08:45,040 --> 00:08:52,480 there by default 201 00:08:47,920 --> 00:08:52,480 so if we start our service 202 00:08:53,680 --> 00:09:01,680 udb at dan dot service 203 00:08:58,080 --> 00:09:03,440 you can see within a second or so it's 204 00:09:01,680 --> 00:09:05,360 it started 205 00:09:03,440 --> 00:09:08,959 and if you look at the status 206 00:09:05,360 --> 00:09:10,959 you see it's up and running we've 207 00:09:08,959 --> 00:09:12,240 executed all our prescript we've got a 208 00:09:10,959 --> 00:09:15,120 main pid 209 00:09:12,240 --> 00:09:16,640 we've got a status of taking your sql 210 00:09:15,120 --> 00:09:19,440 request now 211 00:09:16,640 --> 00:09:21,920 so we may as well 212 00:09:19,440 --> 00:09:23,440 if we look at our files there we see 213 00:09:21,920 --> 00:09:25,440 it's created 214 00:09:23,440 --> 00:09:28,480 those socket files 215 00:09:25,440 --> 00:09:32,160 and in our configuration file uh that 216 00:09:28,480 --> 00:09:33,760 one's also been populated 217 00:09:32,160 --> 00:09:36,880 so let's connect 218 00:09:33,760 --> 00:09:39,360 more dippy is the client thing uh 219 00:09:36,880 --> 00:09:41,360 utility as a monitor 220 00:09:39,360 --> 00:09:44,080 uh see it connects there 221 00:09:41,360 --> 00:09:45,200 we do backslash s to show our current 222 00:09:44,080 --> 00:09:48,320 connection 223 00:09:45,200 --> 00:09:51,680 we see the current user is then at 224 00:09:48,320 --> 00:09:54,640 localhost not surprisingly 225 00:09:51,680 --> 00:09:55,839 we also see down the bottom 226 00:09:54,640 --> 00:09:58,080 that the 227 00:09:55,839 --> 00:09:59,200 unix socket is home 228 00:09:58,080 --> 00:10:02,480 dan 229 00:09:59,200 --> 00:10:04,399 marie dibby dot sock 230 00:10:02,480 --> 00:10:06,880 if we show grants 231 00:10:04,399 --> 00:10:09,680 we can see that we've got all privileges 232 00:10:06,880 --> 00:10:12,160 on star.star with the grant option so 233 00:10:09,680 --> 00:10:15,600 we've got all the privileges of 234 00:10:12,160 --> 00:10:18,959 uh what's normally a user 235 00:10:15,600 --> 00:10:20,480 we've authenticated using the unix 236 00:10:18,959 --> 00:10:22,800 socket 237 00:10:20,480 --> 00:10:25,680 however the 238 00:10:22,800 --> 00:10:28,079 mysql native authenticate password 239 00:10:25,680 --> 00:10:30,320 authentication is still there 240 00:10:28,079 --> 00:10:32,880 um however it's got no password hash 241 00:10:30,320 --> 00:10:36,079 currently so that bit's disabled until 242 00:10:32,880 --> 00:10:38,079 we actually set a password 243 00:10:36,079 --> 00:10:40,720 however for the most part it's more 244 00:10:38,079 --> 00:10:42,160 secure this way because once we set a 245 00:10:40,720 --> 00:10:44,880 password 246 00:10:42,160 --> 00:10:47,360 another user on the system could 247 00:10:44,880 --> 00:10:49,680 actually access it 248 00:10:47,360 --> 00:10:50,959 this account using the password 249 00:10:49,680 --> 00:10:53,680 so it's 250 00:10:50,959 --> 00:10:58,040 securing its default installation 251 00:10:53,680 --> 00:10:58,040 without a password set 252 00:11:00,959 --> 00:11:05,600 so what about another user well 253 00:11:06,000 --> 00:11:09,440 let's add tom 254 00:11:10,399 --> 00:11:16,079 easy enough as a user and we start their 255 00:11:14,480 --> 00:11:17,600 service 256 00:11:16,079 --> 00:11:19,839 it takes 257 00:11:17,600 --> 00:11:22,160 after the same time 258 00:11:19,839 --> 00:11:24,640 and if we 259 00:11:22,160 --> 00:11:27,120 look at the status we see it's up and 260 00:11:24,640 --> 00:11:30,160 running with home 261 00:11:27,120 --> 00:11:32,240 slash thomas the configuration file 262 00:11:30,160 --> 00:11:35,120 um yeah and 263 00:11:32,240 --> 00:11:36,399 for the most part it's identical if we 264 00:11:35,120 --> 00:11:39,279 look at 265 00:11:36,399 --> 00:11:43,320 the red processors on the system we 266 00:11:39,279 --> 00:11:43,320 magically see there's two 267 00:11:44,800 --> 00:11:47,600 remember 268 00:11:45,920 --> 00:11:50,160 when we 269 00:11:47,600 --> 00:11:52,079 looked at our home directory we see that 270 00:11:50,160 --> 00:11:54,079 there's a moody socket 271 00:11:52,079 --> 00:11:55,760 oops we've created that 272 00:11:54,079 --> 00:11:57,040 with 273 00:11:55,760 --> 00:11:59,440 global 274 00:11:57,040 --> 00:12:02,160 uh re write permissions 275 00:11:59,440 --> 00:12:02,959 so this means our user 276 00:12:02,160 --> 00:12:05,760 tom 277 00:12:02,959 --> 00:12:08,000 can actually connect to it 278 00:12:05,760 --> 00:12:11,200 so if we do this 279 00:12:08,000 --> 00:12:12,560 uh we see oh access desired for tom 280 00:12:11,200 --> 00:12:14,959 but what if 281 00:12:12,560 --> 00:12:17,680 running as tom we try to connect with 282 00:12:14,959 --> 00:12:18,720 dan we get an access denied message 283 00:12:17,680 --> 00:12:21,519 which is 284 00:12:18,720 --> 00:12:21,519 what we wanted 285 00:12:22,240 --> 00:12:27,360 so all that um functionality of the 286 00:12:24,959 --> 00:12:31,519 multi-instance has been there 287 00:12:27,360 --> 00:12:34,560 uh since marie dv 10.4 or in a slightly 288 00:12:31,519 --> 00:12:37,800 uglier version um all the way back to 289 00:12:34,560 --> 00:12:37,800 temp one 290 00:12:38,959 --> 00:12:42,720 so let's move on to the next section 291 00:12:41,600 --> 00:12:45,200 uh 292 00:12:42,720 --> 00:12:49,680 for those who haven't seen there's also 293 00:12:45,200 --> 00:12:51,279 a systemd unit type of sockets 294 00:12:49,680 --> 00:12:52,720 and so what 295 00:12:51,279 --> 00:12:55,680 these are if we 296 00:12:52,720 --> 00:12:58,959 do system control this sockets is we see 297 00:12:55,680 --> 00:12:59,839 a bunch of services like uh cups 298 00:12:58,959 --> 00:13:02,800 uh 299 00:12:59,839 --> 00:13:04,240 g bass device mesh in your sockets 300 00:13:02,800 --> 00:13:06,079 that 301 00:13:04,240 --> 00:13:09,360 don't need to be running all the time 302 00:13:06,079 --> 00:13:11,440 like you may have on assist v things 303 00:13:09,360 --> 00:13:14,720 however it's got this 304 00:13:11,440 --> 00:13:16,320 uh aspect of a socket that it's listing 305 00:13:14,720 --> 00:13:19,680 on 306 00:13:16,320 --> 00:13:23,440 um so that the service can 307 00:13:19,680 --> 00:13:23,440 be instigated when it happens 308 00:13:23,920 --> 00:13:27,120 and there's a bunch of those 309 00:13:27,600 --> 00:13:34,639 so if we look at what the mariju 310 00:13:31,839 --> 00:13:38,000 socket instances are 311 00:13:34,639 --> 00:13:40,880 this is available since like 10.6 just 312 00:13:38,000 --> 00:13:45,279 just for reference 313 00:13:40,880 --> 00:13:47,519 we see we can do a socket user a socket 314 00:13:45,279 --> 00:13:50,320 group because we want the socket created 315 00:13:47,519 --> 00:13:52,000 as the instance name 316 00:13:50,320 --> 00:13:54,399 we want to be a bit more protective 317 00:13:52,000 --> 00:13:57,440 about our permissions 318 00:13:54,399 --> 00:14:00,480 we remove the protection at home 319 00:13:57,440 --> 00:14:02,720 we create an abstract socket here for 320 00:14:00,480 --> 00:14:05,519 mainly demonstration purposes that 321 00:14:02,720 --> 00:14:07,920 abstract sockets and file system sockets 322 00:14:05,519 --> 00:14:10,480 are supported and you can have a number 323 00:14:07,920 --> 00:14:10,480 of those 324 00:14:12,720 --> 00:14:18,639 what is also here is this marie db extra 325 00:14:16,880 --> 00:14:21,600 socket service 326 00:14:18,639 --> 00:14:24,639 and what marie dibby and mysql have had 327 00:14:21,600 --> 00:14:26,079 by default is this concept of an extra 328 00:14:24,639 --> 00:14:27,360 uh port 329 00:14:26,079 --> 00:14:30,560 notionally 330 00:14:27,360 --> 00:14:34,000 where you can connect to that port and 331 00:14:30,560 --> 00:14:35,519 if your max connections is is 332 00:14:34,000 --> 00:14:37,519 maxed out you'll still be able to 333 00:14:35,519 --> 00:14:40,240 connect on this port without getting 334 00:14:37,519 --> 00:14:41,040 refused and gives the admin the ability 335 00:14:40,240 --> 00:14:44,399 to 336 00:14:41,040 --> 00:14:46,240 try to resolve that lack of resources 337 00:14:44,399 --> 00:14:48,959 uh status 338 00:14:46,240 --> 00:14:50,880 and this is a feature that's only in 339 00:14:48,959 --> 00:14:51,600 really be under 340 00:14:50,880 --> 00:14:53,839 the 341 00:14:51,600 --> 00:14:54,720 uh extra 342 00:14:53,839 --> 00:14:56,800 uh 343 00:14:54,720 --> 00:14:59,199 under under systemd 344 00:14:56,800 --> 00:15:01,199 because it hasn't quite been plugged 345 00:14:59,199 --> 00:15:03,279 into the wall 346 00:15:01,199 --> 00:15:04,880 you may have seen those actually roughly 347 00:15:03,279 --> 00:15:06,959 look the 348 00:15:04,880 --> 00:15:09,199 same 349 00:15:06,959 --> 00:15:11,040 uh but there's a minor difference 350 00:15:09,199 --> 00:15:15,040 actually if we 351 00:15:11,040 --> 00:15:17,920 look at the contents of that cat service 352 00:15:15,040 --> 00:15:20,639 and that's his uh file 353 00:15:17,920 --> 00:15:21,839 descriptor name equals extra 354 00:15:20,639 --> 00:15:25,920 and 355 00:15:21,839 --> 00:15:25,920 inside the moody big code it actually 356 00:15:26,000 --> 00:15:32,800 recognizes that and and treats it as the 357 00:15:28,959 --> 00:15:32,800 special kind of service that it is 358 00:15:34,240 --> 00:15:38,240 so you'll notice at this stage we've 359 00:15:36,480 --> 00:15:39,519 actually dropped 360 00:15:38,240 --> 00:15:42,480 the 361 00:15:39,519 --> 00:15:43,279 reference to the tcp port and we've done 362 00:15:42,480 --> 00:15:46,560 that 363 00:15:43,279 --> 00:15:49,120 um largely out of latentness that there 364 00:15:46,560 --> 00:15:50,320 wasn't an easy way of 365 00:15:49,120 --> 00:15:52,560 grabbing 366 00:15:50,320 --> 00:15:52,560 a 367 00:15:53,040 --> 00:16:00,160 uh user id and in the the language of 368 00:15:57,199 --> 00:16:02,639 the systemd configuration uh converting 369 00:16:00,160 --> 00:16:04,000 it to an id but 370 00:16:02,639 --> 00:16:06,000 um 371 00:16:04,000 --> 00:16:07,519 all your connectors actually 372 00:16:06,000 --> 00:16:11,279 do 373 00:16:07,519 --> 00:16:11,279 unix socket authentications 374 00:16:12,160 --> 00:16:15,920 so what does it look like well let's 375 00:16:14,240 --> 00:16:18,959 first 376 00:16:15,920 --> 00:16:18,959 stop the 377 00:16:19,199 --> 00:16:22,199 current 378 00:16:22,959 --> 00:16:30,639 i'm ready to be at dan.service 379 00:16:27,040 --> 00:16:33,279 and we do that and if we list that that 380 00:16:30,639 --> 00:16:34,839 so the socket's gone the data directory 381 00:16:33,279 --> 00:16:36,720 is still there 382 00:16:34,839 --> 00:16:40,560 excellent 383 00:16:36,720 --> 00:16:43,759 so what we can do now is we can 384 00:16:40,560 --> 00:16:43,759 uh look at 385 00:16:46,839 --> 00:16:51,920 these 386 00:16:48,560 --> 00:16:54,000 yeah look at uh start that service and 387 00:16:51,920 --> 00:16:55,040 start the extra 388 00:16:54,000 --> 00:16:56,800 well 389 00:16:55,040 --> 00:17:00,959 let's say service but really i just mean 390 00:16:56,800 --> 00:17:02,959 socket and if we look at system control 391 00:17:00,959 --> 00:17:05,199 status on 392 00:17:02,959 --> 00:17:07,600 dan marietta socket 393 00:17:05,199 --> 00:17:09,520 we see that the socket is active and 394 00:17:07,600 --> 00:17:11,679 listening 395 00:17:09,520 --> 00:17:15,839 when it's connected to it will trigger 396 00:17:11,679 --> 00:17:18,880 the marine to be at dan.service 397 00:17:15,839 --> 00:17:22,400 and it's listing on that abstract socket 398 00:17:18,880 --> 00:17:22,400 and that file system socket 399 00:17:23,120 --> 00:17:29,520 and that's it 400 00:17:26,079 --> 00:17:31,600 so if we look at what the service looks 401 00:17:29,520 --> 00:17:34,640 like now under systemd 402 00:17:31,600 --> 00:17:37,919 we see it's currently inactive 403 00:17:34,640 --> 00:17:40,000 however it can be triggered by these two 404 00:17:37,919 --> 00:17:43,039 soccer services 405 00:17:40,000 --> 00:17:45,840 because they're they're started 406 00:17:43,039 --> 00:17:48,320 and that's fine so let's do that so 407 00:17:45,840 --> 00:17:51,760 let's do marie db 408 00:17:48,320 --> 00:17:54,559 uh and if we do that we do a connection 409 00:17:51,760 --> 00:17:56,720 and magically it's up and running um 410 00:17:54,559 --> 00:18:00,280 quite quickly item ad 411 00:17:56,720 --> 00:18:00,280 imagine you noticed 412 00:18:00,640 --> 00:18:07,280 so what if we do a shutdown now 413 00:18:04,799 --> 00:18:09,280 click out and look at the status 414 00:18:07,280 --> 00:18:11,200 of the service 415 00:18:09,280 --> 00:18:14,360 we see it's still there 416 00:18:11,200 --> 00:18:14,360 in fact 417 00:18:14,559 --> 00:18:19,840 yep it hasn't shut down in fact it 418 00:18:16,880 --> 00:18:22,720 restarted in that time 419 00:18:19,840 --> 00:18:24,720 uh remember before we had uh restart 420 00:18:22,720 --> 00:18:26,559 always in the service 421 00:18:24,720 --> 00:18:28,960 now that we've actually got socket 422 00:18:26,559 --> 00:18:31,440 activation 423 00:18:28,960 --> 00:18:33,360 we don't actually need that restarted 424 00:18:31,440 --> 00:18:35,600 service anymore so let's comment that 425 00:18:33,360 --> 00:18:35,600 out 426 00:18:37,440 --> 00:18:40,000 shut down 427 00:18:41,520 --> 00:18:45,440 service 428 00:18:43,360 --> 00:18:47,520 and look at status 429 00:18:45,440 --> 00:18:48,480 it's inactive and stopped but it's still 430 00:18:47,520 --> 00:18:52,400 triggered 431 00:18:48,480 --> 00:18:54,880 and we'll do that again for fun 432 00:18:52,400 --> 00:18:58,080 that you know we can just connect and 433 00:18:54,880 --> 00:19:00,799 automatically starts up 434 00:18:58,080 --> 00:19:03,200 so great 435 00:19:00,799 --> 00:19:05,440 at that point we're actually relying on 436 00:19:03,200 --> 00:19:08,160 our users to do the right thing and shut 437 00:19:05,440 --> 00:19:09,600 down the service 438 00:19:08,160 --> 00:19:12,559 when they're actually finished on it 439 00:19:09,600 --> 00:19:15,200 which isn't really the uh 440 00:19:12,559 --> 00:19:18,000 the the best way to do it so let's 441 00:19:15,200 --> 00:19:18,000 encourage this 442 00:19:18,400 --> 00:19:23,520 um 443 00:19:19,400 --> 00:19:23,520 environmentalism along a little bit 444 00:19:23,600 --> 00:19:28,559 so remember our template file here if 445 00:19:27,039 --> 00:19:32,000 in 446 00:19:28,559 --> 00:19:32,000 if i paste the right thing 447 00:19:36,240 --> 00:19:41,440 we see that in 10.8 on the break that 448 00:19:39,280 --> 00:19:42,640 i'm currently developing there's a 449 00:19:41,440 --> 00:19:45,360 option 450 00:19:42,640 --> 00:19:48,320 for max idle execution time 451 00:19:45,360 --> 00:19:50,960 and this means after 10 seconds of there 452 00:19:48,320 --> 00:19:54,240 being no connections and 453 00:19:50,960 --> 00:19:56,400 no sql actually being executed it will 454 00:19:54,240 --> 00:19:58,000 shut down and it's up to you to decide 455 00:19:56,400 --> 00:20:00,240 if 10 seconds is 456 00:19:58,000 --> 00:20:03,039 appropriate or whether i'm just using 457 00:20:00,240 --> 00:20:03,039 that in my 458 00:20:04,840 --> 00:20:10,960 example so to get into effect we're just 459 00:20:08,320 --> 00:20:13,520 going to remove it there 460 00:20:10,960 --> 00:20:16,799 and we're going to stop 461 00:20:13,520 --> 00:20:19,200 the ready at dan.service 462 00:20:16,799 --> 00:20:21,120 um so this means the next time it'll 463 00:20:19,200 --> 00:20:24,559 just populate in 464 00:20:21,120 --> 00:20:26,400 but we've still got actually our 465 00:20:24,559 --> 00:20:28,640 socket activation as we can see from 466 00:20:26,400 --> 00:20:32,240 this warning below 467 00:20:28,640 --> 00:20:34,720 so what we can do is we can 468 00:20:32,240 --> 00:20:36,159 connect in 469 00:20:34,720 --> 00:20:37,120 and we're going to use the abstract 470 00:20:36,159 --> 00:20:39,360 socket 471 00:20:37,120 --> 00:20:41,360 for this time so 472 00:20:39,360 --> 00:20:44,240 we can connect in 473 00:20:41,360 --> 00:20:45,679 and we see that it starts in the usual 474 00:20:44,240 --> 00:20:47,360 time 475 00:20:45,679 --> 00:20:50,000 and then actually regenerate our 476 00:20:47,360 --> 00:20:52,960 configuration file 477 00:20:50,000 --> 00:20:55,360 if we look at the 478 00:20:52,960 --> 00:20:57,280 system variables the max idle execution 479 00:20:55,360 --> 00:21:00,400 the weight timeout and the interactive 480 00:20:57,280 --> 00:21:01,520 timeout the max idle execution time that 481 00:21:00,400 --> 00:21:03,600 we set 482 00:21:01,520 --> 00:21:06,559 gets populated through to the wait 483 00:21:03,600 --> 00:21:08,960 timeout in the interactive timeout 484 00:21:06,559 --> 00:21:11,039 now the interactive timeout is for 485 00:21:08,960 --> 00:21:12,880 terminals like this 486 00:21:11,039 --> 00:21:14,799 that if i blabber on enough it'll 487 00:21:12,880 --> 00:21:18,080 actually disconnect 488 00:21:14,799 --> 00:21:20,400 and the wait timeout is for what's used 489 00:21:18,080 --> 00:21:22,159 for your normal programming connections 490 00:21:20,400 --> 00:21:23,120 that if you've got connection pooling or 491 00:21:22,159 --> 00:21:27,200 something 492 00:21:23,120 --> 00:21:28,000 um after 10 seconds it's gonna drop 493 00:21:27,200 --> 00:21:30,400 out 494 00:21:28,000 --> 00:21:34,400 and you're gonna have to reconnect 495 00:21:30,400 --> 00:21:34,400 so i hope your applications handle that 496 00:21:34,480 --> 00:21:38,080 now that i've waffled on for a note if i 497 00:21:36,320 --> 00:21:39,760 do a backslase s 498 00:21:38,080 --> 00:21:43,840 uh we can see 499 00:21:39,760 --> 00:21:46,320 that it went away as expected 500 00:21:43,840 --> 00:21:49,039 because it's october activated it 501 00:21:46,320 --> 00:21:52,400 instantly came back and we've got an 502 00:21:49,039 --> 00:21:52,400 uptime of zero 503 00:21:52,880 --> 00:21:59,120 so if we do a select one 504 00:21:55,360 --> 00:22:00,640 exit out and show what happens in the 505 00:21:59,120 --> 00:22:01,679 status 506 00:22:00,640 --> 00:22:04,880 as i 507 00:22:01,679 --> 00:22:09,080 it's running it's still running still 508 00:22:04,880 --> 00:22:09,080 running still running 509 00:22:12,000 --> 00:22:16,960 just call this pretend live demo mode 510 00:22:15,120 --> 00:22:19,120 and at a point you know it'll be 511 00:22:16,960 --> 00:22:22,080 inactive and dead again 512 00:22:19,120 --> 00:22:26,080 um all successfully deactivated down the 513 00:22:22,080 --> 00:22:28,400 bottom and it's ready to be connected 514 00:22:26,080 --> 00:22:31,600 um again when ready 515 00:22:28,400 --> 00:22:33,200 so that's uh in development thing that 516 00:22:31,600 --> 00:22:35,120 for 10 8 but 517 00:22:33,200 --> 00:22:37,919 it probably won't make 10 it'll probably 518 00:22:35,120 --> 00:22:37,919 be 10 9. 519 00:22:39,039 --> 00:22:43,520 so how do we make these kind of services 520 00:22:41,600 --> 00:22:45,760 permanent well 521 00:22:43,520 --> 00:22:45,760 uh 522 00:22:45,919 --> 00:22:49,760 that 523 00:22:46,799 --> 00:22:51,039 the instinctive response is to use 524 00:22:49,760 --> 00:22:52,159 something 525 00:22:51,039 --> 00:22:53,360 like 526 00:22:52,159 --> 00:22:57,120 a 527 00:22:53,360 --> 00:22:57,120 system control enable 528 00:22:58,240 --> 00:23:03,919 um mariedy be at dan.service uh however 529 00:23:01,679 --> 00:23:06,320 this not quite right and systemd 530 00:23:03,919 --> 00:23:09,200 friendly they tell you 531 00:23:06,320 --> 00:23:11,919 that no it's not right right uh 532 00:23:09,200 --> 00:23:14,320 the essence of it is that socket 533 00:23:11,919 --> 00:23:16,960 services socket 534 00:23:14,320 --> 00:23:18,159 configurations are there to trigger real 535 00:23:16,960 --> 00:23:21,440 services 536 00:23:18,159 --> 00:23:24,960 so we'd enable it like a real service 537 00:23:21,440 --> 00:23:26,960 and and that's what we do 538 00:23:24,960 --> 00:23:31,039 and if we look at 539 00:23:26,960 --> 00:23:33,919 what the status of say liberty 540 00:23:31,039 --> 00:23:36,880 services it's exactly the same 541 00:23:33,919 --> 00:23:40,480 it's got a number of different sockets 542 00:23:36,880 --> 00:23:40,480 that trigger the service 543 00:23:40,799 --> 00:23:44,480 and that's what you expect 544 00:23:45,840 --> 00:23:50,960 okay we're back live um so a couple of 545 00:23:48,640 --> 00:23:53,679 questions for daniel from the um 546 00:23:50,960 --> 00:23:55,520 thing uh the first question is why not 547 00:23:53,679 --> 00:23:58,480 docker containers or something 548 00:23:55,520 --> 00:23:59,279 resembling docker 549 00:23:58,480 --> 00:24:01,200 uh 550 00:23:59,279 --> 00:24:03,760 well i thought this would just be kind 551 00:24:01,200 --> 00:24:06,080 of an interesting way and the the point 552 00:24:03,760 --> 00:24:08,320 of actually doing socket activation is 553 00:24:06,080 --> 00:24:09,279 that in in a default thing you've got 554 00:24:08,320 --> 00:24:11,520 actually 555 00:24:09,279 --> 00:24:13,679 nothing running apart from consistency 556 00:24:11,520 --> 00:24:16,240 listing on it on a few sockets 557 00:24:13,679 --> 00:24:18,320 um so that sort of 558 00:24:16,240 --> 00:24:20,480 reduces your your memory footprint 559 00:24:18,320 --> 00:24:22,799 significantly if you're uh constrained 560 00:24:20,480 --> 00:24:25,360 that way um and while there's like 561 00:24:22,799 --> 00:24:26,960 kubernetes and other ways to instagram 562 00:24:25,360 --> 00:24:29,520 uh docker there 563 00:24:26,960 --> 00:24:31,200 um at least to my understanding a little 564 00:24:29,520 --> 00:24:33,279 bit more complicated so i thought it'd 565 00:24:31,200 --> 00:24:35,840 be fun to do it this way 566 00:24:33,279 --> 00:24:36,799 i want to mention that i'm actually 567 00:24:35,840 --> 00:24:37,600 doing 568 00:24:36,799 --> 00:24:40,240 uh 569 00:24:37,600 --> 00:24:42,960 the docker library maintenance of 570 00:24:40,240 --> 00:24:45,120 marie debbie as well so i i'm not 571 00:24:42,960 --> 00:24:46,799 totally in the dark about it 572 00:24:45,120 --> 00:24:50,240 and yeah this 573 00:24:46,799 --> 00:24:52,480 socket act sorry the um auto deactivate 574 00:24:50,240 --> 00:24:55,200 that i'm working on getting through 575 00:24:52,480 --> 00:24:58,480 uh any sort of actually plays a role in 576 00:24:55,200 --> 00:25:01,440 making containers into that serverless 577 00:24:58,480 --> 00:25:03,679 aspect so they can auto deactivate and 578 00:25:01,440 --> 00:25:04,799 and in cloud environments start to 579 00:25:03,679 --> 00:25:08,559 benefit 580 00:25:04,799 --> 00:25:11,279 um the the low memory use there 581 00:25:08,559 --> 00:25:12,240 so that's the main reasons 582 00:25:11,279 --> 00:25:13,120 okay 583 00:25:12,240 --> 00:25:15,440 and 584 00:25:13,120 --> 00:25:18,480 next question is what is the use case 585 00:25:15,440 --> 00:25:19,840 for installing mariadb like this 586 00:25:18,480 --> 00:25:22,159 um 587 00:25:19,840 --> 00:25:26,480 additional flexibility if you've got 588 00:25:22,159 --> 00:25:26,480 other requirements or a lot of 589 00:25:27,200 --> 00:25:32,320 your workloads already in um system d 590 00:25:30,799 --> 00:25:34,640 and 591 00:25:32,320 --> 00:25:36,720 if there's low skills i guess in the 592 00:25:34,640 --> 00:25:39,120 organization around containers maybe 593 00:25:36,720 --> 00:25:43,120 this is a a way to you know start off 594 00:25:39,120 --> 00:25:44,400 the segregation um to get 595 00:25:43,120 --> 00:25:46,720 either the 596 00:25:44,400 --> 00:25:47,440 the organizational company actually used 597 00:25:46,720 --> 00:25:49,279 to 598 00:25:47,440 --> 00:25:51,600 the aspect that we can actually provide 599 00:25:49,279 --> 00:25:54,159 a strong separation on 600 00:25:51,600 --> 00:25:56,640 uh users databases 601 00:25:54,159 --> 00:25:59,520 quite well and actually hand out 602 00:25:56,640 --> 00:26:01,600 privileges and 603 00:25:59,520 --> 00:26:03,840 things a little bit more um 604 00:26:01,600 --> 00:26:05,679 maybe you don't quite trust all users to 605 00:26:03,840 --> 00:26:06,960 to run up as many containers as they 606 00:26:05,679 --> 00:26:09,440 want 607 00:26:06,960 --> 00:26:11,440 or don't know how to control that 608 00:26:09,440 --> 00:26:14,320 resource allocation 609 00:26:11,440 --> 00:26:16,080 uh well you know the aspect of having it 610 00:26:14,320 --> 00:26:19,440 as a service gives 611 00:26:16,080 --> 00:26:22,000 a rather limited 612 00:26:19,440 --> 00:26:22,960 but flexible capability to 613 00:26:22,000 --> 00:26:24,880 run 614 00:26:22,960 --> 00:26:27,520 ready to be in its own config in a 615 00:26:24,880 --> 00:26:27,520 number of ways 616 00:26:27,840 --> 00:26:32,960 okay uh next question is 617 00:26:30,799 --> 00:26:35,039 users that might run might want to run 618 00:26:32,960 --> 00:26:37,360 their own server still need sudo to make 619 00:26:35,039 --> 00:26:38,400 it happen any way to move it all into a 620 00:26:37,360 --> 00:26:40,799 user instance 621 00:26:38,400 --> 00:26:43,520 of system data 622 00:26:40,799 --> 00:26:45,919 yeah i've thought about user instance as 623 00:26:43,520 --> 00:26:47,200 a system d i just haven't 624 00:26:45,919 --> 00:26:49,440 um 625 00:26:47,200 --> 00:26:52,159 there probably wouldn't actually be that 626 00:26:49,440 --> 00:26:53,760 many changes 627 00:26:52,159 --> 00:26:54,799 on that it's the same sort of thing 628 00:26:53,760 --> 00:26:59,520 about 629 00:26:54,799 --> 00:27:01,919 uh removing the start proofs only and 630 00:26:59,520 --> 00:27:04,400 a few of the protect homes and 631 00:27:01,919 --> 00:27:06,559 protect systems obviously don't apply in 632 00:27:04,400 --> 00:27:08,880 the user instance but 633 00:27:06,559 --> 00:27:12,240 for the most part the the template on 634 00:27:08,880 --> 00:27:14,080 how to run a user instance system z 635 00:27:12,240 --> 00:27:16,480 ray db is 636 00:27:14,080 --> 00:27:16,480 rather 637 00:27:16,880 --> 00:27:21,840 comparable to the the one provided 638 00:27:22,880 --> 00:27:27,600 okay that's all the questions uh there 639 00:27:25,840 --> 00:27:28,530 any any other questions you think people 640 00:27:27,600 --> 00:27:30,880 should have asked 641 00:27:28,530 --> 00:27:34,159 [Music] 642 00:27:30,880 --> 00:27:36,720 trying to cover it most of um 643 00:27:34,159 --> 00:27:39,760 i guess i could do a big talk on um you 644 00:27:36,720 --> 00:27:42,080 know uh foster men oh sorry on uh 645 00:27:39,760 --> 00:27:44,000 containers and how marie jimmy is 646 00:27:42,080 --> 00:27:46,159 developing on those but i've got to 647 00:27:44,000 --> 00:27:47,600 foster talk on that and people can wait 648 00:27:46,159 --> 00:27:49,760 till next week 649 00:27:47,600 --> 00:27:52,799 go and see that 650 00:27:49,760 --> 00:27:55,440 but okay yeah so thank you everyone for 651 00:27:52,799 --> 00:27:56,880 attending and listening along um and 652 00:27:55,440 --> 00:27:58,320 asking questions 653 00:27:56,880 --> 00:28:00,399 much appreciation okay 654 00:27:58,320 --> 00:28:02,720 thank you very much daniel and thank you 655 00:28:00,399 --> 00:28:06,520 good luck next week at foster 656 00:28:02,720 --> 00:28:06,520 much appreciated bye