How to create Sudoer configuration for snapshots

When using LVM snapshots, the following entries are needed in the /etc/sudoers file.  Please execute “visudo” to edit the /etc/sudoers file and add these entries to allow the mysql user to run required commands without being prompted for a password and without require a login shell:

mysql <FQDN_of_MySQL_server>= NOPASSWD:/bin/mount, NOPASSWD:/bin/umount, NOPASSWD:/bin/df, NOPASSWD:/usr/sbin/lvdisplay, NOPASSWD:/usr/sbin/lvcreate, NOPASSWD:/usr/sbin/lvremove
Defaults:%mysql !requiretty
Defaults:mysql !requiretty

Remember to substitute proper path to all lvmtools depending on the operating system as this may be different depending on what distribution of Linux you are using.

You can fine tune your sudoers file in case your company has more stringent policies , lets take an example:

Let’s say on MySQL server, diamond.jewel.com, exist 3 volume groups VolGroup00, vg1 & vg2 and logical volumes LogVol00, lv1 & lv2 one in each. We have the mysql datadir in Logvol00 with innodb database in lv1 and innodb logs in lv2:
 

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
7459216 3040728 4033464 43% /
/dev/sda1 101086 10895 84972 12% /boot
tmpfs 127668 0 127668 0% /dev/shm
/dev/mapper/vg1-lv1 126931 11832 108546 10% /l1
/dev/mapper/vg2-lv2 126931 11833 108545 10% /l2


Contents of /etc/my.cnf is as follows

innodb_data_home_dir = /l1/ibdata
innodb_data_file_path=ibdata1:10M:autoextend
innodb_log_group_home_dir = /l2/iblogs


The sudoer file configuration should have the following lines for the above example and if you have only one volume group you just have to have one line.

mysql diamond.jewel.com=NOPASSWD:/bin/mount /dev/VolGroup00/zrm* /tmp/zrm*,NOPASSWD:/bin/umount /tmp/zrm*,NOPASSWD:/bin/df, NOPASSWD:/usr/sbin/lvdisplay,NOPASSWD:/usr/sbin/lvcreate -L* -s -n zrm* /dev/VolGroup00/LogVol00,NOPASSWD:/usr/sbin/lvremove -f /dev/VolGroup00/zrm*

mysql diamond.jewel.com=NOPASSWD:/bin/mount /dev/vg1/zrm* /tmp/zrm*,NOPASSWD:/bin/umount /tmp/zrm*,NOPASSWD:/bin/df,NOPASSWD:/usr/sbin/lvdisplay,NOPASSWD:/usr/sbin/lvcreate -L* -s -n zrm* /dev/vg1/lv1,NOPASSWD:/usr/sbin/lvremove -f /dev/vg1/zrm*

mysql diamond.jewel.com=NOPASSWD:/bin/mount /dev/vg2/zrm* /tmp/zrm*,NOPASSWD:/bin/umount /tmp/zrm*,NOPASSWD:/bin/df,NOPASSWD:/usr/sbin/lvdisplay,NOPASSWD:/usr/sbin/lvcreate -L* -s -n zrm* /dev/vg2/lv2,NOPASSWD:/usr/sbin/lvremove -f /dev/vg2/zrm*


NOTE: Please give the correct path to the lvm commands and df.

If you are using xfs file system then you have to specify

mysql diamond.jewel.com=NOPASSWD:/bin/mount -o -nouuid /dev/VolGroup00/zrm* /tmp/zrm*,NOPASSWD:/bin/umount /tmp/zrm*,NOPASSWD:/bin/df,NOPASSWD:/usr/sbin/lvdisplay,NOPASSWD:/usr/sbin/lvcreate -L* -s -n zrm* /dev/VolGroup00/LogVol00,NOPASSWD:/usr/sbin/lvremove -f /dev/VolGroup00/zrm*

Please also remember to add the following lines so that a login shell is not required for the mysql user to run the sudo command:

Defaults:%mysql !requiretty
Defaults:mysql !requiretty

Powered by BetterDocs

Leave a Reply