Page 1 of 1

Migration failure CentOS 7 to Rocky 8 - restore from backup fails with mariadb [SOLVED]

Posted: 14 Jul 2023 13:42
by VAXman65
I put aside my migration attempt for a while to let other folks blaze more of a trail. Time to try again! Unfortunately, I am still failing to get a successful eFa restore of the old system into the new, looking like troubles mostly with mariadb.

My original system is CentOS Linux release 7.9.2009 running eFA 4.0.4-40 and my new system is Rocky Linux release 8.8. I fail on reboot with

Code: Select all

[FAILED] Failed to start MariaDB 10.3 database server.

See 'systemctl status mariadb.service' for details.
and

Code: Select all

[psmode@ballantine ~]$ sudo systemctl status mariadb.service
● mariadb.service - MariaDB 10.3 database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/mariadb.service.d
           └─limit.conf, override.conf
   Active: failed (Result: exit-code) since Fri 2023-07-14 09:16:01 EDT; 50s ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
  Process: 3824 ExecStart=/usr/libexec/mysqld --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER (code=exited, status=1/FAILURE)
  Process: 3786 ExecStartPre=/usr/libexec/mysql-prepare-db-dir mariadb.service (code=exited, status=0/SUCCESS)
  Process: 3761 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
 Main PID: 3824 (code=exited, status=1/FAILURE)

Jul 14 09:16:01 ballantine.kitsnet.us systemd[1]: Starting MariaDB 10.3 database server...
Jul 14 09:16:01 ballantine.kitsnet.us mysql-prepare-db-dir[3786]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Jul 14 09:16:01 ballantine.kitsnet.us mysql-prepare-db-dir[3786]: If this is not the case, make sure the /var/lib/mysql is empty before running mysql-prepare-db-dir.
Jul 14 09:16:01 ballantine.kitsnet.us mysqld[3824]: 2023-07-14  9:16:01 0 [Note] /usr/libexec/mysqld (mysqld 10.3.35-MariaDB) starting as process 3824 ...
Jul 14 09:16:01 ballantine.kitsnet.us systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
Jul 14 09:16:01 ballantine.kitsnet.us systemd[1]: mariadb.service: Failed with result 'exit-code'.
Jul 14 09:16:01 ballantine.kitsnet.us systemd[1]: Failed to start MariaDB 10.3 database server.
To get to this point, I started again from a clean build of Rocky Linux release 8.8. Right after building the base system I pulled in the install script and executed. After that, the system rebooted and I executed the initial installation script. For good measure, I also put SELINUX into permissive mode. With another reboot i was set to attempt the restore operation. I picked up the backup file from the running system and copied that to the /var/eFa/backup directory on the new system and executed the restore. This had errors too, which would appear to have cause my troubles on reboot:

Code: Select all

Beginning Restore of /var/eFa/backup/backup-20230713-064451.tar.gz...

./
./backup/
./backup/sql/
./backup/sql/backup.sql
./backup/etc/
./backup/etc/postfix/
./backup/etc/postfix/ssl/
./backup/etc/postfix/ssl/dhparam.pem
./backup/etc/postfix/ssl/smtpd.pem
./backup/etc/postfix/dynamicmaps.cf
./backup/etc/postfix/main.cf
./backup/etc/postfix/master.cf
./backup/etc/postfix/access
./backup/etc/postfix/helo_access
./backup/etc/postfix/recipient_access
./backup/etc/postfix/sender_access
./backup/etc/postfix/canonical
./backup/etc/postfix/recipient_canonical
./backup/etc/postfix/sender_canonical
./backup/etc/postfix/transport
./backup/etc/postfix/virtual
./backup/etc/postfix/sasl_passwd
./backup/etc/postfix/relocated
./backup/etc/postfix/generic
./backup/etc/postfix/header_checks
./backup/etc/eFa/
./backup/etc/eFa/eFa-Config
./backup/etc/eFa/MailWatch-Config
./backup/etc/eFa/MySQL-Config
./backup/etc/eFa/openDMARC-Config
./backup/etc/eFa/SA-Config
./backup/etc/eFa/SQLGrey-Config
./backup/etc/sysconfig/
./backup/etc/sysconfig/anaconda
./backup/etc/sysconfig/authconfig
./backup/etc/sysconfig/cbq/
./backup/etc/sysconfig/cbq/avpkt
./backup/etc/sysconfig/cbq/cbq-0000.example
./backup/etc/sysconfig/certbot
./backup/etc/sysconfig/chronyd
./backup/etc/sysconfig/console/
./backup/etc/sysconfig/cpupower
./backup/etc/sysconfig/crond
./backup/etc/sysconfig/daemons/
./backup/etc/sysconfig/daemons/webmin
./backup/etc/sysconfig/ebtables-config
./backup/etc/sysconfig/eFa-Monitor
./backup/etc/sysconfig/firewalld
./backup/etc/sysconfig/freshclam
./backup/etc/sysconfig/grub
./backup/etc/sysconfig/htcacheclean
./backup/etc/sysconfig/httpd
./backup/etc/sysconfig/init
./backup/etc/sysconfig/ip6tables-config
./backup/etc/sysconfig/iptables
./backup/etc/sysconfig/iptables-config
./backup/etc/sysconfig/irqbalance
./backup/etc/sysconfig/kdump
./backup/etc/sysconfig/kernel
./backup/etc/sysconfig/man-db
./backup/etc/sysconfig/modules/
./backup/etc/sysconfig/netconsole
./backup/etc/sysconfig/network
./backup/etc/sysconfig/network-scripts/
./backup/etc/sysconfig/network-scripts/ifcfg-lo
./backup/etc/sysconfig/network-scripts/ifdown
./backup/etc/sysconfig/network-scripts/ifdown-bnep
./backup/etc/sysconfig/network-scripts/ifdown-eth
./backup/etc/sysconfig/network-scripts/ifdown-ippp
./backup/etc/sysconfig/network-scripts/ifdown-ipv6
./backup/etc/sysconfig/network-scripts/ifdown-isdn
./backup/etc/sysconfig/network-scripts/ifdown-post
./backup/etc/sysconfig/network-scripts/ifdown-ppp
./backup/etc/sysconfig/network-scripts/ifdown-routes
./backup/etc/sysconfig/network-scripts/ifdown-sit
./backup/etc/sysconfig/network-scripts/ifdown-tunnel
./backup/etc/sysconfig/network-scripts/ifup
./backup/etc/sysconfig/network-scripts/ifup-aliases
./backup/etc/sysconfig/network-scripts/ifup-bnep
./backup/etc/sysconfig/network-scripts/ifup-eth
./backup/etc/sysconfig/network-scripts/ifup-ippp
./backup/etc/sysconfig/network-scripts/ifup-ipv6
./backup/etc/sysconfig/network-scripts/ifup-isdn
./backup/etc/sysconfig/network-scripts/ifup-plip
./backup/etc/sysconfig/network-scripts/ifup-plusb
./backup/etc/sysconfig/network-scripts/ifup-post
./backup/etc/sysconfig/network-scripts/ifup-ppp
./backup/etc/sysconfig/network-scripts/ifup-routes
./backup/etc/sysconfig/network-scripts/ifup-sit
./backup/etc/sysconfig/network-scripts/ifup-tunnel
./backup/etc/sysconfig/network-scripts/ifup-wireless
./backup/etc/sysconfig/network-scripts/init.ipv6-global
./backup/etc/sysconfig/network-scripts/network-functions
./backup/etc/sysconfig/network-scripts/network-functions-ipv6
./backup/etc/sysconfig/network-scripts/ifdown-Team
./backup/etc/sysconfig/network-scripts/ifdown-TeamPort
./backup/etc/sysconfig/network-scripts/ifup-Team
./backup/etc/sysconfig/network-scripts/ifup-TeamPort
./backup/etc/sysconfig/network-scripts/ifcfg-eth0
./backup/etc/sysconfig/network-scripts.bak/
./backup/etc/sysconfig/network-scripts.bak/ifcfg-eth0.bak
./backup/etc/sysconfig/nfs
./backup/etc/sysconfig/opendkim
./backup/etc/sysconfig/opendmarc
./backup/etc/sysconfig/qemu-ga
./backup/etc/sysconfig/rdisc
./backup/etc/sysconfig/readonly-root
./backup/etc/sysconfig/rpcbind
./backup/etc/sysconfig/rpc-rquotad
./backup/etc/sysconfig/rsyslog
./backup/etc/sysconfig/run-parts
./backup/etc/sysconfig/saslauthd
./backup/etc/sysconfig/selinux
./backup/etc/sysconfig/sshd
./backup/etc/sysconfig/sysstat
./backup/etc/sysconfig/sysstat.ioconf
./backup/etc/sysconfig/unbound
./backup/etc/sysconfig/wpa_supplicant
./backup/etc/passwd
./backup/etc/fstab
./backup/etc/shadow
./backup/etc/clamd.d/
./backup/etc/clamd.d/scan.conf
./backup/etc/hosts
./backup/etc/hosts.allow
./backup/etc/hosts.deny
./backup/etc/networks
./backup/etc/my.cnf
./backup/etc/my.cnf.d/
./backup/etc/my.cnf.d/client.cnf
./backup/etc/my.cnf.d/enable_encryption.preset
./backup/etc/my.cnf.d/mariadb-server.cnf
./backup/etc/my.cnf.d/mariadb-server.cnf.rpmnew
./backup/etc/my.cnf.d/mysql-clients.cnf
./backup/etc/php.ini
./backup/etc/php-fpm.conf
./backup/etc/php-fpm.d/
./backup/etc/php-fpm.d/www.conf
./backup/etc/resolv.conf
./backup/etc/resolv.conf.SAFETY
./backup/etc/sudo.conf
./backup/etc/sudoers.d/
./backup/etc/sudoers.d/eFa-Services
./backup/etc/sudoers.d/eFa-users
./backup/etc/sudoers.d/mailwatch
./backup/etc/MailScanner/
./backup/etc/MailScanner/archives.filename.rules
./backup/etc/MailScanner/archives.filename.rules.allowall.conf
./backup/etc/MailScanner/archives.filename.rules.conf
./backup/etc/MailScanner/archives.filetype.rules
./backup/etc/MailScanner/archives.filetype.rules.allowall.conf
./backup/etc/MailScanner/archives.filetype.rules.conf
./backup/etc/MailScanner/conf.d/
./backup/etc/MailScanner/conf.d/README
./backup/etc/MailScanner/country.domains.conf
./backup/etc/MailScanner/custom
./backup/etc/MailScanner/defaults
./backup/etc/MailScanner/defaults.rpmnew
./backup/etc/MailScanner/filename.rules
./backup/etc/MailScanner/filename.rules.allowall.conf
./backup/etc/MailScanner/filename.rules.conf
./backup/etc/MailScanner/filetype.rules
./backup/etc/MailScanner/filetype.rules.allowall.conf
./backup/etc/MailScanner/filetype.rules.conf
./backup/etc/MailScanner/MailScanner.conf
./backup/etc/MailScanner/mcp/
./backup/etc/MailScanner/mcp/10_example.cf
./backup/etc/MailScanner/mcp/mcp.spamassassin.conf
./backup/etc/MailScanner/mcp/init.pre
./backup/etc/MailScanner/mcp/v310.pre
./backup/etc/MailScanner/mcp/v312.pre
./backup/etc/MailScanner/mcp/v320.pre
./backup/etc/MailScanner/mcp/v330.pre
./backup/etc/MailScanner/mcp/v340.pre
./backup/etc/MailScanner/mcp/v341.pre
./backup/etc/MailScanner/mcp/v342.pre
./backup/etc/MailScanner/numeric.phishing.rules
./backup/etc/MailScanner/phishing.bad.sites.conf
./backup/etc/MailScanner/phishing.bad.sites.conf.master
./backup/etc/MailScanner/phishing.bad.sites.conf.master.backup
./backup/etc/MailScanner/phishing.bad.sites.custom
./backup/etc/MailScanner/phishing.safe.sites.conf
./backup/etc/MailScanner/phishing.safe.sites.conf.master
./backup/etc/MailScanner/phishing.safe.sites.conf.master.backup
./backup/etc/MailScanner/phishing.safe.sites.custom
./backup/etc/MailScanner/reports
./backup/etc/MailScanner/rules/
./backup/etc/MailScanner/rules/EXAMPLES
./backup/etc/MailScanner/rules/README
./backup/etc/MailScanner/rules/bounce.rules
./backup/etc/MailScanner/rules/external.message.rules
./backup/etc/MailScanner/rules/max.message.size.rules
./backup/etc/MailScanner/rules/spam.whitelist.rules
./backup/etc/MailScanner/rules/spam.blacklist.rules
./backup/etc/MailScanner/rules/sig.html.rules
./backup/etc/MailScanner/rules/sig.text.rules
./backup/etc/MailScanner/rules/content.scanning.rules
./backup/etc/MailScanner/rules/password.rules
./backup/etc/MailScanner/spamassassin.conf
./backup/etc/MailScanner/spamassassin.conf.bak
./backup/etc/MailScanner/spamassassin.conf.rpmnew
./backup/etc/MailScanner/spam.lists.conf
./backup/etc/MailScanner/virus.scanners.conf
./backup/etc/cron.d/
./backup/etc/cron.d/0hourly
./backup/etc/cron.d/sysstat
./backup/etc/cron.d/msre_reload
./backup/etc/cron.d/clamav-update
./backup/etc/cron.d/checkreboot
./backup/etc/cron.d/eFa-Monitor.cron
./backup/etc/cron.daily/
./backup/etc/cron.daily/logrotate
./backup/etc/cron.daily/man-db.cron
./backup/etc/cron.daily/0logwatch
./backup/etc/cron.daily/0yum-daily.cron
./backup/etc/cron.daily/mailscanner
./backup/etc/cron.daily/mailwatch
./backup/etc/cron.daily/eFa-Backup.cron
./backup/etc/cron.daily/trim-txrep
./backup/etc/cron.daily/eFa-SAClean
./backup/etc/cron.daily/cron-dccd
./backup/etc/cron.daily/eFa-Daily-DMARC
./backup/etc/cron.daily/eFa-Tokens.cron
./backup/etc/cron.deny
./backup/etc/cron.hourly/
./backup/etc/cron.hourly/0anacron
./backup/etc/cron.hourly/0yum-hourly.cron
./backup/etc/cron.hourly/mailscanner
./backup/etc/cron.monthly/
./backup/etc/cron.monthly/mailwatch
./backup/etc/crontab
./backup/etc/cron.weekly/
./backup/etc/cron.weekly/eFa-Weekly-DMARC
./backup/etc/sqlgrey/
./backup/etc/sqlgrey/clients_fqdn_whitelist
./backup/etc/sqlgrey/clients_fqdn_whitelist.local
./backup/etc/sqlgrey/clients_ip_whitelist
./backup/etc/sqlgrey/clients_ip_whitelist.local
./backup/etc/sqlgrey/discrimination.regexp
./backup/etc/sqlgrey/dyn_fqdn.regexp
./backup/etc/sqlgrey/README
./backup/etc/sqlgrey/smtp_server.regexp
./backup/etc/sqlgrey/sqlgrey.conf
./backup/etc/ssh/
./backup/etc/ssh/moduli
./backup/etc/ssh/ssh_config
./backup/etc/ssh/sshd_config
./backup/etc/ssh/ssh_host_dsa_key
./backup/etc/ssh/ssh_host_dsa_key.pub
./backup/etc/ssh/ssh_host_ecdsa_key
./backup/etc/ssh/ssh_host_ecdsa_key.pub
./backup/etc/ssh/ssh_host_ed25519_key
./backup/etc/ssh/ssh_host_ed25519_key.pub
./backup/etc/ssh/ssh_host_rsa_key
./backup/etc/ssh/ssh_host_rsa_key.pub
./backup/etc/pki/
./backup/etc/pki/CA/
./backup/etc/pki/CA/certs/
./backup/etc/pki/CA/crl/
./backup/etc/pki/CA/newcerts/
./backup/etc/pki/CA/private/
./backup/etc/pki/ca-trust/
./backup/etc/pki/ca-trust/README
./backup/etc/pki/ca-trust/ca-legacy.conf
./backup/etc/pki/ca-trust/extracted/
./backup/etc/pki/ca-trust/extracted/README
./backup/etc/pki/ca-trust/extracted/java/
./backup/etc/pki/ca-trust/extracted/java/README
./backup/etc/pki/ca-trust/extracted/java/cacerts
./backup/etc/pki/ca-trust/extracted/openssl/
./backup/etc/pki/ca-trust/extracted/openssl/README
./backup/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
./backup/etc/pki/ca-trust/extracted/pem/
./backup/etc/pki/ca-trust/extracted/pem/README
./backup/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
./backup/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
./backup/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
./backup/etc/pki/ca-trust/source/
./backup/etc/pki/ca-trust/source/README
./backup/etc/pki/ca-trust/source/anchors/
./backup/etc/pki/ca-trust/source/blacklist/
./backup/etc/pki/ca-trust/source/ca-bundle.legacy.crt
./backup/etc/pki/dovecot/
./backup/etc/pki/dovecot/certs/
./backup/etc/pki/dovecot/certs/dovecot.pem
./backup/etc/pki/dovecot/dovecot-openssl.cnf
./backup/etc/pki/dovecot/private/
./backup/etc/pki/dovecot/private/dovecot.pem
./backup/etc/pki/java/
./backup/etc/pki/java/cacerts
./backup/etc/pki/nssdb/
./backup/etc/pki/nssdb/cert8.db
./backup/etc/pki/nssdb/cert9.db
./backup/etc/pki/nssdb/key3.db
./backup/etc/pki/nssdb/key4.db
./backup/etc/pki/nssdb/pkcs11.txt
./backup/etc/pki/nssdb/secmod.db
./backup/etc/pki/nssdb/dbTemp.pVdYcu/
./backup/etc/pki/nssdb/dbTemp.beKnS0/
./backup/etc/pki/nssdb/dbTemp.FCO2UK/
./backup/etc/pki/nssdb/dbTemp.zc6bUa/
./backup/etc/pki/nssdb/dbTemp.lBJLig/
./backup/etc/pki/nssdb/dbTemp.rOr8Ev/
./backup/etc/pki/nssdb/dbTemp.0u3Cju/
./backup/etc/pki/nss-legacy/
./backup/etc/pki/nss-legacy/nss-rhel7.config
./backup/etc/pki/rpm-gpg/
./backup/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
./backup/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-7
./backup/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Testing-7
./backup/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
./backup/etc/pki/rpm-gpg/RPM-GPG-KEY-IUS-7
./backup/etc/pki/rpm-gpg/RPM-EFDCEA77
./backup/etc/pki/rpm-gpg/RPM-EFDCEA77.asc
./backup/etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
./backup/etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
./backup/etc/pki/rsyslog/
./backup/etc/pki/tls/
./backup/etc/pki/tls/cert.pem
./backup/etc/pki/tls/certs/
./backup/etc/pki/tls/certs/ca-bundle.crt
./backup/etc/pki/tls/certs/ca-bundle.trust.crt
./backup/etc/pki/tls/certs/Makefile
./backup/etc/pki/tls/certs/make-dummy-cert
./backup/etc/pki/tls/certs/renew-dummy-cert
./backup/etc/pki/tls/certs/localhost.crt
./backup/etc/pki/tls/misc/
./backup/etc/pki/tls/misc/CA
./backup/etc/pki/tls/misc/c_hash
./backup/etc/pki/tls/misc/c_info
./backup/etc/pki/tls/misc/c_issuer
./backup/etc/pki/tls/misc/c_name
./backup/etc/pki/tls/openssl.cnf
./backup/etc/pki/tls/private/
./backup/etc/pki/tls/private/localhost.key
./backup/etc/httpd/
./backup/etc/httpd/conf/
./backup/etc/httpd/conf/httpd.conf
./backup/etc/httpd/conf/magic
./backup/etc/httpd/conf.d/
./backup/etc/httpd/conf.d/README
./backup/etc/httpd/conf.d/userdir.conf
./backup/etc/httpd/conf.d/php.conf
./backup/etc/httpd/conf.d/ssl.conf
./backup/etc/httpd/conf.d/autoindex.conf.orig
./backup/etc/httpd/conf.d/redirectssl.conf
./backup/etc/httpd/conf.d/fpm.conf
./backup/etc/httpd/conf.d/autoindex.conf
./backup/etc/httpd/conf.d/welcome.conf
./backup/etc/httpd/conf.modules.d/
./backup/etc/httpd/conf.modules.d/00-base.conf
./backup/etc/httpd/conf.modules.d/00-dav.conf
./backup/etc/httpd/conf.modules.d/00-lua.conf
./backup/etc/httpd/conf.modules.d/00-mpm.conf
./backup/etc/httpd/conf.modules.d/00-optional.conf
./backup/etc/httpd/conf.modules.d/00-proxy.conf
./backup/etc/httpd/conf.modules.d/00-systemd.conf
./backup/etc/httpd/conf.modules.d/01-cgi.conf
./backup/etc/httpd/conf.modules.d/README
./backup/etc/httpd/conf.modules.d/15-php.conf
./backup/etc/httpd/conf.modules.d/00-ssl.conf
./backup/etc/httpd/logs
./backup/etc/httpd/modules
./backup/etc/httpd/run
./backup/etc/unbound/
./backup/etc/unbound/conf.d/
./backup/etc/unbound/conf.d/example.com.conf
./backup/etc/unbound/conf.d/forwarders.conf
./backup/etc/unbound/icannbundle.pem
./backup/etc/unbound/keys.d/
./backup/etc/unbound/keys.d/example.com.key
./backup/etc/unbound/local.d/
./backup/etc/unbound/local.d/block-example.com.conf
./backup/etc/unbound/root.key
./backup/etc/unbound/unbound.conf
./backup/etc/unbound/unbound.conf.rpmnew
./backup/etc/unbound/unbound_control.key
./backup/etc/unbound/unbound_control.pem
./backup/etc/unbound/unbound_server.key
./backup/etc/unbound/unbound_server.pem
./backup/etc/mail/
./backup/etc/mail/spamassassin/
./backup/etc/mail/spamassassin/local.cf
./backup/etc/opendkim/
./backup/etc/opendkim/keys/
./backup/etc/opendkim/KeyTable
./backup/etc/opendkim/SigningTable
./backup/etc/opendkim/TrustedHosts
./backup/etc/opendmarc.conf
./backup/etc/opendmarc/
./backup/etc/opendmarc/ignore.hosts
./backup/etc/opendmarc/public_suffix_list.dat
./backup/etc/opendmarc/public_suffix_list.dat.old
./backup/var/
./backup/var/www/
./backup/var/www/html/
./backup/var/www/html/mailscanner/
./backup/var/www/html/mailscanner/conf.php
Foreign backup detected, performing import...
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/cdb: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/ldap: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/mysql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pcre: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/pgsql: file is owned or writable by non-root users -- skipping this file
postmap: warning: /etc/postfix/dynamicmaps.cf.d/sqlite: file is owned or writable by non-root users -- skipping this file
Added new: Lockfile Dir = /var/spool/MailScanner/incoming/Locks
Added new: include /etc/MailScanner/conf.d/*

Summary
-------
Read 393 settings from old /etc/MailScanner/MailScanner.conf.original
Used 392 settings from old /etc/MailScanner/MailScanner.conf.original
Used 3 default settings from new /etc/MailScanner/MailScanner.conf.restore

ERROR 1449 (HY000) at line 1: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1449 (HY000) at line 1: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1449 (HY000) at line 1: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1449 (HY000) at line 1: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 1: 'mysql.user' is not of type 'TABLE'
Error: Database connection failed: it is possible that the database is overloaded or otherwise not running properly; contact the system administrator if the problem persists
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Phase 1/7: Checking and upgrading mysql database
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Processing databases
mysql
mysql.column_stats                                 OK
mysql.columns_priv                                 OK
mysql.db                                           OK
mysql.event                                        OK
mysql.func                                         OK
mysql.global_priv                                  OK
mysql.gtid_slave_pos                               OK
mysql.help_category                                OK
mysql.help_keyword                                 OK
mysql.help_relation                                OK
mysql.help_topic                                   OK
mysql.host                                         OK
mysql.index_stats                                  OK
mysql.innodb_index_stats                           OK
mysql.innodb_table_stats                           OK
mysql.plugin                                       OK
mysql.proc                                         OK
mysql.procs_priv                                   OK
mysql.proxies_priv                                 OK
mysql.roles_mapping                                OK
mysql.servers                                      OK
mysql.table_stats                                  OK
mysql.tables_priv                                  OK
mysql.time_zone                                    OK
mysql.time_zone_leap_second                        OK
mysql.time_zone_name                               OK
mysql.time_zone_transition                         OK
mysql.time_zone_transition_type                    OK
mysql.transaction_registry                         OK
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Phase 2/7: Installing used storage engines... Skipped
Phase 3/7: Fixing views
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
mysql.user
Error    : The user specified as a definer ('mariadb.sys'@'localhost') does not exist
error    : Corrupt
Phase 4/7: Running 'mysql_fix_privilege_tables'
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
ERROR 1347 (HY000) at line 161: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 163: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 164: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 176: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 179: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 184: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 220: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 221: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 229: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 230: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 240: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 243: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 245: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 249: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 251: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 350: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 355: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 356: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 361: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 362: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 363: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1449 (HY000) at line 365: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 370: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 371: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 376: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 377: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 382: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 385: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 386: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 388: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 389: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 390: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 391: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1449 (HY000) at line 514: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 515: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 516: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 517: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1449 (HY000) at line 584: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 585: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 586: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 591: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1449 (HY000) at line 593: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 594: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 595: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 596: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 597: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 600: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 601: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 602: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 605: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 606: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 608: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 609: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 610: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 611: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 612: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1347 (HY000) at line 613: 'mysql.user' is not of type 'BASE TABLE'
ERROR 1449 (HY000) at line 636: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 638: 'mysql.user' is not of type 'TABLE'
ERROR 1449 (HY000) at line 639: The user specified as a definer ('mariadb.sys'@'localhost') does not exist
ERROR 1347 (HY000) at line 663: 'mysql.user' is not of type 'BASE TABLE'
FATAL ERROR: Upgrade failed
Restore Complete!

A restart is needed to complete restore.  Press enter to reboot.
Press [Enter] key to continue...
There are three main flavors of error:
  • postmap: warning: /etc/postfix/dynamicmaps.cf:
  • shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
  • mysql.user (a bunch here)
What must I do to enable a successful restore of eFa with mariadb coming up properly?

Re: Migration failure CentOS 7 to Rocky 8 - restore from backup fails with mariadb [SOLVED]

Posted: 14 Jul 2023 21:21
by VAXman65
It looks like Backup & Restore Gone Wrong reported by mcit describes the same issue.

In a nutshell, running CentOS 7 with a current version of eFa resulted in the origin installation being quietly upgraded to MariaDB version 10.4.25. However, Rocky Linux 8 is not using that version of MariaDB; by default, Rocky Linux 8 AppStream repos provides MariadDB 10.3. This is a big deal because of the security changes that occurred with MariaDB 10.4 and later.

The most obvious issue was the absence of the mariadb.sys user. Restoring a database backup taken from a 10.4 system and restoring on a 10.3 system would never work because the absence of the mariadb.sys user would cause the statements like

Code: Select all

/*!50013 DEFINER=`mariadb.sys`@`localhost` SQL SECURITY DEFINER */
to fail. Even hacking around this by manually adding the user did not work for me, since there was further disagreement about whether GRANTS would be recorded in mysql.user or mysql.global_priv

Going back on the MariaDB version seemed silly anyway. So I worked to get the new version of the DB working on the system. I found the article Install MariaDB 10.x on Rocky Linux 8 that describes how to bring up a repo to get MariaDB directly. The the next problem came with a conflict between the MariaDB kits and mysql-common over a bunch of /usr/share/mysql/charsets/ files. I made the assumption that these were either going to be the same or of no significance. So forcing the issue was the order of the day here. I started off by installing the newer MariaDB from the MariaDB repo (dnf install MariaDB-server MariaDB-client), getting me version 10.5. I then tried to install mysql-common and had that fail. However, it did get me a cached copy of the rpm that I could now use. Installing that with

Code: Select all

rpm -ivh --force /var/cache/dnf/appstream-424dca19b83b71d6/packages/mysql-common-8.0.32-1.module+el8.8.0+1283+4b88a3a8.0.1.x86_64.rpm
worked just fine.

I was now in a position to execute the sudo bash build.bash and perform initial configuration. Since the database product and mysql-common were already present, eFa was happy with the yum installs skipping over them.

A couple reboots later and it was time to do the restore. This executed through to completion with fewer errors and resulted in a system that appears to be an intact copy of the original system, complete with quarantine files, etc. I am going to do more testing before I trust this completely

Re: Migration failure CentOS 7 to Rocky 8 - restore from backup fails with mariadb [SOLVED]

Posted: 28 Jul 2023 17:26
by VAXman65
Things are working well after the migration. In fact, the system appears to be functioning better at warding off unwanted email, rejecting more connections before the email event gets queued into the system (based on daily volume reports and evaluations of the messages getting through). There were a few things I did manually after the migration to get me to where I am. Properly speaking, these items all appear to be things that went wrong before the migration, or are improvements that I came up with after the migration.

I have some other updates I did to enhance Zabbix monitoring of the system. This includes enabling the Apache, mySQL and PHP-FPM dashboards, as well as some custom logic to graph the external connection rate as well as NOQUEUE events. If people are interested, I can do another post on how that works.


Bottom line is that the migration steps outlined here worked quite well to get me from CentOS 7 to Rocky 8. Rocky 9 will have to wait for gernal support of RHEL 9 derivatives to be available.


Suppress Sending Daily DMARC Reports
This was chewing up my delivery slots with the service i use to get mail actually delivered. I had earlier bypassed these in Suppress Sending Daily DMARC Reports, but they reappeared after an earlier eFa update. So I bypassed the /usr/sbin/opendmarc-reports line again and my outbound mail count is good now.

Updates to /etc/postfix configuration files
I had custom entries in /etc/postfix/header_checks to strip out the headers that would communicate the details of my internal mail routing (nobody outside my network needs know that). Some of these were keyed off of the hostname of the system which changed.

Record True Source IP in MailScanner Audit Log
This was just an out and out enhancement to my environment and Mailscanner. I have my system up and running behind and NGINX implementation. By default Mailscanner recorded audit records with the IP address of my NGINX server anytime somebody was accessing remotely. I update the NGINX Proxy Manager configuration to send through the true source with X-Forwarded-For headers. In the Mailscanner configuration file, I activated the support for parsing this information:

Code: Select all

// Reverse proxy (e.g. NGINX)
define('TRUSTED_PROXIES', array("192.168.xxx.xxx"));
define('PROXY_HEADER', 'HTTP_X_FORWARDED_FOR'); //X-Forwarded-For Header
With the true IP address available, I modified the code in /var/www/html/mailscanner/functions.php to record the true source when access was forwarded through the NGINX system. The modification to the audit_log function will re-evalupate the $Iip value if TRUSTED_PROXIES is defined (which implies there is a chance that the true source IP could be masked by the proxy).

Code: Select all

[psmode@ballantine ~]$ diff functions.php.ORIG /var/www/html/mailscanner/functions.php
916a917,921
>         //Begin eFa
>         if ($_SESSION['user_type'] == 'A' && SHOW_GREYLIST == true) {
>             $nav['grey.php'] = "greylist";
>         }
>         //End eFa
3932a3938,3942
>
>       // 20230714 pas If TRUSTED_PROXIES is defiend, get the true source IP if forwarded through proxy
>       if (defined('TRUSTED_PROXIES') && !empty(TRUSTED_PROXIES)) {
>           $ip = getHTTPClientIP();
>       }
eFa Quarantine Report URL
The Quarantine Report goes out with a URL constructed from the actual hostname of the appliance instead of the functional CNAME I have defined. This URL is constructed in /var/www/html/mailscanner/conf.php and there is no obvious way to work in a parameter to address this. For now, I am just hardcoding this and will need to remember to patch the file each time it is updated (uhg!). (obfuscated here - it is not really xxxxxxx)

Code: Select all

[psmode@ballantine ~]$ grep MAILWATCH_HOSTURL /var/www/html/mailscanner/conf.php
// 20230716 pas Manual override of MAILWATCH_HOSTURL to alias so that EFA Quarantine reports will get View URL
//define('MAILWATCH_HOSTURL', 'https://' . rtrim(gethostname()) . '/mailscanner');
define('MAILWATCH_HOSTURL', 'https://' . 'xxxxxxx.kitsnet.us' . '/mailscanner');
eFa-Tokens.cron job fails
The eFa-Tokens.cron job firing out of cron.daily was failing on every run with a message like /etc/cron.daily/eFa-Tokens.cron[490571]: Unable to open efa database, tokens not expired! This was also happening every day on my old system prior to the migration to the new. This would be another issue that either always existed or came about with an earlier eFa update.

The problem turned out to be that the MariaDB password for the eFa user was not sync'd to the value recorded in the EFASQLPWD field in /etc/eFa/eFa-Config . The solution was to reset the password in MariaDB to the value stored in the parameter file.