Public bug reported: [Availability] The package `galera-4` has been in Ubuntu universe since 19.10 (Eoan Ermine), replacing the older `galera-3` package, which itself has been available in Ubuntu since 15.10 (Wily Werewolf). The package `galera-4` builds for the architectures it is designed to work on. It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x Link to package https://launchpad.net/ubuntu/+source/galera-4
[Rationale] - The package `galera-4` is required in Ubuntu main for MariaDB high-availability (HA) clustering. - The package `galera-4` will generally be useful for a large part of our user base, particularly those deploying MariaDB in production environments requiring HA. - It is a key component for cloud deployments and enterprise setups requiring database HA. - This enables the creation of fully supported, highly available MariaDB clusters on Ubuntu. - The package `galera-4` is a runtime dependency for the clustering features of `mariadb-server`, which is concurrently proposed for inclusion in main. - There is no other/better way to solve MariaDB multi-master replication that is already in main. Galera is the canonical solution for this. - This is the first time this package will be in main. - The binary packages `galera-4` and `galera-arbitrator-4` need to be in main to provide a supported HA solution for MariaDB. The `galera-4` package provides the core replication library (`libgalera_smm.so`), while the `galera-arbitrator-4` package provides the arbitrator daemon, an important component for robust cluster deployments. - All binary packages built by the `galera-4` source package need to be in main to achieve this. [Security] - The `galera-4` source package has a clean security history with no CVEs. The older `galera` (v3) package had some vulnerabilities, but `galera-4` is a newer codebase. Security maintenance is handled by backporting fixes from upstream. While some vulnerabilities have been associated with MariaDB's use of Galera (e.g., `wsrep` API), these have been in MariaDB's codebase, not `galera-4` itself. - CVEs: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=galera - Ubuntu CVE tracker: https://ubuntu.com/security/cve?package=galera-4 - Debian Security Tracker: https://security-tracker.debian.org/tracker/source-package/galera-4 - No `suid` or `sgid` binaries. The `garbd` binary is installed in `/usr/sbin` and can be run as a non-root user. - This Galera Arbitrator daemon can be used in small clusters to avoid split-brain scenarios, but it is fully optional and requires explicit configuration to enable. - The package provides an optional service (`garbd.service`) that is not enabled by default. - The package does not open privileged ports (< 1024). The default Galera port is 4567. - The package exposes external endpoints for cluster communication. These endpoints should be protected by firewall rules. - The package contains a plugin for MariaDB, a security-sensitive application. It relies on the security features of the database server. [Quality assurance - function/usage] - The package needs post-install configuration. Setting up a database cluster is a complex task that depends on the specific network environment and desired topology. There can be no "safe" default that works out of the box. Extensive documentation is available from upstream and as part of MariaDB documentation. [Quality assurance - maintenance] - The package is actively maintained by upstream (Codership), in Debian, and in Ubuntu. The packages are maintained by the same team in both Debian and Ubuntu. - Ubuntu: https://bugs.launchpad.net/ubuntu/+source/galera-4/+bugs - Debian: https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=galera-4 - Upstream: https://github.com/codership/galera/issues - There are no known critical open bugs that would block its inclusion in main. - The package does not deal with exotic hardware we cannot support. - The package has a Stable Release Update (SRU) exception, allowing for regular microrelease updates, which demonstrates its stability and the established process for its maintenance in Ubuntu. See https://documentation.ubuntu.com/sru/en/latest/reference/exception-MariaDB-Galera-Updates/ [Quality assurance - testing] - The package runs a test suite at build time. A failure in the test suite will cause the build to fail. - Example build log: https://launchpad.net/ubuntu/+source/galera-4/26.4.23-1/+build/31080416 - The package has autopkgtests which are passing on all supported architectures. - Autopkgtest logs: https://autopkgtest.ubuntu.com/packages/g/galera-4 - The package does not have failing autopkgtests right now. - Health in Debian is good: https://tracker.debian.org/pkg/galera-4 - Autopkgtest logs: https://ci.debian.net/packages/g/galera-4/ - Salsa CI is extensive and maintained: https://salsa.debian.org/mariadb-team/galera-4/-/commits/debian/latest - Link to definition: https://git.launchpad.net/ubuntu/+source/galera-4/tree/debian/salsa-ci.yml [Quality assurance - packaging] - debian/watch is present and works. - debian/control defines a correct Maintainer field ("Ubuntu Developers <[email protected]>") for uploads in Ubuntu. - The package is maintained to the smallest details. The output of `lintian --pedantic` reports very few issues and will be attached to the bug. - Lintian overrides are not present. - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies. - The package will not be installed by default. - Packaging is standard for a C++ project using cmake. - Link to debian/rules: https://git.launchpad.net/ubuntu/+source/galera-4/tree/debian/rules [UI standards] - Application is not end-user facing (it is a database cluster replication library). - It is a server-side component and does not require a .desktop file. [Dependencies] - All runtime dependencies are in main. Running `check-mir` does not raise any issues. [Standards compliance] - This package correctly follows FHS and Debian Policy (Standards-Version: 4.7.2). [Maintenance/Owner] - I suggest the owning team to be the Ubuntu Server team. The expertise they already have in maintaining the MySQL packaging directly carries over to MariaDB/Galera packaging. I am committed to continue contributing and in general it seems that MariaDB/Galera packaging has many more contributors than MySQL packaging. - The future owning team is not yet subscribed, but will subscribe to the package before promotion. - This package does not use static builds. - This package does not use vendored code. - This package is not based on Rust or Go. - The package is regularly built in the archive. - Build history on Launchpad: https://launchpad.net/ubuntu/+source/galera-4/+publishinghistory [Background information] - The package description explains the package well. - Upstream Name: Galera Cluster - Link to upstream project: https://galeracluster.com/ (commercial/docs) and https://github.com/codership/galera (code) - The packaging is designed to replace the older `galera-3` and conflicts with other non-standard implementations (e.g., from Percona), positioning it as the canonical version for Ubuntu. - This package is the essential component to enable High Availability (HA) clustering for MariaDB, a key feature for enterprise and cloud database deployments. Its inclusion in main is critical for providing a fully supported HA database solution in Ubuntu. ** Affects: galera-4 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2122096 Title: [MIR] galera-4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/galera-4/+bug/2122096/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
