From 493bf698b2bea41fd7667f46e9429e22d9c5fa3a Mon Sep 17 00:00:00 2001 From: Suport Cloud Date: Tue, 10 Oct 2017 16:08:30 +0200 Subject: [PATCH 1/6] Actualitzar fix de Mysql 5.7 --- Dockerfile | 2 +- docker-entrypoint.sh | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e12875a..96ff67a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,7 @@ RUN apt-get update && apt-get install -y perl pwgen --no-install-recommends && r RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5 ENV MYSQL_MAJOR 5.7 -ENV MYSQL_VERSION 5.7.18-1debian8 +ENV MYSQL_VERSION 5.7.19-1debian8 RUN echo "deb http://repo.mysql.com/apt/debian/ jessie mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index b3260c9..fcf30dd 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -50,6 +50,10 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then mkdir -p "$DATADIR" + echo "hola2" + + echo "$@" + echo 'Initializing database' "$@" --initialize-insecure echo 'Database initialized' @@ -110,7 +114,10 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" fi - echo + echo hola + + echo "${mysql[@]}" + for f in /docker-entrypoint-initdb.d/*; do case "$f" in *.sh) echo "$0: running $f"; . "$f" ;; From 6b90f37235688373f4485e8e54162c185bd68856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Fernandez?= Date: Wed, 15 Nov 2017 12:22:59 +0100 Subject: [PATCH 2/6] New centos based image --- Dockerfile | 122 ++++++------------ README.md | 295 ++++++++++++++++++++++++++++++++++++++++++- custom-my.cnf | 59 --------- docker-entrypoint.sh | 282 ++++++++++++++++++++--------------------- docker-setup.sh | 9 ++ fix-permissions.sh | 15 +++ healthcheck.sh | 10 ++ run.sh | 2 - wait-for-it.sh | 154 ---------------------- 9 files changed, 505 insertions(+), 443 deletions(-) delete mode 100644 custom-my.cnf create mode 100644 docker-setup.sh create mode 100644 fix-permissions.sh create mode 100644 healthcheck.sh delete mode 100644 run.sh delete mode 100644 wait-for-it.sh diff --git a/Dockerfile b/Dockerfile index 96ff67a..e835825 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,82 +1,40 @@ -FROM debian:jessie - -MAINTAINER suport.cloud@gencat.cat - -# Aquesta imatge es basa en la imatge oficial de mysql -> https://hub.docker.com/_/mysql/ -# El docker-entrypoint s'ha de modificar pel tema de permisos de bluemix - -# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r mysql && useradd -r -g mysql mysql - -# add gosu for easy step-down from root -ENV GOSU_VERSION 1.7 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -RUN mkdir /docker-entrypoint-initdb.d -RUN mkdir /userscripts - -# FATAL ERROR: please install the following Perl modules before executing /usr/local/mysql/scripts/mysql_install_db: -# File::Basename -# File::Copy -# Sys::Hostname -# Data::Dumper -RUN apt-get update && apt-get install -y perl pwgen --no-install-recommends && rm -rf /var/lib/apt/lists/* - -# gpg: key 5072E1F5: public key "MySQL Release Engineering " imported -RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5 - -ENV MYSQL_MAJOR 5.7 -ENV MYSQL_VERSION 5.7.19-1debian8 - -RUN echo "deb http://repo.mysql.com/apt/debian/ jessie mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list - -# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql) -# also, we set debconf keys to make APT a little quieter -RUN { \ - echo mysql-community-server mysql-community-server/data-dir select ''; \ - echo mysql-community-server mysql-community-server/root-pass password ''; \ - echo mysql-community-server mysql-community-server/re-root-pass password ''; \ - echo mysql-community-server mysql-community-server/remove-test-db select false; \ - } | debconf-set-selections \ - && apt-get update && apt-get install -y mysql-server="${MYSQL_VERSION}" && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \ - && chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \ -# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime - && chmod 777 /var/run/mysqld - -COPY custom-my.cnf /etc/mysql/my.cnf - -# comment out a few problematic configuration values -# don't reverse lookup hostnames, they are usually another container -RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf \ - && echo 'skip-host-cache\nskip-name-resolve' | awk '{ print } $1 == "[mysqld]" && c == 0 { c = 1; system("cat") }' /etc/mysql/my.cnf > /tmp/my.cnf \ - && mv /tmp/my.cnf /etc/mysql/my.cnf - -VOLUME /var/lib/mysql - -EXPOSE 3306 - -COPY docker-entrypoint.sh / -RUN chmod 0755 /docker-entrypoint.sh - -ENTRYPOINT ["/docker-entrypoint.sh"] - -#Ftixer d'entrada -COPY run.sh /entrypoint.sh -RUN chmod 0755 /entrypoint.sh - -#Copiem el fitxer wait-for-it -COPY wait-for-it.sh / -RUN chmod 0755 /wait-for-it.sh - -CMD ["/entrypoint.sh"] +FROM oraclelinux:7-slim + +ARG PACKAGE_URL=https://repo.mysql.com/yum/mysql-5.7-community/docker/x86_64/mysql-community-server-minimal-5.7.20-1.el7.x86_64.rpm +ARG PACKAGE_URL_SHELL=https://repo.mysql.com/yum/mysql-tools-community/el/7/x86_64/mysql-shell-1.0.10-1.el7.x86_64.rpm + +ENV MYSQL_LOG=/var/log/mysqld.log + +# Install server +RUN rpmkeys --import https://repo.mysql.com/RPM-GPG-KEY-mysql \ + && yum install -y $PACKAGE_URL $PACKAGE_URL_SHELL \ + && yum clean all \ + && rm -rf /var/cache/yum \ + && mkdir /var/lib/mysql-health \ + && mkdir /docker-entrypoint-initdb.d + +VOLUME /var/lib/mysql + +COPY docker-entrypoint.sh /entrypoint.sh +COPY healthcheck.sh /var/lib/mysql-health/healthcheck.sh +COPY fix-permissions.sh /fix-permissions.sh + +RUN chmod a+x /*.sh /var/lib/mysql-health/healthcheck.sh + +COPY docker-setup.sh / +RUN chmod a+x /docker-setup.sh \ + && /docker-setup.sh /var/lib/mysql \ + && /docker-setup.sh /var/run/mysqld \ + && /docker-setup.sh /var/lib/mysql-files \ + && /docker-setup.sh /var/lib/mysql-health \ + && /docker-setup.sh /var/log \ + && ln -sf /dev/stdout ${MYSQL_LOG} + +RUN sed -i -e "s%datadir=/var/lib/mysql%datadir=/var/lib/mysql/data%g" /etc/my.cnf + +ENTRYPOINT ["/fix-permissions.sh","/entrypoint.sh"] +HEALTHCHECK CMD /var/lib/mysql-health/healthcheck.sh + +EXPOSE 3306 + +CMD ["mysqld"] \ No newline at end of file diff --git a/README.md b/README.md index 96c950d..951bcf1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,294 @@ -# MySQL Docker Image +# What is MySQL? -This is the official MySQL Docker Image based on Debian for Gencat applications +MySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services, all the way to high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more. -[![](https://images.microbadger.com/badges/image/gencatcloud/mysql.svg)](https://microbadger.com/images/gencatcloud/mysql "Get your own image badge on microbadger.com") +For more information and related downloads for MySQL Server and other MySQL products, please visit [www.mysql.com](http://www.mysql.com). + +![logo](https://raw.githubusercontent.com/docker-library/docs/c408469abbac35ad1e4a50a6618836420eb9502e/mysql/logo.png) + +# Compatibility + +This docker image is compatible with: +* docker +* docker-compose +* Kubernetes +* Openshift + +# How to use this image + +## Start a `mysql` server instance + +Starting a MySQL instance is simple: + +```console +$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:tag +``` + +... where `some-mysql` is the name you want to assign to your container, `my-secret-pw` is the password to be set for the MySQL root user and `tag` is the tag specifying the MySQL version you want. See the list above for relevant tags. + +## Connect to MySQL from an application in another Docker container + +This image exposes the standard MySQL port (3306), so container linking makes the MySQL instance available to other application containers. Start your application container like this in order to link it to the MySQL container: + +```console +$ docker run --name some-app --link some-mysql:mysql -d application-that-uses-mysql +``` + +## Connect to MySQL from the MySQL command line client + +The following command starts another `mysql` container instance and runs the `mysql` command line client against your original `mysql` container, allowing you to execute SQL statements against your database instance: + +```console +$ docker run -it --link some-mysql:mysql --rm mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"' +``` + +... where `some-mysql` is the name of your original `mysql` container. + +This image can also be used as a client for non-Docker or remote MySQL instances: + +```console +$ docker run -it --rm mysql mysql -hsome.mysql.host -usome-mysql-user -p +``` + +More information about the MySQL command line client can be found in the [MySQL documentation](http://dev.mysql.com/doc/en/mysql.html) + +## ... via [`docker stack deploy`](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [`docker-compose`](https://github.com/docker/compose) + +Example `stack.yml` for `mysql`: + +```yaml +# Use root/example as user/password credentials +version: '3.1' + +services: + + db: + image: suportcloud/mysql:5.7 + restart: always + environment: + MYSQL_ROOT_PASSWORD: example + + adminer: + image: adminer + restart: always + ports: + - 8080:8080 +``` + +## ... via `openshift` + +DeploymentConfig example `mysql-dc.yml` for `mysql`: + +```yaml +apiVersion: v1 +kind: DeploymentConfig +metadata: + name: mysql + namespace: project-name + labels: + app: mysql +spec: + strategy: + type: Rolling + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: + limits: + cpu: '0' + memory: '0' + requests: + cpu: '0' + memory: '0' + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - mysql + from: + kind: ImageStreamTag + namespace: project-name + name: 'mysql:5.7' + replicas: 1 + test: false + selector: + app: mysql + deploymentconfig: mysql + template: + metadata: + labels: + app: mysql + deploymentconfig: mysql + spec: + volumes: + - name: mysql-vol + persistentVolumeClaim: + claimName: mysql-pv-claim + containers: + - name: mysql + image: project-name/my-sql:5.7 + ports: + - containerPort: 3306 + protocol: TCP + env: + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: 'yes' + - name: MYSQL_ROOT_HOST + value: '%' + resources: + limits: + cpu: 50m + memory: 256Mi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - name: mysql-vol + mountPath: /var/lib/mysql + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 +``` + +## Container shell access and viewing MySQL logs + +The `docker exec` command allows you to run commands inside a Docker container. The following command line will give you a bash shell inside your `mysql` container: + +```console +$ docker exec -it some-mysql bash +``` + +The MySQL Server log is available through Docker's container log: + +```console +$ docker logs some-mysql +``` + +## Using a custom MySQL configuration file + +The MySQL startup configuration is specified in the file `/etc/mysql/my.cnf`, and that file in turn includes any files found in the `/etc/mysql/conf.d` directory that end with `.cnf`. Settings in files in this directory will augment and/or override settings in `/etc/mysql/my.cnf`. If you want to use a customized MySQL configuration, you can create your alternative configuration file in a directory on the host machine and then mount that directory location as `/etc/mysql/conf.d` inside the `mysql` container. + +If `/my/custom/config-file.cnf` is the path and name of your custom configuration file, you can start your `mysql` container like this (note that only the directory path of the custom config file is used in this command): + +```console +$ docker run --name some-mysql -v /my/custom:/etc/mysql/conf.d -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:tag +``` + +This will start a new container `some-mysql` where the MySQL instance uses the combined startup settings from `/etc/mysql/my.cnf` and `/etc/mysql/conf.d/config-file.cnf`, with settings from the latter taking precedence. + +Note that users on host systems with SELinux enabled may see issues with this. The current workaround is to assign the relevant SELinux policy type to your new config file so that the container will be allowed to mount it: + +```console +$ chcon -Rt svirt_sandbox_file_t /my/custom +``` + +### Configuration without a `cnf` file + +Many configuration options can be passed as flags to `mysqld`. This will give you the flexibility to customize the container without needing a `cnf` file. For example, if you want to change the default encoding and collation for all tables to use UTF-8 (`utf8mb4`) just run the following: + +```console +$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:tag --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci +``` + +If you would like to see a complete list of available options, just run: + +```console +$ docker run -it --rm mysql:tag --verbose --help +``` + +## Environment Variables + +When you start the `mysql` image, you can adjust the configuration of the MySQL instance by passing one or more environment variables on the `docker run` command line. Do note that none of the variables below will have any effect if you start the container with a data directory that already contains a database: any pre-existing database will always be left untouched on container startup. + +### `MYSQL_ROOT_PASSWORD` + +This variable is mandatory and specifies the password that will be set for the MySQL `root` superuser account. In the above example, it was set to `my-secret-pw`. + +### `MYSQL_DATABASE` + +This variable is optional and allows you to specify the name of a database to be created on image startup. If a user/password was supplied (see below) then that user will be granted superuser access ([corresponding to `GRANT ALL`](http://dev.mysql.com/doc/en/adding-users.html)) to this database. + +### `MYSQL_USER`, `MYSQL_PASSWORD` + +These variables are optional, used in conjunction to create a new user and to set that user's password. This user will be granted superuser permissions (see above) for the database specified by the `MYSQL_DATABASE` variable. Both variables are required for a user to be created. + +Do note that there is no need to use this mechanism to create the root superuser, that user gets created by default with the password specified by the `MYSQL_ROOT_PASSWORD` variable. + +### `MYSQL_ALLOW_EMPTY_PASSWORD` + +This is an optional variable. Set to `yes` to allow the container to be started with a blank password for the root user. *NOTE*: Setting this variable to `yes` is not recommended unless you really know what you are doing, since this will leave your MySQL instance completely unprotected, allowing anyone to gain complete superuser access. + +### `MYSQL_RANDOM_ROOT_PASSWORD` + +This is an optional variable. Set to `yes` to generate a random initial password for the root user (using `pwgen`). The generated root password will be printed to stdout (`GENERATED ROOT PASSWORD: .....`). + +### `MYSQL_ONETIME_PASSWORD` + +Sets root (*not* the user specified in `MYSQL_USER`!) user as expired once init is complete, forcing a password change on first login. *NOTE*: This feature is supported on MySQL 5.6+ only. Using this option on MySQL 5.5 will throw an appropriate error during initialization. + +### `MYSQL_ROOT_HOST` + +Sets the host accessible with `root` user. If not informed only localhost can access to database with root user. Set to `%` allow all remote hosts access with root user. + + + +## Docker Secrets + +As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in `/run/secrets/` files. For example: + +```console +$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mysql:tag +``` + +Currently, this is only supported for `MYSQL_ROOT_PASSWORD`, `MYSQL_ROOT_HOST`, `MYSQL_DATABASE`, `MYSQL_USER`, and `MYSQL_PASSWORD`. + +# Initializing a fresh instance + +When a container is started for the first time, a new database with the specified name will be created and initialized with the provided configuration variables. Furthermore, it will execute files with extensions `.sh`, `.sql` and `.sql.gz` that are found in `/docker-entrypoint-initdb.d`. Files will be executed in alphabetical order. You can easily populate your `mysql` services by [mounting a SQL dump into that directory](https://docs.docker.com/engine/tutorials/dockervolumes/#mount-a-host-file-as-a-data-volume) and provide [custom images](https://docs.docker.com/reference/builder/) with contributed data. SQL files will be imported by default to the database specified by the `MYSQL_DATABASE` variable. + +# Caveats + +## Where to Store Data + +Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the `mysql` images to familiarize themselves with the options available, including: + +- Let Docker manage the storage of your database data [by writing the database files to disk on the host system using its own internal volume management](https://docs.docker.com/engine/tutorials/dockervolumes/#adding-a-data-volume). This is the default and is easy and fairly transparent to the user. The downside is that the files may be hard to locate for tools and applications that run directly on the host system, i.e. outside containers. +- Create a data directory on the host system (outside the container) and [mount this to a directory visible from inside the container](https://docs.docker.com/engine/tutorials/dockervolumes/#mount-a-host-directory-as-a-data-volume). This places the database files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The downside is that the user needs to make sure that the directory exists, and that e.g. directory permissions and other security mechanisms on the host system are set up correctly. + +The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above: + +1. Create a data directory on a suitable volume on your host system, e.g. `/my/own/datadir`. +2. Start your `mysql` container like this: + + ```console + $ docker run --name some-mysql -v /my/own/datadir:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:tag + ``` + +The `-v /my/own/datadir:/var/lib/mysql` part of the command mounts the `/my/own/datadir` directory from the underlying host system as `/var/lib/mysql` inside the container, where MySQL by default will write its data files. + +Note that users on host systems with SELinux enabled may see issues with this. The current workaround is to assign the relevant SELinux policy type to the new data directory so that the container will be allowed to access it: + +```console +$ chcon -Rt svirt_sandbox_file_t /my/own/datadir +``` + +## No connections until MySQL init completes + +If there is no database initialized when the container starts, then a default database will be created. While this is the expected behavior, this means that it will not accept incoming connections until such initialization completes. This may cause issues when using automation tools, such as `docker-compose`, which start several containers simultaneously. + +## Usage against an existing database + +If you start your `mysql` container instance with a data directory that already contains a database (specifically, a `mysql` subdirectory), the `$MYSQL_ROOT_PASSWORD` variable should be omitted from the run command line; it will in any case be ignored, and the pre-existing database will not be changed in any way. + +## Creating database dumps + +Most of the normal tools will work, although their usage might be a little convoluted in some cases to ensure they have access to the `mysqld` server. A simple way to ensure this is to use `docker exec` and run the tool from the same container, similar to the following: + +```console +$ docker exec some-mysql sh -c 'exec mysqldump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > /some/path/on/your/host/all-databases.sql +``` diff --git a/custom-my.cnf b/custom-my.cnf deleted file mode 100644 index 6e1234b..0000000 --- a/custom-my.cnf +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - -# -# The MySQL Community Server configuration file. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -[client] -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -[mysqld_safe] -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -nice = 0 - -[mysqld] -skip-host-cache -skip-name-resolve -user = root -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = 3306 -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -lc-messages-dir = /usr/share/mysql -explicit_defaults_for_timestamp - -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -#bind-address = 127.0.0.1 - -#log-error = /var/log/mysql/error.log - -# Recommended in standard MySQL setup -sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES - -# Disabling symbolic-links is recommended to prevent assorted security risks -symbolic-links=0 - -# * IMPORTANT: Additional settings that can override those from this file! -# The files must end with '.cnf', otherwise they'll be ignored. -# -!includedir /etc/mysql/conf.d/ \ No newline at end of file diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index fcf30dd..73e2b9c 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,102 +1,118 @@ #!/bin/bash -set -eo pipefail - -# Admincloud: S'afegeix aquest bloc per a poder posar el CMD["/entrypoint"] -if [ "$1" = "/entrypoint.sh" ]; then - set -- mysqld -fi -# Admincloud: Fi +set -e + +echo "[Entrypoint] MySQL Docker Image 5.7.20-1.1.2" +# Fetch value from server config +# We use mysqld --verbose --help instead of my_print_defaults because the +# latter only show values present in config files, and not server defaults +_get_config() { + local conf="$1"; shift + "$@" --verbose --help 2>/dev/null | grep "^$conf" | awk '$1 == "'"$conf"'" { print $2; exit }' +} -# if command starts with an option, prepend mysqld +# If command starts with an option, prepend mysqld +# This allows users to add command-line options without +# needing to specify the "mysqld" command if [ "${1:0:1}" = '-' ]; then set -- mysqld "$@" fi -# skip setup if they want an option that stops mysqld -wantHelp= -for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac -done - -_datadir() { - "$@" --verbose --help 2>/dev/null | awk '$1 == "datadir" { print $2; exit }' -} - -# allow the container to be started with `--user` -if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - DATADIR="$(_datadir "$@")" - mkdir -p "$DATADIR" - # Admincloud: Es comenta aquest bloc per a executar sempre com a root, per treballar amb volums a bluemix - #chown -R mysql:mysql "$DATADIR" - #exec gosu mysql "$BASH_SOURCE" "$@" - # Admincloud: Fi -fi +if [ "$1" = 'mysqld' ]; then + # Test that the server can start. We redirect stdout to /dev/null so + # only the error messages are left. + result=0 + output=$("$@" --verbose --help 2>&1 > /dev/null) || result=$? + if [ ! "$result" = "0" ]; then + echo >&2 '[Entrypoint] ERROR: Unable to start MySQL. Please check your configuration.' + echo >&2 "[Entrypoint] $output" + exit 1 + fi -if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then # Get config - DATADIR="$(_datadir "$@")" + DATADIR="$(_get_config 'datadir' "$@")" + SOCKET="$(_get_config 'socket' "$@")" + + if [ -n "$MYSQL_LOG_CONSOLE" ] || [ -n "" ]; then + # Don't touch bind-mounted config files + if ! cat /proc/1/mounts | grep "etc/my.cnf"; then + sed -i 's/^log-error=/#&/' /etc/my.cnf + fi + fi if [ ! -d "$DATADIR/mysql" ]; then + # If the password variable is a filename we use the contents of the file. We + # read this first to make sure that a proper error is generated for empty files. + if [ -f "$MYSQL_ROOT_PASSWORD" ]; then + MYSQL_ROOT_PASSWORD="$(cat $MYSQL_ROOT_PASSWORD)" + if [ -z "$MYSQL_ROOT_PASSWORD" ]; then + echo >&2 '[Entrypoint] Empty MYSQL_ROOT_PASSWORD file specified.' + exit 1 + fi + fi if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 + echo >&2 '[Entrypoint] No password option specified for new database.' + echo >&2 '[Entrypoint] A random onetime password will be generated.' + MYSQL_RANDOM_ROOT_PASSWORD=true + MYSQL_ONETIME_PASSWORD=true fi - mkdir -p "$DATADIR" - echo "hola2" - - echo "$@" - - echo 'Initializing database' + echo '[Entrypoint] Initializing database' "$@" --initialize-insecure - echo 'Database initialized' - - "$@" --skip-networking & - pid="$!" - - mysql=( mysql --protocol=socket -uroot ) - - for i in {30..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break + echo '[Entrypoint] Database initialized' + + "$@" --daemonize --skip-networking --socket="$SOCKET" + + # To avoid using password on commandline, put it in a temporary file. + # The file is only populated when and if the root password is set. + PASSFILE=$(mktemp -u /var/lib/mysql-files/XXXXXXXXXX) + install /dev/null "$PASSFILE" + # Define the client command used throughout the script + # "SET @@SESSION.SQL_LOG_BIN=0;" is required for products like group replication to work properly + mysql=( mysql --defaults-extra-file="$PASSFILE" --protocol=socket -uroot -hlocalhost --socket="$SOCKET" --init-command="SET @@SESSION.SQL_LOG_BIN=0;") + + if [ ! -z "" ]; + then + for i in {30..0}; do + if mysqladmin --socket="$SOCKET" ping &>/dev/null; then + break + fi + echo '[Entrypoint] Waiting for server...' + sleep 1 + done + if [ "$i" = 0 ]; then + echo >&2 '[Entrypoint] Timeout during MySQL init.' + exit 1 fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql fi + mysql_tzinfo_to_sql /usr/share/zoneinfo | "${mysql[@]}" mysql + if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + MYSQL_ROOT_PASSWORD="$(date +%s | sha256sum | base64 | head -c 32 ; echo)" + echo "[Entrypoint] GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + if [ -z "$MYSQL_ROOT_HOST" ]; then + ROOTCREATE="ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}';" + else + ROOTCREATE="ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}'; \ + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}'; \ + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; \ + GRANT PROXY ON ''@'' TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;" fi "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - DELETE FROM mysql.user ; - CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; - DROP DATABASE IF EXISTS test ; + DELETE FROM mysql.user WHERE user NOT IN ('mysql.session', 'mysql.sys', 'root') OR host NOT IN ('localhost'); + CREATE USER 'healthchecker'@'localhost' IDENTIFIED BY 'healthcheckpass'; + ${ROOTCREATE} FLUSH PRIVILEGES ; EOSQL - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) + # Put the password into the temporary config file + cat >"$PASSFILE" <&2 'MySQL init process failed.' - exit 1 - fi - - echo - echo 'MySQL init process done. Ready for start up.' - echo - fi - -fi - -if [ -n "$(ls -A /userscripts/)" ]; then - echo "xecutem els scritps d'usuari" - ##Executem els scritps d'usuari - "$@" --skip-networking & - pid="$!" - mysql=( mysql --protocol=socket -uroot ) + # When using a local socket, mysqladmin shutdown will only complete when the server is actually down + mysqladmin --defaults-extra-file="$PASSFILE" shutdown -uroot --socket="$SOCKET" + rm -f "$PASSFILE" + unset PASSFILE + echo "[Entrypoint] Server shut down" - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi - - for i in {30..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break + # This needs to be done outside the normal init, since mysqladmin shutdown will not work after + if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then + if [ -z "yes" ]; then + echo "[Entrypoint] User expiration is only supported in MySQL 5.6+" + else + echo "[Entrypoint] Setting root user as expired. Password will need to be changed before database can be used." + SQL=$(mktemp -u /var/lib/mysql-files/XXXXXXXXXX) + install /dev/null -m0600 -omysql -gmysql "$SQL" + if [ ! -z "$MYSQL_ROOT_HOST" ]; then + cat << EOF > "$SQL" +ALTER USER 'root'@'${MYSQL_ROOT_HOST}' PASSWORD EXPIRE; +ALTER USER 'root'@'localhost' PASSWORD EXPIRE; +EOF + else + cat << EOF > "$SQL" +ALTER USER 'root'@'localhost' PASSWORD EXPIRE; +EOF + fi + set -- "$@" --init-file="$SQL" + unset SQL + fi fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - - for f in /userscripts/*; do - case "$f" in - *.sh) echo "running $f"; . "$f" ;; - *.sql) echo "running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "ignoring $f" ;; - esac echo - done - - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 + echo '[Entrypoint] MySQL init process done. Ready for start up.' + echo fi - echo - echo 'Scripts usuaris done. Ready for start up.' - echo + # Used by healthcheck to make sure it doesn't mistakenly report container + # healthy during startup + # Put the password into the temporary config file + touch /var/lib/mysql-health/healthcheck.cnf + cat >"/var/lib/mysql-health/healthcheck.cnf" <&2; fi } - -usage() -{ - cat << USAGE >&2 -Usage: - $cmdname host:port [-s] [-t timeout] [-- command args] - -h HOST | --host=HOST Host or IP under test - -p PORT | --port=PORT TCP port under test - Alternatively, you specify the host and port as host:port - -s | --strict Only execute subcommand if the test succeeds - -q | --quiet Don't output any status messages - -t TIMEOUT | --timeout=TIMEOUT - Timeout in seconds, zero for no timeout - -- COMMAND ARGS Execute command with args after the test finishes -USAGE - exit 1 -} -wait_for() -{ - if [[ $TIMEOUT -gt 0 ]]; then - echoerr "$cmdname: waiting $TIMEOUT seconds for $HOST:$PORT" - else - echoerr "$cmdname: waiting for $HOST:$PORT without a timeout" - fi - start_ts=$(date +%s) - while : - do - (echo > /dev/tcp/$HOST/$PORT) >/dev/null 2>&1 - result=$? - if [[ $result -eq 0 ]]; then - end_ts=$(date +%s) - echoerr "$cmdname: $HOST:$PORT is available after $((end_ts - start_ts)) seconds" - break - fi - sleep 1 - done - return $result -} -wait_for_wrapper() -{ - # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692 - if [[ $QUIET -eq 1 ]]; then - timeout $TIMEOUT $0 --quiet --child --host=$HOST --port=$PORT --timeout=$TIMEOUT & - else - timeout $TIMEOUT $0 --child --host=$HOST --port=$PORT --timeout=$TIMEOUT & - fi - PID=$! - trap "kill -INT -$PID" INT - wait $PID - RESULT=$? - if [[ $RESULT -ne 0 ]]; then - echoerr "$cmdname: timeout occurred after waiting $TIMEOUT seconds for $HOST:$PORT" - fi - return $RESULT -} -# process arguments -while [[ $# -gt 0 ]] -do - case "$1" in - *:* ) - hostport=(${1//:/ }) - HOST=${hostport[0]} - PORT=${hostport[1]} - shift 1 - ;; - --child) - CHILD=1 - shift 1 - ;; - -q | --quiet) - QUIET=1 - shift 1 - ;; - -s | --strict) - STRICT=1 - shift 1 - ;; - -h) - HOST="$2" - if [[ $HOST == "" ]]; then break; fi - shift 2 - ;; - --host=*) - HOST="${1#*=}" - shift 1 - ;; - -p) - PORT="$2" - if [[ $PORT == "" ]]; then break; fi - shift 2 - ;; - --port=*) - PORT="${1#*=}" - shift 1 - ;; - -t) - TIMEOUT="$2" - if [[ $TIMEOUT == "" ]]; then break; fi - shift 2 - ;; - --timeout=*) - TIMEOUT="${1#*=}" - shift 1 - ;; - --) - shift - CLI="$@" - break - ;; - --help) - usage - ;; - *) - echoerr "Unknown argument: $1" - usage - ;; - esac -done -if [[ "$HOST" == "" || "$PORT" == "" ]]; then - echoerr "Error: you need to provide a host and port to test." - usage -fi -TIMEOUT=${TIMEOUT:-15} -STRICT=${STRICT:-0} -CHILD=${CHILD:-0} -QUIET=${QUIET:-0} -if [[ $CHILD -gt 0 ]]; then - wait_for - RESULT=$? - exit $RESULT -else - if [[ $TIMEOUT -gt 0 ]]; then - wait_for_wrapper - RESULT=$? - else - wait_for - RESULT=$? - fi -fi -if [[ $CLI != "" ]]; then - if [[ $RESULT -ne 0 && $STRICT -eq 1 ]]; then - echoerr "$cmdname: strict mode, refusing to execute subprocess" - exit $RESULT - fi - exec $CLI -else - exit $RESULT -fi \ No newline at end of file From 3218708adc0ca55befbb564e31842e86028fe48e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Fernandez?= Date: Wed, 15 Nov 2017 12:34:29 +0100 Subject: [PATCH 3/6] =?UTF-8?q?Fix=20=E2=80=9CText=20File=20Busy"=20in=20d?= =?UTF-8?q?ockerhub?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e835825..1e2bad2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,12 +18,11 @@ VOLUME /var/lib/mysql COPY docker-entrypoint.sh /entrypoint.sh COPY healthcheck.sh /var/lib/mysql-health/healthcheck.sh COPY fix-permissions.sh /fix-permissions.sh +COPY docker-setup.sh /docker-setup.sh RUN chmod a+x /*.sh /var/lib/mysql-health/healthcheck.sh -COPY docker-setup.sh / -RUN chmod a+x /docker-setup.sh \ - && /docker-setup.sh /var/lib/mysql \ +RUN /docker-setup.sh /var/lib/mysql \ && /docker-setup.sh /var/run/mysqld \ && /docker-setup.sh /var/lib/mysql-files \ && /docker-setup.sh /var/lib/mysql-health \ From b0acb846c79a9fd2fdaac3e820d6358277b1e23b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Fernandez?= Date: Tue, 5 Dec 2017 11:01:06 +0100 Subject: [PATCH 4/6] Fixed socket bug --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1e2bad2..b416e93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,8 @@ RUN /docker-setup.sh /var/lib/mysql \ && /docker-setup.sh /var/log \ && ln -sf /dev/stdout ${MYSQL_LOG} -RUN sed -i -e "s%datadir=/var/lib/mysql%datadir=/var/lib/mysql/data%g" /etc/my.cnf +RUN sed -i -e "s%datadir=/var/lib/mysql%datadir=/var/lib/mysql/data%g" /etc/my.cnf \ + && sed -i -e "s%socket=/var/lib/mysql/mysql.sock%socket=/var/run/mysqld/mysql.sock%g" /etc/my.cnf ENTRYPOINT ["/fix-permissions.sh","/entrypoint.sh"] HEALTHCHECK CMD /var/lib/mysql-health/healthcheck.sh From 498937c996ca3a367be52f01fe9190f1c05c7fc0 Mon Sep 17 00:00:00 2001 From: asamo7 Date: Tue, 5 Dec 2017 15:01:16 +0100 Subject: [PATCH 5/6] =?UTF-8?q?Solucionada=20incid=C3=A8ncia=20amb=20creac?= =?UTF-8?q?i=C3=B3=20d'usuari=20MYSQL=5FUSER?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-entrypoint.sh | 5 ++--- fix-permissions.sh | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 73e2b9c..2a64391 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -121,10 +121,9 @@ EOF fi if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '"$MYSQL_USER"'@'%' IDENTIFIED BY '"$MYSQL_PASSWORD"' ;" | "${mysql[@]}" - + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`"$MYSQL_DATABASE"\`.* TO '"$MYSQL_USER"'@'%' ;" | "${mysql[@]}" + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" fi echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" diff --git a/fix-permissions.sh b/fix-permissions.sh index d37a908..146b8ad 100644 --- a/fix-permissions.sh +++ b/fix-permissions.sh @@ -1,14 +1,14 @@ #!/bin/bash set -e -MYSQL_USER=mysql +MYSQL_OS_USER=mysql [[ "$UID" ]] || UID=$(id -u) if [ $UID -eq 0 ] ; then chmod a+rw /var/log/mysqld.log - chown -R $MYSQL_USER: /var/run/mysqld/ + chown -R $MYSQL_OS_USER: /var/run/mysqld/ fi From 3e6fb1f7f44db3070cfdc7ad8a39287d2167fe97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Fernandez?= Date: Mon, 11 Dec 2017 12:42:43 +0100 Subject: [PATCH 6/6] Added standard socket Minor fixes --- docker-entrypoint.sh | 3 +++ fix-permissions.sh | 1 + 2 files changed, 4 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 2a64391..be5085a 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -186,6 +186,9 @@ password=healthcheckpass EOF touch /var/lib/mysql-health/mysql-init-complete echo "[Entrypoint] Starting MySQL 5.7.20-1.1.2" + # Link to default sock + rm -rf /var/lib/mysql/mysql.sock + ln -s /var/run/mysqld/mysql.sock /var/lib/mysql/mysql.sock fi exec "$@" diff --git a/fix-permissions.sh b/fix-permissions.sh index 146b8ad..a6b032b 100644 --- a/fix-permissions.sh +++ b/fix-permissions.sh @@ -9,6 +9,7 @@ if [ $UID -eq 0 ] ; then chmod a+rw /var/log/mysqld.log chown -R $MYSQL_OS_USER: /var/run/mysqld/ + chown -R $MYSQL_OS_USER: /var/lib/mysql* fi