[info=c9c2b5a8ace987b474100fef95b609ae]
OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/mariadb-image?expand=0&rev=23
This commit is contained in:
Git OBS Bridge
parent
742b0e8aef
commit
06731744cf
@ -205,6 +205,15 @@ docker_create_db_directories() {
|
||||
find "$DATADIR" \! -user mysql -exec chown mysql: '{}' +
|
||||
# See https://github.com/MariaDB/mariadb-docker/issues/363
|
||||
find "${SOCKET%/*}" -maxdepth 0 \! -user mysql -exec chown mysql: '{}' \;
|
||||
|
||||
# memory.pressure
|
||||
local cgroup; cgroup=$(</proc/self/cgroup)
|
||||
local mempressure="/sys/fs/cgroup/${cgroup:3}/memory.pressure"
|
||||
if [ -w "$mempressure" ]; then
|
||||
chown mysql: "$mempressure" || mysql_warn "unable to change ownership of $mempressure, functionality unavailable to MariaDB"
|
||||
else
|
||||
mysql_warn "$mempressure not writable, functionality unavailable to MariaDB"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
@ -315,6 +324,29 @@ create_replica_user() {
|
||||
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
|
||||
}
|
||||
|
||||
# Create healthcheck users
|
||||
create_healthcheck_users() {
|
||||
local healthCheckGrant=USAGE
|
||||
local healthCheckConnectPass
|
||||
local healthCheckConnectPassEscaped
|
||||
healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
|
||||
healthCheckConnectPassEscaped=$(docker_sql_escape_string_literal "${healthCheckConnectPass}")
|
||||
if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
|
||||
healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
|
||||
fi
|
||||
for host in 127.0.0.1 ::1 localhost; do
|
||||
echo "CREATE USER IF NOT EXISTS healthcheck@'$host' IDENTIFIED BY '$healthCheckConnectPassEscaped';"
|
||||
# doing this so if the users exists, we're just setting the password, and not replacing the existing grants
|
||||
echo "SET PASSWORD FOR healthcheck@'$host' = PASSWORD('$healthCheckConnectPassEscaped');"
|
||||
echo "GRANT $healthCheckGrant ON *.* TO healthcheck@'$host';"
|
||||
done
|
||||
local maskPreserve
|
||||
maskPreserve=$(umask -p)
|
||||
umask 0077
|
||||
echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf
|
||||
$maskPreserve
|
||||
}
|
||||
|
||||
# Initializes database with timezone info and root password, plus optional extra db/user
|
||||
docker_setup_db() {
|
||||
# Load timezone info into database
|
||||
@ -375,28 +407,8 @@ docker_setup_db() {
|
||||
fi
|
||||
fi
|
||||
|
||||
local healthCheckUser
|
||||
local healthCheckGrant=USAGE
|
||||
local healthCheckConnectPass
|
||||
local healthCheckConnectPassEscaped
|
||||
healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
|
||||
healthCheckConnectPassEscaped=$( docker_sql_escape_string_literal "${healthCheckConnectPass}" )
|
||||
if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
|
||||
healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
|
||||
fi
|
||||
read -r -d '' healthCheckUser <<-EOSQL || true
|
||||
CREATE USER healthcheck@'127.0.0.1' IDENTIFIED BY '$healthCheckConnectPassEscaped';
|
||||
CREATE USER healthcheck@'::1' IDENTIFIED BY '$healthCheckConnectPassEscaped';
|
||||
CREATE USER healthcheck@localhost IDENTIFIED BY '$healthCheckConnectPassEscaped';
|
||||
GRANT $healthCheckGrant ON *.* TO healthcheck@'127.0.0.1';
|
||||
GRANT $healthCheckGrant ON *.* TO healthcheck@'::1';
|
||||
GRANT $healthCheckGrant ON *.* TO healthcheck@localhost;
|
||||
EOSQL
|
||||
local maskPreserve
|
||||
maskPreserve=$(umask -p)
|
||||
umask 0077
|
||||
echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf
|
||||
$maskPreserve
|
||||
local createHealthCheckUsers
|
||||
createHealthCheckUsers=$(create_healthcheck_users)
|
||||
|
||||
local rootLocalhostPass=
|
||||
if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then
|
||||
@ -467,7 +479,7 @@ docker_setup_db() {
|
||||
${rootCreate}
|
||||
${mysqlAtLocalhost}
|
||||
${mysqlAtLocalhostGrants}
|
||||
${healthCheckUser}
|
||||
${createHealthCheckUsers}
|
||||
-- end of securing system users, rest of init now...
|
||||
SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin;
|
||||
-- create users/databases
|
||||
@ -568,7 +580,7 @@ docker_mariadb_backup_system()
|
||||
docker_mariadb_upgrade() {
|
||||
if [ -z "$MARIADB_AUTO_UPGRADE" ] \
|
||||
|| [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then
|
||||
mysql_note "MariaDB upgrade (mysql_upgrade) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
|
||||
mysql_note "MariaDB upgrade (mysql_upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
|
||||
return
|
||||
fi
|
||||
mysql_note "Starting temporary server"
|
||||
@ -579,6 +591,33 @@ docker_mariadb_upgrade() {
|
||||
|
||||
docker_mariadb_backup_system
|
||||
|
||||
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
|
||||
mysql_note "Creating healthcheck users"
|
||||
local createHealthCheckUsers
|
||||
createHealthCheckUsers=$(create_healthcheck_users)
|
||||
docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
|
||||
-- Healthcheck users shouldn't be replicated
|
||||
SET @@SESSION.SQL_LOG_BIN=0;
|
||||
-- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
|
||||
SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
|
||||
FLUSH PRIVILEGES;
|
||||
$createHealthCheckUsers
|
||||
EOSQL
|
||||
mysql_note "Stopping temporary server"
|
||||
docker_temp_server_stop
|
||||
mysql_note "Temporary server stopped"
|
||||
|
||||
if _check_if_upgrade_is_needed; then
|
||||
# need a restart as FLUSH PRIVILEGES isn't reversable
|
||||
mysql_note "Restarting temporary server for upgrade"
|
||||
docker_temp_server_start "$@" --skip-grant-tables \
|
||||
--loose-innodb_buffer_pool_dump_at_shutdown=0 \
|
||||
--skip-slave-start
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
mysql_note "Starting mariadb-upgrade"
|
||||
mysql_upgrade --upgrade-system-tables
|
||||
mysql_note "Finished mariadb-upgrade"
|
||||
@ -604,6 +643,10 @@ _check_if_upgrade_is_needed() {
|
||||
|| [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then
|
||||
return 0
|
||||
fi
|
||||
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
|
||||
mysql_note "MariaDB heathcheck configation file missing, assuming desirable"
|
||||
return 0
|
||||
fi
|
||||
mysql_note "MariaDB upgrade not required"
|
||||
return 1
|
||||
}
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 1 07:37:43 UTC 2024 - Dan Čermák <dcermak@suse.com>
|
||||
|
||||
- Update entrypoint: add support for setting memory limits and refactor healthcheck user creation
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák <dcermak@suse.com>
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user