pool/mariadb-image
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1154216 from devel:BCI:Tumbleweed

Browse Source 
🤖: sync package with devel:BCI:Tumbleweed from OBS

OBS-URL: https://build.opensuse.org/request/show/1154216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mariadb-image?expand=0&rev=6
This commit is contained in:
Ana Guerrero 2024-03-04 20:24:45 +00:00 committed by Git OBS Bridge
commit 62bca4f360
2 changed files with 76 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
docker-entrypoint.sh
View File

@ -205,6 +205,15 @@ docker_create_db_directories() {
find "$DATADIR" \! -user mysql -exec chown mysql: '{}' + find "$DATADIR" \! -user mysql -exec chown mysql: '{}' +
# See https://github.com/MariaDB/mariadb-docker/issues/363 # See https://github.com/MariaDB/mariadb-docker/issues/363
find "${SOCKET%/*}" -maxdepth 0 \! -user mysql -exec chown mysql: '{}' \; find "${SOCKET%/*}" -maxdepth 0 \! -user mysql -exec chown mysql: '{}' \;
# memory.pressure
local cgroup; cgroup=$(</proc/self/cgroup)
local mempressure="/sys/fs/cgroup/${cgroup:3}/memory.pressure"
if [ -w "$mempressure" ]; then
chown mysql: "$mempressure" || mysql_warn "unable to change ownership of $mempressure, functionality unavailable to MariaDB"
else
mysql_warn "$mempressure not writable, functionality unavailable to MariaDB"
fi
fi fi
} }
@ -309,12 +318,35 @@ create_replica_user() {
else else
# SQL escape the user password, \ followed by ' # SQL escape the user password, \ followed by '
local userPasswordEscaped local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" ) userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';" echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';" echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
} }
# Create healthcheck users
create_healthcheck_users() {
local healthCheckGrant=USAGE
local healthCheckConnectPass
local healthCheckConnectPassEscaped
healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
healthCheckConnectPassEscaped=$(docker_sql_escape_string_literal "${healthCheckConnectPass}")
if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
fi
for host in 127.0.0.1 ::1 localhost; do
echo "CREATE USER IF NOT EXISTS healthcheck@'$host' IDENTIFIED BY '$healthCheckConnectPassEscaped';"
# doing this so if the users exists, we're just setting the password, and not replacing the existing grants
echo "SET PASSWORD FOR healthcheck@'$host' = PASSWORD('$healthCheckConnectPassEscaped');"
echo "GRANT $healthCheckGrant ON *.* TO healthcheck@'$host';"
done
local maskPreserve
maskPreserve=$(umask -p)
umask 0077
echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf
$maskPreserve
}
# Initializes database with timezone info and root password, plus optional extra db/user # Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() { docker_setup_db() {
# Load timezone info into database # Load timezone info into database
@ -338,7 +370,7 @@ docker_setup_db() {
local rootPasswordEscaped= local rootPasswordEscaped=
if [ -n "$MARIADB_ROOT_PASSWORD" ]; then if [ -n "$MARIADB_ROOT_PASSWORD" ]; then
# Sets root password and creates root users for non-localhost hosts # Sets root password and creates root users for non-localhost hosts
rootPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}" ) rootPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}")
fi fi
# default root to listen for connections from anywhere # default root to listen for connections from anywhere
@ -375,28 +407,8 @@ docker_setup_db() {
fi fi
fi fi
local healthCheckUser local createHealthCheckUsers
local healthCheckGrant=USAGE createHealthCheckUsers=$(create_healthcheck_users)
local healthCheckConnectPass
local healthCheckConnectPassEscaped
healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
healthCheckConnectPassEscaped=$( docker_sql_escape_string_literal "${healthCheckConnectPass}" )
if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
fi
read -r -d '' healthCheckUser <<-EOSQL || true
CREATE USER healthcheck@'127.0.0.1' IDENTIFIED BY '$healthCheckConnectPassEscaped';
CREATE USER healthcheck@'::1' IDENTIFIED BY '$healthCheckConnectPassEscaped';
CREATE USER healthcheck@localhost IDENTIFIED BY '$healthCheckConnectPassEscaped';
GRANT $healthCheckGrant ON *.* TO healthcheck@'127.0.0.1';
GRANT $healthCheckGrant ON *.* TO healthcheck@'::1';
GRANT $healthCheckGrant ON *.* TO healthcheck@localhost;
EOSQL
local maskPreserve
maskPreserve=$(umask -p)
umask 0077
echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf
$maskPreserve
local rootLocalhostPass= local rootLocalhostPass=
if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then
@ -420,7 +432,7 @@ docker_setup_db() {
else else
# SQL escape the user password, \ followed by ' # SQL escape the user password, \ followed by '
local userPasswordEscaped local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_PASSWORD}" ) userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_PASSWORD}")
createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';" createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi fi
@ -442,7 +454,7 @@ docker_setup_db() {
else else
# on replica # on replica
local rplPasswordEscaped local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" ) rplPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
# SC cannot follow how MARIADB_MASTER_PORT is assigned a default value. # SC cannot follow how MARIADB_MASTER_PORT is assigned a default value.
# shellcheck disable=SC2153 # shellcheck disable=SC2153
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;" changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
@ -467,7 +479,7 @@ docker_setup_db() {
${rootCreate} ${rootCreate}
${mysqlAtLocalhost} ${mysqlAtLocalhost}
${mysqlAtLocalhostGrants} ${mysqlAtLocalhostGrants}
${healthCheckUser} ${createHealthCheckUsers}
-- end of securing system users, rest of init now... -- end of securing system users, rest of init now...
SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin; SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin;
-- create users/databases -- create users/databases
@ -568,7 +580,7 @@ docker_mariadb_backup_system()
docker_mariadb_upgrade() { docker_mariadb_upgrade() {
if [ -z "$MARIADB_AUTO_UPGRADE" ] \ if [ -z "$MARIADB_AUTO_UPGRADE" ] \
|| [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then || [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then
mysql_note "MariaDB upgrade (mysql_upgrade) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting" mysql_note "MariaDB upgrade (mysql_upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
return return
fi fi
mysql_note "Starting temporary server" mysql_note "Starting temporary server"
@ -579,6 +591,33 @@ docker_mariadb_upgrade() {
docker_mariadb_backup_system docker_mariadb_backup_system
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "Creating healthcheck users"
local createHealthCheckUsers
createHealthCheckUsers=$(create_healthcheck_users)
docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
-- Healthcheck users shouldn't be replicated
SET @@SESSION.SQL_LOG_BIN=0;
-- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
FLUSH PRIVILEGES;
$createHealthCheckUsers
EOSQL
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
if _check_if_upgrade_is_needed; then
# need a restart as FLUSH PRIVILEGES isn't reversable
mysql_note "Restarting temporary server for upgrade"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0 \
--skip-slave-start
else
return 0
fi
fi
mysql_note "Starting mariadb-upgrade" mysql_note "Starting mariadb-upgrade"
mysql_upgrade --upgrade-system-tables mysql_upgrade --upgrade-system-tables
mysql_note "Finished mariadb-upgrade" mysql_note "Finished mariadb-upgrade"
@ -604,6 +643,10 @@ _check_if_upgrade_is_needed() {
|| [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then || [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then
return 0 return 0
fi fi
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "MariaDB heathcheck configation file missing, assuming desirable"
return 0
fi
mysql_note "MariaDB upgrade not required" mysql_note "MariaDB upgrade not required"
return 1 return 1
} }

5
mariadb-image.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Mar 1 07:37:43 UTC 2024 - Dan Čermák <dcermak@suse.com>
- Update entrypoint: add support for setting memory limits and refactor healthcheck user creation
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák <dcermak@suse.com> Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák <dcermak@suse.com>