docker-images/mariadb
docker-images/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/mariadb-docker.git synced 2025-04-19 06:02:18 +03:00
Code

Remove 11.6 -eol

Browse Source
This commit is contained in:
Daniel Black 2025-02-14 17:49:52 +11:00
parent 8534470197
commit 91ba0cc702
9 changed files with 0 additions and 2530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
11.6-ubi/Dockerfile
View File

@ -1,113 +0,0 @@
FROM redhat/ubi9-minimal
# user 999/ group 999, that we want to use for compatibility with the ubuntu image.
RUN groupadd --gid 999 -r mysql && \
useradd -r -g mysql mysql --home-dir /var/lib/mysql --uid 999
ENV GOSU_VERSION 1.17
RUN set -eux; \
rpmArch="$(rpm --query --queryformat='%{ARCH}' rpm)"; \
case "$rpmArch" in \
aarch64) dpkgArch='arm64' ;; \
armv7*) dpkgArch='armhf' ;; \
i686) dpkgArch='i386' ;; \
ppc64le) dpkgArch='ppc64el' ;; \
s390x|riscv64) dpkgArch=$rpmArch ;; \
x86_64) dpkgArch='amd64' ;; \
*) echo >&2 "error: unknown/unsupported architecture '$rpmArch'"; exit 1 ;; \
esac; \
curl --fail --location --output /usr/local/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch} ; \
curl --fail --location --output /usr/local/bin/gosu.asc https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc; \
GNUPGHOME="$(mktemp -d)"; \
export GNUPGHOME; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
chmod a+x /usr/local/bin/gosu; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
gosu --version; \
gosu nobody true
COPY --chmod=0644 docker.cnf /etc/my.cnf.d/
COPY MariaDB.repo /etc/yum.repos.d/
# HasRequiredLabel requirement from Red Hat OpenShift Software Certification
# https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html/red_hat_openshift_software_certification_policy_guide/assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction#con-image-metadata-requirements_openshift-sw-cert-policy-container-images
LABEL name="MariaDB Server" \
vendor="MariaDB Community" \
version="11.6.2" \
release="Refer to Annotations org.opencontainers.image.{revision,source}" \
summary="MariaDB Database" \
description="MariaDB Database for relational SQL"
# OCI annotations to image
LABEL org.opencontainers.image.authors="MariaDB Community" \
org.opencontainers.image.title="MariaDB Database" \
org.opencontainers.image.description="MariaDB Database for relational SQL" \
org.opencontainers.image.documentation="https://hub.docker.com/_/mariadb/" \
org.opencontainers.image.base.name="docker.io/redhat/ubi9-minimal" \
org.opencontainers.image.licenses="GPL-2.0" \
org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" \
org.opencontainers.image.vendor="MariaDB Community" \
org.opencontainers.image.version="11.6.2" \
org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker"
# bashbrew-architectures: amd64 arm64v8 ppc64le s390x
ARG MARIADB_VERSION=11.6.2
ENV MARIADB_VERSION=$MARIADB_VERSION
# release-status:Stable
# release-support-type:Short Term Support
# (https://downloads.mariadb.org/rest-api/mariadb/)
# missing pwgen(epel), jemalloc(epel) (as entrypoint/user extensions)
# procps, pv(epel) - missing dependencies of galera sst script
# tzdata re-installed as only a fake version is part of the ubi-minimal base image.
# FF8AD1344597106ECE813B918A3872BF3228467C is the Fedora RPM key
# 177F4010FE56CA3336300305F1656F24C74CD1D8 is the MariaDB Server RPM key
RUN set -eux ; \
curl --fail https://pagure.io/fedora-web/websites/raw/master/f/sites/getfedora.org/static/keys/FF8AD1344597106ECE813B918A3872BF3228467C.txt --output /tmp/epelkey.txt ; \
GNUPGHOME="$(mktemp -d)"; export GNUPGHOME ; \
gpg --batch --import /tmp/epelkey.txt ; \
gpg --batch --armor --export FF8AD1344597106ECE813B918A3872BF3228467C > /tmp/epelkey.txt ; \
rpmkeys --import /tmp/epelkey.txt ; \
curl --fail https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm --output /tmp/epel-release-latest-9.noarch.rpm ; \
rpm -K /tmp/epel-release-latest-9.noarch.rpm ; \
rpm -ivh /tmp/epel-release-latest-9.noarch.rpm ; \
rm /tmp/epelkey.txt /tmp/epel-release-latest-9.noarch.rpm ; \
curl --fail https://supplychain.mariadb.com/MariaDB-Server-GPG-KEY --output /tmp/MariaDB-Server-GPG-KEY ; \
gpg --batch --import /tmp/MariaDB-Server-GPG-KEY; \
gpg --batch --armor --export 177F4010FE56CA3336300305F1656F24C74CD1D8 > /tmp/MariaDB-Server-GPG-KEY ; \
rpmkeys --import /tmp/MariaDB-Server-GPG-KEY ; \
rm -rf "$GNUPGHOME" /tmp/MariaDB-Server-GPG-KEY ; \
unset GNUPGHOME ; \
microdnf update -y ; \
microdnf reinstall -y tzdata ; \
microdnf install -y procps-ng zstd xz jemalloc pwgen pv ; \
mkdir -p /etc/mysql/conf.d /etc/mysql/mariadb.conf.d/ /var/lib/mysql/mysql /run/mariadb /usr/lib64/galera ; \
chmod ugo+rwx,o+t /run/mariadb ; \
microdnf install -y MariaDB-backup-${MARIADB_VERSION} MariaDB-server-${MARIADB_VERSION} ; \
# compatibility with DEB Galera packaging
ln -s /usr/lib64/galera-4/libgalera_smm.so /usr/lib/libgalera_smm.so ; \
# compatibility with RPM Galera packaging
ln -s /usr/lib64/galera-4/libgalera_smm.so /usr/lib64/galera/libgalera_smm.so ; \
microdnf clean all ; \
rmdir /var/lib/mysql/mysql ; \
chown -R mysql:mysql /var/lib/mysql /run/mariadb ; \
mkdir /licenses ; \
ln -s /usr/share/doc/MariaDB-server-${MARIADB_VERSION}/COPYING /licenses/GPL-2 ; \
ln -s /usr/share/licenses /licenses/package-licenses ; \
ln -s Apache-2.0-license /licenses/gosu
VOLUME /var/lib/mysql
RUN mkdir /docker-entrypoint-initdb.d
COPY healthcheck.sh /usr/local/bin/healthcheck.sh
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
USER mysql
EXPOSE 3306
CMD ["mariadbd"]

7
11.6-ubi/MariaDB.repo
View File

@ -1,7 +0,0 @@
[mariadb]
name = MariaDB
#baseurl = https://rpm.mariadb.org/11.6/rhel/$releasever/$basearch
baseurl = https://archive.mariadb.org/mariadb-11.6/yum/rhel/$releasever/$basearch
#microdnf cannot read to the second key here.
#gpgkey=https://archive.mariadb.org/PublicKey
gpgcheck=1

718
11.6-ubi/docker-entrypoint.sh
View File

@ -1,718 +0,0 @@
#!/bin/bash
set -eo pipefail
shopt -s nullglob
# logging functions
mysql_log() {
local type="$1"; shift
printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
}
mysql_note() {
mysql_log Note "$@"
}
mysql_warn() {
mysql_log Warn "$@" >&2
}
mysql_error() {
mysql_log ERROR "$@" >&2
exit 1
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# set MARIADB_xyz from MYSQL_xyz when MARIADB_xyz is unset
# and make them the same value (so user scripts can use either)
_mariadb_file_env() {
local var="$1"; shift
local maria="MARIADB_${var#MYSQL_}"
file_env "$var" "$@"
file_env "$maria" "${!var}"
if [ "${!maria:-}" ]; then
export "$var"="${!maria}"
fi
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions
docker_process_init_files() {
# mysql here for backwards compatibility "${mysql[@]}"
# ShellCheck: mysql appears unused. Verify use (or export if used externally)
# shellcheck disable=SC2034
mysql=( docker_process_sql )
echo
local f
for f; do
case "$f" in
*.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
# https://github.com/docker-library/postgres/pull/452
if [ -x "$f" ]; then
mysql_note "$0: running $f"
"$f"
else
mysql_note "$0: sourcing $f"
# ShellCheck can't follow non-constant source. Use a directive to specify location.
# shellcheck disable=SC1090
. "$f"
fi
;;
*.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
*.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
*.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
*.sql.zst) mysql_note "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;;
*) mysql_warn "$0: ignoring $f" ;;
esac
echo
done
}
# arguments necessary to run "mariadbd --verbose --help" successfully (used for testing configuration validity and for extracting default/configured values)
_verboseHelpArgs=(
--verbose --help
)
mysql_check_config() {
local toRun=( "$@" "${_verboseHelpArgs[@]}" ) errors
if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
mysql_error $'mariadbd failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
fi
}
# Fetch value from server config
# We use mariadbd --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
mysql_get_config() {
local conf="$1"; shift
"$@" "${_verboseHelpArgs[@]}" 2>/dev/null \
| awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
# match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
# Do a temporary startup of the MariaDB server, for init purposes
docker_temp_server_start() {
"$@" --skip-networking --default-time-zone=SYSTEM --socket="${SOCKET}" --wsrep_on=OFF \
--expire-logs-days=0 \
--skip-slave-start \
--loose-innodb_buffer_pool_load_at_startup=0 \
--skip-ssl --ssl-cert='' --ssl-key='' --ssl-ca='' \
&
declare -g MARIADB_PID
MARIADB_PID=$!
mysql_note "Waiting for server startup"
# only use the root password if the database has already been initialized
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=()
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
extraArgs+=( '--dont-use-mysql-root-password' )
fi
local i
for i in {30..0}; do
if docker_process_sql "${extraArgs[@]}" --database=mysql \
--skip-ssl --skip-ssl-verify-server-cert \
<<<'SELECT 1' &> /dev/null; then
break
fi
sleep 1
done
if [ "$i" = 0 ]; then
mysql_error "Unable to start server."
fi
}
# Stop the server. When using a local socket file mariadb-admin will block until
# the shutdown is complete.
docker_temp_server_stop() {
kill "$MARIADB_PID"
wait "$MARIADB_PID"
}
# Verify that the minimally required password settings are set for new databases.
docker_verify_minimum_env() {
# Restoring from backup requires no environment variables
declare -g DATABASE_INIT_FROM_BACKUP
for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
if [ -f "${file}" ]; then
DATABASE_INIT_FROM_BACKUP='true'
return
fi
done
if [ -z "$MARIADB_ROOT_PASSWORD" ] && [ -z "$MARIADB_ROOT_PASSWORD_HASH" ] && [ -z "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] && [ -z "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then
mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MARIADB_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ALLOW_EMPTY_ROOT_PASSWORD and MARIADB_RANDOM_ROOT_PASSWORD'
fi
# More preemptive exclusions of combinations should have been made before *PASSWORD_HASH was added, but for now we don't enforce due to compatibility.
if [ -n "$MARIADB_ROOT_PASSWORD" ] || [ -n "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] || [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ] && [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_ROOT_PASSWORD_HASH and another MARIADB_ROOT_PASSWORD* option."
fi
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
# also ensures permission for user mysql of run as root
docker_create_db_directories() {
local user; user="$(id -u)"
# TODO other directories that are used by default? like /var/lib/mysql-files
# see https://github.com/docker-library/mysql/issues/562
mkdir -p "$DATADIR"
if [ "$user" = "0" ]; then
# this will cause less disk access than `chown -R`
find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \)
# See https://github.com/MariaDB/mariadb-docker/issues/363
if [ "${SOCKET:0:1}" != '@' ]; then # not abstract sockets
find "${SOCKET%/*}" -maxdepth 0 \! -user mysql \( -exec chown mysql: '{}' \; -o -true \)
fi
# memory.pressure
local cgroup; cgroup=$(</proc/self/cgroup)
local mempressure="/sys/fs/cgroup/${cgroup:3}/memory.pressure"
if [ -w "$mempressure" ]; then
chown mysql: "$mempressure" || mysql_warn "unable to change ownership of $mempressure, functionality unavailable to MariaDB"
else
mysql_warn "$mempressure not writable, functionality unavailable to MariaDB"
fi
fi
}
_mariadb_version() {
echo -n "11.6.2-MariaDB"
}
# initializes the database directory
docker_init_database_dir() {
mysql_note "Initializing database files"
installArgs=( --datadir="$DATADIR" --rpm --auth-root-authentication-method=normal )
# "Other options are passed to mariadbd." (so we pass all "mariadbd" arguments directly here)
local mariadbdArgs=()
for arg in "${@:2}"; do
# Check if the argument contains whitespace
if [[ "$arg" =~ [[:space:]] ]]; then
mysql_warn "Not passing argument \'$arg\' to mariadb-install-db because mariadb-install-db does not support arguments with whitespace."
else
mariadbdArgs+=("$arg")
fi
done
mariadb-install-db "${installArgs[@]}" "${mariadbdArgs[@]}" \
--cross-bootstrap \
--skip-test-db \
--old-mode='UTF8_IS_UTF8MB3' \
--default-time-zone=SYSTEM --enforce-storage-engine= \
--skip-log-bin \
--expire-logs-days=0 \
--loose-innodb_buffer_pool_load_at_startup=0 \
--loose-innodb_buffer_pool_dump_at_shutdown=0
mysql_note "Database files initialized"
}
# Loads various settings that are used elsewhere in the script
# This should be called after mysql_check_config, but before any other functions
docker_setup_env() {
# Get config
declare -g DATADIR SOCKET PORT
DATADIR="$(mysql_get_config 'datadir' "$@")"
SOCKET="$(mysql_get_config 'socket' "$@")"
PORT="$(mysql_get_config 'port' "$@")"
# Initialize values that might be stored in a file
_mariadb_file_env 'MYSQL_ROOT_HOST' '%'
_mariadb_file_env 'MYSQL_DATABASE'
_mariadb_file_env 'MYSQL_USER'
_mariadb_file_env 'MYSQL_PASSWORD'
_mariadb_file_env 'MYSQL_ROOT_PASSWORD'
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
export MYSQL_ALLOW_EMPTY_PASSWORD="$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" MARIADB_ALLOW_EMPTY_ROOT_PASSWORD
: "${MARIADB_RANDOM_ROOT_PASSWORD:=${MYSQL_RANDOM_ROOT_PASSWORD:-}}"
export MYSQL_RANDOM_ROOT_PASSWORD="$MARIADB_RANDOM_ROOT_PASSWORD" MARIADB_RANDOM_ROOT_PASSWORD
: "${MARIADB_INITDB_SKIP_TZINFO:=${MYSQL_INITDB_SKIP_TZINFO:-}}"
export MYSQL_INITDB_SKIP_TZINFO="$MARIADB_INITDB_SKIP_TZINFO" MARIADB_INITDB_SKIP_TZINFO
declare -g DATABASE_ALREADY_EXISTS
if [ -d "$DATADIR/mysql" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# Execute the client, use via docker_process_sql to handle root password
docker_exec_client() {
# args sent in can override this db, since they will be later in the command
if [ -n "$MYSQL_DATABASE" ]; then
set -- --database="$MYSQL_DATABASE" "$@"
fi
mariadb --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
}
# Execute sql script, passed via stdin
# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
# ie: docker_process_sql --database=mydb <<<'INSERT ...'
# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
docker_process_sql() {
if [ '--dont-use-mysql-root-password' = "$1" ]; then
shift
MYSQL_PWD='' docker_exec_client "$@"
else
MYSQL_PWD=$MARIADB_ROOT_PASSWORD docker_exec_client "$@"
fi
}
# SQL escape the string $1 to be placed in a string literal.
# escape, \ followed by '
docker_sql_escape_string_literal() {
local newline=$'\n'
local escaped=${1//\\/\\\\}
escaped="${escaped//$newline/\\n}"
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Create healthcheck users
create_healthcheck_users() {
local healthCheckGrant=USAGE
local healthCheckConnectPass
local healthCheckConnectPassEscaped
healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
healthCheckConnectPassEscaped=$(docker_sql_escape_string_literal "${healthCheckConnectPass}")
if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
fi
for host in 127.0.0.1 ::1 localhost; do
echo "CREATE USER IF NOT EXISTS healthcheck@'$host' IDENTIFIED BY '$healthCheckConnectPassEscaped';"
# doing this so if the users exists, we're just setting the password, and not replacing the existing grants
echo "SET PASSWORD FOR healthcheck@'$host' = PASSWORD('$healthCheckConnectPassEscaped');"
echo "GRANT $healthCheckGrant ON *.* TO healthcheck@'$host';"
done
local maskPreserve
maskPreserve=$(umask -p)
umask 0077
echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf
$maskPreserve
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
if [ -z "$MARIADB_INITDB_SKIP_TZINFO" ]; then
# --skip-write-binlog usefully disables binary logging
# but also outputs LOCK TABLES to improve the IO of
# Aria (MDEV-23326) for 10.4+.
mariadb-tzinfo-to-sql --skip-write-binlog /usr/share/zoneinfo \
| docker_process_sql --dont-use-mysql-root-password --database=mysql
# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
fi
# Generate random root password
if [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then
MARIADB_ROOT_PASSWORD="$(pwgen --numerals --capitalize --symbols --remove-chars="'\\" -1 32)"
export MARIADB_ROOT_PASSWORD MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
mysql_note "GENERATED ROOT PASSWORD: $MARIADB_ROOT_PASSWORD"
fi
# Creates root users for non-localhost hosts
local rootCreate=
local rootPasswordEscaped=
if [ -n "$MARIADB_ROOT_PASSWORD" ]; then
# Sets root password and creates root users for non-localhost hosts
rootPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}")
fi
# default root to listen for connections from anywhere
if [ -n "$MARIADB_ROOT_HOST" ] && [ "$MARIADB_ROOT_HOST" != 'localhost' ]; then
# ref "read -d ''", no, we don't care if read finds a terminating character in this heredoc
# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
if [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then
read -r -d '' rootCreate <<-EOSQL || true
CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY PASSWORD '${MARIADB_ROOT_PASSWORD_HASH}' ;
GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
EOSQL
else
read -r -d '' rootCreate <<-EOSQL || true
CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY '${rootPasswordEscaped}' ;
GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
EOSQL
fi
fi
local mysqlAtLocalhost=
local mysqlAtLocalhostGrants=
# Install mysql@localhost user
if [ -n "$MARIADB_MYSQL_LOCALHOST_USER" ]; then
read -r -d '' mysqlAtLocalhost <<-EOSQL || true
CREATE USER mysql@localhost IDENTIFIED VIA unix_socket;
EOSQL
if [ -n "$MARIADB_MYSQL_LOCALHOST_GRANTS" ]; then
if [ "$MARIADB_MYSQL_LOCALHOST_GRANTS" != USAGE ]; then
mysql_warn "Excessive privileges ON *.* TO mysql@localhost facilitates risks to the confidentiality, integrity and availability of data stored"
fi
mysqlAtLocalhostGrants="GRANT ${MARIADB_MYSQL_LOCALHOST_GRANTS} ON *.* TO mysql@localhost;";
fi
fi
local createHealthCheckUsers
createHealthCheckUsers=$(create_healthcheck_users)
local rootLocalhostPass=
if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then
# handle MARIADB_ROOT_PASSWORD_HASH for root@localhost after /docker-entrypoint-initdb.d
rootLocalhostPass="SET PASSWORD FOR 'root'@'localhost'= PASSWORD('${rootPasswordEscaped}');"
fi
local createDatabase=
# Creates a custom database and user if specified
if [ -n "$MARIADB_DATABASE" ]; then
mysql_note "Creating database ${MARIADB_DATABASE}"
createDatabase="CREATE DATABASE IF NOT EXISTS \`$MARIADB_DATABASE\`;"
fi
local createUser=
local userGrants=
if [ -n "$MARIADB_PASSWORD" ] || [ -n "$MARIADB_PASSWORD_HASH" ] && [ -n "$MARIADB_USER" ]; then
mysql_note "Creating user ${MARIADB_USER}"
if [ -n "$MARIADB_PASSWORD_HASH" ]; then
createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_PASSWORD}")
createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
if [ -n "$MARIADB_DATABASE" ]; then
mysql_note "Giving user ${MARIADB_USER} access to schema ${MARIADB_DATABASE}"
userGrants="GRANT ALL ON \`${MARIADB_DATABASE//_/\\_}\`.* TO '$MARIADB_USER'@'%';"
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
# SC cannot follow how MARIADB_MASTER_PORT is assigned a default value.
# shellcheck disable=SC2153
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
docker_process_sql --dont-use-mysql-root-password --database=mysql --binary-mode <<-EOSQL
-- Securing system users shouldn't be replicated
SET @orig_sql_log_bin= @@SESSION.SQL_LOG_BIN;
SET @@SESSION.SQL_LOG_BIN=0;
-- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
DROP USER IF EXISTS root@'127.0.0.1', root@'::1';
EXECUTE IMMEDIATE CONCAT('DROP USER IF EXISTS root@\'', @@hostname,'\'');
${rootLocalhostPass}
${rootCreate}
${mysqlAtLocalhost}
${mysqlAtLocalhostGrants}
${createHealthCheckUsers}
-- end of securing system users, rest of init now...
SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin;
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
EOSQL
}
# create a new installation
docker_mariadb_init()
{
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
if [ -n "$DATABASE_INIT_FROM_BACKUP" ]; then
shopt -s dotglob
for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
mkdir -p "$DATADIR"/.init
tar --auto-compress --extract --file "$file" --directory="$DATADIR"/.init
mariadb-backup --target-dir="$DATADIR"/.init --datadir="$DATADIR"/.restore --move-back
mv "$DATADIR"/.restore/** "$DATADIR"/
if [ -f "$DATADIR/.init/backup-my.cnf" ]; then
mv "$DATADIR/.init/backup-my.cnf" "$DATADIR/.my.cnf"
mysql_note "Adding startup configuration:"
my_print_defaults --defaults-file="$DATADIR/.my.cnf" --mariadbd
fi
rm -rf "$DATADIR"/.init "$DATADIR"/.restore
if [ "$(id -u)" = "0" ]; then
# this will cause less disk access than `chown -R`
find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \)
fi
done
if _check_if_upgrade_is_needed; then
docker_mariadb_upgrade "$@"
fi
return
fi
docker_init_database_dir "$@"
mysql_note "Starting temporary server"
docker_temp_server_start "$@"
mysql_note "Temporary server started."
docker_setup_db
docker_process_init_files /docker-entrypoint-initdb.d/*
# Wait until after /docker-entrypoint-initdb.d is performed before setting
# root@localhost password to a hash we don't know the password for.
if [ -n "${MARIADB_ROOT_PASSWORD_HASH}" ]; then
mysql_note "Setting root@localhost password hash"
docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
SET @@SESSION.SQL_LOG_BIN=0;
SET PASSWORD FOR 'root'@'localhost'= '${MARIADB_ROOT_PASSWORD_HASH}';
EOSQL
fi
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
echo
mysql_note "MariaDB init process done. Ready for start up."
echo
}
# backup the mysql database
docker_mariadb_backup_system()
{
if [ -n "$MARIADB_DISABLE_UPGRADE_BACKUP" ] \
&& [ "$MARIADB_DISABLE_UPGRADE_BACKUP" = 1 ]; then
mysql_note "MariaDB upgrade backup disabled due to \$MARIADB_DISABLE_UPGRADE_BACKUP=1 setting"
return
fi
local backup_db="system_mysql_backup_unknown_version.sql.zst"
local oldfullversion="unknown_version"
if [ -r "$DATADIR"/mariadb_upgrade_info ]; then
read -r -d '' oldfullversion < "$DATADIR"/mariadb_upgrade_info || true
if [ -n "$oldfullversion" ]; then
backup_db="system_mysql_backup_${oldfullversion}.sql.zst"
fi
fi
mysql_note "Backing up system database to $backup_db"
if ! mariadb-dump --skip-lock-tables --replace --databases mysql --socket="${SOCKET}" | zstd > "${DATADIR}/${backup_db}"; then
mysql_error "Unable backup system database for upgrade from $oldfullversion."
fi
mysql_note "Backing up complete"
}
# perform mariadb-upgrade
# backup the mysql database if this is a major upgrade
docker_mariadb_upgrade() {
if [ -z "$MARIADB_AUTO_UPGRADE" ] \
|| [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then
mysql_note "MariaDB upgrade (mariadb-upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
return
fi
mysql_note "Starting temporary server"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0
mysql_note "Temporary server started."
docker_mariadb_backup_system
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "Creating healthcheck users"
local createHealthCheckUsers
createHealthCheckUsers=$(create_healthcheck_users)
docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
-- Healthcheck users shouldn't be replicated
SET @@SESSION.SQL_LOG_BIN=0;
-- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
FLUSH PRIVILEGES;
$createHealthCheckUsers
EOSQL
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
if _check_if_upgrade_is_needed; then
# need a restart as FLUSH PRIVILEGES isn't reversable
mysql_note "Restarting temporary server for upgrade"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0
else
return 0
fi
fi
mysql_note "Starting mariadb-upgrade"
mariadb-upgrade --upgrade-system-tables
mysql_note "Finished mariadb-upgrade"
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
}
_check_if_upgrade_is_needed() {
if [ ! -f "$DATADIR"/mariadb_upgrade_info ]; then
mysql_note "MariaDB upgrade information missing, assuming required"
return 0
fi
local mariadbVersion
mariadbVersion="$(_mariadb_version)"
IFS='.-' read -ra newversion <<<"$mariadbVersion"
IFS='.-' read -ra oldversion < "$DATADIR"/mariadb_upgrade_info || true
if [[ ${#newversion[@]} -lt 2 ]] || [[ ${#oldversion[@]} -lt 2 ]] \
|| [[ ${oldversion[0]} -lt ${newversion[0]} ]] \
|| [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then
return 0
fi
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "MariaDB heathcheck configation file missing, assuming desirable"
return 0
fi
mysql_note "MariaDB upgrade not required"
return 1
}
# check arguments for an option that would cause mariadbd to stop
# return true if there is one
_mysql_want_help() {
local arg
for arg; do
case "$arg" in
-'?'|--help|--print-defaults|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if command starts with an option, prepend mariadbd
if [ "${1:0:1}" = '-' ]; then
set -- mariadbd "$@"
fi
#ENDOFSUBSTITUTIONS
# skip setup if they aren't running mysqld or want an option that stops mysqld
if [ "$1" = 'mariadbd' ] || [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
mysql_note "Entrypoint script for MariaDB Server ${MARIADB_VERSION} started."
mysql_check_config "$@"
# Load various environment variables
docker_setup_env "$@"
docker_create_db_directories
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
exec gosu mysql "${BASH_SOURCE[0]}" "$@"
fi
# there's no database, so it needs to be initialized
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
docker_mariadb_init "$@"
# MDEV-27636 mariadb_upgrade --check-if-upgrade-is-needed cannot be run offline
#elif mariadb-upgrade --check-if-upgrade-is-needed; then
elif _check_if_upgrade_is_needed; then
docker_mariadb_upgrade "$@"
fi
fi
exec "$@"
}
# If we are sourced from elsewhere, don't perform any further actions
if ! _is_sourced; then
_main "$@"
fi

14
11.6-ubi/docker.cnf
View File

@ -1,14 +0,0 @@
# Ubuntu container compatibility
[mariadb]
host-cache-size=0
skip-name-resolve
expire_logs_days=10
[client-server]
socket=/run/mariadb/mariadb.sock
!includedir /etc/mysql/mariadb.conf.d
!includedir /etc/mysql/conf.d

395
11.6-ubi/healthcheck.sh
View File

@ -1,395 +0,0 @@
#!/bin/bash
#
# Healthcheck script for MariaDB
#
# Runs various tests on the MariaDB server to check its health. Pass the tests
# to run as arguments. If all tests succeed, the server is considered healthy,
# otherwise it's not.
#
# Arguments are processed in strict order. Set replication_* options before
# the --replication option. This allows a different set of replication checks
# on different connections.
#
# --su{=|-mysql} is option to run the healthcheck as a different unix user.
# Useful if mysql@localhost user exists with unix socket authentication
# Using this option disregards previous options set, so should usually be the
# first option.
#
# Some tests require SQL privileges.
#
# TEST MINIMUM GRANTS REQUIRED
# connect none*
# innodb_initialized USAGE
# innodb_buffer_pool_loaded USAGE
# galera_online USAGE
# galera_ready USAGE
# replication REPLICATION_CLIENT (<10.5)or REPLICA MONITOR (10.5+)
# mariadbupgrade none, however unix user permissions on datadir
#
# The SQL user used is the default for the mariadb client. This can be the unix user
# if no user(or password) is set in the [mariadb-client] section of a configuration
# file. --defaults-{file,extra-file,group-suffix} can specify a file/configuration
# different from elsewhere.
#
# Note * though denied error message will result in error log without
# any permissions. USAGE recommend to avoid this.
set -eo pipefail
_process_sql()
{
mariadb ${nodefaults:+--no-defaults} \
${def['file']:+--defaults-file=${def['file']}} \
${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \
${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \
--skip-ssl --skip-ssl-verify-server-cert \
--protocol socket \
-B "$@"
}
# TESTS
# CONNECT
#
# Tests that a connection can be made over TCP, the final state
# of the entrypoint and is listening. The authentication used
# isn't tested.
connect()
{
local s
# short cut mechanism, to work with --require-secure-transport
s=$(_process_sql --skip-column-names -e 'select @@skip_networking')
case "$s" in
0|1)
connect_s=$s
return "$s";
;;
esac
# falling back to tcp if there wasn't a connection answer.
s=$(mariadb ${nodefaults:+--no-defaults} \
${def['file']:+--defaults-file=${def['file']}} \
${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \
${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \
--skip-ssl --skip-ssl-verify-server-cert \
-h localhost --protocol tcp \
--skip-column-names --batch --skip-print-query-on-error \
-e 'select @@skip_networking' 2>&1)
case "$s" in
1) # skip-networking=1 (no network)
;&
ERROR\ 2002\ \(HY000\):*)
# cannot connect
connect_s=1
;;
0) # skip-networking=0
;&
ERROR\ 1820\ \(HY000\)*) # password expire
;&
ERROR\ 4151\ \(HY000\):*) # account locked
;&
ERROR\ 1226\ \(42000\)*) # resource limit exceeded
;&
ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*)
# grep access denied and other 28000 client errors - we did connect
connect_s=0
;;
*)
>&2 echo "Unknown error $s"
connect_s=1
;;
esac
return $connect_s
}
# INNODB_INITIALIZED
#
# This tests that the crash recovery of InnoDB has completed
# along with all the other things required to make it to a healthy
# operational state. Note this may return true in the early
# states of initialization. Use with a connect test to avoid
# these false positives.
innodb_initialized()
{
local s
s=$(_process_sql --skip-column-names -e "select 1 from information_schema.ENGINES WHERE engine='innodb' AND support in ('YES', 'DEFAULT', 'ENABLED')")
[ "$s" == 1 ]
}
# INNODB_BUFFER_POOL_LOADED
#
# Tests the load of the innodb buffer pool as been complete
# implies innodb_buffer_pool_load_at_startup=1 (default), or if
# manually SET innodb_buffer_pool_load_now=1
innodb_buffer_pool_loaded()
{
local s
s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='Innodb_buffer_pool_load_status'")
if [[ $s =~ 'load completed' ]]; then
return 0
fi
return 1
}
# GALERA_ONLINE
#
# Tests that the galera node is in the SYNCed state
galera_online()
{
local s
s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_LOCAL_STATE'")
# 4 from https://galeracluster.com/library/documentation/node-states.html#node-state-changes
# not https://xkcd.com/221/
if [[ $s -eq 4 ]]; then
return 0
fi
return 1
}
# GALERA_READY
#
# Tests that the Galera provider is ready.
galera_ready()
{
local s
s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_READY'")
if [ "$s" = "ON" ]; then
return 0
fi
return 1
}
# REPLICATION
#
# Tests the replication has the required set of functions:
# --replication_all -> Checks all replication sources
# --replication_name=n -> sets the multisource connection name tested
# --replication_io -> IO thread is running
# --replication_sql -> SQL thread is running
# --replication_seconds_behind_master=n -> less than or equal this seconds of delay
# --replication_sql_remaining_delay=n -> less than or equal this seconds of remaining delay
# (ref: https://mariadb.com/kb/en/delayed-replication/)
replication()
{
# SHOW REPLICA available 10.5+
# https://github.com/koalaman/shellcheck/issues/2383
# shellcheck disable=SC2016,SC2026
_process_sql -e "SHOW ${repl['all']:+all} REPLICA${repl['all']:+S} ${repl['name']:+'${repl['name']}'} STATUS\G" | \
{
# required for trim of leading space.
shopt -s extglob
# Row header
read -t 5 -r
# read timeout
[ $? -gt 128 ] && return 1
while IFS=":" read -t 1 -r n v; do
# Trim leading space
n=${n##+([[:space:]])}
# Leading space on all values by the \G format needs to be trimmed.
v=${v:1}
case "$n" in
Slave_IO_Running)
if [ -n "${repl['io']}" ] && [ "$v" = 'No' ]; then
return 1
fi
;;
Slave_SQL_Running)
if [ -n "${repl['sql']}" ] && [ "$v" = 'No' ]; then
return 1
fi
;;
Seconds_Behind_Master)
# A NULL value is the IO thread not running:
if [ -n "${repl['seconds_behind_master']}" ] &&
{ [ "$v" = NULL ] ||
(( "${repl['seconds_behind_master']}" < "$v" )); }; then
return 1
fi
;;
SQL_Remaining_Delay)
# Unlike Seconds_Behind_Master, sql_remaining_delay will hit NULL
# once replication is caught up - https://mariadb.com/kb/en/delayed-replication/
if [ -n "${repl['sql_remaining_delay']}" ] &&
[ "$v" != NULL ] &&
(( "${repl['sql_remaining_delay']}" < "$v" )); then
return 1
fi
;;
esac
done
# read timeout
[ $? -gt 128 ] && return 1
return 0
}
# reachable in command not found(?)
# shellcheck disable=SC2317
return $?
}
# mariadbupgrade
#
# Test the lock on the file $datadir/mariadb_upgrade_info
# https://jira.mariadb.org/browse/MDEV-27068
mariadbupgrade()
{
local f="$datadir/mariadb_upgrade_info"
if [ -r "$f" ]; then
flock --exclusive --nonblock -n 9 9<"$f"
return $?
fi
return 0
}
# MAIN
if [ $# -eq 0 ]; then
echo "At least one argument required" >&2
exit 1
fi
#ENDOFSUBSTITUTIONS
# Marks the end of mysql -> mariadb name changes in 10.6+
# Global variables used by tests
declare -A repl
declare -A def
nodefaults=
connect_s=
datadir=/var/lib/mysql
if [ -f $datadir/.my-healthcheck.cnf ]; then
def['extra_file']=$datadir/.my-healthcheck.cnf
fi
_repl_param_check()
{
case "$1" in
seconds_behind_master) ;&
sql_remaining_delay)
if [ -z "${repl['io']}" ]; then
repl['io']=1
echo "Forcing --replication_io=1, $1 requires IO thread to be running" >&2
fi
;;
all)
if [ -n "${repl['name']}" ]; then
unset 'repl[name]'
echo "Option --replication_all incompatible with specified source --replication_name, clearing replication_name" >&2
fi
;;
name)
if [ -n "${repl['all']}" ]; then
unset 'repl[all]'
echo "Option --replication_name incompatible with --replication_all, clearing replication_all" >&2
fi
;;
esac
}
_test_exists() {
declare -F "$1" > /dev/null
return $?
}
while [ $# -gt 0 ]; do
case "$1" in
--su=*)
u="${1#*=}"
shift
exec gosu "${u}" "${BASH_SOURCE[0]}" "$@"
;;
--su)
shift
u=$1
shift
exec gosu "$u" "${BASH_SOURCE[0]}" "$@"
;;
--su-mysql)
shift
exec gosu mysql "${BASH_SOURCE[0]}" "$@"
;;
--replication_*=*)
# Change the n to what is between _ and = and make lower case
n=${1#*_}
n=${n%%=*}
n=${n,,*}
# v is after the =
v=${1#*=}
repl[$n]=$v
_repl_param_check "$n"
;;
--replication_*)
# Without =, look for a non --option next as the value,
# otherwise treat it as an "enable", just equate to 1.
# Clearing option is possible with "--replication_X="
n=${1#*_}
n=${n,,*}
if [ "${2:0:2}" == '--' ]; then
repl[$n]=1
else
repl[$n]=$2
shift
fi
_repl_param_check "$n"
;;
--datadir=*)
datadir=${1#*=}
;;
--datadir)
shift
datadir=${1}
;;
--no-defaults)
def=()
nodefaults=1
;;
--defaults-file=*|--defaults-extra-file=*|--defaults-group-suffix=*)
n=${1:11} # length --defaults-
n=${n%%=*}
n=${n//-/_}
# v is after the =
v=${1#*=}
def[$n]=$v
nodefaults=
;;
--defaults-file|--defaults-extra-file|--defaults-group-suffix)
n=${1:11} # length --defaults-
n=${n//-/_}
if [ "${2:0:2}" == '--' ]; then
def[$n]=""
else
def[$n]=$2
shift
fi
nodefaults=
;;
--no-connect)
# used for /docker-entrypoint-initdb.d scripts
# where you definately don't want a connection test
connect_s=0
;;
--*)
test=${1#--}
;;
*)
echo "Unknown healthcheck option $1" >&2
exit 1
esac
if [ -n "$test" ]; then
if ! _test_exists "$test" ; then
echo "healthcheck unknown option or test '$test'" >&2
exit 1
elif ! "$test"; then
echo "healthcheck $test failed" >&2
exit 1
fi
test=
fi
shift
done
if [ "$connect_s" != "0" ]; then
# we didn't pass a connnect test, so the current success status is suspicious
# return what connect thinks.
connect
exit $?
fi

142
11.6/Dockerfile
View File

@ -1,142 +0,0 @@
# vim:set ft=dockerfile:
FROM ubuntu:noble
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql --home-dir /var/lib/mysql && userdel --remove ubuntu
# add gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
# gosu key is B42F6819007F00F88E364FD4036A9C25BF357DD4
ENV GOSU_VERSION 1.17
ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8
# pub rsa4096 2016-03-30 [SC]
# 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8
# uid [ unknown] MariaDB Signing Key <signing-key@mariadb.org>
# sub rsa4096 2016-03-30 [E]
# install "libjemalloc2" as it offers better performance in some cases. Use with LD_PRELOAD
# install "pwgen" for randomizing passwords
# install "tzdata" for /usr/share/zoneinfo/
# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files
# install "zstd" for .sql.zst docker-entrypoint-initdb.d files
# hadolint ignore=SC2086
RUN set -eux; \
apt-get update; \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates \
gpg \
gpgv \
libjemalloc2 \
pwgen \
tzdata \
xz-utils \
zstd ; \
savedAptMark="$(apt-mark showmanual)"; \
apt-get install -y --no-install-recommends \
dirmngr \
gpg-agent \
wget; \
rm -rf /var/lib/apt/lists/*; \
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -q -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -q -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
GNUPGHOME="$(mktemp -d)"; \
export GNUPGHOME; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
for key in $GPG_KEYS; do \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
done; \
gpg --batch --export "$GPG_KEYS" > /etc/apt/trusted.gpg.d/mariadb.gpg; \
if command -v gpgconf >/dev/null; then \
gpgconf --kill all; \
fi; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
apt-mark auto '.*' > /dev/null; \
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark >/dev/null; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true
RUN mkdir /docker-entrypoint-initdb.d
# Ensure the container exec commands handle range of utf8 characters based of
# default locales in base image (https://github.com/docker-library/docs/blob/135b79cc8093ab02e55debb61fdb079ab2dbce87/ubuntu/README.md#locales)
ENV LANG C.UTF-8
# OCI annotations to image
LABEL org.opencontainers.image.authors="MariaDB Community" \
org.opencontainers.image.title="MariaDB Database" \
org.opencontainers.image.description="MariaDB Database for relational SQL" \
org.opencontainers.image.documentation="https://hub.docker.com/_/mariadb/" \
org.opencontainers.image.base.name="docker.io/library/ubuntu:noble" \
org.opencontainers.image.licenses="GPL-2.0" \
org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" \
org.opencontainers.image.vendor="MariaDB Community" \
org.opencontainers.image.version="11.6.2" \
org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker"
# bashbrew-architectures: amd64 arm64v8 ppc64le s390x
ARG MARIADB_VERSION=1:11.6.2+maria~ubu2404
ENV MARIADB_VERSION $MARIADB_VERSION
# release-status:Stable
# release-support-type:Short Term Support
# (https://downloads.mariadb.org/rest-api/mariadb/)
# Allowing overriding of REPOSITORY, a URL that includes suite and component for testing and Enterprise Versions
ARG REPOSITORY="http://archive.mariadb.org/mariadb-11.6.2/repo/ubuntu/ noble main main/debug"
RUN set -e;\
echo "deb ${REPOSITORY}" > /etc/apt/sources.list.d/mariadb.list; \
{ \
echo 'Package: *'; \
echo 'Pin: release o=MariaDB'; \
echo 'Pin-Priority: 999'; \
} > /etc/apt/preferences.d/mariadb
# add repository pinning to make sure dependencies from this MariaDB repo are preferred over Debian dependencies
# libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed
# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
# hadolint ignore=DL3015
RUN set -ex; \
{ \
echo "mariadb-server" mysql-server/root_password password 'unused'; \
echo "mariadb-server" mysql-server/root_password_again password 'unused'; \
} | debconf-set-selections; \
apt-get update; \
# postinst script creates a datadir, so avoid creating it by faking its existance.
mkdir -p /var/lib/mysql/mysql ; touch /var/lib/mysql/mysql/user.frm ; \
# mariadb-backup is installed at the same time so that `mysql-common` is only installed once from just mariadb repos
apt-get install -y --no-install-recommends mariadb-server="$MARIADB_VERSION" mariadb-backup socat \
; \
rm -rf /var/lib/apt/lists/*; \
# purge and re-create /var/lib/mysql with appropriate ownership
rm -rf /var/lib/mysql; \
mkdir -p /var/lib/mysql /run/mysqld; \
chown -R mysql:mysql /var/lib/mysql /run/mysqld; \
# ensure that /run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
chmod 1777 /run/mysqld; \
# comment out a few problematic configuration values
find /etc/mysql/ -name '*.cnf' -print0 \
| xargs -0 grep -lZE '^(bind-address|log|user\s)' \
| xargs -rt -0 sed -Ei 's/^(bind-address|log|user\s)/#&/'; \
# don't reverse lookup hostnames, they are usually another container
printf "[mariadb]\nhost-cache-size=0\nskip-name-resolve\n" > /etc/mysql/mariadb.conf.d/05-skipcache.cnf; \
# Issue #327 Correct order of reading directories /etc/mysql/mariadb.conf.d before /etc/mysql/conf.d (mount-point per documentation)
if [ -L /etc/mysql/my.cnf ]; then \
# 10.5+
sed -i -e '/includedir/ {N;s/\(.*\)\n\(.*\)/\n\2\n\1/}' /etc/mysql/mariadb.cnf; \
fi
VOLUME /var/lib/mysql
COPY healthcheck.sh /usr/local/bin/healthcheck.sh
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 3306
CMD ["mariadbd"]

718
11.6/docker-entrypoint.sh
View File

@ -1,718 +0,0 @@
#!/bin/bash
set -eo pipefail
shopt -s nullglob
# logging functions
mysql_log() {
local type="$1"; shift
printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
}
mysql_note() {
mysql_log Note "$@"
}
mysql_warn() {
mysql_log Warn "$@" >&2
}
mysql_error() {
mysql_log ERROR "$@" >&2
exit 1
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# set MARIADB_xyz from MYSQL_xyz when MARIADB_xyz is unset
# and make them the same value (so user scripts can use either)
_mariadb_file_env() {
local var="$1"; shift
local maria="MARIADB_${var#MYSQL_}"
file_env "$var" "$@"
file_env "$maria" "${!var}"
if [ "${!maria:-}" ]; then
export "$var"="${!maria}"
fi
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions
docker_process_init_files() {
# mysql here for backwards compatibility "${mysql[@]}"
# ShellCheck: mysql appears unused. Verify use (or export if used externally)
# shellcheck disable=SC2034
mysql=( docker_process_sql )
echo
local f
for f; do
case "$f" in
*.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
# https://github.com/docker-library/postgres/pull/452
if [ -x "$f" ]; then
mysql_note "$0: running $f"
"$f"
else
mysql_note "$0: sourcing $f"
# ShellCheck can't follow non-constant source. Use a directive to specify location.
# shellcheck disable=SC1090
. "$f"
fi
;;
*.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
*.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
*.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
*.sql.zst) mysql_note "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;;
*) mysql_warn "$0: ignoring $f" ;;
esac
echo
done
}
# arguments necessary to run "mariadbd --verbose --help" successfully (used for testing configuration validity and for extracting default/configured values)
_verboseHelpArgs=(
--verbose --help
)
mysql_check_config() {
local toRun=( "$@" "${_verboseHelpArgs[@]}" ) errors
if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
mysql_error $'mariadbd failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
fi
}
# Fetch value from server config
# We use mariadbd --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
mysql_get_config() {
local conf="$1"; shift
"$@" "${_verboseHelpArgs[@]}" 2>/dev/null \
| awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
# match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
# Do a temporary startup of the MariaDB server, for init purposes
docker_temp_server_start() {
"$@" --skip-networking --default-time-zone=SYSTEM --socket="${SOCKET}" --wsrep_on=OFF \
--expire-logs-days=0 \
--skip-slave-start \
--loose-innodb_buffer_pool_load_at_startup=0 \
--skip-ssl --ssl-cert='' --ssl-key='' --ssl-ca='' \
&
declare -g MARIADB_PID
MARIADB_PID=$!
mysql_note "Waiting for server startup"
# only use the root password if the database has already been initialized
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=()
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
extraArgs+=( '--dont-use-mysql-root-password' )
fi
local i
for i in {30..0}; do
if docker_process_sql "${extraArgs[@]}" --database=mysql \
--skip-ssl --skip-ssl-verify-server-cert \
<<<'SELECT 1' &> /dev/null; then
break
fi
sleep 1
done
if [ "$i" = 0 ]; then
mysql_error "Unable to start server."
fi
}
# Stop the server. When using a local socket file mariadb-admin will block until
# the shutdown is complete.
docker_temp_server_stop() {
kill "$MARIADB_PID"
wait "$MARIADB_PID"
}
# Verify that the minimally required password settings are set for new databases.
docker_verify_minimum_env() {
# Restoring from backup requires no environment variables
declare -g DATABASE_INIT_FROM_BACKUP
for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
if [ -f "${file}" ]; then
DATABASE_INIT_FROM_BACKUP='true'
return
fi
done
if [ -z "$MARIADB_ROOT_PASSWORD" ] && [ -z "$MARIADB_ROOT_PASSWORD_HASH" ] && [ -z "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] && [ -z "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then
mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MARIADB_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ALLOW_EMPTY_ROOT_PASSWORD and MARIADB_RANDOM_ROOT_PASSWORD'
fi
# More preemptive exclusions of combinations should have been made before *PASSWORD_HASH was added, but for now we don't enforce due to compatibility.
if [ -n "$MARIADB_ROOT_PASSWORD" ] || [ -n "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] || [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ] && [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_ROOT_PASSWORD_HASH and another MARIADB_ROOT_PASSWORD* option."
fi
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
# also ensures permission for user mysql of run as root
docker_create_db_directories() {
local user; user="$(id -u)"
# TODO other directories that are used by default? like /var/lib/mysql-files
# see https://github.com/docker-library/mysql/issues/562
mkdir -p "$DATADIR"
if [ "$user" = "0" ]; then
# this will cause less disk access than `chown -R`
find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \)
# See https://github.com/MariaDB/mariadb-docker/issues/363
if [ "${SOCKET:0:1}" != '@' ]; then # not abstract sockets
find "${SOCKET%/*}" -maxdepth 0 \! -user mysql \( -exec chown mysql: '{}' \; -o -true \)
fi
# memory.pressure
local cgroup; cgroup=$(</proc/self/cgroup)
local mempressure="/sys/fs/cgroup/${cgroup:3}/memory.pressure"
if [ -w "$mempressure" ]; then
chown mysql: "$mempressure" || mysql_warn "unable to change ownership of $mempressure, functionality unavailable to MariaDB"
else
mysql_warn "$mempressure not writable, functionality unavailable to MariaDB"
fi
fi
}
_mariadb_version() {
echo -n "11.6.2-MariaDB"
}
# initializes the database directory
docker_init_database_dir() {
mysql_note "Initializing database files"
installArgs=( --datadir="$DATADIR" --rpm --auth-root-authentication-method=normal )
# "Other options are passed to mariadbd." (so we pass all "mariadbd" arguments directly here)
local mariadbdArgs=()
for arg in "${@:2}"; do
# Check if the argument contains whitespace
if [[ "$arg" =~ [[:space:]] ]]; then
mysql_warn "Not passing argument \'$arg\' to mariadb-install-db because mariadb-install-db does not support arguments with whitespace."
else
mariadbdArgs+=("$arg")
fi
done
mariadb-install-db "${installArgs[@]}" "${mariadbdArgs[@]}" \
--cross-bootstrap \
--skip-test-db \
--old-mode='UTF8_IS_UTF8MB3' \
--default-time-zone=SYSTEM --enforce-storage-engine= \
--skip-log-bin \
--expire-logs-days=0 \
--loose-innodb_buffer_pool_load_at_startup=0 \
--loose-innodb_buffer_pool_dump_at_shutdown=0
mysql_note "Database files initialized"
}
# Loads various settings that are used elsewhere in the script
# This should be called after mysql_check_config, but before any other functions
docker_setup_env() {
# Get config
declare -g DATADIR SOCKET PORT
DATADIR="$(mysql_get_config 'datadir' "$@")"
SOCKET="$(mysql_get_config 'socket' "$@")"
PORT="$(mysql_get_config 'port' "$@")"
# Initialize values that might be stored in a file
_mariadb_file_env 'MYSQL_ROOT_HOST' '%'
_mariadb_file_env 'MYSQL_DATABASE'
_mariadb_file_env 'MYSQL_USER'
_mariadb_file_env 'MYSQL_PASSWORD'
_mariadb_file_env 'MYSQL_ROOT_PASSWORD'
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
export MYSQL_ALLOW_EMPTY_PASSWORD="$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" MARIADB_ALLOW_EMPTY_ROOT_PASSWORD
: "${MARIADB_RANDOM_ROOT_PASSWORD:=${MYSQL_RANDOM_ROOT_PASSWORD:-}}"
export MYSQL_RANDOM_ROOT_PASSWORD="$MARIADB_RANDOM_ROOT_PASSWORD" MARIADB_RANDOM_ROOT_PASSWORD
: "${MARIADB_INITDB_SKIP_TZINFO:=${MYSQL_INITDB_SKIP_TZINFO:-}}"
export MYSQL_INITDB_SKIP_TZINFO="$MARIADB_INITDB_SKIP_TZINFO" MARIADB_INITDB_SKIP_TZINFO
declare -g DATABASE_ALREADY_EXISTS
if [ -d "$DATADIR/mysql" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# Execute the client, use via docker_process_sql to handle root password
docker_exec_client() {
# args sent in can override this db, since they will be later in the command
if [ -n "$MYSQL_DATABASE" ]; then
set -- --database="$MYSQL_DATABASE" "$@"
fi
mariadb --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
}
# Execute sql script, passed via stdin
# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
# ie: docker_process_sql --database=mydb <<<'INSERT ...'
# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
docker_process_sql() {
if [ '--dont-use-mysql-root-password' = "$1" ]; then
shift
MYSQL_PWD='' docker_exec_client "$@"
else
MYSQL_PWD=$MARIADB_ROOT_PASSWORD docker_exec_client "$@"
fi
}
# SQL escape the string $1 to be placed in a string literal.
# escape, \ followed by '
docker_sql_escape_string_literal() {
local newline=$'\n'
local escaped=${1//\\/\\\\}
escaped="${escaped//$newline/\\n}"
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Create healthcheck users
create_healthcheck_users() {
local healthCheckGrant=USAGE
local healthCheckConnectPass
local healthCheckConnectPassEscaped
healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
healthCheckConnectPassEscaped=$(docker_sql_escape_string_literal "${healthCheckConnectPass}")
if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
fi
for host in 127.0.0.1 ::1 localhost; do
echo "CREATE USER IF NOT EXISTS healthcheck@'$host' IDENTIFIED BY '$healthCheckConnectPassEscaped';"
# doing this so if the users exists, we're just setting the password, and not replacing the existing grants
echo "SET PASSWORD FOR healthcheck@'$host' = PASSWORD('$healthCheckConnectPassEscaped');"
echo "GRANT $healthCheckGrant ON *.* TO healthcheck@'$host';"
done
local maskPreserve
maskPreserve=$(umask -p)
umask 0077
echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf
$maskPreserve
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
if [ -z "$MARIADB_INITDB_SKIP_TZINFO" ]; then
# --skip-write-binlog usefully disables binary logging
# but also outputs LOCK TABLES to improve the IO of
# Aria (MDEV-23326) for 10.4+.
mariadb-tzinfo-to-sql --skip-write-binlog /usr/share/zoneinfo \
| docker_process_sql --dont-use-mysql-root-password --database=mysql
# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
fi
# Generate random root password
if [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then
MARIADB_ROOT_PASSWORD="$(pwgen --numerals --capitalize --symbols --remove-chars="'\\" -1 32)"
export MARIADB_ROOT_PASSWORD MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
mysql_note "GENERATED ROOT PASSWORD: $MARIADB_ROOT_PASSWORD"
fi
# Creates root users for non-localhost hosts
local rootCreate=
local rootPasswordEscaped=
if [ -n "$MARIADB_ROOT_PASSWORD" ]; then
# Sets root password and creates root users for non-localhost hosts
rootPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}")
fi
# default root to listen for connections from anywhere
if [ -n "$MARIADB_ROOT_HOST" ] && [ "$MARIADB_ROOT_HOST" != 'localhost' ]; then
# ref "read -d ''", no, we don't care if read finds a terminating character in this heredoc
# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
if [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then
read -r -d '' rootCreate <<-EOSQL || true
CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY PASSWORD '${MARIADB_ROOT_PASSWORD_HASH}' ;
GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
EOSQL
else
read -r -d '' rootCreate <<-EOSQL || true
CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY '${rootPasswordEscaped}' ;
GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
EOSQL
fi
fi
local mysqlAtLocalhost=
local mysqlAtLocalhostGrants=
# Install mysql@localhost user
if [ -n "$MARIADB_MYSQL_LOCALHOST_USER" ]; then
read -r -d '' mysqlAtLocalhost <<-EOSQL || true
CREATE USER mysql@localhost IDENTIFIED VIA unix_socket;
EOSQL
if [ -n "$MARIADB_MYSQL_LOCALHOST_GRANTS" ]; then
if [ "$MARIADB_MYSQL_LOCALHOST_GRANTS" != USAGE ]; then
mysql_warn "Excessive privileges ON *.* TO mysql@localhost facilitates risks to the confidentiality, integrity and availability of data stored"
fi
mysqlAtLocalhostGrants="GRANT ${MARIADB_MYSQL_LOCALHOST_GRANTS} ON *.* TO mysql@localhost;";
fi
fi
local createHealthCheckUsers
createHealthCheckUsers=$(create_healthcheck_users)
local rootLocalhostPass=
if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then
# handle MARIADB_ROOT_PASSWORD_HASH for root@localhost after /docker-entrypoint-initdb.d
rootLocalhostPass="SET PASSWORD FOR 'root'@'localhost'= PASSWORD('${rootPasswordEscaped}');"
fi
local createDatabase=
# Creates a custom database and user if specified
if [ -n "$MARIADB_DATABASE" ]; then
mysql_note "Creating database ${MARIADB_DATABASE}"
createDatabase="CREATE DATABASE IF NOT EXISTS \`$MARIADB_DATABASE\`;"
fi
local createUser=
local userGrants=
if [ -n "$MARIADB_PASSWORD" ] || [ -n "$MARIADB_PASSWORD_HASH" ] && [ -n "$MARIADB_USER" ]; then
mysql_note "Creating user ${MARIADB_USER}"
if [ -n "$MARIADB_PASSWORD_HASH" ]; then
createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_PASSWORD}")
createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
if [ -n "$MARIADB_DATABASE" ]; then
mysql_note "Giving user ${MARIADB_USER} access to schema ${MARIADB_DATABASE}"
userGrants="GRANT ALL ON \`${MARIADB_DATABASE//_/\\_}\`.* TO '$MARIADB_USER'@'%';"
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
# SC cannot follow how MARIADB_MASTER_PORT is assigned a default value.
# shellcheck disable=SC2153
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
docker_process_sql --dont-use-mysql-root-password --database=mysql --binary-mode <<-EOSQL
-- Securing system users shouldn't be replicated
SET @orig_sql_log_bin= @@SESSION.SQL_LOG_BIN;
SET @@SESSION.SQL_LOG_BIN=0;
-- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
DROP USER IF EXISTS root@'127.0.0.1', root@'::1';
EXECUTE IMMEDIATE CONCAT('DROP USER IF EXISTS root@\'', @@hostname,'\'');
${rootLocalhostPass}
${rootCreate}
${mysqlAtLocalhost}
${mysqlAtLocalhostGrants}
${createHealthCheckUsers}
-- end of securing system users, rest of init now...
SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin;
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
EOSQL
}
# create a new installation
docker_mariadb_init()
{
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
if [ -n "$DATABASE_INIT_FROM_BACKUP" ]; then
shopt -s dotglob
for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
mkdir -p "$DATADIR"/.init
tar --auto-compress --extract --file "$file" --directory="$DATADIR"/.init
mariadb-backup --target-dir="$DATADIR"/.init --datadir="$DATADIR"/.restore --move-back
mv "$DATADIR"/.restore/** "$DATADIR"/
if [ -f "$DATADIR/.init/backup-my.cnf" ]; then
mv "$DATADIR/.init/backup-my.cnf" "$DATADIR/.my.cnf"
mysql_note "Adding startup configuration:"
my_print_defaults --defaults-file="$DATADIR/.my.cnf" --mariadbd
fi
rm -rf "$DATADIR"/.init "$DATADIR"/.restore
if [ "$(id -u)" = "0" ]; then
# this will cause less disk access than `chown -R`
find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \)
fi
done
if _check_if_upgrade_is_needed; then
docker_mariadb_upgrade "$@"
fi
return
fi
docker_init_database_dir "$@"
mysql_note "Starting temporary server"
docker_temp_server_start "$@"
mysql_note "Temporary server started."
docker_setup_db
docker_process_init_files /docker-entrypoint-initdb.d/*
# Wait until after /docker-entrypoint-initdb.d is performed before setting
# root@localhost password to a hash we don't know the password for.
if [ -n "${MARIADB_ROOT_PASSWORD_HASH}" ]; then
mysql_note "Setting root@localhost password hash"
docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
SET @@SESSION.SQL_LOG_BIN=0;
SET PASSWORD FOR 'root'@'localhost'= '${MARIADB_ROOT_PASSWORD_HASH}';
EOSQL
fi
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
echo
mysql_note "MariaDB init process done. Ready for start up."
echo
}
# backup the mysql database
docker_mariadb_backup_system()
{
if [ -n "$MARIADB_DISABLE_UPGRADE_BACKUP" ] \
&& [ "$MARIADB_DISABLE_UPGRADE_BACKUP" = 1 ]; then
mysql_note "MariaDB upgrade backup disabled due to \$MARIADB_DISABLE_UPGRADE_BACKUP=1 setting"
return
fi
local backup_db="system_mysql_backup_unknown_version.sql.zst"
local oldfullversion="unknown_version"
if [ -r "$DATADIR"/mariadb_upgrade_info ]; then
read -r -d '' oldfullversion < "$DATADIR"/mariadb_upgrade_info || true
if [ -n "$oldfullversion" ]; then
backup_db="system_mysql_backup_${oldfullversion}.sql.zst"
fi
fi
mysql_note "Backing up system database to $backup_db"
if ! mariadb-dump --skip-lock-tables --replace --databases mysql --socket="${SOCKET}" | zstd > "${DATADIR}/${backup_db}"; then
mysql_error "Unable backup system database for upgrade from $oldfullversion."
fi
mysql_note "Backing up complete"
}
# perform mariadb-upgrade
# backup the mysql database if this is a major upgrade
docker_mariadb_upgrade() {
if [ -z "$MARIADB_AUTO_UPGRADE" ] \
|| [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then
mysql_note "MariaDB upgrade (mariadb-upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
return
fi
mysql_note "Starting temporary server"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0
mysql_note "Temporary server started."
docker_mariadb_backup_system
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "Creating healthcheck users"
local createHealthCheckUsers
createHealthCheckUsers=$(create_healthcheck_users)
docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
-- Healthcheck users shouldn't be replicated
SET @@SESSION.SQL_LOG_BIN=0;
-- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
FLUSH PRIVILEGES;
$createHealthCheckUsers
EOSQL
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
if _check_if_upgrade_is_needed; then
# need a restart as FLUSH PRIVILEGES isn't reversable
mysql_note "Restarting temporary server for upgrade"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0
else
return 0
fi
fi
mysql_note "Starting mariadb-upgrade"
mariadb-upgrade --upgrade-system-tables
mysql_note "Finished mariadb-upgrade"
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
}
_check_if_upgrade_is_needed() {
if [ ! -f "$DATADIR"/mariadb_upgrade_info ]; then
mysql_note "MariaDB upgrade information missing, assuming required"
return 0
fi
local mariadbVersion
mariadbVersion="$(_mariadb_version)"
IFS='.-' read -ra newversion <<<"$mariadbVersion"
IFS='.-' read -ra oldversion < "$DATADIR"/mariadb_upgrade_info || true
if [[ ${#newversion[@]} -lt 2 ]] || [[ ${#oldversion[@]} -lt 2 ]] \
|| [[ ${oldversion[0]} -lt ${newversion[0]} ]] \
|| [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then
return 0
fi
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "MariaDB heathcheck configation file missing, assuming desirable"
return 0
fi
mysql_note "MariaDB upgrade not required"
return 1
}
# check arguments for an option that would cause mariadbd to stop
# return true if there is one
_mysql_want_help() {
local arg
for arg; do
case "$arg" in
-'?'|--help|--print-defaults|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if command starts with an option, prepend mariadbd
if [ "${1:0:1}" = '-' ]; then
set -- mariadbd "$@"
fi
#ENDOFSUBSTITUTIONS
# skip setup if they aren't running mysqld or want an option that stops mysqld
if [ "$1" = 'mariadbd' ] || [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
mysql_note "Entrypoint script for MariaDB Server ${MARIADB_VERSION} started."
mysql_check_config "$@"
# Load various environment variables
docker_setup_env "$@"
docker_create_db_directories
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
exec gosu mysql "${BASH_SOURCE[0]}" "$@"
fi
# there's no database, so it needs to be initialized
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
docker_mariadb_init "$@"
# MDEV-27636 mariadb_upgrade --check-if-upgrade-is-needed cannot be run offline
#elif mariadb-upgrade --check-if-upgrade-is-needed; then
elif _check_if_upgrade_is_needed; then
docker_mariadb_upgrade "$@"
fi
fi
exec "$@"
}
# If we are sourced from elsewhere, don't perform any further actions
if ! _is_sourced; then
_main "$@"
fi

395
11.6/healthcheck.sh
View File

@ -1,395 +0,0 @@
#!/bin/bash
#
# Healthcheck script for MariaDB
#
# Runs various tests on the MariaDB server to check its health. Pass the tests
# to run as arguments. If all tests succeed, the server is considered healthy,
# otherwise it's not.
#
# Arguments are processed in strict order. Set replication_* options before
# the --replication option. This allows a different set of replication checks
# on different connections.
#
# --su{=|-mysql} is option to run the healthcheck as a different unix user.
# Useful if mysql@localhost user exists with unix socket authentication
# Using this option disregards previous options set, so should usually be the
# first option.
#
# Some tests require SQL privileges.
#
# TEST MINIMUM GRANTS REQUIRED
# connect none*
# innodb_initialized USAGE
# innodb_buffer_pool_loaded USAGE
# galera_online USAGE
# galera_ready USAGE
# replication REPLICATION_CLIENT (<10.5)or REPLICA MONITOR (10.5+)
# mariadbupgrade none, however unix user permissions on datadir
#
# The SQL user used is the default for the mariadb client. This can be the unix user
# if no user(or password) is set in the [mariadb-client] section of a configuration
# file. --defaults-{file,extra-file,group-suffix} can specify a file/configuration
# different from elsewhere.
#
# Note * though denied error message will result in error log without
# any permissions. USAGE recommend to avoid this.
set -eo pipefail
_process_sql()
{
mariadb ${nodefaults:+--no-defaults} \
${def['file']:+--defaults-file=${def['file']}} \
${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \
${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \
--skip-ssl --skip-ssl-verify-server-cert \
--protocol socket \
-B "$@"
}
# TESTS
# CONNECT
#
# Tests that a connection can be made over TCP, the final state
# of the entrypoint and is listening. The authentication used
# isn't tested.
connect()
{
local s
# short cut mechanism, to work with --require-secure-transport
s=$(_process_sql --skip-column-names -e 'select @@skip_networking')
case "$s" in
0|1)
connect_s=$s
return "$s";
;;
esac
# falling back to tcp if there wasn't a connection answer.
s=$(mariadb ${nodefaults:+--no-defaults} \
${def['file']:+--defaults-file=${def['file']}} \
${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \
${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \
--skip-ssl --skip-ssl-verify-server-cert \
-h localhost --protocol tcp \
--skip-column-names --batch --skip-print-query-on-error \
-e 'select @@skip_networking' 2>&1)
case "$s" in
1) # skip-networking=1 (no network)
;&
ERROR\ 2002\ \(HY000\):*)
# cannot connect
connect_s=1
;;
0) # skip-networking=0
;&
ERROR\ 1820\ \(HY000\)*) # password expire
;&
ERROR\ 4151\ \(HY000\):*) # account locked
;&
ERROR\ 1226\ \(42000\)*) # resource limit exceeded
;&
ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*)
# grep access denied and other 28000 client errors - we did connect
connect_s=0
;;
*)
>&2 echo "Unknown error $s"
connect_s=1
;;
esac
return $connect_s
}
# INNODB_INITIALIZED
#
# This tests that the crash recovery of InnoDB has completed
# along with all the other things required to make it to a healthy
# operational state. Note this may return true in the early
# states of initialization. Use with a connect test to avoid
# these false positives.
innodb_initialized()
{
local s
s=$(_process_sql --skip-column-names -e "select 1 from information_schema.ENGINES WHERE engine='innodb' AND support in ('YES', 'DEFAULT', 'ENABLED')")
[ "$s" == 1 ]
}
# INNODB_BUFFER_POOL_LOADED
#
# Tests the load of the innodb buffer pool as been complete
# implies innodb_buffer_pool_load_at_startup=1 (default), or if
# manually SET innodb_buffer_pool_load_now=1
innodb_buffer_pool_loaded()
{
local s
s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='Innodb_buffer_pool_load_status'")
if [[ $s =~ 'load completed' ]]; then
return 0
fi
return 1
}
# GALERA_ONLINE
#
# Tests that the galera node is in the SYNCed state
galera_online()
{
local s
s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_LOCAL_STATE'")
# 4 from https://galeracluster.com/library/documentation/node-states.html#node-state-changes
# not https://xkcd.com/221/
if [[ $s -eq 4 ]]; then
return 0
fi
return 1
}
# GALERA_READY
#
# Tests that the Galera provider is ready.
galera_ready()
{
local s
s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_READY'")
if [ "$s" = "ON" ]; then
return 0
fi
return 1
}
# REPLICATION
#
# Tests the replication has the required set of functions:
# --replication_all -> Checks all replication sources
# --replication_name=n -> sets the multisource connection name tested
# --replication_io -> IO thread is running
# --replication_sql -> SQL thread is running
# --replication_seconds_behind_master=n -> less than or equal this seconds of delay
# --replication_sql_remaining_delay=n -> less than or equal this seconds of remaining delay
# (ref: https://mariadb.com/kb/en/delayed-replication/)
replication()
{
# SHOW REPLICA available 10.5+
# https://github.com/koalaman/shellcheck/issues/2383
# shellcheck disable=SC2016,SC2026
_process_sql -e "SHOW ${repl['all']:+all} REPLICA${repl['all']:+S} ${repl['name']:+'${repl['name']}'} STATUS\G" | \
{
# required for trim of leading space.
shopt -s extglob
# Row header
read -t 5 -r
# read timeout
[ $? -gt 128 ] && return 1
while IFS=":" read -t 1 -r n v; do
# Trim leading space
n=${n##+([[:space:]])}
# Leading space on all values by the \G format needs to be trimmed.
v=${v:1}
case "$n" in
Slave_IO_Running)
if [ -n "${repl['io']}" ] && [ "$v" = 'No' ]; then
return 1
fi
;;
Slave_SQL_Running)
if [ -n "${repl['sql']}" ] && [ "$v" = 'No' ]; then
return 1
fi
;;
Seconds_Behind_Master)
# A NULL value is the IO thread not running:
if [ -n "${repl['seconds_behind_master']}" ] &&
{ [ "$v" = NULL ] ||
(( "${repl['seconds_behind_master']}" < "$v" )); }; then
return 1
fi
;;
SQL_Remaining_Delay)
# Unlike Seconds_Behind_Master, sql_remaining_delay will hit NULL
# once replication is caught up - https://mariadb.com/kb/en/delayed-replication/
if [ -n "${repl['sql_remaining_delay']}" ] &&
[ "$v" != NULL ] &&
(( "${repl['sql_remaining_delay']}" < "$v" )); then
return 1
fi
;;
esac
done
# read timeout
[ $? -gt 128 ] && return 1
return 0
}
# reachable in command not found(?)
# shellcheck disable=SC2317
return $?
}
# mariadbupgrade
#
# Test the lock on the file $datadir/mariadb_upgrade_info
# https://jira.mariadb.org/browse/MDEV-27068
mariadbupgrade()
{
local f="$datadir/mariadb_upgrade_info"
if [ -r "$f" ]; then
flock --exclusive --nonblock -n 9 9<"$f"
return $?
fi
return 0
}
# MAIN
if [ $# -eq 0 ]; then
echo "At least one argument required" >&2
exit 1
fi
#ENDOFSUBSTITUTIONS
# Marks the end of mysql -> mariadb name changes in 10.6+
# Global variables used by tests
declare -A repl
declare -A def
nodefaults=
connect_s=
datadir=/var/lib/mysql
if [ -f $datadir/.my-healthcheck.cnf ]; then
def['extra_file']=$datadir/.my-healthcheck.cnf
fi
_repl_param_check()
{
case "$1" in
seconds_behind_master) ;&
sql_remaining_delay)
if [ -z "${repl['io']}" ]; then
repl['io']=1
echo "Forcing --replication_io=1, $1 requires IO thread to be running" >&2
fi
;;
all)
if [ -n "${repl['name']}" ]; then
unset 'repl[name]'
echo "Option --replication_all incompatible with specified source --replication_name, clearing replication_name" >&2
fi
;;
name)
if [ -n "${repl['all']}" ]; then
unset 'repl[all]'
echo "Option --replication_name incompatible with --replication_all, clearing replication_all" >&2
fi
;;
esac
}
_test_exists() {
declare -F "$1" > /dev/null
return $?
}
while [ $# -gt 0 ]; do
case "$1" in
--su=*)
u="${1#*=}"
shift
exec gosu "${u}" "${BASH_SOURCE[0]}" "$@"
;;
--su)
shift
u=$1
shift
exec gosu "$u" "${BASH_SOURCE[0]}" "$@"
;;
--su-mysql)
shift
exec gosu mysql "${BASH_SOURCE[0]}" "$@"
;;
--replication_*=*)
# Change the n to what is between _ and = and make lower case
n=${1#*_}
n=${n%%=*}
n=${n,,*}
# v is after the =
v=${1#*=}
repl[$n]=$v
_repl_param_check "$n"
;;
--replication_*)
# Without =, look for a non --option next as the value,
# otherwise treat it as an "enable", just equate to 1.
# Clearing option is possible with "--replication_X="
n=${1#*_}
n=${n,,*}
if [ "${2:0:2}" == '--' ]; then
repl[$n]=1
else
repl[$n]=$2
shift
fi
_repl_param_check "$n"
;;
--datadir=*)
datadir=${1#*=}
;;
--datadir)
shift
datadir=${1}
;;
--no-defaults)
def=()
nodefaults=1
;;
--defaults-file=*|--defaults-extra-file=*|--defaults-group-suffix=*)
n=${1:11} # length --defaults-
n=${n%%=*}
n=${n//-/_}
# v is after the =
v=${1#*=}
def[$n]=$v
nodefaults=
;;
--defaults-file|--defaults-extra-file|--defaults-group-suffix)
n=${1:11} # length --defaults-
n=${n//-/_}
if [ "${2:0:2}" == '--' ]; then
def[$n]=""
else
def[$n]=$2
shift
fi
nodefaults=
;;
--no-connect)
# used for /docker-entrypoint-initdb.d scripts
# where you definately don't want a connection test
connect_s=0
;;
--*)
test=${1#--}
;;
*)
echo "Unknown healthcheck option $1" >&2
exit 1
esac
if [ -n "$test" ]; then
if ! _test_exists "$test" ; then
echo "healthcheck unknown option or test '$test'" >&2
exit 1
elif ! "$test"; then
echo "healthcheck $test failed" >&2
exit 1
fi
test=
fi
shift
done
if [ "$connect_s" != "0" ]; then
# we didn't pass a connnect test, so the current success status is suspicious
# return what connect thinks.
connect
exit $?
fi

28
versions.json
View File

@ -125,34 +125,6 @@
"s390x"
]
},
"11.6": {
"milestone": "11.6",
"version": "11.6.2",
"fullVersion": "1:11.6.2+maria~ubu2404",
"releaseStatus": "Stable",
"supportType": "Short Term Support",
"base": "ubuntu:noble",
"arches": [
"amd64",
"arm64v8",
"ppc64le",
"s390x"
]
},
"11.6-ubi": {
"milestone": "11.6",
"version": "11.6.2",
"fullVersion": "11.6.2",
"releaseStatus": "Stable",
"supportType": "Short Term Support",
"base": "ubi9",
"arches": [
"amd64",
"arm64v8",
"ppc64le",
"s390x"
]
},
"11.7": {
"milestone": "11.7",
"version": "11.7.2",