Docker/mariaDB-teleport
Archived
1
0
Fork 0
Code Issues Actions Packages Activity

updaate docker-entrypoint file

Browse Source
This commit is contained in:
Daniel Dolezal
2025-04-07 00:38:38 +02:00
parent ad56aaa518
commit b81afa129c
1 changed files with 240 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/docker-entrypoint.sh
+310 -131
View File
@@ -121,7 +121,10 @@ mysql_get_config() {
docker_temp_server_start() { docker_temp_server_start() {
"$@" --skip-networking --default-time-zone=SYSTEM --socket="${SOCKET}" --wsrep_on=OFF \ "$@" --skip-networking --default-time-zone=SYSTEM --socket="${SOCKET}" --wsrep_on=OFF \
--expire-logs-days=0 \ --expire-logs-days=0 \
--loose-innodb_buffer_pool_load_at_startup=0 & --skip-slave-start \
--loose-innodb_buffer_pool_load_at_startup=0 \
--skip-ssl --ssl-cert='' --ssl-key='' --ssl-ca='' \
&
declare -g MARIADB_PID declare -g MARIADB_PID
MARIADB_PID=$! MARIADB_PID=$!
mysql_note "Waiting for server startup" mysql_note "Waiting for server startup"
@@ -133,7 +136,9 @@ docker_temp_server_start() {
fi fi
local i local i
for i in {30..0}; do for i in {30..0}; do
if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then if docker_process_sql "${extraArgs[@]}" --database=mysql \
--skip-ssl --skip-ssl-verify-server-cert \
<<<'SELECT 1' &> /dev/null; then
break break
fi fi
sleep 1 sleep 1
@@ -152,6 +157,14 @@ docker_temp_server_stop() {
# Verify that the minimally required password settings are set for new databases. # Verify that the minimally required password settings are set for new databases.
docker_verify_minimum_env() { docker_verify_minimum_env() {
# Restoring from backup requires no environment variables
declare -g DATABASE_INIT_FROM_BACKUP
for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
if [ -f "${file}" ]; then
DATABASE_INIT_FROM_BACKUP='true'
return
fi
done
if [ -z "$MARIADB_ROOT_PASSWORD" ] && [ -z "$MARIADB_ROOT_PASSWORD_HASH" ] && [ -z "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] && [ -z "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then if [ -z "$MARIADB_ROOT_PASSWORD" ] && [ -z "$MARIADB_ROOT_PASSWORD_HASH" ] && [ -z "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] && [ -z "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then
mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MARIADB_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ALLOW_EMPTY_ROOT_PASSWORD and MARIADB_RANDOM_ROOT_PASSWORD' mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MARIADB_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ALLOW_EMPTY_ROOT_PASSWORD and MARIADB_RANDOM_ROOT_PASSWORD'
fi fi
@@ -162,6 +175,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option." mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
} }
# creates folders for the database # creates folders for the database
@@ -175,25 +207,46 @@ docker_create_db_directories() {
if [ "$user" = "0" ]; then if [ "$user" = "0" ]; then
# this will cause less disk access than `chown -R` # this will cause less disk access than `chown -R`
find "$DATADIR" \! -user mysql -exec chown mysql: '{}' + find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \)
# See https://github.com/MariaDB/mariadb-docker/issues/363 # See https://github.com/MariaDB/mariadb-docker/issues/363
find "${SOCKET%/*}" -maxdepth 0 \! -user mysql -exec chown mysql: '{}' \; if [ "${SOCKET:0:1}" != '@' ]; then # not abstract sockets
find "${SOCKET%/*}" -maxdepth 0 \! -user mysql \( -exec chown mysql: '{}' \; -o -true \)
fi
# memory.pressure
local cgroup; cgroup=$(</proc/self/cgroup)
local mempressure="/sys/fs/cgroup/${cgroup:3}/memory.pressure"
if [ -w "$mempressure" ]; then
chown mysql: "$mempressure" || mysql_warn "unable to change ownership of $mempressure, functionality unavailable to MariaDB"
else
mysql_warn "$mempressure not writable, functionality unavailable to MariaDB"
fi
fi fi
} }
_mariadb_version() { _mariadb_version() {
local mariaVersion="${MARIADB_VERSION##*:}" echo -n "11.7.2-MariaDB"
mariaVersion="${mariaVersion%%[-+~]*}"
echo -n "${mariaVersion}-MariaDB"
} }
# initializes the database directory # initializes the database directory
docker_init_database_dir() { docker_init_database_dir() {
mysql_note "Initializing database files" mysql_note "Initializing database files"
installArgs=( --datadir="$DATADIR" --rpm --auth-root-authentication-method=normal ) installArgs=( --datadir="$DATADIR" --rpm --auth-root-authentication-method=normal )
# "Other options are passed to mariadbd." (so we pass all "mysqld" arguments directly here) # "Other options are passed to mariadbd." (so we pass all "mariadbd" arguments directly here)
mariadb-install-db "${installArgs[@]}" "${@:2}" \
local mariadbdArgs=()
for arg in "${@:2}"; do
# Check if the argument contains whitespace
if [[ "$arg" =~ [[:space:]] ]]; then
mysql_warn "Not passing argument \'$arg\' to mariadb-install-db because mariadb-install-db does not support arguments with whitespace."
else
mariadbdArgs+=("$arg")
fi
done
mariadb-install-db "${installArgs[@]}" "${mariadbdArgs[@]}" \
--cross-bootstrap \
--skip-test-db \ --skip-test-db \
--old-mode='UTF8_IS_UTF8MB3' \
--default-time-zone=SYSTEM --enforce-storage-engine= \ --default-time-zone=SYSTEM --enforce-storage-engine= \
--skip-log-bin \ --skip-log-bin \
--expire-logs-days=0 \ --expire-logs-days=0 \
@@ -206,9 +259,10 @@ docker_init_database_dir() {
# This should be called after mysql_check_config, but before any other functions # This should be called after mysql_check_config, but before any other functions
docker_setup_env() { docker_setup_env() {
# Get config # Get config
declare -g DATADIR SOCKET declare -g DATADIR SOCKET PORT
DATADIR="$(mysql_get_config 'datadir' "$@")" DATADIR="$(mysql_get_config 'datadir' "$@")"
SOCKET="$(mysql_get_config 'socket' "$@")" SOCKET="$(mysql_get_config 'socket' "$@")"
PORT="$(mysql_get_config 'port' "$@")"
# Initialize values that might be stored in a file # Initialize values that might be stored in a file
@@ -220,6 +274,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables # No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH' file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH' file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value # set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}" : "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@@ -266,6 +327,42 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}" echo "${escaped//\'/\\\'}"
} }
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Create healthcheck users
create_healthcheck_users() {
local healthCheckGrant=USAGE
local healthCheckConnectPass
local healthCheckConnectPassEscaped
healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
healthCheckConnectPassEscaped=$(docker_sql_escape_string_literal "${healthCheckConnectPass}")
if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
fi
for host in 127.0.0.1 ::1 localhost; do
echo "CREATE USER IF NOT EXISTS healthcheck@'$host' IDENTIFIED BY '$healthCheckConnectPassEscaped';"
# doing this so if the users exists, we're just setting the password, and not replacing the existing grants
echo "SET PASSWORD FOR healthcheck@'$host' = PASSWORD('$healthCheckConnectPassEscaped');"
echo "GRANT $healthCheckGrant ON *.* TO healthcheck@'$host';"
done
local maskPreserve
maskPreserve=$(umask -p)
umask 0077
echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf
$maskPreserve
}
# Initializes database with timezone info and root password, plus optional extra db/user # Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() { docker_setup_db() {
# Load timezone info into database # Load timezone info into database
@@ -289,7 +386,7 @@ docker_setup_db() {
local rootPasswordEscaped= local rootPasswordEscaped=
if [ -n "$MARIADB_ROOT_PASSWORD" ]; then if [ -n "$MARIADB_ROOT_PASSWORD" ]; then
# Sets root password and creates root users for non-localhost hosts # Sets root password and creates root users for non-localhost hosts
rootPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}" ) rootPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}")
fi fi
# default root to listen for connections from anywhere # default root to listen for connections from anywhere
@@ -300,11 +397,13 @@ docker_setup_db() {
read -r -d '' rootCreate <<-EOSQL || true read -r -d '' rootCreate <<-EOSQL || true
CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY PASSWORD '${MARIADB_ROOT_PASSWORD_HASH}' ; CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY PASSWORD '${MARIADB_ROOT_PASSWORD_HASH}' ;
GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ; GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
EOSQL EOSQL
else else
read -r -d '' rootCreate <<-EOSQL || true read -r -d '' rootCreate <<-EOSQL || true
CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY '${rootPasswordEscaped}' ; CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY '${rootPasswordEscaped}' ;
GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ; GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
EOSQL EOSQL
fi fi
fi fi
@@ -313,16 +412,8 @@ docker_setup_db() {
local mysqlAtLocalhostGrants= local mysqlAtLocalhostGrants=
# Install mysql@localhost user # Install mysql@localhost user
if [ -n "$MARIADB_MYSQL_LOCALHOST_USER" ]; then if [ -n "$MARIADB_MYSQL_LOCALHOST_USER" ]; then
local pw=
pw="$(pwgen --numerals --capitalize --symbols --remove-chars="'\\" -1 32)"
# MDEV-24111 before MariaDB-10.4 cannot create unix_socket user directly auth with simple_password_check
# It wasn't until 10.4 that the unix_socket auth was built in to the server.
read -r -d '' mysqlAtLocalhost <<-EOSQL || true read -r -d '' mysqlAtLocalhost <<-EOSQL || true
EXECUTE IMMEDIATE IF(VERSION() RLIKE '^10\.3\.', CREATE USER mysql@localhost IDENTIFIED VIA unix_socket;
"INSTALL PLUGIN /*M10401 IF NOT EXISTS */ unix_socket SONAME 'auth_socket'",
"SELECT 'already there'");
CREATE USER mysql@localhost IDENTIFIED BY '$pw';
ALTER USER mysql@localhost IDENTIFIED VIA unix_socket;
EOSQL EOSQL
if [ -n "$MARIADB_MYSQL_LOCALHOST_GRANTS" ]; then if [ -n "$MARIADB_MYSQL_LOCALHOST_GRANTS" ]; then
if [ "$MARIADB_MYSQL_LOCALHOST_GRANTS" != USAGE ]; then if [ "$MARIADB_MYSQL_LOCALHOST_GRANTS" != USAGE ]; then
@@ -332,6 +423,9 @@ docker_setup_db() {
fi fi
fi fi
local createHealthCheckUsers
createHealthCheckUsers=$(create_healthcheck_users)
local rootLocalhostPass= local rootLocalhostPass=
if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then
# handle MARIADB_ROOT_PASSWORD_HASH for root@localhost after /docker-entrypoint-initdb.d # handle MARIADB_ROOT_PASSWORD_HASH for root@localhost after /docker-entrypoint-initdb.d
@@ -354,7 +448,7 @@ docker_setup_db() {
else else
# SQL escape the user password, \ followed by ' # SQL escape the user password, \ followed by '
local userPasswordEscaped local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_PASSWORD}" ) userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_PASSWORD}")
createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';" createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi fi
@@ -364,6 +458,24 @@ docker_setup_db() {
fi fi
fi fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
# SC cannot follow how MARIADB_MASTER_PORT is assigned a default value.
# shellcheck disable=SC2153
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)" mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set # tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding. # --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@@ -381,129 +493,50 @@ docker_setup_db() {
${rootCreate} ${rootCreate}
${mysqlAtLocalhost} ${mysqlAtLocalhost}
${mysqlAtLocalhostGrants} ${mysqlAtLocalhostGrants}
-- pre-10.3 only ${createHealthCheckUsers}
DROP DATABASE IF EXISTS test ;
-- end of securing system users, rest of init now... -- end of securing system users, rest of init now...
SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin; SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin;
-- create users/databases -- create users/databases
${createDatabase} ${createDatabase}
${createUser} ${createUser}
${createReplicaUser}
${userGrants} ${userGrants}
${changeMasterTo}
EOSQL EOSQL
} }
# backup the mysql database # create a new installation
docker_mariadb_backup_system() docker_mariadb_init()
{ {
if [ -n "$MARIADB_DISABLE_UPGRADE_BACKUP" ] \
&& [ "$MARIADB_DISABLE_UPGRADE_BACKUP" = 1 ]; then
mysql_note "MariaDB upgrade backup disabled due to \$MARIADB_DISABLE_UPGRADE_BACKUP=1 setting"
return
fi
local backup_db="system_mysql_backup_unknown_version.sql.zst"
local oldfullversion="unknown_version"
if [ -r "$DATADIR"/mysql_upgrade_info ]; then
read -r -d '' oldfullversion < "$DATADIR"/mysql_upgrade_info || true
if [ -n "$oldfullversion" ]; then
backup_db="system_mysql_backup_${oldfullversion}.sql.zst"
fi
fi
mysql_note "Backing up system database to $backup_db"
if ! mariadb-dump --skip-lock-tables --replace --databases mysql --socket="${SOCKET}" | zstd > "${DATADIR}/${backup_db}"; then
mysql_error "Unable backup system database for upgrade from $oldfullversion."
fi
mysql_note "Backing up complete"
}
# perform mariadb-upgrade
# backup the mysql database if this is a major upgrade
docker_mariadb_upgrade() {
if [ -z "$MARIADB_AUTO_UPGRADE" ] \
|| [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then
mysql_note "MariaDB upgrade (mariadb-upgrade) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
return
fi
mysql_note "Starting temporary server"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0 \
--skip-slave-start
mysql_note "Temporary server started."
docker_mariadb_backup_system
mysql_note "Starting mariadb-upgrade"
mariadb-upgrade --upgrade-system-tables
mysql_note "Finished mariadb-upgrade"
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
}
_check_if_upgrade_is_needed() {
if [ ! -f "$DATADIR"/mysql_upgrade_info ]; then
mysql_note "MariaDB upgrade information missing, assuming required"
return 0
fi
local mariadbVersion
mariadbVersion="$(_mariadb_version)"
IFS='.-' read -ra newversion <<<"$mariadbVersion"
IFS='.-' read -ra oldversion < "$DATADIR"/mysql_upgrade_info || true
if [[ ${#newversion[@]} -lt 2 ]] || [[ ${#oldversion[@]} -lt 2 ]] \
|| [[ ${oldversion[0]} -lt ${newversion[0]} ]] \
|| [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then
return 0
fi
mysql_note "MariaDB upgrade not required"
return 1
}
# check arguments for an option that would cause mariadbd to stop
# return true if there is one
_mysql_want_help() {
local arg
for arg; do
case "$arg" in
-'?'|--help|--print-defaults|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if command starts with an option, prepend mariadbd
if [ "${1:0:1}" = '-' ]; then
set -- mariadbd "$@"
fi
#ENDOFSUBSTITUTIONS
# skip setup if they aren't running mysqld or want an option that stops mysqld
if [ "$1" = 'mariadbd' ] || [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
mysql_note "Entrypoint script for MariaDB Server ${MARIADB_VERSION} started."
mysql_check_config "$@"
# Load various environment variables
docker_setup_env "$@"
docker_create_db_directories
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
exec gosu mysql "${BASH_SOURCE[0]}" "$@"
fi
# there's no database, so it needs to be initialized
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database # check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null ls /docker-entrypoint-initdb.d/ > /dev/null
if [ -n "$DATABASE_INIT_FROM_BACKUP" ]; then
shopt -s dotglob
for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
mkdir -p "$DATADIR"/.init
tar --auto-compress --extract --file "$file" --directory="$DATADIR"/.init
mariadb-backup --target-dir="$DATADIR"/.init --datadir="$DATADIR"/.restore --move-back
mv "$DATADIR"/.restore/** "$DATADIR"/
if [ -f "$DATADIR/.init/backup-my.cnf" ]; then
mv "$DATADIR/.init/backup-my.cnf" "$DATADIR/.my.cnf"
mysql_note "Adding startup configuration:"
my_print_defaults --defaults-file="$DATADIR/.my.cnf" --mariadbd
fi
rm -rf "$DATADIR"/.init "$DATADIR"/.restore
if [ "$(id -u)" = "0" ]; then
# this will cause less disk access than `chown -R`
find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \)
fi
done
if _check_if_upgrade_is_needed; then
docker_mariadb_upgrade "$@"
fi
return
fi
docker_init_database_dir "$@" docker_init_database_dir "$@"
mysql_note "Starting temporary server" mysql_note "Starting temporary server"
@@ -529,6 +562,147 @@ _main() {
echo echo
mysql_note "MariaDB init process done. Ready for start up." mysql_note "MariaDB init process done. Ready for start up."
echo echo
}
# backup the mysql database
docker_mariadb_backup_system()
{
if [ -n "$MARIADB_DISABLE_UPGRADE_BACKUP" ] \
&& [ "$MARIADB_DISABLE_UPGRADE_BACKUP" = 1 ]; then
mysql_note "MariaDB upgrade backup disabled due to \$MARIADB_DISABLE_UPGRADE_BACKUP=1 setting"
return
fi
local backup_db="system_mysql_backup_unknown_version.sql.zst"
local oldfullversion="unknown_version"
if [ -r "$DATADIR"/mariadb_upgrade_info ]; then
read -r -d '' oldfullversion < "$DATADIR"/mariadb_upgrade_info || true
if [ -n "$oldfullversion" ]; then
backup_db="system_mysql_backup_${oldfullversion}.sql.zst"
fi
fi
mysql_note "Backing up system database to $backup_db"
if ! mariadb-dump --skip-lock-tables --replace --databases mysql --socket="${SOCKET}" | zstd > "${DATADIR}/${backup_db}"; then
mysql_error "Unable backup system database for upgrade from $oldfullversion."
fi
mysql_note "Backing up complete"
}
# perform mariadb-upgrade
# backup the mysql database if this is a major upgrade
docker_mariadb_upgrade() {
if [ -z "$MARIADB_AUTO_UPGRADE" ] \
|| [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then
mysql_note "MariaDB upgrade (mariadb-upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
return
fi
mysql_note "Starting temporary server"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0
mysql_note "Temporary server started."
docker_mariadb_backup_system
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "Creating healthcheck users"
local createHealthCheckUsers
createHealthCheckUsers=$(create_healthcheck_users)
docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
-- Healthcheck users shouldn't be replicated
SET @@SESSION.SQL_LOG_BIN=0;
-- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
FLUSH PRIVILEGES;
$createHealthCheckUsers
EOSQL
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
if _check_if_upgrade_is_needed; then
# need a restart as FLUSH PRIVILEGES isn't reversable
mysql_note "Restarting temporary server for upgrade"
docker_temp_server_start "$@" --skip-grant-tables \
--loose-innodb_buffer_pool_dump_at_shutdown=0
else
return 0
fi
fi
mysql_note "Starting mariadb-upgrade"
mariadb-upgrade --upgrade-system-tables
mysql_note "Finished mariadb-upgrade"
mysql_note "Stopping temporary server"
docker_temp_server_stop
mysql_note "Temporary server stopped"
}
_check_if_upgrade_is_needed() {
if [ ! -f "$DATADIR"/mariadb_upgrade_info ]; then
mysql_note "MariaDB upgrade information missing, assuming required"
return 0
fi
local mariadbVersion
mariadbVersion="$(_mariadb_version)"
IFS='.-' read -ra newversion <<<"$mariadbVersion"
IFS='.-' read -ra oldversion < "$DATADIR"/mariadb_upgrade_info || true
if [[ ${#newversion[@]} -lt 2 ]] || [[ ${#oldversion[@]} -lt 2 ]] \
|| [[ ${oldversion[0]} -lt ${newversion[0]} ]] \
|| [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then
return 0
fi
if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
mysql_note "MariaDB heathcheck configation file missing, assuming desirable"
return 0
fi
mysql_note "MariaDB upgrade not required"
return 1
}
# check arguments for an option that would cause mariadbd to stop
# return true if there is one
_mysql_want_help() {
local arg
for arg; do
case "$arg" in
-'?'|--help|--print-defaults|-V|--version)
return 0
;;
esac
done
return 1
}
_main_mariadb() {
# if command starts with an option, prepend mariadbd
if [ "${1:0:1}" = '-' ]; then
set -- mariadbd "$@"
fi
#ENDOFSUBSTITUTIONS
# skip setup if they aren't running mysqld or want an option that stops mysqld
if [ "$1" = 'mariadbd' ] || [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
mysql_note "Entrypoint script for MariaDB Server ${MARIADB_VERSION} started."
mysql_check_config "$@"
# Load various environment variables
docker_setup_env "$@"
docker_create_db_directories
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
exec gosu mysql "${BASH_SOURCE[0]}" "$@"
fi
# there's no database, so it needs to be initialized
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
docker_mariadb_init "$@"
# MDEV-27636 mariadb_upgrade --check-if-upgrade-is-needed cannot be run offline # MDEV-27636 mariadb_upgrade --check-if-upgrade-is-needed cannot be run offline
#elif mariadb-upgrade --check-if-upgrade-is-needed; then #elif mariadb-upgrade --check-if-upgrade-is-needed; then
elif _check_if_upgrade_is_needed; then elif _check_if_upgrade_is_needed; then
@@ -552,6 +726,10 @@ _run_web_server() {
chown www-data:www-data /var/www/phpmyadmin/config.inc.php chown www-data:www-data /var/www/phpmyadmin/config.inc.php
touch "/var/www/phpmyadmin/.installed" touch "/var/www/phpmyadmin/.installed"
fi fi
chown -R www-data:www-data /var/log/nginx
#touch /var/log/php8.3-fpm.log && chown www-data:www-data /var/log/php8.3-fpm.log
php-fpm8.3 & php-fpm8.3 &
nginx & nginx &
fi fi
@@ -561,5 +739,6 @@ _run_web_server() {
if ! _is_sourced; then if ! _is_sourced; then
_check_to_run_teleport _check_to_run_teleport
_run_web_server _run_web_server
_main "$@"
_main_mariadb "$@"
fi fi