mariadb-docker/Dockerfile.template

# vim:set ft=dockerfile:
FROM ubuntu:%%SUITE%%

# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql

# https://bugs.debian.org/830696 (apt uses gpgv by default in newer releases, rather than gpg)
RUN set -ex; \
	apt-get update; \
	if ! which gpg; then \
		apt-get install -y --no-install-recommends gnupg; \
	fi; \
	rm -rf /var/lib/apt/lists/*

# add gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.14
RUN set -eux; \
	apt-get update; \
	DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates; \
	savedAptMark="$(apt-mark showmanual)"; \
	apt-get install -y --no-install-recommends wget; \
	rm -rf /var/lib/apt/lists/*; \
	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
	export GNUPGHOME="$(mktemp -d)"; \
	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
	gpgconf --kill all; \
	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
	apt-mark auto '.*' > /dev/null; \
	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	chmod +x /usr/local/bin/gosu; \
	gosu --version; \
	gosu nobody true

RUN mkdir /docker-entrypoint-initdb.d

# install "libjemalloc2" as it offers better performance in some cases. Use with LD_PRELOAD
# install "pwgen" for randomizing passwords
# install "tzdata" for /usr/share/zoneinfo/
# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files
# install "zstd" for .sql.zst docker-entrypoint-initdb.d files
RUN set -ex; \
	apt-get update; \
	DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
		libjemalloc2 \
		pwgen \
		tzdata \
		xz-utils \
		zstd \
	; \
	rm -rf /var/lib/apt/lists/*

ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8
# pub   rsa4096 2016-03-30 [SC]
#         177F 4010 FE56 CA33 3630  0305 F165 6F24 C74C D1D8
# uid           [ unknown] MariaDB Signing Key <signing-key@mariadb.org>
# sub   rsa4096 2016-03-30 [E]

RUN set -ex; \
	export GNUPGHOME="$(mktemp -d)"; \
	for key in $GPG_KEYS; do \
		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
	done; \
	gpg --batch --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mariadb.gpg; \
	command -v gpgconf > /dev/null && gpgconf --kill all || :; \
	rm -fr "$GNUPGHOME"; \
	apt-key list

# bashbrew-architectures:%%ARCHES%%
ARG MARIADB_MAJOR=%%MARIADB_MAJOR%%
ENV MARIADB_MAJOR $MARIADB_MAJOR
ARG MARIADB_VERSION=%%MARIADB_VERSION%%
ENV MARIADB_VERSION $MARIADB_VERSION
# release-status:%%MARIADB_RELEASE_STATUS%%
# (https://downloads.mariadb.org/rest-api/mariadb/)

# Allowing overriding of REPOSITORY, a URL that includes suite and component for testing and Enterprise Versions
ARG REPOSITORY="http://archive.mariadb.org/mariadb-%%MARIADB_VERSION_BASIC%%/repo/ubuntu/ %%SUITE%% main"

RUN set -e;\
	echo "deb ${REPOSITORY}" > /etc/apt/sources.list.d/mariadb.list; \
	{ \
		echo 'Package: *'; \
		echo 'Pin: release o=MariaDB'; \
		echo 'Pin-Priority: 999'; \
	} > /etc/apt/preferences.d/mariadb
# add repository pinning to make sure dependencies from this MariaDB repo are preferred over Debian dependencies
#  libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed

# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
RUN set -ex; \
	{ \
		echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password password 'unused'; \
		echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password_again password 'unused'; \
	} | debconf-set-selections; \
	apt-get update; \
# mariadb-backup is installed at the same time so that `mysql-common` is only installed once from just mariadb repos
	apt-get install -y \
		"mariadb-server=$MARIADB_VERSION" mariadb-backup socat \
	; \
	rm -rf /var/lib/apt/lists/*; \
# purge and re-create /var/lib/mysql with appropriate ownership
	rm -rf /var/lib/mysql; \
	mkdir -p /var/lib/mysql /var/run/mysqld; \
	chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
	chmod 777 /var/run/mysqld; \
# comment out a few problematic configuration values
	find /etc/mysql/ -name '*.cnf' -print0 \
		| xargs -0 grep -lZE '^(bind-address|log|user\s)' \
		| xargs -rt -0 sed -Ei 's/^(bind-address|log|user\s)/#&/'; \
# don't reverse lookup hostnames, they are usually another container
# Issue #327 Correct order of reading directories /etc/mysql/mariadb.conf.d before /etc/mysql/conf.d (mount-point per documentation)
	if [ ! -L /etc/mysql/my.cnf ]; then sed -i -e '/includedir/i[mariadb]\nskip-host-cache\nskip-name-resolve\n' /etc/mysql/my.cnf; \
# 10.5+
	else sed -i -e '/includedir/ {N;s/\(.*\)\n\(.*\)/[mariadbd]\nskip-host-cache\nskip-name-resolve\n\n\2\n\1/}' \
                /etc/mysql/mariadb.cnf; fi


VOLUME /var/lib/mysql

COPY healthcheck.sh /usr/local/bin/healthcheck.sh
COPY docker-entrypoint.sh /usr/local/bin/
RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat
ENTRYPOINT ["docker-entrypoint.sh"]

EXPOSE 3306
CMD ["mysqld"]
Mariadb qith entrypoint taken from mysql image 2014-11-24 15:31:55 -08:00			`# vim:set ft=dockerfile:`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`FROM ubuntu:%%SUITE%%`
Mariadb qith entrypoint taken from mysql image 2014-11-24 15:31:55 -08:00
			`# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added`
			`RUN groupadd -r mysql && useradd -r -g mysql mysql`

Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`# https://bugs.debian.org/830696 (apt uses gpgv by default in newer releases, rather than gpg)`
			`RUN set -ex; \`
			`apt-get update; \`
			`if ! which gpg; then \`
			`apt-get install -y --no-install-recommends gnupg; \`
			`fi; \`
			`rm -rf /var/lib/apt/lists/*`

Allow arbitrary --user values 2016-05-17 12:48:56 -07:00			`# add gosu for easy step-down from root`
Update to gosu 1.12 2020-04-16 00:06:26 -07:00			`# https://github.com/tianon/gosu/releases`
gosu - bump to 1.14 2021-09-03 11:19:09 +10:00			`ENV GOSU_VERSION 1.14`
Update to gosu 1.12 2020-04-16 00:06:26 -07:00			`RUN set -eux; \`
Update gosu to 1.10 2017-11-13 15:55:56 -08:00			`apt-get update; \`
Remove package apt-transport-https Not needed in newer apt. Thanks @tianon 2021-03-14 13:15:35 +11:00			`DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates; \`
Use https for osuosl respository Per requirement "using https where possible" https://github.com/docker-library/official-images#image-build ca-certificates apt-transport-https are used later in the Dockerfile so get them marked as manual. 2021-03-12 12:18:37 +11:00			`savedAptMark="$(apt-mark showmanual)"; \`
			`apt-get install -y --no-install-recommends wget; \`
Update gosu to 1.10 2017-11-13 15:55:56 -08:00			`rm -rf /var/lib/apt/lists/*; \`
			`dpkgArch="$(dpkg --print-architecture \| awk -F- '{ print $NF }')"; \`
			`wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \`
			`wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \`
			`export GNUPGHOME="$(mktemp -d)"; \`
Use explicit "hkps" for keys.openpgp.org 2019-07-03 07:51:44 -07:00			`gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \`
Update gosu to 1.10 2017-11-13 15:55:56 -08:00			`gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \`
Update to gosu 1.12 2020-04-16 00:06:26 -07:00			`gpgconf --kill all; \`
			`rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \`
			`apt-mark auto '.*' > /dev/null; \`
			`[ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark > /dev/null; \`
			`apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \`
Update gosu to 1.10 2017-11-13 15:55:56 -08:00			`chmod +x /usr/local/bin/gosu; \`
Update to gosu 1.12 2020-04-16 00:06:26 -07:00			`gosu --version; \`
			`gosu nobody true`
Add "pwgen" for password randomization feature 2016-01-29 09:45:15 -08:00
Resync Dockerfile and docker-entrypoint.sh with changes in mysql, especially for initdb 2015-08-11 16:39:56 -07:00			`RUN mkdir /docker-entrypoint-initdb.d`

use templating to generate jemalloc version Noted in https://github.com/docker-library/official-images/pull/10220 2021-05-25 14:11:26 +10:00			`# install "libjemalloc2" as it offers better performance in some cases. Use with LD_PRELOAD`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`# install "pwgen" for randomizing passwords`
Add tzdata for zoneinfo 2018-07-17 13:40:05 -07:00			`# install "tzdata" for /usr/share/zoneinfo/`
add .sql.xz support to docker-entrypoint-initdb.d 2020-02-15 18:03:15 +00:00			`# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files`
Add .sql.zst support to docker-entrypoint-initdb.d 2021-05-20 22:48:10 +02:00			`# install "zstd" for .sql.zst docker-entrypoint-initdb.d files`
Remove obsolete ca-certificates 2019-07-11 20:00:40 +02:00			`RUN set -ex; \`
			`apt-get update; \`
DEBIAN_FRONTEND=noninteractive for tzdata tzdata under buildah is requiring input so lets force this to non-interactive. An element of the ca-certificates while not requiring an input, creates a bit of a mess on the build stage, so clean it up at the same time. 2021-03-12 13:11:00 +11:00			`DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \`
use templating to generate jemalloc version Noted in https://github.com/docker-library/official-images/pull/10220 2021-05-25 14:11:26 +10:00			`libjemalloc2 \`
Apply #71 to Dockerfile.template 2016-07-22 12:35:55 -07:00			`pwgen \`
Add tzdata for zoneinfo 2018-07-17 13:40:05 -07:00			`tzdata \`
add .sql.xz support to docker-entrypoint-initdb.d 2020-02-15 18:03:15 +00:00			`xz-utils \`
Add .sql.zst support to docker-entrypoint-initdb.d 2021-05-20 22:48:10 +02:00			`zstd \`
Remove obsolete ca-certificates 2019-07-11 20:00:40 +02:00			`; \`
			`rm -rf /var/lib/apt/lists/*`
Allow arbitrary --user values 2016-05-17 12:48:56 -07:00
Replace REPOSITORY_KEY with using GPG_KEYs as ARG 2021-07-02 18:53:42 +10:00			`ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`# pub rsa4096 2016-03-30 [SC]`
			`# 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8`
			`# uid [ unknown] MariaDB Signing Key <signing-key@mariadb.org>`
			`# sub rsa4096 2016-03-30 [E]`
build args REPOSITORY/REPOSITORY_KEY for testing/enterprise server We want to test in CI against in-development versions of MariaDB-server against this container so add 2 hooks to make it easier. Also this can be used for MariaDB Enterprise on the same base Dockerfile template. Closes #353 2021-03-12 13:43:34 +11:00
Use "/etc/apt/trusted.gpg.d" instead of "apt-key adv" > Note: Instead of using this command a keyring should be placed > directly in the /etc/apt/trusted.gpg.d/ directory with a > descriptive name and either "gpg" or "asc" as file extension. https://manpages.debian.org/cgi-bin/man.cgi?query=apt-key&manpath=Debian+testing+stretch 2017-01-10 13:54:55 -08:00			`RUN set -ex; \`
			`export GNUPGHOME="$(mktemp -d)"; \`
Replace REPOSITORY_KEY with using GPG_KEYs as ARG 2021-07-02 18:53:42 +10:00			`for key in $GPG_KEYS; do \`
new keyserver keyserver.ubuntu.com since sks-keyservers.net closure Closes: #380 2021-06-23 13:50:06 +10:00			`gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \`
Use "/etc/apt/trusted.gpg.d" instead of "apt-key adv" > Note: Instead of using this command a keyring should be placed > directly in the /etc/apt/trusted.gpg.d/ directory with a > descriptive name and either "gpg" or "asc" as file extension. https://manpages.debian.org/cgi-bin/man.cgi?query=apt-key&manpath=Debian+testing+stretch 2017-01-10 13:54:55 -08:00			`done; \`
Replace REPOSITORY_KEY with using GPG_KEYs as ARG 2021-07-02 18:53:42 +10:00			`gpg --batch --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mariadb.gpg; \`
Makes backup variable name generic; sorts arch list for easier human parsing Also adjust travis to use pgp-happy-eyeballs 2018-07-18 13:22:52 -07:00			`command -v gpgconf > /dev/null && gpgconf --kill all \|\| :; \`
Use rm -rf on GPGHOME for reliabilty CI was failing with the following that ppears to be a race condition between the termination of gpgconf and the deleting of the /tmp directory. + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 177F4010FE56CA3336300305F1656F24C74CD1D8 gpg: keybox '/tmp/tmp.Buk4CCMuXH/pubring.kbx' created gpg: /tmp/tmp.Buk4CCMuXH/trustdb.gpg: trustdb created gpg: key F1656F24C74CD1D8: public key "MariaDB Signing Key <signing-key@mariadb.org>" imported gpg: Total number processed: 1 gpg: imported: 1 + gpg --batch --export 177F4010FE56CA3336300305F1656F24C74CD1D8 + command -v gpgconf + gpgconf --kill all + rm -r /tmp/tmp.Buk4CCMuXH rm: cannot remove '/tmp/tmp.Buk4CCMuXH/S.dirmngr': No such file or directory 2021-06-29 14:05:55 +10:00			`rm -fr "$GNUPGHOME"; \`
Use "/etc/apt/trusted.gpg.d" instead of "apt-key adv" > Note: Instead of using this command a keyring should be placed > directly in the /etc/apt/trusted.gpg.d/ directory with a > descriptive name and either "gpg" or "asc" as file extension. https://manpages.debian.org/cgi-bin/man.cgi?query=apt-key&manpath=Debian+testing+stretch 2017-01-10 13:54:55 -08:00			`apt-key list`
Add xtrabackup for Galera SST 2016-03-04 19:36:48 +01:00
Lists the upstream arches in the Dockerfile rather than a separate file so that the jenkins job doesn't need changes 2018-07-17 14:19:00 -07:00			`# bashbrew-architectures:%%ARCHES%%`
build args REPOSITORY/REPOSITORY_KEY for testing/enterprise server We want to test in CI against in-development versions of MariaDB-server against this container so add 2 hooks to make it easier. Also this can be used for MariaDB Enterprise on the same base Dockerfile template. Closes #353 2021-03-12 13:43:34 +11:00			`ARG MARIADB_MAJOR=%%MARIADB_MAJOR%%`
Preserve ENV MARIADB_MAJOR and MARIADB_VERSION compatibility 2021-07-13 10:37:18 +10:00			`ENV MARIADB_MAJOR $MARIADB_MAJOR`
build args REPOSITORY/REPOSITORY_KEY for testing/enterprise server We want to test in CI against in-development versions of MariaDB-server against this container so add 2 hooks to make it easier. Also this can be used for MariaDB Enterprise on the same base Dockerfile template. Closes #353 2021-03-12 13:43:34 +11:00			`ARG MARIADB_VERSION=%%MARIADB_VERSION%%`
Preserve ENV MARIADB_MAJOR and MARIADB_VERSION compatibility 2021-07-13 10:37:18 +10:00			`ENV MARIADB_VERSION $MARIADB_VERSION`
Adjust "latest" to be automatic based on "release status" 2019-03-01 13:15:13 -08:00			`# release-status:%%MARIADB_RELEASE_STATUS%%`
Use downloads.mariadb.org API for update.sh 2021-03-02 15:00:11 +11:00			`# (https://downloads.mariadb.org/rest-api/mariadb/)`
Mariadb qith entrypoint taken from mysql image 2014-11-24 15:31:55 -08:00
build args REPOSITORY/REPOSITORY_KEY for testing/enterprise server We want to test in CI against in-development versions of MariaDB-server against this container so add 2 hooks to make it easier. Also this can be used for MariaDB Enterprise on the same base Dockerfile template. Closes #353 2021-03-12 13:43:34 +11:00			`# Allowing overriding of REPOSITORY, a URL that includes suite and component for testing and Enterprise Versions`
Simplify ARG REPOSITORY / archive.mariadb.org as URL REPOSITORY can be ARG with value thanks to @yosifkit. Per https://jira.mariadb.org/browse/MDEV-26122 it got a bit disturbing to users when we purged off the OSUOSL mirror. As these files are predominately just used in the CI and building by our maintainers hopefully any downside to the build process it gained in longer term maintainability. 2021-07-13 10:27:06 +10:00			`ARG REPOSITORY="http://archive.mariadb.org/mariadb-%%MARIADB_VERSION_BASIC%%/repo/ubuntu/ %%SUITE%% main"`
build args REPOSITORY/REPOSITORY_KEY for testing/enterprise server We want to test in CI against in-development versions of MariaDB-server against this container so add 2 hooks to make it easier. Also this can be used for MariaDB Enterprise on the same base Dockerfile template. Closes #353 2021-03-12 13:43:34 +11:00
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`RUN set -e;\`
Simplify ARG REPOSITORY / archive.mariadb.org as URL REPOSITORY can be ARG with value thanks to @yosifkit. Per https://jira.mariadb.org/browse/MDEV-26122 it got a bit disturbing to users when we purged off the OSUOSL mirror. As these files are predominately just used in the CI and building by our maintainers hopefully any downside to the build process it gained in longer term maintainability. 2021-07-13 10:27:06 +10:00			`echo "deb ${REPOSITORY}" > /etc/apt/sources.list.d/mariadb.list; \`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`{ \`
Add "pinning" to ensure we don't run into issues with mixed dependencies Specifically, one of the dependencies of mariadb-server has a newer version in `wheezy`, but the dependency in the package was `= 5.5.42+maria-1~wheezy`, meaning it just refused to install. By pinning the "Origin: MariaDB" repo to be the highest priority, this dependency chain resolves itself properly. ``` libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed ``` 2015-04-22 10:03:02 -06:00			`echo 'Package: *'; \`
			`echo 'Pin: release o=MariaDB'; \`
			`echo 'Pin-Priority: 999'; \`
			`} > /etc/apt/preferences.d/mariadb`
			`# add repository pinning to make sure dependencies from this MariaDB repo are preferred over Debian dependencies`
			`# libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed`
Mariadb qith entrypoint taken from mysql image 2014-11-24 15:31:55 -08:00
Resync Dockerfile and docker-entrypoint.sh with changes in mysql, especially for initdb 2015-08-11 16:39:56 -07:00			`# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)`
			`# also, we set debconf keys to make APT a little quieter`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`RUN set -ex; \`
			`{ \`
Update templates for percona-xtrabackup change 2017-07-27 17:21:39 -07:00			`echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password password 'unused'; \`
			`echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password_again password 'unused'; \`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`} \| debconf-set-selections; \`
			`apt-get update; \`
Remove 5.5 Ubuntu Trusty support is EOL and there are no newer distributions under http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu/dists/ supported. 2019-06-03 16:32:38 -07:00			# mariadb-backup is installed at the same time so that `mysql-common` is only installed once from just mariadb repos
10.2 EOL 2022-06-08 12:53:27 +10:00			`apt-get install -y \`
			`"mariadb-server=$MARIADB_VERSION" mariadb-backup socat \`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`; \`
			`rm -rf /var/lib/apt/lists/*; \`
Allow arbitrary --user values 2016-05-17 12:48:56 -07:00			`# purge and re-create /var/lib/mysql with appropriate ownership`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`rm -rf /var/lib/mysql; \`
			`mkdir -p /var/lib/mysql /var/run/mysqld; \`
			`chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \`
Allow arbitrary --user values 2016-05-17 12:48:56 -07:00			`# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`chmod 777 /var/run/mysqld; \`
Resync Dockerfile and docker-entrypoint.sh with changes in mysql, especially for initdb 2015-08-11 16:39:56 -07:00			`# comment out a few problematic configuration values`
Move to Ubuntu based images in preparation for more arches 2018-07-13 13:56:30 -07:00			`find /etc/mysql/ -name '*.cnf' -print0 \`
Update to 10.5.4 2020-06-24 10:15:02 -07:00			`\| xargs -0 grep -lZE '^(bind-address\|log\|user\s)' \`
			`\| xargs -rt -0 sed -Ei 's/^(bind-address\|log\|user\s)/#&/'; \`
Resync Dockerfile and docker-entrypoint.sh with changes in mysql, especially for initdb 2015-08-11 16:39:56 -07:00			`# don't reverse lookup hostnames, they are usually another container`
/etc/mysql/conf.d for configuration files Per documentation /etc/mysql/conf.d is meant as a location for configuration to be mounted. In 10.5, my fault, /etc/mysql/mariadb.conf.d was read after /etc/mysql/conf.d and more harmfully with a number of configuration items there in /etc/mysql/mariadb.conf.d/50-server.cnf that can no-longer be overwritten in a standard way. Thanks to @tomzu in #327 we just read /etc/mysql/mariadb.conf.d before /etc/mysql/conf.d/ and existing behaviour is preserved. To ensure that /etc/mysql/conf.d can be mounted the "skip-host-cache", "skip-name-resolve" are no longer in /etc/mysql/conf.d/docker.cnf but in the /etc/mysql/my.cnf (or mariadb.cnf (10.5+)). [mariadb] is used as the group, but for 10.4+ [mariadbd] is also recognised. The state of the files across versions is as follows hence ensuring that [mariadbd] is used in later versions. A test case ensures this too: $ for v in 10.* ; do echo version=$v ; podman exec -ti mnew$v ls -lad /etc/mysql/my.cnf /etc/mysql/mariadb.cnf /etc/alternatives/my.cnf ; done version=10.2 ls: cannot access '/etc/mysql/mariadb.cnf': No such file or directory ls: cannot access '/etc/alternatives/my.cnf': No such file or directory -rw-r--r--. 1 root root 5189 Jun 9 09:45 /etc/mysql/my.cnf version=10.3 ls: cannot access '/etc/alternatives/my.cnf': No such file or directory -rw-r--r--. 1 root root 527 May 5 15:26 /etc/mysql/mariadb.cnf -rw-r--r--. 1 root root 5221 Jun 9 09:46 /etc/mysql/my.cnf version=10.4 ls: cannot access '/etc/alternatives/my.cnf': No such file or directory -rw-r--r--. 1 root root 527 May 5 20:10 /etc/mysql/mariadb.cnf -rw-r--r--. 1 root root 5221 Jun 9 09:45 /etc/mysql/my.cnf version=10.5 lrwxrwxrwx. 1 root root 22 Jun 9 09:42 /etc/alternatives/my.cnf -> /etc/mysql/mariadb.cnf -rw-r--r--. 1 root root 1172 Jun 9 09:42 /etc/mysql/mariadb.cnf lrwxrwxrwx. 1 root root 24 Jun 9 09:42 /etc/mysql/my.cnf -> /etc/alternatives/my.cnf version=10.6 lrwxrwxrwx. 1 root root 22 Jun 9 09:47 /etc/alternatives/my.cnf -> /etc/mysql/mariadb.cnf -rw-r--r--. 1 root root 1172 Jun 9 09:47 /etc/mysql/mariadb.cnf lrwxrwxrwx. 1 root root 24 Jun 9 09:47 /etc/mysql/my.cnf -> /etc/alternatives/my.cnf 2021-06-09 19:54:42 +10:00			`# Issue #327 Correct order of reading directories /etc/mysql/mariadb.conf.d before /etc/mysql/conf.d (mount-point per documentation)`
			`if [ ! -L /etc/mysql/my.cnf ]; then sed -i -e '/includedir/i[mariadb]\nskip-host-cache\nskip-name-resolve\n' /etc/mysql/my.cnf; \`
			`# 10.5+`
			`else sed -i -e '/includedir/ {N;s/\(.\)\n\(.\)/[mariadbd]\nskip-host-cache\nskip-name-resolve\n\n\2\n\1/}' \`
			`/etc/mysql/mariadb.cnf; fi`

Mariadb qith entrypoint taken from mysql image 2014-11-24 15:31:55 -08:00
			`VOLUME /var/lib/mysql`

MDEV-25434: mariadb container to have HEALTHCHECK Adds a healthcheck script that gives the user few basics options for health checks include: * connect * innodb_buffer_pool_loaded * galeraonline * replication (io/sql threads and/or delay) * mariadbupgrade (unhealthy if in progress) Reviewed thanks to Daniel Rudolf (@PhrozenByte) and Faustin Lammler (@fauust) 2022-01-31 15:27:25 +11:00			`COPY healthcheck.sh /usr/local/bin/healthcheck.sh`
Allow arbitrary --user values 2016-05-17 12:48:56 -07:00			`COPY docker-entrypoint.sh /usr/local/bin/`
Fix backwards-compat symlink (thanks @nazar-pc!) 2016-05-19 07:52:19 -07:00			`RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat`
Allow arbitrary --user values 2016-05-17 12:48:56 -07:00			`ENTRYPOINT ["docker-entrypoint.sh"]`
Mariadb qith entrypoint taken from mysql image 2014-11-24 15:31:55 -08:00
			`EXPOSE 3306`
			`CMD ["mysqld"]`