1berry/mariadb-docker
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-29762: Add capability for replication

Browse Source 
These are controled by:
* MARIADB_MASTER_HOST - if specified, the master, and the container is a replica
* MARIADB_REPLICATION_PORT - port number
* MARIADB_REPLICATION_USER - create or use this user
* MARIADB_REPLICATION_PASSWORD - create or use this password
* MARIADB_REPLICATION_PASSWORD_HASH (on master only)

If MARIADB_MASTER_HOST isn't specified, the container is a master. In
this case, the MARIADB_REPLICATION_USER is created, with password{,hash},
and given the REPLICATION REPLICA grant, or REPLICATION SLAVE (for
10.3, 10.4).

If the MARIADB_MASTER_HOST is specified, CHANGE MASTER TO is used to
connect to the MARIADB_MASTER_HOST:MARIADB_MASTER_PORT(default 3306)
using the MARIADB_REPLICATION_USER. As the password is needed
MARIADB_REPLICATION_PASSWORD_HASH cannot be used on a replica.
CHANGE MASTER TO is executed with MASTER_CONNECT_RETRY=10 and the
replica is started by default.

The creation of the replication user is replicated along with the
master's /docker-entrypoint-initdb.d/ contents and MARIADB_DATABASE
/MARIADB_USER. The MARIADB_MYSQL_LOCALHOST_USER isn't replicated and
neither is the timezone data.

Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Reviewed-by: Daniel Black <daniel@mariadb.org>
This commit is contained in:
MdSahil-oss 2023-04-01 01:02:21 +05:30 committed by Daniel Black
parent 2517c69128
commit 98c792140d
13 changed files with 835 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
.test/run.sh
View File

@ -26,6 +26,10 @@ killoff()
master_host=""
killoff
fi
if [ -n "$netid" ]; then
docker network rm "$netid"
netid=
fi
}
die()
@ -41,20 +45,35 @@ trap "killoff" EXIT
if docker run --rm "$image" mariadb --version 2>/dev/null
then
mariadb=mariadb
RPL_MONITOR="REPLICA MONITOR"
v=$(docker run --rm "$image" mariadb --version)
if [[ $v =~ 'Distrib 10.4' ]]; then
# the new age hasn't begun yet
RPL_MONITOR="REPLICATION CLIENT"
fi
else
# still running 10.3
mariadb=mysql
RPL_MONITOR="REPLICATION CLIENT"
fi
runandwait()
{
local port_int
cname="mariadbcontainer$RANDOM"
cid="$(
docker run -d \
--name "$cname" --rm --publish 3306 "$@"
)"
port=$(docker port "$cname" 3306)
port=${port#*:}
if [ -z "$port" ]; then
cid="$(
docker run -d \
--name "$cname" --rm --publish 3306 "$@"
)"
port_int=3306
else
cid="$(
docker run -d \
--name "$cname" --rm "$@"
)"
port_int=$port
fi
waiting=${DOCKER_LIBRARY_START_TIMEOUT:-10}
echo "waiting to start..."
set +e +o pipefail +x
@ -62,7 +81,7 @@ runandwait()
do
(( waiting-- ))
sleep 1
if ! docker exec -i "$cid" "$mariadb" -h localhost --protocol tcp -P 3306 -e 'select 1' 2>&1 | grep -F "Can't connect" > /dev/null
if ! docker exec -i "$cid" "$mariadb" -h localhost --protocol tcp -P "$port_int" -e 'select 1' 2>&1 | grep -F "Can't connect" > /dev/null
then
break
fi
@ -92,6 +111,94 @@ mariadbclient_unix() {
"$@"
}
checkUserExistInMariaDB() {
if [ -z $1 ] ; then
return 1
fi
local user=$(mariadbclient -u root -e "SELECT User FROM mysql.user where User='$1';")
if [ -z $user ] ; then
return 1
fi
return 0
}
checkReplication() {
mariadb_replication_user='foo'
local pass_str=
local pass=
if [ $1 = 'MARIADB_REPLICATION_PASSWORD_HASH' ] ; then
pass_str=MARIADB_REPLICATION_PASSWORD_HASH='*0FD9A3F0F816D076CF239580A68A1147C250EB7B'
pass='jane'
else
pass_str='MARIADB_REPLICATION_PASSWORD=foo123'
pass='foo123'
fi
netid="mariadbnetwork$RANDOM"
docker network create "$netid"
# When MARIADB_REPLICATION_HOST is not specified as env, and MARIADB_REPLICATION_USER exists, then considered as master container.
runandwait \
--network "$netid" \
-e MARIADB_REPLICATION_USER="$mariadb_replication_user" \
-e "$pass_str" \
-e MARIADB_DATABASE=replcheck \
-e MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=1 \
"$image" --server-id=3000 --log-bin --log-basename=my-mariadb
# Checks $mariadb_replication_user get created or not
if checkUserExistInMariaDB $mariadb_replication_user ; then
grants=$(mariadbclient -u $mariadb_replication_user -p$pass -e "SHOW GRANTS")
[[ "${grants/SLAVE/REPLICA}" =~ "GRANT REPLICATION REPLICA ON *.* TO \`$mariadb_replication_user\`@\`%\`" ]] || die "I wasn't created how I was expected: got $grants"
mariadbclient -u root --batch --skip-column-names -e 'create table t1(i int)' replcheck
readarray -t vals < <(mariadbclient -u root --batch --skip-column-names -e 'show master status\G' replcheck)
lastfile="${vals[1]}"
pos="${vals[2]}"
[[ "$lastfile" = my-mariadb-bin.00000[12] ]] || die "too many binlog files"
[ "$pos" -lt 500 ] || die 'binary log too big'
docker exec "$cid" ls -la /var/lib/mysql/my-mariadb-bin.000001
docker exec "$cid" sh -c '[ $(wc -c < /var/lib/mysql/my-mariadb-bin.000001 ) -gt 2500 ]' && die 'binary log 1 too big'
docker exec "$cid" sh -c "[ \$(wc -c < /var/lib/mysql/$lastfile ) -gt $pos ]" && die 'binary log 2 too big'
master_host=$cname
master_cid=$cid
port=3307
runandwait \
--network "$netid" \
-e MARIADB_MASTER_HOST="$master_host" \
-e MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=1 \
-e MARIADB_REPLICATION_USER="$mariadb_replication_user" \
-e MARIADB_REPLICATION_PASSWORD="$pass" \
-e MARIADB_MYSQL_LOCALHOST_USER=1 \
-e MARIADB_MYSQL_LOCALHOST_GRANTS="${RPL_MONITOR}" \
--health-cmd='healthcheck.sh --su-mysql --replication_io --replication_sql --replication_seconds_behind_master=0 --replication' \
--health-interval=3s \
"$image" --server-id=3001 --port "${port}"
unset port
c="${DOCKER_LIBRARY_START_TIMEOUT:-10}"
until docker exec "$cid" healthcheck.sh --su-mysql --replication_io --replication_sql --replication_seconds_behind_master=0 --replication || [ "$c" -eq 0 ]
do
sleep 1
c=$(( c - 1 ))
done
docker exec --user mysql -i \
"$cname" \
$mariadb \
-e 'SHOW SLAVE STATUS\G' || die 'error examining replica status'
mariadbclient_unix -u root replcheck --batch --skip-column-names -e 'show create table t1;' || die 'sample table not replicated'
killoff
else
die "User $mariadb_replication_user did not get created for replication mode master"
fi
}
case ${2:-all} in
all|required_password)
@ -164,7 +271,8 @@ killoff
echo -e "Test: MYSQL_RANDOM_ROOT_PASSWORD, needs to satisfy minimium complexity of simple-password-check plugin and old-mode=''\n"
runandwait -e MYSQL_RANDOM_ROOT_PASSWORD=1 -e MARIADB_MYSQL_LOCALHOST_USER=1 -e MARIADB_MYSQL_LOCALHOST_GRANTS="RELOAD, PROCESS, LOCK TABLES" "${image}" --plugin-load-add=simple_password_check --old-mode=""
runandwait -e MYSQL_RANDOM_ROOT_PASSWORD=1 -e MARIADB_MYSQL_LOCALHOST_USER=1 -e MARIADB_MYSQL_LOCALHOST_GRANTS="RELOAD, PROCESS, LOCK TABLES" \
"${image}" --plugin-load-add=simple_password_check --old-mode=""
pass=$(docker logs "$cid" | grep 'GENERATED ROOT PASSWORD' 2>&1)
# trim up until passwod
pass=${pass#*GENERATED ROOT PASSWORD: }
@ -206,7 +314,7 @@ killoff
echo -e "Test: MYSQL_ROOT_HOST\n"
runandwait -e MYSQL_ALLOW_EMPTY_PASSWORD=1 -e MYSQL_ROOT_HOST=apple "${image}"
runandwait -e MYSQL_ALLOW_EMPTY_PASSWORD=1 -e MYSQL_ROOT_HOST=apple "${image}"
ru=$(mariadbclient_unix --skip-column-names -B -u root -e 'select user,host from mysql.user where host="apple"')
[ "${ru}" = '' ] && die 'root@apple not created'
killoff
@ -226,8 +334,12 @@ killoff
echo -e "Test: complex passwords\n"
runandwait -e MYSQL_USER=bob -e MYSQL_PASSWORD=$'\n \' \n' -e MYSQL_ROOT_PASSWORD=$'\n\'\\aa-\x09-zz"_%\n' "${image}"
runandwait -e MYSQL_USER=bob -e MYSQL_PASSWORD=$'\n \' \n' -e MYSQL_ROOT_PASSWORD=$'\n\'\\aa-\x09-zz"_%\n' \
-e MARIADB_REPLICATION_USER="foo" \
-e MARIADB_REPLICATION_PASSWORD=$'\n\'\\aa-\x09-zz"_%\n' \
"${image}"
mariadbclient_unix --skip-column-names -B -u root -p$'\n\'\\aa-\x09-zz"_%\n' -e 'select 1'
mariadbclient_unix --skip-column-names -B -u foo -p$'\n\'\\aa-\x09-zz"_%\n' -e 'select 1'
mariadbclient_unix --skip-column-names -B -u bob -p$'\n \' \n' -e 'select 1'
killoff
@ -279,7 +391,7 @@ runandwait \
-e MYSQL_DATABASE_FILE=/run/secrets/db \
-e MYSQL_USER_FILE=/run/secrets/u \
-e MARIADB_PASSWORD_HASH_FILE=/run/secrets/p \
"${image}"
"${image}"
host=$(mariadbclient_unix --skip-column-names -B -u root -pbob -e 'select host from mysql.user where user="root" and host="pluto"' titan)
[ "${host}" != 'pluto' ] && die 'root@pluto not created'
@ -605,6 +717,43 @@ fi
killoff
cid=$master_host
killoff
;&
validate_master_env)
echo -e "Test: Expect failure for master; MARIADB_REPLICATION_USER without MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH specified\n"
cname="mariadb-container-replica-fail-to-start-options-$RANDOM-$RANDOM"
docker run --rm --name "$cname" \
-e MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=1 \
-e MARIADB_REPLICATION_USER="repl" \
"$image" \
&& die "$cname should fail with incomplete options"
;&
validate_replica_env)
echo -e "Test: Expect failure for replica mode without MARIADB_REPLICATION_USER specified\n"
cname="mariadb-container-replica-fail-to-start-options-$RANDOM-$RANDOM"
docker run --rm --name "$cname" \
-e MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=1 \
-e MARIADB_MASTER_HOST="ok" \
"$image" \
&& die "$cname should fail with incomplete options"
;&
replication)
echo -e "Test: Replica container can be initialized with environment variables when MARIADB_REPLICATION_PASSWORD is set\n"
checkReplication 'MARIADB_REPLICATION_PASSWORD'
;&
replication_password_hash)
echo -e "Test: Replica container can be initialized with environment variables when MARIADB_REPLICATION_PASSWORD_HASH is set\n"
checkReplication 'MARIADB_REPLICATION_PASSWORD_HASH'
;&
password_hash)

61
10.10/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
10.11/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
10.3/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -220,6 +239,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -266,6 +292,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION SLAVE ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -364,6 +403,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START SLAVE;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -388,7 +445,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
10.4/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -220,6 +239,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -266,6 +292,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION SLAVE ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -364,6 +403,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START SLAVE;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -388,7 +445,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
10.5/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -220,6 +239,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -266,6 +292,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -364,6 +403,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -388,7 +445,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
10.6/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
10.8/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
10.9/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
11.0/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
11.1/docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

61
docker-entrypoint.sh
View File

@ -162,6 +162,25 @@ docker_verify_minimum_env() {
if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
fi
if [ -n "$MARIADB_REPLICATION_USER" ]; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# its a master, we're creating a user
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
fi
else
# its a replica
if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
fi
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
fi
fi
fi
if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
fi
}
# creates folders for the database
@ -221,6 +240,13 @@ docker_setup_env() {
# No MYSQL_ compatibility needed for new variables
file_env 'MARIADB_PASSWORD_HASH'
file_env 'MARIADB_ROOT_PASSWORD_HASH'
# env variables related to replication
file_env 'MARIADB_REPLICATION_USER'
file_env 'MARIADB_REPLICATION_PASSWORD'
file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
# env variables related to master
file_env 'MARIADB_MASTER_HOST'
file_env 'MARIADB_MASTER_PORT' 3306
# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
@ -267,6 +293,19 @@ docker_sql_escape_string_literal() {
echo "${escaped//\'/\\\'}"
}
# Creates replication user
create_replica_user() {
if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
else
# SQL escape the user password, \ followed by '
local userPasswordEscaped
userPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
fi
echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
# Load timezone info into database
@ -365,6 +404,24 @@ docker_setup_db() {
fi
fi
# To create replica user
local createReplicaUser=
local changeMasterTo=
local startReplica=
if [ -n "$MARIADB_REPLICATION_USER" ] ; then
if [ -z "$MARIADB_MASTER_HOST" ]; then
# on master
mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
createReplicaUser=$(create_replica_user)
else
# on replica
local rplPasswordEscaped
rplPasswordEscaped=$( docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}" )
changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
startReplica="START REPLICA;"
fi
fi
mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
@ -389,7 +446,11 @@ docker_setup_db() {
-- create users/databases
${createDatabase}
${createUser}
${createReplicaUser}
${userGrants}
${changeMasterTo}
${startReplica}
EOSQL
}

5
update.sh
View File

@ -60,7 +60,10 @@ update_version()
# Start using the new executable names
case "$version" in
10.3 | 10.4)
sed -i -e '/--old-mode/d' "$version/docker-entrypoint.sh"
sed -i -e '/--old-mode/d' \
-e 's/REPLICATION REPLICA/REPLICATION SLAVE/' \
-e 's/START REPLICA/START SLAVE/' \
"$version/docker-entrypoint.sh"
;; # almost nothing to see/do here
10.5)
sed -i -e '/--old-mode/d' "$version/docker-entrypoint.sh"