-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathentrypoint.sh
236 lines (210 loc) · 8.61 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#!/bin/bash
# Copyright (c) 2017, 2021, Oracle and/or its affiliates.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
set -e
echo "[Entrypoint] MySQL Docker Image ${MYSQL_VERSION}-alpine-GT"
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
_get_config() {
local conf="$1"; shift
"$@" --verbose --help 2>/dev/null | grep "^$conf" | awk '$1 == "'"$conf"'" { print $2; exit }'
}
# Generate a random password
_mkpw() {
letter=$(cat /dev/urandom| tr -dc a-zA-Z | dd bs=1 count=16 2> /dev/null )
number=$(cat /dev/urandom| tr -dc 0-9 | dd bs=1 count=8 2> /dev/null)
special=$(cat /dev/urandom| tr -dc '=+@#%^&*_.,;:?/' | dd bs=1 count=8 2> /dev/null)
echo $letter$number$special | fold -w 1 | shuf | tr -d '\n'
}
# If command starts with an option, prepend mysqld
# This allows users to add command-line options without
# needing to specify the "mysqld" command
if [ "${1:0:1}" = '-' ]; then
set -- mysqld $@
fi
# Check if entrypoint (and the container) is running as root
if [ $(id -u) = "0" ]; then
is_root=1
install_devnull="install /dev/null -m0600 -omysql -gmysql"
MYSQLD_USER=mysql
else
install_devnull="install /dev/null -m0600"
MYSQLD_USER=$(id -u)
fi
if [ "$1" = 'mysqld' ]; then
# Test that the server can start. We redirect stdout to /dev/null so
# only the error messages are left.
result=0
output=$("$@" --validate-config) || result=$?
if [ ! "$result" = "0" ]; then
echo >&2 '[Entrypoint] ERROR: Unable to start MySQL. Please check your configuration.'
echo >&2 "[Entrypoint] $output"
exit 1
fi
# Get config
DATADIR="$(_get_config 'datadir' "$@")"
SOCKET="$(_get_config 'socket' "$@")"
if [ ! -d "$DATADIR/mysql" ]; then
# If the password variable is a filename we use the contents of the file. We
# read this first to make sure that a proper error is generated for empty files.
if [ -f "$MYSQL_ROOT_PASSWORD" ]; then
MYSQL_ROOT_PASSWORD="$(cat $MYSQL_ROOT_PASSWORD)"
if [ -z "$MYSQL_ROOT_PASSWORD" ]; then
echo >&2 '[Entrypoint] Empty MYSQL_ROOT_PASSWORD file specified.'
exit 1
fi
fi
if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
echo >&2 '[Entrypoint] No password option specified for new database.'
echo >&2 '[Entrypoint] A random onetime password will be generated.'
MYSQL_RANDOM_ROOT_PASSWORD=true
MYSQL_ONETIME_PASSWORD=true
fi
if [ ! -d "$DATADIR" ]; then
mkdir -p "$DATADIR"
chown $MYSQLD_USER "$DATADIR"
fi
# The user can set a default_timezone either in a my.cnf file
# they mount into the container or on command line
# (`docker run mysql/mysql-server:8.0 --default-time-zone=Europe/Berlin`)
# however the timezone tables will only be populated in a later
# stage of this script. By using +00:00 as timezone we override
# the user's choice during initialization. Later the server
# will be restarted using the user's option.
echo '[Entrypoint] Initializing database'
"$@" --user=$MYSQLD_USER --initialize-insecure --default-time-zone=+00:00
echo '[Entrypoint] Database initialized'
"$@" --user=$MYSQLD_USER --daemonize --skip-networking --socket="$SOCKET" --default-time-zone=+00:00
# To avoid using password on commandline, put it in a temporary file.
# The file is only populated when and if the root password is set.
PASSFILE=$(mktemp -u /var/lib/mysql-files/XXXXXXXXXX)
mkdir -p /var/lib/mysql-files -m0700
chown $MYSQLD_USER /var/lib/mysql-files
$install_devnull "$PASSFILE"
# Define the client command used throughout the script
# "SET @@SESSION.SQL_LOG_BIN=0;" is required for products like group replication to work properly
mysql=( mysql --defaults-extra-file="$PASSFILE" --protocol=socket -uroot -hlocalhost --socket="$SOCKET" --init-command="SET @@SESSION.SQL_LOG_BIN=0;" $MYSQL_DATABASE )
for i in {30..0}; do
if mysqladmin --socket="$SOCKET" ping &>/dev/null; then
break
fi
echo '[Entrypoint] Waiting for server...'
sleep 1
done
if [ "$i" = 0 ]; then
echo >&2 '[Entrypoint] Timeout during MySQL init.'
exit 1
fi
mysql_tzinfo_to_sql /usr/share/zoneinfo | "${mysql[@]}" mysql
if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
MYSQL_ROOT_PASSWORD="$(_mkpw)"
echo "[Entrypoint] GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
fi
if [ -z "$MYSQL_ROOT_HOST" ]; then
ROOTCREATE="ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}';"
else
ROOTCREATE="ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}'; \
CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}'; \
GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; \
GRANT PROXY ON ''@'' TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;"
fi
"${mysql[@]}" <<-EOSQL
DELETE FROM mysql.user WHERE user NOT IN ('mysql.infoschema', 'mysql.session', 'mysql.sys', 'root') OR host NOT IN ('localhost');
CREATE USER 'healthchecker'@'localhost' IDENTIFIED BY 'healthcheckpass';
${ROOTCREATE}
FLUSH PRIVILEGES ;
EOSQL
if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
# Put the password into the temporary config file
cat >"$PASSFILE" <<EOF
[client]
password="${MYSQL_ROOT_PASSWORD}"
EOF
#mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
fi
if [ "$MYSQL_DATABASE" ]; then
echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
mysql+=( "$MYSQL_DATABASE" )
fi
if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
echo "CREATE USER '"$MYSQL_USER"'@'%' BY '"$MYSQL_PASSWORD"' ;" | "${mysql[@]}"
if [ "$MYSQL_DATABASE" ]; then
echo "GRANT ALL ON \`"$MYSQL_DATABASE"\`.* TO '"$MYSQL_USER"'@'%' ;" | "${mysql[@]}"
fi
elif [ "$MYSQL_USER" -a ! "$MYSQL_PASSWORD" -o ! "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
echo '[Entrypoint] Not creating mysql user. MYSQL_USER and MYSQL_PASSWORD must be specified to create a mysql user.'
fi
echo
for f in /docker-entrypoint-initdb.d/*; do
case "$f" in
*.sh) echo "[Entrypoint] running $f"; . "$f" ;;
*.sql) echo "[Entrypoint] running $f"; "${mysql[@]}" < "$f" && echo ;;
*.sql.gz) echo "[Entrypoint] running $f"; zcat "$f"|"${mysql[@]}" && echo ;;
*.sql.xz) echo "[Entrypoint] running $f"; xzcat "$f"|"${mysql[@]}" && echo ;;
*) echo "[Entrypoint] ignoring $f" ;;
esac
echo
done
# When using a local socket, mysqladmin shutdown will only complete when the server is actually down
mysqladmin --defaults-extra-file="$PASSFILE" shutdown -uroot --socket="$SOCKET"
rm -f "$PASSFILE"
unset PASSFILE
echo "[Entrypoint] Server shut down"
# This needs to be done outside the normal init, since mysqladmin shutdown will not work after
if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then
echo "[Entrypoint] Setting root user as expired. Password will need to be changed before database can be used."
SQL=$(mktemp -u /var/lib/mysql-files/XXXXXXXXXX)
$install_devnull "$SQL"
if [ ! -z "$MYSQL_ROOT_HOST" ]; then
cat << EOF > "$SQL"
ALTER USER 'root'@'${MYSQL_ROOT_HOST}' PASSWORD EXPIRE;
ALTER USER 'root'@'localhost' PASSWORD EXPIRE;
EOF
else
cat << EOF > "$SQL"
ALTER USER 'root'@'localhost' PASSWORD EXPIRE;
EOF
fi
set -- "$@" --init-file="$SQL"
unset SQL
fi
echo
echo '[Entrypoint] MySQL init process done. Ready for start up.'
echo
fi
# Used by healthcheck to make sure it doesn't mistakenly report container
# healthy during startup
# Put the password into the temporary config file
touch /var/lib/mysql-files/healthcheck.cnf
cat >"/var/lib/mysql-files/healthcheck.cnf" <<EOF
[client]
user=healthchecker
socket=${SOCKET}
password=healthcheckpass
EOF
touch /var/lib/mysql-files/mysql-init-complete
if [ -n "$MYSQL_INITIALIZE_ONLY" ]; then
echo "[Entrypoint] MYSQL_INITIALIZE_ONLY is set, exiting without starting MySQL..."
exit 0
else
echo "[Entrypoint] Starting MySQL ${MYSQL_VERSION}-server-alpine-GT"
fi
# 4th value of /proc/$pid/stat is the ppid, same as getppid()
export MYSQLD_PARENT_PID=$(cat /proc/$$/stat|cut -d\ -f4)
exec $@ --user=$MYSQLD_USER --console
else
exec $@
fi