-
Notifications
You must be signed in to change notification settings - Fork 436
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #83 from infosiftr/10.2
Add 10.2 and 10.3
- Loading branch information
Showing
5 changed files
with
596 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,8 @@ services: docker | |
|
||
env: | ||
- VERSION=5.5 | ||
- VERSION=10.3 | ||
- VERSION=10.2 | ||
- VERSION=10.1 | ||
- VERSION=10.0 | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
# vim:set ft=dockerfile: | ||
FROM debian:jessie | ||
|
||
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added | ||
RUN groupadd -r mysql && useradd -r -g mysql mysql | ||
|
||
# add gosu for easy step-down from root | ||
ENV GOSU_VERSION 1.7 | ||
RUN set -x \ | ||
&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ | ||
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ | ||
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ | ||
&& export GNUPGHOME="$(mktemp -d)" \ | ||
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ | ||
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ | ||
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ | ||
&& chmod +x /usr/local/bin/gosu \ | ||
&& gosu nobody true \ | ||
&& apt-get purge -y --auto-remove ca-certificates wget | ||
|
||
RUN mkdir /docker-entrypoint-initdb.d | ||
|
||
# install "pwgen" for randomizing passwords | ||
# install "apt-transport-https" for Percona's repo (switched to https-only) | ||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
apt-transport-https ca-certificates \ | ||
pwgen \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
ENV GPG_KEYS \ | ||
# Key fingerprint = 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB | ||
# MariaDB Package Signing Key <package-signing-key@mariadb.org> | ||
199369E5404BD5FC7D2FE43BCBCB082A1BB943DB \ | ||
# pub 1024D/CD2EFD2A 2009-12-15 | ||
# Key fingerprint = 430B DF5C 56E7 C94E 848E E60C 1C4C BDCD CD2E FD2A | ||
# uid Percona MySQL Development Team <mysql-dev@percona.com> | ||
# sub 2048g/2D607DAF 2009-12-15 | ||
430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A \ | ||
# pub 4096R/8507EFA5 2016-06-30 | ||
# Key fingerprint = 4D1B B29D 63D9 8E42 2B21 13B1 9334 A25F 8507 EFA5 | ||
# uid Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com> | ||
# sub 4096R/4CAC6D72 2016-06-30 | ||
4D1BB29D63D98E422B2113B19334A25F8507EFA5 | ||
RUN set -ex; \ | ||
export GNUPGHOME="$(mktemp -d)"; \ | ||
for key in $GPG_KEYS; do \ | ||
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ | ||
done; \ | ||
gpg --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mariadb.gpg; \ | ||
rm -r "$GNUPGHOME"; \ | ||
apt-key list | ||
|
||
RUN echo "deb https://repo.percona.com/apt jessie main" > /etc/apt/sources.list.d/percona.list \ | ||
&& { \ | ||
echo 'Package: *'; \ | ||
echo 'Pin: release o=Percona Development Team'; \ | ||
echo 'Pin-Priority: 998'; \ | ||
} > /etc/apt/preferences.d/percona | ||
|
||
ENV MARIADB_MAJOR 10.2 | ||
ENV MARIADB_VERSION 10.2.5+maria~jessie | ||
|
||
RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian jessie main" > /etc/apt/sources.list.d/mariadb.list \ | ||
&& { \ | ||
echo 'Package: *'; \ | ||
echo 'Pin: release o=MariaDB'; \ | ||
echo 'Pin-Priority: 999'; \ | ||
} > /etc/apt/preferences.d/mariadb | ||
# add repository pinning to make sure dependencies from this MariaDB repo are preferred over Debian dependencies | ||
# libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed | ||
|
||
# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql) | ||
# also, we set debconf keys to make APT a little quieter | ||
RUN { \ | ||
echo mariadb-server-$MARIADB_MAJOR mysql-server/root_password password 'unused'; \ | ||
echo mariadb-server-$MARIADB_MAJOR mysql-server/root_password_again password 'unused'; \ | ||
} | debconf-set-selections \ | ||
&& apt-get update \ | ||
&& apt-get install -y \ | ||
mariadb-server=$MARIADB_VERSION \ | ||
# percona-xtrabackup is installed at the same time so that `mysql-common` is only installed once from just mariadb repos | ||
percona-xtrabackup \ | ||
socat \ | ||
&& rm -rf /var/lib/apt/lists/* \ | ||
# comment out any "user" entires in the MySQL config ("docker-entrypoint.sh" or "--user" will handle user switching) | ||
&& sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf /etc/mysql/conf.d/* \ | ||
# purge and re-create /var/lib/mysql with appropriate ownership | ||
&& rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \ | ||
&& chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \ | ||
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime | ||
&& chmod 777 /var/run/mysqld | ||
|
||
# comment out a few problematic configuration values | ||
# don't reverse lookup hostnames, they are usually another container | ||
RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf \ | ||
&& echo 'skip-host-cache\nskip-name-resolve' | awk '{ print } $1 == "[mysqld]" && c == 0 { c = 1; system("cat") }' /etc/mysql/my.cnf > /tmp/my.cnf \ | ||
&& mv /tmp/my.cnf /etc/mysql/my.cnf | ||
|
||
VOLUME /var/lib/mysql | ||
|
||
COPY docker-entrypoint.sh /usr/local/bin/ | ||
RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat | ||
ENTRYPOINT ["docker-entrypoint.sh"] | ||
|
||
EXPOSE 3306 | ||
CMD ["mysqld"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,191 @@ | ||
#!/bin/bash | ||
set -eo pipefail | ||
shopt -s nullglob | ||
|
||
# if command starts with an option, prepend mysqld | ||
if [ "${1:0:1}" = '-' ]; then | ||
set -- mysqld "$@" | ||
fi | ||
|
||
# skip setup if they want an option that stops mysqld | ||
wantHelp= | ||
for arg; do | ||
case "$arg" in | ||
-'?'|--help|--print-defaults|-V|--version) | ||
wantHelp=1 | ||
break | ||
;; | ||
esac | ||
done | ||
|
||
# usage: file_env VAR [DEFAULT] | ||
# ie: file_env 'XYZ_DB_PASSWORD' 'example' | ||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of | ||
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) | ||
file_env() { | ||
local var="$1" | ||
local fileVar="${var}_FILE" | ||
local def="${2:-}" | ||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then | ||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)" | ||
exit 1 | ||
fi | ||
local val="$def" | ||
if [ "${!var:-}" ]; then | ||
val="${!var}" | ||
elif [ "${!fileVar:-}" ]; then | ||
val="$(< "${!fileVar}")" | ||
fi | ||
export "$var"="$val" | ||
unset "$fileVar" | ||
} | ||
|
||
_check_config() { | ||
toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) | ||
if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then | ||
cat >&2 <<-EOM | ||
ERROR: mysqld failed while attempting to check config | ||
command was: "${toRun[*]}" | ||
$errors | ||
EOM | ||
exit 1 | ||
fi | ||
} | ||
|
||
# Fetch value from server config | ||
# We use mysqld --verbose --help instead of my_print_defaults because the | ||
# latter only show values present in config files, and not server defaults | ||
_get_config() { | ||
local conf="$1"; shift | ||
"$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }' | ||
} | ||
|
||
# allow the container to be started with `--user` | ||
if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then | ||
_check_config "$@" | ||
DATADIR="$(_get_config 'datadir' "$@")" | ||
mkdir -p "$DATADIR" | ||
chown -R mysql:mysql "$DATADIR" | ||
exec gosu mysql "$BASH_SOURCE" "$@" | ||
fi | ||
|
||
if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then | ||
# still need to check config, container may have started with --user | ||
_check_config "$@" | ||
# Get config | ||
DATADIR="$(_get_config 'datadir' "$@")" | ||
|
||
if [ ! -d "$DATADIR/mysql" ]; then | ||
file_env 'MYSQL_ROOT_PASSWORD' | ||
if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then | ||
echo >&2 'error: database is uninitialized and password option is not specified ' | ||
echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' | ||
exit 1 | ||
fi | ||
|
||
mkdir -p "$DATADIR" | ||
|
||
echo 'Initializing database' | ||
mysql_install_db --datadir="$DATADIR" --rpm | ||
echo 'Database initialized' | ||
|
||
SOCKET="$(_get_config 'socket' "$@")" | ||
"$@" --skip-networking --socket="${SOCKET}" & | ||
pid="$!" | ||
|
||
mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) | ||
|
||
for i in {30..0}; do | ||
if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then | ||
break | ||
fi | ||
echo 'MySQL init process in progress...' | ||
sleep 1 | ||
done | ||
if [ "$i" = 0 ]; then | ||
echo >&2 'MySQL init process failed.' | ||
exit 1 | ||
fi | ||
|
||
if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then | ||
# sed is for https://bugs.mysql.com/bug.php?id=20545 | ||
mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql | ||
fi | ||
|
||
if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then | ||
export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" | ||
echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" | ||
fi | ||
|
||
rootCreate= | ||
# default root to listen for connections from anywhere | ||
file_env 'MYSQL_ROOT_HOST' '%' | ||
if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then | ||
# no, we don't care if read finds a terminating character in this heredoc | ||
# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 | ||
read -r -d '' rootCreate <<-EOSQL || true | ||
CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; | ||
GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; | ||
EOSQL | ||
fi | ||
|
||
"${mysql[@]}" <<-EOSQL | ||
-- What's done in this file shouldn't be replicated | ||
-- or products like mysql-fabric won't work | ||
SET @@SESSION.SQL_LOG_BIN=0; | ||
DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; | ||
SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; | ||
GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; | ||
${rootCreate} | ||
DROP DATABASE IF EXISTS test ; | ||
FLUSH PRIVILEGES ; | ||
EOSQL | ||
|
||
if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then | ||
mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) | ||
fi | ||
|
||
file_env 'MYSQL_DATABASE' | ||
if [ "$MYSQL_DATABASE" ]; then | ||
echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" | ||
mysql+=( "$MYSQL_DATABASE" ) | ||
fi | ||
|
||
file_env 'MYSQL_USER' | ||
file_env 'MYSQL_PASSWORD' | ||
if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then | ||
echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" | ||
|
||
if [ "$MYSQL_DATABASE" ]; then | ||
echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" | ||
fi | ||
|
||
echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" | ||
fi | ||
|
||
echo | ||
for f in /docker-entrypoint-initdb.d/*; do | ||
case "$f" in | ||
*.sh) echo "$0: running $f"; . "$f" ;; | ||
*.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; | ||
*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; | ||
*) echo "$0: ignoring $f" ;; | ||
esac | ||
echo | ||
done | ||
|
||
if ! kill -s TERM "$pid" || ! wait "$pid"; then | ||
echo >&2 'MySQL init process failed.' | ||
exit 1 | ||
fi | ||
|
||
echo | ||
echo 'MySQL init process done. Ready for start up.' | ||
echo | ||
fi | ||
fi | ||
|
||
exec "$@" |
Oops, something went wrong.