Closed Daviid-P closed 1 month ago
Yes, using /container_data/openfire/mysql:/var/lib/mysql
as volume works.
"Warning: World-writable config file '/var/lib/mysql/.my-healthcheck.cnf' is ignored"
The credentials of the healthcheck are in this file. Removing the check requires a change to the mariadb client implementation.
best I think of so far is moving .my-healthcheck.cnf to a different volume and mounting that volume as read only. Replace /var/lib/mysql/.my-healthcheck.cnf with a symlink to the final volume location.
Hope I can think of something better later, this isn't particularly great.
"Warning: World-writable config file '/var/lib/mysql/.my-healthcheck.cnf' is ignored"
The credentials of the healthcheck are in this file. Removing the check requires a change to the mariadb client implementation.
best I think of so far is moving .my-healthcheck.cnf to a different volume and mounting that volume as read only. Replace /var/lib/mysql/.my-healthcheck.cnf with a symlink to the final volume location.
Hope I can think of something better later, this isn't particularly great.
I though of putting the file as readonly but then in the edgecase I ever need the process to re-run I'm stuck with the old password in .my-healthcheck.cnf
, no?
Technically I don't need the mysql
folder to be accessible from windows /mnt/h/containers/openfire/mysql
so for now I've chosen to create /container_data/openfire/mysql
inside WSL
I think I remember someone using Windows readonly file permissions to avoid this ignoring of config files. Thanks for the reminder. I don't think you'll get that stuck. Not sure if you've seen, on "re-run" - MARIADB_AUTO_UPGRADE=1 will reset password/recreate healthcheck user if .my-healthcheck.cnf
is missing.
Do named volumes with WSL get created inside WSL and hence have unix like permissions too? I'm thinking what to write on a FAQ page.
Also technically --su-mysql
no longer needed and its an additional fork during the healthcheck.
I'm getting this problem when running on an ntfs formatted externally mounted drive attached to a Raspberry Pi. Any advice for a proper fix for this rather than a hacky workaround?
Attempted solutions:
mysql
instead of root
energy-monitor-db | 2024-06-19 13:54:35 3 [Warning] Access denied for user 'mysql'@'::1' (using password: NO)
energy-monitor-db | 2024-06-19 13:54:35 4 [Warning] Access denied for user 'mysql'@'localhost' (using password: NO)
energy-monitor-db | 2024-06-19 13:40:29+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:11.4.2+maria~ubu2404 started.
energy-monitor-db | chown: changing ownership of '/var/lib/mysql/.my-healthcheck.cnf': Read-only file system
energy-monitor-db exited with code 1
EDIT: for now I've resorted to a custom healthcheck that avoids the perms problems
mariadb:
container_name: mariadb
image: mariadb:11.4.2
environment:
MARIADB_RANDOM_ROOT_PASSWORD: ${MARIADB_RANDOM_ROOT_PASSWORD}
MARIADB_USER: ${MARIADB_USER}
MARIADB_PASSWORD: ${MARIADB_PASSWORD}
MARIADB_DATABASE: ${MARIADB_DATABASE}
ports:
- "3306:3306"
volumes:
- /mnt/path/to/mariadb/data:/var/lib/mysql/
- /mnt/path/to/init.sql:/docker-entrypoint-initdb.d/init.sql
healthcheck:
test: "mariadb --user=$${MARIADB_USER} --password=$${MARIADB_PASSWORD} --execute \"SHOW DATABASES;\""
start_interval: 2m
start_period: 10s
interval: 10s
timeout: 5s
retries: 3
restart: unless-stopped
Added solution for 2. in #595 - feedback welcome.
on 1. - this would require MARIADB_MYSQL_LOCALHOST_USER=1
to be set of startup to create the user. Or explicitly CREATE USER mysql@localhost IDENTIFIED VIA unix_socket
Oh for Windows WSL users - watch out for https://github.com/microsoft/WSL/issues/8443 - occurs on a table rebuild.
Added solution for 2. in #595 - feedback welcome.
on 1. - this would require
MARIADB_MYSQL_LOCALHOST_USER=1
to be set of startup to create the user. Or explicitlyCREATE USER mysql@localhost IDENTIFIED VIA unix_socket
I should have been explicit. That variable was set when I attempted it as a solution.
So I have a test like (with custom config since require_secure_transport=ON
)
test: [ "CMD", "healthcheck.sh", "--defaults-file=/etc/mysql/conf.d/my.cnf", "--connect", "--innodb_initialized" ]
And it's spamming a lot of warnings like
2024-06-24 11:44:15 120 [Warning] Aborted connection 120 to db: 'unconnected' user: 'unauthenticated' host: '::1' (This connection closed normally without authentication)
And looks like it's spamming this specifically if there is a --connect
argument, even though validation succeeds. I tested this specifically spamming the respective command manually on the container.
I understand that this is "kind of" normal, since --connect
is expected to just try to establish TCP connection, not authenticate, but can we somehow suppress the warnings for the check? The settings in manual do suggest using 10s interval, but then it means spamming the false-positive warning every 10 seconds, even when connection is technically established.
Or am I doing something wrong?
@Simbiat - I broke it with #594 (accidentality). Removing 'protcol=tcp' from "$DATADIR"/.my-healthcheck.cnf might be the best workaround and remove --connect
until I fix it.
Will it be fixed as part of this issue (573) or as part of something else? Want to know, so that I can monitor it properly.
Nope, different issue. #596. Don't be afraid to create new issues.
I am not afraid, just know as a tech support for 15 years, that sometimes it's better to ask first if there is already a record :D Thanks
This is my compose file:
I want to start openfire after mariadb is up and running so I wanted to use the healthcheck script:
Here are the full logs:
docker logs openfire-mysql-1
docker exec -it openfire-mysql-1 bash
Is this due to being in WSL and using
/mnt/h/containers/openfire/mysql
as volume?