search

lando / lamp

The Official LAMP Lando Plugin
https://docs.lando.dev/lamp/
GNU General Public License v3.0
2 stars 8 forks source link

healthcheck Access denied to database(s) #51

Open zdenekgebauer opened 4 months ago

zdenekgebauer commented 4 months ago

I have a .lando.yml file configured as follows:

name: testlando
recipe: lamp
config:
    webroot: www
    database: mariadb:10.3
proxy:
    appserver:
        - www.testlando.local
    phpmyadmin:
        - phpmyadmin.local
services:
    appserver:
        type: php:8.2
        scanner: false
    database:
        scanner: false
        creds:
            user: testlando
            password:
            database: testlando            
    phpmyadmin:
        type: phpmyadmin
        scanner: false
        hosts:
            - database

Command lando start writes error:

[+] Healthchecking 1/1
 × ERROR 1045 (28000): Access denied for user 'testlando'@'172.23.0.3' (using password: YES)
ERROR ==> ERROR 1045 (28000): Access denied for user 'testlando'@'172.23.0.3' (using password: YES)

However, despite the error, phpMyAdmin can access the database, and the user testlando exists. Error occurs even with a MySQL database.

Shouldn't the healthchecking be skipped with the option scanner:false?

Tested on v3.21.0-beta.7, Windows 10, Docker Desktop version 4.27.2

reynoldsalec commented 4 months ago

@zdenekgebauer could you try doing a lando destroy and then a lando start and see if that works?

The DB creds are set in the app's config when it's first started; if they change after that, it could cause the healthcheck to fail since it may be trying to use the new creds provided in .lando.yml, while the DB is actually using the "old" credentials.

See https://docs.lando.dev/help/switching-dbs.html for more reference.

zdenekgebauer commented 4 months ago

Error occurs on each start, I did not change DB creds. I tried to do lando destroy, it did not help. Even deleting the volumes in Docker Destop did not help.

reynoldsalec commented 4 months ago

So regarding your question; scanner: false doesn't stop the healthchecks. The scanner refers to the proxy scanner, which ascertains the health of the URLs Lando is serving content on: https://docs.lando.dev/core/v3/scanner.html

The healthchecks, in the case of the DB, actually tries to log into the database service from within the container to make sure the service is working: https://docs.lando.dev/core/v3/healthcheck.html

I believe the healthcheck test fails because of the empty password value; when I use a password the healthcheck passes for me. If you want to disable the healthcheck for your service, you can set healthcheck: echo true:

    database:
        healthcheck: echo true
        creds:
            user: testlando
            password:
            database: testlando

Probably the actionable thing on this ticket is to make sure our default healthcheck command can use a blank password.

zdenekgebauer commented 4 months ago

The problem is really caused by the "password:" setting. If I delete this line, healthcheck passes.

The healthcheck: echo true workaround also works. But I think a more appropriate setting would be e.g. "healthcheck: false", which skips the healthcheck completely, rather than simulating success. Maybe that would speed up the start.