search

sclorg / mysql-container

MySQL container images based on Red Hat Software Collections and intended for OpenShift and general usage. Users can choose between Red Hat Enterprise Linux, Fedora, and CentOS based images.
http://softwarecollections.org
Apache License 2.0
128 stars 201 forks source link

Fail to deploy on OKD4 - ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) #332

Closed hunter86bg closed 1 year ago

hunter86bg commented 1 year ago

It seems that deployment fails on OKD4, while working on OCP.

Cluster Version: 4.11.0-0.okd-2022-11-19-050030 How to deploy:

oc new-project mysql
oc new-app --template=mysql-persistent -p MYSQL_USER=user1 -p MYSQL_PASSWORD=mypa55 -p MYSQL_DATABASE=testdb -p MYSQL_ROOT_PASSWORD=r00tpa55 -p VOLUME_CAPACITY=10Gi

Definition created by the template:

$ oc get  pod/mysql-1-lzvk2 -o yaml

apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "openshift-sdn",
          "interface": "eth0",
          "ips": [
              "10.128.3.138"
          ],
          "default": true,
          "dns": {}
      }]
    k8s.v1.cni.cncf.io/networks-status: |-
      [{
          "name": "openshift-sdn",
          "interface": "eth0",
          "ips": [
              "10.128.3.138"
          ],
          "default": true,
          "dns": {}
      }]
    openshift.io/deployment-config.latest-version: "1"
    openshift.io/deployment-config.name: mysql
    openshift.io/deployment.name: mysql-1
    openshift.io/generated-by: OpenShiftNewApp
    openshift.io/scc: restricted-v2
    seccomp.security.alpha.kubernetes.io/pod: runtime/default
  creationTimestamp: "2022-11-29T09:15:06Z"
  generateName: mysql-1-
  labels:
    deployment: mysql-1
    deploymentconfig: mysql
    name: mysql
  name: mysql-1-lzvk2
  namespace: mysql
  ownerReferences:
  - apiVersion: v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicationController
    name: mysql-1
    uid: 48cf62c4-6166-40b0-ad6a-a859a861bacb
  resourceVersion: "114662765"
  uid: db7f03c7-9615-4e5a-9e42-07d213cefb4c
spec:
  containers:
  - env:
    - name: MYSQL_USER
      valueFrom:
        secretKeyRef:
          key: database-user
          name: mysql
    - name: MYSQL_PASSWORD
      valueFrom:
        secretKeyRef:
          key: database-password
          name: mysql
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          key: database-root-password
          name: mysql
    - name: MYSQL_DATABASE
      valueFrom:
        secretKeyRef:
          key: database-name
          name: mysql
    image: image-registry.openshift-image-registry.svc:5000/openshift/mysql@sha256:0c1b7d1621fac94dc35e3639e4c5207ad291c7029830d8c8eeb131c4bba4755d
    imagePullPolicy: IfNotPresent
    livenessProbe:
      exec:
        command:
        - /bin/sh
        - -i
        - -c
        - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
      failureThreshold: 3
      initialDelaySeconds: 30
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: mysql
    ports:
    - containerPort: 3306
      protocol: TCP
    readinessProbe:
      exec:
        command:
        - /bin/sh
        - -i
        - -c
        - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
      failureThreshold: 3
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    resources:
      limits:
        memory: 512Mi
      requests:
        memory: 512Mi
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      runAsNonRoot: true
      runAsUser: 1000770000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/lib/mysql/data
      name: mysql-data
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-v728x
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  imagePullSecrets:
  - name: default-dockercfg-gd76f
  nodeName: okd4-compute-1
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1000770000
    seLinuxOptions:
      level: s0:c28,c7
    seccompProfile:
      type: RuntimeDefault
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  - effect: NoSchedule
    key: node.kubernetes.io/memory-pressure
    operator: Exists
  volumes:
  - name: mysql-data
    persistentVolumeClaim:
      claimName: mysql
  - name: kube-api-access-v728x
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
      - configMap:
          items:
          - key: service-ca.crt
            path: service-ca.crt
          name: openshift-service-ca.crt
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2022-11-29T09:15:06Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2022-11-29T09:15:06Z"
    message: 'containers with unready status: [mysql]'
    reason: ContainersNotReady
    status: "False"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2022-11-29T09:15:06Z"
    message: 'containers with unready status: [mysql]'
    reason: ContainersNotReady
    status: "False"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2022-11-29T09:15:06Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: cri-o://23eb6d8f99399bca86cefe265f19032dba4bee0a221a1a9c6f431b238944e1a1
    image: image-registry.openshift-image-registry.svc:5000/openshift/mysql@sha256:0c1b7d1621fac94dc35e3639e4c5207ad291c7029830d8c8eeb131c4bba4755d
    imageID: image-registry.openshift-image-registry.svc:5000/openshift/mysql@sha256:0c1b7d1621fac94dc35e3639e4c5207ad291c7029830d8c8eeb131c4bba4755d
    lastState:
      terminated:
        containerID: cri-o://f4d3feb3fdd203e8d6f9f90b8a5f90bda2b58cf09e5cd9af69abd506abdc7b8c
        exitCode: 1
        finishedAt: "2022-11-29T09:19:08Z"
        reason: Error
        startedAt: "2022-11-29T09:18:59Z"
    name: mysql
    ready: false
    restartCount: 6
    started: false
    state:
      terminated:
        containerID: cri-o://23eb6d8f99399bca86cefe265f19032dba4bee0a221a1a9c6f431b238944e1a1
        exitCode: 1
        finishedAt: "2022-11-29T09:20:57Z"
        reason: Error
        startedAt: "2022-11-29T09:20:39Z"
  hostIP: 192.168.1.204
  phase: Running
  podIP: 10.128.3.138
  podIPs:
  - ip: 10.128.3.138
  qosClass: Burstable
  startTime: "2022-11-29T09:15:06Z"

Logs:

$ oc logs pod/mysql-1-lzvk2 

=> sourcing 20-validate-variables.sh ...
=> sourcing 25-validate-replication-variables.sh ...
=> sourcing 30-base-config.sh ...
---> 09:18:03     Processing basic MySQL configuration files ...
=> sourcing 60-replication-config.sh ...
=> sourcing 70-s2i-config.sh ...
---> 09:18:03     Processing additional arbitrary  MySQL configuration provided by s2i ...
=> sourcing 20-default-authentication-plugin.cnf ...
=> sourcing 40-paas.cnf ...
=> sourcing 50-my-tuning.cnf ...
---> 09:18:03     Starting MySQL server with disabled networking ...
---> 09:18:03     Waiting for MySQL to start ...
---> 09:18:04     Waiting for MySQL to start ...
---> 09:18:05     Waiting for MySQL to start ...
---> 09:18:06     Waiting for MySQL to start ...
---> 09:18:07     Waiting for MySQL to start ...
---> 09:18:08     Waiting for MySQL to start ...
2022-11-29T09:18:03.586863Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2022-11-29T09:18:03.615168Z 0 [System] [MY-010116] [Server] /usr/libexec/mysqld (mysqld 8.0.17) starting as process 26
2022-11-29T09:18:08.250068Z 0 [System] [MY-010229] [Server] Starting crash recovery...
2022-11-29T09:18:08.344497Z 0 [System] [MY-010232] [Server] Crash recovery finished.
2022-11-29T09:18:08.907189Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2022-11-29T09:18:09.008059Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/lib/mysql/data' in the path is accessible to all OS users. Consider choosing a different directory.
2022-11-29T09:18:09.376269Z 0 [System] [MY-010931] [Server] /usr/libexec/mysqld: ready for connections. Version: '8.0.17'  socket: '/tmp/mysql.sock'  port: 0  Source distribution.
---> 09:18:09     MySQL started successfully
2022-11-29T09:18:09.453314Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/lib/mysql/mysqlx.sock'
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
=> sourcing 40-datadir-action.sh ...
---> 09:18:09     Running datadir action: upgrade-warn
---> 09:18:09     MySQL server version check passed, both server and data directory are version 8.0.
=> sourcing 50-passwd-change.sh ...
---> 09:18:09     Setting passwords ...
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
---> 09:18:09     WARNING: User user1 does not exist in database. Password not changed.
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
hunter86bg commented 1 year ago

Closing as not a bug. It seems the deployment is a little bit slow and the pod is being reset during the initial setup (InitialDelaySeconds was reached) which leads to this behavior.