Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-02-13 07:47:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/mariadb-galera] Release 10.6.18-debian-12-r4 (#68570)

Browse Source 
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot
2024-07-02 17:58:47 +02:00
committed by GitHub
parent db97e60d7a
commit c54ef64772
4 changed files with 643 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/mariadb-galera/10.6/debian-12/Dockerfile
View File

@@ -7,11 +7,11 @@ ARG TARGETARCH
LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-07-01T13:48:19Z" \
org.opencontainers.image.created="2024-07-02T15:28:29Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="10.6.18-debian-12-r3" \
org.opencontainers.image.ref.name="10.6.18-debian-12-r4" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \
org.opencontainers.image.title="mariadb-galera" \
org.opencontainers.image.vendor="Broadcom, Inc." \
@@ -29,7 +29,7 @@ RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1
RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
COMPONENTS=( \
"ini-file-1.4.6-14-linux-${OS_ARCH}-debian-12" \
"mariadb-galera-10.6.18-1-linux-${OS_ARCH}-debian-12" \
"mariadb-galera-10.6.18-2-linux-${OS_ARCH}-debian-12" \
) ; \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \

2
bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
View File

@@ -9,6 +9,6 @@
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "10.6.18-1"
"version": "10.6.18-2"
}
}

662
bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh
View File

@@ -1,3 +1,628 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami MySQL library
# shellcheck disable=SC1090,SC1091,SC2119,SC2120
# Load Generic Libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libversion.sh
########################
# Configure database extra start flags
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# Array with extra flags to use
#########################
mysql_extra_flags() {
local randNumber
local -a dbExtraFlags=()
# shellcheck disable=SC2153
read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS"
if [[ -n "$DB_REPLICATION_MODE" ]]; then
randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')"
dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1")
if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then
dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1")
elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then
dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1")
fi
fi
[[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}")
echo "${dbExtraFlags[@]:-}"
}
########################
# Validate settings in MYSQL_*/MARIADB_* environment variables
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mysql_validate() {
info "Validating settings in MYSQL_*/MARIADB_* env vars"
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
empty_password_enabled_warn() {
warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment."
}
empty_password_error() {
print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development."
}
backslash_password_error() {
print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)"
}
if [[ -n "$DB_REPLICATION_MODE" ]]; then
if [[ "$DB_REPLICATION_MODE" = "master" ]]; then
if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then
empty_password_enabled_warn
else
if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then
empty_password_error "$(get_env_var REPLICATION_PASSWORD)"
fi
if [[ -z "$DB_ROOT_PASSWORD" ]]; then
empty_password_error "$(get_env_var ROOT_PASSWORD)"
fi
if (( ${#DB_ROOT_PASSWORD} > 32 )); then
print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)"
fi
if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then
empty_password_error "$(get_env_var PASSWORD)"
fi
fi
elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then
if [[ -z "$DB_MASTER_HOST" ]]; then
print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running"
fi
else
print_validation_error "Invalid replication mode. Available options are 'master/slave'"
fi
else
if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then
empty_password_enabled_warn
else
if [[ -z "$DB_ROOT_PASSWORD" ]]; then
empty_password_error "$(get_env_var ROOT_PASSWORD)"
fi
if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then
empty_password_error "$(get_env_var PASSWORD)"
fi
fi
fi
if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then
backslash_password_error "$(get_env_var ROOT_PASSWORD)"
fi
if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then
print_validation_error "root user is already created in the database and you can't use it as username for user creation."
fi
if [[ "${DB_PASSWORD:-}" = *\\* ]]; then
backslash_password_error "$(get_env_var PASSWORD)"
fi
if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then
backslash_password_error "$(get_env_var REPLICATION_PASSWORD)"
fi
collation_env_var="$(get_env_var COLLATION)"
is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead."
[[ "$error_code" -eq 0 ]] || exit "$error_code"
}
########################
# Creates MySQL/MariaDB configuration file
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mysql_create_default_config() {
debug "Creating main configuration file"
cat > "$DB_CONF_FILE" <<EOF
[mysqladmin]
user=${DB_USER}
[mysqld]
skip_name_resolve
explicit_defaults_for_timestamp
basedir=${DB_BASE_DIR}
port=${DB_DEFAULT_PORT_NUMBER}
tmpdir=${DB_TMP_DIR}
socket=${DB_SOCKET_FILE}
pid_file=${DB_PID_FILE}
max_allowed_packet=16M
bind_address=${DB_DEFAULT_BIND_ADDRESS}
log_error=${DB_LOGS_DIR}/mysqld.log
slow_query_log=${DB_ENABLE_SLOW_QUERY}
long_query_time=${DB_LONG_QUERY_TIME}
character_set_server=${DB_DEFAULT_CHARACTER_SET}
plugin_dir=${DB_BASE_DIR}/lib/plugin
datadir=${DB_DATA_DIR}
[client]
port=${DB_DEFAULT_PORT_NUMBER}
socket=${DB_SOCKET_FILE}
default_character_set=${DB_DEFAULT_CHARACTER_SET}
plugin_dir=${DB_BASE_DIR}/lib/plugin
[manager]
port=${DB_DEFAULT_PORT_NUMBER}
socket=${DB_SOCKET_FILE}
pid_file=${DB_PID_FILE}
EOF
}
########################
# Make a dump on master database and update slave database
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mysql_exec_initial_dump() {
info "MySQL dump master data start..."
info "LOCK MASTER DATABASES FOR WRITE OPERATIONS..."
mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'FLUSH TABLES WITH READ LOCK;'
info "SHOW MASTER STATUS..."
read -r MYSQL_FILE MYSQL_POSITION <<< "$(mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'SHOW MASTER STATUS;' | awk 'NR==1 {print $1, $2}')"
info "File: $MYSQL_FILE and Position: $MYSQL_POSITION"
info "Start dump process databases"
FILE_LOCATION="$DB_DATA_DIR/dump_all_databases.sql"
mysqldump --verbose --all-databases -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" > "$FILE_LOCATION"
info "Finish dump databases"
info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..."
mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;'
info "Start import dump databases"
mysql_execute < "$FILE_LOCATION"
info "Finish import dump databases"
mysql_execute "mysql" <<EOF
CHANGE MASTER TO MASTER_HOST='$DB_MASTER_HOST',
MASTER_PORT=$DB_MASTER_PORT_NUMBER,
MASTER_USER='$DB_REPLICATION_USER',
MASTER_PASSWORD='$DB_REPLICATION_PASSWORD',
MASTER_DELAY=$DB_MASTER_DELAY,
MASTER_LOG_FILE='$MYSQL_FILE',
MASTER_LOG_POS=$MYSQL_POSITION,
MASTER_CONNECT_RETRY=10;
EOF
info "Remove dump file"
rm -f "$FILE_LOCATION"
info "Finish dump process databases"
info "MySQL dump master data finish..."
}
########################
# Migrate old custom configuration files
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mysql_configure_replication() {
if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then
info "Configuring replication in slave node"
debug "Checking if replication master is ready to accept connection"
while ! echo "select 1" | mysql_remote_execute "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD"; do
sleep 1
done
if [[ "$DB_REPLICATION_SLAVE_DUMP" = "true" ]]; then
mysql_exec_initial_dump
else
debug "Replication master ready!"
debug "Setting the master configuration"
mysql_execute "mysql" <<EOF
CHANGE MASTER TO MASTER_HOST='$DB_MASTER_HOST',
MASTER_PORT=$DB_MASTER_PORT_NUMBER,
MASTER_USER='$DB_REPLICATION_USER',
MASTER_PASSWORD='$DB_REPLICATION_PASSWORD',
MASTER_DELAY=$DB_MASTER_DELAY,
MASTER_CONNECT_RETRY=10;
EOF
fi
elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then
info "Configuring replication in master node"
if [[ -n "$DB_REPLICATION_USER" ]]; then
mysql_ensure_replication_user_exists "$DB_REPLICATION_USER" "$DB_REPLICATION_PASSWORD"
fi
fi
}
########################
# Ensure the replication user exists for host '%' and has full access
# Globals:
# DB_*
# Arguments:
# $1 - replication user
# $2 - replication password
# Returns:
# None
#########################
mysql_ensure_replication_user_exists() {
local -r user="${1:?user is required}"
local -r password="${2:-}"
debug "Configure replication user credentials"
if [[ "$DB_FLAVOR" = "mariadb" ]]; then
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
create or replace user '$user'@'%' $([ "$password" != "" ] && echo "identified by \"$password\"");
EOF
else
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
create user '$user'@'%' $([ "$password" != "" ] && echo "identified with 'mysql_native_password' by \"$password\"");
EOF
fi
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
grant REPLICATION SLAVE on *.* to '$user'@'%' with grant option;
flush privileges;
EOF
}
########################
# Ensure MySQL/MariaDB is initialized
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mysql_initialize() {
info "Initializing $DB_FLAVOR database"
# This fixes an issue where the trap would kill the entrypoint.sh, if a PID was left over from a previous run
# Exec replaces the process without creating a new one, and when the container is restarted it may have the same PID
rm -f "$DB_PID_FILE"
debug "Ensuring expected directories/files exist"
for dir in "$DB_DATA_DIR" "$DB_TMP_DIR" "$DB_LOGS_DIR"; do
ensure_dir_exists "$dir"
am_i_root && chown "$DB_DAEMON_USER":"$DB_DAEMON_GROUP" "$dir"
done
if is_file_writable "$DB_CONF_FILE"; then
info "Updating 'my.cnf' with custom configuration"
mysql_update_custom_config
else
warn "The ${DB_FLAVOR} configuration file '${DB_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied for this file."
fi
if [[ -f "${DB_CONF_DIR}/my_custom.cnf" ]]; then
if is_file_writable "${DB_CONF_DIR}/bitnami/my_custom.cnf"; then
info "Injecting custom configuration 'my_custom.cnf'"
cat "${DB_CONF_DIR}/my_custom.cnf" > "${DB_CONF_DIR}/bitnami/my_custom.cnf"
if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then
echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}"
fi
else
warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable."
fi
fi
if [[ -e "$DB_DATA_DIR/mysql" ]]; then
info "Using persisted data"
# mysql_upgrade requires the server to be running
[[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes"
# https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html
mariadb_upgrade
else
debug "Cleaning data directory to ensure successfully initialization"
rm -rf "${DB_DATA_DIR:?}"/*
info "Installing database"
mariadb_install_db
mysql_start_bg
wait_for_mysql_access
# we delete existing users and create new ones with stricter access
# commands can still be executed until we restart or run 'flush privileges'
info "Configuring authentication"
mysql_execute "mysql" <<EOF
DELETE FROM mysql.user WHERE user not in ('mysql.sys','mysql.infoschema','mysql.session','mariadb.sys');
EOF
# slaves do not need to configure users
if [[ -z "$DB_REPLICATION_MODE" ]] || [[ "$DB_REPLICATION_MODE" = "master" ]]; then
if [[ "$DB_REPLICATION_MODE" = "master" ]]; then
debug "Starting replication"
echo "RESET MASTER;" | debug_execute "$DB_BIN_DIR/mysql" --defaults-file="$DB_CONF_FILE" -N -u root
fi
mysql_ensure_root_user_exists "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" "$DB_AUTHENTICATION_PLUGIN"
mysql_ensure_user_not_exists "" # ensure unknown user does not exist
if [[ -n "$DB_USER" ]]; then
local -a args=("$DB_USER")
[[ -n "$DB_PASSWORD" ]] && args+=("-p" "$DB_PASSWORD")
[[ -n "$DB_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$DB_AUTHENTICATION_PLUGIN")
mysql_ensure_optional_user_exists "${args[@]}"
fi
if [[ -n "$DB_DATABASE" ]]; then
local -a createdb_args=("$DB_DATABASE")
[[ -n "$DB_USER" ]] && createdb_args+=("-u" "$DB_USER")
[[ -n "$DB_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$DB_CHARACTER_SET")
[[ -n "$DB_COLLATE" ]] && createdb_args+=("--collate" "$DB_COLLATE")
mysql_ensure_optional_database_exists "${createdb_args[@]}"
fi
[[ -n "$DB_ROOT_PASSWORD" ]] && export ROOT_AUTH_ENABLED="yes"
fi
[[ -n "$DB_REPLICATION_MODE" ]] && mysql_configure_replication
# we run mysql_upgrade in order to recreate necessary database users and flush privileges
mariadb_upgrade
fi
}
########################
# Run custom scripts
# Globals:
# DB_*
# Arguments:
# $1 - 'init' or 'start' ('init' runs on first container start, 'start' runs everytime the container starts)
# Returns:
# None
#########################
mysql_custom_scripts() {
if [[ -n $(find /docker-entrypoint-"$1"db.d/ -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && { [[ ! -f "$DB_DATA_DIR/.user_scripts_initialized" ]] || [[ $1 == start ]]; } then
info "Loading user's custom files from /docker-entrypoint-$1db.d";
for f in /docker-entrypoint-"$1"db.d/*; do
debug "Executing $f"
case "$f" in
*.sh)
if [[ -x "$f" ]]; then
if ! "$f"; then
error "Failed executing $f"
return 1
fi
else
warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail"
. "$f"
fi
;;
*.sql)
[[ "$DB_REPLICATION_MODE" = "slave" ]] && warn "Custom SQL $1db is not supported on slave nodes, ignoring $f" && continue
wait_for_mysql_access "$DB_ROOT_USER"
# Temporarily disabling autocommit to increase performance when importing huge files
if ! mysql_execute_print_output "$DB_DATABASE" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<< "SET autocommit=0; source ${f}; COMMIT;"; then
error "Failed executing $f"
return 1
fi
;;
*.sql.gz)
[[ "$DB_REPLICATION_MODE" = "slave" ]] && warn "Custom SQL $1db is not supported on slave nodes, ignoring $f" && continue
wait_for_mysql_access "$DB_ROOT_USER"
# In this case, it is best to pipe the uncompressed SQL commands directly to the 'mysql' command as extraction may cause problems
# e.g. lack of disk space, permission issues...
if ! gunzip -c "$f" | mysql_execute_print_output "$DB_DATABASE" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD"; then
error "Failed executing $f"
return 1
fi
;;
*)
warn "Skipping $f, supported formats are: .sh .sql .sql.gz"
;;
esac
done
touch "$DB_DATA_DIR"/.user_scripts_initialized
fi
}
########################
# Starts MySQL/MariaDB in the background and waits until it's ready
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mysql_start_bg() {
local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}")
# Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized
flags+=("--bind-address=127.0.0.1")
# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable
read -r -a db_extra_flags <<< "$(mysql_extra_flags)"
[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}")
# Do not start as root, to avoid permission issues
am_i_root && flags+=("--user=${DB_DAEMON_USER}")
# The slave should only start in 'run.sh', elseways user credentials would be needed for any connection
flags+=("--skip-slave-start")
flags+=("$@")
is_mysql_running && return
info "Starting $DB_FLAVOR in background"
debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" &
# we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command
# users are not configured on slave nodes during initialization due to --skip-slave-start
wait_for_mysql
# Special configuration flag for system with slow disks that could take more time
# in initializing
if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then
debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization"
sleep "${DB_INIT_SLEEP_TIME}"
fi
}
########################
# Initialize database data
# Globals:
# BITNAMI_DEBUG
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mariadb_install_db() {
local command="${DB_BIN_DIR}/mysql_install_db"
local -a args=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}")
# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable
read -r -a db_extra_flags <<< "$(mysql_extra_flags)"
[[ "${#db_extra_flags[@]}" -gt 0 ]] && args+=("${db_extra_flags[@]}")
am_i_root && args=("${args[@]}" "--user=$DB_DAEMON_USER")
args+=("--auth-root-authentication-method=normal")
# Feature available only in MariaDB 10.5+
# ref: https://mariadb.com/kb/en/mysql_install_db/#not-creating-the-test-database-and-anonymous-user
if [[ ! "$(mysql_get_version)" =~ ^10\.[01234]\. ]]; then
is_boolean_yes "$DB_SKIP_TEST_DB" && args+=("--skip-test-db")
fi
debug_execute "$command" "${args[@]}"
}
########################
# Upgrade Database Schema
# Globals:
# BITNAMI_DEBUG
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
mariadb_upgrade() {
local -a args=("--defaults-file=${DB_CONF_FILE}" "-u" "$DB_ROOT_USER")
info "Running mysql_upgrade"
mysql_start_bg
is_boolean_yes "${ROOT_AUTH_ENABLED:-false}" && args+=("-p$(get_master_env_var_value ROOT_PASSWORD)")
[[ "${DB_UPGRADE}" == "FORCE" ]] && args+=("--force")
debug_execute "${DB_BIN_DIR}/mysql_upgrade" "${args[@]}" || echo "This installation is already upgraded"
}
########################
# Ensure a db user exists with the given password for the '%' host
# Globals:
# DB_*
# Flags:
# -p|--password - database password
# -u|--user - database user
# --auth-plugin - authentication plugin
# --use-ldap - authenticate user via LDAP
# --host - database host
# --port - database host
# Arguments:
# $1 - database user
# Returns:
# None
#########################
mariadb_ensure_user_exists() {
local -r user="${1:?user is required}"
local password=""
local auth_plugin=""
local use_ldap="no"
local hosts
local auth_string=""
# For accessing an external database
local db_host=""
local db_port=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-p|--password)
shift
password="${1:?missing database password}"
;;
--auth-plugin)
shift
auth_plugin="${1:?missing authentication plugin}"
;;
--use-ldap)
use_ldap="yes"
;;
--host)
shift
db_host="${1:?missing database host}"
;;
--port)
shift
db_port="${1:?missing database port}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if is_boolean_yes "$use_ldap"; then
auth_string="identified via pam using '$DB_FLAVOR'"
elif [[ -n "$password" ]]; then
if [[ -n "$auth_plugin" ]]; then
auth_string="identified with $auth_plugin by '$password'"
else
auth_string="identified by '$password'"
fi
fi
debug "creating database user \'$user\'"
local -a mysql_execute_cmd=("mysql_execute")
local -a mysql_execute_print_output_cmd=("mysql_execute_print_output")
if [[ -n "$db_host" && -n "$db_port" ]]; then
mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port")
fi
"${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
create or replace user '${user}'@'%' ${auth_string};
EOF
debug "Removing all other hosts for the user"
hosts=$("${mysql_execute_print_output_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
select Host from user where User='${user}' and Host!='%';
EOF
)
for host in $hosts; do
"${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
drop user '$user'@'$host';
EOF
done
}
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
@@ -429,19 +1054,14 @@ mysql_ensure_galera_mariabackup_user_exists() {
local -r password="${2:-}"
debug "Configure mariabackup user credentials"
if [[ "$DB_FLAVOR" = "mariadb" ]]; then
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
create or replace user '$user'@'localhost' $([ "$password" != "" ] && echo "identified by \"$password\"");
EOF
else
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
create user '$user'@'localhost' $([ "$password" != "" ] && echo "identified with 'mysql_native_password' by \"$password\"");
EOF
fi
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
grant RELOAD,PROCESS,LOCK TABLES,REPLICATION CLIENT on *.* to '$user'@'localhost';
flush privileges;
EOF
}
########################
@@ -460,19 +1080,12 @@ mysql_ensure_replication_user_exists() {
debug "Configure replication user"
if [[ "$DB_FLAVOR" = "mariadb" ]]; then
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
grant REPLICATION CLIENT ON *.* to '$user'@'%' identified by "$password";
grant PROCESS ON *.* to '$user'@'localhost' identified by "$password";
flush privileges;
EOF
else
mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
grant REPLICATION CLIENT ON *.* to '$user'@'%' identified with 'mysql_native_password' by "$password";
grant PROCESS ON *.* to '$user'@'localhost' identified with 'mysql_native_password' by "$password";
flush privileges;
EOF
fi
}
########################
@@ -568,11 +1181,11 @@ mysql_initialize() {
if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then
debug "Cleaning data directory to ensure successfully initialization"
rm -rf "${DB_DATA_DIR:?}"/*
mysql_install_db
mariadb_install_db
mysql_start_bg
debug "Deleting all users to avoid issues with galera configuration"
mysql_execute "mysql" <<EOF
DELETE FROM mysql.user WHERE user not in ('mysql.sys','mariadb.sys');
DELETE FROM mysql.user WHERE user not in ('mysql.sys','mysql.infoschema','mysql.session','mariadb.sys');
EOF
mysql_ensure_root_user_exists "$DB_ROOT_USER" "$DB_ROOT_PASSWORD"
@@ -597,16 +1210,13 @@ EOF
mysql_ensure_replication_user_exists "$MARIADB_REPLICATION_USER" "$MARIADB_REPLICATION_PASSWORD"
[[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes"
if [[ "$DB_FLAVOR" = "mysql" ]]; then
mysql_upgrade
else
local -a args=(mysql)
args+=("$DB_ROOT_USER" "$DB_ROOT_PASSWORD")
debug "Flushing privileges"
mysql_execute "${args[@]}" <<EOF
local -a args=(mysql)
args+=("$DB_ROOT_USER" "$DB_ROOT_PASSWORD")
debug "Flushing privileges"
mysql_execute "${args[@]}" <<EOF
flush privileges;
EOF
fi
fi
fi
}

3
bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh
View File

@@ -47,6 +47,7 @@ mariadb_env_vars=(
MARIADB_COLLATE
MARIADB_BIND_ADDRESS
MARIADB_SQL_MODE
MARIADB_UPGRADE
MARIADB_SKIP_TEST_DB
MARIADB_CLIENT_ENABLE_SSL
MARIADB_CLIENT_SSL_CA_FILE
@@ -169,6 +170,8 @@ export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}"
export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS"
export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}"
export DB_SQL_MODE="$MARIADB_SQL_MODE"
export MARIADB_UPGRADE="${MARIADB_UPGRADE:-AUTO}"
export DB_UPGRADE="$MARIADB_UPGRADE"
export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}"
export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB"
export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}"