diff --git a/.test/run.sh b/.test/run.sh index 3b074123..f4d07e8f 100755 --- a/.test/run.sh +++ b/.test/run.sh @@ -72,7 +72,7 @@ runandwait() )" port_int=$port fi - waiting=${DOCKER_LIBRARY_START_TIMEOUT:-10} + waiting=${DOCKER_LIBRARY_START_TIMEOUT:-15} echo "waiting to start..." set +e +o pipefail +x while [ "$waiting" -gt 0 ] @@ -921,6 +921,51 @@ zstd "${initdb}"/*zst* mariadbclient -u root -psoverysecret -e 'select current_user() as connected_ok' docker exec "$cname" healthcheck.sh --connect --innodb_initialized + # healthcheck shouldn't return true on insufficient connection information + + # Enforce fallback to tcp in healthcheck. + docker exec "$cname" sed -i -e 's/\(socket=\)/\1breakpath/' /var/lib/mysql/.my-healthcheck.cnf + + # select @@skip-networking via tcp successful + docker exec "$cname" healthcheck.sh --connect + + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` ACCOUNT LOCK' + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` ACCOUNT LOCK' + + # ERROR 4151 (HY000): Access denied, this account is locked + docker exec "$cname" healthcheck.sh --connect + + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` WITH MAX_QUERIES_PER_HOUR 1 ACCOUNT UNLOCK' + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` WITH MAX_QUERIES_PER_HOUR 1 ACCOUNT UNLOCK' + + # ERROR 1226 (42000) at line 1: User '\''healthcheck'\'' has exceeded the '\''max_queries_per_hour'\'' resource (current value: 1)' + docker exec "$cname" healthcheck.sh --connect + docker exec "$cname" healthcheck.sh --connect + + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` WITH MAX_QUERIES_PER_HOUR 2000 PASSWORD EXPIRE' + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` WITH MAX_QUERIES_PER_HOUR 2000 PASSWORD EXPIRE' + # ERROR 1820 (HY000) at line 1: You must SET PASSWORD before executing this statement + docker exec "$cname" healthcheck.sh --connect + + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'set password for healthcheck@`127.0.0.1` = PASSWORD("mismatch")' + # shellcheck disable=SC2016 + mariadbclient -u root -psoverysecret -e 'set password for healthcheck@`::1` = PASSWORD("mismatch")' + + # ERROR 1045 (28000): Access denied + docker exec "$cname" healthcheck.sh --connect + + + # break port + docker exec "$cname" sed -i -e 's/\(port=\)/\14/' /var/lib/mysql/.my-healthcheck.cnf + + docker exec "$cname" healthcheck.sh --connect || echo "ok, broken port is a connection failure" killoff diff --git a/10.11-ubi/healthcheck.sh b/10.11-ubi/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.11-ubi/healthcheck.sh +++ b/10.11-ubi/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.11/healthcheck.sh b/10.11/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.11/healthcheck.sh +++ b/10.11/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.5/healthcheck.sh b/10.5/healthcheck.sh index 17528ce8..d925ed58 100755 --- a/10.5/healthcheck.sh +++ b/10.5/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mysql ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.6-ubi/healthcheck.sh b/10.6-ubi/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.6-ubi/healthcheck.sh +++ b/10.6-ubi/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.6/healthcheck.sh b/10.6/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.6/healthcheck.sh +++ b/10.6/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.1/healthcheck.sh b/11.1/healthcheck.sh index b8909c75..4cee59cb 100755 --- a/11.1/healthcheck.sh +++ b/11.1/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.2/healthcheck.sh b/11.2/healthcheck.sh index b8909c75..4cee59cb 100755 --- a/11.2/healthcheck.sh +++ b/11.2/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.4-ubi/healthcheck.sh b/11.4-ubi/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/11.4-ubi/healthcheck.sh +++ b/11.4-ubi/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.4/healthcheck.sh b/11.4/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/11.4/healthcheck.sh +++ b/11.4/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.5/healthcheck.sh b/11.5/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/11.5/healthcheck.sh +++ b/11.5/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/healthcheck.sh b/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/healthcheck.sh +++ b/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/main-ubi/healthcheck.sh b/main-ubi/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/main-ubi/healthcheck.sh +++ b/main-ubi/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/main/healthcheck.sh b/main/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/main/healthcheck.sh +++ b/main/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $?