diff --git a/.test/run.sh b/.test/run.sh index b7ad77eb..bb3e7d92 100755 --- a/.test/run.sh +++ b/.test/run.sh @@ -765,7 +765,7 @@ fi --network=container:"$master_host" \ --health-cmd='healthcheck.sh --replication_io --replication_sql --replication_seconds_behind_master=0 --replication' \ --health-interval=3s \ - "$image" --server-id=2 --port 3307) + "$image" --server-id=2 --port 3307 --require-secure-transport=1) c="${DOCKER_LIBRARY_START_TIMEOUT:-10}" until docker exec "$cid" healthcheck.sh --connect --replication_io --replication_sql --replication_seconds_behind_master=0 --replication || [ "$c" -eq 0 ] diff --git a/10.11-ubi/docker-entrypoint.sh b/10.11-ubi/docker-entrypoint.sh index 4af730a2..31aa928a 100755 --- a/10.11-ubi/docker-entrypoint.sh +++ b/10.11-ubi/docker-entrypoint.sh @@ -353,7 +353,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/10.11-ubi/healthcheck.sh b/10.11-ubi/healthcheck.sh index 5d0a42f7..37227edd 100755 --- a/10.11-ubi/healthcheck.sh +++ b/10.11-ubi/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --protocol socket \ -B "$@" } @@ -55,6 +56,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -68,9 +79,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -225,6 +238,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -351,3 +365,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/10.11/docker-entrypoint.sh b/10.11/docker-entrypoint.sh index 4af730a2..31aa928a 100755 --- a/10.11/docker-entrypoint.sh +++ b/10.11/docker-entrypoint.sh @@ -353,7 +353,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/10.11/healthcheck.sh b/10.11/healthcheck.sh index 5d0a42f7..37227edd 100755 --- a/10.11/healthcheck.sh +++ b/10.11/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --protocol socket \ -B "$@" } @@ -55,6 +56,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -68,9 +79,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -225,6 +238,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -351,3 +365,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/10.5/docker-entrypoint.sh b/10.5/docker-entrypoint.sh index 69d590cf..0ceadbdb 100755 --- a/10.5/docker-entrypoint.sh +++ b/10.5/docker-entrypoint.sh @@ -344,7 +344,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/10.5/healthcheck.sh b/10.5/healthcheck.sh index b23a9b84..17528ce8 100755 --- a/10.5/healthcheck.sh +++ b/10.5/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --protocol socket \ -B "$@" } @@ -55,6 +56,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -68,9 +79,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -225,6 +238,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -351,3 +365,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/10.6-ubi/docker-entrypoint.sh b/10.6-ubi/docker-entrypoint.sh index fb0cc6c9..d4d2acae 100755 --- a/10.6-ubi/docker-entrypoint.sh +++ b/10.6-ubi/docker-entrypoint.sh @@ -345,7 +345,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/10.6-ubi/healthcheck.sh b/10.6-ubi/healthcheck.sh index 5d0a42f7..37227edd 100755 --- a/10.6-ubi/healthcheck.sh +++ b/10.6-ubi/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --protocol socket \ -B "$@" } @@ -55,6 +56,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -68,9 +79,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -225,6 +238,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -351,3 +365,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/10.6/docker-entrypoint.sh b/10.6/docker-entrypoint.sh index fb0cc6c9..d4d2acae 100755 --- a/10.6/docker-entrypoint.sh +++ b/10.6/docker-entrypoint.sh @@ -345,7 +345,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/10.6/healthcheck.sh b/10.6/healthcheck.sh index 5d0a42f7..37227edd 100755 --- a/10.6/healthcheck.sh +++ b/10.6/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --protocol socket \ -B "$@" } @@ -55,6 +56,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -68,9 +79,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -225,6 +238,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -351,3 +365,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.1/docker-entrypoint.sh b/11.1/docker-entrypoint.sh index 1495de69..1e6ccfe0 100755 --- a/11.1/docker-entrypoint.sh +++ b/11.1/docker-entrypoint.sh @@ -353,7 +353,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.1/healthcheck.sh b/11.1/healthcheck.sh index 06b29f76..b8909c75 100755 --- a/11.1/healthcheck.sh +++ b/11.1/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --protocol socket \ -B "$@" } @@ -55,6 +56,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -68,9 +79,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -225,6 +238,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -351,3 +365,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.2/docker-entrypoint.sh b/11.2/docker-entrypoint.sh index 5e89cc74..3b2a340b 100755 --- a/11.2/docker-entrypoint.sh +++ b/11.2/docker-entrypoint.sh @@ -353,7 +353,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.2/healthcheck.sh b/11.2/healthcheck.sh index 06b29f76..b8909c75 100755 --- a/11.2/healthcheck.sh +++ b/11.2/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --protocol socket \ -B "$@" } @@ -55,6 +56,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -68,9 +79,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -225,6 +238,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -351,3 +365,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.4-ubi/docker-entrypoint.sh b/11.4-ubi/docker-entrypoint.sh index eb13c844..1fec430c 100755 --- a/11.4-ubi/docker-entrypoint.sh +++ b/11.4-ubi/docker-entrypoint.sh @@ -355,7 +355,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.4-ubi/healthcheck.sh b/11.4-ubi/healthcheck.sh index e13db0da..c5dcbd38 100755 --- a/11.4-ubi/healthcheck.sh +++ b/11.4-ubi/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -43,6 +43,7 @@ _process_sql() ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ + --protocol socket \ -B "$@" } @@ -56,6 +57,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -70,9 +81,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -227,6 +240,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -353,3 +367,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.4/docker-entrypoint.sh b/11.4/docker-entrypoint.sh index eb13c844..1fec430c 100755 --- a/11.4/docker-entrypoint.sh +++ b/11.4/docker-entrypoint.sh @@ -355,7 +355,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.4/healthcheck.sh b/11.4/healthcheck.sh index e13db0da..c5dcbd38 100755 --- a/11.4/healthcheck.sh +++ b/11.4/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -43,6 +43,7 @@ _process_sql() ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ + --protocol socket \ -B "$@" } @@ -56,6 +57,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -70,9 +81,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -227,6 +240,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -353,3 +367,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.5-ubi/docker-entrypoint.sh b/11.5-ubi/docker-entrypoint.sh index fa35d577..723aafca 100755 --- a/11.5-ubi/docker-entrypoint.sh +++ b/11.5-ubi/docker-entrypoint.sh @@ -355,7 +355,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.5-ubi/healthcheck.sh b/11.5-ubi/healthcheck.sh index e13db0da..c5dcbd38 100755 --- a/11.5-ubi/healthcheck.sh +++ b/11.5-ubi/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -43,6 +43,7 @@ _process_sql() ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ + --protocol socket \ -B "$@" } @@ -56,6 +57,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -70,9 +81,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -227,6 +240,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -353,3 +367,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.5/docker-entrypoint.sh b/11.5/docker-entrypoint.sh index fa35d577..723aafca 100755 --- a/11.5/docker-entrypoint.sh +++ b/11.5/docker-entrypoint.sh @@ -355,7 +355,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.5/healthcheck.sh b/11.5/healthcheck.sh index e13db0da..c5dcbd38 100755 --- a/11.5/healthcheck.sh +++ b/11.5/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -43,6 +43,7 @@ _process_sql() ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ + --protocol socket \ -B "$@" } @@ -56,6 +57,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -70,9 +81,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -227,6 +240,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -353,3 +367,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.6-ubi/docker-entrypoint.sh b/11.6-ubi/docker-entrypoint.sh index c2be494f..0885ee13 100755 --- a/11.6-ubi/docker-entrypoint.sh +++ b/11.6-ubi/docker-entrypoint.sh @@ -355,7 +355,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.6-ubi/healthcheck.sh b/11.6-ubi/healthcheck.sh index e13db0da..c5dcbd38 100755 --- a/11.6-ubi/healthcheck.sh +++ b/11.6-ubi/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -43,6 +43,7 @@ _process_sql() ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ + --protocol socket \ -B "$@" } @@ -56,6 +57,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -70,9 +81,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -227,6 +240,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -353,3 +367,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/11.6/docker-entrypoint.sh b/11.6/docker-entrypoint.sh index c2be494f..0885ee13 100755 --- a/11.6/docker-entrypoint.sh +++ b/11.6/docker-entrypoint.sh @@ -355,7 +355,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/11.6/healthcheck.sh b/11.6/healthcheck.sh index e13db0da..c5dcbd38 100755 --- a/11.6/healthcheck.sh +++ b/11.6/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -43,6 +43,7 @@ _process_sql() ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ + --protocol socket \ -B "$@" } @@ -56,6 +57,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -70,9 +81,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -227,6 +240,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -353,3 +367,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 56897cdd..273be35d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -355,7 +355,7 @@ create_healthcheck_users() { local maskPreserve maskPreserve=$(umask -p) umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve } diff --git a/healthcheck.sh b/healthcheck.sh index e13db0da..c5dcbd38 100755 --- a/healthcheck.sh +++ b/healthcheck.sh @@ -32,7 +32,7 @@ # different from elsewhere. # # Note * though denied error message will result in error log without -# any permissions. +# any permissions. USAGE recommend to avoid this. set -eo pipefail @@ -43,6 +43,7 @@ _process_sql() ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ + --protocol socket \ -B "$@" } @@ -56,6 +57,16 @@ _process_sql() # isn't tested. connect() { + local s + # short cut mechanism, to work with --require-secure-transport + s=$(_process_sql --skip-column-names -e 'select @@skip_networking') + case "$s" in + 0|1) + connect_s=$s + return "$s"; + ;; + esac + # falling back to this if there wasn't a connection answer. set +e +o pipefail # (on second extra_file) # shellcheck disable=SC2086 @@ -70,9 +81,11 @@ connect() set -eo pipefail if (( "$ret" == 0 )); then # grep Matched "Can't connect" so we fail - return 1 + connect_s=1 + else + connect_s=0 fi - return 0 + return $connect_s } # INNODB_INITIALIZED @@ -227,6 +240,7 @@ fi declare -A repl declare -A def nodefaults= +connect_s= datadir=/var/lib/mysql if [ -f $datadir/.my-healthcheck.cnf ]; then def['extra_file']=$datadir/.my-healthcheck.cnf @@ -353,3 +367,9 @@ while [ $# -gt 0 ]; do fi shift done +if [ -z "$connect_s" ]; then + # we didn't do a connnect test, so the current success status is suspicious + # return what connect thinks. + connect + exit $? +fi