Skip to content

Commit

Permalink
fix: handle nonempty password in Docker entrypoint (#308)
Browse files Browse the repository at this point in the history
  • Loading branch information
fanyang01 authored Dec 23, 2024
1 parent be912e8 commit 344a5f5
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 39 deletions.
8 changes: 4 additions & 4 deletions devtools/replica-setup-mysql/checker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ check_server_params() {
echo "Checking MySQL server parameters..."

# Retrieve the required MySQL server variables using mysqlsh
result=$(mysqlsh --uri="$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION --sql -e "
result=$(mysqlsh --uri="$SOURCE_DSN" $SOURCE_PASSWORD_OPTION --sql -e "
SHOW VARIABLES WHERE variable_name IN ('binlog_format', 'enforce_gtid_consistency', 'gtid_mode', 'gtid_strict_mode', 'log_bin');
")

Expand Down Expand Up @@ -65,7 +65,7 @@ check_user_privileges() {
echo "Checking privileges for the current user '$SOURCE_USER'..."

# Check the user grants for the currently authenticated user using mysqlsh
result=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION --sql -e "
result=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_PASSWORD_OPTION --sql -e "
SHOW GRANTS FOR CURRENT_USER();
")

Expand Down Expand Up @@ -98,7 +98,7 @@ check_mysql_config() {
# Function to check if source MySQL server is empty
check_if_source_mysql_is_empty() {
# Run the query using mysqlsh and capture the output
OUTPUT=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION --sql -e "SHOW DATABASES;" 2>/dev/null)
OUTPUT=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_PASSWORD_OPTION --sql -e "SHOW DATABASES;" 2>/dev/null)

check_command "retrieving database list"

Expand All @@ -114,7 +114,7 @@ check_if_source_mysql_is_empty() {

# Function to check if there is ongoing replication on MyDuck Server
check_if_myduck_has_replica() {
REPLICA_STATUS=$(mysqlsh --sql --host=$MYDUCK_HOST --port=$MYDUCK_PORT --user=root --password='' -e "SHOW REPLICA STATUS\G")
REPLICA_STATUS=$(mysqlsh --sql --host=$MYDUCK_HOST --port=$MYDUCK_PORT --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} -e "SHOW REPLICA STATUS\G")
check_command "retrieving replica status"

SOURCE_HOST_EXISTS=$(echo "$REPLICA_STATUS" | awk '/Source_Host/ {print $2}')
Expand Down
15 changes: 1 addition & 14 deletions devtools/replica-setup-mysql/prepare.sh
Original file line number Diff line number Diff line change
@@ -1,20 +1,7 @@
#!/bin/bash

if ! mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password -e "SELECT 1 FROM mysql.user WHERE user = '${MYDUCK_USER}'" | grep -q 1; then
echo "Creating user ${MYDUCK_USER} for replication..."
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password <<EOF
CREATE USER '${MYDUCK_USER}'@'%' IDENTIFIED BY '${MYDUCK_PASSWORD}';
GRANT ALL PRIVILEGES ON *.* TO '${MYDUCK_USER}'@'%';
EOF
fi

if [[ $? -ne 0 ]]; then
echo "Failed to create user '${MYDUCK_USER}'. Exiting."
exit 1
fi

echo "Setting local_infile and server_id..."
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password <<EOF
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} <<EOF
SET GLOBAL local_infile = 1;
SET GLOBAL server_id = ${MYDUCK_SERVER_ID};
SET GLOBAL replica_is_loading_snapshot = ON;
Expand Down
13 changes: 10 additions & 3 deletions devtools/replica-setup-mysql/replica_setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,18 @@ while [[ $# -gt 0 ]]; do
esac
done

# if SOURCE_PASSWORD is empty, set SOURCE_NO_PASSWORD_OPTION to "--no-password"
# if SOURCE_PASSWORD is empty, set SOURCE_PASSWORD_OPTION to "--no-password"
if [[ -z "$SOURCE_PASSWORD" ]]; then
SOURCE_NO_PASSWORD_OPTION="--no-password"
SOURCE_PASSWORD_OPTION="--no-password"
else
SOURCE_NO_PASSWORD_OPTION=""
SOURCE_PASSWORD_OPTION=""
fi

# if MYDUCK_PASSWORD is empty, set MYDUCK_PASSWORD_OPTION to "--no-password"
if [[ -z "$MYDUCK_PASSWORD" ]]; then
MYDUCK_PASSWORD_OPTION="--no-password"
else
MYDUCK_PASSWORD_OPTION="--password=$MYDUCK_PASSWORD"
fi

# Check if all parameters are set
Expand Down
4 changes: 2 additions & 2 deletions devtools/replica-setup-mysql/snapshot.sh
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ echo "Thread count set to: $THREAD_COUNT"

echo "Copying data from MySQL to MyDuck..."
# Run mysqlsh command and capture the output
output=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION -- util copy-instance "mysql://${MYDUCK_USER}:${MYDUCK_PASSWORD}@${MYDUCK_HOST}:${MYDUCK_PORT}" \
output=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_PASSWORD_OPTION -- util copy-instance "mysql://${MYDUCK_USER}:${MYDUCK_PASSWORD}@${MYDUCK_HOST}:${MYDUCK_PORT}" \
--users false \
--consistent false \
--ignore-existing-objects true \
Expand Down Expand Up @@ -84,6 +84,6 @@ fi
echo "Snapshot completed successfully."

echo "Reset replica_is_loading_snapshot..."
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password <<EOF
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=${MYDUCK_USER} {MYDUCK_PASSWORD_OPTION} <<EOF
SET GLOBAL replica_is_loading_snapshot = OFF;
EOF
4 changes: 2 additions & 2 deletions devtools/replica-setup-mysql/start_replication.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ OS=$(uname -s)

# Use the EXECUTED_GTID_SET variable from the previous steps
if [ $GTID_MODE == "ON" ] && [ ! -z "$EXECUTED_GTID_SET" ]; then
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password <<EOF
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} <<EOF
SET GLOBAL gtid_purged = "${EXECUTED_GTID_SET}";
EOF
fi
Expand All @@ -31,7 +31,7 @@ if [ $GTID_MODE == "OFF" ]; then
SOURCE_LOG_POS=${BINLOG_POS}"
fi

mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password <<EOF
mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} <<EOF
${REPLICATION_CMD};
START REPLICA;
EOF
Expand Down
2 changes: 1 addition & 1 deletion devtools/replica-setup-postgres/replica_setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ CREATE_SUBSCRIPTION_SQL="CREATE SUBSCRIPTION ${SUBSCRIPTION_NAME} \
CONNECTION 'dbname=${SOURCE_DATABASE} host=${SOURCE_HOST} port=${SOURCE_PORT} user=${SOURCE_USER} password=${SOURCE_PASSWORD}' \
PUBLICATION ${PUBLICATION_NAME};"

psql -h $MYDUCK_HOST -p $MYDUCK_PORT -U $MYDUCK_USER <<EOF
PGPASSWORD="$MYDUCK_PASSWORD" psql -h $MYDUCK_HOST -p $MYDUCK_PORT -U $MYDUCK_USER <<EOF
${CREATE_SUBSCRIPTION_SQL}
EOF

Expand Down
44 changes: 31 additions & 13 deletions docker/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,13 @@ cleanup() {
fi
}

# Define MYSQL_PASSWORD_OPTION based on SUPERUSER_PASSWORD
if [ -z "$SUPERUSER_PASSWORD" ]; then
MYSQL_PASSWORD_OPTION="--no-password"
else
MYSQL_PASSWORD_OPTION="--password=$SUPERUSER_PASSWORD"
fi

# Function to run replica setup
run_replica_setup() {
case "$SOURCE_TYPE" in
Expand All @@ -116,6 +123,8 @@ run_replica_setup() {
;;
esac

export MYDUCK_PASSWORD="${SUPERUSER_PASSWORD}"

# Run replica_setup.sh and check for errors
if source replica_setup.sh; then
echo "Replica setup completed."
Expand All @@ -127,7 +136,16 @@ run_replica_setup() {

run_server_in_background() {
cd "$DATA_PATH" || { echo "Error: Could not change directory to ${DATA_PATH}"; exit 1; }
nohup myduckserver $DEFAULT_DB $SUPERUSER_PASSWORD $LOG_LEVEL $PROFILER_PORT $RESTORE_FILE $RESTORE_ENDPOINT $RESTORE_ACCESS_KEY_ID $RESTORE_SECRET_ACCESS_KEY | tee -a "${LOG_PATH}/server.log" 2>&1 &
nohup myduckserver \
${DEFAULT_DB_OPTION} \
${SUPERUSER_PASSWORD_OPTION} \
${LOG_LEVEL_OPTION} \
${PROFILER_PORT_OPTION} \
${RESTORE_FILE_OPTION} \
${RESTORE_ENDPOINT_OPTION} \
${RESTORE_ACCESS_KEY_ID_OPTION} \
${RESTORE_SECRET_ACCESS_KEY_OPTION} \
| tee -a "${LOG_PATH}/server.log" 2>&1 &
echo "$!" > "${PID_FILE}"
}

Expand All @@ -141,10 +159,10 @@ wait_for_my_duck_server_ready() {

echo "Waiting for MyDuck Server at $host:$port to be ready..."

until mysqlsh --sql --host "$host" --port "$port" --user "$user" --no-password --execute "SELECT VERSION();" &> /dev/null; do
until mysqlsh --sql --host "$host" --port "$port" --user "$user" ${MYSQL_PASSWORD_OPTION} --execute "SELECT VERSION();" &> /dev/null; do
attempt=$((attempt+1))
if [ "$attempt" -ge "$max_attempts" ]; then
echo "Error: MySQL connection timed out after $max_attempts attempts."
echo "Error: MySQL connection timeout after $max_attempts attempts."
exit 1
fi
echo "Attempt $attempt/$max_attempts: MyDuck Server is unavailable - retrying in $wait_time seconds..."
Expand Down Expand Up @@ -186,14 +204,14 @@ execute_init_sqls() {
echo "Executing init SQL scripts from $INIT_SQLS_DIR/mysql..."
for file in "$INIT_SQLS_DIR/mysql"/*.sql; do
echo "Executing $file..."
mysqlsh --sql --host "$host" --port "$mysql_port" --user "$mysql_user" --no-password --file="$file"
mysqlsh --sql --host "$host" --port "$mysql_port" --user "$mysql_user" $MYSQL_PASSWORD_OPTION --file="$file"
done
fi
if [ -d "$INIT_SQLS_DIR/postgres" ] && [ "$(find "$INIT_SQLS_DIR/postgres" -maxdepth 1 -name '*.sql' -type f | head -n 1)" ]; then
echo "Executing init SQL scripts from $INIT_SQLS_DIR/postgres..."
for file in "$INIT_SQLS_DIR/postgres"/*.sql; do
echo "Executing $file..."
psql -h "$host" -p "$postgres_port" -U "$postgres_user" -f "$file"
PGPASSWORD="$SUPERUSER_PASSWORD" psql -h "$host" -p "$postgres_port" -U "$postgres_user" -f "$file"
done
fi
}
Expand All @@ -204,35 +222,35 @@ setup() {
trap cleanup SIGTERM SIGINT SIGQUIT

if [ -n "$DEFAULT_DB" ]; then
export DEFAULT_DB="--default-db=$DEFAULT_DB"
export DEFAULT_DB_OPTION="--default-db=$DEFAULT_DB"
fi

if [ -n "$SUPERUSER_PASSWORD" ]; then
export SUPERUSER_PASSWORD="--superuser-password=$SUPERUSER_PASSWORD"
export SUPERUSER_PASSWORD_OPTION="--superuser-password=$SUPERUSER_PASSWORD"
fi

if [ -n "$LOG_LEVEL" ]; then
export LOG_LEVEL="--loglevel=$LOG_LEVEL"
export LOG_LEVEL_OPTION="--loglevel=$LOG_LEVEL"
fi

if [ -n "$PROFILER_PORT" ]; then
export PROFILER_PORT="--profiler-port=$PROFILER_PORT"
export PROFILER_PORT_OPTION="--profiler-port=$PROFILER_PORT"
fi

if [ -n "$RESTORE_FILE" ]; then
export RESTORE_FILE="--restore-file=$RESTORE_FILE"
export RESTORE_FILE_OPTION="--restore-file=$RESTORE_FILE"
fi

if [ -n "$RESTORE_ENDPOINT" ]; then
export RESTORE_ENDPOINT="--restore-endpoint=$RESTORE_ENDPOINT"
export RESTORE_ENDPOINT_OPTION="--restore-endpoint=$RESTORE_ENDPOINT"
fi

if [ -n "$RESTORE_ACCESS_KEY_ID" ]; then
export RESTORE_ACCESS_KEY_ID="--restore-access-key-id=$RESTORE_ACCESS_KEY_ID"
export RESTORE_ACCESS_KEY_ID_OPTION="--restore-access-key-id=$RESTORE_ACCESS_KEY_ID"
fi

if [ -n "$RESTORE_SECRET_ACCESS_KEY" ]; then
export RESTORE_SECRET_ACCESS_KEY="--restore-secret-access-key=$RESTORE_SECRET_ACCESS_KEY"
export RESTORE_SECRET_ACCESS_KEY_OPTION="--restore-secret-access-key=$RESTORE_SECRET_ACCESS_KEY"
fi

# Ensure required directories exist
Expand Down

0 comments on commit 344a5f5

Please sign in to comment.