From dcf58b3d8a443d2f497ce9990bc913029365bb78 Mon Sep 17 00:00:00 2001 From: Vadim Yalovets Date: Sun, 9 Feb 2025 16:03:49 +0200 Subject: [PATCH] PKG-474 create a separate dockerfile for ps-8.4 (#1128) --- percona-server-8.4/Dockerfile | 140 ++++++++++ percona-server-8.4/Dockerfile-dockerhub | 128 +++++++++ percona-server-8.4/Dockerfile.aarch64 | 137 ++++++++++ percona-server-8.4/README-build.md | 40 +++ percona-server-8.4/README.md | 158 +++++++++++ percona-server-8.4/docker-compose.yml | 33 +++ percona-server-8.4/ps-entry-dockerhub.sh | 250 +++++++++++++++++ percona-server-8.4/ps-entry.sh | 253 ++++++++++++++++++ .../telemetry-agent-supervisor.sh | 14 + 9 files changed, 1153 insertions(+) create mode 100644 percona-server-8.4/Dockerfile create mode 100644 percona-server-8.4/Dockerfile-dockerhub create mode 100644 percona-server-8.4/Dockerfile.aarch64 create mode 100644 percona-server-8.4/README-build.md create mode 100644 percona-server-8.4/README.md create mode 100644 percona-server-8.4/docker-compose.yml create mode 100755 percona-server-8.4/ps-entry-dockerhub.sh create mode 100755 percona-server-8.4/ps-entry.sh create mode 100644 percona-server-8.4/telemetry-agent-supervisor.sh diff --git a/percona-server-8.4/Dockerfile b/percona-server-8.4/Dockerfile new file mode 100644 index 00000000..925822c6 --- /dev/null +++ b/percona-server-8.4/Dockerfile @@ -0,0 +1,140 @@ +# This Dockerfile should be used for docker official repo + +# https://github.com/docker-library/official-images: +# No official images can be derived from, or depend on, non-official images +# with the following notable exceptions... +FROM redhat/ubi9-minimal + +LABEL org.opencontainers.image.authors="info@percona.com" + +# It is intentionally used another UID, to have backward compatibility with +# the previous image versions published on Docker Hub +RUN set -ex; \ + #groupdel input; \ + #userdel systemd-coredump; \ + groupadd -g 1001 mysql; \ + useradd -u 1001 -r -g 1001 -s /sbin/nologin \ + -m -c "Default Application User" mysql + +ENV PS_VERSION 8.4.3-3.1 +ENV MYSQL_SHELL_VERSION 8.4.3-1 +ENV OS_VER el9 +ENV FULL_PERCONA_VERSION "$PS_VERSION.$OS_VER" +ENV FULL_MYSQL_SHELL_VERSION "$MYSQL_SHELL_VERSION.$OS_VER" +ENV PS_REPO testing +ENV PS_TELEMETRY_VERSION 8.4.3-3-1 +ENV CALL_HOME_DOWNLOAD_SHA256 5e84d2f1a5d57f44c46e6a1f16794d649d3de09fe8021f0294bc321c89e51068 +ENV KEY_RPM_DOWNLOAD_SHA256 fcf0eab4f05a1c0de6363ac4b707600a27a9d774e9b491059e59e6921b255a84 +ENV CALL_HOME_VERSION 0.1 +# Do not report during Docker image creation. +# Note that doing so, would create telemetry config file +# which would prevent reporting when new container is started. +# If we want to track Docker image creation as well, +# remove telemetry config file after installing packages! +ARG PERCONA_TELEMETRY_DISABLE=1 + +# check repository package signature in secure way +RUN set -ex; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 4D1BB29D63D98E422B2113B19334A25F8507EFA5 99DB70FAE1D7CE227FB6488205B555B38483C65D; \ + gpg --batch --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/PERCONA-PACKAGING-KEY; \ + gpg --batch --export --armor 99DB70FAE1D7CE227FB6488205B555B38483C65D > ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \ + rpmkeys --import ${GNUPGHOME}/PERCONA-PACKAGING-KEY ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \ + curl -Lf -o /tmp/percona-release.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm; \ + rpmkeys --checksig /tmp/percona-release.rpm; \ + microdnf install -y findutils; \ + rpm -i /tmp/percona-release.rpm; \ + rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ + rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \ + percona-release disable all; \ + percona-release enable ps-84-lts ${PS_REPO}; \ + percona-release enable telemetry ${PS_REPO}; \ + percona-release enable mysql-shell ${PS_REPO}; \ + curl -O https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9; \ + echo "$KEY_RPM_DOWNLOAD_SHA256 RPM-GPG-KEY-EPEL-9" | sha256sum --strict --check; \ + rpm --import RPM-GPG-KEY-EPEL-9; \ + curl -Lf -o /tmp/jemalloc.rpm https://rpmfind.net/linux/epel/9/Everything/x86_64/Packages/j/jemalloc-5.2.1-2.el9.x86_64.rpm; \ + curl -Lf -o /tmp/gflags.rpm https://rpmfind.net/linux/epel/9/Everything/x86_64/Packages/g/gflags-2.2.2-9.el9.x86_64.rpm; \ + rpmkeys --checksig /tmp/gflags.rpm /tmp/jemalloc.rpm; \ + rpm -i /tmp/jemalloc.rpm; \ + rpm -i /tmp/gflags.rpm; \ + rm -f /tmp/gflags.rpm /tmp/jemalloc.rpm + +RUN set -ex; \ + #microdnf -y install epel-release; \ + rpm -e --nodeps tzdata; \ + microdnf -y install \ + hostname \ + tzdata \ + jemalloc \ + which \ + cracklib-dicts \ + tar \ + policycoreutils; \ + microdnf -y update \ + #glibc \ + libnghttp2 \ + openssh \ + python3-setuptools-wheel \ + krb5-libs \ + pam \ + python3; \ + \ + microdnf -y install \ + percona-server-server-${FULL_PERCONA_VERSION} \ + #percona-server-tokudb-${FULL_PERCONA_VERSION} \ + percona-server-devel-${FULL_PERCONA_VERSION} \ + percona-server-rocksdb-${FULL_PERCONA_VERSION} \ + percona-icu-data-files-${FULL_PERCONA_VERSION} \ + percona-mysql-shell-${FULL_MYSQL_SHELL_VERSION}; \ + microdnf clean all; \ + rm -rf /var/cache/dnf /var/cache/yum /var/lib/mysql + +# purge and re-create /var/lib/mysql with appropriate ownership +RUN set -ex; \ + /usr/bin/install -m 0775 -o mysql -g root -d /var/lib/mysql /var/run/mysqld /docker-entrypoint-initdb.d; \ +# comment out a few problematic configuration values + find /etc/my.cnf /etc/my.cnf.d -name '*.cnf' -print0 \ + | xargs -0 grep -lZE '^(bind-address|log|user)' \ + | xargs -rt -0 sed -Ei 's/^(bind-address|log|user)/#&/'; \ +# don't reverse lookup hostnames, they are usually another container + echo '!includedir /etc/my.cnf.d' >> /etc/my.cnf; \ + printf '[mysqld]\nhost_cache_size=0\nskip-name-resolve\n' > /etc/my.cnf.d/docker.cnf; \ +# TokuDB modifications + /usr/bin/install -m 0664 -o mysql -g root /dev/null /etc/sysconfig/mysql; \ + echo "LD_PRELOAD=/usr/lib64/libjemalloc.so.1" >> /etc/sysconfig/mysql; \ + echo "THP_SETTING=never" >> /etc/sysconfig/mysql; \ +# allow to change config files + chown -R mysql:root /etc/my.cnf /etc/my.cnf.d; \ + chmod -R ug+rwX /etc/my.cnf /etc/my.cnf.d + +VOLUME ["/var/lib/mysql", "/var/log/mysql"] + +RUN set -eux; \ + curl -fL "https://github.com/Percona-Lab/telemetry-agent/archive/refs/tags/phase-$CALL_HOME_VERSION.tar.gz" -o "phase-$CALL_HOME_VERSION.tar.gz"; \ + echo "$CALL_HOME_DOWNLOAD_SHA256 phase-$CALL_HOME_VERSION.tar.gz" | sha256sum --strict --check; \ + tar -xvf phase-$CALL_HOME_VERSION.tar.gz; \ + cp telemetry-agent-phase-$CALL_HOME_VERSION/call-home.sh .;\ + rm -rf telemetry-agent-phase-$CALL_HOME_VERSION phase-$CALL_HOME_VERSION.tar.gz; \ + chmod a+rx /call-home.sh; \ + mkdir -p /usr/local/percona; \ + chown mysql:mysql /usr/local/percona +ENV CALL_HOME_OPTIONAL_PARAMS=" -s ${OS_VER}" + +COPY ps-entry.sh /docker-entrypoint.sh +COPY telemetry-agent-supervisor.sh /usr/bin/ +RUN set -ex; \ + chown mysql /usr/bin/telemetry-agent-supervisor.sh; \ + chown mysql /usr/bin/percona-telemetry-agent; \ + chown mysql /usr/local/percona/telemetry/history; \ + chmod ug+rwx /usr/bin/telemetry-agent-supervisor.sh; \ + chmod -R go+w /var/log/percona +ENV PERCONA_TELEMETRY_CHECK_INTERVAL=86400 +ENV PERCONA_TELEMETRY_HISTORY_KEEP_INTERVAL=604800 +ENV PERCONA_TELEMETRY_RESEND_INTERVAL=60 +ENV PERCONA_TELEMETRY_URL=https://check.percona.com/v1/telemetry/GenericReport +ENTRYPOINT ["/docker-entrypoint.sh"] + +USER mysql +EXPOSE 3306 33060 +CMD ["mysqld"] diff --git a/percona-server-8.4/Dockerfile-dockerhub b/percona-server-8.4/Dockerfile-dockerhub new file mode 100644 index 00000000..b4b76fa4 --- /dev/null +++ b/percona-server-8.4/Dockerfile-dockerhub @@ -0,0 +1,128 @@ +# This Dockerfile should be used for docker official repo + +# https://github.com/docker-library/official-images: +# No official images can be derived from, or depend on, non-official images +# with the following notable exceptions... +FROM redhat/ubi9-minimal + +LABEL org.opencontainers.image.authors="info@percona.com" + +# It is intentionally used another UID, to have backward compatibility with +# the previous image versions published on Docker Hub +RUN set -ex; \ + #groupdel input; \ + #userdel systemd-coredump; \ + groupadd -g 1001 mysql; \ + useradd -u 1001 -r -g 1001 -s /sbin/nologin \ + -m -c "Default Application User" mysql + +ENV PS_VERSION 8.4.3-3.1 +ENV MYSQL_SHELL_VERSION 8.4.3-1 +ENV OS_VER el9 +ENV FULL_PERCONA_VERSION "$PS_VERSION.$OS_VER" +ENV FULL_MYSQL_SHELL_VERSION "$MYSQL_SHELL_VERSION.$OS_VER" +ENV PS_REPO testing +ENV PS_TELEMETRY_VERSION 8.4.3-3-1 +ENV CALL_HOME_DOWNLOAD_SHA256 5e84d2f1a5d57f44c46e6a1f16794d649d3de09fe8021f0294bc321c89e51068 +ENV KEY_RPM_DOWNLOAD_SHA256 fcf0eab4f05a1c0de6363ac4b707600a27a9d774e9b491059e59e6921b255a84 +ENV CALL_HOME_VERSION 0.1 +# Do not report during Docker image creation. +# Note that doing so, would create telemetry config file +# which would prevent reporting when new container is started. +# If we want to track Docker image creation as well, +# remove telemetry config file after installing packages! +ARG PERCONA_TELEMETRY_DISABLE=1 + +# check repository package signature in secure way +RUN set -ex; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 4D1BB29D63D98E422B2113B19334A25F8507EFA5 99DB70FAE1D7CE227FB6488205B555B38483C65D; \ + gpg --batch --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/PERCONA-PACKAGING-KEY; \ + gpg --batch --export --armor 99DB70FAE1D7CE227FB6488205B555B38483C65D > ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \ + rpmkeys --import ${GNUPGHOME}/PERCONA-PACKAGING-KEY ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \ + curl -Lf -o /tmp/percona-release.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm; \ + rpmkeys --checksig /tmp/percona-release.rpm; \ + microdnf install -y findutils; \ + rpm -i /tmp/percona-release.rpm; \ + rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ + rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \ + percona-release disable all; \ + percona-release enable ps-84-lts ${PS_REPO}; \ + percona-release enable mysql-shell ${PS_REPO}; \ + curl -O https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9; \ + echo "$KEY_RPM_DOWNLOAD_SHA256 RPM-GPG-KEY-EPEL-9" | sha256sum --strict --check; \ + rpm --import RPM-GPG-KEY-EPEL-9; \ + curl -Lf -o /tmp/jemalloc.rpm https://rpmfind.net/linux/epel/9/Everything/x86_64/Packages/j/jemalloc-5.2.1-2.el9.x86_64.rpm; \ + curl -Lf -o /tmp/gflags.rpm https://rpmfind.net/linux/epel/9/Everything/x86_64/Packages/g/gflags-2.2.2-9.el9.x86_64.rpm; \ + rpmkeys --checksig /tmp/gflags.rpm /tmp/jemalloc.rpm; \ + rpm -i /tmp/jemalloc.rpm; \ + rpm -i /tmp/gflags.rpm; \ + rm -f /tmp/gflags.rpm /tmp/jemalloc.rpm + +RUN set -ex; \ + #microdnf -y install epel-release; \ + rpm -e --nodeps tzdata; \ + microdnf -y install \ + hostname \ + tzdata \ + jemalloc \ + which \ + cracklib-dicts \ + tar \ + policycoreutils; \ + microdnf -y update \ + #glibc \ + libnghttp2 \ + openssh \ + python3-setuptools-wheel \ + krb5-libs \ + pam \ + python3; \ + \ + microdnf -y install \ + percona-server-server-${FULL_PERCONA_VERSION} \ + #percona-server-tokudb-${FULL_PERCONA_VERSION} \ + percona-server-devel-${FULL_PERCONA_VERSION} \ + percona-server-rocksdb-${FULL_PERCONA_VERSION} \ + percona-icu-data-files-${FULL_PERCONA_VERSION} \ + percona-mysql-shell-${FULL_MYSQL_SHELL_VERSION}; \ + microdnf clean all; \ + rm -rf /var/cache/dnf /var/cache/yum /var/lib/mysql + +# purge and re-create /var/lib/mysql with appropriate ownership +RUN set -ex; \ + /usr/bin/install -m 0775 -o mysql -g root -d /var/lib/mysql /var/run/mysqld /docker-entrypoint-initdb.d; \ +# comment out a few problematic configuration values + find /etc/my.cnf /etc/my.cnf.d -name '*.cnf' -print0 \ + | xargs -0 grep -lZE '^(bind-address|log|user)' \ + | xargs -rt -0 sed -Ei 's/^(bind-address|log|user)/#&/'; \ +# don't reverse lookup hostnames, they are usually another container + echo '!includedir /etc/my.cnf.d' >> /etc/my.cnf; \ + printf '[mysqld]\nhost_cache_size=0\nskip-name-resolve\n' > /etc/my.cnf.d/docker.cnf; \ +# TokuDB modifications + /usr/bin/install -m 0664 -o mysql -g root /dev/null /etc/sysconfig/mysql; \ + echo "LD_PRELOAD=/usr/lib64/libjemalloc.so.1" >> /etc/sysconfig/mysql; \ + echo "THP_SETTING=never" >> /etc/sysconfig/mysql; \ +# allow to change config files + chown -R mysql:root /etc/my.cnf /etc/my.cnf.d; \ + chmod -R ug+rwX /etc/my.cnf /etc/my.cnf.d + +VOLUME ["/var/lib/mysql", "/var/log/mysql"] + +RUN set -eux; \ + curl -fL "https://github.com/Percona-Lab/telemetry-agent/archive/refs/tags/phase-$CALL_HOME_VERSION.tar.gz" -o "phase-$CALL_HOME_VERSION.tar.gz"; \ + echo "$CALL_HOME_DOWNLOAD_SHA256 phase-$CALL_HOME_VERSION.tar.gz" | sha256sum --strict --check; \ + tar -xvf phase-$CALL_HOME_VERSION.tar.gz; \ + cp telemetry-agent-phase-$CALL_HOME_VERSION/call-home.sh .;\ + rm -rf telemetry-agent-phase-$CALL_HOME_VERSION phase-$CALL_HOME_VERSION.tar.gz; \ + chmod a+rx /call-home.sh; \ + mkdir -p /usr/local/percona; \ + chown mysql:mysql /usr/local/percona +ENV CALL_HOME_OPTIONAL_PARAMS=" -s ${OS_VER}" + +COPY ps-entry-dockerhub.sh /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] + +USER mysql +EXPOSE 3306 33060 +CMD ["mysqld"] diff --git a/percona-server-8.4/Dockerfile.aarch64 b/percona-server-8.4/Dockerfile.aarch64 new file mode 100644 index 00000000..9ecc62c6 --- /dev/null +++ b/percona-server-8.4/Dockerfile.aarch64 @@ -0,0 +1,137 @@ +# This Dockerfile should be used for docker official repo + +# https://github.com/docker-library/official-images: +# No official images can be derived from, or depend on, non-official images +# with the following notable exceptions... +FROM redhat/ubi9-minimal + +LABEL org.opencontainers.image.authors="info@percona.com" + +ENV PS_VERSION 8.4.3-3.1 +ENV OS_VER el9 +ENV FULL_PERCONA_VERSION "$PS_VERSION.$OS_VER" +ENV PS_REPO testing +ENV PS_TELEMETRY_VERSION 8.4.3-3-1 +ENV CALL_HOME_DOWNLOAD_SHA256 5e84d2f1a5d57f44c46e6a1f16794d649d3de09fe8021f0294bc321c89e51068 +ENV KEY_RPM_DOWNLOAD_SHA256 fcf0eab4f05a1c0de6363ac4b707600a27a9d774e9b491059e59e6921b255a84 +ENV CALL_HOME_VERSION 0.1 + +# It is intentionally used another UID, to have backward compatibility with +# the previous image versions published on Docker Hub +RUN set -ex; \ + #groupdel input; \ + #userdel systemd-coredump; \ + groupadd -g 1001 mysql; \ + useradd -u 1001 -r -g 1001 -s /sbin/nologin \ + -m -c "Default Application User" mysql + +# Do not report during Docker image creation. +ARG PERCONA_TELEMETRY_DISABLE=1 + +# check repository package signature in secure way +RUN set -ex; \ + #yum -y install epel-release; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 4D1BB29D63D98E422B2113B19334A25F8507EFA5 99DB70FAE1D7CE227FB6488205B555B38483C65D; \ + gpg --batch --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/PERCONA-PACKAGING-KEY; \ + gpg --batch --export --armor 99DB70FAE1D7CE227FB6488205B555B38483C65D > ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \ + rpmkeys --import ${GNUPGHOME}/PERCONA-PACKAGING-KEY ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \ + curl -Lf -o /tmp/percona-release.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm; \ + rpmkeys --checksig /tmp/percona-release.rpm; \ + microdnf install -y findutils; \ + rpm -i /tmp/percona-release.rpm; \ + sed -i "s|x86_64|x86_64 aarch64|" /usr/bin/percona-release; \ + rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ + rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \ + #microdnf -y module disable mysql; \ + percona-release disable all; \ + percona-release enable ps-84-lts ${PS_REPO}; \ + percona-release enable telemetry ${PS_REPO}; \ + rm -rf /tmp/percona-*; \ + curl -O https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9; \ + echo "$KEY_RPM_DOWNLOAD_SHA256 RPM-GPG-KEY-EPEL-9" | sha256sum --strict --check; \ + rpm --import RPM-GPG-KEY-EPEL-9; \ + curl -Lf -o /tmp/jemalloc.rpm https://rpmfind.net/linux/epel/9/Everything/aarch64/Packages/j/jemalloc-5.2.1-2.el9.aarch64.rpm; \ + curl -Lf -o /tmp/gflags.rpm https://rpmfind.net/linux/epel/9/Everything/aarch64/Packages/g/gflags-2.2.2-9.el9.aarch64.rpm; \ + rpmkeys --checksig /tmp/gflags.rpm /tmp/jemalloc.rpm; \ + rpm -i /tmp/jemalloc.rpm; \ + rpm -i /tmp/gflags.rpm; \ + rm -f /tmp/gflags.rpm /tmp/jemalloc.rpm + +RUN set -ex; \ + rpm -e --nodeps tzdata; \ + microdnf -y install \ + hostname \ + tzdata \ + jemalloc \ + which \ + cracklib-dicts \ + tar \ + policycoreutils; \ + microdnf -y update \ + #glibc \ + libnghttp2 \ + openssh \ + python3-setuptools-wheel \ + krb5-libs \ + pam \ + python3; \ + \ + microdnf -y install \ + percona-server-server-${FULL_PERCONA_VERSION} \ + percona-server-rocksdb-${FULL_PERCONA_VERSION} \ + percona-server-devel-${FULL_PERCONA_VERSION} \ + percona-icu-data-files-${FULL_PERCONA_VERSION} \ + percona-telemetry-agent; \ + microdnf clean all; \ + rm -rf /var/cache/dnf /var/cache/yum /var/lib/mysql + +# purge and re-create /var/lib/mysql with appropriate ownership +RUN set -ex; \ + /usr/bin/install -m 0775 -o mysql -g root -d /var/lib/mysql /var/run/mysqld /docker-entrypoint-initdb.d; \ +# comment out a few problematic configuration values + find /etc/my.cnf /etc/my.cnf.d -name '*.cnf' -print0 \ + | xargs -0 grep -lZE '^(bind-address|log|user)' \ + | xargs -rt -0 sed -Ei 's/^(bind-address|log|user)/#&/'; \ +# don't reverse lookup hostnames, they are usually another container + echo '!includedir /etc/my.cnf.d' >> /etc/my.cnf; \ + printf '[mysqld]\nhost_cache_size=0\nskip-name-resolve\n' > /etc/my.cnf.d/docker.cnf; \ + +# TokuDB modifications + /usr/bin/install -m 0664 -o mysql -g root /dev/null /etc/sysconfig/mysql; \ + echo "LD_PRELOAD=/usr/lib64/libjemalloc.so.1" >> /etc/sysconfig/mysql; \ + echo "THP_SETTING=never" >> /etc/sysconfig/mysql; \ +# allow to change config files + chown -R mysql:root /etc/my.cnf /etc/my.cnf.d; \ + chmod -R ug+rwX /etc/my.cnf /etc/my.cnf.d + +VOLUME ["/var/lib/mysql", "/var/log/mysql"] + +RUN set -eux; \ + curl -fL "https://github.com/Percona-Lab/telemetry-agent/archive/refs/tags/phase-$CALL_HOME_VERSION.tar.gz" -o "phase-$CALL_HOME_VERSION.tar.gz"; \ + echo "$CALL_HOME_DOWNLOAD_SHA256 phase-$CALL_HOME_VERSION.tar.gz" | sha256sum --strict --check; \ + tar -xvf phase-$CALL_HOME_VERSION.tar.gz; \ + cp telemetry-agent-phase-$CALL_HOME_VERSION/call-home.sh .;\ + rm -rf telemetry-agent-phase-$CALL_HOME_VERSION phase-$CALL_HOME_VERSION.tar.gz; \ + chmod a+rx /call-home.sh; \ + mkdir -p /usr/local/percona; \ + chown mysql:mysql /usr/local/percona +ENV CALL_HOME_OPTIONAL_PARAMS=" -s ${OS_VER}" + +COPY ps-entry.sh /docker-entrypoint.sh +COPY telemetry-agent-supervisor.sh /usr/bin/ +RUN set -ex; \ + chown mysql /usr/bin/telemetry-agent-supervisor.sh; \ + chown mysql /usr/bin/percona-telemetry-agent; \ + chown mysql /usr/local/percona/telemetry/history; \ + chmod ug+rwx /usr/bin/telemetry-agent-supervisor.sh; \ + chmod -R go+w /var/log/percona +ENV PERCONA_TELEMETRY_CHECK_INTERVAL=86400 +ENV PERCONA_TELEMETRY_HISTORY_KEEP_INTERVAL=604800 +ENV PERCONA_TELEMETRY_RESEND_INTERVAL=60 +ENV PERCONA_TELEMETRY_URL=https://check.percona.com/v1/telemetry/GenericReport +ENTRYPOINT ["/docker-entrypoint.sh"] + +USER mysql +EXPOSE 3306 33060 +CMD ["mysqld"] diff --git a/percona-server-8.4/README-build.md b/percona-server-8.4/README-build.md new file mode 100644 index 00000000..b801e9a5 --- /dev/null +++ b/percona-server-8.4/README-build.md @@ -0,0 +1,40 @@ +Build image + + `docker build -t percona-server Dockerfile` + +or + + `docker build -t percona-server Dockerfile` + +Tag image + + `docker tag percona/percona-server:8.4` + +Push to hub + + `docker push percona/percona-server:8.4` + +Usage +===== + + vi ./docker-compose.yml + percona: + image: percona/percona-server:latest + name: perconaserver + environment: + MYSQL_ROOT_PASSWORD: secret + ports: + - "3306" + volumes: + # create volumes for use + - /var/log/mysql + - /var/lib/mysql + # bind mount my local my.cnf + # - $PWD/my.cnf:/etc/my.cnf + command: + # Workaround for no my.cnf in image + - '--user=mysql' + 7) Start the container from cli + docker-compose up + 8) Check status + docker-compose ps diff --git a/percona-server-8.4/README.md b/percona-server-8.4/README.md new file mode 100644 index 00000000..035721b4 --- /dev/null +++ b/percona-server-8.4/README.md @@ -0,0 +1,158 @@ +![logo](https://www.percona.com/wp-content/uploads/2023/03/font-1.jpg) + +# What is Percona Server? + +Percona Server is an enhanced drop-in replacement for MySQL. With Percona Server, your queries will run faster and more consistently. You will consolidate servers on powerful hardware and will delay sharding, or avoid it entirely. + +For more information and related downloads for Percona Server and other Percona products, please visit http://www.percona.com. + +# Percona Server Docker Images + +These are the only official Percona Server Docker images, created and maintained by the Percona team. The image has the Percona Fractal Tree based storage engine `TokuDB` enabled. The available versions are: + + Percona Server 8.4.3-3.1 (tag: 8.4) + +Images are updated when new releases are published. + +# How to Use the Images + +## Start a Percona Server Instance + +Start a Percona Server container as follows: + + docker run --name container-name -e MYSQL_ROOT_PASSWORD=secret -d percona/percona-server:tag + +Where `container-name` is the name you want to assign to your container, `secret` is the password to be set for the root user and `tag` is the tag specifying the version you want. See the list above for relevant tags, or look at the [full list of tags](https://registry.hub.docker.com/u/percona/percona-server/tags/manage/). + +## Connect to Percona Server from an Application in Another Docker Container + +This image exposes the standard MySQL port (3306), so container linking makes the instance available to other containers. Start other containers like this in order to link it to the Percona Server container: + + docker run --name app-container-name --link container-name -d app-that-uses-mysql + +## Connect to Percona Server from the MySQL Command Line Client + +The following command starts another container instance and runs the `mysql` command line client against your original container, allowing you to execute SQL statements against your database: + + docker run -it --link container-name --rm percona/percona-server:tag mysql -h container-name -P 3306 -uroot -psecret' + +where `container-name` is the name of your database container. + +# Environment Variables + +When you start a Percona Server container, you can adjust the configuration of the instance by passing one or more environment variables on the `docker run` command line. Do note that none of the variables below will have any effect if you start the container with a data directory that already contains a database: any pre-existing database will always be left untouched on container startup. + +Most of the variables listed below are optional, but one of the variables `MYSQL_ROOT_PASSWORD`, `MYSQL_ALLOW_EMPTY_PASSWORD`, `MYSQL_RANDOM_ROOT_PASSWORD` must be given. + +## `MYSQL_ROOT_PASSWORD` + +This variable specifies a password that will be set for the root superuser account. In the above example, it was set to `secret`. **NOTE:** Setting the MySQL root user password on the command line is insecure. + +## `MYSQL_ROOT_PASSWORD_FILE` + +This variable specifies a file that will be read for the root user account. This can be a mounted file when you run your container. This can also be used in the scope of the Docker Secrets (Swarm mode) functionality. + +## `MYSQL_RANDOM_ROOT_PASSWORD` + +When this variable is set to `yes`, a random password for the server's root user will be generated. The password will be printed to stdout in the container, and it can be obtained by using the command `docker logs container-name`. + +## `MYSQL_ONETIME_PASSWORD` + +This variable is optional. When set to `yes`, the root user's password will be set as expired, and must be changed before we can login normally. This is only supported by version 5.6 or newer. + +## `MYSQL_DATABASE` + +This variable is optional. It allows you to specify the name of a database to be created on image startup. If a user/password was supplied (see below) then that user will be granted superuser access (corresponding to GRANT ALL) to this database. + +## `MYSQL_USER`, `MYSQL_PASSWORD` + +These variables are optional, used in conjunction to create a new user and set that user's password. This user will be granted superuser permissions (see above) for the database specified by the `MYSQL_DATABASE` variable. Both variables are required for a user to be created. + +Do note that there is no need to use this mechanism to create the `root` superuser, that user gets created by default with the password set by either of the mechanisms (given or generated) discussed above. + +## `MYSQL_ALLOW_EMPTY_PASSWORD` + +Set to `yes` to allow the container to be started with a blank password for the root user. **NOTE:** Setting this variable to `yes` is not recommended unless you really know what you are doing, since this will leave your instance completely unprotected, allowing anyone to gain complete superuser access. + +## `INIT_TOKUDB` + +Set to `1` to allow the container to be started with enabled TOKUDB engine. + +## `INIT_ROCKSDB` + +Set to `1` to allow the container to be started with enabled ROCKSDB engine. + +## `MYSQL_INIT_ONLY` + +Set to `1` will skip starting the `mysqld` process and will run only the initialization part if MySQL was not initialized before. + +# Notes, Tips, Gotchas + +## Secure Container Startup + +In many use cases, employing the `MYSQL_ROOT_PASSWORD` variable to specify the MySQL root user password on initial container startup is insecure. Instead, to keep your setup as secure as possible, we strongly recommend using the `MYSQL_RANDOM_ROOT_PASSWORD` option. To further secure your instance, we also recommend using the `MYSQL_ONETIME_PASSWORD` variable if you use version 5.6 or higher. + +## Where to Store Data + +There are many two ways to store data used by applications that run in Docker containers. We maintain our usual stance and encourage users to investigate the options and use the method that best suits their use case. Here are some of the options available: + +* Let Docker manage the storage of your database data by writing the database files to disk on the host system using its own internal volume management. The current solutions, devicemapper, aufs and overlayfs have negative performance records. +* Create a data directory on the host system (outside the container on high performance storage) and mount this to a directory visible from inside the container. This places the database files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The user needs to make sure that the directory exists, and that permissions and other security mechanisms on the host system are set up correctly. + +The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blog and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above: + +1. Create a data directory on a suitable volume on your host system, e.g. `/local/datadir`. +2. Start your container like this: + +``` + docker run --name container-name -v /local/datadir:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=secret -d percona/percona-server:tag +``` + +The `-v /local/datadir:/var/lib/mysql` part of the command mounts the `/local/datadir` directory from the underlying host system as `/var/lib/mysql` inside the container, where MySQL by default will write its data files. + +Note that users on systems with SELinux enabled may experience problems with this. The current workaround is to assign the relevant SELinux policy type to the new data directory so that the container will be allowed to access it: + + chcon -Rt svirt_sandbox_file_t /local/datadir + +## Existing Data + +If you start your MySQL container instance with a data directory that already contains a data (specifically, a `mysql` subdirectory where all our system tables live), the `$MYSQL_ROOT_PASSWORD` variable should be omitted from the `docker run` command. + +## Port forwarding + +Docker allows mapping of ports on the container to ports on the host system by using the -p option. If you start the container as follows, you can connect to the database by connecting your client to a port on the host machine. This can greatly simplfy consolidating many instances to a single host. In this example port 6603, the we use the address of the Docker host to connect to the TCP port the Docker deamon is forwarding from: + + docker run --name container-name `-p 6603:3306` -d percona/percona-server + mysql -h docker_host_ip -P 6603 + +## Passing options to the server + +You can pass arbitrary command line options to the MySQL server by appending them to the `run command`: + + docker run --name my-container-name -d percona/percona-server --option1=value --option2=value + +In this case, the values of option1 and option2 will be passed directly to the server when it is started. The following command will for instance start your container with UTF-8 as the default setting for character set and collation for all databases in MySQL: + + docker run --name container-name -d percona/percona-server --character-set-server=utf8 --collation-server=utf8_general_ci + +## Using a Custom Percona Server Config File + +The Percona Server startup configuration in these Docker images is specified in the file `/etc/my.cnf`. If you want to customize this configuration for your own purposes, you can create your alternative configuration file in a directory on the host machine and then mount this file in the appropriate location inside the Percona Server container, effectively replacing the standard configuration file. + +If you want to base your changes on the standard configuration file, start your Percona Server container in the standard way described above, then do: + + docker exec -it my-container-name cat /etc/my.cnf > /my/custom/config-file + +... where `/my/custom/config-file` is the path and name of the new configuration file. Then start a new Percona Server container like this: + + docker run --name my-new-container-name -v /my/custom/config-file:/etc/my.cnf -e MYSQL_ROOT_PASSWORD=my-secret-pw -d percona/percona-server:tag + +This will start a new Percona Server container `my-new-container-name` where the Percona Server instance uses the startup options specified in `/my/custom/config-file`. + +# Supported Docker Versions + +These images are officially supported by the MySQL team on Docker version 1.9. Support for older versions (down to 1.0) is provided on a best-effort basis, but we strongly recommend running on the most recent version, since that is assumed for parts of the documentation above. + +# User Feedback + +We welcome your feedback! diff --git a/percona-server-8.4/docker-compose.yml b/percona-server-8.4/docker-compose.yml new file mode 100644 index 00000000..5061086d --- /dev/null +++ b/percona-server-8.4/docker-compose.yml @@ -0,0 +1,33 @@ +version: '2' +services: + percona-server: + image: percona/percona-server:8.4 + environment: + MYSQL_ROOT_PASSWORD: secret + ports: + - "3306" + volumes: + # create volumes for use + - /var/lib/mysql + # bind mount my local my.cnf + # - $PWD/my.cnf:/etc/my.cnf.d/my.cnf + +# uncomment sections below if you want to enable PMM +# pmm-server: +# image: percona/pmm-server:latest +# ports: +# - "443:443" +# environment: +# - SERVER_USER=pmm +# - SERVER_PASSWORD=pmm +# pmm-client-ps: +# image: perconalab/pmm-client:latest +# environment: +# - PMM_SERVER=pmm-server:443 +# - PMM_USER=pmm +# - PMM_PASSWORD=pmm +# - DB_TYPE=mysql +# - DB_HOST=percona-server +# - DB_PORT=3306 +# - DB_USER=root +# - DB_PASSWORD=secret diff --git a/percona-server-8.4/ps-entry-dockerhub.sh b/percona-server-8.4/ps-entry-dockerhub.sh new file mode 100755 index 00000000..9f08ef1f --- /dev/null +++ b/percona-server-8.4/ps-entry-dockerhub.sh @@ -0,0 +1,250 @@ +#!/bin/bash +set -eo pipefail +shopt -s nullglob +# if command starts with an option, prepend mysqld +if [ "${1:0:1}" = '-' ]; then + set -- mysqld "$@" +fi +# skip setup if they want an option that stops mysqld +wantHelp= +for arg; do + case "$arg" in + -'?'|--help|--print-defaults|-V|--version) + wantHelp=1 + break + ;; + esac +done + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# usage: process_init_file FILENAME MYSQLCOMMAND... +# ie: process_init_file foo.sh mysql -uroot +# (process a single initializer file, based on its extension. we define this +# function here, so that initializer scripts (*.sh) can use the same logic, +# potentially recursively, or override the logic used in subsequent calls) +process_init_file() { + local f="$1"; shift + local mysql=( "$@" ) + + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo +} + +_check_config() { + toRun=( "$@" --verbose --help ) + if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then + cat >&2 <<-EOM + + ERROR: mysqld failed while attempting to check config + command was: "${toRun[*]}" + + $errors + EOM + exit 1 + fi +} + +# Fetch value from server config +# We use mysqld --verbose --help instead of my_print_defaults because the +# latter only show values present in config files, and not server defaults +_get_config() { + local conf="$1"; shift + "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ + | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" +} + +if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then + # still need to check config, container may have started with --user + _check_config "$@" + + if [ -n "$INIT_TOKUDB" ]; then + export LD_PRELOAD=/usr/lib64/libjemalloc.so.1 + fi + # Get config + DATADIR="$(_get_config 'datadir' "$@")" + + if [ ! -d "$DATADIR/mysql" ]; then + file_env 'MYSQL_ROOT_PASSWORD' + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + echo >&2 'error: database is uninitialized and password option is not specified ' + echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + exit 1 + fi + + mkdir -p "$DATADIR" + + echo 'Initializing database' + "$@" --initialize-insecure + echo 'Database initialized' + + if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then + # https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84 + echo 'Initializing certificates' + mysql_ssl_rsa_setup --datadir="$DATADIR" + echo 'Certificates initialized' + fi + + SOCKET="$(_get_config 'socket' "$@")" + "$@" --skip-networking --socket="${SOCKET}" & + pid="$!" + + mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" --password="" ) + + for i in {120..0}; do + if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then + break + fi + echo 'MySQL init process in progress...' + sleep 1 + done + if [ "$i" = 0 ]; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + ( + echo "SET @@SESSION.SQL_LOG_BIN = off;" + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' + ) | "${mysql[@]}" mysql + fi + + # install TokuDB engine + if [ -n "$INIT_TOKUDB" ]; then + ps-admin --docker --enable-tokudb -u root -p $MYSQL_ROOT_PASSWORD + fi + if [ -n "$INIT_ROCKSDB" ]; then + ps-admin --enable-rocksdb -u root -p $MYSQL_ROOT_PASSWORD + fi + + if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + MYSQL_ROOT_PASSWORD="$(pwmake 128)" + echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + + rootCreate= + # default root to listen for connections from anywhere + file_env 'MYSQL_ROOT_HOST' '%' + if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then + # no, we don't care if read finds a terminating character in this heredoc + # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 + read -r -d '' rootCreate <<-EOSQL || true + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; + EOSQL + fi + + "${mysql[@]}" <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; + + DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'mysql.infoschema', 'mysql.session', 'root') OR host NOT IN ('localhost') ; + ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; + ${rootCreate} + DROP DATABASE IF EXISTS test ; + FLUSH PRIVILEGES ; + EOSQL + + if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then + mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) + fi + + file_env 'MYSQL_DATABASE' + if [ "$MYSQL_DATABASE" ]; then + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" + mysql+=( "$MYSQL_DATABASE" ) + fi + + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" + + if [ "$MYSQL_DATABASE" ]; then + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + fi + + echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" + fi + + echo + ls /docker-entrypoint-initdb.d/ > /dev/null + for f in /docker-entrypoint-initdb.d/*; do + process_init_file "$f" "${mysql[@]}" + done + + if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then + "${mysql[@]}" <<-EOSQL + ALTER USER 'root'@'%' PASSWORD EXPIRE; + EOSQL + fi + if ! kill -s TERM "$pid" || ! wait "$pid"; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + echo + echo 'MySQL init process done. Ready for start up.' + echo + fi + + # exit when MYSQL_INIT_ONLY environment variable is set to avoid starting mysqld + if [ ! -z "$MYSQL_INIT_ONLY" ]; then + echo 'Initialization complete, now exiting!' + exit 0 + fi +fi + +if [ ! -z "${PERCONA_INSTANCE_ID}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -i ${PERCONA_INSTANCE_ID}" +fi + +if [ ! -z "${PERCONA_TELEMETRY_CONFIG_FILE_PATH}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -j ${PERCONA_TELEMETRY_CONFIG_FILE_PATH}" +fi + +if [ ! -z "${PERCONA_SEND_TIMEOUT}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -t ${PERCONA_SEND_TIMEOUT}" +else + CALL_HOME_OPTIONAL_PARAMS+=" -t 7" +fi + +if [ ! -z "${PERCONA_CONNECT_TIMEOUT}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -c ${PERCONA_CONNECT_TIMEOUT}" +else + CALL_HOME_OPTIONAL_PARAMS+=" -c 2" +fi + +/call-home.sh -f "PRODUCT_FAMILY_PS" -v "${PS_TELEMETRY_VERSION}" -d "DOCKER" ${CALL_HOME_OPTIONAL_PARAMS} &> /dev/null || : + +exec "$@" diff --git a/percona-server-8.4/ps-entry.sh b/percona-server-8.4/ps-entry.sh new file mode 100755 index 00000000..a7fe81b6 --- /dev/null +++ b/percona-server-8.4/ps-entry.sh @@ -0,0 +1,253 @@ +#!/bin/bash +set -eo pipefail +shopt -s nullglob +# if command starts with an option, prepend mysqld +if [ "${1:0:1}" = '-' ]; then + set -- mysqld "$@" +fi +# skip setup if they want an option that stops mysqld +wantHelp= +for arg; do + case "$arg" in + -'?'|--help|--print-defaults|-V|--version) + wantHelp=1 + break + ;; + esac +done + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# usage: process_init_file FILENAME MYSQLCOMMAND... +# ie: process_init_file foo.sh mysql -uroot +# (process a single initializer file, based on its extension. we define this +# function here, so that initializer scripts (*.sh) can use the same logic, +# potentially recursively, or override the logic used in subsequent calls) +process_init_file() { + local f="$1"; shift + local mysql=( "$@" ) + + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo +} + +_check_config() { + toRun=( "$@" --verbose --help ) + if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then + cat >&2 <<-EOM + + ERROR: mysqld failed while attempting to check config + command was: "${toRun[*]}" + + $errors + EOM + exit 1 + fi +} + +# Fetch value from server config +# We use mysqld --verbose --help instead of my_print_defaults because the +# latter only show values present in config files, and not server defaults +_get_config() { + local conf="$1"; shift + "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ + | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" +} + +if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then + # still need to check config, container may have started with --user + _check_config "$@" + + if [ -n "$INIT_TOKUDB" ]; then + export LD_PRELOAD=/usr/lib64/libjemalloc.so.1 + fi + # Get config + DATADIR="$(_get_config 'datadir' "$@")" + + if [ ! -d "$DATADIR/mysql" ]; then + file_env 'MYSQL_ROOT_PASSWORD' + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + echo >&2 'error: database is uninitialized and password option is not specified ' + echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + exit 1 + fi + + mkdir -p "$DATADIR" + + echo 'Initializing database' + "$@" --initialize-insecure + echo 'Database initialized' + + if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then + # https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84 + echo 'Initializing certificates' + mysql_ssl_rsa_setup --datadir="$DATADIR" + echo 'Certificates initialized' + fi + + SOCKET="$(_get_config 'socket' "$@")" + "$@" --skip-networking --socket="${SOCKET}" & + pid="$!" + + mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" --password="" ) + + for i in {120..0}; do + if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then + break + fi + echo 'MySQL init process in progress...' + sleep 1 + done + if [ "$i" = 0 ]; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + ( + echo "SET @@SESSION.SQL_LOG_BIN = off;" + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' + ) | "${mysql[@]}" mysql + fi + + # install TokuDB engine + if [ -n "$INIT_TOKUDB" ]; then + ps-admin --docker --enable-tokudb -u root -p $MYSQL_ROOT_PASSWORD + fi + if [ -n "$INIT_ROCKSDB" ]; then + ps-admin --enable-rocksdb -u root -p $MYSQL_ROOT_PASSWORD + fi + + if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + MYSQL_ROOT_PASSWORD="$(pwmake 128)" + echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + + rootCreate= + # default root to listen for connections from anywhere + file_env 'MYSQL_ROOT_HOST' '%' + if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then + # no, we don't care if read finds a terminating character in this heredoc + # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 + read -r -d '' rootCreate <<-EOSQL || true + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; + EOSQL + fi + + "${mysql[@]}" <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; + + DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'mysql.infoschema', 'mysql.session', 'root') OR host NOT IN ('localhost') ; + ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; + ${rootCreate} + DROP DATABASE IF EXISTS test ; + FLUSH PRIVILEGES ; + EOSQL + + if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then + mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) + fi + + file_env 'MYSQL_DATABASE' + if [ "$MYSQL_DATABASE" ]; then + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" + mysql+=( "$MYSQL_DATABASE" ) + fi + + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" + + if [ "$MYSQL_DATABASE" ]; then + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + fi + + echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" + fi + + echo + ls /docker-entrypoint-initdb.d/ > /dev/null + for f in /docker-entrypoint-initdb.d/*; do + process_init_file "$f" "${mysql[@]}" + done + + if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then + "${mysql[@]}" <<-EOSQL + ALTER USER 'root'@'%' PASSWORD EXPIRE; + EOSQL + fi + if ! kill -s TERM "$pid" || ! wait "$pid"; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + echo + echo 'MySQL init process done. Ready for start up.' + echo + fi + + # exit when MYSQL_INIT_ONLY environment variable is set to avoid starting mysqld + if [ ! -z "$MYSQL_INIT_ONLY" ]; then + echo 'Initialization complete, now exiting!' + exit 0 + fi +fi + +if [ ! -z "${PERCONA_INSTANCE_ID}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -i ${PERCONA_INSTANCE_ID}" +fi + +if [ ! -z "${PERCONA_TELEMETRY_CONFIG_FILE_PATH}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -j ${PERCONA_TELEMETRY_CONFIG_FILE_PATH}" +fi + +if [ ! -z "${PERCONA_SEND_TIMEOUT}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -t ${PERCONA_SEND_TIMEOUT}" +else + CALL_HOME_OPTIONAL_PARAMS+=" -t 7" +fi + +if [ ! -z "${PERCONA_CONNECT_TIMEOUT}" ]; then + CALL_HOME_OPTIONAL_PARAMS+=" -c ${PERCONA_CONNECT_TIMEOUT}" +else + CALL_HOME_OPTIONAL_PARAMS+=" -c 2" +fi + +if [[ ${PERCONA_TELEMETRY_DISABLE} -ne "0" ]]; then + exec "$@" --percona_telemetry_disable=1 +else + /usr/bin/telemetry-agent-supervisor.sh & + exec "$@" +fi diff --git a/percona-server-8.4/telemetry-agent-supervisor.sh b/percona-server-8.4/telemetry-agent-supervisor.sh new file mode 100644 index 00000000..6ad026ee --- /dev/null +++ b/percona-server-8.4/telemetry-agent-supervisor.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# phase-0 telemetry +/call-home.sh -f "PRODUCT_FAMILY_PS" -v "${PS_TELEMETRY_VERSION}" -d "DOCKER" ${CALL_HOME_OPTIONAL_PARAMS} &> /dev/null || : + +# phase-1 telemetry +for i in {1..3}; do + /usr/bin/percona-telemetry-agent >> /var/log/percona/telemetry-agent.log 2>> /var/log/percona/telemetry-agent-error.log + if [ $? -eq 0 ]; then + break + fi + sleep 5 +done +sleep infinity