Cannot delete files on docker host - mysql

I'm using the following shell script to extract my databases in the entrypoint and startup the container.
#!/bin/bash
if [ ! -d "/var/lib/mysql/assetmanager" ]; then
tar -zxvf mysql.tar.gz
fi
exec /usr/bin/mysqld_safe
On startup I mount a local directory to the /var/lib/mysql directory with the -v parameter and extract then the files with the above script.
But now I can't delete the extracted files on my host, because permission denied error.
Can someone help me with this problem.
Thx

You cannot delete them because by default process in container executed by root user and extracted files belong to root. if you don't need these files in mapped dir, use different location for it -v ...:/myassets and in script:
if [ ! -d "/var/lib/mysql/assetmanager" ]; then
tar -zxvf /myassets/mysql.tar.gz
fi
you also could map a single file instead of whole directory if you need only that file.
There are many other solutions, depends what you need:
you could delete these files as root: sudo rm ...
you could delete them in container before exit
you could create user in container and create files from this user

Related

OpenGrok) How can I use '--symlink' command in OpenGrok?

I'm not sure how to use the --symlink command in OpenGrok, so I'm asking.
OpenGrok's source root folder is '/opengrok/src'.
In this folder, I created a symbolic link file with the following command.
ln -s /home/A/workspace/tmp tmp
And I did indexing with the following command.
java -Djava.util.logging.config.file=/opengrok/etc/logging.properties -jar /opengrok/dist/lib/opengrok.jar -c /usr/local/bin/ctags -s /opengrok/src -d /opengrok/data -P -S -W /opengrok/etc/configuration.xml --symlink /opengrok/src/tmp -U http://localhost:8080/source
When I connect to localhost/source, the tmp file is displayed, but when I click it, the files in tmp are not displayed and the following error message is displayed.
Error: File not found!
The requested resource is not available.
Resource lacks history info. Was remote SCM side up when indexing occurred? Cleanup history cache dir(or just the .gz for the file or db record) and rerun indexer making sure remote side will respond during indexing.
How can I access and view the files in tmp using OpenGrok?

Is it possible to exclude a specific subdirectory from a podman volume mount?

For example, let's say you have a directory dir/ with an arbitrary number of subdirectories including dir/subdir/, and you want to mount dir/ to a podman container with every subdirectory also mounted except dir/subdir/.
Is this possible in podman? If so, is it possible to do this purely with the arguments of a podman run command?
Is not possible, the entire folder will be available inside the container.
You can overcome this with permissions, acl or even symbolic links. In the last case, create a second folder with links pointing to only the folders you want to be available inside the container.
Use an extra bind-mount to hide the directory dir/subdir/
In other words, first bind-mount dir/ and then bind-mount an empty directory over dir/subdir to hide its contents.
$ mkdir dir
$ mkdir dir/subdir
$ mkdir dir/subdir2
$ mkdir emptydir
$ touch dir/subdir/file1.txt
$ touch dir/subdir2/file2.txt
$ podman pull -q docker.io/library/fedora
b2aa39c304c27b96c1fef0c06bee651ac9241d49c4fe34381cab8453f9a89c7d
$ podman run --rm \
-v ./dir:/dir:Z \
-v ./emptydir:/dir/subdir:Z \
docker.io/library/fedora find /dir
/dir
/dir/subdir
/dir/subdir2
/dir/subdir2/file2.txt
In the output from the command find /dir there is no file dir/subdir/file1.txt

Docker container: /bin/sh: cat: No such file or directory

I'm using the mysql/mysql-server image to create a mysql server in docker. Since I want to setup my database (add users, create tables) automatically, I've created a SQL file that does that for me. In order to automatically run that script, I extended the image with this dockerfile:
FROM mysql/mysql-server:latest
RUN mkdir /scripts
WORKDIR /scripts
COPY ./db_setup.sql .
RUN mysql -u root -p password < cat db_setup.sql
but for some reason, this happens:
/bin/sh: cat: No such file or directory
ERROR: Service 'db' failed to build : The command '/bin/sh -c mysql -u root -p password < cat db_setup.sql' returned a non-zero code: 1
How do I fix this?
You can just remove the cat command from your RUN command:
RUN mysql -u root -p password < db_setup.sql
No such file or directory is returned since cat cannot be found in the current directory set by WORKDIR. You can just redirect the stdin of mysql to be from the db_setup.sql file. Edited to clarify < sh redirection is expecting the file name to use for input.
EDIT 2: Keep in mind your example is a RUN command that is attempting to run mysql and creating a layer at docker image build time. You may want to have this run during the mysql entrypoint script at runtime instead (e.g. scripts are run from thedocker-entrypoint-initdb.d/ directory by the docker-entrypoint.sh script of the official mysql image) or using other features that are documented for the official image.
RUN is a build time command. MySQL isn't running at this point.
If you where/are using a standard image there is a location for database initialization:
FROM mysql:8.0
COPY db_setup.sql /docker-entrypoint-initdb.d
Command cat is not present in mysql/mysql-server:latest image.
Moreover, you would only need to provide filename afetr redirection.
RUN mysql -u root -p password < db_setup.sql

Mariadb multi stage container with an existing database

I need to create a container with an existing database and operate some actions on it before distribute it.
In production, I've got some really big databases:
[root]# ls /home/db-backup/test/prepare/26_06_2020/full/
ibdata1
ib_logfile0
ib_logfile1
ibtmp1
mysql
performance_schema
my_existing_database1
my_existing_database2
my_existing_database3
I just need to publish a container with my_existing_database1 for my team.
I tried many Dockerfile but I can't find a way do to it and I don't understand why.
Here a simplified Dockerfile :
FROM mariadb:latest as builder
ENV MYSQL_ALLOW_EMPTY_PASSWORD yes
# for easier debug, i will remove that in prod
RUN sed -i '/\[mysqld\]/a plugin-load-add = auth_socket.so' /etc/mysql/my.cnf
WORKDIR /initialized-db
COPY ibdata1 .
COPY mysql ./mysql
COPY performance_schema ./performance_schema
COPY my_existing_database1 ./my_existing_database1
COPY db-init.sh /docker-entrypoint-initdb.d/
RUN chown mysql:mysql . \
&& chmod 660 ibdata1 \
&& chmod +x /docker-entrypoint-initdb.d/db-init.sh
RUN ["/usr/local/bin/docker-entrypoint.sh", "mysqld", "--datadir", "/initialized-db", "--aria-log-dir-path", "/initialized-db"]
# No file named test
RUN ls /initialized-db/
FROM mariadb:latest
COPY --from=builder /initialized-db /var/lib/mysql
As you can see, I try to execute my script db-init.sh. Simplified version :
#!/bin/bash
set -e -x
mysql -u root -e "CREATE USER 'test'#'%' IDENTIFIED BY 'test';"
touch /initialized-db/test
Unfortunetly, my script is not executed as the file test is not created.
I try to bypass the /usr/local/bin/docker-entrypoint.sh with my own script (copy/paste of the file with some edit) but it's not working either (user and file test not created).
Can you help me on this one please?
You should preferably mount a directory for the data and distribute it then extra.
If you must distibute it with the container itself, you should be able to edit the config of that database to use a custom data directory and initialize your databases in it with RUN and COPY.

MySQL Docker file : sed: couldn't open temporary file

I am trying to create new MySQL image and deploying in Kubernetes.
FROM oraclelinux:7-slim
USER root
ARG MYSQL_SERVER_PACKAGE=mysql-community-server-minimal-8.0.19
ARG MYSQL_SHELL_PACKAGE=mysql-shell-8.0.19
# Install server
RUN yum install -y https://repo.mysql.com/mysql-community-minimal-release-el7.rpm \
https://repo.mysql.com/mysql-community-release-el7.rpm \
&& yum-config-manager --enable mysql80-server-minimal \
&& yum install -y \
$MYSQL_SERVER_PACKAGE \
$MYSQL_SHELL_PACKAGE \
libpwquality \
&& yum clean all \
&& mkdir /docker-entrypoint-initdb.d
VOLUME /var/lib/mysql
COPY docker-entrypoint.sh /entrypoint.sh
COPY healthcheck.sh /healthcheck.sh
ENTRYPOINT ["/entrypoint.sh"]
HEALTHCHECK CMD /healthcheck.sh
EXPOSE 3306 33060
RUN chmod +rwx /entrypoint.sh
RUN chmod +rwx /healthcheck.sh
RUN groupadd -r mysql && useradd -r -g mysql mysql
EXPOSE 3306
CMD ["mysqld"]
It's working fine in the container. But throwing error when I deployed in Kubernetes like below:
How can I understand this issue?
ADDED
docker-entrypoint.sh:
if [ -n "$MYSQL_LOG_CONSOLE" ] || [ -n "console" ]; then
# Don't touch bind-mounted config files
if ! cat /proc/1/mounts | grep "/etc/my.cnf"; then
sed -i 's/^log-error=/#&/' /etc/my.cnf
fi
fi
P.S : I have added content of the file.
The problem is related with sed's in-place editing implementation. When you edit a file using the -i or --in-place option, the edition doesn't actually happen in-place. sed saves the changes into a temporary file and then uses it to replace the original one.
It happens that you don't have write permission to /etc directory, where sed is trying to create its temporary file.
As suggested in comments most probably the command is run by user mysql. For sure it is not run as root as it has enough privileges to be able to write to /etc:
bash-4.2# ls -ld /etc
drwxr-xr-x 1 root root 4096 Mar 27 15:04 /etc
As you can see others don't have write permission. Changing permissions or owner of /etc directory itself is a really bad idea and I won't advise you to run this command as root user either.
The simplest solution is to give up on using --in-place option, save the result in a directory such as /tmp, to which everyone has access:
bash-4.2# ls -ld /tmp
drwxrwxrwt 1 root root 4096 Mar 27 16:39 /tmp
and after that replace the content of the original file with the content of the temporary one.
Your command may look like this:
sed 's/^log-error=/#&/' /etc/my.cnf > /tmp/my.cnf && cat /tmp/my.cnf > /etc/my.cnf
One important caveat:
You need to make sure you have write permission on /etc/my.cnf file. As you can see below, by default you don't have such permission either, so the error will occur later, when the command will try to write to the original config file.
bash-4.2# ls -l /etc/my.cnf
-rw-r--r-- 1 root root 1239 Mar 27 15:04 /etc/my.cnf
You need to modify it in your Dockerfile either by making it availeble for edit by everyone:
RUN chmod 666 /etc/my.cnf
or better option:
RUN chown mysql /etc/my.cnf
to change its owner to mysql, if this is the user that executes the entrypoint.sh script.
Please let me know if it helps.