Menu
I am trying to create an OpenShift compliant prefilled MySQL container image.
Running the container with a specified user is (sadly) not an option for us.
This is a problem since OpenShift simply creates some random UID without a username so setting a username at runtime with a script before starting the MySQL service is not an option.
Is there any way to get MySQL to run with any random UID in a docker container?
edit:
The idea behind this question is being able to start a MySQL container like this
Dockerfile for randomusermysql:example
FROM mysql:5.7.22
#IMPORTANT: MySQL Container runs init in alphanumerical order!
COPY src/some.sql /docker-entrypoint-initdb.d/
ENV MYSQL_ROOT_PASSWORD='somepw'
RUN mkdir -p /var/lib/mysql2 && \
chown -R mysql:mysql /var/lib/mysql2 && \
chmod -R 777 /var/lib/mysql2 && \
sed -i 's|/var/lib/mysql|/var/lib/mysql2|g' /etc/mysql/mysql.conf.d/mysqld.cnf && \
sed -i 's|exec "$@"||g' /entrypoint.sh && \
/entrypoint.sh mysqld && \
chmod -R 777 /var/lib/mysql2/ && \
chown -R mysql:mysql /var/lib/mysql2 && \
find /var/lib/mysql2/ -name "*.cnf" -exec chmod 775 {} \; && \
echo 'exec "$@"' >> /entrypoint.sh
Then starting it like this
docker run -u 123456789 randomusermysql:example
Results in the following error when starting the container
2018-05-22T11:39:35.084034Z 0 [ERROR] Fatal error: Can't open and lock privilege tables: Table storage engine for 'user' doesn't have this option
2018-05-22T11:39:35.084235Z 0 [ERROR] Aborting
There is no possibility of passing the user as docker ENV when starting the container
edit2: Bounty text is incorrect.
Corrected bounty statement:
A solution is needed with a prefilled MySQL database without just copying the dump files into /docker-entrypoint-initdb.d directory!
408
Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime. Rootless mode does not require root privileges even during the installation of the Docker daemon, as long as the prerequisites are met.
As an alternative, we can also access the Docker container as root. In this case, we'll use the nsenter command to access the Docker container. To use the nsenter command, we must know the PID of the running container. This allows us to access the Docker container as a root user and run any command to access any file.
The problem is that if you pre-create the database files as part of the image in the required location, is that they will have user the same as the Dockerfile created them. You will not know in advance what the user is and so can't match what the database may be started as, causing MySQL to fail on startup because the directory owning the database files is not the same as what it is being started as.
The only solution I have seen to this is to add the database files into the image in a tar file at some location. In the startup command for the database, create the directory for the database and unpack the tar file into it. This way the directory and the files will be the user that MySQL runs as.
Note that you will want to make the parent directory of where the database directory is to be created, group root and writable by group so you can create the database directory when image run as arbitrary user ID for which there is no passwd file entry. In that case, the group ID will fallback to being root group and so that will allow the database directory to be created.
164
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
