Page MenuHomeDevCentral
Create Task
Maniphest T555

MySQL instance should generate a random password if MYSQL_ROOT_PASSWORD isn't set
Closed, WontfixPublic
Actions

Description

Currently, our acquisitariat container is launched by the following script:

#!/bin/sh

INSTANCE_NAME=acquisitariat
MYSQL_ROOT_PASSWORD=`openssl rand -hex 21`
MYSQL_DATADIR=/data/$INSTANCE_NAME/mysql

mkdir -p $MYSQL_DATADIR
chcon -Rt svirt_sandbox_file_t $MYSQL_DATADIR
docker run -d \
  -e MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD \
  -v $MYSQL_DATADIR:/var/lib/mysql \
  --name $INSTANCE_NAME nasqueron/mysql

Actually, we don't need to set or know the MYSQL_ROOT_PASSWORD value, as linked containers will recover the value in environment: any container with --link acquisitariat:mysql can access the root password with MYSQL_ENV_MYSQL_ROOT_PASSWORD.

This is what we done in Phabricator container for example:

It would be nice if the image could generate the password.

WARNING: openssl isn't installed on Docker MySQL official image.

Related Objects

Event Timeline

dereckson created this task.Nov 9 2015, 20:46
dereckson raised the priority of this task from to Wishlist.
dereckson updated the task description. (Show Details)
dereckson added a project: Nasqueron Docker deployment squad.
dereckson added subscribers: dereckson, Sandlayth.
dereckson added a comment.EditedNov 9 2015, 21:03

Generate the password inside the container

An IRC brainstorming gives two solutions to generate the password without installing OpenSSL.

  • < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32
  • to use passwordmaker-cli with rather lite deps: libmhash2 libpcre3 libpcrecpp0

Thanks to teclo- and @Kaliiixx.

Run once a command
D39 shows how to run once a command at container startup.

We can tag this issue good-first-issue, as it has been explored and offer a good opportunity to discover our Docker codebase.

dereckson added a project: good-first-issue.Nov 9 2015, 21:03
dereckson moved this task from Backlog to Dev on the good-first-issue board.
dereckson removed a project: good-first-issue.Nov 11 2015, 21:58
dereckson added a comment.Nov 11 2015, 22:01

There is an issue: Docker passes the environment to the starting process, but also to linked containers (they need MYSQL_ENV_MYSQL_ROOT_PASSWORD to setup their MySQL database).

According to http://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/#environment-variables sources are ENV instrutions in Dockerfile, and -e options' arguments.

dereckson added a project: Docker images.Nov 15 2015, 01:49
dereckson closed this task as Wontfix.Dec 1 2015, 06:16
dereckson claimed this task.
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator