Docker Deployemnt Issues :: mysql grant fails due to skip-name-resolve mode

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Docker Deployemnt Issues :: mysql grant fails due to skip-name-resolve mode

Chris Bradford

I've been working my way through deploying guacamole via docker and have hit a snag. My deployment process is as below:


# Obtain docker images

sudo docker pull glyptodon/guacd

sudo docker pull glyptodon/guacamole

sudo docker pull mysql 


# Create script to prepare MySQL Database

sudo docker run --rm glyptodon/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql


# Make a scripts folder to pass-through to container

sudo mkdir /tmp/scripts

sudo cp initdb.sql /tmp/scripts


# Create mysql container

sudo docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -e MYSQL_ROOT_PASSWORD='<password>' -d mysql:latest


# Start guacd 
sudo docker run --name some-guacd -d glyptodon/guacd

# Configure database

sudo docker exec -it guac-mysql /bin/bash

mysql -u root -p'<password>'

CREATE DATABASE guacamole;
CREATE USER 'guacamole'@'localhost' IDENTIFIED BY '<password>';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost';


At this point the GRANT statement returns a warning. When  I execute "SHOW WARNINGS;" I get: "MySQL is started in --skip-name-resolve mode; you must restart it without this switch for this grant to work"

It turns out that by default the mysql docker image has "skip-name-resolve" enabled by default, which stops the grant from working. There is an open request to change this here: https://github.com/docker-library/mysql/issues/154


For now my workaround is as below (it's not pretty and I would welcome any other suggestions!) - I simply map a blank docker.cnf file through to the container, effectively overwriting the configuration causing this problem.

# Obtain docker images

sudo docker pull glyptodon/guacd
sudo docker pull glyptodon/guacamole
sudo docker pull mysql 


# Create script to prepare MySQL Database
sudo docker run --rm glyptodon/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql

# Make a scripts folder to pass-through to container : modified
sudo mkdir /tmp/scripts
sudo cp initdb.sql /tmp/scripts
sudo touch /tmp/scripts/docker.cnf

# Create mysql container : modified
sudo docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -e MYSQL_ROOT_PASSWORD='<password>' -d mysql:latest
sudo docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -v /tmp/scripts/docker.cnf:/etc/mysql/conf.d/docker.cnf -e MYSQL_ROOT_PASSWORD='<password>' -d mysql:latest

# Start guacd 
sudo docker run --name some-guacd -d glyptodon/guacd

# Configure database
sudo docker exec -it guac-mysql /bin/bash
mysql -u root -p'<password>'
CREATE DATABASE guacamole;
CREATE USER 'guacamole'@'localhost' IDENTIFIED BY '<password>';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost';
FLUSH PRIVILEGES;
quit

# Execute DB Script
cat /tmp/scripts/initdb.sql | mysql -u root -p'<password>' guacamole
history -c

# Exit docker container shell

# Start guacamole client
sudo docker run --name some-guacamole --link some-guacd:guacd \
    --link guac-mysql:mysql \
    -e MYSQL_DATABASE='guacamole' \
    -e MYSQL_USER='guacamole' \
    -e MYSQL_PASSWORD='<password>' \
    -d -p 8080:8080 glyptodon/guacamole


Reply | Threaded
Open this post in threaded view
|

Re: Docker Deployemnt Issues :: mysql grant fails due to skip-name-resolve mode

Chris Bradford

Never mind - fixed using the deployment steps below / avoiding workaround/ hack. Removed user@localhost definition:


# Configure database
docker exec -it guac-mysql /bin/bash
mysql -u root -p'<password>'

CREATE DATABASE guacamole;

CREATE USER 'guacamole' IDENTIFIED BY '<password>';

GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole';

FLUSH PRIVILEGES;

quit


# Execute DB Script
cat /tmp/scripts/initdb.sql | mysql -u root -p'<password>' guacamole
history -c

[...]



From: Chris Bradford <[hidden email]>
Sent: 09 December 2016 17:51:50
To: [hidden email]
Subject: Docker Deployemnt Issues :: mysql grant fails due to skip-name-resolve mode
 

I've been working my way through deploying guacamole via docker and have hit a snag. My deployment process is as below:


# Obtain docker images

sudo docker pull glyptodon/guacd

sudo docker pull glyptodon/guacamole

sudo docker pull mysql 


# Create script to prepare MySQL Database

sudo docker run --rm glyptodon/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql


# Make a scripts folder to pass-through to container

sudo mkdir /tmp/scripts

sudo cp initdb.sql /tmp/scripts


# Create mysql container

sudo docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -e MYSQL_ROOT_PASSWORD='<password>' -d mysql:latest


# Start guacd 
sudo docker run --name some-guacd -d glyptodon/guacd

# Configure database

sudo docker exec -it guac-mysql /bin/bash

mysql -u root -p'<password>'

CREATE DATABASE guacamole;
CREATE USER 'guacamole'@'localhost' IDENTIFIED BY '<password>';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost';


At this point the GRANT statement returns a warning. When  I execute "SHOW WARNINGS;" I get: "MySQL is started in --skip-name-resolve mode; you must restart it without this switch for this grant to work"

It turns out that by default the mysql docker image has "skip-name-resolve" enabled by default, which stops the grant from working. There is an open request to change this here: https://github.com/docker-library/mysql/issues/154


For now my workaround is as below (it's not pretty and I would welcome any other suggestions!) - I simply map a blank docker.cnf file through to the container, effectively overwriting the configuration causing this problem.

# Obtain docker images

sudo docker pull glyptodon/guacd
sudo docker pull glyptodon/guacamole
sudo docker pull mysql 


# Create script to prepare MySQL Database
sudo docker run --rm glyptodon/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql

# Make a scripts folder to pass-through to container : modified
sudo mkdir /tmp/scripts
sudo cp initdb.sql /tmp/scripts
sudo touch /tmp/scripts/docker.cnf

# Create mysql container : modified
sudo docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -e MYSQL_ROOT_PASSWORD='<password>' -d mysql:latest
sudo docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -v /tmp/scripts/docker.cnf:/etc/mysql/conf.d/docker.cnf -e MYSQL_ROOT_PASSWORD='<password>' -d mysql:latest

# Start guacd 
sudo docker run --name some-guacd -d glyptodon/guacd

# Configure database
sudo docker exec -it guac-mysql /bin/bash
mysql -u root -p'<password>'
CREATE DATABASE guacamole;
CREATE USER 'guacamole'@'localhost' IDENTIFIED BY '<password>';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost';
FLUSH PRIVILEGES;
quit

# Execute DB Script
cat /tmp/scripts/initdb.sql | mysql -u root -p'<password>' guacamole
history -c

# Exit docker container shell

# Start guacamole client
sudo docker run --name some-guacamole --link some-guacd:guacd \
    --link guac-mysql:mysql \
    -e MYSQL_DATABASE='guacamole' \
    -e MYSQL_USER='guacamole' \
    -e MYSQL_PASSWORD='<password>' \
    -d -p 8080:8080 glyptodon/guacamole