MySQL docker keepalived SSH
概述
制作 docker 镜像
文件详情
注: 该实验采用的 docker 版本: Docker version 17.09.0-ce
概述
目的
制作包含 mysqld,keepalvied 和 sshd 服务的镜像, 用于搭建 keepavlied+MySQL 主从复制的高可用环境.
制作 docker 镜像
文件列表
├── docker-entrypoint.sh
├── Dockerfile
├── healthcheck.sh
├── mysqld.service
└── SSH
├── authorized_keys
└── id_rsa
Dockerfile 文件说明 (文件内容)
在 oraclelinux:7-slim 基础镜像的基础上最小化安装 mysql5.7 数据库软件, 并安装 keepalived.NET-tools,ipsvadm,openssh-server 和 openssh-clients 等软件.
- # 执行编译
- nohup docker build -t oracle/MySQL:5.7 . &
- # 完成后生成如下镜像:
- docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- oracle/MySQL 5.7 82c10be870d1 23 hours ago 392MB
docker-entrypoint.sh 文件说明 (文件内容)
容器启动的启动脚本, 在这里主要是起到初始化创建数据库的作用, 另外文件末尾处的 "exec /usr/sbin/init" 用于支持 systemctl.
mysqld.service 文件说明 (文件内容)
用于创建 mysqld 服务的配置文件.
生成 SSH 文件的方法
- # SSH-keygen -t rsa
- # mv ~/.SSH/id_rsa.pub ~/.SSH/authorized_keys
注意: 拷贝. SSH 目录的时候需要保证权限一致, SSH 的互信配置对权限有较严格的要求
文件详情
- http://docker-entrypoint.sh/
- #!/bin/bash
- # Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
- #
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation; version 2 of the License.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- set -e
- echo "[Entrypoint] MySQL Docker Image 5.7.27-1.1.12"
- # Fetch value from server config
- # We use mysqld --verbose --help instead of my_print_defaults because the
- # latter only show values present in config files, and not server defaults
- _get_config() {
- local conf="$1"; shift
- "[email protected]" --verbose --help 2>/dev/null | grep "^$conf" | awk '$1 =="'"$conf"'"{ print $2; exit }'
- }
- # If command starts with an option, prepend mysqld
- # This allows users to add command-line options without
- # needing to specify the "mysqld" command
- if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "[email protected]"
- fi
- if [ "$1" = 'mysqld' ]; then
- # Test that the server can start. We redirect stdout to /dev/null so
- # only the error messages are left.
- result=0
- output=$("[email protected]" --verbose --help 2>%%VALIDATE_CONFIG%%1> /dev/null) || result=$?
- if [ ! "$result" = "0" ]; then
- echo>&2 '[Entrypoint] ERROR: Unable to start MySQL. Please check your configuration.'
- echo>&2 "[Entrypoint] $output"
- exit 1
- fi
- # Get config
- DATADIR="$(_get_config'datadir'"[email protected]")" SOCKET="$(_get_config 'socket' "[email protected]")" if [ -n"$MYSQL_LOG_CONSOLE"] || [ -n"" ]; then
- # Don't touch bind-mounted config files
- if ! cat /proc/1/mounts | grep "etc/my.cnf"; then
- sed -i 's/^log-error=/#&/' /etc/my.cnf
- fi
- fi
- if [ ! -d "$DATADIR/mysql" ]; then
- # If the password variable is a filename we use the contents of the file. We
- # read this first to make sure that a proper error is generated for empty files.
- if [ -f "$MYSQL_ROOT_PASSWORD" ]; then
- MYSQL_ROOT_PASSWORD="$(cat $MYSQL_ROOT_PASSWORD)"
- if [ -z "$MYSQL_ROOT_PASSWORD" ]; then
- echo>&2 '[Entrypoint] Empty MYSQL_ROOT_PASSWORD file specified.'
- exit 1
- fi
- fi
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo>&2 '[Entrypoint] No password option specified for new database.'
- echo>&2 '[Entrypoint] A random onetime password will be generated.'
- MYSQL_RANDOM_ROOT_PASSWORD=true
- MYSQL_ONETIME_PASSWORD=true
- fi
- mkdir -p "$DATADIR"
- chown -R MySQL:MySQL "$DATADIR"
- echo '[Entrypoint] Initializing database'
- "[email protected]" --initialize-insecure
- echo '[Entrypoint] Database initialized'
- "[email protected]" --daemonize --skip-networking --socket="$SOCKET"
- # To avoid using password on commandline, put it in a temporary file.
- # The file is only populated when and if the root password is set.
- PASSFILE=$(mktemp -u /var/lib/MySQL-files/XXXXXXXXXX)
- install /dev/null -m0600 -omysql -gmysql "$PASSFILE"
- # Define the client command used throughout the script
- # "SET @@SESSION.SQL_LOG_BIN=0;" is required for products like group replication to work properly
- MySQL=( MySQL --defaults-extra-file="$PASSFILE" --protocol=socket -uroot -hlocalhost --socket="$SOCKET" --init-command="SET @@SESSION.SQL_LOG_BIN=0;")
- if [ ! -z "" ];
- then
- for i in {30..0}; do
- if mysqladmin --socket="$SOCKET" ping &>/dev/null; then
- break
- fi
- echo '[Entrypoint] Waiting for server...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo>&2 '[Entrypoint] Timeout during MySQL init.'
- exit 1
- fi
- fi
- mysql_tzinfo_to_sql /usr/share/zoneinfo | "${mysql[@]}" MySQL
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- MYSQL_ROOT_PASSWORD="$(pwmake 128)"
- echo "[Entrypoint] GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
- if [ -z "$MYSQL_ROOT_HOST" ]; then
- ROOTCREATE="ALTER USER'root'@'localhost'IDENTIFIED BY'${MYSQL_ROOT_PASSWORD}';"
- else
- ROOTCREATE="ALTER USER'root'@'localhost'IDENTIFIED BY'${MYSQL_ROOT_PASSWORD}'; CREATE USER'root'@'${MYSQL_ROOT_HOST}'IDENTIFIED BY'${MYSQL_ROOT_PASSWORD}'; GRANT ALL ON *.* TO'root'@'${MYSQL_ROOT_HOST}'WITH GRANT OPTION ; GRANT PROXY ON''@''TO'root'@'${MYSQL_ROOT_HOST}'WITH GRANT OPTION ;"
- fi
- "${mysql[@]}" <<-EOSQL
- DELETE FROM MySQL.user WHERE user NOT IN ('mysql.infoschema', 'mysql.session', 'mysql.sys', 'root') OR host NOT IN ('localhost');
- CREATE USER 'healthchecker'@'localhost' IDENTIFIED BY 'healthcheckpass';
- ${ROOTCREATE}
- FLUSH PRIVILEGES ;
- EOSQL
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- # Put the password into the temporary config file
- cat>"$PASSFILE" <<EOF
- [client]
- password="${MYSQL_ROOT_PASSWORD}"
- EOF
- #MySQL+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- MySQL+=( "$MYSQL_DATABASE" )
- fi
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER'"$MYSQL_USER"'@'%'IDENTIFIED BY'"$MYSQL_PASSWORD"';" | "${mysql[@]}"
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`"$MYSQL_DATABASE"\`.* TO'"$MYSQL_USER"'@'%';" | "${mysql[@]}"
- fi
- elif [ "$MYSQL_USER" -a ! "$MYSQL_PASSWORD" -o ! "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo '[Entrypoint] Not creating mysql user. MYSQL_USER and MYSQL_PASSWORD must be specified to create a mysql user.'
- fi
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "[Entrypoint] running $f"; . "$f" ;;
- *.sql) echo "[Entrypoint] running $f"; "${mysql[@]}" <"$f" && echo ;;
- *) echo "[Entrypoint] ignoring $f" ;;
- esac
- echo
- done
- # When using a local socket, mysqladmin shutdown will only complete when the server is actually down
- mysqladmin --defaults-extra-file="$PASSFILE" shutdown -uroot --socket="$SOCKET"
- rm -f "$PASSFILE"
- unset PASSFILE
- echo "[Entrypoint] Server shut down"
- # This needs to be done outside the normal init, since mysqladmin shutdown will not work after
- if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then
- if [ -z "yes" ]; then
- echo "[Entrypoint] User expiration is only supported in MySQL 5.6+"
- else
- echo "[Entrypoint] Setting root user as expired. Password will need to be changed before database can be used."
- SQL=$(mktemp -u /var/lib/MySQL-files/XXXXXXXXXX)
- install /dev/null -m0600 -omysql -gmysql "$SQL"
- if [ ! -z "$MYSQL_ROOT_HOST" ]; then
- cat << EOF> "$SQL"
- ALTER USER 'root'@'${MYSQL_ROOT_HOST}' PASSWORD EXPIRE;
- ALTER USER 'root'@'localhost' PASSWORD EXPIRE;
- EOF
- else
- cat <<EOF> "$SQL"
- ALTER USER 'root'@'localhost' PASSWORD EXPIRE;
- EOF
- fi
- set -- "[email protected]" --init-file="$SQL"
- unset SQL
- fi
- fi
- echo
- echo '[Entrypoint] MySQL init process done. Ready for start up.'
- echo
- fi
- # Used by healthcheck to make sure it doesn't mistakenly report container
- # healthy during startup
- # Put the password into the temporary config file
- touch /healthcheck.cnf
- cat>"/healthcheck.cnf" <<EOF
- [client]
- user=healthchecker
- socket=${SOCKET}
- password=healthcheckpass
- EOF
- touch /MySQL-init-complete
- chown -R MySQL:MySQL "$DATADIR"
- echo "[Entrypoint] Starting MySQL 5.7.27-1.1.12"
- fi
- exec /usr/sbin/init
- Dockerfile
- # Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
- #
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation; version 2 of the License.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- FROM oraclelinux:7-slim
- ARG MYSQL_SERVER_PACKAGE=MySQL-community-server-minimal-5.7.27
- ARG MYSQL_SHELL_PACKAGE=MySQL-shell-8.0.17
- # Install server
- RUN yum install -y https://repo.mysql.com/mysql-community-minimal-release-el7.rpm https://repo.mysql.com/mysql-community-release-el7.rpm && yum-config-manager --enable mysql57-server-minimal && yum install -y $MYSQL_SERVER_PACKAGE $MYSQL_SHELL_PACKAGE libpwquality keepalived net-tools ipsvadm iproute openssh-server openssh-clients passwd && yum clean all && mkdir /docker-entrypoint-initdb.d
- VOLUME /var/lib/MySQL
- COPY docker-entrypoint.sh /entrypoint.sh
- COPY healthcheck.sh /healthcheck.sh
- COPY SSH /root/.SSH
- COPY mysqld.service /usr/lib/systemd/system/mysqld.service
- RUN rm -f /etc/keepalived/keepalived.conf
- RUN systemctl enable mysqld && systemctl enable keepalived
- ENTRYPOINT ["/entrypoint.sh"]
- HEALTHCHECK CMD /healthcheck.sh
- EXPOSE 3306 33060
- CMD ["mysqld"]
- http://healthcheck.sh/
- #!/bin/bash
- # Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
- #
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation; version 2 of the License.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- # The MySQL-init-complete file is touched by the entrypoint file before the
- # main server process is started
- if [ -f /MySQL-init-complete ]; # The entrypoint script touches this file
- then # Ping server to see if it is ready
- mysqladmin --defaults-extra-file=/healthcheck.cnf ping
- else # Initialization still in progress
- exit 1
- fi
- mysqld
- mysqld.service
- [Unit]
- Description=MySQL Server
- Documentation=man:mysqld(8)
- Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
- After=network.target
- After=syslog.target
- [Install]
- WantedBy=multi-user.target
- [Service]
- User=MySQL
- Group=MySQL
- ExecStart=/usr/sbin/mysqld --defaults-file=/etc/my.cnf
- LimitNOFILE = 5000
来源: http://www.bubuko.com/infodetail-3149164.html