From 11135d071fd1fe355b1f7fa99b9d3b4a59bb5225 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 11 Jun 2024 12:35:20 +1000 Subject: [PATCH] healthcheck for 11.4+ - skip tls validation In case of missing ssl-ca like #594 --- 11.4-ubi/healthcheck.sh | 2 ++ 11.4/healthcheck.sh | 2 ++ 11.5-ubi/healthcheck.sh | 2 ++ 11.5/healthcheck.sh | 2 ++ healthcheck.sh | 2 ++ update.sh | 10 +++++++--- 6 files changed, 17 insertions(+), 3 deletions(-) diff --git a/11.4-ubi/healthcheck.sh b/11.4-ubi/healthcheck.sh index 784f9bde..9138c779 100755 --- a/11.4-ubi/healthcheck.sh +++ b/11.4-ubi/healthcheck.sh @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -B "$@" } @@ -62,6 +63,7 @@ connect() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -h localhost --protocol tcp -e 'select 1' 2>&1 \ | grep -qF "Can't connect" local ret=${PIPESTATUS[1]} diff --git a/11.4/healthcheck.sh b/11.4/healthcheck.sh index 784f9bde..9138c779 100755 --- a/11.4/healthcheck.sh +++ b/11.4/healthcheck.sh @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -B "$@" } @@ -62,6 +63,7 @@ connect() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -h localhost --protocol tcp -e 'select 1' 2>&1 \ | grep -qF "Can't connect" local ret=${PIPESTATUS[1]} diff --git a/11.5-ubi/healthcheck.sh b/11.5-ubi/healthcheck.sh index 784f9bde..9138c779 100755 --- a/11.5-ubi/healthcheck.sh +++ b/11.5-ubi/healthcheck.sh @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -B "$@" } @@ -62,6 +63,7 @@ connect() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -h localhost --protocol tcp -e 'select 1' 2>&1 \ | grep -qF "Can't connect" local ret=${PIPESTATUS[1]} diff --git a/11.5/healthcheck.sh b/11.5/healthcheck.sh index 784f9bde..9138c779 100755 --- a/11.5/healthcheck.sh +++ b/11.5/healthcheck.sh @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -B "$@" } @@ -62,6 +63,7 @@ connect() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -h localhost --protocol tcp -e 'select 1' 2>&1 \ | grep -qF "Can't connect" local ret=${PIPESTATUS[1]} diff --git a/healthcheck.sh b/healthcheck.sh index 34674448..5c8e01c3 100755 --- a/healthcheck.sh +++ b/healthcheck.sh @@ -42,6 +42,7 @@ _process_sql() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -B "$@" } @@ -62,6 +63,7 @@ connect() ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ + --skip-ssl --skip-ssl-verify-server-cert \ -h localhost --protocol tcp -e 'select 1' 2>&1 \ | grep -qF "Can't connect" local ret=${PIPESTATUS[1]} diff --git a/update.sh b/update.sh index cdda3df6..a6881bb4 100755 --- a/update.sh +++ b/update.sh @@ -87,11 +87,13 @@ update_version() 10.4) sed -i -e '/--old-mode/d' \ -e 's/REPLICATION REPLICA/REPLICATION SLAVE/' \ - -e 's/START REPLICA/START SLAVE/' \ + -e 's/START REPLICA/START SLAVE/' \ -e '/memory\.pressure/,+7d' \ -e '/--skip-ssl/d' \ "$version/docker-entrypoint.sh" - sed -i -e 's/ REPLICA\$/ SLAVE$/' "$dir"/healthcheck.sh + sed -i -e 's/ REPLICA\$/ SLAVE$/' \ + -e '/--skip-ssl/d' \ + "$dir"/healthcheck.sh sed -i -e 's/\/run/\/var\/run\//g' "$dir/Dockerfile" ;; # almost nothing to see/do here 10.5) @@ -99,6 +101,8 @@ update_version() -e '/--skip-ssl/d' \ -e '/memory\.pressure/,+7d' "$dir/docker-entrypoint.sh" sed -i '/backwards compat/d' "$dir/Dockerfile" + sed -i -e '/--skip-ssl/d' \ + "$dir"/healthcheck.sh ;; *) sed -i -e '/^CMD/s/mysqld/mariadbd/' \ @@ -130,7 +134,7 @@ update_version() sed -i -e '/memory\.pressure/,+7d' "$dir/docker-entrypoint.sh" fi if [[ $vmin = 10.* || $vmin =~ 11.[12] ]]; then - sed -i -e '/--skip-ssl/d' "$dir/docker-entrypoint.sh" + sed -i -e '/--skip-ssl/d' "$dir/docker-entrypoint.sh" "$dir/healthcheck.sh" fi if [[ $vmin =~ 11.[012345] ]]; then sed -i -e 's/mysql_upgrade_info/mariadb_upgrade_info/' \