-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
Dockerfile.oracle
141 lines (130 loc) · 5.16 KB
/
Dockerfile.oracle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
{{
def dnf:
if .oracle.variant | startswith("7") then
"yum"
else
"microdnf"
end
;
def dnf_install:
dnf + " install -y"
| if . == "yum install -y" then
# --setopt=skip_missing_names_on_install=False: https://unix.stackexchange.com/a/477127/153467
. + " --setopt=skip_missing_names_on_install=False"
else . end
-}}
FROM oraclelinux:{{ .oracle.variant }}
RUN set -eux; \
groupadd --system --gid 999 mysql; \
useradd --system --uid 999 --gid 999 --home-dir /var/lib/mysql --no-create-home mysql
# add gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
# TODO find a better userspace architecture detection method than querying the kernel
arch="$(uname -m)"; \
case "$arch" in \
aarch64) gosuArch='arm64' ;; \
x86_64) gosuArch='amd64' ;; \
*) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \
esac; \
curl -fL -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$gosuArch.asc"; \
curl -fL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$gosuArch"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true
RUN set -eux; \
{{ if .oracle.variant | startswith("7") then ( -}}
# https://github.com/docker-library/mysql/pull/871#issuecomment-1167954236
{{ dnf_install }} oracle-epel-release-el7; \
{{ ) else "" end -}}
{{ dnf_install }} \
bzip2 \
gzip \
openssl \
xz \
zstd \
{{ if .oracle.variant | startswith("7") then "" else ( -}}
# Oracle Linux 8+ is very slim :)
findutils \
{{ ) end -}}
; \
{{ dnf }} clean all
RUN set -eux; \
# https://dev.mysql.com/doc/refman/8.0/en/checking-gpg-signature.html
# pub rsa4096 2023-10-23 [SC] [expires: 2025-10-22]
# BCA4 3417 C3B4 85DD 128E C6D4 B7B3 B788 A8D3 785C
# uid [ unknown] MySQL Release Engineering <[email protected]>
# sub rsa4096 2023-10-23 [E] [expires: 2025-10-22]
key='BCA4 3417 C3B4 85DD 128E C6D4 B7B3 B788 A8D3 785C'; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
gpg --batch --export --armor "$key" > /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql; \
rm -rf "$GNUPGHOME"
ENV MYSQL_MAJOR {{ env.version }}
ENV MYSQL_VERSION {{ .oracle.version }}
RUN set -eu; \
{ \
echo '[mysql{{ env.version }}-server-minimal]'; \
echo 'name=MySQL {{ env.version }} Server Minimal'; \
echo 'enabled=1'; \
echo {{ "baseurl=" + .oracle.repo + "/$basearch/" | @sh }}; \
echo 'gpgcheck=1'; \
echo 'gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql'; \
# https://github.com/docker-library/mysql/pull/680#issuecomment-825930524
echo 'module_hotfixes=true'; \
} | tee /etc/yum.repos.d/mysql-community-minimal.repo
RUN set -eux; \
{{ dnf_install }} "mysql-community-server-minimal-$MYSQL_VERSION"; \
{{ dnf }} clean all; \
# the "socket" value in the Oracle packages is set to "/var/lib/mysql" which isn't a great place for the socket (we want it in "/var/run/mysqld" instead)
# https://github.com/docker-library/mysql/pull/680#issuecomment-636121520
grep -F 'socket=/var/lib/mysql/mysql.sock' /etc/my.cnf; \
sed -i 's!^socket=.*!socket=/var/run/mysqld/mysqld.sock!' /etc/my.cnf; \
grep -F 'socket=/var/run/mysqld/mysqld.sock' /etc/my.cnf; \
{ echo '[client]'; echo 'socket=/var/run/mysqld/mysqld.sock'; } >> /etc/my.cnf; \
\
# make sure users dumping files in "/etc/mysql/conf.d" still works
! grep -F '!includedir' /etc/my.cnf; \
{ echo; echo '!includedir /etc/mysql/conf.d/'; } >> /etc/my.cnf; \
mkdir -p /etc/mysql/conf.d; \
# ensure these directories exist and have useful permissions
# the rpm package has different opinions on the mode of `/var/run/mysqld`, so this needs to be after install
mkdir -p /var/lib/mysql /var/run/mysqld; \
chown mysql:mysql /var/lib/mysql /var/run/mysqld; \
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
chmod 1777 /var/lib/mysql /var/run/mysqld; \
\
mkdir /docker-entrypoint-initdb.d; \
\
mysqld --version; \
mysql --version
RUN set -eu; \
{ \
echo '[mysql-tools-community]'; \
echo 'name=MySQL Tools Community'; \
echo {{ "baseurl=" + .["mysql-shell"].repo + "/$basearch/" | @sh }}; \
echo 'enabled=1'; \
echo 'gpgcheck=1'; \
echo 'gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql'; \
# https://github.com/docker-library/mysql/pull/680#issuecomment-825930524
echo 'module_hotfixes=true'; \
} | tee /etc/yum.repos.d/mysql-community-tools.repo
ENV MYSQL_SHELL_VERSION {{ .["mysql-shell"].version }}
RUN set -eux; \
{{ dnf_install }} "mysql-shell-$MYSQL_SHELL_VERSION"; \
{{ dnf }} clean all; \
\
mysqlsh --version
VOLUME /var/lib/mysql
COPY docker-entrypoint.sh /usr/local/bin/
{{ if env.version == "8.0" then ( -}}
RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
{{ ) else "" end -}}
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 3306 33060
CMD ["mysqld"]