diff --git a/Dockerfile b/Dockerfile index fe9d27955..dc82749fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,6 @@ RUN mkdir $DOWNLOADS_CACHE_DIR # Copying bare minimum of Hopsworks cloud environment for now FROM rondb_runtime_dependencies as cloud_preparation ARG RONDB_VERSION=21.04.16 -RUN groupadd mysql && adduser mysql --ingroup mysql ENV HOPSWORK_DIR=/srv/hops ENV RONDB_BIN_DIR=$HOPSWORK_DIR/mysql-$RONDB_VERSION RUN mkdir -p $RONDB_BIN_DIR @@ -64,8 +63,7 @@ RUN case "$TARGETARCH" in \ RUN --mount=type=bind,source=.,target=/context \ . /env.sh \ - && tar xfz /context/${TARBALL_PATH} -C $RONDB_BIN_DIR --strip-components=1 \ - && chown mysql:mysql -R $RONDB_BIN_DIR + && tar xfz /context/${TARBALL_PATH} -C $RONDB_BIN_DIR --strip-components=1 # Get RonDB tarball from remote url & unpack it FROM cloud_preparation as remote_tarball @@ -78,8 +76,7 @@ RUN case "$TARGETARCH" in \ esac \ && wget $TARBALL_URL -O ./temp_tarball.tar.gz \ && tar xfz ./temp_tarball.tar.gz -C $RONDB_BIN_DIR --strip-components=1 \ - && rm ./temp_tarball.tar.gz \ - && chown mysql:mysql -R $RONDB_BIN_DIR + && rm ./temp_tarball.tar.gz FROM ${RONDB_TARBALL_LOCAL_REMOTE}_tarball @@ -116,18 +113,15 @@ ENV MYSQL_UNIX_PORT=$RONDB_DATA_DIR/mysql.sock RUN mkdir -p $LOG_DIR $RONDB_SCRIPTS_DIR $BACKUP_DATA_DIR $DISK_COLUMNS_DIR -COPY --chown=mysql:mysql ./resources/rondb_scripts $RONDB_SCRIPTS_DIR +COPY ./resources/rondb_scripts $RONDB_SCRIPTS_DIR ENV PATH=$RONDB_SCRIPTS_DIR:$PATH -# So the path survives changing user to mysql -RUN echo "export PATH=$PATH" >> /home/mysql/.profile - RUN touch $MYSQL_UNIX_PORT # We expect this image to be used as base image to other # images with additional files specific to Docker -COPY --chown=mysql:mysql ./resources/entrypoints ./docker/rondb_standalone/entrypoints -COPY --chown=mysql:mysql ./resources/healthcheck.sh ./docker/rondb_standalone/healthcheck.sh +COPY ./resources/entrypoints ./docker/rondb_standalone/entrypoints +COPY ./resources/healthcheck.sh ./docker/rondb_standalone/healthcheck.sh # Can be used to mount SQL init scripts ENV SQL_INIT_SCRIPTS_DIR=$HOPSWORK_DIR/docker/rondb_standalone/sql_init_scripts @@ -135,13 +129,19 @@ RUN mkdir $SQL_INIT_SCRIPTS_DIR # Creating benchmarking files/directories # When using load balancers, "sysbench" can be used for both _single and _multi -ENV BENCHMARKS_DIR=/home/mysql/benchmarks +ENV BENCHMARKS_DIR=$HOPSWORK_DIR/benchmarks RUN mkdir $BENCHMARKS_DIR && cd $BENCHMARKS_DIR \ && mkdir -p sysbench sysbench_single sysbench_multi dbt2_single dbt2_multi dbt2_data -# Avoid changing files if they are already owned by mysql; otherwise image size doubles -RUN chown mysql:mysql --from=root:root -R $HOPSWORK_DIR /home/mysql +# These directories have to have 777 permissions if we want to +# run RonDB containers with arbitrary users +RUN chmod 777 -R $RONDB_DATA_DIR \ + && chmod 777 -R $HOPSWORK_DIR/docker \ + && chmod 777 -R $BENCHMARKS_DIR + +# Remove awkward message when using arbitrary user +RUN echo "PS1='${debian_chroot:+(\$debian_chroot)}\h:\w\$ '" >> /etc/bash.bashrc -ENTRYPOINT ["./docker/rondb_standalone/entrypoints/entrypoint.sh"] +ENTRYPOINT ["./docker/rondb_standalone/entrypoints/main.sh"] EXPOSE 3306 33060 11860 1186 4406 5406 CMD ["mysqld"] diff --git a/build_run_docker.sh b/build_run_docker.sh index fafaab0fb..806f49877 100755 --- a/build_run_docker.sh +++ b/build_run_docker.sh @@ -379,7 +379,7 @@ if [ "$NUM_MYSQLD_NODES" -gt 0 ]; then fi DATA_DIR="/srv/hops/mysql-cluster" -BENCH_DIR="/home/mysql/benchmarks" +BENCH_DIR="/srv/hops/benchmarks" ####################### ####################### @@ -433,6 +433,7 @@ service-template() { %s: image: %s container_name: %s + user: $(id -u):$(id -g) " "$SERVICE_NAME" "$RONDB_IMAGE_ID" "$SERVICE_NAME"; } diff --git a/resources/config_templates/autobench_dbt2.conf b/resources/config_templates/autobench_dbt2.conf index 61169f583..bf3cccf7a 100644 --- a/resources/config_templates/autobench_dbt2.conf +++ b/resources/config_templates/autobench_dbt2.conf @@ -56,4 +56,4 @@ NDB_MGMD_NODES="%s" DBT2_TIME="30" DBT2_WAREHOUSES="%s" -DBT2_DATA_DIR=/home/mysql/benchmarks/dbt2_data +DBT2_DATA_DIR=/srv/hops/benchmarks/dbt2_data diff --git a/resources/config_templates/config.ini b/resources/config_templates/config.ini index db02ed003..ed072090a 100644 --- a/resources/config_templates/config.ini +++ b/resources/config_templates/config.ini @@ -1,4 +1,10 @@ [NDBD DEFAULT] + +DataDir=/srv/hops/mysql-cluster/log +FileSystemPath=/srv/hops/mysql-cluster/ndb_data +FileSystemPathDD=/srv/hops/mysql-cluster/ndb_disk_columns +BackupDataDir=/srv/hops/mysql-cluster/ndb/backups + # RonDB default configuration is intended for execution in Cloud VMs with # around 8 GB per VCPU. In this case it is sufficient to set nothing since # AutomaticThreadConfig=true is default and also AutomaticMemoryConfig=true diff --git a/resources/config_templates/config_ndbd.ini b/resources/config_templates/config_ndbd.ini index dcfcce062..5d63fcf0d 100644 --- a/resources/config_templates/config_ndbd.ini +++ b/resources/config_templates/config_ndbd.ini @@ -5,7 +5,3 @@ NodeActive=%s LocationDomainId=0 HostName=%s ServerPort=%s -DataDir=/srv/hops/mysql-cluster/log -FileSystemPath=/srv/hops/mysql-cluster/ndb_data -FileSystemPathDD=/srv/hops/mysql-cluster/ndb_disk_columns -BackupDataDir=/srv/hops/mysql-cluster/ndb/backups diff --git a/resources/entrypoints/entrypoint.sh b/resources/entrypoints/entrypoint.sh deleted file mode 100755 index 06837de20..000000000 --- a/resources/entrypoints/entrypoint.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -set -e - -echo "[Entrypoint] RonDB Docker Image" - -# The host user (which executes build_run_docker.sh) might not have the same UID -# as mysql inside the container. In order for both users to be able to read and -# write in the mounted volumes, we add mysql to a group with the same GID as the -# host user's group. -if [ "$(getent group "$HOST_GROUP_ID")" ]; then - echo "[Entrypoint] group $HOST_GROUP_ID exists." -else - echo "[Entrypoint] group $HOST_GROUP_ID does not exist." - addgroup --gid "$HOST_GROUP_ID" host_group_dummy -fi - -# We change mysql's initial login group to that of the host user. This is so -# that files created by mysql will belong to this group. -usermod -g "$HOST_GROUP_ID" mysql - -# The original mysql group is added back as a supplementary group. -usermod -a -G mysql mysql - -# Execute main.sh as mysql user with preserved environment and arguments. -sudo -E -u mysql "$(pwd)/docker/rondb_standalone/entrypoints/main.sh" "$@" diff --git a/resources/entrypoints/main.sh b/resources/entrypoints/main.sh index 610aa76c5..a368513b6 100755 --- a/resources/entrypoints/main.sh +++ b/resources/entrypoints/main.sh @@ -16,31 +16,10 @@ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA set -e -# Let group members access files created by us. This is to allow the host user -# (outside the container) to access mounted volumes. The umask will be inherited -# by child processes, so this is the only place we need to set it. -umask 0002 - # https://stackoverflow.com/a/246128/9068781 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) if [ "$1" = 'mysqld' ]; then - - # In order to make use of the umask, we need to set the environment - # variables that controls the creation file mode for mysqld. These - # variables are confusingly named UMASK and UMASK_DIR - despite their - # names, they are used as modes, not masks. The default UMASK and - # UMASK_DIR values are 0640 and 0750, respectively. We want an effect - # similar to `chmod g=u`, so we'll set them to 0660 and 0770. The - # prefixed 0 causes mysqld to interpret these as octal numbers. Note - # that this configuration does not affect the file creation mode mysqld - # uses for files containing cryptographic key (*.pem). This only means - # the host user cannot read private keys, which is not a problem. Since - # the host user has write permission to all directories, everything can - # still be deleted. - export UMASK=0660 - export UMASK_DIR=0770 - "$SCRIPT_DIR/mysqld.sh" "$@" else # "set" lets us set the arguments to the current script. @@ -62,38 +41,6 @@ else echo "[entrypoints/main.sh] Starting ndb_mgmd" set -- "$@" -f "$RONDB_DATA_DIR/config.ini" --configdir="$RONDB_DATA_DIR/log" elif [ "$1" == "ndbmtd" ]; then - - # ndbmtd has several hard-coded file creation modes that cannot - # be configured. Permissions can be removed from such hard-coded - # modes using umask, but there is no way to add permissions to - # them. As a workaround, this is a very hacky background process - # that every 5 seconds makes sure that the group's permissions - # equal the owner's. - ensure-group-permissions() { - # Find all files owned by the current user, print their - # modestring and path, null-terminated. - find /srv/hops/mysql-cluster -user "$USER" -printf '%m %p\0' | - # Remove all null-terminated items that begin with two - # equal characters (where the group's permissions - # already equals the user's) and then remove the - # modestring. - sed -zr '/^(.)\1/d; s/^... //;' | - # xargs: Run chmod with an efficient number of file - # arguments to correct the group's permissions. - xargs -r0 chmod -f g=u || - # Make sure the process does not exit due to some - # failure. - true - } - while true; do - ensure-group-permissions - sleep 5 - done & - - # If ndbmtd exits within 5 seconds of creating a file, we need - # to make sure to set group permissions correctly. - trap ensure-group-permissions EXIT - echo "[entrypoints/main.sh] Starting ndbmtd" # Command for more verbosity with ndbmtds: `set -- "$@" --verbose=TRUE` diff --git a/resources/entrypoints/mysqld_configure.sh b/resources/entrypoints/mysqld_configure.sh index 573b4eabf..185b1c492 100755 --- a/resources/entrypoints/mysqld_configure.sh +++ b/resources/entrypoints/mysqld_configure.sh @@ -25,23 +25,10 @@ _get_config() { "$@" --verbose --help 2>/dev/null | grep "^$conf" | awk '$1 == "'"$conf"'" { print $2; exit }' } -# Check if entrypoint (and the container) is running as root -# Important: Distinguish between MYSQLD_USER and MYSQL_BENCH_USER -if [ "$(id --user)" = "0" ]; then - echo "[entrypoints/mysqld_configure.sh] We are running as root; setting MYSQLD_USER to 'mysql'" - is_root=1 - install_devnull="install /dev/null -m0600 -omysql -gmysql" - MYSQLD_USER=mysql -else - echo "[entrypoints/mysqld_configure.sh] Setting MYSQLD_USER to current non-root user" - install_devnull="install /dev/null -m0600" - MYSQLD_USER=$(id --user --name) -fi - # Make sure that "--defaults-file" is always run as second argument # Otherwise there is a risk that it might not be read shift -set -- mysqld --defaults-file="$RONDB_DATA_DIR/my.cnf" --user="$MYSQLD_USER" "$@" +set -- mysqld --defaults-file="$RONDB_DATA_DIR/my.cnf" "$@" echo "[entrypoints/mysqld_configure.sh] \$@: $*" # Test that the server can start. We redirect stdout to /dev/null so diff --git a/sample_files/docker_compose.yml b/sample_files/docker_compose.yml index f359a60f0..97c1a3c3c 100644 --- a/sample_files/docker_compose.yml +++ b/sample_files/docker_compose.yml @@ -193,7 +193,7 @@ services: image: rondb:22.10.4-dev container_name: bench_1 command: > - bash -c "sleep 5 && bench_run.sh --verbose --default-directory /home/mysql/benchmarks/sysbench_multi " + bash -c "sleep 5 && bench_run.sh --verbose --default-directory /srv/hops/benchmarks/sysbench_multi " deploy: resources: limits: @@ -204,16 +204,16 @@ services: volumes: - type: bind source: /autogenerated_files/v22104_m1_g1_r2_my2_ra1_bn1/volumes/sysbench_single - target: /home/mysql/benchmarks/sysbench_single + target: /srv/hops/benchmarks/sysbench_single - type: bind source: /autogenerated_files/v22104_m1_g1_r2_my2_ra1_bn1/volumes/dbt2_single - target: /home/mysql/benchmarks/dbt2_single + target: /srv/hops/benchmarks/dbt2_single - type: bind source: /autogenerated_files/v22104_m1_g1_r2_my2_ra1_bn1/volumes/sysbench_multi - target: /home/mysql/benchmarks/sysbench_multi + target: /srv/hops/benchmarks/sysbench_multi - type: bind source: /autogenerated_files/v22104_m1_g1_r2_my2_ra1_bn1/volumes/dbt2_multi - target: /home/mysql/benchmarks/dbt2_multi + target: /srv/hops/benchmarks/dbt2_multi environment: - HOST_GROUP_ID=20 - MYSQL_BENCH_PASSWORD=Abc123?e diff --git a/sample_files/my.cnf b/sample_files/my.cnf index 1da41aaa9..ac1758201 100644 --- a/sample_files/my.cnf +++ b/sample_files/my.cnf @@ -5,7 +5,6 @@ default-character-set = utf8 [mysqld] -user = mysql basedir = /srv/hops/mysql datadir = /srv/hops/mysql-cluster/mysql port = 3306