diff --git a/Dockerfile b/Dockerfile index 778ddbb1..7f4006a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG GOLANG_BUILDER=registry.access.redhat.com/ubi9/go-toolset:1.24 -ARG OPERATOR_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:latest +ARG OPERATOR_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:9.6 # Build the manager binary FROM $GOLANG_BUILDER AS builder diff --git a/templates/galera/bin/mysql_root_auth.sh b/templates/galera/bin/mysql_root_auth.sh index 077fa270..46c06e6d 100755 --- a/templates/galera/bin/mysql_root_auth.sh +++ b/templates/galera/bin/mysql_root_auth.sh @@ -17,6 +17,8 @@ GALERA_INSTANCE="{{.galeraInstanceName}}" MY_CNF="$HOME/.my.cnf" MYSQL_SOCKET=/var/lib/mysql/mysql.sock +CREDENTIALS_CHECK_TIMEOUT=4 + # Set up connection parameters based on whether we're connecting remotely or locally if [ -n "${MYSQL_REMOTE_HOST}" ]; then @@ -45,22 +47,27 @@ if [ -f "${MY_CNF}" ]; then SHOULD_VALIDATE=true fi - if [ "${SHOULD_VALIDATE}" = "true" ] && mysql ${MYSQL_CONN_PARAMS} -uroot -p"${PASSWORD}" -e "SELECT 1;" >/dev/null 2>&1; then - # Credentials are still valid, use cached values + credentials_check=1 + if [ "${SHOULD_VALIDATE}" = "true" ]; then + timeout ${CREDENTIALS_CHECK_TIMEOUT} mysql ${MYSQL_CONN_PARAMS} -uroot -p"${PASSWORD}" -e "SELECT 1;" >/dev/null 2>&1 + credentials_check=$? + fi - MYSQL_PWD="${PASSWORD}" - DB_ROOT_PASSWORD="${PASSWORD}" - export MYSQL_PWD - export DB_ROOT_PASSWORD - return 0 2>/dev/null || exit 0 + if [ "${SHOULD_VALIDATE}" = "true" ] && [ $credentials_check -eq 124 ]; then + # MySQL validation timed out, assume cache is valid and will be validated on next probe + export MYSQL_PWD="${PASSWORD}" + export DB_ROOT_PASSWORD="${PASSWORD}" + return 0 + elif [ "${SHOULD_VALIDATE}" = "true" ] && [ $credentials_check -eq 0 ]; then + # Credentials are still valid, use cached values + export MYSQL_PWD="${PASSWORD}" + export DB_ROOT_PASSWORD="${PASSWORD}" + return 0 elif [ "${USE_SOCKET}" = "true" ] && [ ! -S "${MYSQL_SOCKET}" ]; then # MySQL not running locally, assume cache is valid and will be validated on next probe - - MYSQL_PWD="${PASSWORD}" - DB_ROOT_PASSWORD="${PASSWORD}" - export MYSQL_PWD - export DB_ROOT_PASSWORD - return 0 2>/dev/null || exit 0 + export MYSQL_PWD="${PASSWORD}" + export DB_ROOT_PASSWORD="${PASSWORD}" + return 0 fi fi # If we get here, credentials are invalid, fall through to refresh diff --git a/templates/galera/bin/mysql_wsrep_notify.sh b/templates/galera/bin/mysql_wsrep_notify.sh index 1a5a4f9c..3c310a1a 100755 --- a/templates/galera/bin/mysql_wsrep_notify.sh +++ b/templates/galera/bin/mysql_wsrep_notify.sh @@ -1,7 +1,5 @@ #!/bin/bash -source /var/lib/operator-scripts/mysql_root_auth.sh - # NOTE(dciabrin) we might use downward API to populate those in the future PODNAME=$HOSTNAME SERVICE=${PODNAME/-galera-[0-9]*/} @@ -293,6 +291,9 @@ fi # Contition: ask for a failover. This should be called when mysql is running if echo "${STATUS}" | grep -i -q -e 'failover'; then + # note: make sure that the root credentials are up to date + # before invoking any mysql command + source /var/lib/operator-scripts/mysql_root_auth.sh mysql_probe_state if [ $? != 0 ]; then log_error "Could not probe missing mysql information. Aborting" @@ -312,6 +313,10 @@ if echo "${STATUS}" | grep -i -q -v -e 'synced'; then fi # At this point mysql is started, query missing arguments + +# note: make sure that the root credentials are up to date +# before invoking any mysql command +source /var/lib/operator-scripts/mysql_root_auth.sh mysql_probe_state if [ $? != 0 ]; then log_error "Could not probe missing mysql information. Aborting"