From afbf44239f83b6c3971e092badd24aee21244903 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Mon, 2 Sep 2024 12:40:28 +1000 Subject: [PATCH 1/4] healthcheck correct connect result Based on user reports, a `connect` test can observer a non-"Can't connect" error message. Because this passes other tests, like innodb_initialized might succeeded. The final test -z "$connect_s" is also true, leaving the user with an incorrect test result. Maybe the healthcheck cnf hasn't been created yet? Either way, ruggardise the final test to ensure a healthy connect test occured. Narrow down the scope of healthcheck --connect failures to the mariadb client errors "Can't connect". May as well look at same @skip-networking system variable on TCP just in case. 28000 errors, per https://mariadb.com/kb/en/mariadb-error-code-reference/ are client errors after a connection, indicating that the start of a tcp connection occured. Closes #610 --- 10.11-ubi/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 10.11/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 10.5/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 10.6-ubi/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 10.6/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 11.1/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 11.2/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 11.4-ubi/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 11.4/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 11.5/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- main-ubi/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- main/healthcheck.sh | 49 ++++++++++++++++++++++++++-------------- 13 files changed, 416 insertions(+), 221 deletions(-) diff --git a/10.11-ubi/healthcheck.sh b/10.11-ubi/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.11-ubi/healthcheck.sh +++ b/10.11-ubi/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.11/healthcheck.sh b/10.11/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.11/healthcheck.sh +++ b/10.11/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.5/healthcheck.sh b/10.5/healthcheck.sh index 17528ce8..d925ed58 100755 --- a/10.5/healthcheck.sh +++ b/10.5/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mysql ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.6-ubi/healthcheck.sh b/10.6-ubi/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.6-ubi/healthcheck.sh +++ b/10.6-ubi/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/10.6/healthcheck.sh b/10.6/healthcheck.sh index 37227edd..c0fb93bb 100755 --- a/10.6/healthcheck.sh +++ b/10.6/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.1/healthcheck.sh b/11.1/healthcheck.sh index b8909c75..4cee59cb 100755 --- a/11.1/healthcheck.sh +++ b/11.1/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.2/healthcheck.sh b/11.2/healthcheck.sh index b8909c75..4cee59cb 100755 --- a/11.2/healthcheck.sh +++ b/11.2/healthcheck.sh @@ -65,24 +65,39 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -365,8 +380,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.4-ubi/healthcheck.sh b/11.4-ubi/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/11.4-ubi/healthcheck.sh +++ b/11.4-ubi/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.4/healthcheck.sh b/11.4/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/11.4/healthcheck.sh +++ b/11.4/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/11.5/healthcheck.sh b/11.5/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/11.5/healthcheck.sh +++ b/11.5/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/healthcheck.sh b/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/healthcheck.sh +++ b/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/main-ubi/healthcheck.sh b/main-ubi/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/main-ubi/healthcheck.sh +++ b/main-ubi/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? diff --git a/main/healthcheck.sh b/main/healthcheck.sh index c5dcbd38..ad0b17f5 100755 --- a/main/healthcheck.sh +++ b/main/healthcheck.sh @@ -66,25 +66,40 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp \ + --skip-column-names --batch --skip-print-query-on-error \ + -e 'select @@skip_networking' 2>&1) + + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + 0) # skip-networking=0 + ;& + ERROR\ 1820\ \(HY000\)*) # password expire + ;& + ERROR\ 4151\ \(HY000\):*) # account locked + ;& + ERROR\ 1226\ \(42000\)*) # resource limit exceeded + ;& + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } @@ -367,8 +382,8 @@ while [ $# -gt 0 ]; do fi shift done -if [ -z "$connect_s" ]; then - # we didn't do a connnect test, so the current success status is suspicious +if [ "$connect_s" != "0" ]; then + # we didn't pass a connnect test, so the current success status is suspicious # return what connect thinks. connect exit $? From 14244b69fb07a13bf2336fddc9d98129a57a5539 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 3 Sep 2024 09:50:05 +1000 Subject: [PATCH 2/4] add test case for healthcheck.sh variants --- .test/run.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/.test/run.sh b/.test/run.sh index 3b074123..aba1094c 100755 --- a/.test/run.sh +++ b/.test/run.sh @@ -921,6 +921,43 @@ zstd "${initdb}"/*zst* mariadbclient -u root -psoverysecret -e 'select current_user() as connected_ok' docker exec "$cname" healthcheck.sh --connect --innodb_initialized + # healthcheck shouldn't return true on insufficient connection information + + # Enforce fallback to tcp in healthcheck. + docker exec "$cname" sed -i -e 's/\(socket=\)/\1breakpath/' /var/lib/mysql/.my-healthcheck.cnf + + # select @@skip-networking via tcp successful + docker exec "$cname" healthcheck.sh --connect + + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` ACCOUNT LOCK' + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` ACCOUNT LOCK' + + # ERROR 4151 (HY000): Access denied, this account is locked + docker exec "$cname" healthcheck.sh --connect + + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` WITH MAX_QUERIES_PER_HOUR 1 ACCOUNT UNLOCK' + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` WITH MAX_QUERIES_PER_HOUR 1 ACCOUNT UNLOCK' + + # ERROR 1226 (42000) at line 1: User '\''healthcheck'\'' has exceeded the '\''max_queries_per_hour'\'' resource (current value: 1)' + docker exec "$cname" healthcheck.sh --connect + docker exec "$cname" healthcheck.sh --connect + + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` WITH MAX_QUERIES_PER_HOUR 2000 PASSWORD EXPIRE' + mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` WITH MAX_QUERIES_PER_HOUR 2000 PASSWORD EXPIRE' + # ERROR 1820 (HY000) at line 1: You must SET PASSWORD before executing this statement + docker exec "$cname" healthcheck.sh --connect + + mariadbclient -u root -psoverysecret -e 'set password for healthcheck@`127.0.0.1` = PASSWORD("mismatch")' + mariadbclient -u root -psoverysecret -e 'set password for healthcheck@`::1` = PASSWORD("mismatch")' + + # ERROR 1045 (28000): Access denied + docker exec "$cname" healthcheck.sh --connect + + + # break port + docker exec "$cname" sed -i -e 's/\(port=\)/\14/' /var/lib/mysql/.my-healthcheck.cnf + + docker exec "$cname" healthcheck.sh --connect || echo "ok, broken port is a connection failure" killoff From 8997278428f7c65285470baae216b7e0288cb4a9 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Mon, 2 Sep 2024 18:28:19 +1000 Subject: [PATCH 3/4] Bump default timeout to 15 seconds to start container --- .test/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.test/run.sh b/.test/run.sh index aba1094c..5b63c3f9 100755 --- a/.test/run.sh +++ b/.test/run.sh @@ -72,7 +72,7 @@ runandwait() )" port_int=$port fi - waiting=${DOCKER_LIBRARY_START_TIMEOUT:-10} + waiting=${DOCKER_LIBRARY_START_TIMEOUT:-15} echo "waiting to start..." set +e +o pipefail +x while [ "$waiting" -gt 0 ] From ed96e4dac980dab969b4f2d45ec65d18a2173c39 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 3 Sep 2024 12:03:28 +1000 Subject: [PATCH 4/4] shellcheck excludes for backticks in single quote --- .test/run.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.test/run.sh b/.test/run.sh index 5b63c3f9..f4d07e8f 100755 --- a/.test/run.sh +++ b/.test/run.sh @@ -929,25 +929,33 @@ zstd "${initdb}"/*zst* # select @@skip-networking via tcp successful docker exec "$cname" healthcheck.sh --connect + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` ACCOUNT LOCK' + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` ACCOUNT LOCK' # ERROR 4151 (HY000): Access denied, this account is locked docker exec "$cname" healthcheck.sh --connect + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` WITH MAX_QUERIES_PER_HOUR 1 ACCOUNT UNLOCK' + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` WITH MAX_QUERIES_PER_HOUR 1 ACCOUNT UNLOCK' # ERROR 1226 (42000) at line 1: User '\''healthcheck'\'' has exceeded the '\''max_queries_per_hour'\'' resource (current value: 1)' docker exec "$cname" healthcheck.sh --connect docker exec "$cname" healthcheck.sh --connect + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`127.0.0.1` WITH MAX_QUERIES_PER_HOUR 2000 PASSWORD EXPIRE' + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'alter user healthcheck@`::1` WITH MAX_QUERIES_PER_HOUR 2000 PASSWORD EXPIRE' # ERROR 1820 (HY000) at line 1: You must SET PASSWORD before executing this statement docker exec "$cname" healthcheck.sh --connect + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'set password for healthcheck@`127.0.0.1` = PASSWORD("mismatch")' + # shellcheck disable=SC2016 mariadbclient -u root -psoverysecret -e 'set password for healthcheck@`::1` = PASSWORD("mismatch")' # ERROR 1045 (28000): Access denied