fix: handle nonempty password in Docker entrypoint (#308)

fanyang01 · web-flow · commit 344a5f505266 · 2024-12-24T01:19:49.000+08:00
diff --git a/devtools/replica-setup-mysql/checker.sh b/devtools/replica-setup-mysql/checker.sh
@@ -13,7 +13,7 @@ check_server_params() {
     echo "Checking MySQL server parameters..."
 
     # Retrieve the required MySQL server variables using mysqlsh
-    result=$(mysqlsh --uri="$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION --sql -e "
+    result=$(mysqlsh --uri="$SOURCE_DSN" $SOURCE_PASSWORD_OPTION --sql -e "
     SHOW VARIABLES WHERE variable_name IN ('binlog_format', 'enforce_gtid_consistency', 'gtid_mode', 'gtid_strict_mode', 'log_bin');
     ")
 
@@ -65,7 +65,7 @@ check_user_privileges() {
     echo "Checking privileges for the current user '$SOURCE_USER'..."
 
     # Check the user grants for the currently authenticated user using mysqlsh
-    result=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION --sql -e "
+    result=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_PASSWORD_OPTION --sql -e "
     SHOW GRANTS FOR CURRENT_USER();
     ")
 
@@ -98,7 +98,7 @@ check_mysql_config() {
 # Function to check if source MySQL server is empty
 check_if_source_mysql_is_empty() {
     # Run the query using mysqlsh and capture the output
-    OUTPUT=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION --sql -e "SHOW DATABASES;" 2>/dev/null)
+    OUTPUT=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_PASSWORD_OPTION --sql -e "SHOW DATABASES;" 2>/dev/null)
 
     check_command "retrieving database list"
 
@@ -114,7 +114,7 @@ check_if_source_mysql_is_empty() {
 
 # Function to check if there is ongoing replication on MyDuck Server
 check_if_myduck_has_replica() {
-    REPLICA_STATUS=$(mysqlsh --sql --host=$MYDUCK_HOST --port=$MYDUCK_PORT --user=root --password='' -e "SHOW REPLICA STATUS\G")
+    REPLICA_STATUS=$(mysqlsh --sql --host=$MYDUCK_HOST --port=$MYDUCK_PORT --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} -e "SHOW REPLICA STATUS\G")
     check_command "retrieving replica status"
 
     SOURCE_HOST_EXISTS=$(echo "$REPLICA_STATUS" | awk '/Source_Host/ {print $2}')
diff --git a/devtools/replica-setup-mysql/prepare.sh b/devtools/replica-setup-mysql/prepare.sh
@@ -1,20 +1,7 @@
 #!/bin/bash
 
-if ! mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT}  --user=root --no-password -e "SELECT 1 FROM mysql.user WHERE user = '${MYDUCK_USER}'" | grep -q 1; then
-    echo "Creating user ${MYDUCK_USER} for replication..."
-    mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT}  --user=root --no-password <<EOF
-CREATE USER '${MYDUCK_USER}'@'%' IDENTIFIED BY '${MYDUCK_PASSWORD}';
-GRANT ALL PRIVILEGES ON *.* TO '${MYDUCK_USER}'@'%';
-EOF
-fi
-
-if [[ $? -ne 0 ]]; then
-    echo "Failed to create user '${MYDUCK_USER}'. Exiting."
-    exit 1
-fi
-
 echo "Setting local_infile and server_id..."
-mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT}  --user=root --no-password <<EOF
+mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT}  --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} <<EOF
 SET GLOBAL local_infile = 1;
 SET GLOBAL server_id = ${MYDUCK_SERVER_ID};
 SET GLOBAL replica_is_loading_snapshot = ON;
diff --git a/devtools/replica-setup-mysql/replica_setup.sh b/devtools/replica-setup-mysql/replica_setup.sh
@@ -57,11 +57,18 @@ while [[ $# -gt 0 ]]; do
     esac
 done
 
-# if SOURCE_PASSWORD is empty, set SOURCE_NO_PASSWORD_OPTION to "--no-password"
+# if SOURCE_PASSWORD is empty, set SOURCE_PASSWORD_OPTION to "--no-password"
 if [[ -z "$SOURCE_PASSWORD" ]]; then
-    SOURCE_NO_PASSWORD_OPTION="--no-password"
+    SOURCE_PASSWORD_OPTION="--no-password"
 else
-    SOURCE_NO_PASSWORD_OPTION=""
+    SOURCE_PASSWORD_OPTION=""
+fi
+
+# if MYDUCK_PASSWORD is empty, set MYDUCK_PASSWORD_OPTION to "--no-password"
+if [[ -z "$MYDUCK_PASSWORD" ]]; then
+    MYDUCK_PASSWORD_OPTION="--no-password"
+else
+    MYDUCK_PASSWORD_OPTION="--password=$MYDUCK_PASSWORD"
 fi
 
 # Check if all parameters are set
diff --git a/devtools/replica-setup-mysql/snapshot.sh b/devtools/replica-setup-mysql/snapshot.sh
@@ -36,7 +36,7 @@ echo "Thread count set to: $THREAD_COUNT"
 
 echo "Copying data from MySQL to MyDuck..."
 # Run mysqlsh command and capture the output
-output=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_NO_PASSWORD_OPTION -- util copy-instance "mysql://${MYDUCK_USER}:${MYDUCK_PASSWORD}@${MYDUCK_HOST}:${MYDUCK_PORT}" \
+output=$(mysqlsh --uri "$SOURCE_DSN" $SOURCE_PASSWORD_OPTION -- util copy-instance "mysql://${MYDUCK_USER}:${MYDUCK_PASSWORD}@${MYDUCK_HOST}:${MYDUCK_PORT}" \
     --users false \
     --consistent false \
     --ignore-existing-objects true \
@@ -84,6 +84,6 @@ fi
 echo "Snapshot completed successfully."
 
 echo "Reset replica_is_loading_snapshot..."
-mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT}  --user=root --no-password <<EOF
+mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT}  --user=${MYDUCK_USER} {MYDUCK_PASSWORD_OPTION} <<EOF
 SET GLOBAL replica_is_loading_snapshot = OFF;
 EOF
diff --git a/devtools/replica-setup-mysql/start_replication.sh b/devtools/replica-setup-mysql/start_replication.sh
@@ -13,7 +13,7 @@ OS=$(uname -s)
 
 # Use the EXECUTED_GTID_SET variable from the previous steps
 if [ $GTID_MODE == "ON" ] && [ ! -z "$EXECUTED_GTID_SET" ]; then
-  mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password <<EOF
+  mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} <<EOF
 SET GLOBAL gtid_purged = "${EXECUTED_GTID_SET}";
 EOF
 fi
@@ -31,7 +31,7 @@ if [ $GTID_MODE == "OFF" ]; then
   SOURCE_LOG_POS=${BINLOG_POS}"
 fi
 
-mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=root --no-password <<EOF
+mysqlsh --sql --host=${MYDUCK_HOST} --port=${MYDUCK_PORT} --user=${MYDUCK_USER} ${MYDUCK_PASSWORD_OPTION} <<EOF
 ${REPLICATION_CMD};
 START REPLICA;
 EOF
diff --git a/devtools/replica-setup-postgres/replica_setup.sh b/devtools/replica-setup-postgres/replica_setup.sh
@@ -80,7 +80,7 @@ CREATE_SUBSCRIPTION_SQL="CREATE SUBSCRIPTION ${SUBSCRIPTION_NAME} \
     CONNECTION 'dbname=${SOURCE_DATABASE} host=${SOURCE_HOST} port=${SOURCE_PORT} user=${SOURCE_USER} password=${SOURCE_PASSWORD}' \
     PUBLICATION ${PUBLICATION_NAME};"
 
-psql -h $MYDUCK_HOST -p $MYDUCK_PORT -U $MYDUCK_USER <<EOF
+PGPASSWORD="$MYDUCK_PASSWORD" psql -h $MYDUCK_HOST -p $MYDUCK_PORT -U $MYDUCK_USER <<EOF
 ${CREATE_SUBSCRIPTION_SQL}
 EOF
 
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -93,6 +93,13 @@ cleanup() {
     fi
 }
 
+# Define MYSQL_PASSWORD_OPTION based on SUPERUSER_PASSWORD
+if [ -z "$SUPERUSER_PASSWORD" ]; then
+    MYSQL_PASSWORD_OPTION="--no-password"
+else
+    MYSQL_PASSWORD_OPTION="--password=$SUPERUSER_PASSWORD"
+fi
+
 # Function to run replica setup
 run_replica_setup() {
     case "$SOURCE_TYPE" in
@@ -116,6 +123,8 @@ run_replica_setup() {
             ;;
     esac
 
+    export MYDUCK_PASSWORD="${SUPERUSER_PASSWORD}"
+
     # Run replica_setup.sh and check for errors
     if source replica_setup.sh; then
         echo "Replica setup completed."
@@ -127,7 +136,16 @@ run_replica_setup() {
 
 run_server_in_background() {
       cd "$DATA_PATH" || { echo "Error: Could not change directory to ${DATA_PATH}"; exit 1; }
-      nohup myduckserver $DEFAULT_DB $SUPERUSER_PASSWORD $LOG_LEVEL $PROFILER_PORT $RESTORE_FILE $RESTORE_ENDPOINT $RESTORE_ACCESS_KEY_ID $RESTORE_SECRET_ACCESS_KEY | tee -a "${LOG_PATH}/server.log" 2>&1 &
+      nohup myduckserver \
+        ${DEFAULT_DB_OPTION} \
+        ${SUPERUSER_PASSWORD_OPTION} \
+        ${LOG_LEVEL_OPTION} \
+        ${PROFILER_PORT_OPTION} \
+        ${RESTORE_FILE_OPTION} \
+        ${RESTORE_ENDPOINT_OPTION} \
+        ${RESTORE_ACCESS_KEY_ID_OPTION} \
+        ${RESTORE_SECRET_ACCESS_KEY_OPTION} \
+        | tee -a "${LOG_PATH}/server.log" 2>&1 &
       echo "$!" > "${PID_FILE}"
 }
 
@@ -141,10 +159,10 @@ wait_for_my_duck_server_ready() {
 
     echo "Waiting for MyDuck Server at $host:$port to be ready..."
 
-    until mysqlsh --sql --host "$host" --port "$port" --user "$user" --no-password --execute "SELECT VERSION();" &> /dev/null; do
+    until mysqlsh --sql --host "$host" --port "$port" --user "$user" ${MYSQL_PASSWORD_OPTION} --execute "SELECT VERSION();" &> /dev/null; do
         attempt=$((attempt+1))
         if [ "$attempt" -ge "$max_attempts" ]; then
-            echo "Error: MySQL connection timed out after $max_attempts attempts."
+            echo "Error: MySQL connection timeout after $max_attempts attempts."
             exit 1
         fi
         echo "Attempt $attempt/$max_attempts: MyDuck Server is unavailable - retrying in $wait_time seconds..."
@@ -186,14 +204,14 @@ execute_init_sqls() {
         echo "Executing init SQL scripts from $INIT_SQLS_DIR/mysql..."
         for file in "$INIT_SQLS_DIR/mysql"/*.sql; do
             echo "Executing $file..."
-            mysqlsh --sql --host "$host" --port "$mysql_port" --user "$mysql_user" --no-password --file="$file"
+            mysqlsh --sql --host "$host" --port "$mysql_port" --user "$mysql_user" $MYSQL_PASSWORD_OPTION --file="$file"
         done
     fi
     if [ -d "$INIT_SQLS_DIR/postgres" ] && [ "$(find "$INIT_SQLS_DIR/postgres" -maxdepth 1 -name '*.sql' -type f | head -n 1)" ]; then
         echo "Executing init SQL scripts from $INIT_SQLS_DIR/postgres..."
         for file in "$INIT_SQLS_DIR/postgres"/*.sql; do
             echo "Executing $file..."
-            psql -h "$host" -p "$postgres_port" -U "$postgres_user" -f "$file"
+            PGPASSWORD="$SUPERUSER_PASSWORD" psql -h "$host" -p "$postgres_port" -U "$postgres_user" -f "$file"
         done
     fi
 }
@@ -204,35 +222,35 @@ setup() {
     trap cleanup SIGTERM SIGINT SIGQUIT
 
     if [ -n "$DEFAULT_DB" ]; then
-        export DEFAULT_DB="--default-db=$DEFAULT_DB"
+        export DEFAULT_DB_OPTION="--default-db=$DEFAULT_DB"
     fi
 
     if [ -n "$SUPERUSER_PASSWORD" ]; then
-        export SUPERUSER_PASSWORD="--superuser-password=$SUPERUSER_PASSWORD"
+        export SUPERUSER_PASSWORD_OPTION="--superuser-password=$SUPERUSER_PASSWORD"
     fi
 
     if [ -n "$LOG_LEVEL" ]; then
-        export LOG_LEVEL="--loglevel=$LOG_LEVEL"
+        export LOG_LEVEL_OPTION="--loglevel=$LOG_LEVEL"
     fi
     
     if [ -n "$PROFILER_PORT" ]; then
-        export PROFILER_PORT="--profiler-port=$PROFILER_PORT"
+        export PROFILER_PORT_OPTION="--profiler-port=$PROFILER_PORT"
     fi
 
     if [ -n "$RESTORE_FILE" ]; then
-        export RESTORE_FILE="--restore-file=$RESTORE_FILE"
+        export RESTORE_FILE_OPTION="--restore-file=$RESTORE_FILE"
     fi
 
     if [ -n "$RESTORE_ENDPOINT" ]; then
-        export RESTORE_ENDPOINT="--restore-endpoint=$RESTORE_ENDPOINT"
+        export RESTORE_ENDPOINT_OPTION="--restore-endpoint=$RESTORE_ENDPOINT"
     fi
 
     if [ -n "$RESTORE_ACCESS_KEY_ID" ]; then
-        export RESTORE_ACCESS_KEY_ID="--restore-access-key-id=$RESTORE_ACCESS_KEY_ID"
+        export RESTORE_ACCESS_KEY_ID_OPTION="--restore-access-key-id=$RESTORE_ACCESS_KEY_ID"
     fi
 
     if [ -n "$RESTORE_SECRET_ACCESS_KEY" ]; then
-        export RESTORE_SECRET_ACCESS_KEY="--restore-secret-access-key=$RESTORE_SECRET_ACCESS_KEY"
+        export RESTORE_SECRET_ACCESS_KEY_OPTION="--restore-secret-access-key=$RESTORE_SECRET_ACCESS_KEY"
     fi
 
     # Ensure required directories exist
