Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31550

"mariadb-admin ping" exits zero when authentication fails

Details

    Description

      1. Start a server from the latest docker image using a non-empty password:

      docker run --name mariadb -d --rm -e MARIADB_ROOT_PASSWORD=nonempty mariadb:latest

      2. Attempt to run a simple health check on it using mariadb-ping:

      docker exec -it mariadb mariadb-admin ping ; echo $?
      		 
      mariadb-admin: connect to server at 'localhost' failed
      		 
      error: 'Access denied for user 'root'@'localhost' (using password: NO)'
      		 
      0

      Notice that authentication fails, but the exit code is 0 (success).

      3. Do the same thing, but with a status check instead:

      docker exec -it mariadb mariadb-admin status ; echo $?
      		 
      mariadb-admin: connect to server at 'localhost' failed
      		 
      error: 'Access denied for user 'root'@'localhost' (using password: NO)'
      		 
      1

      Notice that the authentication fails, so the exit code is 1 (fail).

      I believe both should fail with a non-zero code upon authentication failure. Without this, docker containers, or other setups that rely on "mysqladmin ping" may incorrectly succeed if the server is overwhelmed or otherwise having trouble succeeding with authentication requests.

      Attachments

        Issue Links

          is duplicated by

          Task - A task that needs to be done. MDEV-31549 "mariadb-admin ping"

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            danblack Daniel Black added a comment -

            Also see: https://mariadb.org/mariadb-server-docker-official-images-healthcheck-without-mysqladmin/

            Why mysqladmin ping/mariadb-admin ping is incorrect as a healthcheck.

            With https://github.com/docker-library/official-images/pull/14936 very soon it should be simpiler

             docker run --name mariadb -d --rm -e MARIADB_ROOT_PASSWORD=nonempty --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=5s --health-timeout=5s --health-retries=3 mariadb:latest
            		 
            ..
            		 
             CONTAINER ID  IMAGE                             COMMAND     CREATED         STATUS                   PORTS       NAMES
            		 
            8d2bbb2ae7aa  docker.io/library/mariadb:latest  mariadbd    21 seconds ago  Up 21 seconds (healthy)              mariadb
            		 
             
            		 
            $ podman exec mariadb  bash -x -v healthcheck.sh --connect --innodb_initialized 
            ...
            		 
            ++ mariadb --defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf -B --skip-column-names -e 'select 1 from information_schema.ENGINES WHERE engine="innodb" AND support in ("YES", "DEFAULT", "ENABLED")'
            		 
            + s=1
            		 
            + '[' 1 == 1 ']'
            		 
            + test=
            		 
            + shift
            		 
            + '[' 0 -gt 0 ']'

            danblack Daniel Black added a comment - Also see: https://mariadb.org/mariadb-server-docker-official-images-healthcheck-without-mysqladmin/ Why mysqladmin ping/mariadb-admin ping is incorrect as a healthcheck. With https://github.com/docker-library/official-images/pull/14936 very soon it should be simpiler docker run --name mariadb -d --rm -e MARIADB_ROOT_PASSWORD=nonempty --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=5s --health-timeout=5s --health-retries=3 mariadb:latest .. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8d2bbb2ae7aa docker.io/library/mariadb:latest mariadbd 21 seconds ago Up 21 seconds (healthy) mariadb   $ podman exec mariadb bash -x -v healthcheck.sh --connect --innodb_initialized ... ++ mariadb --defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf -B --skip-column-names -e 'select 1 from information_schema.ENGINES WHERE engine="innodb" AND support in ("YES", "DEFAULT", "ENABLED")' + s=1 + '[' 1 == 1 ']' + test= + shift + '[' 0 -gt 0 ']'
            serg Sergei Golubchik added a comment -

            This is intentional and documented behavior. See https://mariadb.com/kb/en/mariadb-admin/

            ping Check if mysqld is alive. Return status is 0 if the server is running (even in the case of an error such as access denied), 1 if it is not.

            serg Sergei Golubchik added a comment - This is intentional and documented behavior. See https://mariadb.com/kb/en/mariadb-admin/ ping Check if mysqld is alive. Return status is 0 if the server is running (even in the case of an error such as access denied), 1 if it is not.

            People

              serg Sergei Golubchik
              bpkroth Brian Kroth
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.