[MDEV-22201] Docker Compose does not set root password for new container Created: 2020-04-09  Updated: 2020-04-09  Resolved: 2020-04-09

Status: Closed
Project: MariaDB Server
Component/s: OTHER
Affects Version/s: 10.4
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: AndrewCz Assignee: Unassigned
Resolution: Not a Bug Votes: 0
Labels: Docker
Environment:

Ubuntu 18.04.3 LTS
Docker version 19.03.8, build afacb8b7f0


 Description   

When passing MYSQL_ROOT_PASSWORD as an environment variable as shown here: https://hub.docker.com/_/mariadb?tab=description the container is created without a root password:

root@demo30-ourcompose-com--2020-04-09-02-10:~# docker inspect root_db_1
 
[]
 
Error: No such object: root_db_1
 
root@demo30-ourcompose-com--2020-04-09-02-10:~# cat stack.yml 
# Use root/example as user/password credentials
 
version: '3.6'
 
services:
 
  db:
 
    image: "mariadb:10.4"
 
    restart: always
 
    environment:
 
        MYSQL_ROOT_PASSWORD: "quEfaBHnAFmad7Fs"
 
root@demo30-ourcompose-com--2020-04-09-02-10:~# docker-compose -f stack.yml up | grep 'PLEASE REMEMBER' -A 20
 
Creating root_db_1 ... done
 
db_1  | PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
 
db_1  | To do so, start the server, then issue the following commands:
 
db_1  | 
db_1  | '/usr/bin/mysqladmin' -u root password 'new-password'
 
db_1  | '/usr/bin/mysqladmin' -u root -h  password 'new-password'
 
db_1  | 
db_1  | Alternatively you can run:
 
db_1  | '/usr/bin/mysql_secure_installation'
 
db_1  | 
db_1  | which will also give you the option of removing the test
 
db_1  | databases and anonymous user created by default.  This is
 
db_1  | strongly recommended for production servers.
 
db_1  | 
db_1  | See the MariaDB Knowledgebase at http://mariadb.com/kb or the
 
db_1  | MySQL manual for more instructions.
 
db_1  | 
db_1  | Please report any problems at http://mariadb.org/jira
 
db_1  | 
db_1  | The latest information about MariaDB is available at http://mariadb.org/.
 
db_1  | You can find additional information about the MySQL part at:
 
db_1  | http://dev.mysql.com



 Comments   
Comment by Daniel Black [ 2020-04-09 ]

Technically the mariadb docker image is maintained here: https://github.com/docker-library/mariadb

I tried your yaml and the password was stet:

$ docker-compose -f stack.yml up 
Creating network "tmp_default" with the default driver
 
Pulling db (mariadb:10.4)...
 
10.4: Pulling from library/mariadb
 
5bed26d33875: Pull complete
 
f11b29a9c730: Pull complete
 
930bda195c84: Pull complete
 
78bf9a5ad49e: Pull complete
 
e9e3c043ec68: Pull complete
 
141e45c6af4b: Pull complete
 
a26245908a82: Pull complete
 
40ccaf895c8a: Pull complete
 
2d665f60c94a: Pull complete
 
c7bcd9961bee: Pull complete
 
80f1ddb594ce: Pull complete
 
0647ec428f9f: Pull complete
 
9cb6e30e72ca: Pull complete
 
60890c0035d8: Pull complete
 
Digest: sha256:d0e2c681c41e91aba6e9c8c0a588eedd48291a70464e83c40da2e3de01998eef
 
Status: Downloaded newer image for mariadb:10.4
 
Creating tmp_db_1 ... done
 
Attaching to tmp_db_1
 
db_1  | 2020-04-09 03:20:33+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.4.12+maria~bionic started.
 
db_1  | 2020-04-09 03:20:34+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
 
db_1  | 2020-04-09 03:20:34+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.4.12+maria~bionic started.
 
db_1  | 2020-04-09 03:20:34+00:00 [Note] [Entrypoint]: Initializing database files
 
db_1  | 
db_1  | 
db_1  | PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
 
db_1  | To do so, start the server, then issue the following commands:
 
db_1  | 
db_1  | '/usr/bin/mysqladmin' -u root password 'new-password'
 
db_1  | '/usr/bin/mysqladmin' -u root -h  password 'new-password'
 
db_1  | 
db_1  | Alternatively you can run:
 
db_1  | '/usr/bin/mysql_secure_installation'
 
db_1  | 
db_1  | which will also give you the option of removing the test
 
db_1  | databases and anonymous user created by default.  This is
 
db_1  | strongly recommended for production servers.
 
db_1  | 
db_1  | See the MariaDB Knowledgebase at http://mariadb.com/kb or the
 
db_1  | MySQL manual for more instructions.
 
db_1  | 
db_1  | Please report any problems at http://mariadb.org/jira
 
db_1  | 
db_1  | The latest information about MariaDB is available at http://mariadb.org/.
 
db_1  | You can find additional information about the MySQL part at:
 
db_1  | http://dev.mysql.com
 
db_1  | Consider joining MariaDB's strong and vibrant community:
 
db_1  | https://mariadb.org/get-involved/
 
db_1  | 
db_1  | 2020-04-09 03:20:36+00:00 [Note] [Entrypoint]: Database files initialized
 
db_1  | 2020-04-09 03:20:36+00:00 [Note] [Entrypoint]: Starting temporary server
 
db_1  | 2020-04-09 03:20:36+00:00 [Note] [Entrypoint]: Waiting for server startup
 
db_1  | 2020-04-09  3:20:36 0 [Note] mysqld (mysqld 10.4.12-MariaDB-1:10.4.12+maria~bionic) starting as process 122 ...
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Using Linux native AIO
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Uses event mutexes
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Number of pools: 1
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Using SSE2 crc32 instructions
 
db_1  | 2020-04-09  3:20:37 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Completed initialization of buffer pool
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Creating shared tablespace for temporary tables
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: 10.4.12 started; log sequence number 60972; transaction id 21
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
 
db_1  | 2020-04-09  3:20:37 0 [Note] Plugin 'FEEDBACK' is disabled.
 
db_1  | 2020-04-09  3:20:37 0 [Warning] 'user' entry 'root@2ef8aad2b313' ignored in --skip-name-resolve mode.
 
db_1  | 2020-04-09  3:20:37 0 [Warning] 'user' entry '@2ef8aad2b313' ignored in --skip-name-resolve mode.
 
db_1  | 2020-04-09  3:20:37 0 [Warning] 'proxies_priv' entry '@% root@2ef8aad2b313' ignored in --skip-name-resolve mode.
 
db_1  | 2020-04-09  3:20:37 0 [Note] InnoDB: Buffer pool(s) load completed at 200409  3:20:37
 
db_1  | 2020-04-09  3:20:37 0 [Note] Reading of all Master_info entries succeeded
 
db_1  | 2020-04-09  3:20:37 0 [Note] Added new Master_info '' to hash table
 
db_1  | 2020-04-09  3:20:37 0 [Note] mysqld: ready for connections.
 
db_1  | Version: '10.4.12-MariaDB-1:10.4.12+maria~bionic'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  mariadb.org binary distribution
 
db_1  | 2020-04-09 03:20:37+00:00 [Note] [Entrypoint]: Temporary server started.
 
db_1  | Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
 
db_1  | 2020-04-09  3:21:00 10 [Warning] 'proxies_priv' entry '@% root@2ef8aad2b313' ignored in --skip-name-resolve mode.
 
db_1  | 
db_1  | 2020-04-09 03:21:00+00:00 [Note] [Entrypoint]: Stopping temporary server
 
db_1  | 2020-04-09  3:21:00 0 [Note] mysqld (initiated by: root[root] @ localhost []): Normal shutdown
 
db_1  | 2020-04-09  3:21:00 0 [Note] Event Scheduler: Purging the queue. 0 events
 
db_1  | 2020-04-09  3:21:00 0 [Note] InnoDB: FTS optimize thread exiting.
 
db_1  | 2020-04-09  3:21:00 0 [Note] InnoDB: Starting shutdown...
 
db_1  | 2020-04-09  3:21:00 0 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
 
db_1  | 2020-04-09  3:21:00 0 [Note] InnoDB: Buffer pool(s) dump completed at 200409  3:21:00
 
db_1  | 2020-04-09  3:21:01 0 [Note] InnoDB: Shutdown completed; log sequence number 60981; transaction id 24
 
db_1  | 2020-04-09  3:21:01 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
 
db_1  | 2020-04-09  3:21:01 0 [Note] mysqld: Shutdown complete
 
db_1  | 
db_1  | 2020-04-09 03:21:02+00:00 [Note] [Entrypoint]: Temporary server stopped
 
db_1  | 
db_1  | 2020-04-09 03:21:02+00:00 [Note] [Entrypoint]: MySQL init process done. Ready for start up.
 
db_1  | 
db_1  | 2020-04-09  3:21:02 0 [Note] mysqld (mysqld 10.4.12-MariaDB-1:10.4.12+maria~bionic) starting as process 1 ...
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Using Linux native AIO
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Uses event mutexes
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Number of pools: 1
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Using SSE2 crc32 instructions
 
db_1  | 2020-04-09  3:21:02 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Completed initialization of buffer pool
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Creating shared tablespace for temporary tables
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Waiting for purge to start
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: 10.4.12 started; log sequence number 60981; transaction id 21
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
 
db_1  | 2020-04-09  3:21:02 0 [Note] Plugin 'FEEDBACK' is disabled.
 
db_1  | 2020-04-09  3:21:02 0 [Note] Server socket created on IP: '::'.
 
db_1  | 2020-04-09  3:21:02 0 [Note] InnoDB: Buffer pool(s) load completed at 200409  3:21:02
 
db_1  | 2020-04-09  3:21:02 0 [Warning] 'proxies_priv' entry '@% root@2ef8aad2b313' ignored in --skip-name-resolve mode.
 
db_1  | 2020-04-09  3:21:02 0 [Note] Reading of all Master_info entries succeeded
 
db_1  | 2020-04-09  3:21:02 0 [Note] Added new Master_info '' to hash table
 
db_1  | 2020-04-09  3:21:02 0 [Note] mysqld: ready for connections.
 
db_1  | Version: '10.4.12-MariaDB-1:10.4.12+maria~bionic'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
 
db_1  | 2020-04-09  3:22:53 10 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
 
db_1  | 2020-04-09  3:22:57 11 [Warning] Access denied for user 'root'@'localhost' (using password: NO)

And testing:

$ docker exec  tmp_db_1  mysql -u root -pquEfaBHnAFmad7Fs -e "show databases"
 
Database
 
information_schema
 
mysql
 
performance_schema
 
 
 
$ docker exec  tmp_db_1  mysql -u root -pwrong -e "show databases"
 
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
 
 
 
$ docker exec  tmp_db_1  mysql -u root  -e "show databases"
 
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

Comment by AndrewCz [ 2020-04-09 ]

Yeah, that is the output that I would expect to see.

I'm spinning up a new server now to see if there's something in the environment that is causing this.

Comment by AndrewCz [ 2020-04-09 ]

I've tracked it down to the way that Ansible is executing the docker-compose command. I'll follow up if there is anything about mariadb specifically that is causing this, but I think at this point I was able to track it down to another part of the stack.

My apologies for the noise.

Comment by Daniel Black [ 2020-04-09 ]

Technically the notices about 'PLEASE REMEMBER TO SET A PASSWORD...' are in the output I did too. It is the mariadb-install-db which is part of mariadb.

While its possible to restructure https://github.com/docker-library/mariadb/blob/master/docker-entrypoint.sh to ensure this isn't displayed, it would be a rather massive change.

During docker container creation the server is started with `--skip-networking`.

Comment by AndrewCz [ 2020-04-09 ]

Bug report filed against ansible: https://github.com/ansible/ansible/issues/68803

Generated at Thu Feb 08 09:12:58 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.