Merge pull request #201 from hhorak/s2i-support

Implement s2i and general extendability support

Author: hhorak

5.6/Dockerfile

@@ -1,4 +1,4 @@
-FROM centos:centos7
+FROM centos/s2i-core-centos7
 
 # MySQL image for OpenShift.
 #
@@ -11,6 +11,7 @@ FROM centos:centos7
 #  * $MYSQL_ROOT_PASSWORD (Optional) - Password for the 'root' MySQL account
 
 ENV MYSQL_VERSION=5.6 \
+    APP_DATA=/opt/app-root/src \
     HOME=/var/lib/mysql
 
 ENV SUMMARY="MySQL 5.6 SQL database server" \
@@ -35,9 +36,10 @@ EXPOSE 3306
 # This image must forever use UID 27 for mysql user so our volumes are
 # safe in the future. This should *never* change, the last test is there
 # to make sure of that.
-RUN yum install -y centos-release-scl && \
-    INSTALL_PKGS="tar rsync gettext hostname bind-utils rh-mysql56" && \
-    yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \
+RUN yum install -y yum-utils && \
+    yum install -y centos-release-scl && \
+    INSTALL_PKGS="rsync tar gettext hostname bind-utils groff-base shadow-utils rh-mysql56" && \
+    yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \
     mkdir -p /var/lib/mysql/data && chown -R mysql.0 /var/lib/mysql && \
@@ -56,12 +58,13 @@ ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \
     PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable"
 
 COPY 5.6/root-common /
+COPY 5.6/s2i-common/bin/ $STI_SCRIPTS_PATH
 COPY 5.6/root /
 
 # this is needed due to issues with squash
 # when this directory gets rm'd by the container-setup
 # script.
-RUN rm -rf /etc/my.cnf.d/* 
+RUN rm -rf /etc/my.cnf.d/*
 RUN /usr/libexec/container-setup
 
 VOLUME ["/var/lib/mysql/data"]

5.6/Dockerfile.rhel7

@@ -1,4 +1,4 @@
-FROM rhel7
+FROM rhscl/s2i-core-rhel7
 
 # MySQL image for OpenShift.
 #
@@ -11,6 +11,7 @@ FROM rhel7
 #  * $MYSQL_ROOT_PASSWORD (Optional) - Password for the 'root' MySQL account
 
 ENV MYSQL_VERSION=5.6 \
+    APP_DATA=/opt/app-root/src \
     HOME=/var/lib/mysql
 
 ENV SUMMARY="MySQL 5.6 SQL database server" \
@@ -43,7 +44,7 @@ RUN yum repolist > /dev/null && \
     yum-config-manager --enable rhel-7-server-rpms && \
     yum-config-manager --enable rhel-7-server-optional-rpms && \
     yum-config-manager --enable rhel-server-rhscl-7-rpms && \
-    INSTALL_PKGS="rsync tar gettext hostname bind-utils rh-mysql56" && \
+    INSTALL_PKGS="rsync tar gettext hostname bind-utils groff-base shadow-utils rh-mysql56" && \
     yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \
@@ -63,12 +64,13 @@ ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \
     PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable"
 
 COPY 5.6/root-common /
+COPY 5.6/s2i-common/bin/ $STI_SCRIPTS_PATH
 COPY 5.6/root /
 
 # this is needed due to issues with squash
 # when this directory gets rm'd by the container-setup
 # script.
-RUN rm -rf /etc/my.cnf.d/* 
+RUN rm -rf /etc/my.cnf.d/*
 RUN /usr/libexec/container-setup
 
 VOLUME ["/var/lib/mysql/data"]

5.6/root/usr/share/container-scripts/mysql/README.md

@@ -44,7 +44,6 @@ or if it was already present, `mysqld` is executed and will run as PID 1. You ca
  stop the detached container by running `docker stop mysql_database`.
 
 
-
 Environment variables and volumes
 ---------------------------------
 
@@ -142,6 +141,81 @@ location is `/etc/my.cnf` but you can change it to `/etc/mysql/my.cnf` by settin
  `MYSQL_DEFAULTS_FILE=/etc/mysql/my.cnf`
 
 
+Extending image
+---------------
+This image can be extended using [source-to-image](https://github.com/openshift/source-to-image).
+
+For example, to build a customized MariaDB database image `my-mysql-rhel7`
+with a configuration in `~/image-configuration/` run:
+
+```
+$ s2i build ~/image-configuration/ rhscl/mysql-56-rhel7 my-mysql-rhel7
+```
+
+The directory passed to `s2i build` can contain these directories:
+
+`mysql-cfg/`
+    When starting the container, files from this directory will be used as
+    a configuration for the `mysqld` daemon.
+    `envsubst` command is run on this file to still allow customization of
+    the image using environmental variables
+
+`mysql-pre-init/`
+    Shell scripts (`*.sh`) available in this directory are sourced before
+    `mysqld` daemon is started.
+
+`mysql-init/`
+    Shell scripts (`*.sh`) available in this directory are sourced when
+    `mysqld` daemon is started locally. In this phase, use `${mysql_flags}`
+    to connect to the locally running daemon, for example `mysql $mysql_flags < dump.sql`
+
+Variables that can be used in the scripts provided to s2i:
+
+`$mysql_flags`
+    arguments for the `mysql` tool that will connect to the locally running `mysqld` during initialization
+
+`$MYSQL_RUNNING_AS_MASTER`
+    variable defined when the container is run with `run-mysqld-master` command
+
+`$MYSQL_RUNNING_AS_SLAVE`
+    variable defined when the container is run with `run-mysqld-slave` command
+
+`$MYSQL_DATADIR_FIRST_INIT`
+    variable defined when the container was initialized from the empty data dir
+
+During `s2i build` all provided files are copied into `/opt/app-root/src`
+directory into the resulting image. If some configuration files are present
+in the destination directory, files with the same name are overwritten.
+Also only one file with the same name can be used for customization and user
+provided files are preferred over default files in
+`/usr/share/container-scripts/mysql/`- so it is possible to overwrite them.
+
+Same configuration directory structure can be used to customize the image
+every time the image is started using `docker run`. The directory has to be
+mounted into `/opt/app-root/src/` in the image
+(`-v ./image-configuration/:/opt/app-root/src/`).
+This overwrites customization built into the image.
+
+
+Securing the connection with SSL
+--------------------------------
+In order to secure the connection with SSL, use the extending feature described
+above. In particular, put the SSL certificates into a separate directory:
+
+    sslapp/mysql-certs/server-cert-selfsigned.pem
+    sslapp/mysql-certs/server-key.pem
+
+And then put a separate configuration file into mysql-cfg:
+
+    $> cat sslapp/mysql-cfg/ssl.cnf
+    [mysqld]
+    ssl-key=${APP_DATA}/mysql-certs/server-key.pem
+    ssl-cert=${APP_DATA}/mysql-certs/server-cert-selfsigned.pem
+
+Such a directory `sslapp` can then be mounted into the container with -v,
+or a new container image can be built using s2i.
+
+
 Changing the replication binlog_format
 --------------------------------------
 Some applications may wish to use `row` binlog_formats (for example, those built

5.6/s2i-common

@@ -0,0 +1 @@
+../s2i-common/

5.7/Dockerfile

@@ -1,4 +1,4 @@
-FROM centos:centos7
+FROM centos/s2i-core-centos7
 
 # MySQL image for OpenShift.
 #
@@ -11,6 +11,7 @@ FROM centos:centos7
 #  * $MYSQL_ROOT_PASSWORD (Optional) - Password for the 'root' MySQL account
 
 ENV MYSQL_VERSION=5.7 \
+    APP_DATA=/opt/app-root/src \
     HOME=/var/lib/mysql
 
 ENV SUMMARY="MySQL 5.7 SQL database server" \
@@ -37,8 +38,7 @@ EXPOSE 3306
 # to make sure of that.
 RUN yum install -y yum-utils && \
     yum install -y centos-release-scl && \
-    yum-config-manager --enable centos-sclo-rh-testing && \
-    INSTALL_PKGS="rsync tar gettext hostname bind-utils rh-mysql57" && \
+    INSTALL_PKGS="rsync tar gettext hostname bind-utils groff-base shadow-utils rh-mysql57" && \
     yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \
@@ -58,6 +58,7 @@ ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \
     PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable"
 
 COPY 5.7/root-common /
+COPY 5.7/s2i-common/bin/ $STI_SCRIPTS_PATH
 COPY 5.7/root /
 
 # this is needed due to issues with squash

5.7/Dockerfile.fedora

@@ -1,4 +1,4 @@
-FROM registry.fedoraproject.org/fedora:26
+FROM registry.fedoraproject.org/f26/s2i-core:latest
 
 # MySQL image for OpenShift.
 #
@@ -11,6 +11,7 @@ FROM registry.fedoraproject.org/fedora:26
 #  * $MYSQL_ROOT_PASSWORD (Optional) - Password for the 'root' MySQL account
 
 ENV MYSQL_VERSION=5.7 \
+    APP_DATA=/opt/app-root/src \
     HOME=/var/lib/mysql
 
 ENV SUMMARY="MySQL 5.7 SQL database server" \
@@ -47,7 +48,7 @@ RUN ln -s /usr/bin/python3 /usr/bin/python
 # This image must forever use UID 27 for mysql user so our volumes are
 # safe in the future. This should *never* change, the last test is there
 # to make sure of that.
-RUN INSTALL_PKGS="rsync tar gettext hostname bind-utils community-mysql-server policycoreutils" && \
+RUN INSTALL_PKGS="rsync tar gettext hostname bind-utils groff-base shadow-utils community-mysql-server policycoreutils" && \
     yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \
@@ -59,6 +60,7 @@ ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/mysql \
     MYSQL_PREFIX=/usr
 
 COPY 5.7/root-common /
+COPY 5.7/s2i-common/bin/ $STI_SCRIPTS_PATH
 COPY 5.7/root /
 
 # this is needed due to issues with squash

5.7/Dockerfile.rhel7

@@ -1,4 +1,4 @@
-FROM rhel7
+FROM rhscl/s2i-core-rhel7
 
 # MySQL image for OpenShift.
 #
@@ -11,6 +11,7 @@ FROM rhel7
 #  * $MYSQL_ROOT_PASSWORD (Optional) - Password for the 'root' MySQL account
 
 ENV MYSQL_VERSION=5.7 \
+    APP_DATA=/opt/app-root/src \
     HOME=/var/lib/mysql
 
 ENV SUMMARY="MySQL 5.7 SQL database server" \
@@ -43,7 +44,7 @@ RUN yum repolist > /dev/null && \
     yum-config-manager --enable rhel-7-server-rpms && \
     yum-config-manager --enable rhel-7-server-optional-rpms && \
     yum-config-manager --enable rhel-server-rhscl-7-rpms && \
-    INSTALL_PKGS="rsync tar gettext hostname bind-utils rh-mysql57" && \
+    INSTALL_PKGS="rsync tar gettext hostname bind-utils groff-base shadow-utils rh-mysql57" && \
     yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \
@@ -63,6 +64,7 @@ ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \
     PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable"
 
 COPY 5.7/root-common /
+COPY 5.7/s2i-common/bin/ $STI_SCRIPTS_PATH
 COPY 5.7/root /
 
 # this is needed due to issues with squash

5.7/root/usr/share/container-scripts/mysql/README.md

@@ -44,7 +44,6 @@ or if it was already present, `mysqld` is executed and will run as PID 1. You ca
  stop the detached container by running `docker stop mysql_database`.
 
 
-
 Environment variables and volumes
 ---------------------------------
 
@@ -142,6 +141,81 @@ location is `/etc/my.cnf` but you can change it to `/etc/mysql/my.cnf` by settin
  `MYSQL_DEFAULTS_FILE=/etc/mysql/my.cnf`
 
 
+Extending image
+---------------
+This image can be extended using [source-to-image](https://github.com/openshift/source-to-image).
+
+For example, to build a customized MariaDB database image `my-mysql-rhel7`
+with a configuration in `~/image-configuration/` run:
+
+```
+$ s2i build ~/image-configuration/ rhscl/mysql-57-rhel7 my-mysql-rhel7
+```
+
+The directory passed to `s2i build` can contain these directories:
+
+`mysql-cfg/`
+    When starting the container, files from this directory will be used as
+    a configuration for the `mysqld` daemon.
+    `envsubst` command is run on this file to still allow customization of
+    the image using environmental variables
+
+`mysql-pre-init/`
+    Shell scripts (`*.sh`) available in this directory are sourced before
+    `mysqld` daemon is started.
+
+`mysql-init/`
+    Shell scripts (`*.sh`) available in this directory are sourced when
+    `mysqld` daemon is started locally. In this phase, use `${mysql_flags}`
+    to connect to the locally running daemon, for example `mysql $mysql_flags < dump.sql`
+
+Variables that can be used in the scripts provided to s2i:
+
+`$mysql_flags`
+    arguments for the `mysql` tool that will connect to the locally running `mysqld` during initialization
+
+`$MYSQL_RUNNING_AS_MASTER`
+    variable defined when the container is run with `run-mysqld-master` command
+
+`$MYSQL_RUNNING_AS_SLAVE`
+    variable defined when the container is run with `run-mysqld-slave` command
+
+`$MYSQL_DATADIR_FIRST_INIT`
+    variable defined when the container was initialized from the empty data dir
+
+During `s2i build` all provided files are copied into `/opt/app-root/src`
+directory into the resulting image. If some configuration files are present
+in the destination directory, files with the same name are overwritten.
+Also only one file with the same name can be used for customization and user
+provided files are preferred over default files in
+`/usr/share/container-scripts/mysql/`- so it is possible to overwrite them.
+
+Same configuration directory structure can be used to customize the image
+every time the image is started using `docker run`. The directory has to be
+mounted into `/opt/app-root/src/` in the image
+(`-v ./image-configuration/:/opt/app-root/src/`).
+This overwrites customization built into the image.
+
+
+Securing the connection with SSL
+--------------------------------
+In order to secure the connection with SSL, use the extending feature described
+above. In particular, put the SSL certificates into a separate directory:
+
+    sslapp/mysql-certs/server-cert-selfsigned.pem
+    sslapp/mysql-certs/server-key.pem
+
+And then put a separate configuration file into mysql-cfg:
+
+    $> cat sslapp/mysql-cfg/ssl.cnf
+    [mysqld]
+    ssl-key=${APP_DATA}/mysql-certs/server-key.pem
+    ssl-cert=${APP_DATA}/mysql-certs/server-cert-selfsigned.pem
+
+Such a directory `sslapp` can then be mounted into the container with -v,
+or a new container image can be built using s2i.
+
+
 Changing the replication binlog_format
 --------------------------------------
 Some applications may wish to use `row` binlog_formats (for example, those built

5.7/s2i-common

@@ -0,0 +1 @@
+../s2i-common/

examples/extend-image/mysql-cfg/myconfig.cnf

@@ -0,0 +1,3 @@
+[mysqld]
+query-cache-limit=262144
+