Mysql: skip-name-resolve hard coded in my.cnf

You can override that setting via command line.
Il 26/mar/2016 20:58, "Ángel Cervera Claudio" [email protected] ha
scritto:

I trying to use the image in a docker compose, executing the following
script from /docker-entrypoint-initdb.d :

-- If not exist, create the database.
CREATE DATABASE IF NOT EXISTS sonar CHARACTER SET utf8 COLLATE utf8_general_ci;

-- Create the user and password and grant permission to access from sonar.
CREATE USER sonarUsr@localhost IDENTIFIED BY 'password';
CREATE USER sonarUsr@sonar IDENTIFIED BY 'password';
GRANT ALL ON sonar.* TO sonarUsr@localhost;
GRANT ALL ON sonar.* TO sonarUsr@sonar;

But the Dockerfile adds the _skip-name-resolve_ parameter in the config
file. Dockerfile, line 37:

RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf \
&& echo 'skip-host-cache\nskip-name-resolve' | awk '{ print } $1 == "[mysqld]" && c == 0 { c = 1; system("cat") }' /etc/mysql/my.cnf > /tmp/my.cnf \
&& mv /tmp/my.cnf /etc/mysql/my.cnf

So, myslq can not translate the name into an IP, so it does not create the
user.
Why is "_skip-name-resolve_" hard coded ?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
https://github.com/docker-library/mysql/issues/154

But why is this option by default?
I am concerned about the reason of this option. If it is pointedly, I am sure that there is a good reason that I unknown.
If there is not a reason, maybe the best is to keep the default mysql configuration.
If there is a reason, I am worry about to let mysql resolves names inside of the docker compose subnet in my installation.

But why is this option by default?

1. docker relies on the host DNS
2. containers uses the DNS configured in /etc/resolv.conf _at creation time_
3. if that DNS becomes unreachable (eg. disconnection, connection to a
   new wifi, ...) that DNS won't work anymore
4. mysql authentication lags, waiting for client hostname resolution.

My 2¢.
Peace, R.

You can override that setting via command line.

@ioggstream I've been trying to override the --skip-name-resolve flag in every way that I can think of, both when just doing a docker run and in the context of a docker-compose file (docker-compose run or docker-compose up), but nothing is working.

Can you give an example line of how to run this docker image while successfully overriding the hardcoded --skip-name-resolve flag so that skip-name-resolve is disabled and off?

I had thought that it was like many other settings and you could do something like docker run -d -e MYSQL_ROOT_PASSWORD=secret --name=sql mysql --disable-skip-name-resolve, but apparently there is only the flag to turn it on and not one to turn it off. So the only option to override it is to sed the my.cnf on start (or in a Dockerfile) or provide your own my.cnf (-v /path/to/my.cnf:/etc/mysql/my.cnf or COPY ...)

Thanks @yosifkit. I wasn't able to get changing my own my.cnf to work. I tried both COPY and loading as a volume. BUT I was able to get RUN sed -i "s/skip-name-resolve//" /etc/mysql/my.cnf to work in a Dockerfile. Thanks for the help!

@ltangvald I think it's worth opening a feature request to mysqld to support values on skip-name-resolve, eg.

   mysqld --skip-name-resolve=false

@ltangvald @yosifkit added https://bugs.mysql.com/bug.php?id=84002

Comments welcome.

Bug report looks good. I'll check around and see if there's any existing way to do this.
Also note that the skip-name-resolve setting is now in a Docker-specific config file: /etc/mysql/conf.d/docker.cnf, so as a workaround you can override it with -v, mapping to an empty file (or one containing just the skip-host-cache setting)

Hey everyone,

I shared my custom config here: https://gist.github.com/pascalandy/3ffb1b443fd143382a7cd2d4dae9a144

I guess you could use it and update the flag here - https://gist.github.com/pascalandy/3ffb1b443fd143382a7cd2d4dae9a144#file-my-custom-cnf-L31

Hope it can help :-)

Cheers!
twitter.com/_pascalandy

Thanks @rocketnova https://github.com/docker-library/mysql/issues/154#issuecomment-236285989

The path changed since your comment:

RUN sed -i "s/skip-name-resolve/# skip-name-resolve/" /etc/mysql/conf.d/docker.cnf

Having no DNS server was bugging me, as

GRANT ALL PRIVILEGES ON *.* TO 'db_user'@'web' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;

didn't work:

[Warning] 'user' entry 'root@web' ignored in --skip-name-resolve mode.

Closing given that the rationale for this setting by default in a Docker environment is noted above, and there's an upstream issue filed (https://bugs.mysql.com/bug.php?id=84002) to make re-enabling this easier (with decent work-arounds for folks in the meantime documented here).

So is it that at this date to run mysql 5.7 and have users able to connect via socket or tcp they all need to have '%' whildcard host?