aptible/mysql
MySQL Community Server on Docker.
Installation and Usage
docker pull quay.io/aptible/mysql
This is an image conforming to the Aptible database specification. To run a server for development purposes, execute
docker create --name data quay.io/aptible/mysql
docker run --volumes-from data -e USERNAME=aptible -e PASSPHRASE=pass -e DATABASE=db quay.io/aptible/mysql --initialize
docker run --volumes-from data -P quay.io/aptible/mysql
The first command sets up a data container named data
which will hold the configuration and data for the database. The second command creates a MySQL instance with a username, passphrase and database name of your choice. The third command starts the database server.
SSL
The MySQL server is configured to require SSL for any TCP connection that
authenticates as the USERNAME
that the database was initialized with. The SSL
connection relies on a self-signed certficate that is generated when
--initialize
is called. Because it's often difficult to force an SSL
connection from some clients, we also create another user with a -nossl
suffix
that allows but does not require SSL. For example, if you pass
USERNAME=aptible
to the database --initialize
call, an aptible
user is
created that requires SSL over TCP and an aptible-nossl
user is created that
does not require SSL over TCP.
When you connect via the --client
flag using the Docker image, SSL is forced.
Connecting from other clients or from the mysql
command line utility involves
setting various
ssl flags and it's
sometimes unclear which are mandatory and what configuration is implied by
different combinations of flags. The simplest way to force SSL from a client is
to set the ssl-cipher
parameter. This Docker image supports
DHE-RSA-AES256-SHA
and AES128-SHA
.
When using an untested client to connect, you should always verify that the
connection parameters you've supplied forces an SSL connection by inspecting
the session's Ssl_cipher
status variable, for example:
mysql> show status like 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.02 sec)
This status variable is non-empty exactly when SSL is enabled for the session.
Available Tags
latest
: Currently MySQL MySQL 8.08.0
: MySQL 8.0.255.7
: MySQL 5.7.345.6
: MySQL 5.6.50 (EOL February 5, 2021)
Tests
Tests are run as part of the Dockerfile
build. To execute them separately within a container, run:
bats test
Deployment
To push the Docker image to Quay, run the following command:
make release
Continuous Integration
Images are built and pushed to Docker Hub on every deploy. Because Quay currently only supports build triggers where the Docker tag name exactly matches a GitHub branch/tag name, we must run the following script to synchronize all our remote branches after a merge to master:
make sync-branches
Copyright and License
MIT License, see LICENSE for details.
Copyright (c) 2019 Aptible and contributors.