From 1e2e696472ff3fc7f4a733c4544446d56715fff1 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Mon, 2 Sep 2024 14:05:41 +1000 Subject: [PATCH] healthcheck - ruggardize connection failed result Narrow down the scope of healthcheck --connect failures to the mariadb client errors "Can't connect". May as well look at same @skip-networking system variable on TCP just in case. 28000 errors, per https://mariadb.com/kb/en/mariadb-error-code-reference/ are client errors after a connection, indicating that the start of a tcp connection occured. Tested by hacking the entrypoint: + echo -e "[mariadb-clie" > "$DATADIR"/.my-healthcheck.cnf + sleep 3 umask 0077 - echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf + echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=wrong$healthCheckConnectPass\\n" > "$DATADIR"/.my-healthcheck.cnf $maskPreserve + sleep 3 --- 10.11-ubi/healthcheck.sh | 36 +++++++++++++++++++++--------------- 10.11/healthcheck.sh | 36 +++++++++++++++++++++--------------- 10.5/healthcheck.sh | 36 +++++++++++++++++++++--------------- 10.6-ubi/healthcheck.sh | 36 +++++++++++++++++++++--------------- 10.6/healthcheck.sh | 36 +++++++++++++++++++++--------------- 11.1/healthcheck.sh | 36 +++++++++++++++++++++--------------- 11.2/healthcheck.sh | 36 +++++++++++++++++++++--------------- 11.4-ubi/healthcheck.sh | 36 +++++++++++++++++++++--------------- 11.4/healthcheck.sh | 36 +++++++++++++++++++++--------------- 11.5/healthcheck.sh | 36 +++++++++++++++++++++--------------- healthcheck.sh | 36 +++++++++++++++++++++--------------- main-ubi/healthcheck.sh | 36 +++++++++++++++++++++--------------- main/healthcheck.sh | 36 +++++++++++++++++++++--------------- 13 files changed, 273 insertions(+), 195 deletions(-) diff --git a/10.11-ubi/healthcheck.sh b/10.11-ubi/healthcheck.sh index eeecbcce..8e6fbeea 100755 --- a/10.11-ubi/healthcheck.sh +++ b/10.11-ubi/healthcheck.sh @@ -65,24 +65,30 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/10.11/healthcheck.sh b/10.11/healthcheck.sh index eeecbcce..8e6fbeea 100755 --- a/10.11/healthcheck.sh +++ b/10.11/healthcheck.sh @@ -65,24 +65,30 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/10.5/healthcheck.sh b/10.5/healthcheck.sh index b110f973..579aaac1 100755 --- a/10.5/healthcheck.sh +++ b/10.5/healthcheck.sh @@ -65,24 +65,30 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mysql ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/10.6-ubi/healthcheck.sh b/10.6-ubi/healthcheck.sh index eeecbcce..8e6fbeea 100755 --- a/10.6-ubi/healthcheck.sh +++ b/10.6-ubi/healthcheck.sh @@ -65,24 +65,30 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/10.6/healthcheck.sh b/10.6/healthcheck.sh index eeecbcce..8e6fbeea 100755 --- a/10.6/healthcheck.sh +++ b/10.6/healthcheck.sh @@ -65,24 +65,30 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/11.1/healthcheck.sh b/11.1/healthcheck.sh index 33794d8d..56b9e06f 100755 --- a/11.1/healthcheck.sh +++ b/11.1/healthcheck.sh @@ -65,24 +65,30 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/11.2/healthcheck.sh b/11.2/healthcheck.sh index 33794d8d..56b9e06f 100755 --- a/11.2/healthcheck.sh +++ b/11.2/healthcheck.sh @@ -65,24 +65,30 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/11.4-ubi/healthcheck.sh b/11.4-ubi/healthcheck.sh index 29294c36..9aad84ac 100755 --- a/11.4-ubi/healthcheck.sh +++ b/11.4-ubi/healthcheck.sh @@ -66,25 +66,31 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/11.4/healthcheck.sh b/11.4/healthcheck.sh index 29294c36..9aad84ac 100755 --- a/11.4/healthcheck.sh +++ b/11.4/healthcheck.sh @@ -66,25 +66,31 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/11.5/healthcheck.sh b/11.5/healthcheck.sh index 29294c36..9aad84ac 100755 --- a/11.5/healthcheck.sh +++ b/11.5/healthcheck.sh @@ -66,25 +66,31 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/healthcheck.sh b/healthcheck.sh index 29294c36..9aad84ac 100755 --- a/healthcheck.sh +++ b/healthcheck.sh @@ -66,25 +66,31 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/main-ubi/healthcheck.sh b/main-ubi/healthcheck.sh index 29294c36..9aad84ac 100755 --- a/main-ubi/healthcheck.sh +++ b/main-ubi/healthcheck.sh @@ -66,25 +66,31 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s } diff --git a/main/healthcheck.sh b/main/healthcheck.sh index 29294c36..9aad84ac 100755 --- a/main/healthcheck.sh +++ b/main/healthcheck.sh @@ -66,25 +66,31 @@ connect() return "$s"; ;; esac - # falling back to this if there wasn't a connection answer. - set +e +o pipefail - # (on second extra_file) - # shellcheck disable=SC2086 - mariadb ${nodefaults:+--no-defaults} \ + # falling back to tcp if there wasn't a connection answer. + s=$(mariadb ${nodefaults:+--no-defaults} \ ${def['file']:+--defaults-file=${def['file']}} \ ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp -e 'select 1' 2>&1 \ - | grep -qF "Can't connect" - local ret=${PIPESTATUS[1]} - set -eo pipefail - if (( "$ret" == 0 )); then - # grep Matched "Can't connect" so we fail - connect_s=1 - else - connect_s=0 - fi + -h localhost --protocol tcp -e 'select 1' 2>&1) + case "$s" in + 1) # skip-networking=1 (no network) + ;& + ERROR\ 2002\ \(HY000\):*) + # cannot connect + connect_s=1 + ;; + ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) + # grep access denied and other 28000 client errors - we did connect + ;& + 0) # skip-networking=0 + connect_s=0 + ;; + *) + >&2 echo "Unknown error $s" + connect_s=1 + ;; + esac return $connect_s }