Skip to content

Skip reverse DNS lookups #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 11, 2015
Merged

Skip reverse DNS lookups #89

merged 1 commit into from
Aug 11, 2015

Conversation

yosifkit
Copy link
Member

fixes #52

@yosifkit
Copy link
Member Author 

$ ./generate-stackbrew-library.sh | sed -r 's/docker-library/infosiftr/' > mysql
$ ./bashbrew/bashbrew.sh build ../mysql/mysql
Cloning mysql (git://github.com/infosiftr/mysql) ...
Processing mysql:5.5.45 ...
Processing mysql:5.5 ...
Processing mysql:5.6.26 ...
Processing mysql:5.6 ...
Processing mysql:5 ...
Processing mysql:latest ...
Processing mysql:5.7.7-rc ...
Processing mysql:5.7.7 ...
Processing mysql:5.7 ...
$ ./bashbrew/bashbrew.sh list --uniq ../mysql/mysql | xargs ./test/run.sh
testing mysql:5.5.45
    'utc' [1/4]...passed
    'cve-2014--shellshock' [2/4]...passed
    'no-hard-coded-passwords' [3/4]...passed
    'mysql-basics' [4/4]...passed
testing mysql:5.6.26
    'utc' [1/4]...passed
    'cve-2014--shellshock' [2/4]...passed
    'no-hard-coded-passwords' [3/4]...passed
    'mysql-basics' [4/4]...passed
testing mysql:5.7.7-rc
    'utc' [1/4]...passed
    'cve-2014--shellshock' [2/4]...passed
    'no-hard-coded-passwords' [3/4]...passed
    'mysql-basics' [4/4]...mysqld failed to accept connections in a reasonable amount of time!
ERROR 2003 (HY000): Can't connect to MySQL server on 'mysql' (111)
failed

tianon
tianon reviewed Jul 30, 2015
View reviewed changes
5.6/Dockerfile
RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf
# don't reverse lookup hostnames, they are usually another container
RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf \
&& echo 'skip-host-cache\nskip-name-resolve' | awk '{ print } /^\[mysqld\]$/ && c == 0 { c = 1; system("cat") }' /etc/mysql/my.cnf > /tmp/my.cnf \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This regex condition could instead be $1 == "[mysqld]".

@tianon
Copy link
Member

tianon commented Jul 30, 2015

I'm definitely a fan of skipping these by default for the image, especially since so many users will be behind at least Docker's NAT by default, so incoming connections won't resolve and we're just wasting precious time.

ping @ltangvald; what're your thoughts here?

@yosifkit yosifkit force-pushed the skip-name-resolve branch from 08e7be7 to 6d1c7c7 Compare July 30, 2015 23:40
@yosifkit
Copy link
Member Author

This leaves the my.cnf having this diff from it's previous state:

 [mysqld]
+skip-host-cache
+skip-name-resolve
 user       = mysql
 pid-file   = /var/run/mysqld/mysqld.pid
 socket     = /var/run/mysqld/mysqld.sock

@shofetim
Copy link

👍

@tianon
Copy link
Member

tianon commented Aug 11, 2015

LGTM

tianon added a commit that referenced this pull request Aug 11, 2015
@tianon
Merge pull request #89 from infosiftr/skip-name-resolve
c402b76 
Skip reverse DNS lookups
@tianon tianon merged commit c402b76 into docker-library:master Aug 11, 2015
@tianon tianon deleted the skip-name-resolve branch August 11, 2015 17:42
tianon added a commit to infosiftr/stackbrew that referenced this pull request Aug 11, 2015
@tianon
Update docker-library images
a236888 
- `celery`: docker-library/celery@033c91f
- `elasticsearch`: docker-library/elasticsearch@4e491a7
- `ghost`: docker-library/ghost@7200faa
- `hello-world`: docker-library/hello-world@2224815
- `irssi`: jessfraz/irssi@46f8d10
- `mongo`: 2.6.11
- `mysql`: `skip-name-resolve` (docker-library/mysql#89)
- `owncloud`: 7.0.8 and 8.1.1
- `php`: docker-library/php@7575282
- `postgres`: 9.5~alpha2-1.pgdg80+1
- `redis`: redis/docker-library-redis@d2877d5
- `redmine`: infosiftr/redmine@dbd8af6
- `ruby`: `--no-document` (docker-library/ruby#49)
- `wordpress`: fix FPM support (docker-library/wordpress#92)
This was referenced Aug 11, 2015
Merged
Merged
@joshunger
Copy link

I believe this breaks permissions/grants in certain cases? Can this be a setting? Or, how do you override "skip-name-resolve" in a file in the conf.d directory?

@tianon
Copy link
Member

tianon commented Jan 21, 2016

Sorry for the delay, @joshunger; I would imagine something like skip-name-resolve = off or skip-name-resolve = false should work (given that the config is supposed to be key-value pairs), but I haven't tested to verify that. If that doesn't work, the only other thing I can think of (besides overwriting this provided file completely) is to do something like RUN sed -i '/skip-name-resolve/d' ... to remove the line.

RichardScothern pushed a commit to RichardScothern/official-images that referenced this pull request Jun 14, 2016
@tianon @rscothern
Update docker-library images
9e9a051 
- `celery`: docker-library/celery@033c91f
- `elasticsearch`: docker-library/elasticsearch@4e491a7
- `ghost`: docker-library/ghost@7200faa
- `hello-world`: docker-library/hello-world@2224815
- `irssi`: jessfraz/irssi@46f8d10
- `mongo`: 2.6.11
- `mysql`: `skip-name-resolve` (docker-library/mysql#89)
- `owncloud`: 7.0.8 and 8.1.1
- `php`: docker-library/php@7575282
- `postgres`: 9.5~alpha2-1.pgdg80+1
- `redis`: redis/docker-library-redis@d2877d5
- `redmine`: infosiftr/redmine@dbd8af6
- `ruby`: `--no-document` (docker-library/ruby#49)
- `wordpress`: fix FPM support (docker-library/wordpress#92)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Connection timeout with nodejs app occasionally
4 participants
@yosifkit @tianon @shofetim @joshunger