MySQL Docker file : sed: couldn't open temporary file

Question

I am trying to create new MySQL image and deploying in Kubernetes.

FROM oraclelinux:7-slim
USER root
ARG MYSQL_SERVER_PACKAGE=mysql-community-server-minimal-8.0.19
ARG MYSQL_SHELL_PACKAGE=mysql-shell-8.0.19

# Install server
RUN yum install -y https://repo.mysql.com/mysql-community-minimal-release-el7.rpm \
      https://repo.mysql.com/mysql-community-release-el7.rpm \
  && yum-config-manager --enable mysql80-server-minimal \
  && yum install -y \
      $MYSQL_SERVER_PACKAGE \
      $MYSQL_SHELL_PACKAGE \
      libpwquality \
  && yum clean all \
  && mkdir /docker-entrypoint-initdb.d

VOLUME /var/lib/mysql

COPY docker-entrypoint.sh /entrypoint.sh
COPY healthcheck.sh /healthcheck.sh
ENTRYPOINT ["/entrypoint.sh"]
HEALTHCHECK CMD /healthcheck.sh
EXPOSE 3306 33060

RUN chmod +rwx /entrypoint.sh
RUN chmod +rwx /healthcheck.sh

RUN groupadd -r mysql && useradd -r -g mysql mysql

EXPOSE 3306
CMD ["mysqld"]

It's working fine in the container. But throwing error when I deployed in Kubernetes like below:

How can I understand this issue?

ADDED

docker-entrypoint.sh:

if [ -n "$MYSQL_LOG_CONSOLE" ] || [ -n "console" ]; then
        # Don't touch bind-mounted config files
        if ! cat /proc/1/mounts | grep "/etc/my.cnf"; then
            sed -i 's/^log-error=/#&/' /etc/my.cnf
        fi
fi

P.S : I have added content of the file.

Answer 1

The problem is related with sed's in-place editing implementation. When you edit a file using the -i or --in-place option, the edition doesn't actually happen in-place. sed saves the changes into a temporary file and then uses it to replace the original one.

It happens that you don't have write permission to /etc directory, where sed is trying to create its temporary file.

As suggested in comments most probably the command is run by user mysql. For sure it is not run as root as it has enough privileges to be able to write to /etc:

bash-4.2# ls -ld /etc
drwxr-xr-x 1 root root 4096 Mar 27 15:04 /etc

As you can see others don't have write permission. Changing permissions or owner of /etc directory itself is a really bad idea and I won't advise you to run this command as root user either.

The simplest solution is to give up on using --in-place option, save the result in a directory such as /tmp, to which everyone has access:

bash-4.2# ls -ld /tmp
drwxrwxrwt 1 root root 4096 Mar 27 16:39 /tmp

and after that replace the content of the original file with the content of the temporary one.

Your command may look like this:

sed 's/^log-error=/#&/' /etc/my.cnf > /tmp/my.cnf && cat /tmp/my.cnf > /etc/my.cnf

One important caveat:

You need to make sure you have write permission on /etc/my.cnf file. As you can see below, by default you don't have such permission either, so the error will occur later, when the command will try to write to the original config file.

bash-4.2# ls -l /etc/my.cnf
-rw-r--r-- 1 root root 1239 Mar 27 15:04 /etc/my.cnf

You need to modify it in your Dockerfile either by making it availeble for edit by everyone:

RUN chmod 666 /etc/my.cnf

or better option:

RUN chown mysql /etc/my.cnf

to change its owner to mysql, if this is the user that executes the entrypoint.sh script.

Please let me know if it helps.