我有一个
docker-compose.ymlservices:
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
environment:
- MYSQL_USER=cct1
- MYSQL_DATABASE=cct1
- MYSQL_PORT=3306
- MYSQL_PASSWORD_FILE=/run/secrets/mysql-password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-password
healthcheck:
test:
[
"CMD-SHELL",
# "sh",
# "-c",
"mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$(cat /run/secrets/mysql-password)"
]
start_period: 5s
interval: 3s
timeout: 5s
retries: 6
secrets:
- mysql-password
secrets:
mysql-password:
file: ./mysql_pwd.secret
当我运行
docker stack deploy stack-namedbReceived SHUTDOWN from user rootmysqladmin ping ...sh -c[
"CMD-SHELL",
"sh",
"-c",
"mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$(cat /run/secrets/mysql-password)"
]
而且它有效。
文档非常清楚
CMD-SHELL使用
使用容器的默认 shell 运行配置为字符串的命令(对于 Linux 为CMD-SHELL)/bin/sh
那么为什么我需要额外的外壳呢?其他几种替代方案也会导致部署失败,例如这个:
[
"CMD",
"sh",
"-c",
"mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$(cat /run/secrets/mysql-password)"
]
为什么?第二个外壳似乎是强制性的,但我无法理解原因。我还检查了 MySQL Docker 映像,但
SHELL我认为你可以稍微简化一下。如果您只是 ping 数据库,您可能不需要指定凭据。
services:
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
environment:
- MYSQL_USER=cct1
- MYSQL_DATABASE=cct1
- MYSQL_PORT=3306
- MYSQL_ROOT_PASSWORD=secret
healthcheck:
test: [ "CMD", "mysqladmin", "ping" ]
start_period: 5s
interval: 3s
timeout: 5s
retries: 6
使用硬编码密码而不是秘密。但您应该能够
docker-compose up或者,您可以像这样指定健康检查:
healthcheck:
test: [ "CMD-SHELL", "mysqladmin ping" ]
start_period: 5s
interval: 3s
timeout: 5s
retries: 6
区别(据我所知!)是
CMD-SHELLCMD