I'm using MariaDB image in my docker-compose.yml and I wanted to add a health check as recommended.

The official MariaDB image provides a healthcheck.sh script that I tried to use. However, after starting the container, I encountered the following warning in the logs:

2025-02-14  7:43:29 3 [Warning] Access denied for user 'root'@'::1' (using password: NO)

From my research, I learned that healthcheck.sh creates its own user, and it doesn't commit itself to the environment variables that I am passing to the container that are related to MariaDB. To work around this, I created a script set_healthcheck_user.sh to explicitly set the credentials for the health check in /etc/mysql/healthcheckf:

#!/bin/bash

cat <<EOF > /etc/mysql/healthcheckf
[client]
user=${MARIADB_USER}
password=${MARIADB_PASSWORD}
host=localhost
EOF

This approached worked, and the health check succeeded without the warning. However, I'm wondering if there’s a better or more standard way to configure the MariaDB health check in Docker Compose without adding healthcheckf manually.

Here is part of my docker-compose.yml file which is related to the database service

db:
  container_name: mariadb
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:10.6.11
  command: /bin/bash -c "chmod +x /docker-entrypoint-initdb.d/set_healthcheck_user.sh && /docker-entrypoint-initdb.d/set_healthcheck_user.sh && docker-entrypoint.sh mysqld"
  restart: always
  healthcheck:
    test: [ "CMD", "healthcheck.sh", "--defaults-file=/etc/mysql/healthcheckf", "--connect", "--innodb_initialized" ]
    start_period: 10s
    interval: 10s
    timeout: 5s
    retries: 3
  ports:
    - "3307:3306"
  volumes:
    - ./docker_services/database/set_healthcheck_user.sh:/docker-entrypoint-initdb.d/set_healthcheck_user.sh:rw
    - mariadb_data:/var/lib/mysql

I'm using MariaDB image in my docker-compose.yml and I wanted to add a health check as recommended.

The official MariaDB image provides a healthcheck.sh script that I tried to use. However, after starting the container, I encountered the following warning in the logs:

2025-02-14  7:43:29 3 [Warning] Access denied for user 'root'@'::1' (using password: NO)

From my research, I learned that healthcheck.sh creates its own user, and it doesn't commit itself to the environment variables that I am passing to the container that are related to MariaDB. To work around this, I created a script set_healthcheck_user.sh to explicitly set the credentials for the health check in /etc/mysql/healthcheck.cnf:

#!/bin/bash

cat <<EOF > /etc/mysql/healthcheck.cnf
[client]
user=${MARIADB_USER}
password=${MARIADB_PASSWORD}
host=localhost
EOF

This approached worked, and the health check succeeded without the warning. However, I'm wondering if there’s a better or more standard way to configure the MariaDB health check in Docker Compose without adding healthcheck.cnf manually.

Here is part of my docker-compose.yml file which is related to the database service

db:
  container_name: mariadb
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:10.6.11
  command: /bin/bash -c "chmod +x /docker-entrypoint-initdb.d/set_healthcheck_user.sh && /docker-entrypoint-initdb.d/set_healthcheck_user.sh && docker-entrypoint.sh mysqld"
  restart: always
  healthcheck:
    test: [ "CMD", "healthcheck.sh", "--defaults-file=/etc/mysql/healthcheck.cnf", "--connect", "--innodb_initialized" ]
    start_period: 10s
    interval: 10s
    timeout: 5s
    retries: 3
  ports:
    - "3307:3306"
  volumes:
    - ./docker_services/database/set_healthcheck_user.sh:/docker-entrypoint-initdb.d/set_healthcheck_user.sh:rw
    - mariadb_data:/var/lib/mysql

• docker
• docker-compose
• mariadb

• The healthcheck script doesn't create a user, as far as I can see and it supports running under whatever user you want with the -su option. – Hans Kilian Commented Feb 16 at 0:13
• @HansKilian This is what I read from the official documentation By default, (since 2023-06-27), official images will create healthcheck@localhost, [email protected], healthcheck@::1 users with a random password and USAGE privileges. Which can be found in this link – Gee Nigoghossian Commented Feb 16 at 5:54
• 1 I looked through the scripts and it's the docker-entrypoint.sh script that creates the healthcheck users and it does it during database initialization. I.e. you only have them if you've let a container initialize the database at some point. – Hans Kilian Commented Feb 16 at 8:24
• 1 With version 10.6.11 I get the same log messages you do. When switching to the lts tag (version 11.4.5) the example given here works out of the box. Can you upgrade your image? – Hans Kilian Commented Feb 16 at 9:09

2 Answers 2

A DATADIR (/var/lib/mysql) containing .my-healthcheck.cnf configuration file should exist in fairly modern containers so no explict configuration should be necessary.

AA heathcheck user is created so it will be independent of the root user.

If you started on an older datadir you can use MARIADB_AUTO_UPGRADE=1 as an environment variable which will recreate the users and configuration file if the configuration file is missing.

This healthcheck works for me:

services:
  db:
    image: mariadb:10.11.10-ubi9
    volumes:
      - mysqldata:/var/lib/mysql
    ports:
      - 4306:3306
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_USER: username
      MYSQL_PASSWORD: password
      MYSQL_DATABASE: database
    healthcheck:
      test: "mysql -u username -P 4306 -ppassword database -Bse 'SELECT 1'"
      start_interval: 3s
      start_period: 15s
      interval: 2m
      retries: 3
      timeout: 5s

volumes:
  mysqldata: