Special characters in mariadb / mysql root password breaks python scheduler

Similar to Change MySQL/MariaDB Root Password, but with an explicit use case and warning.

Your Setup:

  • Docker environment on VMware ESXi VM (tried and tested)
  • SeaTable Edition: Enterprise
  • SeaTable Version: 5.0.8 (“new” docker compose structure)

Describe the Problem/Error/Question:

Using special characters (namely the Ampersand &, maybe others) breaks the python scheduler container, and maybe other things. To reproduce

  • Set up a new seatable instance, including python-pipeline.yml
  • Set SEATABLE_MYSQL_ROOT_PASSWORD to a string ending with ‘&’
  • Seatable initializes as usual
  • The Python Scheduler container gives an Error 500 when a python script is run.
  • Same installation with an all-ASCII root password works fine

Error Messages:

The python scheduler container logs the following:

mysql server ready
Initalization of database successful
ERROR 1045 (28000): Access denied for user 'root'@'172.19.0.5' (using password: YES)
ERROR 1045 (28000): Access denied for user 'root'@'172.19.0.5' (using password: YES)
Check for updates of Python Scheduler ...
(pymysql.err.OperationalError) (1049, "Unknown database 'scheduler'")

Possible reason

It seems as if the Python Scheduler container accesses the database in two different ways, and possibly at least on one occasion through an URL. The password does not seem to be properly URLencoded (&), leading to the described behaviour.

I tried to manually URLencode the password in python-pipeline.yml. That way, the database did not even initialize, leading me to the conclusion that the python scheduler uses two different ways to access the database, one of which needs the URLencoded password (or just generally stumbles over special characters).

Workaround

Don’t use passwords with special characters. Just make them long.

If, like me, you need to upgrade from an existing Seatable 4.4.9 database with a special character root password, and want to add the python runner to your installation, you probably need to change the root password manually via the mysql client first. Doh!

I just applied the workaround, and it seems to work. And I noted that other containers than python-scheduler seemed to be affected by the same problem (error in container log output), but seemingly did not affect funtionality.

This is what I did to change the password:

  • Got into the running mariadb container (in my case, from Portainer, otherwise docker exec -ti mariadb bash (your container may have another name than mariadb)
  • You should be root user inside the container
  • Start the mysql client with mysql -p and enter the current DB root password interactively
  • Change root password with these SQL instructions (may be redundant):
    • ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPasswordWithoutSpecialCharacters';
    • ALTER USER 'root'@'%' IDENTIFIED BY 'NewPasswordWithoutSpecialCharacters';
  • Change the Seatable config files accordingly
  • Restart the Docker stack
1 Like

We will have a look at it.

First off: Thank you for the very detailed bug report!

The password is used as a command-line argument when initializing the database (tables) for the python-scheduler. Unfortunately, the password is not escaped properly.

This causes errors if the password contains characters which are recognized by the shell (e.g. &).

We fixed the issue in the newest version of the seatable/seatable-python-scheduler (v4.1.2) image, which is now available on Docker Hub.

There are also newer versions of the other python images (starter and runner).