[OpenXPKI-users] OpenXPKI: Upgrade 3.24 -> 3.32 fails

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello 

I tried to upgrade an OpenXPKI installation having these versions:

Active Encryption Token vault-1
System Version 3.24.1
Hostname xxxxx
Config Version api
  3.18
  commit
  config
  3.18

to the newest 3.32 version. It ended in an error as the DB server was not able to connect:

docker-compose up -d
.........
docker inspect --format "{{json .State.Health }}" d72d5914c6fd
{"Status":"unhealthy","FailingStreak":31,"Log":[{"Start":"2025-10-30T16:21:36.694325789+01:00","End":"2025-10-30T16:21:36.755789171+01:00","ExitCode":1,"Output":"ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nhealthcheck innodb_initialized failed\n"},{"Start":"2025-10-30T16:21:41.76896618+01:00","End":"2025-10-30T16:21:41.846147025+01:00","ExitCode":1,"Output":"ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nhealthcheck innodb_initialized failed\n"},{"Start":"2025-10-30T16:21:46.86684365+01:00","End":"2025-10-30T16:21:46.943307523+01:00","ExitCode":1,"Output":"ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nhealthcheck innodb_initialized failed\n"},{"Start":"2025-10-30T16:21:51.960462912+01:00","End":"2025-10-30T16:21:52.0409897+01:00","ExitCode":1,"Output":"ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nhealthcheck innodb_initialized failed\n"},{"Start":"2025-10-30T16:21:57.059434346+01:00","End":"2025-10-30T16:21:57.122773203+01:00","ExitCode":1,"Output":"ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: NO)\nhealthcheck innodb_initialized failed\n"}]}

So far so clear - but why? The docker-compose.yml looks like this (worked with version 3.24 very well):

-------------------------------------------------------------------

x-base-image: &base-image
  image: whiterabbitsecurity/openxpki3:3.32.8

services:
  db:
    restart: always
    container_name: OpenXPKI_Database
    image: mariadb:11.4
    command: --default-authentication-plugin=mysql_native_password
    user: mysql:mysql
    volumes:
      - openxpkidb:/var/lib/mysql
      - openxpkidbsocket:/var/run/mysqld/
      - ./openxpki-config/contrib/sql/schema-mariadb.sql:/docker-entrypoint-initdb.d/schema-mariadb.sql
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 5s
      timeout: 3s
      retries: 5
    environment:
      MYSQL_DATABASE: openxpki
      MYSQL_USER: openxpki
      MYSQL_PASSWORD: openxpki
      MYSQL_ROOT_PASSWORD: topsecret

-------------------------------------------------------------------

I came to this result by this steps:

1. cd /opt/openxpki-docker/ to the git clone of my current installation
   docker-compose down
   # Download new Image Version
   docker-compose pull
2. Adapting docker-compose.yml so it fits my current installation.
3. find -name "*.yaml" -exec sed -i -r 's/: *(\+[0-9]{2,})/: "\1"/g' {} \; 
   # Adapting the relative time values as described at 
   https://openxpki.readthedocs.io/en/master/upgrading.html#yaml-update
4. docker-compose up -d

Many thanks for any hint.

Stefan