Circleci/mysql:8.0.21 + cimg/ruby:2.7.4-browsers failing

We use the circleci/mysql:8.0.21 image for testing:

- image: circleci/mysql:8.0.21
  auth:
    username: $DOCKERHUB_USERNAME
    password: $DOCKERHUB_PASSWORD
  command: |
    --sql_mode="NO_ENGINE_SUBSTITUTION"
    --default-authentication-plugin=mysql_native_password
  environment:
    - MYSQL_ROOT_HOST=%
    - MYSQL_ROOT_PASSWORD: ''
    - MYSQL_ALLOW_EMPTY_PASSWORD: yes

For weeks now, we’ve been seeing the following error in our logs:

2021-10-08T19:11:49.311808Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2021-10-08T19:11:49.313901Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2021-10-08T19:11:49.333715Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.21'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server - GPL.
mbind: Operation not permitted
mbind: Operation not permitted
mbind: Operation not permitted
… [hundreds more of the same log line]

Until recently, the Container circleci/mysql:8.0.21 build step would typically “succeed.” That is, the step is marked green and the whole workflow passes. The application is able to connect to MySQL on localhost. The MySQL logs end with

…
mbind: Operation not permitted
Build was canceled

Starting a few days, ago, however, the MySQL step will intermittently fail, the application isn’t able to connect via localhost, and the workflow fails. The MySQL logs end with

mbind: Operation not permitted
Exited with code 137
CircleCI received exit code 137

docker-library/mysql#422 suggests adding --cap-add sys_nice to the docker run command to silence the mbind warnings, but I can’t figure out how to add Docker options to a docker executor. Fortunately, those are just warnings and are unlikely the cause of the connection failure. Still, it would be nice to be able to configure cap_add Docker-Compose options.

Error while connecting to MySQL on local docker container: ERROR 2002 (HY000): Can't connect to MySQL server on '127.0.0.1' (115) - Stack Overflow suggests that we may need to expose a port in the MySQL docker container, but the executor options don’t support port.

MySQL is definitely starting because the step

dockerize -wait tcp://127.0.0.1:3306 -timeout 120s

passes. This seems to be a problem with the Ruby image connecting to MySQL.

Hello,

Thank you so much for posting this information and the additional research you’ve found!

Would it be possible to send over a build link to where you are seeing these errors occur in your project? As well as a build link to where you have seen them pass successfully?

I attempted to replicate the error mbind: Operation not permitted but was unable to, so perhaps I am missing something. I’d be more than happy to investigate further with you!