Initial mariadb image.
Jinja vars and config templates will be added later, since build tool is not ready yet. Change-Id: Ia9ececb35591caa020e6c799ea30adf49b4852bb
This commit is contained in:
parent
fb3d58485b
commit
f15aefcb06
|
@ -0,0 +1,66 @@
|
|||
*.py[cod]
|
||||
|
||||
# C extensions
|
||||
*.so
|
||||
|
||||
# Packages
|
||||
*.egg
|
||||
*.egg-info
|
||||
dist
|
||||
build
|
||||
.eggs
|
||||
eggs
|
||||
parts
|
||||
bin
|
||||
var
|
||||
sdist
|
||||
develop-eggs
|
||||
.installed.cfg
|
||||
lib
|
||||
lib64
|
||||
|
||||
# Installer logs
|
||||
pip-log.txt
|
||||
|
||||
# Unit test / coverage reports
|
||||
.coverage
|
||||
cover
|
||||
.tox
|
||||
nosetests.xml
|
||||
.testrepository
|
||||
.venv
|
||||
|
||||
# Translations
|
||||
*.mo
|
||||
|
||||
# Mr Developer
|
||||
.mr.developer.cfg
|
||||
.project
|
||||
.pydevproject
|
||||
|
||||
# Complexity
|
||||
output/*.html
|
||||
output/*/index.html
|
||||
|
||||
# Sphinx
|
||||
doc/build
|
||||
|
||||
# oslo-config-generator
|
||||
etc/*.sample
|
||||
|
||||
# pbr generates these
|
||||
AUTHORS
|
||||
ChangeLog
|
||||
|
||||
# Editors
|
||||
*~
|
||||
.*.swp
|
||||
.*sw?
|
||||
|
||||
# Vagrant
|
||||
.vagrant
|
||||
vagrant/Vagrantfile.custom
|
||||
vagrant/vagrantkey*
|
||||
|
||||
# generated openrc
|
||||
openrc
|
|
@ -0,0 +1,28 @@
|
|||
FROM {{ namespace }}/base-tools:{{ tag }}
|
||||
MAINTAINER {{ maintainer }}
|
||||
|
||||
RUN apt-get install -y --no-install-recommends \
|
||||
mariadb-server-10.1 \
|
||||
percona-xtrabackup \
|
||||
socat \
|
||||
expect \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/mysql/*
|
||||
|
||||
# delme in future
|
||||
COPY my.cnf /etc/mysql/my.cnf
|
||||
|
||||
COPY mariadb_sudoers /etc/sudoers.d/mariadb_sudoers
|
||||
COPY bootstrap.sh /usr/local/bin/bootstrap.sh
|
||||
COPY security_reset.expect /usr/local/bin/mysql_security_reset
|
||||
RUN chmod 755 /usr/local/bin/bootstrap.sh \
|
||||
&& chmod 755 /usr/local/bin/mysql_security_reset \
|
||||
&& chmod 750 /etc/sudoers.d \
|
||||
&& chmod 440 /etc/sudoers.d/mariadb_sudoers \
|
||||
&& usermod -a -G microservices mysql
|
||||
|
||||
### delme in future
|
||||
ENV DB_ROOT_PASSWORD "password"
|
||||
|
||||
USER mysql
|
||||
CMD ["bootstrap.sh"]
|
|
@ -0,0 +1,34 @@
|
|||
#!/bin/bash
|
||||
|
||||
function bootstrap_db {
|
||||
mysqld_safe --wsrep-new-cluster &
|
||||
# Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
|
||||
TIMEOUT=${DB_MAX_TIMEOUT:-60}
|
||||
while [[ ! -f /var/lib/mysql/mariadb.pid ]]; do
|
||||
if [[ ${TIMEOUT} -gt 0 ]]; then
|
||||
let TIMEOUT-=1
|
||||
sleep 1
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
echo "mysql_security_reset"
|
||||
sudo -E mysql_security_reset
|
||||
echo "PASSWORD: $DB_ROOT_PASSWORD"
|
||||
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
|
||||
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
|
||||
echo "SHUTDOWN"
|
||||
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
|
||||
}
|
||||
|
||||
# Only update permissions if permissions need to be updated
|
||||
if [[ $(stat -c %U:%G /var/lib/mysql) != "mysql:mysql" ]]; then
|
||||
sudo chown mysql: /var/lib/mysql
|
||||
fi
|
||||
|
||||
# Bootstrap
|
||||
mysql_install_db
|
||||
bootstrap_db
|
||||
|
||||
# Run daemon
|
||||
mysqld
|
|
@ -0,0 +1 @@
|
|||
%microservices ALL=(root) NOPASSWD: /bin/chown mysql\: /var/lib/mysql, /usr/bin/chown mysql\: /var/lib/mysql, /usr/local/bin/mysql_security_reset
|
|
@ -0,0 +1,27 @@
|
|||
[mysqld]
|
||||
#bind-address={{ mariadb_addr }}
|
||||
#port={{ mariadb_port }}
|
||||
|
||||
datadir=/var/lib/mysql/
|
||||
log-error=/var/log/mysql.log
|
||||
max_connections=10000
|
||||
|
||||
log-bin=mariadb-bin
|
||||
binlog_format=ROW
|
||||
default-storage-engine=innodb
|
||||
innodb_autoinc_lock_mode=2
|
||||
|
||||
wsrep_on=OFF
|
||||
wsrep_provider="/usr/lib/galera/libgalera_smm.so"
|
||||
wsrep_cluster_name="galera"
|
||||
wsrep_node_name="HOSTNAME"
|
||||
wsrep_sst_method=xtrabackup-v2
|
||||
wsrep_sst_auth=mysql:password
|
||||
wsrep_slave_threads=4
|
||||
#wsrep_cluster_address=gcomm://IPADDR
|
||||
#wsrep_provider_options=gmcast.listen_addr=tcp://IPADDR
|
||||
#wsrep_node_address=IPADDR
|
||||
#wsrep_sst_receive_address=IPADDR
|
||||
|
||||
[server]
|
||||
pid-file=/var/lib/mysql/mariadb.pid
|
|
@ -0,0 +1,59 @@
|
|||
#!/usr/bin/expect -f
|
||||
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||
"Enter current password for root (enter for none):"
|
||||
}
|
||||
send "\r"
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
|
||||
"Set root password?"
|
||||
}
|
||||
send "y\r"
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||
"New password:"
|
||||
}
|
||||
send "$env(DB_ROOT_PASSWORD)\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||
"Re-enter new password:"
|
||||
}
|
||||
send "$env(DB_ROOT_PASSWORD)\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||
"Remove anonymous users?"
|
||||
}
|
||||
send "y\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||
"Disallow root login remotely?"
|
||||
}
|
||||
send "n\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||
"Remove test database and access to it?"
|
||||
}
|
||||
send "y\r"
|
||||
|
||||
expect {
|
||||
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||
"Reload privilege tables now?"
|
||||
}
|
||||
send "y\r"
|
||||
expect eof
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
### Temp docker syntax checker script. Doesnt really check something...
|
||||
set -e
|
||||
for file in $(find . -name 'Dockerfile.j2')
|
||||
do
|
||||
fgrep -q FROM $file
|
||||
fgrep -q MAINTAINER $file
|
||||
fgrep -q RUN $file
|
||||
done
|
|
@ -0,0 +1,17 @@
|
|||
[tox]
|
||||
minversion = 1.6
|
||||
envlist = py34,py27,pypy,pep8
|
||||
skipsdist = True
|
||||
|
||||
[testenv:linters]
|
||||
commands =
|
||||
{toxinidir}/tools/run-check-docker-syntax.sh
|
||||
|
||||
[testenv:pep8]
|
||||
commands =
|
||||
{toxinidir}/tools/run-check-docker-syntax.sh
|
||||
|
||||
[testenv:bashate]
|
||||
commands =
|
||||
{toxinidir}/tools/run-check-docker-syntax.sh
|
||||
|
Loading…
Reference in New Issue