Initial mariadb image.

Jinja vars and config templates will be added later, since build tool is not ready yet. Change-Id: Ia9ececb35591caa020e6c799ea30adf49b4852bb
2016-05-10 15:26:35 +03:00 · 2016-05-10 15:26:35 +03:00 · f15aefcb06
parent fb3d58485b
commit f15aefcb06
8 changed files with 242 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,66 @@
+*.py[cod]
+
+# C extensions
+*.so
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+.eggs
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+lib
+lib64
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+cover
+.tox
+nosetests.xml
+.testrepository
+.venv
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Complexity
+output/*.html
+output/*/index.html
+
+# Sphinx
+doc/build
+
+# oslo-config-generator
+etc/*.sample
+
+# pbr generates these
+AUTHORS
+ChangeLog
+
+# Editors
+*~
+.*.swp
+.*sw?
+
+# Vagrant
+.vagrant
+vagrant/Vagrantfile.custom
+vagrant/vagrantkey*
+
+# generated openrc
+openrc
--- a/docker/mariadb/Dockerfile.j2
+++ b/docker/mariadb/Dockerfile.j2
@ -0,0 +1,28 @@
+FROM {{ namespace }}/base-tools:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN apt-get install -y --no-install-recommends \
+        mariadb-server-10.1 \
+        percona-xtrabackup \
+        socat \
+        expect \
+    && apt-get clean \
+    && rm -rf /var/lib/mysql/*
+
+# delme in future
+COPY my.cnf /etc/mysql/my.cnf
+
+COPY mariadb_sudoers /etc/sudoers.d/mariadb_sudoers
+COPY bootstrap.sh /usr/local/bin/bootstrap.sh
+COPY security_reset.expect /usr/local/bin/mysql_security_reset
+RUN chmod 755 /usr/local/bin/bootstrap.sh \
+    && chmod 755 /usr/local/bin/mysql_security_reset \
+    && chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/mariadb_sudoers \
+    && usermod -a -G microservices mysql
+
+### delme in future
+ENV DB_ROOT_PASSWORD "password"
+
+USER mysql
+CMD ["bootstrap.sh"]
--- a/docker/mariadb/bootstrap.sh
+++ b/docker/mariadb/bootstrap.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+
+function bootstrap_db {
+    mysqld_safe --wsrep-new-cluster &
+    # Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
+    TIMEOUT=${DB_MAX_TIMEOUT:-60}
+    while [[ ! -f /var/lib/mysql/mariadb.pid ]]; do
+        if [[ ${TIMEOUT} -gt 0 ]]; then
+            let TIMEOUT-=1
+            sleep 1
+        else
+            exit 1
+        fi
+    done
+    echo "mysql_security_reset"
+    sudo -E mysql_security_reset
+    echo "PASSWORD: $DB_ROOT_PASSWORD"
+    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+    echo "SHUTDOWN"
+    mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
+}
+
+# Only update permissions if permissions need to be updated
+if [[ $(stat -c %U:%G /var/lib/mysql) != "mysql:mysql" ]]; then
+    sudo chown mysql: /var/lib/mysql
+fi
+
+# Bootstrap
+mysql_install_db
+bootstrap_db
+
+# Run daemon
+mysqld
--- a/docker/mariadb/mariadb_sudoers
+++ b/docker/mariadb/mariadb_sudoers
@ -0,0 +1 @@
+%microservices ALL=(root) NOPASSWD: /bin/chown mysql\: /var/lib/mysql, /usr/bin/chown mysql\: /var/lib/mysql, /usr/local/bin/mysql_security_reset
--- a/docker/mariadb/my.cnf
+++ b/docker/mariadb/my.cnf
@ -0,0 +1,27 @@
+[mysqld]
+#bind-address={{ mariadb_addr }}
+#port={{ mariadb_port }}
+
+datadir=/var/lib/mysql/
+log-error=/var/log/mysql.log
+max_connections=10000
+
+log-bin=mariadb-bin
+binlog_format=ROW
+default-storage-engine=innodb
+innodb_autoinc_lock_mode=2
+
+wsrep_on=OFF
+wsrep_provider="/usr/lib/galera/libgalera_smm.so"
+wsrep_cluster_name="galera"
+wsrep_node_name="HOSTNAME"
+wsrep_sst_method=xtrabackup-v2
+wsrep_sst_auth=mysql:password
+wsrep_slave_threads=4
+#wsrep_cluster_address=gcomm://IPADDR
+#wsrep_provider_options=gmcast.listen_addr=tcp://IPADDR
+#wsrep_node_address=IPADDR
+#wsrep_sst_receive_address=IPADDR
+
+[server]
+pid-file=/var/lib/mysql/mariadb.pid
--- a/docker/mariadb/security_reset.expect
+++ b/docker/mariadb/security_reset.expect
@ -0,0 +1,59 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn mysql_secure_installation
+expect {
+  timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
+  "Enter current password for root (enter for none):"
+}
+send "\r"
+expect {
+  timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
+  "Set root password?"
+}
+send "y\r"
+expect {
+  timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
+  "New password:"
+}
+send "$env(DB_ROOT_PASSWORD)\r"
+
+expect {
+  timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
+  "Re-enter new password:"
+}
+send "$env(DB_ROOT_PASSWORD)\r"
+
+expect {
+  timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
+  "Remove anonymous users?"
+}
+send "y\r"
+
+expect {
+  timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
+  "Disallow root login remotely?"
+}
+send "n\r"
+
+expect {
+  timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
+  "Remove test database and access to it?"
+}
+send "y\r"
+
+expect {
+  timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
+  "Reload privilege tables now?"
+}
+send "y\r"
+expect eof
+
--- a/tools/run-check-docker-syntax.sh
+++ b/tools/run-check-docker-syntax.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+
+### Temp docker syntax checker script. Doesnt really check something...
+set -e
+for file in $(find . -name 'Dockerfile.j2')
+do
+    fgrep -q FROM $file
+    fgrep -q MAINTAINER $file
+    fgrep -q RUN $file
+done
--- a/tox.ini
+++ b/tox.ini
@ -0,0 +1,17 @@
+[tox]
+minversion = 1.6
+envlist = py34,py27,pypy,pep8
+skipsdist = True
+
+[testenv:linters]
+commands =
+    {toxinidir}/tools/run-check-docker-syntax.sh
+
+[testenv:pep8]
+commands =
+    {toxinidir}/tools/run-check-docker-syntax.sh
+
+[testenv:bashate]
+commands =
+    {toxinidir}/tools/run-check-docker-syntax.sh
+
				`@ -0,0 +1 @@`
				`%microservices ALL=(root) NOPASSWD: /bin/chown mysql\: /var/lib/mysql, /usr/bin/chown mysql\: /var/lib/mysql, /usr/local/bin/mysql_security_reset`