summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2018-02-27 11:41:54 -0600
committerJorge Hernandez <jh1730@att.com>2018-02-27 20:34:47 +0000
commitbd14de825f1ad7ce911162c659bd81725226232d (patch)
treec6ee8fa12a6675604adc0b15280c0bc16212208b
parent7228882abaed47068a8efd400ca7d2a13bfa1c6b (diff)
docker db image simplification
1. use mariadb image from docker registry to simplify set up. 2. remove harcoded root and user mariadb accounts 3. restrict access to user account to just specific databases. Change-Id: Iaa916dbf2de2474fcc483a4be6167b4b92a2de61 Issue-ID: POLICY-650 Signed-off-by: Jorge Hernandez <jh1730@att.com>
-rw-r--r--README.md2
-rw-r--r--config/db/db.conf3
-rw-r--r--config/db/db.sh9
-rw-r--r--docker-compose-integration.yml5
-rw-r--r--docker-compose.yml5
-rwxr-xr-xdocker_build.sh4
-rwxr-xr-xdocker_merge.sh4
-rwxr-xr-xdocker_verify.sh2
-rw-r--r--policy-db/Dockerfile19
-rw-r--r--policy-db/dbinit.sh38
-rwxr-xr-xpolicy-db/do-start.sh12
-rwxr-xr-xvagrant/setup_policy.sh2
12 files changed, 26 insertions, 79 deletions
diff --git a/README.md b/README.md
index 28936ca7..ec3f88ef 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,6 @@ To build it using Maven 3, first build 'policy/common', 'policy/engine', 'policy
- Copy the files under policy-drools to target/policy-drools
- Run the 'docker build' command on the following directories, in order:
policy-os
- policy-db
policy-nexus
policy-base
target/policy-pe
@@ -14,7 +13,6 @@ To build it using Maven 3, first build 'policy/common', 'policy/engine', 'policy
For example:
docker build -t onap/policy/policy-os policy-os
-docker build -t onap/policy/policy-db policy-db
docker build -t onap/policy/policy-nexus policy-nexus
docker build -t onap/policy/policy-base policy-base
docker build -t onap/policy/policy-pe target/policy-pe
diff --git a/config/db/db.conf b/config/db/db.conf
new file mode 100644
index 00000000..958f8bf0
--- /dev/null
+++ b/config/db/db.conf
@@ -0,0 +1,3 @@
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_USER=policy_user
+MYSQL_PASSWORD=policy_user
diff --git a/config/db/db.sh b/config/db/db.sh
new file mode 100644
index 00000000..0de1deb1
--- /dev/null
+++ b/config/db/db.sh
@@ -0,0 +1,9 @@
+#!/bin/bash -xv
+
+for db in support onap_sdk log
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/docker-compose-integration.yml b/docker-compose-integration.yml
index 5cbd401b..dbd708b9 100644
--- a/docker-compose-integration.yml
+++ b/docker-compose-integration.yml
@@ -1,9 +1,12 @@
version: '2'
services:
mariadb:
- image: onap/policy/policy-db
+ image: mariadb:10.0.34
container_name: mariadb
hostname: mariadb
+ command: ['--lower-case-table-names=1']
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
expose:
- 3306
nexus:
diff --git a/docker-compose.yml b/docker-compose.yml
index 96fd5073..0196c796 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,9 +6,12 @@ networks:
com.docker.network.driver.mtu: ${MTU}
services:
mariadb:
- image: onap/policy/policy-db
+ image: mariadb:10.0.34
container_name: mariadb
hostname: mariadb
+ command: ['--lower-case-table-names=1']
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
ports:
- "3306:3306"
nexus:
diff --git a/docker_build.sh b/docker_build.sh
index 4a8c416f..dd2f0e6d 100755
--- a/docker_build.sh
+++ b/docker_build.sh
@@ -43,7 +43,7 @@ echo $MVN_MAJMIN_VERSION
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
@@ -79,7 +79,7 @@ done
docker images
-for image in policy-nexus policy-db policy-drools policy-pe; do
+for image in policy-nexus policy-drools policy-pe; do
echo "Pushing $image"
docker push ${DOCKER_REPOSITORY}/onap/policy/$image:latest
diff --git a/docker_merge.sh b/docker_merge.sh
index 83fd239d..25a5692a 100755
--- a/docker_merge.sh
+++ b/docker_merge.sh
@@ -43,7 +43,7 @@ echo $MVN_MAJMIN_VERSION
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
@@ -78,7 +78,7 @@ docker images
#
# Push images
#
-for image in policy-nexus policy-db policy-drools policy-pe; do
+for image in policy-nexus policy-drools policy-pe; do
echo "Pushing $image"
docker push ${DOCKER_REPOSITORY}/onap/policy/$image:${MVN_MAJMIN_VERSION}-latest
diff --git a/docker_verify.sh b/docker_verify.sh
index 17eff0a1..cc3cb0d6 100755
--- a/docker_verify.sh
+++ b/docker_verify.sh
@@ -46,7 +46,7 @@ echo $MVN_MAJMIN_VERSION
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
diff --git a/policy-db/Dockerfile b/policy-db/Dockerfile
deleted file mode 100644
index 002313cd..00000000
--- a/policy-db/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-FROM onap/policy/policy-os
-
-RUN \
- apt-get clean && \
- apt-get install -y apt-transport-https && \
- apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db && \
- add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://ftp.osuosl.org/pub/mariadb/repo/10.0/ubuntu trusty main' && \
- apt-get clean && \
- apt-get update && \
- apt-get install -y mariadb-server && \
- touch /var/lib/mysql/firstrun
-
-COPY dbinit.sh do-start.sh /tmp/
-RUN bash /tmp/dbinit.sh
-
-# mount volumes to persist the data
-VOLUME /etc/mysql /var/lib/mysql
-
-CMD exec bash /tmp/do-start.sh
diff --git a/policy-db/dbinit.sh b/policy-db/dbinit.sh
deleted file mode 100644
index 19f4a5bd..00000000
--- a/policy-db/dbinit.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#sed -i '/^bind-address/s/127\.0\.0\.1/0.0.0.0/' /etc/mysql/my.cnf
-cat >/etc/mysql/conf.d/policy.cnf <<-'EOF'
- [mysqld]
- lower_case_table_names = 1
- bind-address = 0.0.0.0
-EOF
-
-echo "Starting mysqld"
-service mysql start
-
-echo "Run mysql_secure_installation"
-/usr/bin/mysql_secure_installation <<-EOF
-
- y
- secret
- secret
- y
- y
- y
- y
-EOF
-
-echo "Creating db schemas and user"
-mysql -uroot -psecret <<-EOF
- create database xacml;
- create database log;
- create database support;
- create table support.db_version(the_key varchar(20) not null, version varchar(20), primary key(the_key));
- insert into support.db_version values('VERSION', '00');
- insert into support.db_version values('DROOLS_VERSION', '00');
- create user 'policy_user'@'localhost' identified by 'policy_user';
- grant all privileges on *.* to 'policy_user'@'localhost' with grant option;
- flush privileges;
- select * from support.db_version;
-EOF
-
-echo "Stopping mysqld"
-service mysql stop
diff --git a/policy-db/do-start.sh b/policy-db/do-start.sh
deleted file mode 100755
index 49dbe0fe..00000000
--- a/policy-db/do-start.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#! /bin/bash
-
-# determine IP pattern associated with 'eth0' (assume net mask = 255.255.0.0)
-ipPattern=$(ifconfig eth0|sed -n -e 's/^.*inet addr:\([^\.]*.[^\.]*\)\..*$/\1.%.%/p')
-
-# start MySQL, and grant all privileges to the local network
-# (it doesn't hurt to do the 'grant' multiple times)
-service mysql start
-mysql -uroot -psecret \
- -e "grant all privileges on *.* to 'policy_user'@'${ipPattern}' identified by 'policy_user' with grant option;"
-
-exec sleep 1000d
diff --git a/vagrant/setup_policy.sh b/vagrant/setup_policy.sh
index b1eda7c6..5a599a15 100755
--- a/vagrant/setup_policy.sh
+++ b/vagrant/setup_policy.sh
@@ -25,7 +25,7 @@ mvn prepare-package
cp -r target/policy-pe/* policy-pe/
cp -r target/policy-drools/* policy-drools
-for comp in policy-os policy-db policy-nexus policy-base policy-pe policy-drools
+for comp in policy-os policy-nexus policy-base policy-pe policy-drools
do
sudo docker build -t onap/policy/$comp $HOME/docker/$comp
done