summaryrefslogtreecommitdiffstats
path: root/policy-db
diff options
context:
space:
mode:
Diffstat (limited to 'policy-db')
-rw-r--r--policy-db/Dockerfile17
-rw-r--r--policy-db/dbinit.sh38
-rwxr-xr-xpolicy-db/do-start.sh12
3 files changed, 67 insertions, 0 deletions
diff --git a/policy-db/Dockerfile b/policy-db/Dockerfile
new file mode 100644
index 00000000..3f8ed0b7
--- /dev/null
+++ b/policy-db/Dockerfile
@@ -0,0 +1,17 @@
+FROM ecomp-nexus:51220/policy/policy-os
+
+RUN \
+ apt-get install -y apt-transport-https && \
+ apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db && \
+ add-apt-repository 'deb [arch=amd64,i386,ppc64el] https://mirrors.evowise.com/mariadb/repo/10.1/ubuntu trusty main' && \
+ apt-get update && \
+ apt-get install -y mariadb-server && \
+ touch /var/lib/mysql/firstrun
+
+COPY dbinit.sh do-start.sh /tmp/
+RUN bash /tmp/dbinit.sh
+
+# mount volumes to persist the data
+VOLUME /etc/mysql /var/lib/mysql
+
+CMD exec bash /tmp/do-start.sh
diff --git a/policy-db/dbinit.sh b/policy-db/dbinit.sh
new file mode 100644
index 00000000..19f4a5bd
--- /dev/null
+++ b/policy-db/dbinit.sh
@@ -0,0 +1,38 @@
+#sed -i '/^bind-address/s/127\.0\.0\.1/0.0.0.0/' /etc/mysql/my.cnf
+cat >/etc/mysql/conf.d/policy.cnf <<-'EOF'
+ [mysqld]
+ lower_case_table_names = 1
+ bind-address = 0.0.0.0
+EOF
+
+echo "Starting mysqld"
+service mysql start
+
+echo "Run mysql_secure_installation"
+/usr/bin/mysql_secure_installation <<-EOF
+
+ y
+ secret
+ secret
+ y
+ y
+ y
+ y
+EOF
+
+echo "Creating db schemas and user"
+mysql -uroot -psecret <<-EOF
+ create database xacml;
+ create database log;
+ create database support;
+ create table support.db_version(the_key varchar(20) not null, version varchar(20), primary key(the_key));
+ insert into support.db_version values('VERSION', '00');
+ insert into support.db_version values('DROOLS_VERSION', '00');
+ create user 'policy_user'@'localhost' identified by 'policy_user';
+ grant all privileges on *.* to 'policy_user'@'localhost' with grant option;
+ flush privileges;
+ select * from support.db_version;
+EOF
+
+echo "Stopping mysqld"
+service mysql stop
diff --git a/policy-db/do-start.sh b/policy-db/do-start.sh
new file mode 100755
index 00000000..49dbe0fe
--- /dev/null
+++ b/policy-db/do-start.sh
@@ -0,0 +1,12 @@
+#! /bin/bash
+
+# determine IP pattern associated with 'eth0' (assume net mask = 255.255.0.0)
+ipPattern=$(ifconfig eth0|sed -n -e 's/^.*inet addr:\([^\.]*.[^\.]*\)\..*$/\1.%.%/p')
+
+# start MySQL, and grant all privileges to the local network
+# (it doesn't hurt to do the 'grant' multiple times)
+service mysql start
+mysql -uroot -psecret \
+ -e "grant all privileges on *.* to 'policy_user'@'${ipPattern}' identified by 'policy_user' with grant option;"
+
+exec sleep 1000d