diff options
Diffstat (limited to 'policy-db')
-rw-r--r-- | policy-db/Dockerfile | 17 | ||||
-rw-r--r-- | policy-db/dbinit.sh | 38 | ||||
-rwxr-xr-x | policy-db/do-start.sh | 12 |
3 files changed, 67 insertions, 0 deletions
diff --git a/policy-db/Dockerfile b/policy-db/Dockerfile new file mode 100644 index 00000000..3f8ed0b7 --- /dev/null +++ b/policy-db/Dockerfile @@ -0,0 +1,17 @@ +FROM ecomp-nexus:51220/policy/policy-os + +RUN \ + apt-get install -y apt-transport-https && \ + apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db && \ + add-apt-repository 'deb [arch=amd64,i386,ppc64el] https://mirrors.evowise.com/mariadb/repo/10.1/ubuntu trusty main' && \ + apt-get update && \ + apt-get install -y mariadb-server && \ + touch /var/lib/mysql/firstrun + +COPY dbinit.sh do-start.sh /tmp/ +RUN bash /tmp/dbinit.sh + +# mount volumes to persist the data +VOLUME /etc/mysql /var/lib/mysql + +CMD exec bash /tmp/do-start.sh diff --git a/policy-db/dbinit.sh b/policy-db/dbinit.sh new file mode 100644 index 00000000..19f4a5bd --- /dev/null +++ b/policy-db/dbinit.sh @@ -0,0 +1,38 @@ +#sed -i '/^bind-address/s/127\.0\.0\.1/0.0.0.0/' /etc/mysql/my.cnf +cat >/etc/mysql/conf.d/policy.cnf <<-'EOF' + [mysqld] + lower_case_table_names = 1 + bind-address = 0.0.0.0 +EOF + +echo "Starting mysqld" +service mysql start + +echo "Run mysql_secure_installation" +/usr/bin/mysql_secure_installation <<-EOF + + y + secret + secret + y + y + y + y +EOF + +echo "Creating db schemas and user" +mysql -uroot -psecret <<-EOF + create database xacml; + create database log; + create database support; + create table support.db_version(the_key varchar(20) not null, version varchar(20), primary key(the_key)); + insert into support.db_version values('VERSION', '00'); + insert into support.db_version values('DROOLS_VERSION', '00'); + create user 'policy_user'@'localhost' identified by 'policy_user'; + grant all privileges on *.* to 'policy_user'@'localhost' with grant option; + flush privileges; + select * from support.db_version; +EOF + +echo "Stopping mysqld" +service mysql stop diff --git a/policy-db/do-start.sh b/policy-db/do-start.sh new file mode 100755 index 00000000..49dbe0fe --- /dev/null +++ b/policy-db/do-start.sh @@ -0,0 +1,12 @@ +#! /bin/bash + +# determine IP pattern associated with 'eth0' (assume net mask = 255.255.0.0) +ipPattern=$(ifconfig eth0|sed -n -e 's/^.*inet addr:\([^\.]*.[^\.]*\)\..*$/\1.%.%/p') + +# start MySQL, and grant all privileges to the local network +# (it doesn't hurt to do the 'grant' multiple times) +service mysql start +mysql -uroot -psecret \ + -e "grant all privileges on *.* to 'policy_user'@'${ipPattern}' identified by 'policy_user' with grant option;" + +exec sleep 1000d |