From 2d839814ede84f2df7983011d7d37cc8dbd39898 Mon Sep 17 00:00:00 2001 From: ironbank-bot Date: Thu, 10 Dec 2020 01:13:47 +0000 Subject: [PATCH 01/27] Migrate to hardening_manifest.yaml --- Dockerfile | 7 ---- Jenkinsfile | 4 -- download.yaml | 36 ----------------- hardening_manifest.yaml | 88 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+), 47 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.yaml create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index e7ee40f..c860b23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,13 +3,6 @@ ARG BASE_IMAGE=ironbank/redhat/ubi/ubi7 ARG BASE_TAG=7.9 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -LABEL name="MariaDB" \ - maintainer="michael.simmons@anchore.com" \ - vendor="Open Source" \ - version="10.2.36" \ - release="1" \ - summary="Image of MariaDB" \ - description="MariaDB is a community-developed fork of the MySQL relational database management system." COPY mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm signatures/RPM-GPG-KEY-MariaDB signatures/RPM-GPG-KEY-CentOS-Official signatures/RPM-GPG-KEY-CentOS-7 / COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 1ea7127..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,4 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline( - version: "10.2.36" -) diff --git a/download.yaml b/download.yaml deleted file mode 100644 index 375ebb1..0000000 --- a/download.yaml +++ /dev/null @@ -1,36 +0,0 @@ -resources: - - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-server-10.2.36-1.el7.centos.x86_64.rpm" - filename: "mariadb-server.rpm" - validation: - type: "sha256" - value: "66efcfe077199e0338650568331ae87780a29d397b4bda81b664d5d2b9511974" - - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-client-10.2.36-1.el7.centos.x86_64.rpm" - filename: "mariadb-client.rpm" - validation: - type: "sha256" - value: "70948a763232bf9bd69f719ff7528f5b01dfedfc49baa33708cd949c42b4bef0" - - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-common-10.2.36-1.el7.centos.x86_64.rpm" - filename: "mariadb-common.rpm" - validation: - type: "sha256" - value: "db4cc11948336fed9e23cdf48d68a5bf7a8cb973d35e1d41fe5db4fcb089ff2a" - - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-shared-10.2.36-1.el7.centos.x86_64.rpm" - filename: "mariadb-shared.rpm" - validation: - type: "sha256" - value: "e63005ee9d6b3602410250a714e4585b7f87af0e3d31af4cd5fa94dd71e941a6" - - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-compat-10.2.36-1.el7.centos.x86_64.rpm" - filename: "mariadb-compat.rpm" - validation: - type: "sha256" - value: "38cb7f81c341504497bc046c88da2460693f95b3397ed780ea9a230d4cfdf245" - - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/galera-25.3.29-1.rhel7.el7.centos.x86_64.rpm" - filename: "galera.rpm" - validation: - type: "sha256" - value: "43ead92608047423d3207f5a896416dd4b164cd8f3b2dfca247cf8f5e8fe0657" - - url: "http://mirror.centos.org/centos/7/os/x86_64/Packages/boost-program-options-1.53.0-28.el7.x86_64.rpm" - filename: "boost.rpm" - validation: - type: "sha256" - value: "1aa6d9b776bb246523faa8396bb5d06b50fc7010c112ace3689872b4c22fae23" \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..ddfcaab --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "opensource/mariadb/mariadb102" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "10.2.36" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi7" + BASE_TAG: "7.9" + +# Docker image labels +labels: + org.opencontainers.image.title: "mariadb102" + ## Human-readable description of the software packaged in the image + # org.opencontainers.image.description: "FIXME" + ## License(s) under which contained software is distributed + # org.opencontainers.image.licenses: "FIXME" + ## URL to find more information on the image + # org.opencontainers.image.url: "FIXME" + ## Name of the distributing entity, organization or individual + # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.version: "10.2.36" + ## Keywords to help with search (ex. "cicd,gitops,golang") + # mil.dso.ironbank.image.keywords: "FIXME" + ## This value can be "opensource" or "commercial" + # mil.dso.ironbank.image.type: "FIXME" + ## Product the image belongs to for grouping multiple images + # mil.dso.ironbank.product.name: "FIXME" + +# List of resources to make available to the offline build context +resources: +- filename: mariadb-server.rpm + url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-server-10.2.36-1.el7.centos.x86_64.rpm + validation: + type: sha256 + value: 66efcfe077199e0338650568331ae87780a29d397b4bda81b664d5d2b9511974 +- filename: mariadb-client.rpm + url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-client-10.2.36-1.el7.centos.x86_64.rpm + validation: + type: sha256 + value: 70948a763232bf9bd69f719ff7528f5b01dfedfc49baa33708cd949c42b4bef0 +- filename: mariadb-common.rpm + url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-common-10.2.36-1.el7.centos.x86_64.rpm + validation: + type: sha256 + value: db4cc11948336fed9e23cdf48d68a5bf7a8cb973d35e1d41fe5db4fcb089ff2a +- filename: mariadb-shared.rpm + url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-shared-10.2.36-1.el7.centos.x86_64.rpm + validation: + type: sha256 + value: e63005ee9d6b3602410250a714e4585b7f87af0e3d31af4cd5fa94dd71e941a6 +- filename: mariadb-compat.rpm + url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-compat-10.2.36-1.el7.centos.x86_64.rpm + validation: + type: sha256 + value: 38cb7f81c341504497bc046c88da2460693f95b3397ed780ea9a230d4cfdf245 +- filename: galera.rpm + url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/galera-25.3.29-1.rhel7.el7.centos.x86_64.rpm + validation: + type: sha256 + value: 43ead92608047423d3207f5a896416dd4b164cd8f3b2dfca247cf8f5e8fe0657 +- filename: boost.rpm + url: http://mirror.centos.org/centos/7/os/x86_64/Packages/boost-program-options-1.53.0-28.el7.x86_64.rpm + validation: + type: sha256 + value: 1aa6d9b776bb246523faa8396bb5d06b50fc7010c112ace3689872b4c22fae23 + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "michael.simmons@anchore.com" +# # The name of the current container owner +# name: "FIXME" +# # The gitlab username of the current container owner +# username: "FIXME" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" +# username: "FIXME" +# email: "FIXME" -- GitLab From f09d8423e90d7b9e0d2d1c44e9bffa4355245898 Mon Sep 17 00:00:00 2001 From: pathak_pradip Date: Thu, 17 Dec 2020 08:16:53 -0800 Subject: [PATCH 02/27] Updated hardening manifest file --- hardening_manifest.yaml | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ddfcaab..7ab3ab3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -20,20 +20,20 @@ args: labels: org.opencontainers.image.title: "mariadb102" ## Human-readable description of the software packaged in the image - # org.opencontainers.image.description: "FIXME" + org.opencontainers.image.description: "MariaDB is a community-developed fork of the MySQL relational database management system." ## License(s) under which contained software is distributed - # org.opencontainers.image.licenses: "FIXME" + org.opencontainers.image.licenses: "GNU General Public License, version 2" ## URL to find more information on the image - # org.opencontainers.image.url: "FIXME" + org.opencontainers.image.url: "https://mariadb.org/" ## Name of the distributing entity, organization or individual - # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.vendor: "Copyright @ 2009 - 2020 MariaDB Foundation." org.opencontainers.image.version: "10.2.36" ## Keywords to help with search (ex. "cicd,gitops,golang") - # mil.dso.ironbank.image.keywords: "FIXME" + mil.dso.ironbank.image.keywords: "mariadb, MySQL, mariadb102" ## This value can be "opensource" or "commercial" - # mil.dso.ironbank.image.type: "FIXME" + mil.dso.ironbank.image.type: "opensource" ## Product the image belongs to for grouping multiple images - # mil.dso.ironbank.product.name: "FIXME" + mil.dso.ironbank.product.name: "Mariadb" # List of resources to make available to the offline build context resources: @@ -73,16 +73,10 @@ resources: type: sha256 value: 1aa6d9b776bb246523faa8396bb5d06b50fc7010c112ace3689872b4c22fae23 -# List of project maintainers -# FIXME: Fill in the following details for the current container owner in the whitelist -# FIXME: Include any other vendor information if applicable maintainers: -- email: "michael.simmons@anchore.com" +- email: "melissari_sean@bah.com" # # The name of the current container owner -# name: "FIXME" + name: "Sean Melissari" # # The gitlab username of the current container owner -# username: "FIXME" -# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT -# - name: "FIXME" -# username: "FIXME" -# email: "FIXME" + username: "sean.melissari" + cht_member: true \ No newline at end of file -- GitLab From 20cf10ef6c54aa9d28e30cc2fbc3629807ade901 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 4 Jan 2021 15:16:26 -0500 Subject: [PATCH 03/27] hardening manifest for 10.2 --- hardening_manifest.yaml | 76 ++++++++++++++--------------------------- 1 file changed, 26 insertions(+), 50 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 7ab3ab3..615c6b1 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "opensource/mariadb/mariadb102" +name: "opensource/mariadb/mariadb" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown @@ -18,65 +18,41 @@ args: # Docker image labels labels: - org.opencontainers.image.title: "mariadb102" - ## Human-readable description of the software packaged in the image - org.opencontainers.image.description: "MariaDB is a community-developed fork of the MySQL relational database management system." - ## License(s) under which contained software is distributed - org.opencontainers.image.licenses: "GNU General Public License, version 2" - ## URL to find more information on the image - org.opencontainers.image.url: "https://mariadb.org/" - ## Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "Copyright @ 2009 - 2020 MariaDB Foundation." + org.opencontainers.image.title: "mariadb" + # Human-readable description of the software packaged in the image + org.opencontainers.image.description: "MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system" + # License(s) under which contained software is distributed + org.opencontainers.image.licenses: "GPLv2" + # URL to find more information on the image + org.opencontainers.image.url: "https://mariadb.org" + # Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "MariaDB Foundation" org.opencontainers.image.version: "10.2.36" - ## Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "mariadb, MySQL, mariadb102" - ## This value can be "opensource" or "commercial" + # Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "database,mysql,mariadb" + # This value can be "opensource" or "commercial" mil.dso.ironbank.image.type: "opensource" - ## Product the image belongs to for grouping multiple images - mil.dso.ironbank.product.name: "Mariadb" + # Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "opensource" # List of resources to make available to the offline build context resources: -- filename: mariadb-server.rpm - url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-server-10.2.36-1.el7.centos.x86_64.rpm +- filename: mariadb.rpm.tar + url: https://downloads.mariadb.com/MariaDB/mariadb-10.2.36/yum/centos/mariadb-10.2.36-rhel-7-x86_64-rpms.tar validation: type: sha256 - value: 66efcfe077199e0338650568331ae87780a29d397b4bda81b664d5d2b9511974 -- filename: mariadb-client.rpm - url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-client-10.2.36-1.el7.centos.x86_64.rpm - validation: - type: sha256 - value: 70948a763232bf9bd69f719ff7528f5b01dfedfc49baa33708cd949c42b4bef0 -- filename: mariadb-common.rpm - url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-common-10.2.36-1.el7.centos.x86_64.rpm - validation: - type: sha256 - value: db4cc11948336fed9e23cdf48d68a5bf7a8cb973d35e1d41fe5db4fcb089ff2a -- filename: mariadb-shared.rpm - url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-shared-10.2.36-1.el7.centos.x86_64.rpm - validation: - type: sha256 - value: e63005ee9d6b3602410250a714e4585b7f87af0e3d31af4cd5fa94dd71e941a6 -- filename: mariadb-compat.rpm - url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-compat-10.2.36-1.el7.centos.x86_64.rpm - validation: - type: sha256 - value: 38cb7f81c341504497bc046c88da2460693f95b3397ed780ea9a230d4cfdf245 -- filename: galera.rpm - url: https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/galera-25.3.29-1.rhel7.el7.centos.x86_64.rpm - validation: - type: sha256 - value: 43ead92608047423d3207f5a896416dd4b164cd8f3b2dfca247cf8f5e8fe0657 -- filename: boost.rpm + value: a076322a938e312807df33f8f765aeab4deae828639ac44beb80775953412862 +- filename: boost-program-options.rpm url: http://mirror.centos.org/centos/7/os/x86_64/Packages/boost-program-options-1.53.0-28.el7.x86_64.rpm validation: type: sha256 value: 1aa6d9b776bb246523faa8396bb5d06b50fc7010c112ace3689872b4c22fae23 +# List of project maintainers maintainers: -- email: "melissari_sean@bah.com" -# # The name of the current container owner - name: "Sean Melissari" -# # The gitlab username of the current container owner - username: "sean.melissari" - cht_member: true \ No newline at end of file +- email: "josheason@seed-innovations.com" + # The name of the current container owner + name: "Josh Eason" + # The gitlab username of the current container owner + username: "josheason" + cht_member: true -- GitLab From bb64cf3d53af12c117a6f609ec5452858e24a3be Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 4 Jan 2021 15:25:02 -0500 Subject: [PATCH 04/27] update Dockerfile --- Dockerfile | 63 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index c860b23..ee58887 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,35 +1,34 @@ -ARG BASE_REGISTRY=registry1.dsop.io -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi7 +ARG BASE_REGISTRY=repo1.dso.mil +ARG BASE_IMAGE=redhat/ubi7/ubi ARG BASE_TAG=7.9 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - - -COPY mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm signatures/RPM-GPG-KEY-MariaDB signatures/RPM-GPG-KEY-CentOS-Official signatures/RPM-GPG-KEY-CentOS-7 / -COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh - -RUN groupadd -r mysql && useradd -r -g mysql mysql && \ - chmod +x /usr/local/bin/docker-entrypoint.sh && \ - rpm --import RPM-GPG-KEY-MariaDB && \ - rpm --import RPM-GPG-KEY-CentOS-Official && \ - rpm --import RPM-GPG-KEY-CentOS-7 && \ - yum -y update && \ - yum -y install mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm --setopt=tsflags=nodocs && \ - yum -y update && \ - yum clean all && \ - rm -rf /var/cache/dnf && \ - rm mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm RPM-GPG-KEY-MariaDB RPM-GPG-KEY-CentOS-Official RPM-GPG-KEY-CentOS-7 && \ - chmod +x /usr/local/bin/docker-entrypoint.sh && \ - ln -s usr/local/bin/docker-entrypoint.sh - -COPY config/my.cnf /etc/my.cnf -COPY config/server.cnf /etc/my.cnf.d/server.cnf -HEALTHCHECK --interval=5s --timeout=30s CMD mysqladmin ping -h 127.0.0.1 -u mysql || exit 1 - -USER mysql - -ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] - -EXPOSE 3306 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -CMD ["mysqld"] +COPY scripts/RPM-GPG-KEY-MariaDB /opt/ +COPY *.rpm.tar *.rpm /opt/ + +RUN cd /opt/ && \ + tar -xf mariadb.rpm.tar + +COPY scripts/setup_repository /opt/mariadb-10.1.48-rhel-7-x86_64-rpms/ + +RUN cd /opt/mariadb-10.1.48-rhel-7-x86_64-rpms && \ + ./setup_repository && \ + yum -y update && yum -y upgrade && \ + yum install -y --nogpgcheck MariaDB-server /opt/boost-program-options.rpm && \ + yum clean all + +# Copy scripts to entrypoint +COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secure_installation_automated +RUN chmod +x /usr/local/bin/mysql_secure_installation_automated +COPY ./scripts/entrypoint.sh ./entrypoint.sh +RUN chmod +x ./entrypoint.sh + +#Create usafadmin user +RUN groupadd -g 1500 usafadmin +RUN useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin +RUN chown -R usafadmin /var/lib/mysql +USER usafadmin +RUN cp -R /var/lib/mysql /tmp/ + +ENTRYPOINT [ "/bin/bash", "entrypoint.sh" ] -- GitLab From 03aa98364375321f88fcf63cf2595a141c083169 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 4 Jan 2021 15:32:53 -0500 Subject: [PATCH 05/27] adding in more files --- CHANGELOG | 0 build-stage/Dockerfile | 18 +++ build-stage/build.sh | 15 +++ build-stage/centos7.repo | 5 + build-stage/mariadb.repo | 5 + compliance/compliance.txt | 0 examples/Instructions.md | 32 +++++ scripts/RPM-GPG-KEY-MariaDB | 112 ++++++++++++++++++ scripts/centos7.repo | 5 + scripts/entrypoint.sh | 25 ++++ scripts/mariadb.repo | 5 + .../mysql_secure_installation_automated.sh | 94 +++++++++++++++ scripts/setup_repository | 42 +++++++ signatures/RPM-GPG-KEY-EPEL-7 | 29 +++++ 14 files changed, 387 insertions(+) create mode 100644 CHANGELOG create mode 100644 build-stage/Dockerfile create mode 100755 build-stage/build.sh create mode 100644 build-stage/centos7.repo create mode 100644 build-stage/mariadb.repo create mode 100644 compliance/compliance.txt create mode 100644 examples/Instructions.md create mode 100644 scripts/RPM-GPG-KEY-MariaDB create mode 100644 scripts/centos7.repo create mode 100755 scripts/entrypoint.sh create mode 100644 scripts/mariadb.repo create mode 100644 scripts/mysql_secure_installation_automated.sh create mode 100755 scripts/setup_repository create mode 100644 signatures/RPM-GPG-KEY-EPEL-7 diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..e69de29 diff --git a/build-stage/Dockerfile b/build-stage/Dockerfile new file mode 100644 index 0000000..7409054 --- /dev/null +++ b/build-stage/Dockerfile @@ -0,0 +1,18 @@ +FROM nexus-docker.52.61.140.4.nip.io/dsop/ubi7:latest +COPY mariadb.repo /etc/yum.repos.d/mariadb.repo + +COPY centos7.repo /etc/yum.repos.d/centos7.repo + +RUN rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 && \ + yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \ + rpm --import https://rpms.remirepo.net/RPM-GPG-KEY-remi && \ + yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm && \ + yum-config-manager --enable remi-php70 && \ + yum-config-manager --enable mariabdb + + +ENV ROOTDIR=/root/install +ENV DESTDIR=/root/packages + +RUN mkdir -p $ROOTDIR && mkdir -p $DESTDIR && for i in MariaDB-client MariaDB-server boost-devel.x86_64 rpm-build-libs rpm-python; do yum install --downloadonly --installroot=$ROOTDIR --releasever=7 --downloaddir=$DESTDIR -y $i ; done +RUN cd $DESTDIR && tar cvf mysql.tar . diff --git a/build-stage/build.sh b/build-stage/build.sh new file mode 100755 index 0000000..a7c1b4a --- /dev/null +++ b/build-stage/build.sh @@ -0,0 +1,15 @@ +#!/bin/bash +export NAME=mysql-demo +export TAG=final +echo "Building mysql image...." +docker build . -t mysql:final --label $NAME +IMAGE_ID=$(docker image ls -f label=$NAME | grep $TAG | awk '{print $3}') +echo "Running container....." +docker run -d -i --name $NAME $IMAGE_ID +CONTAINER_ID=$(docker ps | grep $NAME | awk '{print $1}') +docker cp $CONTAINER_ID:/root/packages/mysql.tar ../ +docker stop $CONTAINER_ID +docker rm $CONTAINER_ID +docker image rm $IMAGE_ID +unset IMAGE_ID +unset CONTAINER_ID diff --git a/build-stage/centos7.repo b/build-stage/centos7.repo new file mode 100644 index 0000000..64f27ad --- /dev/null +++ b/build-stage/centos7.repo @@ -0,0 +1,5 @@ +[centos7] +name = centos 7 +baseurl = http://mirror.centos.org/centos/7/os/x86_64/ +gpgkey = http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7 +gpgcheck = 1 diff --git a/build-stage/mariadb.repo b/build-stage/mariadb.repo new file mode 100644 index 0000000..665dcd5 --- /dev/null +++ b/build-stage/mariadb.repo @@ -0,0 +1,5 @@ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.3/rhel7-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1 diff --git a/compliance/compliance.txt b/compliance/compliance.txt new file mode 100644 index 0000000..e69de29 diff --git a/examples/Instructions.md b/examples/Instructions.md new file mode 100644 index 0000000..c9cd1c1 --- /dev/null +++ b/examples/Instructions.md @@ -0,0 +1,32 @@ +### **Instruction to build this container are as follows** + +The `build-stage` directory contains the script "build.sh". + +This script will invoke a docker build which will spin up an intermediary image. + +This image will be used to download and tar up all the the required installation rpms and place them one directory above this one in `docker/mariadb/mariadb/v.10.3.17/`. + + +This tar ball will be copied into our main container from the local directory allowing for offline builds of the main container image. + +* cd into the the build-stage directory +```bash +cd docker/mariadb/mariadb/v.10.3.17/build-stage +``` + +* run the build.sh script +```bash +source build.sh +``` + +* cd one directory up into the main `v.10.3.17` folder +```bash +cd ../ +``` + +* Build the main container by running +```bash +docker build . -t ` +``` + +This will build the main mariadb container and it can be pushed to an internal registry. diff --git a/scripts/RPM-GPG-KEY-MariaDB b/scripts/RPM-GPG-KEY-MariaDB new file mode 100644 index 0000000..75da41a --- /dev/null +++ b/scripts/RPM-GPG-KEY-MariaDB @@ -0,0 +1,112 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis +497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM +LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8 +p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn +U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb +XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j +zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx +cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H +48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ +YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu +b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK +CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3 +kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I +9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3 +P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb +Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF +iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl +sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0 +u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2 +YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b +GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ +7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD +EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb +LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk +Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3 +d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo +8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr +q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6 +4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI +UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl +J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B +TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF +F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6 ++Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR +tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYK0Q0RhbmllbCBC +YXJ0aG9sb21ldyAoTW9udHkgUHJvZ3JhbSBzaWduaW5nIGtleSkgPGRiYXJ0QGFz +a21vbnR5Lm9yZz6IYAQTEQIAIAUCS2iEkAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4B +AheAAAoJEMvLCCobuUPboDgAoNQVrK4i5LXTgwnWke2MxsXCoHDnAJ93j733YuNk +V64aHEUwWxNCkkwUkYkCHAQQAQIABgUCTWPEiQAKCRCRcRiZleRansGMD/96EvJv +LiuoQvv/KkeftLfvwoULVBBdAKLFmPyMjDbMP+1I2YnyF/7pSVmn/37QAP05QdoP +51RlZwRkEEVRMOlKIqny2WGGm8oxtkd3Lvi2TDkYRdkbfCn983WEUXqziOLadB3r +UPy+76D1GynoIerIyp9kzLtfJeHMWJumfh7poxnCup55eA5v4bbvToLacxca4ZJZ +gcdGrYGKKmYubrFGlrJqeF83JfQqXvD9ip15iOs4fSAeHVs0XbTFIsErk1axIXnE +mylHbSgu0Cri0ltNomAmFKuUR9hDamn8DaRWTTqAi9r7Mgm+KRB54Vn84yi3OAkE +etc8Qvz98Mp4kucHxt9daU1sA6pYWFf8jY61AXn7Qbm5t2l+RZhdIrJeHK3zktnn +MPoIwxgxogrTrLxL+WJGjCUAUfKzxd5eg+kqypIp5NIxpzKZrxXX+isLzjAiu+6l +Z8wbyspjybiMrVQsLF3bxBS3vaV3PDbhH4RI66FtwWbiOUAoMJH67uWlSbAjeAok +ZWJ0GchtgDfLI2olaM//gPxqDlNULkCsogypZCVYDcLR76kc3grhldtDfgU/PZLd +TuVtJnYsUWUgzbi+MYjMNFvojVkBsZdi8xXMTTaJ4EBr/x7FKr0yQrmqY6SIkKUA +RZqxMYERQm2toRfhWt5N9wKHuvqMv/eGYcCzcokCHAQQAQIABgUCTWPMCgAKCRBB +3cC0DaVvIjZREACImkZmDsZHOi3tZZKgttmxyK1uCJJoS8egX3DLQdBTci2PmiL1 +f9io2r7ii1Au/vfEdFGDVHOy3ksrJlazVgneGLmVbin9+B7OiQGiINQFoZ9WGCnL +MYt5BvBsP5nGuJHXpxG/OTAfWmqEx7wB15LMoAcA45o10IazIJB+78EwAbqJvhFm +hWBCuM9bvaigemdIjyKZM6Fd4B5ElQIsw3XFBLWEVnCfdPvD++cZU6U9F5PCM+oL +gmyGrpxbdiP2wGNhsh+w+jwRCPGVpivZMMHUVYJNLC2BModnyanz0obrw22U2LKT +nQOOVRMmvO6jYxdMUrOz+qjILLClozZd83X5P3Yz9rZYDXwu526iCGfKcoTWecru +oKw/nlHharrf97Kj9LZirHEUa3wrjEWTr1g90YgyVVqw5H1jdQ3kZ677bgJfSiT/ +OXwUhrqXBrPxIfYBweISDttbV7XkNFOM8tV+fM/CyV97omep8pctLyHL4QTs1BW5 +YhFsLEfw4M9hYcPD9EKs/f3EdDB9eKWbYkdWAnPwJtML6/OowtTM98FbsAbjKctb +O9LXzfrzCwV7137vLNrzFQXupzK3D+ar+oEZQIyezJyWz/Kl4xatx/B2E6APDpyb +iHwpzjHZbNY1uswuQTGJgi7huQRNooDJmMToYnGP+Mv9C1bcesf8K1qnjYkCHAQQ +AQIABgUCTXeZrgAKCRBB3cC0DaVvIghPEACo1DbukXlf/7lbSOPMZ+eUPaVQoP3M +QZC3e+KbbsQqw0YWwgmJRybyB8x5OYeBqoP1kOZX0MxOLqsMvFYNXGJIPbag+ufU +Q4NhNXFnRMJD6Exlum3M30s7SvxzX9sVZCvoAyrqDp9xiFs0cKtU2DUTS/LawkJm +0ro4K5JFH9irmpsXMzf83EfTR62lzDYSf3JOh9605jkJCQt+gj/T8YzPIqTy2569 +alBEEAFxoh+PMfxFNDv7siNLYBgbCTuE3ZifOD+3xZo4nlryGjzPI6C80nR9RPO7 +pPoJ26zEwWKC5bcBHcnIXpG1v4+at9A0YQqdLeufL+b3W+tPulf1bYtgKPq6oMR3 +lQSswaX0AockF4Dpz2smSiBdYX1XMkp1BjfAlqi+lhr4Uf68fZbQhhAf8puY4EQp +mobXY6/Un8h0C6xH8KzRxAPhB3r8XMwgFD6PYzmy5tB0v+Lt/nzkRMrRrgtEqwKo +BRzTy7jI7rr1hTkNdPKEiT/LbuQcNgrRqD4q1mM5N6RFqezx1pboTxdR5CppabwF +1qu1RUFt9xLsNcBFynAa8/Vmhn8dFggY240FJht2aKpj9S8G6ufwhq9JeAFqwDt5 +kHNTjkEFF20XeXvYamF2dX6kRtGm+hauDiHzhGbAoHxJIvLqNyLtxIZGapeVL36M +1RAUOqlnMiqPhYkCHAQQAQIABgUCTXeZ8wAKCRCRcRiZleRannQDEACaIRmvVUrp +d0LAKvtov9ZXfhHMxTbnIIvszbII8shPt29UO08er4Yd0ZnTIFHMvnX5MWCLWBlu +aJ56ucoXMJpcNRPmNCw1bWnjFwQVxajzSpzm4duGQnakOKH7uywNaaUE81nd1VY6 +XUW7J/IergcscMOOxHfbXu2hF/2AV7x9NkjbykuMBscgEc8CRuUHJ+A/52Ilwo9R +sEsxKJfh86++h1jaLjs8RL2dEo2ioO0QfAW+rXLgctCe7v3Zs8xBv1qFIV7QW5a+ +ZaYW1SRhMNJVnN5iP+WbFiMelzEqcxkgXErGeoDHPE4GDNIQyvhwhryOz1lJONix +b+Cb5jqUoC0Wa96fKP2/t1Dlm+d3ZSp7nQSaQZJ+8pF0yYcAqbKam5zr/XY+EPex +cGJ2GQuQ2y6tSz5kqy5qr5xQoHqif9dCFBkL7aOEO+5waBSy5oTb7uMHki+hKWTz +dlldliXKt4P2tMa/2uFj5m9DXn+CneoHi3FzET24RbglDb445aPNMM+EWqRGQUR0 +8wzp8X00WVRuLGenBws5LSjftHCdtVqdDLsM6eJ7BqH0wNPrMwXNz8lErNFnpIwT +DbZiw7GcQGkjRNvDpovAB7OUcGQNXaLvbsjF93OY3lOeBoyPokONIzUPSUdKurbZ +YyfT2mcqGEp1hkZVwPsKIA1y5ioxHQI2HbkEDQRLaIS4EBAApZ0wvxpQVlZ6OEFa +9SBQ5eclRIOjXjKqkYGkvIx+jUmqCYfOgfPixOGYS5Q2KwHNz4XEOIOA1kyClAoA +AgOEGUxj8CxnbBk10IVo/JBONjdqKYPZ2YNdeIIrKXEmai4i5hK5AfZHoyqsV5aq +xGkGeVUju/coyRJY6La8iL+RBuxiRuUPWymGjtISAR6fSiN8f/kRly/y9LmMO8Jc +OpeieqLUFPK6KuzhI4F0nFkHJpZPDNOHHl+GmAZ+SqZxmIrpkGymd36hTKxW4nln +N6kqc1gMwdn1L/u/D+C/jhMbTTssqiMZeyP9uFmnMB3ls1NV8OxvbxcTBG0M7g4A +lffUQKpUrNhIBoC3R7UbYQ3CTZX1Qp/TBzbfRAgGhdWBQDQEd3/Ll9G4QaCs9I+4 +W68rkAr7e7IylHyfEi9oYQkXFIEeaAhiENmJBpcLpas/yNJoLayqzPsQ+lRNg3om +FntPtZolkMi6orRNixrgXV64m/01YNjmBFTqsp5wOq2j0cmTkbOWqdnlmGPg2El1 +ufebJc6YWS1nFm6YRpN/B3QbtAnar1Cb+IHlr0haTOYhQp+XFN+k1brqs+Sufa8/ +rz6N5tsm+W5GjHKvHr24FTa02u3H4lIqNlNBkzZZKhzAhxEWiJzwc/f2upG5vdpl +rM/YCU+XTotYPb5ZEXQe2mD/rXMAAwUP/0f1DOJIfnMrh1o/3RKqDq8k7tlv2GEE +v0VEnh8ty4dMb8Dos2M1Oc4Kv9QLB3DXcS4/L4JW5vF0QgSAzq1r5oBT1zaMcqDS +6OUlHrWUi8aDNt5EPQuEGdP2/iTDeAq4r8eCYrHRC7egldyRZrmWNfcZN6/G9K+J +SjhWfSWWSBRIqb+UxcQNCp6i6tvVSxCfLK1R4P4kA/Z4Co2vywIfVfPhHd5nIWNl +1yl9O3r04GCNTjzwsv/dhUGDFIVsghgehZuL0Bb7hDuyvZ2ShALumZ5t7mU/SJ2h +Ok3klO+2bIJB0gquUkWn/4g1h2Tp9XVWrI1x6GUBxRYkwC4tWajzWeVC5hcDVAdq +YN0H0HVj/CEgrEWlCVv1hJ0JYAsjX8Cj1QuZB1i34fjEkgybMjo3oCU5GCSiNmvt +TeUpexyY/7iHAdyoZHFT+fQS84VMYKFT4tTYH+5jTa62yfPhn63TYPorrRyTqG8a +JQLnczm0NN5R5mriYJQjr4Pj8PSSwWck/Gt8R5vb+C69+uXINB6OKqhG6xU0bqnC +Ixt3OhVS7v0SfHjn0+il/JOc/ev9wm6G5FxmEWOoYwibmaDzHfc9N1HMRzjTENI7 +fyJPNFj9IDkpwk4E3ylrkuVl2KEmYDJ9T9ny4UMnQ7Sb6w59UhxMIFtRTPNpQJWC +WXfhWUAo4WfCiEkEGBECAAkFAktohLgCGwwACgkQy8sIKhu5Q9vThgCeIHzJCz+Q +M8u4iCTrGaJ9w/+jwz4AnRhdXcFVv7svt2qOd374EtCSjv24 +=/Od8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/scripts/centos7.repo b/scripts/centos7.repo new file mode 100644 index 0000000..64f27ad --- /dev/null +++ b/scripts/centos7.repo @@ -0,0 +1,5 @@ +[centos7] +name = centos 7 +baseurl = http://mirror.centos.org/centos/7/os/x86_64/ +gpgkey = http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7 +gpgcheck = 1 diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh new file mode 100755 index 0000000..c25ec87 --- /dev/null +++ b/scripts/entrypoint.sh @@ -0,0 +1,25 @@ +#! /bin/bash +set -o errexit # abort on nonzero exitstatus +set -o nounset # abort on unbound variable +# Ensure vars are defined +function check_requirements() { + [ -z "${MYSQL_ROOT_PASS}" ] && error_exit "MYSQL_ROOT_PASS is a required variable" + [ -z "${WORDPRESS_DB_USER}" ] && error_exit "WORDPRESS_DB_USER is a required variable" + [ -z "${WORDPRESS_DB_PASS}" ] && error_exit "WORDPRESS_DB_PASS is a required variable" + [ -z "${WORDPRESS_DB_NAME}" ] && error_exit "WORDPRESS_DB_NAME is a required variable" + echo "All neccesary vars defined" +} + +check_requirements + +# Check if mysql dir is empty +if [ "$(ls -A /var/lib/mysql )" ]; then +echo "Do nothing /var/lib/mysql is not Empty" +else +echo "Take action /var/lib/mysql is Empty" +cp -R /tmp/mysql /var/lib/ +fi + +/etc/init.d/mysql start +mysql_secure_instalation_automated "${MYSQL_ROOT_PASS}" "${WORDPRESS_DB_USER}" "${WORDPRESS_DB_PASS}" "${WORDPRESS_DB_NAME}" +tail -f /dev/null \ No newline at end of file diff --git a/scripts/mariadb.repo b/scripts/mariadb.repo new file mode 100644 index 0000000..665dcd5 --- /dev/null +++ b/scripts/mariadb.repo @@ -0,0 +1,5 @@ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.3/rhel7-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1 diff --git a/scripts/mysql_secure_installation_automated.sh b/scripts/mysql_secure_installation_automated.sh new file mode 100644 index 0000000..8a8814f --- /dev/null +++ b/scripts/mysql_secure_installation_automated.sh @@ -0,0 +1,94 @@ +#! /bin/bash +set -o errexit # abort on nonzero exitstatus +set -o nounset # abort on unbound variable + + +### Functions ### +usage() { +cat << _EOF_ + +Usage: ${1} "ROOT PASSWORD" + + with "ROOT PASSWORD" the desired password for the database root user. + +Use quotes if your password contains spaces or other special characters. + + +Usage: ${2} "WORDPRESS DB USER" + + with "WORDPRESS DB USER" the desired username for the word press database wp user. + +Use quotes if your password contains spaces or other special characters. + + +Usage: ${3} "WORDPRESS DB PASS" + + with "WORDPRESS DB PASS" the desired password for the database wp user. + +Use quotes if your password contains spaces or other special characters. + +Usage: ${4} "WORDPRESS DB NAME" + + with "WORDPRESS DB NAME" the desired name for the wp database. + +Use quotes if your password contains spaces or other special characters. +_EOF_ +} + +# Predicate that returns exit status 0 if the database root password +# is set, a nonzero exit status otherwise. +is_mysql_root_password_set() { + ! mysqladmin --user=root status > /dev/null 2>&1 +} + +# Predicate that returns exit status 0 if the mysql(1) command is available, +# nonzero exit status otherwise. +is_mysql_command_available() { + which mysql > /dev/null 2>&1 +} +### --- ### + +### Command line parsing ### +if [ "$#" -ne "4" ]; then + echo "Expected 4 argument, got $#" >&2 + usage + exit 2 +fi +### --- ### + +### Variables ### +db_root_password="${1}" +wordpress_db_user="${2}" +wordpress_db_pass="${3}" +wordpress_db_name="${4}" +### --- ### + +### Script proper ### +if ! is_mysql_command_available; then + echo "The MySQL/MariaDB client mysql(1) is not installed." + exit 1 +fi + +if is_mysql_root_password_set; then + echo "Database root password already set" + exit 0 +fi + + +mysql --user=root <<_EOF_ + CREATE DATABASE ${wordpress_db_name}; + CREATE USER '${wordpress_db_user}' IDENTIFIED BY '${wordpress_db_pass}'; + GRANT ALL PRIVILEGES ON ${wordpress_db_name}.* TO '${wordpress_db_user}'; + FLUSH PRIVILEGES; +_EOF_ +## -- ## + +mysql --user=root <<_EOF_ + UPDATE mysql.user SET Password=PASSWORD('${db_root_password}') WHERE User='root'; + DELETE FROM mysql.user WHERE User=''; + DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); + DROP DATABASE IF EXISTS test; + DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; + FLUSH PRIVILEGES; +_EOF_ +### --- ### diff --git a/scripts/setup_repository b/scripts/setup_repository new file mode 100755 index 0000000..84ba878 --- /dev/null +++ b/scripts/setup_repository @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +file=/etc/yum.repos.d/mariadb.repo +install_cmd='yum install MariaDB-server' +gpgkey=/opt/RPM-GPG-KEY-MariaDB + +err() { + msg=$1 + shift + printf "[ERROR] $msg\n" "$@" >&2 + exit 1 +} + +for d in "$PWD" "${0%/*}"; do + if [[ -d $d/repodata ]] ; then + dir=$d + if ! [[ $dir = /* ]] ; then + dir=$PWD/$dir + fi + break + fi +done + +if ! [[ $dir ]] ; then + err 'Could not find a "repodata" directory. Please change to the top level directory of the unpacked archive. and re-run this script.' +fi + +if [[ -e $file ]] ; then + err 'File "%s" already exists. Rename it and re-run this script, or manually create a new .repo file.' "$file" +fi + +if ! cat > "$file" < Date: Mon, 4 Jan 2021 15:43:42 -0500 Subject: [PATCH 06/27] path fixes --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ee58887..822f9e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,9 +10,9 @@ COPY *.rpm.tar *.rpm /opt/ RUN cd /opt/ && \ tar -xf mariadb.rpm.tar -COPY scripts/setup_repository /opt/mariadb-10.1.48-rhel-7-x86_64-rpms/ +COPY scripts/setup_repository /opt/mariadb-10.2.36-rhel-7-x86_64-rpms/ -RUN cd /opt/mariadb-10.1.48-rhel-7-x86_64-rpms && \ +RUN cd /opt/mariadb-10.2.36-rhel-7-x86_64-rpms && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ yum install -y --nogpgcheck MariaDB-server /opt/boost-program-options.rpm && \ -- GitLab From 30f2c1198ef4495ec08b02da83e12ab7bfe7cfeb Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Mon, 5 Apr 2021 22:42:19 -0400 Subject: [PATCH 07/27] upgraded to 10.2.37 --- Dockerfile | 12 ++++++------ compliance/compliance.txt | 0 hardening_manifest.yaml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 compliance/compliance.txt diff --git a/Dockerfile b/Dockerfile index 822f9e8..55b5320 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,17 +8,17 @@ COPY scripts/RPM-GPG-KEY-MariaDB /opt/ COPY *.rpm.tar *.rpm /opt/ RUN cd /opt/ && \ - tar -xf mariadb.rpm.tar + tar -xf mariadb.rpm.tar -COPY scripts/setup_repository /opt/mariadb-10.2.36-rhel-7-x86_64-rpms/ +COPY scripts/setup_repository /opt/mariadb-10.2.37-rhel-7-x86_64-rpms/ -RUN cd /opt/mariadb-10.2.36-rhel-7-x86_64-rpms && \ +RUN cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ yum install -y --nogpgcheck MariaDB-server /opt/boost-program-options.rpm && \ yum clean all - -# Copy scripts to entrypoint + +# Copy scripts to entrypoint COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secure_installation_automated RUN chmod +x /usr/local/bin/mysql_secure_installation_automated COPY ./scripts/entrypoint.sh ./entrypoint.sh @@ -27,7 +27,7 @@ RUN chmod +x ./entrypoint.sh #Create usafadmin user RUN groupadd -g 1500 usafadmin RUN useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin -RUN chown -R usafadmin /var/lib/mysql +RUN chown -R usafadmin /var/lib/mysql USER usafadmin RUN cp -R /var/lib/mysql /tmp/ diff --git a/compliance/compliance.txt b/compliance/compliance.txt deleted file mode 100644 index e69de29..0000000 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 615c6b1..94b774e 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/mariadb/mariadb" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "10.2.36" +- "10.2.37" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://mariadb.org" # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "MariaDB Foundation" - org.opencontainers.image.version: "10.2.36" + org.opencontainers.image.version: "10.2.37" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "database,mysql,mariadb" # This value can be "opensource" or "commercial" @@ -38,10 +38,10 @@ labels: # List of resources to make available to the offline build context resources: - filename: mariadb.rpm.tar - url: https://downloads.mariadb.com/MariaDB/mariadb-10.2.36/yum/centos/mariadb-10.2.36-rhel-7-x86_64-rpms.tar + url: https://downloads.mariadb.com/MariaDB/mariadb-10.2.37/yum/centos/mariadb-10.2.37-rhel-7-x86_64-rpms.tar validation: type: sha256 - value: a076322a938e312807df33f8f765aeab4deae828639ac44beb80775953412862 + value: 8772cb079026efd59d17cdb99cdf8fddfa2175ff8c2aa5a68fa9d60a2c4da916 - filename: boost-program-options.rpm url: http://mirror.centos.org/centos/7/os/x86_64/Packages/boost-program-options-1.53.0-28.el7.x86_64.rpm validation: -- GitLab From ca7110727a207c98e9a43ef05dd93b16fc17e5b2 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Mon, 5 Apr 2021 23:38:24 -0400 Subject: [PATCH 08/27] upgraded to 10.2.37 --- README.md | 26 +++++++++++--------------- examples/Instructions.md | 32 -------------------------------- 2 files changed, 11 insertions(+), 47 deletions(-) delete mode 100644 examples/Instructions.md diff --git a/README.md b/README.md index 4f8a9ba..5205dbf 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,19 @@ # MariaDB -Version: 10.2.32 +Version: 10.2.37 ## Overview -MariaDB is a community-developed fork of the MySQL relational database management system. +MariaDB Platform is the complete enterprise open source database solution, with the versatility to handle transactional, analytical or hybrid transactional/analytical workloads as well as relational or document data, and the ability to scale from standalone databases and columnar data warehouses to fully distributed SQL databases executing millions of transactions per second and performing interactive, ad hoc analytics on billions of rows. -The Helm chart for MariaDB and the recommended secure configuration in values-ironbank.yaml can be found [here](https://repo1.dsop.io/dsop/charts/-/tree/master/bitnami/mariadb) +## MariaDB Documentation -The [MariaDB documentation](https://mariadb.org/documentation/) provides an introduction, primer, list of SQL statements, and useful MariaDB queries: +Documentation on using MariaDB Server. -## Usage - -The values-ironbank.yaml file located [here](https://repo1.dsop.io/dsop/charts/-/tree/master/bitnami/mariadb) provides a recommended secure configuration of MariaDB and can replace the values.yaml in the standard Helm chart (also provided in this repository). Please see the following links for more information regarding configration options for production-ready deployments. - -## Volumes - -The standard location for the MariaDB volume is `/var/lib/mysql`. Further confiugration details can be specified and additional documentation on Kubernetes volumes can be found [here](https://kubernetes.io/docs/concepts/storage/volumes/) with details about each section in the volume definition that can be specified. - -## Configuration - -Configuration changes can be made in `/etc/my.cnf` and `/etc/my.cnf.d/` \ No newline at end of file +* [Git repo](https://github.com/docker-library/mariadb) of the Docker "Official Image" for mariadb. +* [MariaDB Server Releases](https://mariadb.com/kb/en/mariadb-server/) +* [Download MariaDB Products and Tools for Development and Production](https://mariadb.com/downloads/) +* [Maria DB Server Documentation](https://mariadb.com/kb/en/documentation/) +* [Training and Tutorials](https://mariadb.com/kb/en/training-tutorials/) +* [Service and Client software](https://mariadb.com/kb/en/server-client-software/) +* [Knowledge Base](https://mariadb.com/kb/en/about-the-knowledge-base/) diff --git a/examples/Instructions.md b/examples/Instructions.md deleted file mode 100644 index c9cd1c1..0000000 --- a/examples/Instructions.md +++ /dev/null @@ -1,32 +0,0 @@ -### **Instruction to build this container are as follows** - -The `build-stage` directory contains the script "build.sh". - -This script will invoke a docker build which will spin up an intermediary image. - -This image will be used to download and tar up all the the required installation rpms and place them one directory above this one in `docker/mariadb/mariadb/v.10.3.17/`. - - -This tar ball will be copied into our main container from the local directory allowing for offline builds of the main container image. - -* cd into the the build-stage directory -```bash -cd docker/mariadb/mariadb/v.10.3.17/build-stage -``` - -* run the build.sh script -```bash -source build.sh -``` - -* cd one directory up into the main `v.10.3.17` folder -```bash -cd ../ -``` - -* Build the main container by running -```bash -docker build . -t ` -``` - -This will build the main mariadb container and it can be pushed to an internal registry. -- GitLab From fb34ef207064031b01993186e89caf9b4eb2d282 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Tue, 6 Apr 2021 17:15:05 -0400 Subject: [PATCH 09/27] added healthcheck --- Dockerfile | 5 ++++- scripts/healthcheck.sh | 10 ++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 scripts/healthcheck.sh diff --git a/Dockerfile b/Dockerfile index 55b5320..f48d346 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,8 @@ RUN cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secure_installation_automated RUN chmod +x /usr/local/bin/mysql_secure_installation_automated COPY ./scripts/entrypoint.sh ./entrypoint.sh -RUN chmod +x ./entrypoint.sh +RUN chmod +x ./entrypoint.sh && \ + chmod +x /usr/local/bin/healthcheck.sh #Create usafadmin user RUN groupadd -g 1500 usafadmin @@ -31,4 +32,6 @@ RUN chown -R usafadmin /var/lib/mysql USER usafadmin RUN cp -R /var/lib/mysql /tmp/ +HEALTHCHECK --interval=10s --timeout=30s --start-period=10s --retries=3 CMD /usr/local/bin/healthcheck.sh + ENTRYPOINT [ "/bin/bash", "entrypoint.sh" ] diff --git a/scripts/healthcheck.sh b/scripts/healthcheck.sh new file mode 100644 index 0000000..f56f859 --- /dev/null +++ b/scripts/healthcheck.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if cqlsh -u cassandra -p cassandra "$host" < /dev/null; then + exit 0 +fi + +exit 1 -- GitLab From 23d9e6d771f9cd08ae9ce3a66f51a261b0d450c4 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Tue, 6 Apr 2021 17:33:42 -0400 Subject: [PATCH 10/27] copied files to container --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index f48d346..630a1d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,7 @@ ARG BASE_TAG=7.9 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} COPY scripts/RPM-GPG-KEY-MariaDB /opt/ +COPY scripts/healthcheck.sh /usr/local/bin/ COPY *.rpm.tar *.rpm /opt/ RUN cd /opt/ && \ -- GitLab From 21983a26dc2ffef5c4018487dd04839e11dcebfa Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 11:30:53 -0400 Subject: [PATCH 11/27] updated file permissions --- Dockerfile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 630a1d6..a361cde 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,20 +16,22 @@ COPY scripts/setup_repository /opt/mariadb-10.2.37-rhel-7-x86_64-rpms/ RUN cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ - yum install -y --nogpgcheck MariaDB-server /opt/boost-program-options.rpm && \ + yum install -y MariaDB-server /opt/boost-program-options.rpm && \ yum clean all # Copy scripts to entrypoint COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secure_installation_automated RUN chmod +x /usr/local/bin/mysql_secure_installation_automated COPY ./scripts/entrypoint.sh ./entrypoint.sh -RUN chmod +x ./entrypoint.sh && \ - chmod +x /usr/local/bin/healthcheck.sh #Create usafadmin user -RUN groupadd -g 1500 usafadmin -RUN useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin -RUN chown -R usafadmin /var/lib/mysql +RUN groupadd -g 1500 usafadmin && \ + useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \ + chown -R usafadmin:usafadmin /var/lib/mysql && \ + chown -R usafadmin:usafadmin /usr/local/bin/ && \ + chmod +x ./entrypoint.sh && \ + chmod +x /usr/local/bin/healthcheck.sh + USER usafadmin RUN cp -R /var/lib/mysql /tmp/ -- GitLab From 531cd9281d62a4018b2577d13b7bc1a41060a1a3 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 12:40:53 -0400 Subject: [PATCH 12/27] import gpg keys --- Dockerfile | 8 ++- scripts/RPM-GPG-KEY-MariaDB | 112 ---------------------------------- signatures/RPM-GPG-KEY-EPEL-7 | 29 --------- 3 files changed, 6 insertions(+), 143 deletions(-) delete mode 100644 scripts/RPM-GPG-KEY-MariaDB delete mode 100644 signatures/RPM-GPG-KEY-EPEL-7 diff --git a/Dockerfile b/Dockerfile index a361cde..edee587 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_TAG=7.9 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -COPY scripts/RPM-GPG-KEY-MariaDB /opt/ +COPY signatures/* / COPY scripts/healthcheck.sh /usr/local/bin/ COPY *.rpm.tar *.rpm /opt/ @@ -13,10 +13,14 @@ RUN cd /opt/ && \ COPY scripts/setup_repository /opt/mariadb-10.2.37-rhel-7-x86_64-rpms/ -RUN cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ +RUN rpm --import RPM-GPG-KEY-CentOS-Official && \ + rpm --import RPM-GPG-KEY-CentosOS-7 && \ + rpm --import RPM-GPG-KEY-MariaDB && \ + cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ yum install -y MariaDB-server /opt/boost-program-options.rpm && \ + rm RPM-GPG-KEY-CentOS-Official RPM-GPG-KEY-CentosOS-7 RPM-GPG-KEY-MariaDB /opt/* && \ yum clean all # Copy scripts to entrypoint diff --git a/scripts/RPM-GPG-KEY-MariaDB b/scripts/RPM-GPG-KEY-MariaDB deleted file mode 100644 index 75da41a..0000000 --- a/scripts/RPM-GPG-KEY-MariaDB +++ /dev/null @@ -1,112 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.10 (GNU/Linux) - -mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis -497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM -LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8 -p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn -U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb -XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j -zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx -cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H -48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ -YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu -b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK -CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3 -kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I -9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3 -P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb -Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF -iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl -sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0 -u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2 -YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b -GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ -7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD -EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb -LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk -Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3 -d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo -8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr -q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6 -4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI -UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl -J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B -TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF -F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6 -+Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR -tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYK0Q0RhbmllbCBC -YXJ0aG9sb21ldyAoTW9udHkgUHJvZ3JhbSBzaWduaW5nIGtleSkgPGRiYXJ0QGFz -a21vbnR5Lm9yZz6IYAQTEQIAIAUCS2iEkAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4B -AheAAAoJEMvLCCobuUPboDgAoNQVrK4i5LXTgwnWke2MxsXCoHDnAJ93j733YuNk -V64aHEUwWxNCkkwUkYkCHAQQAQIABgUCTWPEiQAKCRCRcRiZleRansGMD/96EvJv -LiuoQvv/KkeftLfvwoULVBBdAKLFmPyMjDbMP+1I2YnyF/7pSVmn/37QAP05QdoP -51RlZwRkEEVRMOlKIqny2WGGm8oxtkd3Lvi2TDkYRdkbfCn983WEUXqziOLadB3r -UPy+76D1GynoIerIyp9kzLtfJeHMWJumfh7poxnCup55eA5v4bbvToLacxca4ZJZ -gcdGrYGKKmYubrFGlrJqeF83JfQqXvD9ip15iOs4fSAeHVs0XbTFIsErk1axIXnE -mylHbSgu0Cri0ltNomAmFKuUR9hDamn8DaRWTTqAi9r7Mgm+KRB54Vn84yi3OAkE -etc8Qvz98Mp4kucHxt9daU1sA6pYWFf8jY61AXn7Qbm5t2l+RZhdIrJeHK3zktnn -MPoIwxgxogrTrLxL+WJGjCUAUfKzxd5eg+kqypIp5NIxpzKZrxXX+isLzjAiu+6l -Z8wbyspjybiMrVQsLF3bxBS3vaV3PDbhH4RI66FtwWbiOUAoMJH67uWlSbAjeAok -ZWJ0GchtgDfLI2olaM//gPxqDlNULkCsogypZCVYDcLR76kc3grhldtDfgU/PZLd -TuVtJnYsUWUgzbi+MYjMNFvojVkBsZdi8xXMTTaJ4EBr/x7FKr0yQrmqY6SIkKUA -RZqxMYERQm2toRfhWt5N9wKHuvqMv/eGYcCzcokCHAQQAQIABgUCTWPMCgAKCRBB -3cC0DaVvIjZREACImkZmDsZHOi3tZZKgttmxyK1uCJJoS8egX3DLQdBTci2PmiL1 -f9io2r7ii1Au/vfEdFGDVHOy3ksrJlazVgneGLmVbin9+B7OiQGiINQFoZ9WGCnL -MYt5BvBsP5nGuJHXpxG/OTAfWmqEx7wB15LMoAcA45o10IazIJB+78EwAbqJvhFm -hWBCuM9bvaigemdIjyKZM6Fd4B5ElQIsw3XFBLWEVnCfdPvD++cZU6U9F5PCM+oL -gmyGrpxbdiP2wGNhsh+w+jwRCPGVpivZMMHUVYJNLC2BModnyanz0obrw22U2LKT -nQOOVRMmvO6jYxdMUrOz+qjILLClozZd83X5P3Yz9rZYDXwu526iCGfKcoTWecru -oKw/nlHharrf97Kj9LZirHEUa3wrjEWTr1g90YgyVVqw5H1jdQ3kZ677bgJfSiT/ -OXwUhrqXBrPxIfYBweISDttbV7XkNFOM8tV+fM/CyV97omep8pctLyHL4QTs1BW5 -YhFsLEfw4M9hYcPD9EKs/f3EdDB9eKWbYkdWAnPwJtML6/OowtTM98FbsAbjKctb -O9LXzfrzCwV7137vLNrzFQXupzK3D+ar+oEZQIyezJyWz/Kl4xatx/B2E6APDpyb -iHwpzjHZbNY1uswuQTGJgi7huQRNooDJmMToYnGP+Mv9C1bcesf8K1qnjYkCHAQQ -AQIABgUCTXeZrgAKCRBB3cC0DaVvIghPEACo1DbukXlf/7lbSOPMZ+eUPaVQoP3M -QZC3e+KbbsQqw0YWwgmJRybyB8x5OYeBqoP1kOZX0MxOLqsMvFYNXGJIPbag+ufU -Q4NhNXFnRMJD6Exlum3M30s7SvxzX9sVZCvoAyrqDp9xiFs0cKtU2DUTS/LawkJm -0ro4K5JFH9irmpsXMzf83EfTR62lzDYSf3JOh9605jkJCQt+gj/T8YzPIqTy2569 -alBEEAFxoh+PMfxFNDv7siNLYBgbCTuE3ZifOD+3xZo4nlryGjzPI6C80nR9RPO7 -pPoJ26zEwWKC5bcBHcnIXpG1v4+at9A0YQqdLeufL+b3W+tPulf1bYtgKPq6oMR3 -lQSswaX0AockF4Dpz2smSiBdYX1XMkp1BjfAlqi+lhr4Uf68fZbQhhAf8puY4EQp -mobXY6/Un8h0C6xH8KzRxAPhB3r8XMwgFD6PYzmy5tB0v+Lt/nzkRMrRrgtEqwKo -BRzTy7jI7rr1hTkNdPKEiT/LbuQcNgrRqD4q1mM5N6RFqezx1pboTxdR5CppabwF -1qu1RUFt9xLsNcBFynAa8/Vmhn8dFggY240FJht2aKpj9S8G6ufwhq9JeAFqwDt5 -kHNTjkEFF20XeXvYamF2dX6kRtGm+hauDiHzhGbAoHxJIvLqNyLtxIZGapeVL36M -1RAUOqlnMiqPhYkCHAQQAQIABgUCTXeZ8wAKCRCRcRiZleRannQDEACaIRmvVUrp -d0LAKvtov9ZXfhHMxTbnIIvszbII8shPt29UO08er4Yd0ZnTIFHMvnX5MWCLWBlu -aJ56ucoXMJpcNRPmNCw1bWnjFwQVxajzSpzm4duGQnakOKH7uywNaaUE81nd1VY6 -XUW7J/IergcscMOOxHfbXu2hF/2AV7x9NkjbykuMBscgEc8CRuUHJ+A/52Ilwo9R -sEsxKJfh86++h1jaLjs8RL2dEo2ioO0QfAW+rXLgctCe7v3Zs8xBv1qFIV7QW5a+ -ZaYW1SRhMNJVnN5iP+WbFiMelzEqcxkgXErGeoDHPE4GDNIQyvhwhryOz1lJONix -b+Cb5jqUoC0Wa96fKP2/t1Dlm+d3ZSp7nQSaQZJ+8pF0yYcAqbKam5zr/XY+EPex -cGJ2GQuQ2y6tSz5kqy5qr5xQoHqif9dCFBkL7aOEO+5waBSy5oTb7uMHki+hKWTz -dlldliXKt4P2tMa/2uFj5m9DXn+CneoHi3FzET24RbglDb445aPNMM+EWqRGQUR0 -8wzp8X00WVRuLGenBws5LSjftHCdtVqdDLsM6eJ7BqH0wNPrMwXNz8lErNFnpIwT -DbZiw7GcQGkjRNvDpovAB7OUcGQNXaLvbsjF93OY3lOeBoyPokONIzUPSUdKurbZ -YyfT2mcqGEp1hkZVwPsKIA1y5ioxHQI2HbkEDQRLaIS4EBAApZ0wvxpQVlZ6OEFa -9SBQ5eclRIOjXjKqkYGkvIx+jUmqCYfOgfPixOGYS5Q2KwHNz4XEOIOA1kyClAoA -AgOEGUxj8CxnbBk10IVo/JBONjdqKYPZ2YNdeIIrKXEmai4i5hK5AfZHoyqsV5aq -xGkGeVUju/coyRJY6La8iL+RBuxiRuUPWymGjtISAR6fSiN8f/kRly/y9LmMO8Jc -OpeieqLUFPK6KuzhI4F0nFkHJpZPDNOHHl+GmAZ+SqZxmIrpkGymd36hTKxW4nln -N6kqc1gMwdn1L/u/D+C/jhMbTTssqiMZeyP9uFmnMB3ls1NV8OxvbxcTBG0M7g4A -lffUQKpUrNhIBoC3R7UbYQ3CTZX1Qp/TBzbfRAgGhdWBQDQEd3/Ll9G4QaCs9I+4 -W68rkAr7e7IylHyfEi9oYQkXFIEeaAhiENmJBpcLpas/yNJoLayqzPsQ+lRNg3om -FntPtZolkMi6orRNixrgXV64m/01YNjmBFTqsp5wOq2j0cmTkbOWqdnlmGPg2El1 -ufebJc6YWS1nFm6YRpN/B3QbtAnar1Cb+IHlr0haTOYhQp+XFN+k1brqs+Sufa8/ -rz6N5tsm+W5GjHKvHr24FTa02u3H4lIqNlNBkzZZKhzAhxEWiJzwc/f2upG5vdpl -rM/YCU+XTotYPb5ZEXQe2mD/rXMAAwUP/0f1DOJIfnMrh1o/3RKqDq8k7tlv2GEE -v0VEnh8ty4dMb8Dos2M1Oc4Kv9QLB3DXcS4/L4JW5vF0QgSAzq1r5oBT1zaMcqDS -6OUlHrWUi8aDNt5EPQuEGdP2/iTDeAq4r8eCYrHRC7egldyRZrmWNfcZN6/G9K+J -SjhWfSWWSBRIqb+UxcQNCp6i6tvVSxCfLK1R4P4kA/Z4Co2vywIfVfPhHd5nIWNl -1yl9O3r04GCNTjzwsv/dhUGDFIVsghgehZuL0Bb7hDuyvZ2ShALumZ5t7mU/SJ2h -Ok3klO+2bIJB0gquUkWn/4g1h2Tp9XVWrI1x6GUBxRYkwC4tWajzWeVC5hcDVAdq -YN0H0HVj/CEgrEWlCVv1hJ0JYAsjX8Cj1QuZB1i34fjEkgybMjo3oCU5GCSiNmvt -TeUpexyY/7iHAdyoZHFT+fQS84VMYKFT4tTYH+5jTa62yfPhn63TYPorrRyTqG8a -JQLnczm0NN5R5mriYJQjr4Pj8PSSwWck/Gt8R5vb+C69+uXINB6OKqhG6xU0bqnC -Ixt3OhVS7v0SfHjn0+il/JOc/ev9wm6G5FxmEWOoYwibmaDzHfc9N1HMRzjTENI7 -fyJPNFj9IDkpwk4E3ylrkuVl2KEmYDJ9T9ny4UMnQ7Sb6w59UhxMIFtRTPNpQJWC -WXfhWUAo4WfCiEkEGBECAAkFAktohLgCGwwACgkQy8sIKhu5Q9vThgCeIHzJCz+Q -M8u4iCTrGaJ9w/+jwz4AnRhdXcFVv7svt2qOd374EtCSjv24 -=/Od8 ------END PGP PUBLIC KEY BLOCK----- diff --git a/signatures/RPM-GPG-KEY-EPEL-7 b/signatures/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index a1d6f25..0000000 --- a/signatures/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file -- GitLab From 63df43b08ad41f7acafb43df385982c8e0fcfe44 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 12:57:58 -0400 Subject: [PATCH 13/27] import GPG keys --- Dockerfile | 5 ++--- signatures/RPM-GPG-KEY-CentOS-Official | 30 -------------------------- 2 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 signatures/RPM-GPG-KEY-CentOS-Official diff --git a/Dockerfile b/Dockerfile index edee587..7409645 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,14 +13,13 @@ RUN cd /opt/ && \ COPY scripts/setup_repository /opt/mariadb-10.2.37-rhel-7-x86_64-rpms/ -RUN rpm --import RPM-GPG-KEY-CentOS-Official && \ - rpm --import RPM-GPG-KEY-CentosOS-7 && \ +RUN rpm --import RPM-GPG-KEY-CentOS-7 && \ rpm --import RPM-GPG-KEY-MariaDB && \ cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ yum install -y MariaDB-server /opt/boost-program-options.rpm && \ - rm RPM-GPG-KEY-CentOS-Official RPM-GPG-KEY-CentosOS-7 RPM-GPG-KEY-MariaDB /opt/* && \ + rm RPM-GPG-KEY-CentOS-Official RPM-GPG-KEY-MariaDB /opt/* && \ yum clean all # Copy scripts to entrypoint diff --git a/signatures/RPM-GPG-KEY-CentOS-Official b/signatures/RPM-GPG-KEY-CentOS-Official deleted file mode 100644 index 30235a8..0000000 --- a/signatures/RPM-GPG-KEY-CentOS-Official +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.22 (GNU/Linux) - -mQINBFzMWxkBEADHrskpBgN9OphmhRkc7P/YrsAGSvvl7kfu+e9KAaU6f5MeAVyn -rIoM43syyGkgFyWgjZM8/rur7EMPY2yt+2q/1ZfLVCRn9856JqTIq0XRpDUe4nKQ -8BlA7wDVZoSDxUZkSuTIyExbDf0cpw89Tcf62Mxmi8jh74vRlPy1PgjWL5494b3X -5fxDidH4bqPZyxTBqPrUFuo+EfUVEqiGF94Ppq6ZUvrBGOVo1V1+Ifm9CGEK597c -aevcGc1RFlgxIgN84UpuDjPR9/zSndwJ7XsXYvZ6HXcKGagRKsfYDWGPkA5cOL/e -f+yObOnC43yPUvpggQ4KaNJ6+SMTZOKikM8yciyBwLqwrjo8FlJgkv8Vfag/2UR7 -JINbyqHHoLUhQ2m6HXSwK4YjtwidF9EUkaBZWrrskYR3IRZLXlWqeOi/+ezYOW0m -vufrkcvsh+TKlVVnuwmEPjJ8mwUSpsLdfPJo1DHsd8FS03SCKPaXFdD7ePfEjiYk -nHpQaKE01aWVSLUiygn7F7rYemGqV9Vt7tBw5pz0vqSC72a5E3zFzIIuHx6aANry -Gat3aqU3qtBXOrA/dPkX9cWE+UR5wo/A2UdKJZLlGhM2WRJ3ltmGT48V9CeS6N9Y -m4CKdzvg7EWjlTlFrd/8WJ2KoqOE9leDPeXRPncubJfJ6LLIHyG09h9kKQARAQAB -tDpDZW50T1MgKENlbnRPUyBPZmZpY2lhbCBTaWduaW5nIEtleSkgPHNlY3VyaXR5 -QGNlbnRvcy5vcmc+iQI3BBMBAgAhBQJczFsZAhsDBgsJCAcDAgYVCAIJCgsDFgIB -Ah4BAheAAAoJEAW1VbOEg8ZdjOsP/2ygSxH9jqffOU9SKyJDlraL2gIutqZ3B8pl -Gy/Qnb9QD1EJVb4ZxOEhcY2W9VJfIpnf3yBuAto7zvKe/G1nxH4Bt6WTJQCkUjcs -N3qPWsx1VslsAEz7bXGiHym6Ay4xF28bQ9XYIokIQXd0T2rD3/lNGxNtORZ2bKjD -vOzYzvh2idUIY1DgGWJ11gtHFIA9CvHcW+SMPEhkcKZJAO51ayFBqTSSpiorVwTq -a0cB+cgmCQOI4/MY+kIvzoexfG7xhkUqe0wxmph9RQQxlTbNQDCdaxSgwbF2T+gw -byaDvkS4xtR6Soj7BKjKAmcnf5fn4C5Or0KLUqMzBtDMbfQQihn62iZJN6ZZ/4dg -q4HTqyVpyuzMXsFpJ9L/FqH2DJ4exGGpBv00ba/Zauy7GsqOc5PnNBsYaHCply0X -407DRx51t9YwYI/ttValuehq9+gRJpOTTKp6AjZn/a5Yt3h6jDgpNfM/EyLFIY9z -V6CXqQQ/8JRvaik/JsGCf+eeLZOw4koIjZGEAg04iuyNTjhx0e/QHEVcYAqNLhXG -rCTTbCn3NSUO9qxEXC+K/1m1kaXoCGA0UWlVGZ1JSifbbMx0yxq/brpEZPUYm+32 -o8XfbocBWljFUJ+6aljTvZ3LQLKTSPW7TFO+GXycAOmCGhlXh2tlc6iTc41PACqy -yy+mHmSv -=kkH7 ------END PGP PUBLIC KEY BLOCK----- -- GitLab From 72f349e4af7e6b09141a99469ec800b6aeda9a28 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 13:08:31 -0400 Subject: [PATCH 14/27] updated Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7409645..6e68761 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ RUN rpm --import RPM-GPG-KEY-CentOS-7 && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ yum install -y MariaDB-server /opt/boost-program-options.rpm && \ - rm RPM-GPG-KEY-CentOS-Official RPM-GPG-KEY-MariaDB /opt/* && \ + rm RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-MariaDB /opt/* && \ yum clean all # Copy scripts to entrypoint -- GitLab From c23d6c3ad63cae7b7a3f3befa53470d344de987a Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 13:17:27 -0400 Subject: [PATCH 15/27] updated Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6e68761..e6e22df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ RUN rpm --import RPM-GPG-KEY-CentOS-7 && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ yum install -y MariaDB-server /opt/boost-program-options.rpm && \ - rm RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-MariaDB /opt/* && \ + rm RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-MariaDB && \ yum clean all # Copy scripts to entrypoint -- GitLab From 49ce4af0f7a99793415b74bd4de183cf9e6fd9f8 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 13:30:20 -0400 Subject: [PATCH 16/27] updated Dockerfile --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e6e22df..8106377 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_TAG=7.9 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -COPY signatures/* / +COPY signatures/* /opt/ COPY scripts/healthcheck.sh /usr/local/bin/ COPY *.rpm.tar *.rpm /opt/ @@ -13,8 +13,9 @@ RUN cd /opt/ && \ COPY scripts/setup_repository /opt/mariadb-10.2.37-rhel-7-x86_64-rpms/ -RUN rpm --import RPM-GPG-KEY-CentOS-7 && \ - rpm --import RPM-GPG-KEY-MariaDB && \ +RUN dnf upgrade -y && \ + rpm --import /opt/RPM-GPG-KEY-CentOS-7 && \ + rpm --import /opt/RPM-GPG-KEY-MariaDB && \ cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ ./setup_repository && \ yum -y update && yum -y upgrade && \ -- GitLab From 8d5a4241976cf91af435a9173046e9ad976392bd Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 13:49:13 -0400 Subject: [PATCH 17/27] updated Dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8106377..866205c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,12 +13,11 @@ RUN cd /opt/ && \ COPY scripts/setup_repository /opt/mariadb-10.2.37-rhel-7-x86_64-rpms/ -RUN dnf upgrade -y && \ +RUN yum upgrade -y && \ rpm --import /opt/RPM-GPG-KEY-CentOS-7 && \ rpm --import /opt/RPM-GPG-KEY-MariaDB && \ cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ ./setup_repository && \ - yum -y update && yum -y upgrade && \ yum install -y MariaDB-server /opt/boost-program-options.rpm && \ rm RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-MariaDB && \ yum clean all -- GitLab From 2d7c883ea89eaed0dd6540e6a6d3f707eaa128bf Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 14:17:58 -0400 Subject: [PATCH 18/27] updated Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 866205c..9ac7d1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ RUN yum upgrade -y && \ cd /opt/mariadb-10.2.37-rhel-7-x86_64-rpms && \ ./setup_repository && \ yum install -y MariaDB-server /opt/boost-program-options.rpm && \ - rm RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-MariaDB && \ + rm /opt/RPM-GPG-KEY-CentOS-7 /opt/RPM-GPG-KEY-MariaDB && \ yum clean all # Copy scripts to entrypoint -- GitLab From e404d9eda2d7696742becec9394e095377a28278 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 15:11:20 -0400 Subject: [PATCH 19/27] updated healthcheck --- scripts/healthcheck.sh | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/scripts/healthcheck.sh b/scripts/healthcheck.sh index f56f859..eefb613 100644 --- a/scripts/healthcheck.sh +++ b/scripts/healthcheck.sh @@ -1,10 +1,31 @@ #!/bin/bash set -eo pipefail +if [ "$MYSQL_RANDOM_ROOT_PASSWORD" ] && [ -z "$MYSQL_USER" ] && [ -z "$MYSQL_PASSWORD" ]; then + # there's no way we can guess what the random MySQL password was + echo >&2 'healthcheck error: cannot determine random root password (and MYSQL_USER and MYSQL_PASSWORD were not set)' + exit 0 +fi + host="$(hostname --ip-address || echo '127.0.0.1')" +user="${MYSQL_USER:-root}" +export MYSQL_PWD="${MYSQL_PASSWORD:-$MYSQL_ROOT_PASSWORD}" -if cqlsh -u cassandra -p cassandra "$host" < /dev/null; then - exit 0 +args=( + # force mysql to not use the local "mysqld.sock" (test "external" connectibility) + -h"$host" + -u"$user" + --silent +) + +if command -v mysqladmin &> /dev/null; then + if mysqladmin "${args[@]}" ping > /dev/null; then + exit 0 + fi +else + if select="$(echo 'SELECT 1' | mysql "${args[@]}")" && [ "$select" = '1' ]; then + exit 0 + fi fi exit 1 -- GitLab From 4443c8666c82a653d48b91ed8898fa8926df9191 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 18:17:14 -0400 Subject: [PATCH 20/27] correct ownership with RPM --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 9ac7d1d..865955e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,6 +30,7 @@ COPY ./scripts/entrypoint.sh ./entrypoint.sh #Create usafadmin user RUN groupadd -g 1500 usafadmin && \ useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \ + chown -R usafadmin:usafadmin /opt/ && \ chown -R usafadmin:usafadmin /var/lib/mysql && \ chown -R usafadmin:usafadmin /usr/local/bin/ && \ chmod +x ./entrypoint.sh && \ -- GitLab From 1751630859a1e774611b1c725da4dbf58db29c6c Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 15 Apr 2021 21:02:54 -0400 Subject: [PATCH 21/27] correct ownership with RPM --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 865955e..69a8f09 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_REGISTRY=repo1.dso.mil +ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=redhat/ubi7/ubi ARG BASE_TAG=7.9 -- GitLab From 38db592fb5d428c4af53a97b1d2203eb6d3180c0 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Thu, 22 Apr 2021 21:55:06 -0400 Subject: [PATCH 22/27] updated Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 69a8f09..92cc585 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,9 +30,9 @@ COPY ./scripts/entrypoint.sh ./entrypoint.sh #Create usafadmin user RUN groupadd -g 1500 usafadmin && \ useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \ - chown -R usafadmin:usafadmin /opt/ && \ + chown -R usafadmin:usafadmin /opt && \ chown -R usafadmin:usafadmin /var/lib/mysql && \ - chown -R usafadmin:usafadmin /usr/local/bin/ && \ + chown -R usafadmin:usafadmin /usr/local/bin && \ chmod +x ./entrypoint.sh && \ chmod +x /usr/local/bin/healthcheck.sh -- GitLab From 210df6d61d54724f295d2f5de87578b2fe825a49 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Fri, 23 Apr 2021 13:23:31 -0400 Subject: [PATCH 23/27] updated Dockerfile --- Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 92cc585..93cf013 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,6 +27,8 @@ COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secur RUN chmod +x /usr/local/bin/mysql_secure_installation_automated COPY ./scripts/entrypoint.sh ./entrypoint.sh +USER usafadmin + #Create usafadmin user RUN groupadd -g 1500 usafadmin && \ useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \ @@ -34,10 +36,9 @@ RUN groupadd -g 1500 usafadmin && \ chown -R usafadmin:usafadmin /var/lib/mysql && \ chown -R usafadmin:usafadmin /usr/local/bin && \ chmod +x ./entrypoint.sh && \ - chmod +x /usr/local/bin/healthcheck.sh - -USER usafadmin -RUN cp -R /var/lib/mysql /tmp/ + chmod +x /usr/local/bin/healthcheck.sh && \ + rpm --setugids /usr/local/bin /opt && \ + cp -R /var/lib/mysql /tmp/ HEALTHCHECK --interval=10s --timeout=30s --start-period=10s --retries=3 CMD /usr/local/bin/healthcheck.sh -- GitLab From 3848560abf82c966f39fcc21aca368776ee2ad4d Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Fri, 23 Apr 2021 13:42:08 -0400 Subject: [PATCH 24/27] updated Dockerfile --- Dockerfile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 93cf013..6712338 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secur RUN chmod +x /usr/local/bin/mysql_secure_installation_automated COPY ./scripts/entrypoint.sh ./entrypoint.sh -USER usafadmin + #Create usafadmin user RUN groupadd -g 1500 usafadmin && \ @@ -36,9 +36,11 @@ RUN groupadd -g 1500 usafadmin && \ chown -R usafadmin:usafadmin /var/lib/mysql && \ chown -R usafadmin:usafadmin /usr/local/bin && \ chmod +x ./entrypoint.sh && \ - chmod +x /usr/local/bin/healthcheck.sh && \ - rpm --setugids /usr/local/bin /opt && \ - cp -R /var/lib/mysql /tmp/ + chmod +x /usr/local/bin/healthcheck.sh + +USER usafadmin +RUN cp -R /var/lib/mysql /tmp/ +RUN rpm --setugids /usr/local/bin /opt HEALTHCHECK --interval=10s --timeout=30s --start-period=10s --retries=3 CMD /usr/local/bin/healthcheck.sh -- GitLab From 7cb03e04902b657af054d5195a6b0c8714b3bcce Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Fri, 23 Apr 2021 13:57:08 -0400 Subject: [PATCH 25/27] updated Dockerfile --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6712338..2130cf1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,8 +27,6 @@ COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secur RUN chmod +x /usr/local/bin/mysql_secure_installation_automated COPY ./scripts/entrypoint.sh ./entrypoint.sh - - #Create usafadmin user RUN groupadd -g 1500 usafadmin && \ useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \ @@ -40,7 +38,7 @@ RUN groupadd -g 1500 usafadmin && \ USER usafadmin RUN cp -R /var/lib/mysql /tmp/ -RUN rpm --setugids /usr/local/bin /opt +#RUN rpm --setugids /usr/local/bin /opt HEALTHCHECK --interval=10s --timeout=30s --start-period=10s --retries=3 CMD /usr/local/bin/healthcheck.sh -- GitLab From fcfd8cf66b00c4259d1d687ec0c0d0b901adb7ee Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Fri, 23 Apr 2021 14:57:42 -0400 Subject: [PATCH 26/27] test ownership permission --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2130cf1..43154c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,9 +30,9 @@ COPY ./scripts/entrypoint.sh ./entrypoint.sh #Create usafadmin user RUN groupadd -g 1500 usafadmin && \ useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \ - chown -R usafadmin:usafadmin /opt && \ - chown -R usafadmin:usafadmin /var/lib/mysql && \ - chown -R usafadmin:usafadmin /usr/local/bin && \ + chown -R 755 usafadmin:usafadmin /opt && \ + chown -R 755 usafadmin:usafadmin /var/lib/mysql && \ + chown -R 755 usafadmin:usafadmin /usr/local/bin && \ chmod +x ./entrypoint.sh && \ chmod +x /usr/local/bin/healthcheck.sh -- GitLab From c8d6ec5a9393eea81bacb6298f273899a4e2d507 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Fri, 23 Apr 2021 15:06:53 -0400 Subject: [PATCH 27/27] test ownership permission --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 43154c3..2130cf1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,9 +30,9 @@ COPY ./scripts/entrypoint.sh ./entrypoint.sh #Create usafadmin user RUN groupadd -g 1500 usafadmin && \ useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \ - chown -R 755 usafadmin:usafadmin /opt && \ - chown -R 755 usafadmin:usafadmin /var/lib/mysql && \ - chown -R 755 usafadmin:usafadmin /usr/local/bin && \ + chown -R usafadmin:usafadmin /opt && \ + chown -R usafadmin:usafadmin /var/lib/mysql && \ + chown -R usafadmin:usafadmin /usr/local/bin && \ chmod +x ./entrypoint.sh && \ chmod +x /usr/local/bin/healthcheck.sh -- GitLab