updated healthcheck

d129be00 · Vickie Shen · 46052ff7 · d129be00 · 46052ff7 · d129be00
Commit d129be00 authored Apr 15, 2021 by Vickie Shen
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 125 deletions

Dockerfile Dockerfile +16 -11

scripts/RPM-GPG-KEY-MariaDB scripts/RPM-GPG-KEY-MariaDB +0 -112

scripts/healthcheck.sh scripts/healthcheck.sh +23 -2

No files found.
--- a/Dockerfile
+++ b/Dockerfile
-ARG BASE_REGISTRY=repo1.dso.mil
+ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=redhat/ubi8/ubi
 ARG BASE_TAG=8.3

 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

-COPY scripts/RPM-GPG-KEY-MariaDB /opt/
+COPY signatures/* /opt/
 COPY scripts/healthcheck.sh /usr/local/bin/
 COPY *.rpm.tar *.rpm /opt/

@@ -13,28 +13,33 @@ RUN cd /opt/ && \

 COPY scripts/setup_repository /opt/mariadb-10.5.9-rhel-8-x86_64-rpms/

-RUN cd /opt/mariadb-10.5.9-rhel-8-x86_64-rpms && \
+RUN yum upgrade -y && \
+    rpm --import /opt/RPM-GPG-KEY-CentOS-Official && \
+    rpm --import /opt/RPM-GPG-KEY-MariaDB && \
+    cd /opt/mariadb-10.5.9-rhel-8-x86_64-rpms && \
    ./setup_repository && \
-    dnf -y update && dnf -y upgrade && \
-    dnf install -y --nogpgcheck MariaDB-server /opt/*.rpm && \
+    rpm install -y MariaDB-server /opt/*.rpm && \
    chmod -R u-s /usr/lib64/mysql/ && \
    rm -f /usr/share/doc/perl-IO-Socket-SSL/example/simulate_proxy.pl && \
    find /usr/share/doc/perl-IO-Socket-SSL/certs -name "*.enc" -o -name "*.pem" | xargs rm -f && \
    find /usr/share/doc/perl-Net-SSLeay/examples -name "*.pem" | xargs rm -f && \
+    rm /opt/RPM-GPG-KEY-CentOS-Official /opt/RPM-GPG-KEY-MariaDB && \
    yum clean all

 # Copy scripts to  entrypoint
 COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secure_installation_automated
 RUN chmod +x /usr/local/bin/mysql_secure_installation_automated
 COPY ./scripts/entrypoint.sh ./entrypoint.sh
-RUN chmod +x ./entrypoint.sh && \
-    chmod +x /usr/local/bin/healthcheck.sh && \
-    chmod g-s /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool

 #Create usafadmin user
-RUN groupadd -g 1500 usafadmin
-RUN useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin
-RUN chown -R usafadmin /var/lib/mysql
+RUN groupadd -g 1500 usafadmin && \
+    useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin && \
+    chown -R usafadmin:usafadmin /var/lib/mysql && \
+    chown -R usafadmin:usafadmin /usr/local/bin/ && \
+    chmod +x ./entrypoint.sh && \
+    chmod +x /usr/local/bin/healthcheck.sh
+    chmod g-s /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
+
 USER usafadmin
 RUN cp -R /var/lib/mysql /tmp/


--- a/scripts/RPM-GPG-KEY-MariaDB
+++ b/scripts/RPM-GPG-KEY-MariaDB
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-
-mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis
-497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM
-LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8
-p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn
-U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb
-XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j
-zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx
-cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H
-48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ
-YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu
-b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
-CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3
-kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I
-9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3
-P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb
-Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF
-iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl
-sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0
-u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2
-YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b
-GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ
-7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD
-EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb
-LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk
-Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3
-d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo
-8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr
-q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6
-4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI
-UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl
-J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B
-TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF
-F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6
-+Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR
-tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYK0Q0RhbmllbCBC
-YXJ0aG9sb21ldyAoTW9udHkgUHJvZ3JhbSBzaWduaW5nIGtleSkgPGRiYXJ0QGFz
-a21vbnR5Lm9yZz6IYAQTEQIAIAUCS2iEkAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4B
-AheAAAoJEMvLCCobuUPboDgAoNQVrK4i5LXTgwnWke2MxsXCoHDnAJ93j733YuNk
-V64aHEUwWxNCkkwUkYkCHAQQAQIABgUCTWPEiQAKCRCRcRiZleRansGMD/96EvJv
-LiuoQvv/KkeftLfvwoULVBBdAKLFmPyMjDbMP+1I2YnyF/7pSVmn/37QAP05QdoP
-51RlZwRkEEVRMOlKIqny2WGGm8oxtkd3Lvi2TDkYRdkbfCn983WEUXqziOLadB3r
-UPy+76D1GynoIerIyp9kzLtfJeHMWJumfh7poxnCup55eA5v4bbvToLacxca4ZJZ
-gcdGrYGKKmYubrFGlrJqeF83JfQqXvD9ip15iOs4fSAeHVs0XbTFIsErk1axIXnE
-mylHbSgu0Cri0ltNomAmFKuUR9hDamn8DaRWTTqAi9r7Mgm+KRB54Vn84yi3OAkE
-etc8Qvz98Mp4kucHxt9daU1sA6pYWFf8jY61AXn7Qbm5t2l+RZhdIrJeHK3zktnn
-MPoIwxgxogrTrLxL+WJGjCUAUfKzxd5eg+kqypIp5NIxpzKZrxXX+isLzjAiu+6l
-Z8wbyspjybiMrVQsLF3bxBS3vaV3PDbhH4RI66FtwWbiOUAoMJH67uWlSbAjeAok
-ZWJ0GchtgDfLI2olaM//gPxqDlNULkCsogypZCVYDcLR76kc3grhldtDfgU/PZLd
-TuVtJnYsUWUgzbi+MYjMNFvojVkBsZdi8xXMTTaJ4EBr/x7FKr0yQrmqY6SIkKUA
-RZqxMYERQm2toRfhWt5N9wKHuvqMv/eGYcCzcokCHAQQAQIABgUCTWPMCgAKCRBB
-3cC0DaVvIjZREACImkZmDsZHOi3tZZKgttmxyK1uCJJoS8egX3DLQdBTci2PmiL1
-f9io2r7ii1Au/vfEdFGDVHOy3ksrJlazVgneGLmVbin9+B7OiQGiINQFoZ9WGCnL
-MYt5BvBsP5nGuJHXpxG/OTAfWmqEx7wB15LMoAcA45o10IazIJB+78EwAbqJvhFm
-hWBCuM9bvaigemdIjyKZM6Fd4B5ElQIsw3XFBLWEVnCfdPvD++cZU6U9F5PCM+oL
-gmyGrpxbdiP2wGNhsh+w+jwRCPGVpivZMMHUVYJNLC2BModnyanz0obrw22U2LKT
-nQOOVRMmvO6jYxdMUrOz+qjILLClozZd83X5P3Yz9rZYDXwu526iCGfKcoTWecru
-oKw/nlHharrf97Kj9LZirHEUa3wrjEWTr1g90YgyVVqw5H1jdQ3kZ677bgJfSiT/
-OXwUhrqXBrPxIfYBweISDttbV7XkNFOM8tV+fM/CyV97omep8pctLyHL4QTs1BW5
-YhFsLEfw4M9hYcPD9EKs/f3EdDB9eKWbYkdWAnPwJtML6/OowtTM98FbsAbjKctb
-O9LXzfrzCwV7137vLNrzFQXupzK3D+ar+oEZQIyezJyWz/Kl4xatx/B2E6APDpyb
-iHwpzjHZbNY1uswuQTGJgi7huQRNooDJmMToYnGP+Mv9C1bcesf8K1qnjYkCHAQQ
-AQIABgUCTXeZrgAKCRBB3cC0DaVvIghPEACo1DbukXlf/7lbSOPMZ+eUPaVQoP3M
-QZC3e+KbbsQqw0YWwgmJRybyB8x5OYeBqoP1kOZX0MxOLqsMvFYNXGJIPbag+ufU
-Q4NhNXFnRMJD6Exlum3M30s7SvxzX9sVZCvoAyrqDp9xiFs0cKtU2DUTS/LawkJm
-0ro4K5JFH9irmpsXMzf83EfTR62lzDYSf3JOh9605jkJCQt+gj/T8YzPIqTy2569
-alBEEAFxoh+PMfxFNDv7siNLYBgbCTuE3ZifOD+3xZo4nlryGjzPI6C80nR9RPO7
-pPoJ26zEwWKC5bcBHcnIXpG1v4+at9A0YQqdLeufL+b3W+tPulf1bYtgKPq6oMR3
-lQSswaX0AockF4Dpz2smSiBdYX1XMkp1BjfAlqi+lhr4Uf68fZbQhhAf8puY4EQp
-mobXY6/Un8h0C6xH8KzRxAPhB3r8XMwgFD6PYzmy5tB0v+Lt/nzkRMrRrgtEqwKo
-BRzTy7jI7rr1hTkNdPKEiT/LbuQcNgrRqD4q1mM5N6RFqezx1pboTxdR5CppabwF
-1qu1RUFt9xLsNcBFynAa8/Vmhn8dFggY240FJht2aKpj9S8G6ufwhq9JeAFqwDt5
-kHNTjkEFF20XeXvYamF2dX6kRtGm+hauDiHzhGbAoHxJIvLqNyLtxIZGapeVL36M
-1RAUOqlnMiqPhYkCHAQQAQIABgUCTXeZ8wAKCRCRcRiZleRannQDEACaIRmvVUrp
-d0LAKvtov9ZXfhHMxTbnIIvszbII8shPt29UO08er4Yd0ZnTIFHMvnX5MWCLWBlu
-aJ56ucoXMJpcNRPmNCw1bWnjFwQVxajzSpzm4duGQnakOKH7uywNaaUE81nd1VY6
-XUW7J/IergcscMOOxHfbXu2hF/2AV7x9NkjbykuMBscgEc8CRuUHJ+A/52Ilwo9R
-sEsxKJfh86++h1jaLjs8RL2dEo2ioO0QfAW+rXLgctCe7v3Zs8xBv1qFIV7QW5a+
-ZaYW1SRhMNJVnN5iP+WbFiMelzEqcxkgXErGeoDHPE4GDNIQyvhwhryOz1lJONix
-b+Cb5jqUoC0Wa96fKP2/t1Dlm+d3ZSp7nQSaQZJ+8pF0yYcAqbKam5zr/XY+EPex
-cGJ2GQuQ2y6tSz5kqy5qr5xQoHqif9dCFBkL7aOEO+5waBSy5oTb7uMHki+hKWTz
-dlldliXKt4P2tMa/2uFj5m9DXn+CneoHi3FzET24RbglDb445aPNMM+EWqRGQUR0
-8wzp8X00WVRuLGenBws5LSjftHCdtVqdDLsM6eJ7BqH0wNPrMwXNz8lErNFnpIwT
-DbZiw7GcQGkjRNvDpovAB7OUcGQNXaLvbsjF93OY3lOeBoyPokONIzUPSUdKurbZ
-YyfT2mcqGEp1hkZVwPsKIA1y5ioxHQI2HbkEDQRLaIS4EBAApZ0wvxpQVlZ6OEFa
-9SBQ5eclRIOjXjKqkYGkvIx+jUmqCYfOgfPixOGYS5Q2KwHNz4XEOIOA1kyClAoA
-AgOEGUxj8CxnbBk10IVo/JBONjdqKYPZ2YNdeIIrKXEmai4i5hK5AfZHoyqsV5aq
-xGkGeVUju/coyRJY6La8iL+RBuxiRuUPWymGjtISAR6fSiN8f/kRly/y9LmMO8Jc
-OpeieqLUFPK6KuzhI4F0nFkHJpZPDNOHHl+GmAZ+SqZxmIrpkGymd36hTKxW4nln
-N6kqc1gMwdn1L/u/D+C/jhMbTTssqiMZeyP9uFmnMB3ls1NV8OxvbxcTBG0M7g4A
-lffUQKpUrNhIBoC3R7UbYQ3CTZX1Qp/TBzbfRAgGhdWBQDQEd3/Ll9G4QaCs9I+4
-W68rkAr7e7IylHyfEi9oYQkXFIEeaAhiENmJBpcLpas/yNJoLayqzPsQ+lRNg3om
-FntPtZolkMi6orRNixrgXV64m/01YNjmBFTqsp5wOq2j0cmTkbOWqdnlmGPg2El1
-ufebJc6YWS1nFm6YRpN/B3QbtAnar1Cb+IHlr0haTOYhQp+XFN+k1brqs+Sufa8/
-rz6N5tsm+W5GjHKvHr24FTa02u3H4lIqNlNBkzZZKhzAhxEWiJzwc/f2upG5vdpl
-rM/YCU+XTotYPb5ZEXQe2mD/rXMAAwUP/0f1DOJIfnMrh1o/3RKqDq8k7tlv2GEE
-v0VEnh8ty4dMb8Dos2M1Oc4Kv9QLB3DXcS4/L4JW5vF0QgSAzq1r5oBT1zaMcqDS
-6OUlHrWUi8aDNt5EPQuEGdP2/iTDeAq4r8eCYrHRC7egldyRZrmWNfcZN6/G9K+J
-SjhWfSWWSBRIqb+UxcQNCp6i6tvVSxCfLK1R4P4kA/Z4Co2vywIfVfPhHd5nIWNl
-1yl9O3r04GCNTjzwsv/dhUGDFIVsghgehZuL0Bb7hDuyvZ2ShALumZ5t7mU/SJ2h
-Ok3klO+2bIJB0gquUkWn/4g1h2Tp9XVWrI1x6GUBxRYkwC4tWajzWeVC5hcDVAdq
-YN0H0HVj/CEgrEWlCVv1hJ0JYAsjX8Cj1QuZB1i34fjEkgybMjo3oCU5GCSiNmvt
-TeUpexyY/7iHAdyoZHFT+fQS84VMYKFT4tTYH+5jTa62yfPhn63TYPorrRyTqG8a
-JQLnczm0NN5R5mriYJQjr4Pj8PSSwWck/Gt8R5vb+C69+uXINB6OKqhG6xU0bqnC
-Ixt3OhVS7v0SfHjn0+il/JOc/ev9wm6G5FxmEWOoYwibmaDzHfc9N1HMRzjTENI7
-fyJPNFj9IDkpwk4E3ylrkuVl2KEmYDJ9T9ny4UMnQ7Sb6w59UhxMIFtRTPNpQJWC
-WXfhWUAo4WfCiEkEGBECAAkFAktohLgCGwwACgkQy8sIKhu5Q9vThgCeIHzJCz+Q
-M8u4iCTrGaJ9w/+jwz4AnRhdXcFVv7svt2qOd374EtCSjv24
-=/Od8
-----END PGP PUBLIC KEY BLOCK-----
--- a/scripts/healthcheck.sh
+++ b/scripts/healthcheck.sh
 #!/bin/bash
 set -eo pipefail

+if [ "$MYSQL_RANDOM_ROOT_PASSWORD" ] && [ -z "$MYSQL_USER" ] && [ -z "$MYSQL_PASSWORD" ]; then
+	# there's no way we can guess what the random MySQL password was
+	echo >&2 'healthcheck error: cannot determine random root password (and MYSQL_USER and MYSQL_PASSWORD were not set)'
+	exit 0
+fi
+
 host="$(hostname --ip-address || echo '127.0.0.1')"
+user="${MYSQL_USER:-root}"
+export MYSQL_PWD="${MYSQL_PASSWORD:-$MYSQL_ROOT_PASSWORD}"

-if cqlsh -u cassandra -p cassandra "$host" < /dev/null; then
-	exit 0
+args=(
+	# force mysql to not use the local "mysqld.sock" (test "external" connectibility)
+	-h"$host"
+	-u"$user"
+	--silent
+)
+
+if command -v mysqladmin &> /dev/null; then
+	if mysqladmin "${args[@]}" ping > /dev/null; then
+		exit 0
+	fi
+else
+	if select="$(echo 'SELECT 1' | mysql "${args[@]}")" && [ "$select" = '1' ]; then
+		exit 0
+	fi
 fi

 exit 1