UNCLASSIFIED

Skip to content

GitLab

Commit f48cc6cc authored by Jeffrey Weatherford's avatar Jeffrey Weatherford
Browse files

Merge branch 'hardening_manifest' into 'development' 

Hardening manifest

See merge request !12
parents 9292b702 af14cf22
Pipeline #174447 failed with stages
in 3 minutes and 6 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 413 additions and 89 deletions
Dockerfile
View file @ f48cc6cc
ARG BASE_REGISTRY=registry1.dsop.io
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
ARG BASE_REGISTRY=repo1.dso.mil
ARG BASE_IMAGE=redhat/ubi8/ubi
ARG BASE_TAG=8.3
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
# copy dependencies, GPG keys, and scripts
COPY mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm galera.rpm boost.rpm signatures/RPM-GPG-KEY-MariaDB signatures/RPM-GPG-KEY-CentOS-Official /
COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
# import GPG keys, update, install dependencies, and clean
# remove rpms/keys and allow exec permissions on entrypoint
RUN groupadd -r mysql && \
useradd -r -g mysql mysql && \
rpm --import RPM-GPG-KEY-MariaDB && \
rpm --import RPM-GPG-KEY-CentOS-Official && \
dnf update -y && \
dnf install -y mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm galera.rpm boost.rpm --setopt=tsflags=nodocs && \
dnf clean all && \
rm -rf /var/cache/dnf && \
rm mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm galera.rpm boost.rpm RPM-GPG-KEY-MariaDB RPM-GPG-KEY-CentOS-Official && \
rm usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool && \
chmod +x /usr/local/bin/docker-entrypoint.sh && \
ln -s usr/local/bin/docker-entrypoint.sh
COPY config/my.cnf /etc/my.cnf
COPY config/server.cnf /etc/my.cnf.d/server.cnf
USER mysql
HEALTHCHECK --interval=5s --timeout=30s CMD mysqladmin ping -h 127.0.0.1 -u mysql || exit 1
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
EXPOSE 3306
CMD ["mysqld"]
COPY scripts/RPM-GPG-KEY-MariaDB /opt/
COPY *.rpm.tar *.rpm /opt/
RUN cd /opt/ && \
tar -xf mariadb.rpm.tar
COPY scripts/setup_repository /opt/mariadb-10.5.8-rhel-8-x86_64-rpms/
RUN cd /opt/mariadb-10.5.8-rhel-8-x86_64-rpms && \
./setup_repository && \
dnf -y update && dnf -y upgrade && \
dnf install -y --nogpgcheck MariaDB-server /opt/*.rpm && \
yum clean all
# Copy scripts to entrypoint
COPY ./scripts/mysql_secure_installation_automated.sh /usr/local/bin/mysql_secure_installation_automated
RUN chmod +x /usr/local/bin/mysql_secure_installation_automated
COPY ./scripts/entrypoint.sh ./entrypoint.sh
RUN chmod +x ./entrypoint.sh
#Create usafadmin user
RUN groupadd -g 1500 usafadmin
RUN useradd usafadmin -u 1500 -g 1500 && usermod -a -G mysql usafadmin
RUN chown -R usafadmin /var/lib/mysql
USER usafadmin
RUN cp -R /var/lib/mysql /tmp/
ENTRYPOINT [ "/bin/bash", "entrypoint.sh" ]
README.md
View file @ f48cc6cc
# MariaDB
# https://github.com/docker-library/mariadb
Version: 10.5.4
#### Build image
* Build the container
## Overview
```bash
docker build . -t <unique tag name>`
```
MariaDB is a community-developed fork of the MySQL relational database management system.
The Helm chart for MariaDB and the recommended secure configuration in values-ironbank.yaml can be found [here](https://repo1.dsop.io/dsop/charts/-/tree/master/bitnami/mariadb)
The [MariaDB documentation](https://mariadb.org/documentation/) provides an introduction, primer, list of SQL statements, and useful MariaDB queries:
## Usage
The values-ironbank.yaml file located [here](https://repo1.dsop.io/dsop/charts/-/tree/master/bitnami/mariadb) provides a recommended secure configuration of MariaDB and can replace the values.yaml in the standard Helm chart (also provided in this repository). Please see the following links for more information regarding configration options for production-ready deployments.
## Volumes
The standard location for the MariaDB volume is `/var/lib/mysql`. Further confiugration details can be specified and additional documentation on Kubernetes volumes can be found [here](https://kubernetes.io/docs/concepts/storage/volumes/) with details about each section in the volume definition that can be specified.
## Configuration
Configuration changes can be made in `/etc/my.cnf` and `/etc/my.cnf.d/`
\ No newline at end of file
## Scan Artifacts
### Testing
Artifacts from the scan on the this container may be found [here](https://s3-us-gov-west-1.amazonaws.com/dsop-pipeline-artifacts/testing/container-scan-reports/dsop/opensource/mariadb/mariadb-v10.3.17/repo_map.html)
### Production
Artifacts from the scan on the this container may be found [here](https://s3-us-gov-west-1.amazonaws.com/dsop-pipeline-artifacts/container-scan-reports/dsop/opensource/mariadb/mariadb-v10.3.17/repo_map.html)
\ No newline at end of file
build-stage/Dockerfile 0 → 100644
View file @ f48cc6cc
FROM nexus-docker.52.61.140.4.nip.io/dsop/ubi7:latest
COPY mariadb.repo /etc/yum.repos.d/mariadb.repo
COPY centos7.repo /etc/yum.repos.d/centos7.repo
RUN rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 && \
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
rpm --import https://rpms.remirepo.net/RPM-GPG-KEY-remi && \
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm && \
yum-config-manager --enable remi-php70 && \
yum-config-manager --enable mariabdb
ENV ROOTDIR=/root/install
ENV DESTDIR=/root/packages
RUN mkdir -p $ROOTDIR && mkdir -p $DESTDIR && for i in MariaDB-client MariaDB-server boost-devel.x86_64 rpm-build-libs rpm-python; do yum install --downloadonly --installroot=$ROOTDIR --releasever=7 --downloaddir=$DESTDIR -y $i ; done
RUN cd $DESTDIR && tar cvf mysql.tar .
build-stage/build.sh 0 → 100755
View file @ f48cc6cc
#!/bin/bash
export NAME=mysql-demo
export TAG=final
echo "Building mysql image...."
docker build . -t mysql:final --label $NAME
IMAGE_ID=$(docker image ls -f label=$NAME | grep $TAG | awk '{print $3}')
echo "Running container....."
docker run -d -i --name $NAME $IMAGE_ID
CONTAINER_ID=$(docker ps | grep $NAME | awk '{print $1}')
docker cp $CONTAINER_ID:/root/packages/mysql.tar ../
docker stop $CONTAINER_ID
docker rm $CONTAINER_ID
docker image rm $IMAGE_ID
unset IMAGE_ID
unset CONTAINER_ID
build-stage/centos7.repo 0 → 100644
View file @ f48cc6cc
[centos7]
name = centos 7
baseurl = http://mirror.centos.org/centos/7/os/x86_64/
gpgkey = http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7
gpgcheck = 1
build-stage/mariadb.repo 0 → 100644
View file @ f48cc6cc
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
examples/Instructions.md 0 → 100644
View file @ f48cc6cc
### **Instruction to build this container are as follows**
The `build-stage` directory contains the script "build.sh".
This script will invoke a docker build which will spin up an intermediary image.
This image will be used to download and tar up all the the required installation rpms and place them one directory above this one in `docker/mariadb/mariadb/v.10.3.17/`.
This tar ball will be copied into our main container from the local directory allowing for offline builds of the main container image.
* cd into the the build-stage directory
```bash
cd docker/mariadb/mariadb/v.10.3.17/build-stage
```
* run the build.sh script
```bash
source build.sh
```
* cd one directory up into the main `v.10.3.17` folder
```bash
cd ../
```
* Build the main container by running
```bash
docker build . -t <unique tag name>`
```
This will build the main mariadb container and it can be pushed to an internal registry.
hardening_manifest.yaml
View file @ f48cc6cc
......@@ -2,7 +2,7 @@
apiVersion: v1
# The repository name in registry1, excluding /ironbank/
name: "opensource/mariadb/mariadb105"
name: "opensource/mariadb/mariadb"
# List of tags to push for the repository in registry1
# The most specific version should be the first tag and will be shown
......@@ -18,18 +18,18 @@ args:
# Docker image labels
labels:
org.opencontainers.image.title: "mariadb105"
org.opencontainers.image.title: "mariadb"
# Human-readable description of the software packaged in the image
org.opencontainers.image.description: "MariaDB Server is one of the most popular open source relational databases."
org.opencontainers.image.description: "MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system"
# License(s) under which contained software is distributed
org.opencontainers.image.licenses: "GPL-2.0"
org.opencontainers.image.licenses: "GPLv2"
# URL to find more information on the image
org.opencontainers.image.url: "https://mariadb.org"
# Name of the distributing entity, organization or individual
org.opencontainers.image.vendor: "Maria DB Foundation"
org.opencontainers.image.vendor: "MariaDB Foundation"
org.opencontainers.image.version: "10.5.8"
# Keywords to help with search (ex. "cicd,gitops,golang")
mil.dso.ironbank.image.keywords: "opensource,database,relational"
mil.dso.ironbank.image.keywords: "database,mysql,mariadb"
# This value can be "opensource" or "commercial"
mil.dso.ironbank.image.type: "opensource"
# Product the image belongs to for grouping multiple images
......@@ -37,42 +37,22 @@ labels:
# List of resources to make available to the offline build context
resources:
- filename: mariadb-server.rpm
url: https://yum.mariadb.org/10.5.8/rhel8-amd64/rpms/MariaDB-server-10.5.8-1.el8.x86_64.rpm
- filename: mariadb.rpm.tar
url: https://downloads.mariadb.com/MariaDB/mariadb-10.5.8/yum/centos/mariadb-10.5.8-rhel-8-x86_64-rpms.tar
validation:
type: sha256
value: 14fcda323b749aec9c85d66df3bca92f827124644e312e97c29fc850b3c5515e
- filename: mariadb-client.rpm
url: https://yum.mariadb.org/10.5.8/rhel8-amd64/rpms/MariaDB-client-10.5.8-1.el8.x86_64.rpm
validation:
type: sha256
value: daccd783ab8adedf3d5515de3f413643028dd946b6def017170f501ac2a0c9f2
- filename: mariadb-common.rpm
url: https://yum.mariadb.org/10.5.8/rhel8-amd64/rpms/MariaDB-common-10.5.8-1.el8.x86_64.rpm
validation:
type: sha256
value: 368ded82a22dcc45ac41841110542a4a7d3969314e04d2847018b17a9d4223df
- filename: mariadb-shared.rpm
url: https://yum.mariadb.org/10.5.8/rhel8-amd64/rpms/MariaDB-shared-10.5.8-1.el8.x86_64.rpm
validation:
type: sha256
value: abf5cc16105ec787c143afe02f66d93b095db8b894f1df29970d743ff3b33345
- filename: galera.rpm
url: https://yum.mariadb.org/10.5.8/rhel8-amd64/rpms/galera-4-26.4.5-1.el8.x86_64.rpm
validation:
type: sha256
value: 7d3bf4f2920a5cc73a32bccc1a21c989845998e52b9c1c8865990ed93c331908
- filename: boost.rpm
url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/boost-program-options-1.66.0-10.el8.x86_64.rpm
value: ce6546366699c3593f9ffda66a5b60170f7317fa3808609715b17819020ef0b0
- filename: boost-program-options.rpm
url: https://rpmfind.net/linux/centos/8-stream/AppStream/x86_64/os/Packages/boost-program-options-1.66.0-10.el8.x86_64.rpm
validation:
type: sha256
value: da68048ba572927abac063a05a271297ff80e8c997df88a3c914e69cb5fbaf04
# List of project maintainers
maintainers:
- email: "bhearn@anchore.com"
- email: "josheason@seed-innovations.com"
# The name of the current container owner
name: "Blake Hearn"
name: "Josh Eason"
# The gitlab username of the current container owner
username: "blake.hearn"
username: "josheason"
cht_member: true
scripts/RPM-GPG-KEY-MariaDB 0 → 100644
View file @ f48cc6cc
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis
497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM
LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8
p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn
U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb
XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j
zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx
cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H
48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ
YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu
b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3
kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I
9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3
P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb
Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF
iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl
sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0
u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2
YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b
GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ
7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD
EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb
LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk
Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3
d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo
8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr
q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6
4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI
UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl
J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B
TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF
F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6
+Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR
tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYK0Q0RhbmllbCBC
YXJ0aG9sb21ldyAoTW9udHkgUHJvZ3JhbSBzaWduaW5nIGtleSkgPGRiYXJ0QGFz
a21vbnR5Lm9yZz6IYAQTEQIAIAUCS2iEkAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4B
AheAAAoJEMvLCCobuUPboDgAoNQVrK4i5LXTgwnWke2MxsXCoHDnAJ93j733YuNk
V64aHEUwWxNCkkwUkYkCHAQQAQIABgUCTWPEiQAKCRCRcRiZleRansGMD/96EvJv
LiuoQvv/KkeftLfvwoULVBBdAKLFmPyMjDbMP+1I2YnyF/7pSVmn/37QAP05QdoP
51RlZwRkEEVRMOlKIqny2WGGm8oxtkd3Lvi2TDkYRdkbfCn983WEUXqziOLadB3r
UPy+76D1GynoIerIyp9kzLtfJeHMWJumfh7poxnCup55eA5v4bbvToLacxca4ZJZ
gcdGrYGKKmYubrFGlrJqeF83JfQqXvD9ip15iOs4fSAeHVs0XbTFIsErk1axIXnE
mylHbSgu0Cri0ltNomAmFKuUR9hDamn8DaRWTTqAi9r7Mgm+KRB54Vn84yi3OAkE
etc8Qvz98Mp4kucHxt9daU1sA6pYWFf8jY61AXn7Qbm5t2l+RZhdIrJeHK3zktnn
MPoIwxgxogrTrLxL+WJGjCUAUfKzxd5eg+kqypIp5NIxpzKZrxXX+isLzjAiu+6l
Z8wbyspjybiMrVQsLF3bxBS3vaV3PDbhH4RI66FtwWbiOUAoMJH67uWlSbAjeAok
ZWJ0GchtgDfLI2olaM//gPxqDlNULkCsogypZCVYDcLR76kc3grhldtDfgU/PZLd
TuVtJnYsUWUgzbi+MYjMNFvojVkBsZdi8xXMTTaJ4EBr/x7FKr0yQrmqY6SIkKUA
RZqxMYERQm2toRfhWt5N9wKHuvqMv/eGYcCzcokCHAQQAQIABgUCTWPMCgAKCRBB
3cC0DaVvIjZREACImkZmDsZHOi3tZZKgttmxyK1uCJJoS8egX3DLQdBTci2PmiL1
f9io2r7ii1Au/vfEdFGDVHOy3ksrJlazVgneGLmVbin9+B7OiQGiINQFoZ9WGCnL
MYt5BvBsP5nGuJHXpxG/OTAfWmqEx7wB15LMoAcA45o10IazIJB+78EwAbqJvhFm
hWBCuM9bvaigemdIjyKZM6Fd4B5ElQIsw3XFBLWEVnCfdPvD++cZU6U9F5PCM+oL
gmyGrpxbdiP2wGNhsh+w+jwRCPGVpivZMMHUVYJNLC2BModnyanz0obrw22U2LKT
nQOOVRMmvO6jYxdMUrOz+qjILLClozZd83X5P3Yz9rZYDXwu526iCGfKcoTWecru
oKw/nlHharrf97Kj9LZirHEUa3wrjEWTr1g90YgyVVqw5H1jdQ3kZ677bgJfSiT/
OXwUhrqXBrPxIfYBweISDttbV7XkNFOM8tV+fM/CyV97omep8pctLyHL4QTs1BW5
YhFsLEfw4M9hYcPD9EKs/f3EdDB9eKWbYkdWAnPwJtML6/OowtTM98FbsAbjKctb
O9LXzfrzCwV7137vLNrzFQXupzK3D+ar+oEZQIyezJyWz/Kl4xatx/B2E6APDpyb
iHwpzjHZbNY1uswuQTGJgi7huQRNooDJmMToYnGP+Mv9C1bcesf8K1qnjYkCHAQQ
AQIABgUCTXeZrgAKCRBB3cC0DaVvIghPEACo1DbukXlf/7lbSOPMZ+eUPaVQoP3M
QZC3e+KbbsQqw0YWwgmJRybyB8x5OYeBqoP1kOZX0MxOLqsMvFYNXGJIPbag+ufU
Q4NhNXFnRMJD6Exlum3M30s7SvxzX9sVZCvoAyrqDp9xiFs0cKtU2DUTS/LawkJm
0ro4K5JFH9irmpsXMzf83EfTR62lzDYSf3JOh9605jkJCQt+gj/T8YzPIqTy2569
alBEEAFxoh+PMfxFNDv7siNLYBgbCTuE3ZifOD+3xZo4nlryGjzPI6C80nR9RPO7
pPoJ26zEwWKC5bcBHcnIXpG1v4+at9A0YQqdLeufL+b3W+tPulf1bYtgKPq6oMR3
lQSswaX0AockF4Dpz2smSiBdYX1XMkp1BjfAlqi+lhr4Uf68fZbQhhAf8puY4EQp
mobXY6/Un8h0C6xH8KzRxAPhB3r8XMwgFD6PYzmy5tB0v+Lt/nzkRMrRrgtEqwKo
BRzTy7jI7rr1hTkNdPKEiT/LbuQcNgrRqD4q1mM5N6RFqezx1pboTxdR5CppabwF
1qu1RUFt9xLsNcBFynAa8/Vmhn8dFggY240FJht2aKpj9S8G6ufwhq9JeAFqwDt5
kHNTjkEFF20XeXvYamF2dX6kRtGm+hauDiHzhGbAoHxJIvLqNyLtxIZGapeVL36M
1RAUOqlnMiqPhYkCHAQQAQIABgUCTXeZ8wAKCRCRcRiZleRannQDEACaIRmvVUrp
d0LAKvtov9ZXfhHMxTbnIIvszbII8shPt29UO08er4Yd0ZnTIFHMvnX5MWCLWBlu
aJ56ucoXMJpcNRPmNCw1bWnjFwQVxajzSpzm4duGQnakOKH7uywNaaUE81nd1VY6
XUW7J/IergcscMOOxHfbXu2hF/2AV7x9NkjbykuMBscgEc8CRuUHJ+A/52Ilwo9R
sEsxKJfh86++h1jaLjs8RL2dEo2ioO0QfAW+rXLgctCe7v3Zs8xBv1qFIV7QW5a+
ZaYW1SRhMNJVnN5iP+WbFiMelzEqcxkgXErGeoDHPE4GDNIQyvhwhryOz1lJONix
b+Cb5jqUoC0Wa96fKP2/t1Dlm+d3ZSp7nQSaQZJ+8pF0yYcAqbKam5zr/XY+EPex
cGJ2GQuQ2y6tSz5kqy5qr5xQoHqif9dCFBkL7aOEO+5waBSy5oTb7uMHki+hKWTz
dlldliXKt4P2tMa/2uFj5m9DXn+CneoHi3FzET24RbglDb445aPNMM+EWqRGQUR0
8wzp8X00WVRuLGenBws5LSjftHCdtVqdDLsM6eJ7BqH0wNPrMwXNz8lErNFnpIwT
DbZiw7GcQGkjRNvDpovAB7OUcGQNXaLvbsjF93OY3lOeBoyPokONIzUPSUdKurbZ
YyfT2mcqGEp1hkZVwPsKIA1y5ioxHQI2HbkEDQRLaIS4EBAApZ0wvxpQVlZ6OEFa
9SBQ5eclRIOjXjKqkYGkvIx+jUmqCYfOgfPixOGYS5Q2KwHNz4XEOIOA1kyClAoA
AgOEGUxj8CxnbBk10IVo/JBONjdqKYPZ2YNdeIIrKXEmai4i5hK5AfZHoyqsV5aq
xGkGeVUju/coyRJY6La8iL+RBuxiRuUPWymGjtISAR6fSiN8f/kRly/y9LmMO8Jc
OpeieqLUFPK6KuzhI4F0nFkHJpZPDNOHHl+GmAZ+SqZxmIrpkGymd36hTKxW4nln
N6kqc1gMwdn1L/u/D+C/jhMbTTssqiMZeyP9uFmnMB3ls1NV8OxvbxcTBG0M7g4A
lffUQKpUrNhIBoC3R7UbYQ3CTZX1Qp/TBzbfRAgGhdWBQDQEd3/Ll9G4QaCs9I+4
W68rkAr7e7IylHyfEi9oYQkXFIEeaAhiENmJBpcLpas/yNJoLayqzPsQ+lRNg3om
FntPtZolkMi6orRNixrgXV64m/01YNjmBFTqsp5wOq2j0cmTkbOWqdnlmGPg2El1
ufebJc6YWS1nFm6YRpN/B3QbtAnar1Cb+IHlr0haTOYhQp+XFN+k1brqs+Sufa8/
rz6N5tsm+W5GjHKvHr24FTa02u3H4lIqNlNBkzZZKhzAhxEWiJzwc/f2upG5vdpl
rM/YCU+XTotYPb5ZEXQe2mD/rXMAAwUP/0f1DOJIfnMrh1o/3RKqDq8k7tlv2GEE
v0VEnh8ty4dMb8Dos2M1Oc4Kv9QLB3DXcS4/L4JW5vF0QgSAzq1r5oBT1zaMcqDS
6OUlHrWUi8aDNt5EPQuEGdP2/iTDeAq4r8eCYrHRC7egldyRZrmWNfcZN6/G9K+J
SjhWfSWWSBRIqb+UxcQNCp6i6tvVSxCfLK1R4P4kA/Z4Co2vywIfVfPhHd5nIWNl
1yl9O3r04GCNTjzwsv/dhUGDFIVsghgehZuL0Bb7hDuyvZ2ShALumZ5t7mU/SJ2h
Ok3klO+2bIJB0gquUkWn/4g1h2Tp9XVWrI1x6GUBxRYkwC4tWajzWeVC5hcDVAdq
YN0H0HVj/CEgrEWlCVv1hJ0JYAsjX8Cj1QuZB1i34fjEkgybMjo3oCU5GCSiNmvt
TeUpexyY/7iHAdyoZHFT+fQS84VMYKFT4tTYH+5jTa62yfPhn63TYPorrRyTqG8a
JQLnczm0NN5R5mriYJQjr4Pj8PSSwWck/Gt8R5vb+C69+uXINB6OKqhG6xU0bqnC
Ixt3OhVS7v0SfHjn0+il/JOc/ev9wm6G5FxmEWOoYwibmaDzHfc9N1HMRzjTENI7
fyJPNFj9IDkpwk4E3ylrkuVl2KEmYDJ9T9ny4UMnQ7Sb6w59UhxMIFtRTPNpQJWC
WXfhWUAo4WfCiEkEGBECAAkFAktohLgCGwwACgkQy8sIKhu5Q9vThgCeIHzJCz+Q
M8u4iCTrGaJ9w/+jwz4AnRhdXcFVv7svt2qOd374EtCSjv24
=/Od8
-----END PGP PUBLIC KEY BLOCK-----
scripts/centos7.repo 0 → 100644
View file @ f48cc6cc
[centos7]
name = centos 7
baseurl = http://mirror.centos.org/centos/7/os/x86_64/
gpgkey = http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7
gpgcheck = 1
scripts/entrypoint.sh 0 → 100755
View file @ f48cc6cc
#! /bin/bash
set -o errexit # abort on nonzero exitstatus
set -o nounset # abort on unbound variable
# Ensure vars are defined
function check_requirements() {
[ -z "${MYSQL_ROOT_PASS}" ] && error_exit "MYSQL_ROOT_PASS is a required variable"
[ -z "${WORDPRESS_DB_USER}" ] && error_exit "WORDPRESS_DB_USER is a required variable"
[ -z "${WORDPRESS_DB_PASS}" ] && error_exit "WORDPRESS_DB_PASS is a required variable"
[ -z "${WORDPRESS_DB_NAME}" ] && error_exit "WORDPRESS_DB_NAME is a required variable"
echo "All neccesary vars defined"
}
check_requirements
# Check if mysql dir is empty
if [ "$(ls -A /var/lib/mysql )" ]; then
echo "Do nothing /var/lib/mysql is not Empty"
else
echo "Take action /var/lib/mysql is Empty"
cp -R /tmp/mysql /var/lib/
fi
/etc/init.d/mysql start
mysql_secure_instalation_automated "${MYSQL_ROOT_PASS}" "${WORDPRESS_DB_USER}" "${WORDPRESS_DB_PASS}" "${WORDPRESS_DB_NAME}"
tail -f /dev/null
\ No newline at end of file
scripts/mariadb.repo 0 → 100644
View file @ f48cc6cc
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
scripts/mysql_secure_installation_automated.sh 0 → 100644
View file @ f48cc6cc
#! /bin/bash
set -o errexit # abort on nonzero exitstatus
set -o nounset # abort on unbound variable
### Functions ###
usage() {
cat << _EOF_
Usage: ${1} "ROOT PASSWORD"
with "ROOT PASSWORD" the desired password for the database root user.
Use quotes if your password contains spaces or other special characters.
Usage: ${2} "WORDPRESS DB USER"
with "WORDPRESS DB USER" the desired username for the word press database wp user.
Use quotes if your password contains spaces or other special characters.
Usage: ${3} "WORDPRESS DB PASS"
with "WORDPRESS DB PASS" the desired password for the database wp user.
Use quotes if your password contains spaces or other special characters.
Usage: ${4} "WORDPRESS DB NAME"
with "WORDPRESS DB NAME" the desired name for the wp database.
Use quotes if your password contains spaces or other special characters.
_EOF_
}
# Predicate that returns exit status 0 if the database root password
# is set, a nonzero exit status otherwise.
is_mysql_root_password_set() {
! mysqladmin --user=root status > /dev/null 2>&1
}
# Predicate that returns exit status 0 if the mysql(1) command is available,
# nonzero exit status otherwise.
is_mysql_command_available() {
which mysql > /dev/null 2>&1
}
### --- ###
### Command line parsing ###
if [ "$#" -ne "4" ]; then
echo "Expected 4 argument, got $#" >&2
usage
exit 2
fi
### --- ###
### Variables ###
db_root_password="${1}"
wordpress_db_user="${2}"
wordpress_db_pass="${3}"
wordpress_db_name="${4}"
### --- ###
### Script proper ###
if ! is_mysql_command_available; then
echo "The MySQL/MariaDB client mysql(1) is not installed."
exit 1
fi
if is_mysql_root_password_set; then
echo "Database root password already set"
exit 0
fi
mysql --user=root <<_EOF_
CREATE DATABASE ${wordpress_db_name};
CREATE USER '${wordpress_db_user}' IDENTIFIED BY '${wordpress_db_pass}';
GRANT ALL PRIVILEGES ON ${wordpress_db_name}.* TO '${wordpress_db_user}';
FLUSH PRIVILEGES;
_EOF_
## -- ##
mysql --user=root <<_EOF_
UPDATE mysql.user SET Password=PASSWORD('${db_root_password}') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
_EOF_
### --- ###
scripts/setup_repository 0 → 100755
View file @ f48cc6cc
#!/usr/bin/env bash
file=/etc/yum.repos.d/mariadb.repo
install_cmd='yum install MariaDB-server'
gpgkey=/opt/RPM-GPG-KEY-MariaDB
err() {
msg=$1
shift
printf "[ERROR] $msg\n" "$@" >&2
exit 1
}
for d in "$PWD" "${0%/*}"; do
if [[ -d $d/repodata ]] ; then
dir=$d
if ! [[ $dir = /* ]] ; then
dir=$PWD/$dir
fi
break
fi
done
if ! [[ $dir ]] ; then
err 'Could not find a "repodata" directory. Please change to the top level directory of the unpacked archive. and re-run this script.'
fi
if [[ -e $file ]] ; then
err 'File "%s" already exists. Rename it and re-run this script, or manually create a new .repo file.' "$file"
fi
if ! cat > "$file" <<EoF
[MariaDB]
name = MariaDB
baseurl = file://$dir
gpgkey = $gpgkey
EoF
then
err 'Could not create "%s". Please investigate and re-run this script.' "$file"
fi
printf 'Repository file successfully created! Please install MariaDB Server with this command:\n\n %s\n\n' "$install_cmd"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED