mirror of https://github.com/docker/docs.git
168 lines
5.6 KiB
Bash
Executable File
168 lines
5.6 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# This database is used by both of Notary-Server and Notary-Signer
|
|
# the early days which we would not use it any longer.
|
|
DB_NAME_OLD='notary'
|
|
|
|
# Message which will be displayed when the database 'notary' exsits.
|
|
DB_WARNING="
|
|
=============== WARNING =================
|
|
# The schema has changed. #
|
|
# Make sure you migrate the tables in #
|
|
# 'notary' #
|
|
# to #
|
|
# 'notaryserver' and 'notarysigner' #
|
|
=========================================
|
|
"
|
|
|
|
# Although the Notary-Server and Notary-Signer could use the same
|
|
# database, it's better to separate that for security.
|
|
DB_NAME_SERVER='notaryserver'
|
|
DB_NAME_SIGNER='notarysigner'
|
|
DB_NAME=($DB_NAME_SERVER,$DB_NAME_SIGNER)
|
|
|
|
DB_TABLE_FILES='tuf_files'
|
|
DB_TABLE_KEYS='timestamp_keys'
|
|
DB_USER='root'
|
|
DB_PASS=''
|
|
|
|
# Default username and password for Notary-Server
|
|
DB_USER_SERVER='server'
|
|
DB_PASS_SERVER=''
|
|
|
|
# Default username and password for Notary-Signer
|
|
DB_USER_SIGNER='signer'
|
|
DB_PASS_SIGNER=''
|
|
|
|
DB_REMOTE_ROOT_NAME=''
|
|
DB_REMOTE_ROOT_PASS=''
|
|
DB_REMOTE_ROOT_HOST=''
|
|
|
|
# disable error log
|
|
sed 's/^log_error/# log_error/' -i /etc/mysql/my.cnf
|
|
|
|
# Fixing StartUp Porblems with some DNS Situations and Speeds up the stuff
|
|
# http://www.percona.com/blog/2008/05/31/dns-achilles-heel-mysql-installation/
|
|
cat > /etc/mysql/conf.d/mysql-skip-name-resolv.cnf <<EOF
|
|
[mysqld]
|
|
skip_name_resolve
|
|
EOF
|
|
|
|
# fix permissions and ownership of /var/lib/mysql
|
|
mkdir -p -m 700 /var/lib/mysql
|
|
chown -R mysql:mysql /var/lib/mysql
|
|
|
|
# fix permissions and ownership of /run/mysqld
|
|
mkdir -p -m 0755 /run/mysqld
|
|
chown -R mysql:root /run/mysqld
|
|
|
|
#
|
|
# the default password for the debian-sys-maint user is randomly generated
|
|
# during the installation of the mysql-server package.
|
|
#
|
|
# Due to the nature of docker we blank out the password such that the maintenance
|
|
# user can login without a password.
|
|
#
|
|
sed 's/password = .*/password = /g' -i /etc/mysql/debian.cnf
|
|
|
|
# initialize MySQL data directory
|
|
if [ ! -d /var/lib/mysql/mysql ]; then
|
|
echo "Installing database..."
|
|
mysql_install_db --user=mysql >/dev/null 2>&1
|
|
|
|
# start mysql server
|
|
echo "Starting MySQL server..."
|
|
/usr/bin/mysqld_safe >/dev/null 2>&1 &
|
|
|
|
# wait for mysql server to start (max 30 seconds)
|
|
timeout=30
|
|
echo -n "Waiting for database server to accept connections"
|
|
while ! /usr/bin/mysqladmin -u root status >/dev/null 2>&1
|
|
do
|
|
timeout=$(($timeout - 1))
|
|
if [ $timeout -eq 0 ]; then
|
|
echo -e "\nCould not connect to database server. Aborting..."
|
|
exit 1
|
|
fi
|
|
echo -n "."
|
|
sleep 1
|
|
done
|
|
echo
|
|
|
|
## create a localhost only, debian-sys-maint user
|
|
## the debian-sys-maint is used while creating users and database
|
|
## as well as to shut down or starting up the mysql server via mysqladmin
|
|
echo "Creating debian-sys-maint user..."
|
|
mysql -uroot -e "GRANT ALL PRIVILEGES on *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '' WITH GRANT OPTION;"
|
|
|
|
if [ -n "${DB_REMOTE_ROOT_NAME}" -a -n "${DB_REMOTE_ROOT_HOST}" ]; then
|
|
echo "Creating remote user \"${DB_REMOTE_ROOT_NAME}\" with root privileges..."
|
|
mysql -uroot \
|
|
-e "GRANT ALL PRIVILEGES ON *.* TO '${DB_REMOTE_ROOT_NAME}'@'${DB_REMOTE_ROOT_HOST}' IDENTIFIED BY '${DB_REMOTE_ROOT_PASS}' WITH GRANT OPTION; FLUSH PRIVILEGES;"
|
|
fi
|
|
|
|
/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf shutdown
|
|
fi
|
|
|
|
# create new user / database
|
|
if [ -n "${DB_USER}" -o -n "${DB_NAME}" ]; then
|
|
/usr/bin/mysqld_safe >/dev/null 2>&1 &
|
|
|
|
# wait for mysql server to start (max 30 seconds)
|
|
timeout=30
|
|
while ! /usr/bin/mysqladmin -u root status >/dev/null 2>&1
|
|
do
|
|
timeout=$(($timeout - 1))
|
|
if [ $timeout -eq 0 ]; then
|
|
echo "Could not connect to mysql server. Aborting..."
|
|
exit 1
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
# Check whether the old database exists and warn users to
|
|
# manually migrate those tables if so.
|
|
if [ -n "${DB_NAME_OLD}" ]; then
|
|
if mysql --defaults-file=/etc/mysql/debian.cnf -e "USE $DB_NAME_OLD;" 2>/dev/null; then
|
|
echo "$DB_WARNING"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${DB_NAME}" ]; then
|
|
for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
|
|
if mysql --defaults-file=/etc/mysql/debian.cnf -e "USE $db;" 2>/dev/null; then
|
|
echo "Database \"$db\" exists"
|
|
else
|
|
echo "Creating database \"$db\"..."
|
|
mysql --defaults-file=/etc/mysql/debian.cnf \
|
|
-e "CREATE DATABASE IF NOT EXISTS \`$db\` DEFAULT CHARACTER SET \`utf8\` COLLATE \`utf8_unicode_ci\`;"
|
|
if [ -n "${DB_USER_SERVER}" -a $db = $DB_NAME_SERVER ]; then
|
|
echo "Granting access to database \"$db\" for user \"${DB_USER_SERVER}\"..."
|
|
mysql --defaults-file=/etc/mysql/debian.cnf \
|
|
-e "GRANT ALL PRIVILEGES ON \`$db\`.* TO '${DB_USER_SERVER}' IDENTIFIED BY '${DB_PASS_SERVER}';"
|
|
# Create our Database:
|
|
mysql -uroot $db < ./initial-notaryserver.sql
|
|
mysql -uroot $db < ./migrate-notaryserver.sql
|
|
fi
|
|
if [ -n "${DB_USER_SIGNER}" -a $db = $DB_NAME_SIGNER ]; then
|
|
echo "Granting access to database \"$db\" for user \"${DB_USER_SIGNER}\"..."
|
|
mysql --defaults-file=/etc/mysql/debian.cnf \
|
|
-e "GRANT ALL PRIVILEGES ON \`$db\`.* TO '${DB_USER_SIGNER}' IDENTIFIED BY '${DB_PASS_SIGNER}';"
|
|
# Create our Database:
|
|
mysql -uroot $db < ./initial-notarysigner.sql
|
|
fi
|
|
fi
|
|
done
|
|
fi
|
|
/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf shutdown
|
|
fi
|
|
|
|
# listen on all interfaces
|
|
cat > /etc/mysql/conf.d/mysql-listen.cnf <<EOF
|
|
[mysqld]
|
|
bind = 0.0.0.0
|
|
EOF
|
|
|
|
exec /usr/bin/mysqld_safe
|