-
Notifications
You must be signed in to change notification settings - Fork 6
/
runmariadb
executable file
·80 lines (68 loc) · 2.44 KB
/
runmariadb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/usr/bin/bash
set -eu
if [[ -z "${MARIADB_PASSWORD:-}" ]]; then
echo "FATAL: Missing database password, set the MARIADB_PASSWORD variable"
exit 1
fi
set -x
PATH=$PATH:/usr/sbin/
DATADIR="/var/lib/mysql"
MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
MARIADB_USER=${MARIADB_USER:-ironic}
MARIADB_HOST=${MARIADB_HOST:-localhost}
MARIADB_CONF_FILE="/etc/my.cnf.d/metal3.cnf"
MARIADB_CERT_FILE=/certs/mariadb/tls.crt
MARIADB_KEY_FILE=/certs/mariadb/tls.key
RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
USER="$(whoami)"
MARIADB_MAX_CONNECTIONS=${MARIADB_MAX_CONNECTIONS:-"64"}
mkdir -p "$(dirname "${MARIADB_CERT_FILE}")"
if [ -f "$MARIADB_CERT_FILE" ] && [ ! -f "$MARIADB_KEY_FILE" ] ; then
echo "FATAL: Missing TLS private key file ${MARIADB_KEY_FILE} while certificate ${MARIADB_CERT_FILE} exists"
exit 1
fi
if [ ! -f "$MARIADB_CERT_FILE" ] && [ -f "$MARIADB_KEY_FILE" ] ; then
echo "FATAL: Missing TLS certificate file ${MARIADB_CERT_FILE} while private key ${MARIADB_KEY_FILE} exists"
exit 1
fi
# Restart mysqld when the certificate is updated
if [[ -f "$MARIADB_CERT_FILE" && "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
# shellcheck disable=SC2034,SC2162
inotifywait -m -e delete_self "${MARIADB_CERT_FILE}" | while read file event; do
kill $(pgrep -f mysqld)
done &
fi
if [ ! -d "${DATADIR}/mysql" ]; then
cat > "${MARIADB_CONF_FILE}" <<EOF
[mysqld]
max_connections = ${MARIADB_MAX_CONNECTIONS}
max_heap_table_size = 1M
innodb_buffer_pool_size = 5M
innodb_log_buffer_size = 512K
user = ${USER}
log_warnings = 4
EOF
# Config MariaDB to enable TLS
if [ -f "${MARIADB_CERT_FILE}" ]; then
cat >> "$MARIADB_CONF_FILE" <<EOF
ssl_cert = ${MARIADB_CERT_FILE}
ssl_key = ${MARIADB_KEY_FILE}
require_secure_transport
EOF
fi
mysql_install_db --datadir="$DATADIR" --skip-test-db --user="${USER}" --group="${USER}"
# Don't log the credentials
set +x
cat > /tmp/configure-mysql.sql <<-EOSQL
CREATE USER '${MARIADB_USER}'@'${MARIADB_HOST}' identified by '${MARIADB_PASSWORD}' ;
GRANT ALL on *.* TO '${MARIADB_USER}'@'${MARIADB_HOST}' WITH GRANT OPTION ;
DROP DATABASE IF EXISTS test ;
CREATE DATABASE IF NOT EXISTS ${MARIADB_DATABASE} ;
DROP USER IF EXISTS 'root'@'localhost' ;
DROP USER IF EXISTS 'mysql'@'localhost' ;
FLUSH PRIVILEGES ;
EOSQL
exec mysqld --init-file /tmp/configure-mysql.sql --skip-log-error
else
exec mysqld --skip-log-error
fi