Move the mariadb expect code to a script

Atleast in a script, sudo can be made to only allow the script to run from the mysql process in the future, versus all the proceesses being able to be executed as root presently. Change-Id: I030b57086e37e4dc8f668f98c04335d94ab9d2b0 Partially-Implements: blueprint drop-root
2015-11-10 04:15:34 -05:00 · 2015-11-10 04:15:34 -05:00 · 09e9b1be33
commit 09e9b1be33
parent f9ccb1c882
3 changed files with 25 additions and 21 deletions
--- a/docker/mariadb/Dockerfile.j2
+++ b/docker/mariadb/Dockerfile.j2
@ -29,6 +29,8 @@ RUN apt-get install -y --no-install-recommends \
 {% endif %}

 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY security_reset.expect /usr/local/bin/kolla_security_reset
+RUN chmod 755 /usr/local/bin/kolla_extend_start \
+    && chmod 755 /usr/local/bin/kolla_security_reset

 {{ include_footer }}
--- a/docker/mariadb/extend_start.sh
+++ b/docker/mariadb/extend_start.sh
@ -5,26 +5,7 @@ function bootstrap_db {

    # Waiting for deamon
    sleep 10
-    expect -c '
-    set timeout 10
-    spawn mysql_secure_installation
-    expect "Enter current password for root (enter for none):"
-    send "\r"
-    expect "Set root password?"
-    send "y\r"
-    expect "New password:"
-    send "'"${DB_ROOT_PASSWORD}"'\r"
-    expect "Re-enter new password:"
-    send "'"${DB_ROOT_PASSWORD}"'\r"
-    expect "Remove anonymous users?"
-    send "y\r"
-    expect "Disallow root login remotely?"
-    send "n\r"
-    expect "Remove test database and access to it?"
-    send "y\r"
-    expect "Reload privilege tables now?"
-    send "y\r"
-    expect eof'
+    kolla_security_reset

    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
--- a/docker/mariadb/security_reset.expect
+++ b/docker/mariadb/security_reset.expect
@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn mysql_secure_installation
+expect "Enter current password for root (enter for none):"
+send "\r"
+expect "Set root password?"
+send "y\r"
+expect "New password:"
+send "$env(DB_ROOT_PASSWORD)\r"
+expect "Re-enter new password:"
+send "$env(DB_ROOT_PASSWORD)\r"
+expect "Remove anonymous users?"
+send "y\r"
+expect "Disallow root login remotely?"
+send "n\r"
+expect "Remove test database and access to it?"
+send "y\r"
+expect "Reload privilege tables now?"
+send "y\r"
+expect eof