openstack/kolla
Code Issues Proposed changes

Merge "Drop root privileges for mariadb"

Browse Source
This commit is contained in:
Jenkins 2015-11-12 13:13:50 +00:00 committed by Gerrit Code Review
commit 55e4b54e23
4 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/base/sudoers
View File

@ -14,3 +14,5 @@ root ALL=(ALL) ALL
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
# root user via sudo without password confirmation
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs
#includedir /etc/sudoers.d

9
docker/mariadb/Dockerfile.j2
View File

@ -28,9 +28,16 @@ RUN apt-get install -y --no-install-recommends \
{% endif %}
COPY mariadb_sudoers /etc/sudoers.d/mariadb_sudoers
COPY extend_start.sh /usr/local/bin/kolla_extend_start
COPY security_reset.expect /usr/local/bin/kolla_security_reset
RUN chmod 755 /usr/local/bin/kolla_extend_start \
&& chmod 755 /usr/local/bin/kolla_security_reset
&& chmod 755 /usr/local/bin/kolla_security_reset \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/mariadb_sudoers \
&& usermod -a -G kolla mysql
USER mysql
{{ include_footer }}

8
docker/mariadb/extend_start.sh
View File

@ -5,19 +5,19 @@ function bootstrap_db {
# Waiting for deamon
sleep 10
kolla_security_reset
sudo -E kolla_security_reset
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
mysqladmin -p"${DB_ROOT_PASSWORD}" shutdown
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
}
chown mysql: /var/lib/mysql
sudo chown mysql: /var/lib/mysql
# This catches all cases of the BOOTSTRAP variable being set, including empty
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]] && [[ ! -e /var/lib/mysql/cluster.exists ]]; then
ARGS="--wsrep-new-cluster"
touch /var/lib/mysql/cluster.exists
mysql_install_db --user=mysql
mysql_install_db
bootstrap_db
fi

1
docker/mariadb/mariadb_sudoers Normal file
View File

@ -0,0 +1 @@
%kolla ALL=(root) NOPASSWD: /bin/chown mysql\: /var/lib/mysql, /usr/bin/chown mysql\: /var/lib/mysql, /usr/local/bin/kolla_security_reset