1. use mariadb image from docker registry to simplify set up.
2. remove harcoded root and user mariadb accounts
3. restrict access to user account to just specific databases.
Change-Id: Iaa916dbf2de2474fcc483a4be6167b4b92a2de61
Issue-ID: POLICY-650
Signed-off-by: Jorge Hernandez <jh1730@att.com>
- Copy the files under policy-drools to target/policy-drools
- Run the 'docker build' command on the following directories, in order:
policy-os
- policy-db
policy-nexus
policy-base
target/policy-pe
For example:
docker build -t onap/policy/policy-os policy-os
-docker build -t onap/policy/policy-db policy-db
docker build -t onap/policy/policy-nexus policy-nexus
docker build -t onap/policy/policy-base policy-base
docker build -t onap/policy/policy-pe target/policy-pe
--- /dev/null
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_USER=policy_user
+MYSQL_PASSWORD=policy_user
--- /dev/null
+#!/bin/bash -xv
+
+for db in support onap_sdk log
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
version: '2'
services:
mariadb:
- image: onap/policy/policy-db
+ image: mariadb:10.0.34
container_name: mariadb
hostname: mariadb
+ command: ['--lower-case-table-names=1']
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
expose:
- 3306
nexus:
com.docker.network.driver.mtu: ${MTU}
services:
mariadb:
- image: onap/policy/policy-db
+ image: mariadb:10.0.34
container_name: mariadb
hostname: mariadb
+ command: ['--lower-case-table-names=1']
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
ports:
- "3306:3306"
nexus:
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
docker images
-for image in policy-nexus policy-db policy-drools policy-pe; do
+for image in policy-nexus policy-drools policy-pe; do
echo "Pushing $image"
docker push ${DOCKER_REPOSITORY}/onap/policy/$image:latest
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
#
# Push images
#
-for image in policy-nexus policy-db policy-drools policy-pe; do
+for image in policy-nexus policy-drools policy-pe; do
echo "Pushing $image"
docker push ${DOCKER_REPOSITORY}/onap/policy/$image:${MVN_MAJMIN_VERSION}-latest
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
+++ /dev/null
-FROM onap/policy/policy-os
-
-RUN \
- apt-get clean && \
- apt-get install -y apt-transport-https && \
- apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db && \
- add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://ftp.osuosl.org/pub/mariadb/repo/10.0/ubuntu trusty main' && \
- apt-get clean && \
- apt-get update && \
- apt-get install -y mariadb-server && \
- touch /var/lib/mysql/firstrun
-
-COPY dbinit.sh do-start.sh /tmp/
-RUN bash /tmp/dbinit.sh
-
-# mount volumes to persist the data
-VOLUME /etc/mysql /var/lib/mysql
-
-CMD exec bash /tmp/do-start.sh
+++ /dev/null
-#sed -i '/^bind-address/s/127\.0\.0\.1/0.0.0.0/' /etc/mysql/my.cnf
-cat >/etc/mysql/conf.d/policy.cnf <<-'EOF'
- [mysqld]
- lower_case_table_names = 1
- bind-address = 0.0.0.0
-EOF
-
-echo "Starting mysqld"
-service mysql start
-
-echo "Run mysql_secure_installation"
-/usr/bin/mysql_secure_installation <<-EOF
-
- y
- secret
- secret
- y
- y
- y
- y
-EOF
-
-echo "Creating db schemas and user"
-mysql -uroot -psecret <<-EOF
- create database xacml;
- create database log;
- create database support;
- create table support.db_version(the_key varchar(20) not null, version varchar(20), primary key(the_key));
- insert into support.db_version values('VERSION', '00');
- insert into support.db_version values('DROOLS_VERSION', '00');
- create user 'policy_user'@'localhost' identified by 'policy_user';
- grant all privileges on *.* to 'policy_user'@'localhost' with grant option;
- flush privileges;
- select * from support.db_version;
-EOF
-
-echo "Stopping mysqld"
-service mysql stop
+++ /dev/null
-#! /bin/bash
-
-# determine IP pattern associated with 'eth0' (assume net mask = 255.255.0.0)
-ipPattern=$(ifconfig eth0|sed -n -e 's/^.*inet addr:\([^\.]*.[^\.]*\)\..*$/\1.%.%/p')
-
-# start MySQL, and grant all privileges to the local network
-# (it doesn't hurt to do the 'grant' multiple times)
-service mysql start
-mysql -uroot -psecret \
- -e "grant all privileges on *.* to 'policy_user'@'${ipPattern}' identified by 'policy_user' with grant option;"
-
-exec sleep 1000d
cp -r target/policy-pe/* policy-pe/
cp -r target/policy-drools/* policy-drools
-for comp in policy-os policy-db policy-nexus policy-base policy-pe policy-drools
+for comp in policy-os policy-nexus policy-base policy-pe policy-drools
do
sudo docker build -t onap/policy/$comp $HOME/docker/$comp
done
Code Review / policy / docker.git / commitdiff