From 05a78a3d7901bfcb53ed6c59cd2543f977c9528f Mon Sep 17 00:00:00 2001 From: apldev3 Date: Mon, 7 Jan 2019 15:28:53 -0500 Subject: [PATCH] [#46] Setup Travis for HIRS Integration Tests (#68) * [#46] Ensure Travis mounts repository rather than clones it in Docker * [#46] Containerize HIRS ACA and prep ACA container for Integration Tests * [#46] Containerize HIRS TPM2Provisioner and prep TPM2Provisioner container for Integration Tests * [#46] Replace localinstall with install * [#46] Prevent rebuilding of packages unnecessarily * [#46] Finish initial docker compose setup for integration tests * [#46] Allow for detection of complete Integration Environment Setup * [#46] Fix Travis CI to allow for detecting Integ Test Environ Stand-Up * [#46] Fix Initial Integration Test Script * [#46] Troubleshoot Integration Test script --- .ci/docker/Dockerfile.aca | 10 ++ {docker => .ci/docker}/Dockerfile.centos7 | 0 .ci/docker/Dockerfile.tpm2provisioner | 14 +++ {docker => .ci/docker}/Dockerfile.ubuntu18 | 0 .ci/docker/docker-compose.yml | 17 ++++ .ci/integration-tests/certs/ca.crt | Bin 0 -> 805 bytes .ci/integration-tests/certs/ca.key | Bin 0 -> 1218 bytes .ci/integration-tests/certs/ek_cert.der | Bin 0 -> 994 bytes .../run-integration-tests.sh | 33 +++++++ .ci/integration-tests/setup-aca.sh | 16 ++++ .../setup-tpm2provisioner.sh | 89 ++++++++++++++++++ .travis.yml | 10 +- .../package/rpm-post-install.sh | 15 ++- package/scripts/aca/certificate_generate.sh | 24 ++++- package/scripts/common/db_create.sh | 23 ++++- .../common/firewall_configure_tomcat.sh | 11 ++- package/scripts/common/ssl_configure.sh | 44 ++++++++- 17 files changed, 287 insertions(+), 19 deletions(-) create mode 100644 .ci/docker/Dockerfile.aca rename {docker => .ci/docker}/Dockerfile.centos7 (100%) create mode 100644 .ci/docker/Dockerfile.tpm2provisioner rename {docker => .ci/docker}/Dockerfile.ubuntu18 (100%) create mode 100644 .ci/docker/docker-compose.yml create mode 100644 .ci/integration-tests/certs/ca.crt create mode 100644 .ci/integration-tests/certs/ca.key create mode 100644 .ci/integration-tests/certs/ek_cert.der create mode 100755 .ci/integration-tests/run-integration-tests.sh create mode 100755 .ci/integration-tests/setup-aca.sh create mode 100755 .ci/integration-tests/setup-tpm2provisioner.sh mode change 100644 => 100755 package/scripts/common/ssl_configure.sh diff --git a/.ci/docker/Dockerfile.aca b/.ci/docker/Dockerfile.aca new file mode 100644 index 00000000..f11f1d60 --- /dev/null +++ b/.ci/docker/Dockerfile.aca @@ -0,0 +1,10 @@ +FROM hirs/hirs-ci:centos7 + +MAINTAINER apl.dev3@jhuapl.edu + +# Install packages for installing HIRS ACA +RUN yum -y update && yum clean all +RUN yum install -y mariadb-server openssl tomcat java-1.8.0 rpmdevtools coreutils initscripts chkconfig sed grep firewalld policycoreutils && yum clean all + +# Expose ACA Port +EXPOSE 8443 diff --git a/docker/Dockerfile.centos7 b/.ci/docker/Dockerfile.centos7 similarity index 100% rename from docker/Dockerfile.centos7 rename to .ci/docker/Dockerfile.centos7 diff --git a/.ci/docker/Dockerfile.tpm2provisioner b/.ci/docker/Dockerfile.tpm2provisioner new file mode 100644 index 00000000..769653c3 --- /dev/null +++ b/.ci/docker/Dockerfile.tpm2provisioner @@ -0,0 +1,14 @@ +FROM hirs/hirs-ci:centos7 + +MAINTAINER apl.dev3@jhuapl.edu + +# Install packages for installing HIRS TPM2 Provisioner +RUN yum -y update && yum clean all +# TODO: Remove vim-common if/when Paccor updates (Also update Paccor version below) +RUN yum install -y tpm2-tools libcurl procps-ng vim-common wget dbus python-requests && yum clean all + +# Install PACCOR for Device Info Gathering +RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.0.6r3/paccor-1.0.6-3.noarch.rpm && yum -y install paccor-*.rpm && popd + +# Install Software TPM for Provisioning +RUN mkdir ibmtpm && pushd ibmtpm && wget https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm974.tar.gz && tar -zxvf ibmtpm974.tar.gz && cd src && make -j5 && popd diff --git a/docker/Dockerfile.ubuntu18 b/.ci/docker/Dockerfile.ubuntu18 similarity index 100% rename from docker/Dockerfile.ubuntu18 rename to .ci/docker/Dockerfile.ubuntu18 diff --git a/.ci/docker/docker-compose.yml b/.ci/docker/docker-compose.yml new file mode 100644 index 00000000..eec26eec --- /dev/null +++ b/.ci/docker/docker-compose.yml @@ -0,0 +1,17 @@ +version: "3.1" +services: + aca: + image: hirs/hirs-ci:aca + ports: + - "8443:8443" + volumes: + - ../../:/HIRS + command: /HIRS/.ci/integration-tests/setup-aca.sh + tpm2provisioner: + image: hirs/hirs-ci:tpm2provisioner + depends_on: + - "aca" + volumes: + - ../../:/HIRS + network_mode: "host" + command: /HIRS/.ci/integration-tests/setup-tpm2provisioner.sh diff --git a/.ci/integration-tests/certs/ca.crt b/.ci/integration-tests/certs/ca.crt new file mode 100644 index 0000000000000000000000000000000000000000..6d6d32decad55157a060dcc12f162dafad9dae9f GIT binary patch literal 805 zcmXqLVpcS0V&YuD%*4pV#KxGSA-Im&fR~L^tIebBJ1-+6H!FjIyCJs$CmVAp3!5-g zXfTY!!NU|BVklt12a;juVRwyi^bPQFHRLhi0*P?(Fy|Mg!xS^~FeN7%$cghBS{Rra z85x=ynwgkHiSrsEbE#)h6QdHcCm2~7n41{+84Q{jxtN+585#CJI{q|qp{F|k`RZ7+ z{V)9OuH-Ity)tF$lexOF2VxnUZ!3$oq#VrGi`XqSCFu6)voBNQ&Rm<$w&qL}lkR+% zZA-GRp1SuhdwX=Syx%J8D&>sZy}vftu3kM+D*y7Yw%H=b1frQ2HFanm-Esf#$KS4h zw*I=lKBLD{L$|4#pCi{cMOsy=QPxI0>W>9~T)EPzuI#FxFe%3w0fQ0(>ewCLsET0+%gJ~kiuzvVM)%T1%-Tc!)?%A`n$ z*NU*~%X`P&>s6iFxJZI!+kI{Oz(2>IIadaMPnqs;HLJ@o(siQilzR;aP5wACF*7nS zE*3TrG~frum8>u$<9`-b17;wF9Bjb22L>A>!_-sZi#umYYL>}<`jaf(6!EGu<*?KX zsH^F@l?$$S}BV-%qL}u`nU*N24Xy4mtTFsriaRFm))1Tbe``8}N=~x&eAelnUZeQnqUGu} zH?H`;dsgnadtJhYPdYxOW;;_#>;)^!j(wAyc{qM%6Pu6N;_U8id)XLswrL5gbIsz( z|9h+6RWMd^-FMH47bj$%`m1+G=dr=wy!m(DZT~qf>-hQQlbAd2W<2?O?enLkR{4L& rZ(I3!9P@NuaKBA*+DuFT_3st0IX}sGk?mA=v5x<4{vRifJJqHDn2;;e literal 0 HcmV?d00001 diff --git a/.ci/integration-tests/certs/ca.key b/.ci/integration-tests/certs/ca.key new file mode 100644 index 0000000000000000000000000000000000000000..e0bda2ddcf769047979be2f9a090e8ba35047225 GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0KekLrSsylikXxokYusy4*ks5E)`i7en#t>TrqJoGj#kk-7@%u&m zwffhuXpA{1ErNRw2yH!N8zmZn9XuCW{5TI@cOmeIc@%VxO-)CxLzq?A!c+{}IVo}? z1&6t34c@ELU-%cM=+yu;nlTpZmu6e1_Jma?T=9d%|FrW3gxNCtw3iYs9Ap?5eG~^T zA4^`|jU|`B-009Dm0RRp3 zA{eY)lj;8imBKv7zE3*vtSf_6HrwKq%65U3QPrZ89nQ0x{AY-y%!NWUK@ksnqh{`C z>z|josN`eoRfEOiwO+e!9#)D7A_|X+Ep~&}!iL-FHm~*7@p_A#&FL&j&J7%dW#!y( zk8v;-QV#OBiUuZvMu~2&U$nbw<}*>AKY?>*E;a6O(o-mIeZPYJ9Ei9NliD~b7e(06 z$hTkL)md@|;3jmt7(n_Gzz*he6)U{cY_}Jdf_lIM!Ss4&ri>hZmwADt?gdLzSZG(d zq3?(75}UBXeYY-tJgtn(c*t;~Dmclje%~RPJ=W7OkKD}>C~F1{Z7{BN+H4RD`a?OF?F!IA zIi0Y!>3c1VQd;<&P-Jdk?6s@QNf-%>^K5m`xdgSYuHVFtgexM&kY&b%(-2l>eAZ~4 zACm7!h`+Ny;zBq8^e#hBvAy9!^0fkifdIlP?ofi8nTXs$vX55m@u+(?VA~vy&Rr2J4B+;AX7L@E02?xRjbU5j;iY^9v_x!#c%bNJ^ zr%!;6cZO0RXi#a#_EQPI2Ws~~36|hr=W_$mb4QZ%Pz?N+kak6{41ovW`(1Z;ru;!N z0_BIr^63L4{yGxOt`2w6y4BWZeU-N<*yRF&fM$rLFn-7kTj_KN2MMq?Eb?R47KbKM z(4H2&T~xg3BZ*GA9KJxGs3Rkevr9ul_JC_9jI#VV6F6;bhbC^NVHh_ysO_a9P5W_a z-^7l(Kr2?(tKV;Er*w6_sp6oaph_rJ#cv^@Bh+O!Ig`HD!=B^E`@~itS*}2%(p{#_ zK>~q+0MbI*j8AXuTn_7j?dzXdxZP2zPoUzaAf|E+x{5*}g=_mJCJa@o7|T|s;~lb; z9}dP}50jY4(%{aaOzGr(+@2>QeM|L;`|z^s@krv7I($VFPjb-@dfg;WR$5AR`CqSi ggK|!J;trJ4?qk3);EX3wu75kfhbk;f(6%T^@56jhS^xk5 literal 0 HcmV?d00001 diff --git a/.ci/integration-tests/certs/ek_cert.der b/.ci/integration-tests/certs/ek_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..60ec60c45f5391636ee67e504379adc2909a9aee GIT binary patch literal 994 zcmXqLV!mh4#B^){GZP~d6B}cShH!b80WTY;R+~rLcV0$DZdL{ZcSCLiPB!LH7B*p~ z&|nycgNG?N#8AM14@g@z00S2WS{caHN2Ns%l?gue)Fu) z=!5W?q*-2PJC?rc=H%#8tvCPe+4SRms=emfo<&<12IRDEp3aqg-)pMw5f^tRsXt=f z&wXr|ymxFhI#O4(PiyDt5j{qpr6un&mV3$O2bZ`zqxw)n^a4-dS|Q z@cYjhX351RoL%LwMf=s)=$Lw5<<*?OHrV2+ypmLw*kNU+JN%C|WBzXEw6$HEE^~0! z)RH5Pd9&=gw<||6F$2S3apPHo##093z<`rgU;#!YFbug8+B_Ijfyu#u(ZC-hA;`%1 zpT*U{d5NQeJ!#jOS#LFc32kVPj2iWMvXC?Q6WY)g);_*0el0sqW2U4e{?>FarWin=V zd^MiE-qY-xe&q~~i_1&IzGro{ONyEA)UMlH82p@Nv(B4G?pu^H8hQ`a_jhb#eO $PC_DIR/componentsFile +/opt/paccor/scripts/referenceoptions.sh > $PC_DIR/optionsFile +/opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile +/opt/paccor/bin/observer -c $PC_DIR/componentsFile -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile +/opt/paccor/bin/signer -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/integration-tests/certs/ca.key -P /HIRS/.ci/integration-tests/certs/ca.crt --pem -f $PC_DIR/$platform_cert + +# Release EK Cert if one exists +if tpm2_nvlist | grep -q 0x1c00002; then + tpm2_nvrelease -x 0x1c00002 -a 0x40000001 +fi + +# Define nvram space to enable loading of EK cert (-x NV Index, -a handle to +# authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t +# specifies attribute value in publicInfo struct +# [0x2000A = ownerread|ownerwrite|policywrite]) +size=$(cat $ek_cert_der | wc -c) +echo "Define nvram location for ek cert of size $size" +tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size + +# Load EK Cert into TPM nvram +echo "Load ek cert into nvram" +tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der + +# Release Platform Cert if one exists +if tpm2_nvlist | grep -q 0x1c90000; then + tpm2_nvrelease -x 0x1c90000 -a 0x40000001 +fi + +# Store the platform certificate in the TPM's NVRAM +echo "Load platform cert into nvram" +tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $(cat $PC_DIR/$platform_cert | wc -c) +tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert + +# Set Logging to INFO Level +sed -i "s/WARN/INFO/" /etc/hirs/TPM2_Provisioner/log4cplus_config.ini + +echo "TPM2 Provisioner Loaded!" + +tail -f /dev/null diff --git a/.travis.yml b/.travis.yml index 16095c62..6dd75657 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,14 +29,18 @@ cache: install: true script: - - docker run --rm hirs/hirs-ci:centos7 /bin/bash -c "git clone https://github.com/nsacyber/HIRS.git /root/HIRS; cd /root/HIRS; git checkout ${TRAVIS_BRANCH}; ./gradlew :$SUBPROJECT:build" + - docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash -c "cd /HIRS; ./gradlew :$SUBPROJECT:build" jobs: include: - stage: package - script: docker run --rm hirs/hirs-ci:centos7 /bin/bash -c "git clone https://github.com/nsacyber/HIRS.git /root/HIRS; cd /root/HIRS; git checkout ${TRAVIS_BRANCH}; ./package/package.centos.sh" + script: docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash -c "cd /HIRS; ./package/package.centos.sh" env: null name: "Package Centos" - - script: docker run --rm hirs/hirs-ci:ubuntu18 /bin/bash -c "git clone https://github.com/nsacyber/HIRS.git /root/HIRS; cd /root/HIRS; git checkout ${TRAVIS_BRANCH}; ./package/package.ubuntu.sh" + - script: docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:ubuntu18 /bin/bash -c "cd /HIRS; ./package/package.ubuntu.sh" env: null name: "Package Ubuntu" + - stage: integration-tests + script: .ci/integration-tests/./run-integration-tests.sh + env: null + name: "Integration Tests" diff --git a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh index 8f7cf31c..a137e8d2 100644 --- a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh +++ b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh @@ -1,9 +1,16 @@ +set -e + +if ! [ $(id -u) = 0 ]; then + echo "Please run this script as root." + exit 1 +fi + HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config" -sudo mkdir -p /var/log/hirs/provisioner -sudo ln /usr/local/lib/libcurl.so /usr/lib64/libcurl.so -sudo ln -s -f /usr/local/bin/hirs-provisioner-tpm2 /usr/sbin/hirs-provisioner-tpm2 -sudo ln -s -f /usr/local/bin/tpm_aca_provision /usr/sbin/tpm_aca_provision +mkdir -p /var/log/hirs/provisioner +ln /usr/local/lib/libcurl.so /usr/lib64/libcurl.so +ln -s -f /usr/local/bin/hirs-provisioner-tpm2 /usr/sbin/hirs-provisioner-tpm2 +ln -s -f /usr/local/bin/tpm_aca_provision /usr/sbin/tpm_aca_provision if [ ! -f $HIRS_SITE_CONFIG ]; then # Create template site config if it does not exist diff --git a/package/scripts/aca/certificate_generate.sh b/package/scripts/aca/certificate_generate.sh index 5be588ab..94b4ef01 100644 --- a/package/scripts/aca/certificate_generate.sh +++ b/package/scripts/aca/certificate_generate.sh @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# Check if we're in a Docker container +if [ -f /.dockerenv ]; then + DOCKER_CONTAINER=true +else + DOCKER_CONTAINER=false +fi + # variables for the CA certificates CA_PATH=/etc/hirs/certificates CA_KEYSTORE=${CA_PATH}/TrustStore.jks @@ -50,7 +57,7 @@ sed -i "s/aca\.keyStore\.password\s*=/aca.keyStore.password=password/" /etc/hirs # copy the trust store to the ACA cp ${CA_KEYSTORE} /etc/hirs/aca/client-files/ -# start up the tomcat6 service +# start up the tomcat service # Guess where Tomcat is installed and what it's called: if [ -d /usr/share/tomcat6 ] ; then @@ -63,4 +70,17 @@ else fi # restart tomcat after updating the trust store. -/sbin/service ${TOMCAT_SERVICE} restart; +if [ $DOCKER_CONTAINER = true ]; then + # If in Docker container, avoid services that invoke the D-Bus + if [[ $(ss -t -l -n | grep -q LISTEN.*:::8009) -eq 0 ]]; then + echo "Tomcat is running, so we restart it." + /usr/libexec/tomcat/server stop + (/usr/libexec/tomcat/server start) & + # Wait for Tomcat to boot completely + until [ "`curl --silent --connect-timeout 1 -I http://localhost:8080 | grep 'Coyote'`" != "" ]; do + : + done + fi +else + /sbin/service ${TOMCAT_SERVICE} restart; +fi diff --git a/package/scripts/common/db_create.sh b/package/scripts/common/db_create.sh index 2c900024..4f1ec285 100644 --- a/package/scripts/common/db_create.sh +++ b/package/scripts/common/db_create.sh @@ -1,10 +1,27 @@ #!/bin/bash -SQL_SERVICE=`/opt/hirs/scripts/common/get_db_service.sh` +# Check if we're in a Docker container +if [ -f /.dockerenv ]; then + DOCKER_CONTAINER=true +else + DOCKER_CONTAINER=false +fi echo "Creating HIRS Database..." -chkconfig $SQL_SERVICE on -service $SQL_SERVICE start + +if [ $DOCKER_CONTAINER = true ]; then + # If in Docker container, avoid services that invoke the D-Bus + if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then + /usr/libexec/mariadb-prepare-db-dir + nohup /usr/bin/mysqld_safe --basedir=/usr &>/dev/null & + MYSQLD_PID=$(pgrep -u mysql mysqld) + /usr/libexec/mariadb-wait-ready $MYSQLD_PID + fi +else + SQL_SERVICE=`/opt/hirs/scripts/common/get_db_service.sh` + chkconfig $SQL_SERVICE on + service $SQL_SERVICE start +fi CENTOS_VER=`/opt/hirs/scripts/common/get_centos_major_version.sh` if [ $CENTOS_VER -eq "6" ] ; then diff --git a/package/scripts/common/firewall_configure_tomcat.sh b/package/scripts/common/firewall_configure_tomcat.sh index 228948c7..ef25af35 100644 --- a/package/scripts/common/firewall_configure_tomcat.sh +++ b/package/scripts/common/firewall_configure_tomcat.sh @@ -1,15 +1,20 @@ +if ! [ $(id -u) = 0 ]; then + echo "Please run this script as root." + exit 1 +fi + CENTOS_VER=`/opt/hirs/scripts/common/get_centos_major_version.sh` if [ $CENTOS_VER -eq "6" ] ; then checkHTTPS=`iptables-save | grep -- "--dport 8443 -j ACCEPT"` if [[ $checkHTTPS == "" ]]; then echo "Tomcat HTTPS firewall rule doesn't exist, adding now" - sudo iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT + iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT service iptables save fi elif [ $CENTOS_VER -eq "7" ] ; then - sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -p tcp --dport 8443 -j ACCEPT - sudo firewall-cmd --reload + firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -p tcp --dport 8443 -j ACCEPT + firewall-cmd --reload else echo "Unsupported CentOS version: ${CENTOS_VER}" exit 1 diff --git a/package/scripts/common/ssl_configure.sh b/package/scripts/common/ssl_configure.sh old mode 100644 new mode 100755 index a34300fd..22c222ef --- a/package/scripts/common/ssl_configure.sh +++ b/package/scripts/common/ssl_configure.sh @@ -14,6 +14,13 @@ P12_DATA=${CERTIFICATES}/private/p12.data echo 'Checking SSL configuration for HIRS' +# Check if we're in a Docker container +if [ -f /.dockerenv ]; then + DOCKER_CONTAINER=true +else + DOCKER_CONTAINER=false +fi + ################# # Key Generation ################# @@ -115,7 +122,15 @@ if [[ $1 = "server" ]]; then chkconfig ${TOMCAT_SERVICE} on # Configure the server.xml file such that it uses our key store and trust store - service ${TOMCAT_SERVICE} stop + if [ $DOCKER_CONTAINER = true ]; then + # If in Docker container, avoid services that invoke the D-Bus + if [[ $(pgrep -c -f /usr/share/tomcat) -ne 0 ]]; then + echo "Tomcat is running, so we stop it." + /usr/libexec/tomcat/server stop + fi + else + service ${TOMCAT_SERVICE} stop + fi # Configure Tomcat SSL properly. The method for doing this changes from 6.0.38 onward. rpmdev-vercmp 6.0.38 $TOMCAT_VERSION @@ -143,7 +158,16 @@ EOF # (3) set tomcat user as owner of tomcat installation chgrp -R tomcat ${CATALINA_HOME} - service ${TOMCAT_SERVICE} start + if [ $DOCKER_CONTAINER = true ]; then + # If in Docker container, avoid services that invoke the D-Bus + (/usr/libexec/tomcat/server start) & + # Wait for Tomcat to boot completely + until [ "`curl --silent --connect-timeout 1 -I http://localhost:8080 | grep 'Coyote'`" != "" ]; do + : + done + else + service ${TOMCAT_SERVICE} start + fi fi fi @@ -207,7 +231,19 @@ if [[ $1 = "server" ]]; then sed -i "/\[mysqld\]/r $MYSQL_ADDITIONS_FILE" /etc/my.cnf - SQL_SERVICE=`/opt/hirs/scripts/common/get_db_service.sh` - service $SQL_SERVICE restart + if [ $DOCKER_CONTAINER = true ]; then + # If in Docker container, avoid services that invoke the D-Bus + if [[ $(pgrep -c -u mysql mysqld) -ne 0 ]]; then + echo "MariaDB is running, so we'll need to restart it." + mysqladmin shutdown + /usr/libexec/mariadb-prepare-db-dir + nohup /usr/bin/mysqld_safe --basedir=/usr &>/dev/null & + MYSQLD_PID=$(pgrep -u mysql mysqld) + /usr/libexec/mariadb-wait-ready $MYSQLD_PID + fi + else + SQL_SERVICE=`/opt/hirs/scripts/common/get_db_service.sh` + service $SQL_SERVICE restart + fi fi fi \ No newline at end of file