ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed selinux issue for Rocky 9 and Mysql restart for Ubuntu install

Browse Source
This commit is contained in:
iadgovuser26 2024-03-13 13:49:42 -04:00
parent ae1167b3f5
commit 2b7fee432a
16 changed files with 283 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HIRS_AttestationCAPortal/build.gradle
View File

@ -119,7 +119,7 @@ ospackage {
}
// copy setup scripts to /opt/hirs/aca
into ('/opt/hirs/aca/scripts/') {
from '../package/scripts/'
from '../package/linux/'
}
// copy the war file into /opt/hirs/aca
into ('/opt/hirs/aca/') {
@ -147,7 +147,7 @@ ospackage {
postTrans 'firewall-cmd --add-port=8443/tcp --permanent'
postTrans 'firewall-cmd --reload'
postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
postTrans '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
postTrans 'bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
// add chrontab to run ACA at boot
postTrans 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
postTrans 'chmod +x /opt/hirs/aca/scripts/aca/*'

2
package/scripts/aca/aca_bootRun.sh → package/linux/aca/aca_bootRun.sh
View File

@ -87,7 +87,7 @@ if [ $ALG = "RSA" ]; then
ALIAS="hirs_aca_tls_ecc_512_sha384"
fi
check_for_container
check_systemd
start_mysqlsd
if [ ! -d "$CERT_PATH" ]; then

38
package/scripts/aca/aca_check_setup.sh → package/linux/aca/aca_check_setup.sh
View File

@ -5,6 +5,7 @@
############################################################################################
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
LOG_FILE=/dev/null
CERT_PATH="/etc/hirs/certificates/HIRS/"
RSA_PATH=rsa_3k_sha384_certs
@ -100,6 +101,8 @@ echo "Checking HIRS ACA Setup on this device..."
echo "HIRS ACA was NOT installed via an OS package on this device"
fi
check_systemd -p
# Check install setup pki files
if [ ! -d $CERT_PATH ]; then
check_db_cleared
@ -179,7 +182,7 @@ check_cert () {
ALL_CERTS_PASSED=false
fi
if [ ! -z "${ARG_VERBOSE}" ]; then
echo " "$RESULT
echo " "$RESULTACA_PROP_FILE
fi
}
@ -241,7 +244,7 @@ check_db () {
if [ "$RESULT" == "YES" ]; then
echo " Mysql Server side TLS is enabled:"
else
echo " Mysql Sever side TLS is NOT enabled:"
echo " Mysql Server side TLS is NOT enabled:"
ALL_CHECKS_PASSED=false
fi
@ -267,7 +270,6 @@ check_db () {
echo "MYSQL Log:"
mysql -u root --password=$mysql_admin_password -e "SHOW GLOBAL VARIABLES LIKE 'log_error'"
fi
}
# Check selinux status and files that require specific contexts
@ -276,32 +278,36 @@ check_selinux () {
echo "Skipping selinux check on ubuntu"
return
fi
SELINUXSTATUS=$(getenforce)
DB_SRV_CONTEXT=$(ls -Z $DB_SRV_CONF)
DB_CLIENT_CONTEXT=$(ls -Z $DB_CLIENT_CONF)
echo "Checking device selinux status..."
if [[ "$SELINUXSTATUS" == *"Enforcing"* ]]; then
echo " Selinux is in Enforcing mode."
if [[ "$DB_SRV_CONTEXT" == *"mysqld_etc_t"* && "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
command -v setenforce >> /dev/null
if [ $? -eq 0 ]; then
SELINUXSTATUS=$(getenforce)
DB_SRV_CONTEXT=$(ls -Z $DB_SRV_CONF)
DB_CLIENT_CONTEXT=$(ls -Z $DB_CLIENT_CONF)
echo "Checking device selinux status..."
if [[ "$SELINUXSTATUS" == *"Enforcing"* ]]; then
echo " Selinux is in Enforcing mode."
if [[ "$DB_SRV_CONTEXT" == *"mysqld_etc_t"* && "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
echo " Selinux status is $SELINUXSTATUS and both $DB_SRV_CONF and $DB_CLIENT_CONF contexts are correct"
elif [[ "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
echo " Selinux status is $SELINUXSTATUS and $DB_CLIENT_CONF context is incorrect: $DB_CLIENT_CONTEXT"
ALL_CHECKS_PASSED=false
elif [[ "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
echo " Selinux status is $SELINUXSTATUS and $DB_CLIENT_CONF context is incorrect: $DB_CLIENT_CONTEXT"
ALL_CHECKS_PASSED=false
else
echo " Selinux status is $SELINUXSTATUS and $DB_SRV_CONF context is incorrect: $DB_SRV_CONTEXT"
ALL_CHECKS_PASSED=false
fi
else
else
echo " Selinux is in NOT in Enforcing mode."
fi
fi
}
check_fips () {
echo "Checking FIPS mode on this device..."
echo " "$(sysctl -a | grep crypto.fips_enabled)
fips=$(sysctl -a 2>&1 | grep crypto.fips_enabled)
echo " "$fips
}
# Run Checks
check_for_container -p
check_pwds
check_pki
check_mysql_setup

0
package/scripts/aca/aca_remove_setup.sh → package/linux/aca/aca_remove_setup.sh
View File

4
package/scripts/aca/aca_setup.sh → package/linux/aca/aca_setup.sh
View File

@ -31,8 +31,6 @@ help () {
}
# Process parameters Argument handling
POSITIONAL_ARGS=()
ORIGINAL_ARGS=("$@")grep -i "hirs_db_password" /etc/hirs/aca/aca.properties
while [[ $# -gt 0 ]]; do
case $1 in
-sd|--skip-db)
@ -65,8 +63,6 @@ while [[ $# -gt 0 ]]; do
esac
done
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
# Check for existing installation folders and exist if found
if [ -z $ARG_UNATTEND ]; then
if [ -d "/etc/hirs" ]; then

0
package/scripts/aca/check_for_aca.sh → package/linux/aca/check_for_aca.sh
View File

34
package/scripts/db/db_create.sh → package/linux/db/db_create.sh
View File

@ -34,8 +34,8 @@ SSL_DB_CLIENT_KEY="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_db_clien
mkdir -p /etc/hirs/aca/
mkdir -p /var/log/hirs/
source $ACA_PROP_FILE
source $SCRIPT_DIR/mysql_util.sh
source $ACA_PROP_FILE
source /etc/os-release
# Setup distro specifc paths and variables
@ -60,7 +60,6 @@ check_mysql_root_pwd () {
if [ -z "$HIRS_MYSQL_ROOT_PWD" ]; then
# Check if property file exists and look for properties
if [ -f $ACA_PROP_FILE ]; then
echo "Found existing aca.properties, using existing variables..."
source $ACA_PROP_FILE
if [ ! -z $hirs_pki_password ]; then PKI_PASS=$hirs_pki_password; fi
if [ ! -z $mysql_admin_password ]; then HIRS_MYSQL_ROOT_PWD=$mysql_admin_password; fi
@ -91,6 +90,7 @@ check_mysql_root_pwd () {
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
echo "Using system variable supplied password" | tee -a "$LOG_FILE"
fi
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
@ -115,11 +115,14 @@ set_mysql_server_tls () {
chown mysql:mysql $SSL_DB_SRV_CHAIN $SSL_DB_SRV_CERT $SSL_DB_SRV_KEY
# Make selinux contexts for config files, if selinux is enabled
if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
selinuxenabled
command -v selinuxenabled > /dev/null
if [ $? -eq 0 ]; then
semanage fcontext -a -t mysqld_etc_t $DB_SRV_CONF > /dev/null #adds the context type to file
restorecon -v -F $DB_SRV_CONF > /dev/null # changes the file's context type
fi
selinuxenabled
if [ $? -eq 0 ]; then
#semanage fcontext -a -t mysqld_etc_t $DB_SRV_CONF > /dev/null #adds the context type to file
restorecon -v -F $DB_SRV_CONF > /dev/null # changes the file's context type
fi
fi
fi
else
echo "mysql.cnf contians existing entry for ssl, skipping..." | tee -a "$LOG_FILE"
@ -136,12 +139,15 @@ if [[ $(cat "$DB_CLIENT_CONF" | grep -c "HIRS") < 1 ]]; then
chown mysql:mysql $SSL_DB_CLIENT_CHAIN $SSL_DB_CLIENT_CERT $SSL_DB_CLIENT_KEY
# Make selinux contexts for config files, if selinux is enabled
if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
selinuxenabled
command -v selinuxenabled > /dev/null
if [ $? -eq 0 ]; then
semanage fcontext -a -t mysqld_etc_t $DB_CLIENT_CONFf > /dev/null #adds the context type to file
selinuxenabled
if [ $? -eq 0 ]; then
#semanage fcontext -a -t mysqld_etc_t $DB_CLIENT_CONF > /dev/null #adds the context type to file
restorecon -F $DB_CLIENT_CONF > /dev/null #changes the file's context type
fi
fi
fi
fi
fi
}
@ -177,7 +183,7 @@ set_hirs_db_pwd () {
# Create a hirs_db with client side TLS enabled
create_hirs_db_with_tls () {
# Check if hirs_db not created and create it if it wasn't
mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" > /dev/null 2>&1
mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" >> $LOG_FILE 2>&1
if [ $? -eq 0 ]; then
echo "hirs_db exists, skipping hirs_db create"
else
@ -219,16 +225,16 @@ fi
}
# HIRS ACA Mysqld processing ...
check_systemd -p
check_mariadb_install
check_for_container -p
set_mysql_server_tls
set_mysql_client_tls
start_mysqlsd
check_mysql
check_mysql_root_pwd
clear_hirs_user
set_hirs_db_pwd
set_mysql_server_tls
set_mysql_client_tls
create_hirs_db_with_tls
create_hibernate_url "RSA" "hirs_db"
mysqld_reboot

0
package/scripts/db/db_create.sql → package/linux/db/db_create.sql
View File

8
package/scripts/db/db_drop.sh → package/linux/db/db_drop.sh
View File

@ -10,6 +10,8 @@ DB_ADMIN_PWD=$1
source $SCRIPT_DIR/mysql_util.sh
source /etc/os-release
check_systemd
# Check for sudo or root user, not actually needed but a good idea
if [ "$EUID" -ne 0 ]
then echo "This script requires root. Please run as root"
@ -53,7 +55,5 @@ grep -v "hirs" $DB_CLIENT_CONF > tmpfile && mv tmpfile $DB_CLIENT_CONF
echo "restarting mariadb"
mysql -u root -e "SHUTDOWN"
sleep 2
check_for_container
start_mysqlsd
mysqld_reboot

0
package/scripts/db/db_drop.sql → package/linux/db/db_drop.sql
View File

234
package/linux/db/mysql_util.sh Executable file
View File

@ -0,0 +1,234 @@
#!/bin/bash
#####################################################################################
#
# Functions to check mysql and start if not running.
# Also a function for checking if running in a container
#
#####################################################################################
SQL_SERVICE="mariadb"
# Checks to see if systemctl is available
# -p to print status
check_systemd () {
DB_SERVICE=false
PRINT_STATUS=$1
# Check if systemctl is present (not present in a Docker container)
if [[ $(ps --no-headers -o comm 1) == "systemd" ]]; then
systemctl is-active --quiet mariadb
if [[ $? -eq 0 ]]; then
DB_SERVICE=true
fi
fi
if [[ $PRINT_STATUS == "-p" ]] && [[ $DB_SERVICE == "true" ]]; then echo "Systemd:MariaDB service is available" | tee -a "$LOG_FILE"; fi
if [[ $PRINT_STATUS == "-p" ]] && [[ $DB_SERVICE == "false" ]]; then echo "Systemd:MariaDB service is NOT available" | tee -a "$LOG_FILE"; fi
if [ -d /opt/hirs/aca/scripts/db ]; then
MYSQL_DIR="/opt/hirs/aca/scripts/db"
else
MYSQL_DIR="$SCRIPT_DIR/../db"
fi
}
# Check for mysql command line
check_mariadb_install () {
type mysql >/dev/null 2>&1 && installed=true || installed=false
if [ $installed = true ]; then
echo "mysql has been installed"
else
echo "mysql has NOT been installed, aborting install"
exit 1;
fi
}
# Starts mariadb during intial install
start_mysqlsd () {
PRINT_STATUS=$1
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
# Make sure log file has correct permissions
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
if [ $DB_SERVICE = true ]; then
systemctl is-active --quiet mariadb
if [[ $? -ne 0 ]]; then
echo "mariadb service not running , attempting to restart"
systemctl start mariadb >> "$LOG_FILE";
sleep 2
fi
else # Not using Systemd
# Check if mysql is already running, if not initialize
if [[ $(pgrep -c $PROCESS) -eq 0 ]]; then
# Check if mariadb is setup
if [ ! -d "/var/lib/mysql/mysql/" ]; then
echo "Installing mariadb" | tee -a "$LOG_FILE";
/usr/bin/mysql_install_db >> "$LOG_FILE"
fi
if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
echo "Attempting to start mariadb process..." | tee -a "$LOG_FILE";
fi
fi
}
# Basic check for marai db status, attempts restart if not running
check_mysql () {
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
echo "Checking mysqld status..."
if [ $DB_SERVICE = true ]; then
systemctl is-active --quiet mariadb
if [[ $? -ne 0 ]]; then
echo "mariadb service not running , attempting to restart"
systemctl start mariadb
fi
else # No systemctl
if [[ $(pgrep -c $PROCESS ) -eq 0 ]]; then
echo "mariadb process not running , attempting to restart"
chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
fi
fi
if [ $DB_SERVICE = true ]; then
systemctl is-active --quiet mariadb
if [[ $? -eq 0 ]]; then
echo "mariadb service started" | tee -a "$LOG_FILE";
fi
else
# Wait for mysql to start before continuing.
count=1;
if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
until mysqladmin ping -h "localhost" --silent ; do
((count++))
if [[ $count -gt 20 ]]; then
break;
fi
sleep 1;
done
if [[ $count -gt 20 ]]; then
echo "Timed out waiting for Mariadb to respond" | tee -a "$LOG_FILE";
exit 1;
else
echo "Mariadb started" | tee -a "$LOG_FILE";
fi
fi
}
# Check for mysql root password , abort if not available
check_mysql_root () {
if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
if [ ! -f /etc/hirs/aca/aca.properties ]; then
echo "aca.properties does not exist." | tee -a "$LOG_FILE";
else
source /etc/hirs/aca/aca.properties;
DB_ADMIN_PWD=$mysql_admin_password
fi
else #HIRS_MYSQL_ROOT_PWD set
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
fi
# Allow user to enter password if not using env variabel or file
if [ -z $DB_ADMIN_PWD ]; then
read -p "Enter mysql root password" DB_ADMIN_PWD
else
DB_ADMIN_PWD=$mysql_admin_password
fi
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo "root password verified" | tee -a "$LOG_FILE"
else
echo "MYSQL root password was not the default, not supplied, or was incorrect"
echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
echo " ********** ACA Mysql setup aborted ********" ;
exit 1;
fi
}
check_db_cleared () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo " Empty Mysql root password verified" | tee -a "$LOG_FILE"
else
echo " Mysql Root password is not empty" | tee -a "$LOG_FILE";
fi
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
echo " hirs_db user exists" | tee -a "$LOG_FILE";
else
echo " hirs_db user does not exist" | tee -a "$LOG_FILE";
fi
HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
echo " hirs_db databse exists" | tee -a "$LOG_FILE";
else
echo " hirs_db database does not exists" | tee -a "$LOG_FILE";
fi
}
clear_hirs_user () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
echo "hirs_db user found and deleted"
fi
fi
}
clear_hirs_db () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
fi
}
wait_for_mysql () {
echo "Waiting for Mariadb..." | tee -a "$LOG_FILE";
count=0
until [ "mysqladmin ping -h localhost --silent" ] || [ "$count" -gt 20 ]; do
((count++))
sleep 1
done
if [[ $count -gt 20 ]]; then
echo "Timed out waiting for Mysqld to respond" | tee -a "$LOG_FILE";
else
echo "Mariadb started" | tee -a "$LOG_FILE";
fi
}
# restart maraidb
mysqld_reboot () {
# reboot mysql server
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
echo "Restarting Mariadb ...." | tee -a "$LOG_FILE";
if [ $DB_SERVICE = true ]; then
echo "Shutting down and restarting mysql service" | tee -a "$LOG_FILE";
systemctl stop mariadb >> "$LOG_FILE";
sleep 2
systemctl start mariadb >> "$LOG_FILE";
else # No systemd
echo "Shutting down and restarting mysql process" | tee -a "$LOG_FILE";
mysql -u root --password=$DB_ADMIN_PWD -e "SHUTDOWN"
sleep 1
# Make sure mysql has stopped
if [[ $(pgrep -c $PROCESS) -ne 0 ]]; then
pkill $PROCESS
fi
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
sleep 1
check_mysql
wait_for_mysql
fi
}

0
package/scripts/db/secure_mysql.sql → package/linux/db/secure_mysql.sql
View File

0
package/scripts/pki/ca.conf → package/linux/pki/ca.conf
View File

0
package/scripts/pki/pki_chain_gen.sh → package/linux/pki/pki_chain_gen.sh
View File

0
package/scripts/pki/pki_setup.sh → package/linux/pki/pki_setup.sh
View File

203
package/scripts/db/mysql_util.sh
View File

@ -1,203 +0,0 @@
#!/bin/bash
#####################################################################################
#
# Functions to check mysql and start if not running.
# Also a function for checking if running in a container
#
#####################################################################################
SQL_SERVICE="mariadb"
# Checks to see if running in a container
# -p to print status
check_for_container () {
PRINT_STATUS=$1
# Check if we're in a Docker container
command -v systemctl
if [[ $? -eq 0 ]]; then
#if [[ $(cat /proc/1/cgroup | head -n 1) == *"docker"* ]] || [[ -f /.dockerenv ]]; then
DOCKER_CONTAINER=true
if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is running in a container..." | tee -a "$LOG_FILE"; fi
else
DOCKER_CONTAINER=false
if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is not running in a container..." | tee -a "$LOG_FILE"; fi
fi
if [ -d /opt/hirs/scripts/db ]; then
MYSQL_DIR="/opt/hirs/scripts/db"
else
MYSQL_DIR="$SCRIPT_DIR/../db"
fi
}
# Check for mysql command line
check_mariadb_install () {
type mysql >/dev/null 2>&1 && installed=true || installed=false
if [ $installed = true ]; then
echo "mysql has been installed"
else
echo "mysql has NOT been installed, aborting install"
exit 1;
fi
}
# Starts mariadb during intial install
start_mysqlsd () {
PRINT_STATUS=$1
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
# Make sure log file has correct permissions
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
# Check if mysql is already running, if not initialize
if [[ $(pgrep -c -u mysql $PROCESS) -eq 0 ]]; then
# Check if running in a container
if [ $DOCKER_CONTAINER = true ]; then
# if in Docker container, avoid services that invoke the D-Bus
# Check if mariadb is setup
if [ ! -d "/var/lib/mysql/mysql/" ]; then
echo "Installing mariadb"
/usr/bin/mysql_install_db >> "$LOG_FILE"
fi
if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
echo "Attempting to start mariadb"
else #not a container
systemctl enable $SQL_SERVICE & >> "$LOG_FILE";
systemctl start $SQL_SERVICE & >> "$LOG_FILE";
fi
else # mysql process is running
# check if mysql service is running
if [ ! $DOCKER_CONTAINER = true ]; then
DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
if [ $DB_STATUS -eq 0 ]; then
echo "mariadb not running , attempting to restart"
systemctl start mariadb >> "$LOG_FILE";
sleep 2
fi
fi # non contanier mysql start
fi
}
# Basic check for marai db status, attempts restart if not running
check_mysql () {
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
echo "Checking mysqld status..."
if [ $DOCKER_CONTAINER = true ]; then
if [[ $(pgrep -c -u mysql $PROCESS ) -eq 0 ]]; then
echo "mariadb not running , attempting to restart"
chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
fi
else # not in a contianer
DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
if [ $DB_STATUS -eq 0 ]; then
echo "mariadb not running , attempting to restart"
systemctl start mariadb
fi
fi
# Wait for mysql to start before continuing.
count=1;
if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
until mysqladmin ping -h "localhost" --silent ; do
((count++))
if [[ $count -gt 20 ]]; then
break;
fi
sleep 1;
done
if [[ $count -gt 20 ]]; then
echo "Timed out waiting for Mariadb to respond"
exit 1;
else
echo "Mariadb started"
fi
}
# Check for mysql root password , abort if not available
check_mysql_root () {
if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
if [ ! -f /etc/hirs/aca/aca.properties ]; then
echo "aca.properties does not exist."
else
source /etc/hirs/aca/aca.properties;
DB_ADMIN_PWD=$mysql_admin_password
fi
else #HIRS_MYSQL_ROOT_PWD set
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
fi
# Allow user to enter password if not using env variabel or file
if [ -z $DB_ADMIN_PWD ]; then
read -p "Enter mysql root password" DB_ADMIN_PWD
else
DB_ADMIN_PWD=$mysql_admin_password
fi
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo "root password verified" | tee -a "$LOG_FILE"
else
echo "MYSQL root password was not the default, not supplied, or was incorrect"
echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
echo " ********** ACA Mysql setup aborted ********" ;
exit 1;
fi
}
check_db_cleared () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo " Empty root password verified" | tee -a "$LOG_FILE"
else
echo " Mysql Root password is not empty"
fi
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
echo " hirs_db user exists"
else
echo " hirs_db user does not exist"
fi
HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
echo " hirs_db databse exists"
else
echo " hirs_db database does not exists"
fi
}
clear_hirs_user () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
echo "hirs_db user found and deleted"
fi
fi
}
clear_hirs_db () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
fi
}
# restart maraidb
mysqld_reboot () {
# reboot mysql server
mysql -u root --password=$DB_ADMIN_PWD -e "SHUTDOWN"
sleep 2
check_for_container
start_mysqlsd >> "$LOG_FILE";
}