ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-20 05:28:22 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fixed selinux issue for Rocky 9 and Mysql restart for Ubuntu install

Browse Source
This commit is contained in:
iadgovuser26 2024-03-13 13:49:42 -04:00
parent ae1167b3f5
commit 2b7fee432a
16 changed files with 283 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HIRS_AttestationCAPortal/build.gradle
View File

@ -119,7 +119,7 @@ ospackage {
} }
// copy setup scripts to /opt/hirs/aca // copy setup scripts to /opt/hirs/aca
into ('/opt/hirs/aca/scripts/') { into ('/opt/hirs/aca/scripts/') {
from '../package/scripts/' from '../package/linux/'
} }
// copy the war file into /opt/hirs/aca // copy the war file into /opt/hirs/aca
into ('/opt/hirs/aca/') { into ('/opt/hirs/aca/') {
@ -147,7 +147,7 @@ ospackage {
postTrans 'firewall-cmd --add-port=8443/tcp --permanent' postTrans 'firewall-cmd --add-port=8443/tcp --permanent'
postTrans 'firewall-cmd --reload' postTrans 'firewall-cmd --reload'
postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u' postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
postTrans '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &' postTrans 'bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
// add chrontab to run ACA at boot // add chrontab to run ACA at boot
postTrans 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab' postTrans 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
postTrans 'chmod +x /opt/hirs/aca/scripts/aca/*' postTrans 'chmod +x /opt/hirs/aca/scripts/aca/*'

2
package/scripts/aca/aca_bootRun.sh → package/linux/aca/aca_bootRun.sh
View File

@ -87,7 +87,7 @@ if [ $ALG = "RSA" ]; then
ALIAS="hirs_aca_tls_ecc_512_sha384" ALIAS="hirs_aca_tls_ecc_512_sha384"
fi fi
check_for_container check_systemd
start_mysqlsd start_mysqlsd
if [ ! -d "$CERT_PATH" ]; then if [ ! -d "$CERT_PATH" ]; then

16
package/scripts/aca/aca_check_setup.sh → package/linux/aca/aca_check_setup.sh
View File

@ -5,6 +5,7 @@
############################################################################################ ############################################################################################
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; ) SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
LOG_FILE=/dev/null LOG_FILE=/dev/null
CERT_PATH="/etc/hirs/certificates/HIRS/" CERT_PATH="/etc/hirs/certificates/HIRS/"
RSA_PATH=rsa_3k_sha384_certs RSA_PATH=rsa_3k_sha384_certs
@ -100,6 +101,8 @@ echo "Checking HIRS ACA Setup on this device..."
echo "HIRS ACA was NOT installed via an OS package on this device" echo "HIRS ACA was NOT installed via an OS package on this device"
fi fi
check_systemd -p
# Check install setup pki files # Check install setup pki files
if [ ! -d $CERT_PATH ]; then if [ ! -d $CERT_PATH ]; then
check_db_cleared check_db_cleared
@ -179,7 +182,7 @@ check_cert () {
ALL_CERTS_PASSED=false ALL_CERTS_PASSED=false
fi fi
if [ ! -z "${ARG_VERBOSE}" ]; then if [ ! -z "${ARG_VERBOSE}" ]; then
echo " "$RESULT echo " "$RESULTACA_PROP_FILE
fi fi
} }
@ -241,7 +244,7 @@ check_db () {
if [ "$RESULT" == "YES" ]; then if [ "$RESULT" == "YES" ]; then
echo " Mysql Server side TLS is enabled:" echo " Mysql Server side TLS is enabled:"
else else
echo " Mysql Sever side TLS is NOT enabled:" echo " Mysql Server side TLS is NOT enabled:"
ALL_CHECKS_PASSED=false ALL_CHECKS_PASSED=false
fi fi
@ -267,7 +270,6 @@ check_db () {
echo "MYSQL Log:" echo "MYSQL Log:"
mysql -u root --password=$mysql_admin_password -e "SHOW GLOBAL VARIABLES LIKE 'log_error'" mysql -u root --password=$mysql_admin_password -e "SHOW GLOBAL VARIABLES LIKE 'log_error'"
fi fi
} }
# Check selinux status and files that require specific contexts # Check selinux status and files that require specific contexts
@ -276,6 +278,8 @@ check_selinux () {
echo "Skipping selinux check on ubuntu" echo "Skipping selinux check on ubuntu"
return return
fi fi
command -v setenforce >> /dev/null
if [ $? -eq 0 ]; then
SELINUXSTATUS=$(getenforce) SELINUXSTATUS=$(getenforce)
DB_SRV_CONTEXT=$(ls -Z $DB_SRV_CONF) DB_SRV_CONTEXT=$(ls -Z $DB_SRV_CONF)
DB_CLIENT_CONTEXT=$(ls -Z $DB_CLIENT_CONF) DB_CLIENT_CONTEXT=$(ls -Z $DB_CLIENT_CONF)
@ -294,14 +298,16 @@ check_selinux () {
else else
echo " Selinux is in NOT in Enforcing mode." echo " Selinux is in NOT in Enforcing mode."
fi fi
fi
} }
check_fips () { check_fips () {
echo "Checking FIPS mode on this device..." echo "Checking FIPS mode on this device..."
echo " "$(sysctl -a | grep crypto.fips_enabled) fips=$(sysctl -a 2>&1 | grep crypto.fips_enabled)
echo " "$fips
} }
# Run Checks # Run Checks
check_for_container -p
check_pwds check_pwds
check_pki check_pki
check_mysql_setup check_mysql_setup

0
package/scripts/aca/aca_remove_setup.sh → package/linux/aca/aca_remove_setup.sh
View File

4
package/scripts/aca/aca_setup.sh → package/linux/aca/aca_setup.sh
View File

@ -31,8 +31,6 @@ help () {
} }
# Process parameters Argument handling # Process parameters Argument handling
POSITIONAL_ARGS=()
ORIGINAL_ARGS=("$@")grep -i "hirs_db_password" /etc/hirs/aca/aca.properties
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case $1 in case $1 in
-sd|--skip-db) -sd|--skip-db)
@ -65,8 +63,6 @@ while [[ $# -gt 0 ]]; do
esac esac
done done
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
# Check for existing installation folders and exist if found # Check for existing installation folders and exist if found
if [ -z $ARG_UNATTEND ]; then if [ -z $ARG_UNATTEND ]; then
if [ -d "/etc/hirs" ]; then if [ -d "/etc/hirs" ]; then

0
package/scripts/aca/check_for_aca.sh → package/linux/aca/check_for_aca.sh
View File

24
package/scripts/db/db_create.sh → package/linux/db/db_create.sh
View File

@ -34,8 +34,8 @@ SSL_DB_CLIENT_KEY="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_db_clien
mkdir -p /etc/hirs/aca/ mkdir -p /etc/hirs/aca/
mkdir -p /var/log/hirs/ mkdir -p /var/log/hirs/
source $SCRIPT_DIR/mysql_util.sh
source $ACA_PROP_FILE source $ACA_PROP_FILE
source $SCRIPT_DIR/mysql_util.sh
source /etc/os-release source /etc/os-release
# Setup distro specifc paths and variables # Setup distro specifc paths and variables
@ -60,7 +60,6 @@ check_mysql_root_pwd () {
if [ -z "$HIRS_MYSQL_ROOT_PWD" ]; then if [ -z "$HIRS_MYSQL_ROOT_PWD" ]; then
# Check if property file exists and look for properties # Check if property file exists and look for properties
if [ -f $ACA_PROP_FILE ]; then if [ -f $ACA_PROP_FILE ]; then
echo "Found existing aca.properties, using existing variables..."
source $ACA_PROP_FILE source $ACA_PROP_FILE
if [ ! -z $hirs_pki_password ]; then PKI_PASS=$hirs_pki_password; fi if [ ! -z $hirs_pki_password ]; then PKI_PASS=$hirs_pki_password; fi
if [ ! -z $mysql_admin_password ]; then HIRS_MYSQL_ROOT_PWD=$mysql_admin_password; fi if [ ! -z $mysql_admin_password ]; then HIRS_MYSQL_ROOT_PWD=$mysql_admin_password; fi
@ -91,6 +90,7 @@ check_mysql_root_pwd () {
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
echo "Using system variable supplied password" | tee -a "$LOG_FILE" echo "Using system variable supplied password" | tee -a "$LOG_FILE"
fi fi
# Make sure root password is correct # Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null); $(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
@ -115,12 +115,15 @@ set_mysql_server_tls () {
chown mysql:mysql $SSL_DB_SRV_CHAIN $SSL_DB_SRV_CERT $SSL_DB_SRV_KEY chown mysql:mysql $SSL_DB_SRV_CHAIN $SSL_DB_SRV_CERT $SSL_DB_SRV_KEY
# Make selinux contexts for config files, if selinux is enabled # Make selinux contexts for config files, if selinux is enabled
if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
command -v selinuxenabled > /dev/null
if [ $? -eq 0 ]; then
selinuxenabled selinuxenabled
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
semanage fcontext -a -t mysqld_etc_t $DB_SRV_CONF > /dev/null #adds the context type to file #semanage fcontext -a -t mysqld_etc_t $DB_SRV_CONF > /dev/null #adds the context type to file
restorecon -v -F $DB_SRV_CONF > /dev/null # changes the file's context type restorecon -v -F $DB_SRV_CONF > /dev/null # changes the file's context type
fi fi
fi fi
fi
else else
echo "mysql.cnf contians existing entry for ssl, skipping..." | tee -a "$LOG_FILE" echo "mysql.cnf contians existing entry for ssl, skipping..." | tee -a "$LOG_FILE"
fi fi
@ -136,13 +139,16 @@ if [[ $(cat "$DB_CLIENT_CONF" | grep -c "HIRS") < 1 ]]; then
chown mysql:mysql $SSL_DB_CLIENT_CHAIN $SSL_DB_CLIENT_CERT $SSL_DB_CLIENT_KEY chown mysql:mysql $SSL_DB_CLIENT_CHAIN $SSL_DB_CLIENT_CERT $SSL_DB_CLIENT_KEY
# Make selinux contexts for config files, if selinux is enabled # Make selinux contexts for config files, if selinux is enabled
if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
command -v selinuxenabled > /dev/null
if [ $? -eq 0 ]; then
selinuxenabled selinuxenabled
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
semanage fcontext -a -t mysqld_etc_t $DB_CLIENT_CONFf > /dev/null #adds the context type to file #semanage fcontext -a -t mysqld_etc_t $DB_CLIENT_CONF > /dev/null #adds the context type to file
restorecon -F $DB_CLIENT_CONF > /dev/null #changes the file's context type restorecon -F $DB_CLIENT_CONF > /dev/null #changes the file's context type
fi fi
fi fi
fi fi
fi
} }
# Process HIRS DB USER # Process HIRS DB USER
@ -177,7 +183,7 @@ set_hirs_db_pwd () {
# Create a hirs_db with client side TLS enabled # Create a hirs_db with client side TLS enabled
create_hirs_db_with_tls () { create_hirs_db_with_tls () {
# Check if hirs_db not created and create it if it wasn't # Check if hirs_db not created and create it if it wasn't
mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" > /dev/null 2>&1 mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" >> $LOG_FILE 2>&1
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo "hirs_db exists, skipping hirs_db create" echo "hirs_db exists, skipping hirs_db create"
else else
@ -219,16 +225,16 @@ fi
} }
# HIRS ACA Mysqld processing ... # HIRS ACA Mysqld processing ...
check_systemd -p
check_mariadb_install check_mariadb_install
check_for_container -p
set_mysql_server_tls
set_mysql_client_tls
start_mysqlsd start_mysqlsd
check_mysql check_mysql
check_mysql_root_pwd check_mysql_root_pwd
clear_hirs_user clear_hirs_user
set_hirs_db_pwd set_hirs_db_pwd
set_mysql_server_tls
set_mysql_client_tls
create_hirs_db_with_tls create_hirs_db_with_tls
create_hibernate_url "RSA" "hirs_db" create_hibernate_url "RSA" "hirs_db"
mysqld_reboot mysqld_reboot

0
package/scripts/db/db_create.sql → package/linux/db/db_create.sql
View File

8
package/scripts/db/db_drop.sh → package/linux/db/db_drop.sh
View File

@ -10,6 +10,8 @@ DB_ADMIN_PWD=$1
source $SCRIPT_DIR/mysql_util.sh source $SCRIPT_DIR/mysql_util.sh
source /etc/os-release source /etc/os-release
check_systemd
# Check for sudo or root user, not actually needed but a good idea # Check for sudo or root user, not actually needed but a good idea
if [ "$EUID" -ne 0 ] if [ "$EUID" -ne 0 ]
then echo "This script requires root. Please run as root" then echo "This script requires root. Please run as root"
@ -53,7 +55,5 @@ grep -v "hirs" $DB_CLIENT_CONF > tmpfile && mv tmpfile $DB_CLIENT_CONF
echo "restarting mariadb" echo "restarting mariadb"
mysql -u root -e "SHUTDOWN" mysqld_reboot
sleep 2
check_for_container
start_mysqlsd

0
package/scripts/db/db_drop.sql → package/linux/db/db_drop.sql
View File

234
package/linux/db/mysql_util.sh Executable file
View File

@ -0,0 +1,234 @@
#!/bin/bash
#####################################################################################
#
# Functions to check mysql and start if not running.
# Also a function for checking if running in a container
#
#####################################################################################
SQL_SERVICE="mariadb"
# Checks to see if systemctl is available
# -p to print status
check_systemd () {
DB_SERVICE=false
PRINT_STATUS=$1
# Check if systemctl is present (not present in a Docker container)
if [[ $(ps --no-headers -o comm 1) == "systemd" ]]; then
systemctl is-active --quiet mariadb
if [[ $? -eq 0 ]]; then
DB_SERVICE=true
fi
fi
if [[ $PRINT_STATUS == "-p" ]] && [[ $DB_SERVICE == "true" ]]; then echo "Systemd:MariaDB service is available" | tee -a "$LOG_FILE"; fi
if [[ $PRINT_STATUS == "-p" ]] && [[ $DB_SERVICE == "false" ]]; then echo "Systemd:MariaDB service is NOT available" | tee -a "$LOG_FILE"; fi
if [ -d /opt/hirs/aca/scripts/db ]; then
MYSQL_DIR="/opt/hirs/aca/scripts/db"
else
MYSQL_DIR="$SCRIPT_DIR/../db"
fi
}
# Check for mysql command line
check_mariadb_install () {
type mysql >/dev/null 2>&1 && installed=true || installed=false
if [ $installed = true ]; then
echo "mysql has been installed"
else
echo "mysql has NOT been installed, aborting install"
exit 1;
fi
}
# Starts mariadb during intial install
start_mysqlsd () {
PRINT_STATUS=$1
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
# Make sure log file has correct permissions
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
if [ $DB_SERVICE = true ]; then
systemctl is-active --quiet mariadb
if [[ $? -ne 0 ]]; then
echo "mariadb service not running , attempting to restart"
systemctl start mariadb >> "$LOG_FILE";
sleep 2
fi
else # Not using Systemd
# Check if mysql is already running, if not initialize
if [[ $(pgrep -c $PROCESS) -eq 0 ]]; then
# Check if mariadb is setup
if [ ! -d "/var/lib/mysql/mysql/" ]; then
echo "Installing mariadb" | tee -a "$LOG_FILE";
/usr/bin/mysql_install_db >> "$LOG_FILE"
fi
if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
echo "Attempting to start mariadb process..." | tee -a "$LOG_FILE";
fi
fi
}
# Basic check for marai db status, attempts restart if not running
check_mysql () {
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
echo "Checking mysqld status..."
if [ $DB_SERVICE = true ]; then
systemctl is-active --quiet mariadb
if [[ $? -ne 0 ]]; then
echo "mariadb service not running , attempting to restart"
systemctl start mariadb
fi
else # No systemctl
if [[ $(pgrep -c $PROCESS ) -eq 0 ]]; then
echo "mariadb process not running , attempting to restart"
chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
fi
fi
if [ $DB_SERVICE = true ]; then
systemctl is-active --quiet mariadb
if [[ $? -eq 0 ]]; then
echo "mariadb service started" | tee -a "$LOG_FILE";
fi
else
# Wait for mysql to start before continuing.
count=1;
if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
until mysqladmin ping -h "localhost" --silent ; do
((count++))
if [[ $count -gt 20 ]]; then
break;
fi
sleep 1;
done
if [[ $count -gt 20 ]]; then
echo "Timed out waiting for Mariadb to respond" | tee -a "$LOG_FILE";
exit 1;
else
echo "Mariadb started" | tee -a "$LOG_FILE";
fi
fi
}
# Check for mysql root password , abort if not available
check_mysql_root () {
if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
if [ ! -f /etc/hirs/aca/aca.properties ]; then
echo "aca.properties does not exist." | tee -a "$LOG_FILE";
else
source /etc/hirs/aca/aca.properties;
DB_ADMIN_PWD=$mysql_admin_password
fi
else #HIRS_MYSQL_ROOT_PWD set
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
fi
# Allow user to enter password if not using env variabel or file
if [ -z $DB_ADMIN_PWD ]; then
read -p "Enter mysql root password" DB_ADMIN_PWD
else
DB_ADMIN_PWD=$mysql_admin_password
fi
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo "root password verified" | tee -a "$LOG_FILE"
else
echo "MYSQL root password was not the default, not supplied, or was incorrect"
echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
echo " ********** ACA Mysql setup aborted ********" ;
exit 1;
fi
}
check_db_cleared () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo " Empty Mysql root password verified" | tee -a "$LOG_FILE"
else
echo " Mysql Root password is not empty" | tee -a "$LOG_FILE";
fi
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
echo " hirs_db user exists" | tee -a "$LOG_FILE";
else
echo " hirs_db user does not exist" | tee -a "$LOG_FILE";
fi
HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
echo " hirs_db databse exists" | tee -a "$LOG_FILE";
else
echo " hirs_db database does not exists" | tee -a "$LOG_FILE";
fi
}
clear_hirs_user () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
echo "hirs_db user found and deleted"
fi
fi
}
clear_hirs_db () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
fi
}
wait_for_mysql () {
echo "Waiting for Mariadb..." | tee -a "$LOG_FILE";
count=0
until [ "mysqladmin ping -h localhost --silent" ] || [ "$count" -gt 20 ]; do
((count++))
sleep 1
done
if [[ $count -gt 20 ]]; then
echo "Timed out waiting for Mysqld to respond" | tee -a "$LOG_FILE";
else
echo "Mariadb started" | tee -a "$LOG_FILE";
fi
}
# restart maraidb
mysqld_reboot () {
# reboot mysql server
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
echo "Restarting Mariadb ...." | tee -a "$LOG_FILE";
if [ $DB_SERVICE = true ]; then
echo "Shutting down and restarting mysql service" | tee -a "$LOG_FILE";
systemctl stop mariadb >> "$LOG_FILE";
sleep 2
systemctl start mariadb >> "$LOG_FILE";
else # No systemd
echo "Shutting down and restarting mysql process" | tee -a "$LOG_FILE";
mysql -u root --password=$DB_ADMIN_PWD -e "SHUTDOWN"
sleep 1
# Make sure mysql has stopped
if [[ $(pgrep -c $PROCESS) -ne 0 ]]; then
pkill $PROCESS
fi
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
sleep 1
check_mysql
wait_for_mysql
fi
}

0
package/scripts/db/secure_mysql.sql → package/linux/db/secure_mysql.sql
View File

0
package/scripts/pki/ca.conf → package/linux/pki/ca.conf
View File

0
package/scripts/pki/pki_chain_gen.sh → package/linux/pki/pki_chain_gen.sh
View File

0
package/scripts/pki/pki_setup.sh → package/linux/pki/pki_setup.sh
View File

203
package/scripts/db/mysql_util.sh
View File

@ -1,203 +0,0 @@
#!/bin/bash
#####################################################################################
#
# Functions to check mysql and start if not running.
# Also a function for checking if running in a container
#
#####################################################################################
SQL_SERVICE="mariadb"
# Checks to see if running in a container
# -p to print status
check_for_container () {
PRINT_STATUS=$1
# Check if we're in a Docker container
command -v systemctl
if [[ $? -eq 0 ]]; then
#if [[ $(cat /proc/1/cgroup | head -n 1) == *"docker"* ]] || [[ -f /.dockerenv ]]; then
DOCKER_CONTAINER=true
if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is running in a container..." | tee -a "$LOG_FILE"; fi
else
DOCKER_CONTAINER=false
if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is not running in a container..." | tee -a "$LOG_FILE"; fi
fi
if [ -d /opt/hirs/scripts/db ]; then
MYSQL_DIR="/opt/hirs/scripts/db"
else
MYSQL_DIR="$SCRIPT_DIR/../db"
fi
}
# Check for mysql command line
check_mariadb_install () {
type mysql >/dev/null 2>&1 && installed=true || installed=false
if [ $installed = true ]; then
echo "mysql has been installed"
else
echo "mysql has NOT been installed, aborting install"
exit 1;
fi
}
# Starts mariadb during intial install
start_mysqlsd () {
PRINT_STATUS=$1
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
# Make sure log file has correct permissions
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
# Check if mysql is already running, if not initialize
if [[ $(pgrep -c -u mysql $PROCESS) -eq 0 ]]; then
# Check if running in a container
if [ $DOCKER_CONTAINER = true ]; then
# if in Docker container, avoid services that invoke the D-Bus
# Check if mariadb is setup
if [ ! -d "/var/lib/mysql/mysql/" ]; then
echo "Installing mariadb"
/usr/bin/mysql_install_db >> "$LOG_FILE"
fi
if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
echo "Attempting to start mariadb"
else #not a container
systemctl enable $SQL_SERVICE & >> "$LOG_FILE";
systemctl start $SQL_SERVICE & >> "$LOG_FILE";
fi
else # mysql process is running
# check if mysql service is running
if [ ! $DOCKER_CONTAINER = true ]; then
DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
if [ $DB_STATUS -eq 0 ]; then
echo "mariadb not running , attempting to restart"
systemctl start mariadb >> "$LOG_FILE";
sleep 2
fi
fi # non contanier mysql start
fi
}
# Basic check for marai db status, attempts restart if not running
check_mysql () {
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
echo "Checking mysqld status..."
if [ $DOCKER_CONTAINER = true ]; then
if [[ $(pgrep -c -u mysql $PROCESS ) -eq 0 ]]; then
echo "mariadb not running , attempting to restart"
chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
/usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
fi
else # not in a contianer
DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
if [ $DB_STATUS -eq 0 ]; then
echo "mariadb not running , attempting to restart"
systemctl start mariadb
fi
fi
# Wait for mysql to start before continuing.
count=1;
if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
until mysqladmin ping -h "localhost" --silent ; do
((count++))
if [[ $count -gt 20 ]]; then
break;
fi
sleep 1;
done
if [[ $count -gt 20 ]]; then
echo "Timed out waiting for Mariadb to respond"
exit 1;
else
echo "Mariadb started"
fi
}
# Check for mysql root password , abort if not available
check_mysql_root () {
if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
if [ ! -f /etc/hirs/aca/aca.properties ]; then
echo "aca.properties does not exist."
else
source /etc/hirs/aca/aca.properties;
DB_ADMIN_PWD=$mysql_admin_password
fi
else #HIRS_MYSQL_ROOT_PWD set
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
fi
# Allow user to enter password if not using env variabel or file
if [ -z $DB_ADMIN_PWD ]; then
read -p "Enter mysql root password" DB_ADMIN_PWD
else
DB_ADMIN_PWD=$mysql_admin_password
fi
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo "root password verified" | tee -a "$LOG_FILE"
else
echo "MYSQL root password was not the default, not supplied, or was incorrect"
echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
echo " ********** ACA Mysql setup aborted ********" ;
exit 1;
fi
}
check_db_cleared () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo " Empty root password verified" | tee -a "$LOG_FILE"
else
echo " Mysql Root password is not empty"
fi
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
echo " hirs_db user exists"
else
echo " hirs_db user does not exist"
fi
HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
echo " hirs_db databse exists"
else
echo " hirs_db database does not exists"
fi
}
clear_hirs_user () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
echo "hirs_db user found and deleted"
fi
fi
}
clear_hirs_db () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
fi
}
# restart maraidb
mysqld_reboot () {
# reboot mysql server
mysql -u root --password=$DB_ADMIN_PWD -e "SHUTDOWN"
sleep 2
check_for_container
start_mysqlsd >> "$LOG_FILE";
}