diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle
index d233e301..e039d2e0 100644
--- a/HIRS_AttestationCAPortal/build.gradle
+++ b/HIRS_AttestationCAPortal/build.gradle
@@ -2,7 +2,7 @@ plugins {
id 'application'
id 'java'
id 'war'
- id 'com.netflix.nebula.ospackage' version '11.4.0'
+ id 'com.netflix.nebula.ospackage' version '11.8.0'
id 'org.springframework.boot' version '3.0.6'
id 'io.spring.dependency-management' version '1.1.0'
id 'checkstyle'
@@ -87,13 +87,20 @@ test {
useJUnitPlatform()
}
+task buildVersion() {
+ doLast {
+ def verFile = new File(projectDir, "build/VERSION")
+ verFile.write("${jarVersion}")
+ }
+}
+
ospackage {
packageName = 'HIRS_AttestationCA'
os = LINUX
arch = NOARCH
version = "$packVersion"
release = '1'
-
+
user 'root'
fileMode = 0755
@@ -108,39 +115,62 @@ ospackage {
// copy springboot property file
into ('/etc/hirs/aca/') {
from '../HIRS_AttestationCAPortal/src/main/resources/application.properties'
+ from 'build/VERSION'
}
// copy setup scripts to /opt/hirs/aca
into ('/opt/hirs/aca/scripts/') {
- from '../package/scripts/'
+ from '../package/linux/'
}
// copy the war file into /opt/hirs/aca
into ('/opt/hirs/aca/') {
from '../HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war'
user 'root'
- fileMode = 0755
+ fileMode = 0755
}
- // Post Install
- postInstall 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
- // add chrontab to run ACA at boot
- postInstall 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
- // run ACA after install
- postInstall '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
- postInstall 'chmod +x /opt/hirs/aca/scripts/aca/*'
- postInstall 'bash /opt/hirs/aca/scripts/aca/check_for_aca.sh'
- postInstall 'mkdir -p /etc/hirs/aca && touch /etc/hirs/aca/VERSION'
- postInstall "echo ${jarVersion} > /etc/hirs/aca/VERSION"
-
// Uninstall
preUninstall 'bash /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'
- postUninstall 'rm -rf /etc/hirs'
-
+ postUninstall 'if [ -d /etc/hirs ]; then rm -rf /etc/hirs; fi;'
+
buildRpm {
+ dependsOn ':HIRS_AttestationCAPortal:buildVersion'
+ dependsOn ':HIRS_AttestationCAPortal:bootWar'
arch = X86_64
+ // Required apps will be aut installed by dnf if not present
+ requires('java-17-openjdk', '17.0', GREATER | EQUAL)
+ requires('mariadb-server' , '10.3' , GREATER | EQUAL)
+ requires('procps-ng', '3.3.15', GREATER | EQUAL)
+ requires('alternatives', '1.19', GREATER | EQUAL)
+ // Post Trans stage (Occurs after required app and postInstall stage)
+ // Note postInstall wont wait forrequired apps
+ postTrans 'update-alternatives --set java java-17-openjdk.x86_64'
+ postTrans 'firewall-cmd --add-port=8443/tcp --permanent'
+ postTrans 'firewall-cmd --reload'
+ postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
+ postTrans 'bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
+ // add chrontab to run ACA at boot
+ postTrans 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
+ postTrans 'chmod +x /opt/hirs/aca/scripts/aca/*'
+ postTrans 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
+ // Wait for ACA to start up before finishing the install
+ postTrans 'bash /opt/hirs/aca/scripts/aca/check_for_aca.sh'
}
buildDeb {
+ dependsOn ':HIRS_AttestationCAPortal:buildVersion'
+ dependsOn ':HIRS_AttestationCAPortal:bootWar'
packageName = 'hirs-attestationca'
arch = 'amd64'
+ requires('openjdk-17-jdk', '17.0', GREATER | EQUAL)
+ requires('mariadb-server' , '10.3' , GREATER | EQUAL)
+ requires('curl')
+ // Install after required packages
+ postInstall 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
+ postInstall '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
+ postInstall 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
+ postInstall 'chmod +x /opt/hirs/aca/scripts/aca/*'
+ postInstall 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
+ // Wait for ACA to start up before finishing the install
+ postInstall 'bash /opt/hirs/aca/scripts/aca/check_for_aca.sh'
}
}
diff --git a/HIRS_AttestationCAPortal/src/main/resources/application.properties b/HIRS_AttestationCAPortal/src/main/resources/application.properties
index 97874ca2..1f574315 100644
--- a/HIRS_AttestationCAPortal/src/main/resources/application.properties
+++ b/HIRS_AttestationCAPortal/src/main/resources/application.properties
@@ -1,18 +1,16 @@
-
# Logging Config (tomcat may have further config)
-logging.level.org.springframework=TRACE
-logging.level.org.apache.catalina=TRACE
-logging.level.org.springframework.web: TRACE
-logging.level.org.hibernate: ERROR
+logging.level.org.springframework=ERROR
+logging.level.org.apache.catalina=ERROR
+logging.level.org.springframework.web=ERROR
+logging.level.org.hibernate=ERROR
logging.file.path=/var/log/hirs
-logging.file.name=hirs.spring.log
+logging.file.name=HIRS_AttestationCA_Portal.log
+
# Database Config
spring.jpa.hibernate.ddl-auto=update
jakarta.persistence.sharedCache.mode = UNSPECIFIED
spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-#spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
-#spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
-aca.certificates.validity = 3652
+
# Tomcat Config
server.tomcat.additional-tld-skip-patterns=jakarta.persistence-api*.jar, jakarta.xml.bind-api*.jar, txw2*.jar, *commons*.jar, *annotations*.jar, *checker*.jar, *lombok*.jar, *jsr*.jar, *guava*.jar, *access*.jar, *activation*.jar, *bcprov*.jar, *bcmail*.jar, *bcutil*.jar, *bcpkix*.jar, *json*.jar
server.tomcat.basedir=/opt/embeddedtomcat
@@ -37,16 +35,6 @@ server.ssl.key-store-type=JKS
server.ssl.key-store=/etc/hirs/certificates/HIRS/KeyStore.jks
server.ssl.key-alias=hirs_aca_tls_rsa_3k_sha384
-#--server.ssl.key-store-password=123456
-#--server.ssl.trust-store-password=123456
+# ACA specific default properties
+aca.certificates.validity = 3652
-#jdbc.driverClassName = com.mysql.cj.jdbc.Driver
-#jdbc.url = jdbc:mysql://localhost:3306/hirs_db?autoReconnect=true&useSSL=false
-#jdbc.username = root
-#jdbc.password = hirspass
-#entitymanager.packagesToScan: hirs.attestationca.portal.page.controllers
-#spring.jpa.hibernate.ddl-auto=update
-#spring.jpa.show-sql=true
-
-# DB dfault password.
-#spring.datasource.password=hirs_db
diff --git a/HIRS_AttestationCAPortal/src/main/resources/application.win.properties b/HIRS_AttestationCAPortal/src/main/resources/application.win.properties
index 4fea8333..edf19d21 100644
--- a/HIRS_AttestationCAPortal/src/main/resources/application.win.properties
+++ b/HIRS_AttestationCAPortal/src/main/resources/application.win.properties
@@ -1,8 +1,8 @@
# Logging Config (tomcat may have further config)
-logging.level.org.springframework=TRACE
-logging.level.org.apache.catalina=TRACE
-logging.level.org.springframework.web=TRACE
+logging.level.org.springframework=ERROR
+logging.level.org.apache.catalina=ERROR
+logging.level.org.springframework.web=ERROR
logging.level.org.hibernate=ERROR
logging.file.path=C:/ProgramData/hirs/log
logging.file.name=hirs.spring.log
diff --git a/HIRS_AttestationCAPortal/src/main/resources/log4j2-spring.xml b/HIRS_AttestationCAPortal/src/main/resources/log4j2-spring.xml
index 4b0c4e8a..8dec9345 100644
--- a/HIRS_AttestationCAPortal/src/main/resources/log4j2-spring.xml
+++ b/HIRS_AttestationCAPortal/src/main/resources/log4j2-spring.xml
@@ -5,7 +5,7 @@
+ filePattern="/var/log/hirs/HIRS_AttestationCA_Portal-%d{yyyy-MM-dd}-%i.log" >
%d{yyyy-MM-dd HH:mm:ss} [%C.%M] %-5p : %m%n
@@ -18,18 +18,18 @@
-
-
-
+
+
+
-
+
-
+
-
+
\ No newline at end of file
diff --git a/package/scripts/aca/aca_bootRun.sh b/package/linux/aca/aca_bootRun.sh
similarity index 94%
rename from package/scripts/aca/aca_bootRun.sh
rename to package/linux/aca/aca_bootRun.sh
index 441b010d..2dfa0dda 100755
--- a/package/scripts/aca/aca_bootRun.sh
+++ b/package/linux/aca/aca_bootRun.sh
@@ -87,7 +87,7 @@ if [ $ALG = "RSA" ]; then
ALIAS="hirs_aca_tls_ecc_512_sha384"
fi
-check_for_container
+check_systemd
start_mysqlsd
if [ ! -d "$CERT_PATH" ]; then
@@ -122,15 +122,15 @@ keyStore="$CLIENT_DB_P12" "
WEB_TLS_PARAMS="--server.ssl.key-store-password=$hirs_pki_password \
--server.ssl.trust-store-password=$hirs_pki_password"
-# uncomment to show spring boot and hibernate properties used as gradle argumanets
+# uncomment to show spring boot and hibernate properties used as gradle arguments
#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\""
if [ -z "$USE_WAR" ]; then
echo "Booting the ACA from local build..."
- # ./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
- ./gradlew bootRun --args="--spring.config.location=$SPRING_PROP_FILE"
-else
+ # ./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
+./gradlew bootRun --args="--spring.config.location=$SPRING_PROP_FILE"
+else
echo "Booting the ACA from a war file..."
# java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
-java -jar $WAR_PATH --spring.config.location=$SPRING_PROP_FILE
+java -jar $WAR_PATH --spring.config.location=$SPRING_PROP_FILE & disown -h
fi
diff --git a/package/scripts/aca/aca_check_setup.sh b/package/linux/aca/aca_check_setup.sh
similarity index 88%
rename from package/scripts/aca/aca_check_setup.sh
rename to package/linux/aca/aca_check_setup.sh
index d4a75c56..74a52212 100755
--- a/package/scripts/aca/aca_check_setup.sh
+++ b/package/linux/aca/aca_check_setup.sh
@@ -5,6 +5,7 @@
############################################################################################
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
+
LOG_FILE=/dev/null
CERT_PATH="/etc/hirs/certificates/HIRS/"
RSA_PATH=rsa_3k_sha384_certs
@@ -83,8 +84,11 @@ echo "Checking HIRS ACA Setup on this device..."
elif [ $ID = 'ubuntu' ]; then
echo "Ubuntu distro detected"
dpkg -l "hirs-attestationca" > /dev/null
+ elif [ $ID = 'rocky' ]; then
+ echo "Rocky distro detected"
+ rpm -q --quiet HIRS_AttestationCA
else
- echo "Unsupported OS Distro encountered"
+ echo "$ID OS distro encountered"
fi
if [ $? -eq 0 ]; then
echo "HIRS ACA was installed via an OS package on this device"
@@ -97,12 +101,14 @@ echo "Checking HIRS ACA Setup on this device..."
echo "HIRS ACA was NOT installed via an OS package on this device"
fi
+check_systemd -p
+
# Check install setup pki files
if [ ! -d $CERT_PATH ]; then
check_db_cleared
echo " $CERT_PATH directory does not exist."
echo " Exiting..."
- echo "Please run aca_setup.sh and try again"
+ echo "Please run aca_setup.sh or dnf/apt-get install HIRS_AttestationCA* and try again."
exit 1;
fi
@@ -150,6 +156,12 @@ check_mysql_setup () {
fi
if [ ! -z $mysql_admin_password ]; then
+ mysql -u root --password=$mysql_admin_password -e "STATUS;" &> /dev/null
+ if [ $? -eq 0 ]; then
+ echo "Mysql Root password verified"
+ else
+ echo "Mysql Root password verification failed!"
+ fi
if [ ! -z "${ARG_VERBOSE}" ]; then
echo "Mysql status:"
mysql -u root --password=$mysql_admin_password -e "STATUS;"
@@ -170,7 +182,7 @@ check_cert () {
ALL_CERTS_PASSED=false
fi
if [ ! -z "${ARG_VERBOSE}" ]; then
- echo " "$RESULT
+ echo " "$RESULTACA_PROP_FILE
fi
}
@@ -232,7 +244,7 @@ check_db () {
if [ "$RESULT" == "YES" ]; then
echo " Mysql Server side TLS is enabled:"
else
- echo " Mysql Sever side TLS is NOT enabled:"
+ echo " Mysql Server side TLS is NOT enabled:"
ALL_CHECKS_PASSED=false
fi
@@ -258,7 +270,6 @@ check_db () {
echo "MYSQL Log:"
mysql -u root --password=$mysql_admin_password -e "SHOW GLOBAL VARIABLES LIKE 'log_error'"
fi
-
}
# Check selinux status and files that require specific contexts
@@ -267,32 +278,36 @@ check_selinux () {
echo "Skipping selinux check on ubuntu"
return
fi
- SELINUXSTATUS=$(getenforce)
- DB_SRV_CONTEXT=$(ls -Z $DB_SRV_CONF)
- DB_CLIENT_CONTEXT=$(ls -Z $DB_CLIENT_CONF)
- echo "Checking device selinux status..."
- if [[ "$SELINUXSTATUS" == *"Enforcing"* ]]; then
- echo " Selinux is in Enforcing mode."
- if [[ "$DB_SRV_CONTEXT" == *"mysqld_etc_t"* && "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
+ command -v setenforce >> /dev/null
+ if [ $? -eq 0 ]; then
+ SELINUXSTATUS=$(getenforce)
+ DB_SRV_CONTEXT=$(ls -Z $DB_SRV_CONF)
+ DB_CLIENT_CONTEXT=$(ls -Z $DB_CLIENT_CONF)
+ echo "Checking device selinux status..."
+ if [[ "$SELINUXSTATUS" == *"Enforcing"* ]]; then
+ echo " Selinux is in Enforcing mode."
+ if [[ "$DB_SRV_CONTEXT" == *"mysqld_etc_t"* && "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
echo " Selinux status is $SELINUXSTATUS and both $DB_SRV_CONF and $DB_CLIENT_CONF contexts are correct"
- elif [[ "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
- echo " Selinux status is $SELINUXSTATUS and $DB_CLIENT_CONF context is incorrect: $DB_CLIENT_CONTEXT"
- ALL_CHECKS_PASSED=false
+ elif [[ "$DB_CLIENT_CONTEXT" == *"mysqld_etc_t"* ]]; then
+ echo " Selinux status is $SELINUXSTATUS and $DB_CLIENT_CONF context is incorrect: $DB_CLIENT_CONTEXT"
+ ALL_CHECKS_PASSED=false
else
echo " Selinux status is $SELINUXSTATUS and $DB_SRV_CONF context is incorrect: $DB_SRV_CONTEXT"
ALL_CHECKS_PASSED=false
fi
- else
+ else
echo " Selinux is in NOT in Enforcing mode."
fi
+ fi
}
check_fips () {
echo "Checking FIPS mode on this device..."
- echo " "$(sysctl -a | grep crypto.fips_enabled)
+ fips=$(sysctl -a 2>&1 | grep crypto.fips_enabled)
+ echo " "$fips
}
# Run Checks
-check_for_container -p
+
check_pwds
check_pki
check_mysql_setup
diff --git a/package/scripts/aca/aca_remove_setup.sh b/package/linux/aca/aca_remove_setup.sh
similarity index 63%
rename from package/scripts/aca/aca_remove_setup.sh
rename to package/linux/aca/aca_remove_setup.sh
index 01f38cfb..ce701792 100755
--- a/package/scripts/aca/aca_remove_setup.sh
+++ b/package/linux/aca/aca_remove_setup.sh
@@ -8,16 +8,28 @@
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
LOG_FILE=/dev/null
-
+LOG_DIR="/var/log/hirs/"
# Check for Admin privileges
if [ "$EUID" -ne 0 ]; then
echo "This script requires root. ACA setup not removed. Please run as root."
exit 1
fi
+if [ ! -d "/etc/hirs" ]; then
+ echo "/etc/hirs does not exist, aborting removal."
+ exit 1
+fi
+if [ ! -d "/opt/hirs" ]; then
+ echo "/opt/hirs does not exist, aborting removal."
+ exit 1
+fi
+
+
source $SCRIPT_DIR/../db/mysql_util.sh
-# Make sure myswl root password is available and set $DB_ADIM_PWD before continuing...
+# Make sure mysql root password is available before continuing...
+check_mariadb_install
+
check_mysql_root
# remove the hrs-db and hirs_db user
@@ -27,8 +39,19 @@ popd &>/dev/null
# remove pki files and config files if not installed by rpm
echo "Removing certificates and config files..."
-if [ ! -d /opt/hirs/aca ]; then
- rm -rf /etc/hirs
+
+# Remove /opt/hirs only if not configured by a package based install:
+if [ -f /opt/hirs/aca/VERSION ]; then
+ if [ -d "/etc/hirs" ]; then
+ rm -rf /etc/hirs >/dev/null 2>&1
+ fi
+ if [ -d "/opt/hirs" ]; then
+ rm -rf /opt/hirs >/dev/null 2>&1
+ fi
+fi
+
+if [ -d $LOG_DIR ]; then
+ rm -rf $LOG_DIR;
fi
# Remove crontab and current ACA process
diff --git a/package/scripts/aca/aca_setup.sh b/package/linux/aca/aca_setup.sh
similarity index 88%
rename from package/scripts/aca/aca_setup.sh
rename to package/linux/aca/aca_setup.sh
index ed1ef78b..6765681f 100755
--- a/package/scripts/aca/aca_setup.sh
+++ b/package/linux/aca/aca_setup.sh
@@ -2,7 +2,7 @@
#####################################################################################
#
# Script to create ACA setup files and configure the hirs_db database.
-#
+#
#
#####################################################################################
# Capture location of the script to allow from invocation from any location
@@ -31,8 +31,6 @@ help () {
}
# Process parameters Argument handling
-POSITIONAL_ARGS=()
-ORIGINAL_ARGS=("$@")
while [[ $# -gt 0 ]]; do
case $1 in
-sd|--skip-db)
@@ -59,13 +57,23 @@ while [[ $# -gt 0 ]]; do
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
- # shift # past argument
+ # shift # past argumfrom 'build/VERSION'ent
break
;;
esac
done
-set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
+# Check for existing installation folders and exist if found
+if [ -z $ARG_UNATTEND ]; then
+ if [ -d "/etc/hirs" ]; then
+ echo "/etc/hirs exists, aborting install."
+ exit 1
+ fi
+ if [ -d "/opt/hirs" ]; then
+ echo "/opt/hirs exists, aborting install."
+ exit 1
+ fi
+fi
mkdir -p $HIRS_CONF_DIR $LOG_DIR $HIRS_JSON_DIR $ACA_OPT_DIR
touch "$LOG_FILE"
@@ -88,8 +96,10 @@ fi
echo "HIRS ACA Setup initiated on $(date +%Y-%m-%d)" >> "$LOG_FILE"
# Create a version file for bootRun to use
-jarVersion=$(cat '../../../VERSION').$(date +%s).$(git rev-parse --short HEAD)
-echo $jarVersion > $ACA_VERSION_FILE
+if command -v git ; then
+ jarVersion=$(cat '../../../VERSION').$(date +%s).$(git rev-parse --short HEAD)
+ echo $jarVersion > $ACA_VERSION_FILE
+fi
# Set HIRS PKI password
if [ -z $HIRS_PKI_PWD ]; then
diff --git a/package/scripts/aca/check_for_aca.sh b/package/linux/aca/check_for_aca.sh
similarity index 100%
rename from package/scripts/aca/check_for_aca.sh
rename to package/linux/aca/check_for_aca.sh
diff --git a/package/scripts/db/db_create.sh b/package/linux/db/db_create.sh
similarity index 83%
rename from package/scripts/db/db_create.sh
rename to package/linux/db/db_create.sh
index 21cea242..97c1f21a 100755
--- a/package/scripts/db/db_create.sh
+++ b/package/linux/db/db_create.sh
@@ -34,8 +34,8 @@ SSL_DB_CLIENT_KEY="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_db_clien
mkdir -p /etc/hirs/aca/
mkdir -p /var/log/hirs/
+source $ACA_PROP_FILE
source $SCRIPT_DIR/mysql_util.sh
-source $ACA_PROP_FILE
source /etc/os-release
# Setup distro specifc paths and variables
@@ -60,7 +60,6 @@ check_mysql_root_pwd () {
if [ -z "$HIRS_MYSQL_ROOT_PWD" ]; then
# Check if property file exists and look for properties
if [ -f $ACA_PROP_FILE ]; then
- echo "Found existing aca.properties, using existing variables..."
source $ACA_PROP_FILE
if [ ! -z $hirs_pki_password ]; then PKI_PASS=$hirs_pki_password; fi
if [ ! -z $mysql_admin_password ]; then HIRS_MYSQL_ROOT_PWD=$mysql_admin_password; fi
@@ -91,6 +90,7 @@ check_mysql_root_pwd () {
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
echo "Using system variable supplied password" | tee -a "$LOG_FILE"
fi
+
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
@@ -114,12 +114,15 @@ set_mysql_server_tls () {
# Make sure mysql can access them
chown mysql:mysql $SSL_DB_SRV_CHAIN $SSL_DB_SRV_CERT $SSL_DB_SRV_KEY
# Make selinux contexts for config files, if selinux is enabled
- if [ $ID = "rhel" ]; then
- selinuxenabled
+ if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
+ command -v selinuxenabled > /dev/null
if [ $? -eq 0 ]; then
- semanage fcontext -a -t mysqld_etc_t $DB_SRV_CONF > /dev/null #adds the context type to file
- restorecon -v -F $DB_SRV_CONF > /dev/null # changes the file's context type
- fi
+ selinuxenabled
+ if [ $? -eq 0 ]; then
+ #semanage fcontext -a -t mysqld_etc_t $DB_SRV_CONF > /dev/null #adds the context type to file
+ restorecon -v -F $DB_SRV_CONF > /dev/null # changes the file's context type
+ fi
+ fi
fi
else
echo "mysql.cnf contians existing entry for ssl, skipping..." | tee -a "$LOG_FILE"
@@ -135,13 +138,16 @@ if [[ $(cat "$DB_CLIENT_CONF" | grep -c "HIRS") < 1 ]]; then
echo "ssl_key=$SSL_DB_CLIENT_KEY" >> $DB_CLIENT_CONF
chown mysql:mysql $SSL_DB_CLIENT_CHAIN $SSL_DB_CLIENT_CERT $SSL_DB_CLIENT_KEY
# Make selinux contexts for config files, if selinux is enabled
- if [ $ID = "rhel" ]; then
- selinuxenabled
+ if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
+ command -v selinuxenabled > /dev/null
if [ $? -eq 0 ]; then
- semanage fcontext -a -t mysqld_etc_t $DB_CLIENT_CONFf > /dev/null #adds the context type to file
+ selinuxenabled
+ if [ $? -eq 0 ]; then
+ #semanage fcontext -a -t mysqld_etc_t $DB_CLIENT_CONF > /dev/null #adds the context type to file
restorecon -F $DB_CLIENT_CONF > /dev/null #changes the file's context type
+ fi
fi
- fi
+ fi
fi
}
@@ -158,25 +164,31 @@ set_hirs_db_pwd () {
if [ -z $HIRS_DB_PWD ]; then
HIRS_DB_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9')
fi
-
- echo "hirs_db_username=hirs_db" >> $ACA_PROP_FILE
- echo "hirs_db_password=$HIRS_DB_PWD" >> $ACA_PROP_FILE
- echo "hibernate.connection.username=hirs_db" >> $SPRING_PROP_FILE
- echo "hibernate.connection.password=$HIRS_DB_PWD" >> $SPRING_PROP_FILE
+ # Add key/values only if they dont exist
+ if [[ $(grep -c "hirs_db_username" $ACA_PROP_FILE) -eq 0 ]]; then
+ echo "hirs_db_username=hirs_db" >> $ACA_PROP_FILE
+ fi
+ if [[ $(grep -c "hirs_db_password" $ACA_PROP_FILE) -eq 0 ]]; then
+ echo "hirs_db_password=$HIRS_DB_PWD" >> $ACA_PROP_FILE
+ fi
+ if [[ $(grep -c "hibernate.connection.username" $SPRING_PROP_FILE) -eq 0 ]]; then
+ echo "hibernate.connection.username=hirs_db" >> $SPRING_PROP_FILE
+ fi
+ if [[ $(grep -c "hibernate.connection.password" $SPRING_PROP_FILE) -eq 0 ]]; then
+ echo "hibernate.connection.password=$HIRS_DB_PWD" >> $SPRING_PROP_FILE
+ fi
fi
-
}
# Create a hirs_db with client side TLS enabled
create_hirs_db_with_tls () {
# Check if hirs_db not created and create it if it wasn't
- mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" > /dev/null 2>&1
+ mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" >> $LOG_FILE 2>&1
if [ $? -eq 0 ]; then
echo "hirs_db exists, skipping hirs_db create"
else
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_create.sql
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/secure_mysql.sql
-# mysql -u root --password=$DB_ADMIN_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;";
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR 'hirs_db'@'localhost' = PASSWORD('"$HIRS_DB_PWD"'); FLUSH PRIVILEGES;";
fi
}
@@ -207,18 +219,22 @@ keyStoreType=PKCS12&\
keyStorePassword=$PKI_PASS&\
keyStore="$CLIENT_DB_P12" "
-echo $CONNECTOR_URL >> $SPRING_PROP_FILE
+if [[ $(grep -c "hibernate.connection.url" $SPRING_PROP_FILE) -eq 0 ]]; then
+ echo $CONNECTOR_URL >> $SPRING_PROP_FILE
+fi
}
# HIRS ACA Mysqld processing ...
+check_systemd -p
check_mariadb_install
-check_for_container -p
-set_mysql_server_tls
-set_mysql_client_tls
+
start_mysqlsd
check_mysql
check_mysql_root_pwd
+clear_hirs_user
set_hirs_db_pwd
+set_mysql_server_tls
+set_mysql_client_tls
create_hirs_db_with_tls
create_hibernate_url "RSA" "hirs_db"
mysqld_reboot
diff --git a/package/scripts/db/db_create.sql b/package/linux/db/db_create.sql
similarity index 100%
rename from package/scripts/db/db_create.sql
rename to package/linux/db/db_create.sql
diff --git a/package/scripts/db/db_drop.sh b/package/linux/db/db_drop.sh
similarity index 73%
rename from package/scripts/db/db_drop.sh
rename to package/linux/db/db_drop.sh
index cb5cdc5c..f82c454a 100755
--- a/package/scripts/db/db_drop.sh
+++ b/package/linux/db/db_drop.sh
@@ -10,6 +10,8 @@ DB_ADMIN_PWD=$1
source $SCRIPT_DIR/mysql_util.sh
source /etc/os-release
+check_systemd
+
# Check for sudo or root user, not actually needed but a good idea
if [ "$EUID" -ne 0 ]
then echo "This script requires root. Please run as root"
@@ -30,14 +32,11 @@ fi
echo "dropping hirs_db database"
-if pgrep mysqld >/dev/null 2>&1; then
- mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
- mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
- mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
- echo "hirs_db database and hirs_db user removed"
- else
- echo "mysql is not running. DB was not removed."
-fi
+ mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
+ mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
+ mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
+ echo "hirs_db database and hirs_db user removed"
+
# reset the mysql root if the password was left in the properties fiel
if [ ! -z $DB_ADMIN_PWD ]; then
@@ -56,7 +55,5 @@ grep -v "hirs" $DB_CLIENT_CONF > tmpfile && mv tmpfile $DB_CLIENT_CONF
echo "restarting mariadb"
-mysql -u root -e "SHUTDOWN"
-sleep 2
-check_for_container
-start_mysqlsd
+mysqld_reboot
+
diff --git a/package/scripts/db/db_drop.sql b/package/linux/db/db_drop.sql
similarity index 100%
rename from package/scripts/db/db_drop.sql
rename to package/linux/db/db_drop.sql
diff --git a/package/linux/db/mysql_util.sh b/package/linux/db/mysql_util.sh
new file mode 100755
index 00000000..eb214e2c
--- /dev/null
+++ b/package/linux/db/mysql_util.sh
@@ -0,0 +1,236 @@
+#!/bin/bash
+#####################################################################################
+#
+# Functions to check mysql and start if not running.
+# Also a function for checking if running in a container
+#
+#####################################################################################
+SQL_SERVICE="mariadb"
+
+# Checks to see if systemctl is available
+# -p to print status
+check_systemd () {
+ DB_SERVICE=false
+ PRINT_STATUS=$1
+ # Check if systemctl is present (not present in a Docker container)
+ if [[ $(ps --no-headers -o comm 1) == "systemd" ]]; then
+ systemctl is-active --quiet mariadb
+ if [[ $? -eq 0 ]]; then
+ DB_SERVICE=true
+ fi
+ fi
+ if [[ $PRINT_STATUS == "-p" ]] && [[ $DB_SERVICE == "true" ]]; then echo "Systemd:MariaDB service is available" | tee -a "$LOG_FILE"; fi
+ if [[ $PRINT_STATUS == "-p" ]] && [[ $DB_SERVICE == "false" ]]; then echo "Systemd:MariaDB service is NOT available" | tee -a "$LOG_FILE"; fi
+ if [ -d /opt/hirs/aca/scripts/db ]; then
+ MYSQL_DIR="/opt/hirs/aca/scripts/db"
+ else
+ MYSQL_DIR="$SCRIPT_DIR/../db"
+ fi
+}
+
+# Check for mysql command line
+check_mariadb_install () {
+ type mysql >/dev/null 2>&1 && installed=true || installed=false
+ if [ $installed = true ]; then
+ echo "mysql has been installed"
+ else
+ echo "mysql has NOT been installed, aborting install"
+ exit 1;
+ fi
+}
+# Starts mariadb during intial install
+start_mysqlsd () {
+ PRINT_STATUS=$1
+ PROCESS="mysqld"
+ source /etc/os-release
+ if [ $ID = "ubuntu" ]; then
+ PROCESS="mariadb"
+ fi
+ # Make sure log file has correct permissions
+ chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
+ if [ $DB_SERVICE = true ]; then
+ systemctl is-active --quiet mariadb
+ if [[ $? -ne 0 ]]; then
+ echo "mariadb service not running , attempting to restart"
+ systemctl start mariadb >> "$LOG_FILE";
+ sleep 2
+ fi
+ else # Not using Systemd
+ # Check if mysql is already running, if not initialize
+ if [[ $(pgrep -c $PROCESS) -eq 0 ]]; then
+ # Check if mariadb is setup
+ if [ ! -d "/var/lib/mysql/mysql/" ]; then
+ echo "Installing mariadb" | tee -a "$LOG_FILE";
+ /usr/bin/mysql_install_db >> "$LOG_FILE"
+ chown -R mysql:mysql /var/log/mariadb/
+ fi
+ if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
+ /usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
+ chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
+ echo "Attempting to start mariadb process..." | tee -a "$LOG_FILE";
+ fi
+ fi
+}
+
+# Basic check for marai db status, attempts restart if not running
+check_mysql () {
+ PROCESS="mysqld"
+ source /etc/os-release
+ if [ $ID = "ubuntu" ]; then
+ PROCESS="mariadb"
+ fi
+
+ echo "Checking mysqld status..."
+ if [ $DB_SERVICE = true ]; then
+ systemctl is-active --quiet mariadb
+ if [[ $? -ne 0 ]]; then
+ echo "mariadb service not running , attempting to restart"
+ systemctl start mariadb
+ fi
+ else # No systemctl
+ if [[ $(pgrep -c $PROCESS ) -eq 0 ]]; then
+ echo "mariadb process not running , attempting to restart"
+ chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
+ /usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
+ fi
+ fi
+
+ if [ $DB_SERVICE = true ]; then
+ systemctl is-active --quiet mariadb
+ if [[ $? -eq 0 ]]; then
+ echo "mariadb service started" | tee -a "$LOG_FILE";
+ fi
+ else
+ # Wait for mysql to start before continuing.
+ count=1;
+ if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
+ until mysqladmin ping -h "localhost" --silent ; do
+ ((count++))
+ if [[ $count -gt 20 ]]; then
+ break;
+ fi
+ sleep 1;
+ done
+ if [[ $count -gt 20 ]]; then
+ echo "Timed out waiting for Mariadb to respond" | tee -a "$LOG_FILE";
+ exit 1;
+ else
+ echo "Mariadb started" | tee -a "$LOG_FILE";
+ fi
+fi
+}
+
+# Check for mysql root password , abort if not available
+check_mysql_root () {
+ if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
+ if [ ! -f /etc/hirs/aca/aca.properties ]; then
+ echo "aca.properties does not exist." | tee -a "$LOG_FILE";
+ else
+ source /etc/hirs/aca/aca.properties;
+ DB_ADMIN_PWD=$mysql_admin_password
+ fi
+ else #HIRS_MYSQL_ROOT_PWD set
+ DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
+fi
+
+# Allow user to enter password if not using env variabel or file
+if [ -z $DB_ADMIN_PWD ]; then
+ read -p "Enter mysql root password" DB_ADMIN_PWD
+ else
+ DB_ADMIN_PWD=$mysql_admin_password
+fi
+
+# Make sure root password is correct
+$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
+ if [ $? -eq 0 ]; then
+ echo "root password verified" | tee -a "$LOG_FILE"
+ else
+ echo "MYSQL root password was not the default, not supplied, or was incorrect"
+ echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
+ echo " ********** ACA Mysql setup aborted ********" ;
+ exit 1;
+ fi
+}
+
+check_db_cleared () {
+ $(mysql -u root -e 'quit' &> /dev/null);
+ if [ $? -eq 0 ]; then
+ echo " Empty Mysql root password verified" | tee -a "$LOG_FILE"
+ else
+ echo " Mysql Root password is not empty" | tee -a "$LOG_FILE";
+ fi
+ HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
+ if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
+ echo " hirs_db user exists" | tee -a "$LOG_FILE";
+ else
+ echo " hirs_db user does not exist" | tee -a "$LOG_FILE";
+ fi
+ HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
+ if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
+ echo " hirs_db databse exists" | tee -a "$LOG_FILE";
+ else
+ echo " hirs_db database does not exists" | tee -a "$LOG_FILE";
+ fi
+}
+
+clear_hirs_user () {
+$(mysql -u root -e 'quit' &> /dev/null);
+ if [ $? -eq 0 ]; then
+ HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
+ if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
+ mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
+ echo "hirs_db user found and deleted"
+ fi
+ fi
+}
+
+clear_hirs_db () {
+$(mysql -u root -e 'quit' &> /dev/null);
+ if [ $? -eq 0 ]; then
+ mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
+ fi
+}
+
+wait_for_mysql () {
+echo "Waiting for Mariadb..." | tee -a "$LOG_FILE";
+ count=0
+ until [ "mysqladmin ping -h localhost --silent" ] || [ "$count" -gt 20 ]; do
+ ((count++))
+ sleep 1
+ done
+ if [[ $count -gt 20 ]]; then
+ echo "Timed out waiting for Mysqld to respond" | tee -a "$LOG_FILE";
+ else
+ echo "Mariadb started" | tee -a "$LOG_FILE";
+ fi
+}
+
+# restart maraidb
+mysqld_reboot () {
+ # reboot mysql server
+ PROCESS="mysqld"
+ source /etc/os-release
+ if [ $ID = "ubuntu" ]; then
+ PROCESS="mariadb"
+ fi
+ echo "Restarting Mariadb ...." | tee -a "$LOG_FILE";
+ if [ $DB_SERVICE = true ]; then
+ echo "Shutting down and restarting mysql service" | tee -a "$LOG_FILE";
+ systemctl stop mariadb >> "$LOG_FILE";
+ sleep 2
+ systemctl start mariadb >> "$LOG_FILE";
+ else # No systemd
+ echo "Shutting down and restarting mysql process" | tee -a "$LOG_FILE";
+ mysql -u root --password=$DB_ADMIN_PWD -e "SHUTDOWN"
+ sleep 1
+ # Make sure mysql has stopped
+ if [[ $(pgrep -c $PROCESS) -ne 0 ]]; then
+ pkill $PROCESS
+ fi
+ chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
+ /usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
+ sleep 1
+ check_mysql
+ wait_for_mysql
+ fi
+}
diff --git a/package/scripts/db/secure_mysql.sql b/package/linux/db/secure_mysql.sql
similarity index 100%
rename from package/scripts/db/secure_mysql.sql
rename to package/linux/db/secure_mysql.sql
diff --git a/package/scripts/pki/ca.conf b/package/linux/pki/ca.conf
similarity index 100%
rename from package/scripts/pki/ca.conf
rename to package/linux/pki/ca.conf
diff --git a/package/scripts/pki/pki_chain_gen.sh b/package/linux/pki/pki_chain_gen.sh
similarity index 100%
rename from package/scripts/pki/pki_chain_gen.sh
rename to package/linux/pki/pki_chain_gen.sh
diff --git a/package/scripts/pki/pki_setup.sh b/package/linux/pki/pki_setup.sh
similarity index 100%
rename from package/scripts/pki/pki_setup.sh
rename to package/linux/pki/pki_setup.sh
diff --git a/package/scripts/db/mysql_util.sh b/package/scripts/db/mysql_util.sh
deleted file mode 100755
index 19c550b9..00000000
--- a/package/scripts/db/mysql_util.sh
+++ /dev/null
@@ -1,182 +0,0 @@
-#!/bin/bash
-#####################################################################################
-#
-# Functions to check mysql and start if not running.
-# Also a function for checking if running in a container
-#
-#####################################################################################
-SQL_SERVICE="mariadb"
-
-# Checks to see if running in a container
-# -p to print status
-check_for_container () {
- PRINT_STATUS=$1
- # Check if we're in a Docker container
- if [[ $(cat /proc/1/cgroup | head -n 1) == *"docker"* ]] || [ -f /.dockerenv ]; then
- DOCKER_CONTAINER=true
- if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is running in a container..." | tee -a "$LOG_FILE"; fi
- else
- DOCKER_CONTAINER=false
- if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is not running in a container..." | tee -a "$LOG_FILE"; fi
- fi
- if [ -d /opt/hirs/scripts/db ]; then
- MYSQL_DIR="/opt/hirs/scripts/db"
- else
- MYSQL_DIR="$SCRIPT_DIR/../db"
- fi
-}
-
-# Check for mysql command line
-check_mariadb_install () {
- type mysql >/dev/null 2>&1 && installed=true || installed=false
- if [ $installed = true ]; then
- echo "mysql has been installed"
- else
- echo "mysql has NOT been installed, aborting install"
- exit 1;
- fi
-}
-# Starts mariadb during intial install
-start_mysqlsd () {
- PRINT_STATUS=$1
- PROCESS="mysqld"
- source /etc/os-release
- if [ $ID = "ubuntu" ]; then
- PROCESS="mariadb"
- fi
- # Check if mysql is already running, if not initialize
- if [[ $(pgrep -c -u mysql $PROCESS) -eq 0 ]]; then
- # Check if running in a container
- if [ $DOCKER_CONTAINER = true ]; then
- # if in Docker container, avoid services that invoke the D-Bus
- # Check if mariadb is setup
- if [ ! -d "/var/lib/mysql/mysql/" ]; then
- echo "Installing mariadb"
- /usr/bin/mysql_install_db >> "$LOG_FILE"
- chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
- fi
- if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
- /usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
- chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
- echo "Attempting to start mariadb"
- else #not a container
- systemctl enable $SQL_SERVICE & >> "$LOG_FILE";
- systemctl start $SQL_SERVICE & >> "$LOG_FILE";
- fi
- else # mysql process is running
- # check if mysql service is running
- if [ ! $DOCKER_CONTAINER = true ]; then
- DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
- if [ $DB_STATUS -eq 0 ]; then
- echo "mariadb not running , attempting to restart"
- systemctl start mariadb >> "$LOG_FILE";
- fi
- fi # non container mysql start
- fi
-}
-
-# Basic check for maria db status, attempts restart if not running
-check_mysql () {
- PROCESS="mysqld"
- source /etc/os-release
- if [ $ID = "ubuntu" ]; then
- PROCESS="mariadb"
- fi
-
- echo "Checking mysqld status..."
- if [ $DOCKER_CONTAINER = true ]; then
- if [[ $(pgrep -c -u mysql $PROCESS ) -eq 0 ]]; then
- echo "mariadb not running , attempting to restart"
- chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
- /usr/bin/mysqld_safe --skip-syslog >> "$LOG_FILE" &
- fi
- else # not in a container
- DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
- if [ $DB_STATUS -eq 0 ]; then
- echo "mariadb not running , attempting to restart"
- systemctl start mariadb
- fi
- fi
-
-
-# Wait for mysql to start before continuing.
- count=1;
- if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
-
- until mysqladmin ping -h "localhost" --silent ; do
- ((count++))
- if [[ $count -gt 20 ]]; then
- break;
- fi
- sleep 1;
- done
- if [[ $count -gt 20 ]]; then
- echo "Timed out waiting for Mariadb to respond"
- exit 1;
- else
- echo "Mariadb started"
- fi
-}
-
-# Check for mysql root password, abort if not available
-check_mysql_root () {
- if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
- if [ ! -f /etc/hirs/aca/aca.properties ]; then
- echo "aca.properties does not exist."
- else
- source /etc/hirs/aca/aca.properties;
- DB_ADMIN_PWD=$mysql_admin_password
- fi
- else #HIRS_MYSQL_ROOT_PWD set
- DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
-fi
-
-# Allow user to enter password if not using env variable or file
-if [ -z $DB_ADMIN_PWD ]; then
- read -p "Enter mysql root password" DB_ADMIN_PWD
- else
- DB_ADMIN_PWD=$mysql_admin_password
-fi
-
-# Make sure root password is correct
-$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
- if [ $? -eq 0 ]; then
- echo "root password verified" | tee -a "$LOG_FILE"
- else
- echo "MYSQL root password was not the default, not supplied, or was incorrect"
- echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
- echo " ********** ACA Mysql setup aborted ********" ;
- exit 1;
- fi
-}
-
-check_db_cleared () {
- $(mysql -u root -e 'quit' &> /dev/null);
- if [ $? -eq 0 ]; then
- echo " Empty root password verified" | tee -a "$LOG_FILE"
- else
- echo " Mysql Root password is not empty"
- fi
- HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
- if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
- echo " hirs_db user exists"
- else
- echo " hirs_db user does not exist"
-
- fi
- HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
- if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
- echo " hirs_db databse exists"
- else
- echo " hirs_db database does not exists"
- fi
-}
-
-# restart mariadb
-mysqld_reboot () {
- # reboot mysql server
- mysql -u root --password=$DB_ADMIN_PWD -e "SHUTDOWN"
- sleep 2
- check_for_container
- start_mysqlsd >> "$LOG_FILE";
-}