enabled mysql log on Ubuntu and fixed TLS config for DB

package/scripts/db/db_create.sh

@@ -8,6 +8,7 @@
 ################################################################################
 
 LOG_FILE=$1
+DB_LOG_FILE="/var/log/mariadb/mariadb.log"
 PKI_PASS=$2
 UNATTENDED=$3
 RSA_PATH=rsa_3k_sha384_certs
@@ -29,10 +30,6 @@ SSL_DB_CLIENT_CHAIN="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_rsa_3k
 SSL_DB_CLIENT_CERT="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_db_client_rsa_3k_sha384.pem"; 
 SSL_DB_CLIENT_KEY="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_db_client_rsa_3k_sha384.key";
 
-touch $ACA_PROP_FILE
-touch $LOG_FILE
-touch $DB_SRV_CONF
-
 # Make sure required paths exist
 mkdir -p /etc/hirs/aca/
 mkdir -p /var/log/hirs/
@@ -45,13 +42,18 @@ source /etc/os-release
 if [ $ID = "ubuntu" ]; then 
    DB_SRV_CONF="/etc/mysql/mariadb.conf.d/50-server.cnf"
    DB_CLIENT_CONF="/etc/mysql/mariadb.conf.d/50-client.cnf"
+   mkdir -p /var/log/mariadb >> /dev/null
    if [[ $(cat "$DB_SRV_CONF" | grep -c "log-error") < 1 ]]; then
-       echo log-error=/var/log/mysql/mysqld.log >> $DB_SRV_CONF
-       echo "ssl-cipher=TLSv1.3" >> $DB_SRV_CONF
-       echo "ssl=on" >> $DB_SRV_CONF
+       echo "log_error=/var/log/mariadb/mariadb.log" >> $DB_SRV_CONF
+       echo "tls_version = TLSv1.2,TLSv1.3" >> $DB_SRV_CONF
   fi
 fi
 
+touch $ACA_PROP_FILE
+touch $LOG_FILE
+touch $DB_SRV_CONF
+touch $DB_LOG_FILE
+
 check_mysql_root_pwd () {
   # Check if DB root password needs to be obtained
  

package/scripts/db/mysql_util.sh

@@ -57,13 +57,12 @@ start_mysqlsd () {
            chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
          fi
          if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
-           touch /var/log/mariadb/mariadb.log
-           chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
-           /usr/bin/mysqld_safe & >> "$LOG_FILE"; 
-           echo "Attempting to start mariadb"
+         /usr/bin/mysqld_safe  --skip-syslog & >> "$LOG_FILE"; 
+         chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
+         echo "Attempting to start mariadb"
          else #not a container
            systemctl enable $SQL_SERVICE & >> "$LOG_FILE";
-            systemctl start $SQL_SERVICE & >> "$LOG_FILE";
+           systemctl start $SQL_SERVICE & >> "$LOG_FILE";
          fi
      else # mysql process is running
      # check if mysql service is running
@@ -89,7 +88,8 @@ check_mysql () {
   if [ $DOCKER_CONTAINER  = true ]; then
        if [[ $(pgrep -c -u mysql $PROCESS ) -eq 0 ]]; then
           echo "mariadb not running , attempting to restart"
-          /usr/bin/mysqld_safe & >> "$LOG_FILE"
+          chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
+          /usr/bin/mysqld_safe  --skip-syslog & >> "$LOG_FILE"
        fi
   else  # not in a contianer
     DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
@@ -113,6 +113,7 @@ check_mysql () {
   done
    if [[ $count -gt 20 ]]; then
      echo "Timed out waiting for Mariadb to respond"
+     exit 1;
    else
      echo "Mariadb started"
   fi