enabled mysql log on Ubuntu and fixed TLS config for DB

2025-06-01 15:11:03 +00:00 · 2023-10-13 15:42:54 +00:00 · 2023-10-13 15:42:54 +00:00 · b0cd8e5fb9
commit b0cd8e5fb9
parent 9bee292bd6
2 changed files with 16 additions and 13 deletions
--- a/package/scripts/db/db_create.sh
+++ b/package/scripts/db/db_create.sh
@ -8,6 +8,7 @@
 ################################################################################
 LOG_FILE=$1
 DB_LOG_FILE="/var/log/mariadb/mariadb.log"
 PKI_PASS=$2
 UNATTENDED=$3
 RSA_PATH=rsa_3k_sha384_certs
@ -29,10 +30,6 @@ SSL_DB_CLIENT_CHAIN="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_rsa_3k
 SSL_DB_CLIENT_CERT="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_db_client_rsa_3k_sha384.pem"; 
 SSL_DB_CLIENT_KEY="/etc/hirs/certificates/HIRS/rsa_3k_sha384_certs/HIRS_db_client_rsa_3k_sha384.key";
 touch $ACA_PROP_FILE
 touch $LOG_FILE
 touch $DB_SRV_CONF
 # Make sure required paths exist
 mkdir -p /etc/hirs/aca/
 mkdir -p /var/log/hirs/
@ -45,13 +42,18 @@ source /etc/os-release
 if [ $ID = "ubuntu" ]; then 
   DB_SRV_CONF="/etc/mysql/mariadb.conf.d/50-server.cnf"
   DB_CLIENT_CONF="/etc/mysql/mariadb.conf.d/50-client.cnf"
   mkdir -p /var/log/mariadb >> /dev/null
   if [[ $(cat "$DB_SRV_CONF" | grep -c "log-error") < 1 ]]; then
-       echo log-error=/var/log/mysql/mysqld.log >> $DB_SRV_CONF
+       echo "log_error=/var/log/mariadb/mariadb.log" >> $DB_SRV_CONF
-       echo "ssl-cipher=TLSv1.3" >> $DB_SRV_CONF
+       echo "tls_version = TLSv1.2,TLSv1.3" >> $DB_SRV_CONF
       echo "ssl=on" >> $DB_SRV_CONF
  fi
 fi
 touch $ACA_PROP_FILE
 touch $LOG_FILE
 touch $DB_SRV_CONF
 touch $DB_LOG_FILE
 check_mysql_root_pwd () {
  # Check if DB root password needs to be obtained
--- a/package/scripts/db/mysql_util.sh
+++ b/package/scripts/db/mysql_util.sh
@ -57,13 +57,12 @@ start_mysqlsd () {
           chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
         fi
         if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
-           touch /var/log/mariadb/mariadb.log
+         /usr/bin/mysqld_safe  --skip-syslog & >> "$LOG_FILE"; 
-           chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
+         chown -R mysql:mysql /var/lib/mysql/ >> "$LOG_FILE"
-           /usr/bin/mysqld_safe & >> "$LOG_FILE"; 
+         echo "Attempting to start mariadb"
           echo "Attempting to start mariadb"
         else #not a container
           systemctl enable $SQL_SERVICE & >> "$LOG_FILE";
-            systemctl start $SQL_SERVICE & >> "$LOG_FILE";
+           systemctl start $SQL_SERVICE & >> "$LOG_FILE";
         fi
     else # mysql process is running
     # check if mysql service is running
@ -89,7 +88,8 @@ check_mysql () {
  if [ $DOCKER_CONTAINER  = true ]; then
       if [[ $(pgrep -c -u mysql $PROCESS ) -eq 0 ]]; then
          echo "mariadb not running , attempting to restart"
-          /usr/bin/mysqld_safe & >> "$LOG_FILE"
+          chown mysql:mysql /var/log/mariadb/mariadb.log >> "$LOG_FILE";
          /usr/bin/mysqld_safe  --skip-syslog & >> "$LOG_FILE"
       fi
  else  # not in a contianer
    DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
@ -113,6 +113,7 @@ check_mysql () {
  done
   if [[ $count -gt 20 ]]; then
     echo "Timed out waiting for Mariadb to respond"
     exit 1;
   else
     echo "Mariadb started"
  fi