docker db image simplification
1. use mariadb image from docker registry to simplify set up.
2. remove harcoded root and user mariadb accounts
3. restrict access to user account to just specific databases.
Change-Id: Iaa916dbf2de2474fcc483a4be6167b4b92a2de61
Issue-ID: POLICY-650
Signed-off-by: Jorge Hernandez <jh1730@att.com>
diff --git a/README.md b/README.md
index 28936ca..ec3f88e 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,6 @@
- Copy the files under policy-drools to target/policy-drools
- Run the 'docker build' command on the following directories, in order:
policy-os
- policy-db
policy-nexus
policy-base
target/policy-pe
@@ -14,7 +13,6 @@
For example:
docker build -t onap/policy/policy-os policy-os
-docker build -t onap/policy/policy-db policy-db
docker build -t onap/policy/policy-nexus policy-nexus
docker build -t onap/policy/policy-base policy-base
docker build -t onap/policy/policy-pe target/policy-pe
diff --git a/config/db/db.conf b/config/db/db.conf
new file mode 100644
index 0000000..958f8bf
--- /dev/null
+++ b/config/db/db.conf
@@ -0,0 +1,3 @@
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_USER=policy_user
+MYSQL_PASSWORD=policy_user
diff --git a/config/db/db.sh b/config/db/db.sh
new file mode 100644
index 0000000..0de1deb
--- /dev/null
+++ b/config/db/db.sh
@@ -0,0 +1,9 @@
+#!/bin/bash -xv
+
+for db in support onap_sdk log
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/docker-compose-integration.yml b/docker-compose-integration.yml
index 5cbd401..dbd708b 100644
--- a/docker-compose-integration.yml
+++ b/docker-compose-integration.yml
@@ -1,9 +1,12 @@
version: '2'
services:
mariadb:
- image: onap/policy/policy-db
+ image: mariadb:10.0.34
container_name: mariadb
hostname: mariadb
+ command: ['--lower-case-table-names=1']
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
expose:
- 3306
nexus:
diff --git a/docker-compose.yml b/docker-compose.yml
index 96fd507..0196c79 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,9 +6,12 @@
com.docker.network.driver.mtu: ${MTU}
services:
mariadb:
- image: onap/policy/policy-db
+ image: mariadb:10.0.34
container_name: mariadb
hostname: mariadb
+ command: ['--lower-case-table-names=1']
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
ports:
- "3306:3306"
nexus:
diff --git a/docker_build.sh b/docker_build.sh
index 4a8c416..dd2f0e6 100755
--- a/docker_build.sh
+++ b/docker_build.sh
@@ -43,7 +43,7 @@
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
@@ -79,7 +79,7 @@
docker images
-for image in policy-nexus policy-db policy-drools policy-pe; do
+for image in policy-nexus policy-drools policy-pe; do
echo "Pushing $image"
docker push ${DOCKER_REPOSITORY}/onap/policy/$image:latest
diff --git a/docker_merge.sh b/docker_merge.sh
index 83fd239..25a5692 100755
--- a/docker_merge.sh
+++ b/docker_merge.sh
@@ -43,7 +43,7 @@
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
@@ -78,7 +78,7 @@
#
# Push images
#
-for image in policy-nexus policy-db policy-drools policy-pe; do
+for image in policy-nexus policy-drools policy-pe; do
echo "Pushing $image"
docker push ${DOCKER_REPOSITORY}/onap/policy/$image:${MVN_MAJMIN_VERSION}-latest
diff --git a/docker_verify.sh b/docker_verify.sh
index 17eff0a..cc3cb0d 100755
--- a/docker_verify.sh
+++ b/docker_verify.sh
@@ -46,7 +46,7 @@
cp policy-pe/* target/policy-pe/
cp policy-drools/* target/policy-drools/
-for image in policy-os policy-nexus policy-db policy-base policy-drools policy-pe ; do
+for image in policy-os policy-nexus policy-base policy-drools policy-pe ; do
echo "Building $image"
mkdir -p target/$image
cp $image/* target/$image
diff --git a/policy-db/Dockerfile b/policy-db/Dockerfile
deleted file mode 100644
index 002313c..0000000
--- a/policy-db/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-FROM onap/policy/policy-os
-
-RUN \
- apt-get clean && \
- apt-get install -y apt-transport-https && \
- apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db && \
- add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://ftp.osuosl.org/pub/mariadb/repo/10.0/ubuntu trusty main' && \
- apt-get clean && \
- apt-get update && \
- apt-get install -y mariadb-server && \
- touch /var/lib/mysql/firstrun
-
-COPY dbinit.sh do-start.sh /tmp/
-RUN bash /tmp/dbinit.sh
-
-# mount volumes to persist the data
-VOLUME /etc/mysql /var/lib/mysql
-
-CMD exec bash /tmp/do-start.sh
diff --git a/policy-db/dbinit.sh b/policy-db/dbinit.sh
deleted file mode 100644
index 19f4a5b..0000000
--- a/policy-db/dbinit.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#sed -i '/^bind-address/s/127\.0\.0\.1/0.0.0.0/' /etc/mysql/my.cnf
-cat >/etc/mysql/conf.d/policy.cnf <<-'EOF'
- [mysqld]
- lower_case_table_names = 1
- bind-address = 0.0.0.0
-EOF
-
-echo "Starting mysqld"
-service mysql start
-
-echo "Run mysql_secure_installation"
-/usr/bin/mysql_secure_installation <<-EOF
-
- y
- secret
- secret
- y
- y
- y
- y
-EOF
-
-echo "Creating db schemas and user"
-mysql -uroot -psecret <<-EOF
- create database xacml;
- create database log;
- create database support;
- create table support.db_version(the_key varchar(20) not null, version varchar(20), primary key(the_key));
- insert into support.db_version values('VERSION', '00');
- insert into support.db_version values('DROOLS_VERSION', '00');
- create user 'policy_user'@'localhost' identified by 'policy_user';
- grant all privileges on *.* to 'policy_user'@'localhost' with grant option;
- flush privileges;
- select * from support.db_version;
-EOF
-
-echo "Stopping mysqld"
-service mysql stop
diff --git a/policy-db/do-start.sh b/policy-db/do-start.sh
deleted file mode 100755
index 49dbe0f..0000000
--- a/policy-db/do-start.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#! /bin/bash
-
-# determine IP pattern associated with 'eth0' (assume net mask = 255.255.0.0)
-ipPattern=$(ifconfig eth0|sed -n -e 's/^.*inet addr:\([^\.]*.[^\.]*\)\..*$/\1.%.%/p')
-
-# start MySQL, and grant all privileges to the local network
-# (it doesn't hurt to do the 'grant' multiple times)
-service mysql start
-mysql -uroot -psecret \
- -e "grant all privileges on *.* to 'policy_user'@'${ipPattern}' identified by 'policy_user' with grant option;"
-
-exec sleep 1000d
diff --git a/vagrant/setup_policy.sh b/vagrant/setup_policy.sh
index b1eda7c..5a599a1 100755
--- a/vagrant/setup_policy.sh
+++ b/vagrant/setup_policy.sh
@@ -25,7 +25,7 @@
cp -r target/policy-pe/* policy-pe/
cp -r target/policy-drools/* policy-drools
-for comp in policy-os policy-db policy-nexus policy-base policy-pe policy-drools
+for comp in policy-os policy-nexus policy-base policy-pe policy-drools
do
sudo docker build -t onap/policy/$comp $HOME/docker/$comp
done