Clean root password Management

Don't store the root password.
Provide easy replacement for mysql_pwd.py
This commit is contained in:
Philippe Caseiro 2018-04-12 16:01:43 +02:00
parent 2f4eca027a
commit 1dc370fb94
4 changed files with 45 additions and 35 deletions

View File

@ -2,6 +2,7 @@
db=$(CreoleGet dbEnable non)
cluster=$(CreoleGet dbEnableCluster non)
role=$(CreoleGet dbClusterPosition 'Node')
gstateFile="/var/lib/mysql/grastate.dat"
if [[ ${db} == "oui" ]]
@ -10,7 +11,7 @@ then
then
if [[ ! -e ${gstateFile} ]]
then
galera_new_cluster
[[ ${role} == "Leader" ]] && galera_new_cluster
fi
fi
fi

23
preservices/25-bdd-init Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#
# Initialize root password
# and secure MariaDB installation
#
ROLE=$(CreoleGet dbClusterPosition)
SECURE_CMD="mysql_secure_installation"
PASSWORD=$(pwgen -1 10)
passwd="/usr/share/eole/scripts/mariadbPwd"
${passwd} ${PASSWORD}
# Run secure installation script
${SECURE_CMD} <<__EOF__
${oldPass}
y
n
y
y
y
y
__EOF__

View File

@ -1,34 +0,0 @@
#!/bin/bash
#
# Initialize root password
# and secure MariaDB installation
#
function genPasswordToFile()
{
local file=${1}
pwgen -1 10 > ${file}
chmod 600 ${file}
}
ROLE=$(CreoleGet dbClusterPosition)
WRITERFILE="/root/.bddadm"
SECURE_CMD="mysql_secure_installation"
oldPass=""
#[[ ${ROLE} == "Node" ]] && exit 0
[[ -e ${WRITERFILE} ]] && oldPass=$(< ${WRITERFILE})
genPasswordToFile ${WRITERFILE}
pass=$(< ${WRITERFILE})
# Run secure installation script
${SECURE_CMD} <<__EOF__
${oldPass}
y
${pass}
${pass}
y
y
y
y
__EOF__

20
scripts/mariadbPwd Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
#
# Renew MariaDB root password
# Just like old (mysql_pwd.py)
#
cmd="mysql"
options='--defaults-file=/etc/mysql/debian.cnf'
if [[ -z ${1} ]]
then
read -s -p "New Password : " password
echo
else
password="${1}"
fi
sql="FLUSH PRIVILEGES; ALTER USER 'root'@'localhost' IDENTIFIED BY '${password}';"
${cmd} ${options} -e "${sql}"
exit $?