From 1dc370fb94d2493d4507dd247abf0c00c30b7b28 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Thu, 12 Apr 2018 16:01:43 +0200 Subject: [PATCH] Clean root password Management Don't store the root password. Provide easy replacement for mysql_pwd.py --- posttemplate/25-bdd-cluster | 3 ++- preservices/25-bdd-init | 23 +++++++++++++++++++++++ pretemplate/25-bdd-init | 34 ---------------------------------- scripts/mariadbPwd | 20 ++++++++++++++++++++ 4 files changed, 45 insertions(+), 35 deletions(-) create mode 100644 preservices/25-bdd-init delete mode 100644 pretemplate/25-bdd-init create mode 100644 scripts/mariadbPwd diff --git a/posttemplate/25-bdd-cluster b/posttemplate/25-bdd-cluster index d588519..3d676da 100755 --- a/posttemplate/25-bdd-cluster +++ b/posttemplate/25-bdd-cluster @@ -2,6 +2,7 @@ db=$(CreoleGet dbEnable non) cluster=$(CreoleGet dbEnableCluster non) +role=$(CreoleGet dbClusterPosition 'Node') gstateFile="/var/lib/mysql/grastate.dat" if [[ ${db} == "oui" ]] @@ -10,7 +11,7 @@ then then if [[ ! -e ${gstateFile} ]] then - galera_new_cluster + [[ ${role} == "Leader" ]] && galera_new_cluster fi fi fi diff --git a/preservices/25-bdd-init b/preservices/25-bdd-init new file mode 100644 index 0000000..d77bd99 --- /dev/null +++ b/preservices/25-bdd-init @@ -0,0 +1,23 @@ +#!/bin/bash +# +# Initialize root password +# and secure MariaDB installation +# + +ROLE=$(CreoleGet dbClusterPosition) +SECURE_CMD="mysql_secure_installation" +PASSWORD=$(pwgen -1 10) +passwd="/usr/share/eole/scripts/mariadbPwd" + +${passwd} ${PASSWORD} + +# Run secure installation script +${SECURE_CMD} <<__EOF__ +${oldPass} +y +n +y +y +y +y +__EOF__ \ No newline at end of file diff --git a/pretemplate/25-bdd-init b/pretemplate/25-bdd-init deleted file mode 100644 index 71d284f..0000000 --- a/pretemplate/25-bdd-init +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# -# Initialize root password -# and secure MariaDB installation -# - -function genPasswordToFile() -{ - local file=${1} - pwgen -1 10 > ${file} - chmod 600 ${file} -} -ROLE=$(CreoleGet dbClusterPosition) -WRITERFILE="/root/.bddadm" -SECURE_CMD="mysql_secure_installation" -oldPass="" - -#[[ ${ROLE} == "Node" ]] && exit 0 -[[ -e ${WRITERFILE} ]] && oldPass=$(< ${WRITERFILE}) - -genPasswordToFile ${WRITERFILE} -pass=$(< ${WRITERFILE}) - -# Run secure installation script -${SECURE_CMD} <<__EOF__ -${oldPass} -y -${pass} -${pass} -y -y -y -y -__EOF__ \ No newline at end of file diff --git a/scripts/mariadbPwd b/scripts/mariadbPwd new file mode 100644 index 0000000..59994d5 --- /dev/null +++ b/scripts/mariadbPwd @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Renew MariaDB root password +# Just like old (mysql_pwd.py) +# +cmd="mysql" +options='--defaults-file=/etc/mysql/debian.cnf' + +if [[ -z ${1} ]] +then + read -s -p "New Password : " password + echo +else + password="${1}" +fi + +sql="FLUSH PRIVILEGES; ALTER USER 'root'@'localhost' IDENTIFIED BY '${password}';" + +${cmd} ${options} -e "${sql}" +exit $? \ No newline at end of file