Merge branch 'develop' into dist/eole/2.7.0/develop

debian/control

@@ -10,7 +10,7 @@ Vcs-Browser: https://forge.cadoles.com/Cadoles/eole-mariadb
 
 Package: eole-mariadb
 Architecture: all
-Depends: ${misc:Depends}, mariadb-server, mariadb-backup
+Depends: ${misc:Depends}, mariadb-server
 Conflicts: eole-mysql
 Provides: eole-mysql
 Description: Dictionnaires et templates pour la configuration d'un serveur MariaDB, testée uniquement avec eolebase

postservice/25-bdd-admin

@@ -28,8 +28,6 @@ then
 
     previousUsers=($(awk -F ':' '{print $1}' ${readerfile} ))
 
-    index=0
-
     for user in ${accounts[@]}
     do
         PASS=$(awk -F ':' "/${user}:/ {print \$2}" ${readerfile})
@@ -56,6 +54,7 @@ then
             done
         fi
 
+        index=0
         for hst in ${hostsList[@]}
         do
             SQL="DROP USER IF EXISTS '${user}'@'${hst}';"
@@ -87,3 +86,4 @@ then
 fi
 
 exit 0
+

posttemplate/25-mariadb-passwd

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+systemctl stop mariadb
+
+mariadb_cfdir=/etc/mysql/
+dc=$mysql_cfgdir/mariadbBackup.cnf
+mariadb_rundir=/var/run/mysqld/
+mariadb_statedir=/var/lib/mysql
+
+if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
+    pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
+    # Basedir is deprecated. Remove the option if it's in an existing mariadbBackup.cnf
+    sed -i '/basedir/d' "$dc"
+else
+    pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
+    if [ ! -d "$mariadb_cfdir" ]; then
+      install -o 0 -g 0 -m 0755 -d $mariadb_cfdir
+    fi
+    umask 066
+    cat /dev/null > $dc
+    umask 022
+    echo "# Automatically generated DONT'T TOUCH !!!!!!"           >>$dc
+    echo "[client]"                                                >>$dc
+    echo "host     = localhost"                                    >>$dc
+    echo "user     = maria-sys-maint"                              >>$dc
+    echo "password = $pass"                                        >>$dc
+    echo "socket   = $mariadb_rundir/mysqld.sock"                  >>$dc
+    echo "[mysql_upgrade]"                                         >>$dc
+    echo "host     = localhost"                                    >>$dc
+    echo "user     = maria-sys-maint"	                           >>$dc
+    echo "password = $pass"                                        >>$dc
+    echo "socket   = $mariadb_rundir/mysqld.sock"                  >>$dc
+fi
+
+# If this dir chmod go+w then the admin did it. But this file should not.
+    chown 0:0 $dc
+    chmod 0600 $dc
+
+# If database doesn't exist we create it.
+mkdir /var/lib/mariadb-files
+mariadb_filesdir=/var/lib/mariadb-files
+
+if [ ! "$(ls -A "${mariadb_statedir}")" ] && [ -d "${mariadb_filesdir}" ]; then
+    existingdatabase=0
+    initfile=`mktemp --tmpdir=/var/lib/mariadb-files/`
+    touch "$initfile"
+    chmod 600 "$initfile"
+    chown mysql:mysql "$initfile"
+    echo "USE mysql; " >> "$initfile"
+    db_get mysql-server/root_password && rootpw="$RET"
+    if [ ! -z "$rootpw" ]; then
+      rootpw=$(printf %q "${rootpw}")
+      echo "ALTER USER 'root'@'localhost' IDENTIFIED BY '$rootpw';" >> "$initfile"
+    fi
+    echo "CREATE USER IF NOT EXISTS 'maria-sys-maint'@'localhost' IDENTIFIED BY '$pass';" >> "$initfile"
+    echo "GRANT ALL ON *.* TO 'maria-sys-maint'@'localhost' WITH GRANT OPTION;" >> "$initfile"
+    echo "SHUTDOWN;" >> "$initfile"
+    mysqld --initialize-insecure --user=mysql --init-file="$initfile"> /dev/null 2>&1 || true
+    rm "$initfile"
+else
+    existingdatabase=1
+fi
+
+systemctl start mariadb
+
+exit 0

schedule/extra/01_extract_hydra.xml

@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-
-<creole>
-    <variables>
-        <family name="extract_hydra" description="Extraction des logs utiles d'Hydra">
-            <variable name="description" type="string" hidden="True"><value>Extraction des logs utiles de la base Hydra</value></variable>
-            <variable name="day" type="schedule" description="Périodicité d'exécution"><value>daily</value></variable>
-            <variable name="mode" type="schedulemod" hidden="True"><value>post</value></variable>
-        </family>
-    </variables>
-    <constraints>
-        <!-- Désactive les extractions si on est pas sur la machine qui fait les backups -->
-        <fill name='calc_multi_condition' target='schedule.extract_hydra.day'>
-            <param>non</param>
-	    <param type='eole' name='condition_1'>dbEnableBackup</param>
-            <param name='match'>none</param>
-            <param name='mismatch'>daily</param>
-        </fill>
-    </constraints>
-</creole>

schedule/scripts/extract_hydra

@@ -1,69 +0,0 @@
-#!/bin/bash
-
-DESC="Extraction des logs de connexion de la base Hydra"
-
-. /usr/share/eole/schedule/config.sh
-
-file_date=$(date '+%Y%m%d' -d@$(($(date +%s) -3600*24))) # Date pour le format des noms de fichier
-today=$(date '+%Y-%m-%d') # Date de fin de requête
-yesterday=$(date '+%Y-%m-%d' -d@$(($(date +%s) -3600*24))) # Date de début de requête
-exit_status=0
-
-echo "Begin date: $(date)"
-
-mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
-select concat ('requested_at: ', requested_at),
-       concat ('request_id: ', request_id),
-       concat ('client_id: ', client_id),
-       concat ('subject: ', subject)
-       into outfile 'access-${file_date}' character set utf8 fields terminated by '|'
-       from hydra_oauth2_access
-       where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
-       order by requested_at ;
-EOF
-(( exit_status = exit_status || $? ))
-
-mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
-select concat ('requested_at: ', requested_at),
-       concat ('challenge: ', challenge),
-       concat ('error: ', error),
-       concat ('session_access_token: ', session_access_token),
-       concat ('session_id_token: ', session_id_token),
-       concat ('handled at: ', handled_at)
-       into outfile 'consent-request-handled-${file_date}' character set utf8 fields terminated by '|'
-       from hydra_oauth2_consent_request_handled
-       where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
-       order by requested_at ;
-EOF
-(( exit_status = exit_status || $? ))
-
-mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
-select concat ('requested_at: ', requested_at),
-       concat ('challenge: ', challenge),
-       concat ('request_url: ', request_url),
-       concat ('client_id: ', client_id),
-       concat ('login_session_id: ', login_session_id)
-       into outfile 'authentication-request-${file_date}' character set utf8 fields terminated by '|'
-       from hydra_oauth2_authentication_request
-       where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
-       order by requested_at ;
-EOF
-(( exit_status = exit_status || $? ))
-
-# Tags must be 32 char long max (otherwise, default fwd template truncates it)
-logger -f /var/lib/mysql/hydra/access-${file_date} -t mariadb_hydra-access-${file_date}
-logger -f /var/lib/mysql/hydra/consent-request-handled-${file_date} -t mariadb_hydra-consreq-h-${file_date}
-logger -f /var/lib/mysql/hydra/authentication-request-${file_date} -t mariadb_hydra-authreq-${file_date}
-
-# Remove log files older than 7 days (already saved on the NAS)
-find /var/lib/mysql/hydra/ -name 'access-*' -type f -mtime +7 -exec rm -vf {} \;
-find /var/lib/mysql/hydra/ -name 'consent-request-handled-*' -type f -mtime +7 -exec rm -vf {} \;
-find /var/lib/mysql/hydra/ -name 'authentication-request-*' -type f -mtime +7 -exec rm -vf {} \;
-
-find /var/log/rsyslog/local/mariadb_hydra/ -name 'access-*' -type f -mtime +7 -exec rm -vf {} \;
-find /var/log/rsyslog/local/mariadb_hydra/ -name 'consreq-h-*' -type f -mtime +7 -exec rm -vf {} \;
-find /var/log/rsyslog/local/mariadb_hydra/ -name 'authreq-*' -type f -mtime +7 -exec rm -vf {} \;
-
-echo "End date: $(date)"
-
-exit $exit_status

schedule/scripts/mariadb

@@ -1,19 +0,0 @@
-#!/bin/bash
-
-set -e
-
-DESC="Exportation des bases MariaDB"
-
-. /usr/share/eole/schedule/config.sh
-
-MYSQLSAVDIR=$SAVDIR/sql
-OPTION="--lock-tables"
-
-if [[ -d ${MYSQLSAVDIR} ]] 
-then 
-   rm -rf ${MYSQLSAVDIR}
-   mkdir -p ${MYSQLSAVDIR}
-fi
-
-mariabackup --defaults-file=/etc/mysql/debian.cnf --backup --target-dir=$MYSQLSAVDIR
-exit $?

schedule_config/config.sh

@@ -0,0 +1,7 @@
+# Configuration commune aux scripts schedule
+# Configuration de base modifiée pour copier dans le partage nfs plutôt que /home
+
+SAVDIR=/mnt/sauvegardes/
+# pour que l'affichage de [ ok ] soit ok
+export TERM='dumb'
+umask 0077

schedule_scripts/mariadb

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+
+DESC="Exportation des bases MariaDB"
+
+. /usr/share/eole/schedule/config.sh
+
+MYSQLSAVDIR=$SAVDIR/sql
+OPTION="--lock-tables"
+
+rm -f $MYSQLSAVDIR/*.sql
+mkdir -p $MYSQLSAVDIR
+
+CMD="mysql --defaults-file=/etc/mysql/mariadbBackup.cnf -e 'show databases' | grep -v '^Database$'"
+DATABASES=$(CreoleRun "$CMD" mysql)
+for databasename in $DATABASES; do
+    case "$databasename" in
+        information_schema|performance_schema|bareos)
+            continue
+            ;;
+        *)
+            CMD="mysqldump --defaults-file=/etc/mysql/mariadbBackup.cnf --databases $databasename --flush-privileges --create-options -Q -c $OPTION 2>/dev/null"
+            CreoleRun "$CMD" mysql > $MYSQLSAVDIR/$databasename.sql
+            ;;
+    esac
+done

scripts/get_hydra_table_sizes

@@ -1,25 +0,0 @@
-#!/bin/bash
-
-(
-mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
-SELECT
-  TABLE_NAME AS \`Table\`,
-  ROUND((DATA_LENGTH + INDEX_LENGTH) / 1024 / 1024) AS \`Size\`
-FROM
-  information_schema.TABLES
-WHERE
-  TABLE_SCHEMA = "hydra"
-ORDER BY
-  (DATA_LENGTH + INDEX_LENGTH)
-DESC;
-EOF
-) | while read table size; do
-  if [ "${table}" != Table ]; then
-    real_size=$(ls -lh /var/lib/mysql/hydra/${table}.ibd | cut -d' ' -f 5)
-  else
-    real_size="Taille réelle"
-  fi
-  echo -e ${table}\\t${size}M\\t${real_size}
-done
-
-echo $a

scripts/optimize_hydra

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-# Optimize sur les tables d'Hydra
-
-echo "Begin date: $(date)"
-
-part=$1
-
-if [ -z "$part" ]; then
-    echo 'Bad empty part. Please give a number between 1 and 7'
-    exit 1
-fi
-
-case $part in
-    1)
-	tables='hydra_oauth2_access'
-	;;
-    2)
-	tables='hydra_oauth2_oidc'
-	;;
-    3)
-	tables='hydra_oauth2_code'
-	;;
-    4)
-	tables='hydra_oauth2_authentication_request'
-	;;
-    5)
-	tables='hydra_oauth2_consent_request'
-	;;
-    6)
-	tables='hydra_oauth2_logout_request, hydra_oauth2_consent_request_handled'
-	;;
-    7)
-	tables='hydra_oauth2_authentication_session, hydra_oauth2_authentication_request_handled, hydra_oauth2_pkce'
-	;;
-    *)
-	echo "Unexpected error. Part: $part"
-	exit 1
-esac
-
-mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
-OPTIMIZE TABLE $tables;
-EOF
-
-exit_val=$?
-
-echo "End date:   $(date)"
-
-exit $exit_val

tmpl/galera.cnf

@@ -8,7 +8,7 @@ wsrep_on=ON
 wsrep_provider=/usr/lib/galera/libgalera_smm.so
 # Galera Cluster Configuration
 wsrep_cluster_name="%%dbClusterName"
-wsrep_cluster_address="gcomm://%%custom_join(%%dbClusterMember, ',')"
+wsrep_cluster_address="gcomm://%%dbClusterMember
 
 # Tunning
 wsrep_provider_options="gcache.size=%%dbClusterGcacheSizeMb"