github.com/bartle-stripe/trillian@v1.2.1/storage/mysql/kubernetes/image/docker-entrypoint.sh

github.com/bartle-stripe/trillian@v1.2.1/storage/mysql/kubernetes/image/docker-entrypoint.sh (about)

     1  #!/bin/bash
     2  
     3  # Original work: Copyright 2016 The Kubernetes Authors.
     4  # Modified work: Copyright 2017 Google Inc. All Rights Reserved.
     5  #
     6  # Licensed under the Apache License, Version 2.0 (the "License");
     7  # you may not use this file except in compliance with the License.
     8  # You may obtain a copy of the License at
     9  #
    10  #     http://www.apache.org/licenses/LICENSE-2.0
    11  #
    12  # Unless required by applicable law or agreed to in writing, software
    13  # distributed under the License is distributed on an "AS IS" BASIS,
    14  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  # See the License for the specific language governing permissions and
    16  # limitations under the License.
    17  
    18  
    19  
    20  # This script does the following:
    21  #
    22  # 1. If starting the first replica in the cluster, and MySQL has not been
    23  # initialized, creates the database according to the following environment
    24  # variables:
    25  # - $MYSQL_ROOT_PASSWORD
    26  # - $WSREP_SST_USER
    27  # - $WSREP_SST_PASSWORD
    28  # 2. Configures MySQL for the Galera cluster.
    29  
    30  set -e
    31  
    32  if [ "${1:0:1}" = '-' ]; then
    33    set -- mysqld "$@"
    34  fi
    35  
    36  # The MySQL "datadir", where the databases are stored.
    37  readonly DATADIR="/var/lib/mysql"
    38  
    39  if [ -z "$MYSQL_ROOT_PASSWORD" ]; then
    40    echo >&2 'error: MYSQL_ROOT_PASSWORD not set'
    41    exit 1
    42  fi
    43  
    44  if [ -z "$WSREP_SST_USER" -o -z "$WSREP_SST_PASSWORD" ]; then
    45    echo >&2 'error: WSREP_SST_USER or WSREP_SST_PASSWORD is not set'
    46    exit 1
    47  fi
    48  
    49  # Make sure that the datadir exists and is owned by the MySQL user and group.
    50  mkdir -p "$DATADIR"
    51  chown -R mysql:mysql "$DATADIR"
    52  
    53  # If this is the first node, initialize the mysql database if it does not exist.
    54  # This database will be replicated to all other nodes via SST.
    55  if [[ "$(hostname)" == *-0 ]]; then
    56    if [ ! -d "${DATADIR}/mysql" ]; then
    57      mysqld --initialize --user=mysql --datadir "${DATADIR}" --ignore-db-dir "lost+found"
    58    fi
    59  fi
    60  
    61  # This SQL script will be run when the server starts up.
    62  INIT_SQL=$(mktemp)
    63  chmod 0600 "${INIT_SQL}"
    64  
    65  # Create/alter the following users:
    66  # - root user for administrative purposes.
    67  # - dummy user with no password or rights, for use by health checks.
    68  # - SST user for use by Galera to replicate database state between nodes.
    69  # TODO(robpercival): Restrict root access.
    70  cat > "$INIT_SQL" <<EOSQL
    71  DROP USER IF EXISTS 'root'@'localhost';
    72  ALTER USER IF EXISTS 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}';
    73  CREATE USER IF NOT EXISTS 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}';
    74  GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION;
    75  
    76  CREATE USER IF NOT EXISTS 'dummy'@'localhost';
    77  REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'dummy'@'localhost';
    78  
    79  ALTER USER IF EXISTS '${WSREP_SST_USER}'@'localhost' IDENTIFIED BY '${WSREP_SST_PASSWORD}';
    80  CREATE USER IF NOT EXISTS '${WSREP_SST_USER}'@'localhost' IDENTIFIED BY '${WSREP_SST_PASSWORD}';
    81  GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '${WSREP_SST_USER}'@'localhost';
    82  FLUSH PRIVILEGES;
    83  EOSQL
    84  
    85  # Provide the SST user and password.
    86  sed -i -e "s|^wsrep_sst_auth=.*$|wsrep_sst_auth=\"${WSREP_SST_USER}:${WSREP_SST_PASSWORD}\"|" /etc/mysql/conf.d/cluster.cnf
    87  
    88  # Provide the replica's own IP address.
    89  WSREP_NODE_ADDRESS=`ip addr show | grep -E '^[ ]*inet' | grep -m1 global | awk '{ print $2 }' | sed -e 's/\/.*//'`
    90  if [ -n "$WSREP_NODE_ADDRESS" ]; then
    91    sed -i -e "s|^wsrep_node_address=.*$|wsrep_node_address=${WSREP_NODE_ADDRESS}|" /etc/mysql/conf.d/cluster.cnf
    92  fi
    93  
    94  cluster_address="gcomm://"
    95  
    96  # Lookup "galera" in Kubernetes DNS. This should return the IP addresses of
    97  # any running Galera nodes. If none are running, this node should bootstrap the
    98  # cluster.
    99  for ip in $(dig +short +search galera); do
   100    # Do a reverse DNS lookup of the IP so the hostname can be used instead.
   101    # This makes it easier to identify nodes in the Galera logs.
   102    hostname=$(dig +short +search -x "${ip}")
   103    cluster_address+="${hostname},"
   104  done
   105  
   106  echo "Galera cluster address: ${cluster_address}"
   107  sed -i -e "s|^wsrep_cluster_address=gcomm://.*$|wsrep_cluster_address=${cluster_address}|" /etc/mysql/conf.d/cluster.cnf
   108  
   109  # Provide a random server ID for this replica.
   110  sed -i -e "s/^server\-id=.*$/server-id=${RANDOM}/" /etc/mysql/my.cnf
   111  
   112  # Finally, start MySQL, passing through any flags.
   113  chown mysql:mysql "$INIT_SQL"
   114  exec "$@" --datadir "$DATADIR" --ignore-db-dir "lost+found" --init_file "$INIT_SQL"
   115