From 14d10bc21087e3734d4e7ac15883c76d0cd19818 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 17 Mar 2018 21:07:38 +0100
Subject: MySQL 5.7 with Galera (produced as combination of standard MySQL
container and openshift-mariadb-galera by adfinis-sygroup)
---
.../share/container-scripts/mysql/galera-common.sh | 61 ++++++++++++++++++++++
.../mysql/galera-init/60-galera-config.sh | 6 +++
.../mysql/galera-init/galera.cnf.template | 15 ++++++
.../mysql/galera-init/galera.cnf.template.maria | 17 ++++++
.../container-scripts/mysql/galera/cluster.cnf | 4 ++
.../mysql/galera/configure-galera.sh | 48 +++++++++++++++++
.../mysql/init/50-galera-passwd-change.sh | 14 +++++
.../container-scripts/mysql/init/51-extradb.sh | 14 +++++
.../share/container-scripts/mysql/init/52-super.sh | 12 +++++
.../share/container-scripts/mysql/init/53-pma.sh | 26 +++++++++
10 files changed, 217 insertions(+)
create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-common.sh
create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh
create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template
create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria
create mode 100644 root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf
create mode 100755 root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh
create mode 100644 root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh
create mode 100644 root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh
create mode 100644 root-galera/usr/share/container-scripts/mysql/init/52-super.sh
create mode 100644 root-galera/usr/share/container-scripts/mysql/init/53-pma.sh
(limited to 'root-galera/usr/share')
diff --git a/root-galera/usr/share/container-scripts/mysql/galera-common.sh b/root-galera/usr/share/container-scripts/mysql/galera-common.sh
new file mode 100644
index 0000000..b4d90e5
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-common.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+source ${CONTAINER_SCRIPTS_PATH}/common.sh
+
+# Initialize the MySQL database (create user accounts and the initial database)
+function initialize_galera_database() {
+ log_info 'Initializing database ...'
+ if [[ "$MYSQL_VERSION" < "5.7" ]] ; then
+ # Using --rpm since we need mysql_install_db behaves as in RPM
+ log_info 'Running mysql_install_db ...'
+ mysql_install_db --rpm --datadir=$MYSQL_DATADIR
+ else
+ log_info "Running mysqld --initialize-insecure ..."
+ ${MYSQL_PREFIX}/libexec/mysqld --wsrep-on=OFF --wsrep-provider=none --initialize-insecure --datadir=$MYSQL_DATADIR --ignore-db-dir=lost+found "$@"
+ fi
+
+ start_local_mysql --wsrep-on=OFF --wsrep-provider=none "$@"
+
+ if [ -v MYSQL_RUNNING_AS_SLAVE ]; then
+ log_info 'Initialization finished'
+ return 0
+ fi
+
+ # Do not care what option is compulsory here, just create what is specified
+ if [ -v MYSQL_USER ]; then
+ log_info "Creating user specified by MYSQL_USER (${MYSQL_USER}) ..."
+mysql $mysql_flags <<EOSQL
+ CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+EOSQL
+ fi
+
+ if [ -v MYSQL_DATABASE ]; then
+ log_info "Creating database ${MYSQL_DATABASE} ..."
+ mysqladmin $admin_flags create "${MYSQL_DATABASE}"
+ if [ -v MYSQL_USER ]; then
+ log_info "Granting privileges to user ${MYSQL_USER} for ${MYSQL_DATABASE} ..."
+mysql $mysql_flags <<EOSQL
+ GRANT ALL ON \`${MYSQL_DATABASE}\`.* TO '${MYSQL_USER}'@'%' ;
+ FLUSH PRIVILEGES ;
+EOSQL
+ fi
+ fi
+
+ if [ -v MYSQL_ROOT_PASSWORD ]; then
+ log_info "Setting password for MySQL root user ..."
+ # for 5.6 and lower we use the trick that GRANT creates a user if not exists
+ # because IF NOT EXISTS clause does not exist in that versions yet
+ if [[ "$MYSQL_VERSION" > "5.6" ]] ; then
+ mysql $mysql_flags <<EOSQL
+ CREATE USER IF NOT EXISTS 'root'@'%';
+EOSQL
+ fi
+mysql $mysql_flags <<EOSQL
+ GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION;
+EOSQL
+ fi
+ log_info 'Initialization finished'
+
+ # remember that the database was just initialized, it may be needed on other places
+ export MYSQL_DATADIR_FIRST_INIT=true
+}
diff --git a/root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh b/root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh
new file mode 100644
index 0000000..3b9fa31
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh
@@ -0,0 +1,6 @@
+if [ -v POD_NAMESPACE ]; then
+ export MYSQL_GALERA_CLUSTER="$(hostname -f | cut -d'.' -f2)"
+
+ log_info 'Processing basic Galera configuration files ...'
+ envsubst < ${CONTAINER_SCRIPTS_PATH}/galera-init/galera.cnf.template > /etc/my.cnf.d/galera.cnf
+fi
diff --git a/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template
new file mode 100644
index 0000000..e1013d7
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template
@@ -0,0 +1,15 @@
+[mysqld]
+wsrep_on = ON
+wsrep_provider = /usr/lib64/galera-3/libgalera_smm.so
+wsrep_sst_auth=${MYSQL_GALERA_USER}:${MYSQL_GALERA_PASSWORD}
+wsrep_cluster_name=${MYSQL_GALERA_CLUSTER}
+#wsrep_provider_options="gcache.size=300M; gcache.page_size=300M"
+wsrep_sst_method = xtrabackup-v2
+default_storage_engine = innodb
+binlog_format = row
+
+# Performance settings
+innodb_autoinc_lock_mode = 2
+innodb_flush_log_at_trx_commit = 0
+query_cache_size = 0
+query_cache_type = 0
diff --git a/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria
new file mode 100644
index 0000000..3adbf58
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria
@@ -0,0 +1,17 @@
+[galera]
+wsrep_on = ON
+wsrep_provider = /usr/lib64/galera/libgalera_smm.so
+wsrep_sst_method = xtrabackup-v2
+default_storage_engine = innodb
+binlog_format = row
+innodb_autoinc_lock_mode = 2
+innodb_flush_log_at_trx_commit = 0
+query_cache_size = 0
+query_cache_type = 0
+
+wsrep_sst_auth=${MYSQL_GALERA_USER}:${MYSQL_GALERA_PASSWORD}
+wsrep_cluster_name=${MYSQL_GALERA_CLUSTER}
+
+# By default every node is standalone
+wsrep_cluster_address=gcomm://
+wsrep_node_address=127.0.0.1
diff --git a/root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf b/root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf
new file mode 100644
index 0000000..5e9d444
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf
@@ -0,0 +1,4 @@
+[mysqld]
+# By default every node is standalone
+wsrep_cluster_address=gcomm://
+wsrep_node_address=127.0.0.1
diff --git a/root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh b/root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh
new file mode 100755
index 0000000..05829a4
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh
@@ -0,0 +1,48 @@
+#! /bin/bash
+
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script writes out a mysql galera config using a list of newline seperated
+# peer DNS names it accepts through stdin.
+
+# /etc/mysql is assumed to be a shared volume so we can modify my.cnf as required
+# to keep the config up to date, without wrapping mysqld in a custom pid1.
+# The config location is intentionally not /etc/mysql/my.cnf because the
+# standard base image clobbers that location.
+CFG=/etc/my.cnf.d/cluster.cnf
+
+function join {
+ local IFS="$1"; shift; echo "$*";
+}
+
+HOSTNAME=$(hostname)
+while read -ra LINE; do
+ if [[ "${LINE}" == *"${HOSTNAME}"* ]]; then
+ MY_NAME=$LINE
+ fi
+ PEERS=("${PEERS[@]}" $LINE)
+done
+
+if [ "${#PEERS[@]}" = 1 ]; then
+ WSREP_CLUSTER_ADDRESS=""
+else
+ WSREP_CLUSTER_ADDRESS=$(join , "${PEERS[@]}")
+fi
+
+sed -i -e "s|^wsrep_node_address=.*$|wsrep_node_address=${MY_NAME}|" ${CFG}
+sed -i -e "s|^wsrep_cluster_address=.*$|wsrep_cluster_address=gcomm://${WSREP_CLUSTER_ADDRESS}|" ${CFG}
+
+# don't need a restart, we're just writing the conf in case there's an
+# unexpected restart on the node.
diff --git a/root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh b/root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh
new file mode 100644
index 0000000..2844d5f
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+password_change() {
+mysql $mysql_flags <<EOSQL
+ CREATE USER IF NOT EXISTS '${MYSQL_GALERA_USER}'@'localhost';
+ SET PASSWORD FOR '${MYSQL_GALERA_USER}'@'localhost' = PASSWORD('${MYSQL_GALERA_PASSWORD}');
+ GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '${MYSQL_GALERA_USER}'@'localhost';
+ UPDATE mysql.user SET Super_Priv='Y', Process_priv='Y' WHERE user='${MYSQL_GALERA_USER}' AND host='localhost';
+ FLUSH PRIVILEGES;
+EOSQL
+}
+
+password_change
+unset -f password_change
diff --git a/root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh b/root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh
new file mode 100644
index 0000000..c047265
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh
@@ -0,0 +1,14 @@
+extradb() {
+for db in "$MYSQL_EXTRADB"; do
+mysql $mysql_flags <<EOSQL
+ GRANT ALL ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;
+ FLUSH PRIVILEGES ;
+EOSQL
+done;
+}
+
+if [ -v MYSQL_EXTRADB ]; then
+ extradb
+fi
+
+unset -f extradb
diff --git a/root-galera/usr/share/container-scripts/mysql/init/52-super.sh b/root-galera/usr/share/container-scripts/mysql/init/52-super.sh
new file mode 100644
index 0000000..9e49151
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/52-super.sh
@@ -0,0 +1,12 @@
+set_super() {
+mysql $mysql_flags <<EOSQL
+ UPDATE mysql.user SET Super_Priv='Y' WHERE user='${MYSQL_USER}' AND host='%';
+ FLUSH PRIVILEGES;
+EOSQL
+}
+
+if [ -v MYSQL_USER_PRIV_SUPER ]; then
+ set_super
+fi
+
+unset -f set_super
diff --git a/root-galera/usr/share/container-scripts/mysql/init/53-pma.sh b/root-galera/usr/share/container-scripts/mysql/init/53-pma.sh
new file mode 100644
index 0000000..5644b8f
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/53-pma.sh
@@ -0,0 +1,26 @@
+set_pma() {
+mysql $mysql_flags <<EOSQL
+ CREATE USER IF NOT EXISTS 'pma'@'%' IDENTIFIED BY '${MYSQL_PMA_PASSWORD}';
+ ALTER USER 'pma'@'%' IDENTIFIED BY '${MYSQL_PMA_PASSWORD}';
+
+ GRANT USAGE ON mysql.* TO 'pma'@'%';
+ GRANT SELECT (
+ Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
+ Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
+ File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
+ Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
+ Execute_priv, Repl_slave_priv, Repl_client_priv
+ ) ON mysql.user TO 'pma'@'%';
+
+ GRANT SELECT ON mysql.db TO 'pma'@'%';
+ #GRANT SELECT ON mysql.host TO 'pma'@'%';
+ GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'%';
+ GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'%';
+EOSQL
+}
+
+if [ -v MYSQL_PMA_PASSWORD ]; then
+ set_pma
+fi
+
+unset -f set_pma
--
cgit v1.2.3