From 14d10bc21087e3734d4e7ac15883c76d0cd19818 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 17 Mar 2018 21:07:38 +0100
Subject: MySQL 5.7 with Galera (produced as combination of standard MySQL
 container and openshift-mariadb-galera by adfinis-sygroup)

---
 .../share/container-scripts/mysql/galera-common.sh | 61 ++++++++++++++++++++++
 .../mysql/galera-init/60-galera-config.sh          |  6 +++
 .../mysql/galera-init/galera.cnf.template          | 15 ++++++
 .../mysql/galera-init/galera.cnf.template.maria    | 17 ++++++
 .../container-scripts/mysql/galera/cluster.cnf     |  4 ++
 .../mysql/galera/configure-galera.sh               | 48 +++++++++++++++++
 .../mysql/init/50-galera-passwd-change.sh          | 14 +++++
 .../container-scripts/mysql/init/51-extradb.sh     | 14 +++++
 .../share/container-scripts/mysql/init/52-super.sh | 12 +++++
 .../share/container-scripts/mysql/init/53-pma.sh   | 26 +++++++++
 10 files changed, 217 insertions(+)
 create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-common.sh
 create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh
 create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template
 create mode 100644 root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria
 create mode 100644 root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf
 create mode 100755 root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh
 create mode 100644 root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh
 create mode 100644 root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh
 create mode 100644 root-galera/usr/share/container-scripts/mysql/init/52-super.sh
 create mode 100644 root-galera/usr/share/container-scripts/mysql/init/53-pma.sh

(limited to 'root-galera/usr/share')

diff --git a/root-galera/usr/share/container-scripts/mysql/galera-common.sh b/root-galera/usr/share/container-scripts/mysql/galera-common.sh
new file mode 100644
index 0000000..b4d90e5
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-common.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+source ${CONTAINER_SCRIPTS_PATH}/common.sh
+
+# Initialize the MySQL database (create user accounts and the initial database)
+function initialize_galera_database() {
+  log_info 'Initializing database ...'
+  if [[ "$MYSQL_VERSION" < "5.7" ]] ; then
+    # Using --rpm since we need mysql_install_db behaves as in RPM
+    log_info 'Running mysql_install_db ...'
+    mysql_install_db --rpm --datadir=$MYSQL_DATADIR
+  else
+    log_info "Running mysqld --initialize-insecure ..."
+    ${MYSQL_PREFIX}/libexec/mysqld --wsrep-on=OFF --wsrep-provider=none  --initialize-insecure --datadir=$MYSQL_DATADIR --ignore-db-dir=lost+found "$@"
+  fi
+  
+  start_local_mysql --wsrep-on=OFF --wsrep-provider=none  "$@"
+
+  if [ -v MYSQL_RUNNING_AS_SLAVE ]; then
+    log_info 'Initialization finished'
+    return 0
+  fi
+
+  # Do not care what option is compulsory here, just create what is specified
+  if [ -v MYSQL_USER ]; then
+    log_info "Creating user specified by MYSQL_USER (${MYSQL_USER}) ..."
+mysql $mysql_flags <<EOSQL
+    CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+EOSQL
+  fi
+
+  if [ -v MYSQL_DATABASE ]; then
+    log_info "Creating database ${MYSQL_DATABASE} ..."
+    mysqladmin $admin_flags create "${MYSQL_DATABASE}"
+    if [ -v MYSQL_USER ]; then
+      log_info "Granting privileges to user ${MYSQL_USER} for ${MYSQL_DATABASE} ..."
+mysql $mysql_flags <<EOSQL
+      GRANT ALL ON \`${MYSQL_DATABASE}\`.* TO '${MYSQL_USER}'@'%' ;
+      FLUSH PRIVILEGES ;
+EOSQL
+    fi
+  fi
+
+  if [ -v MYSQL_ROOT_PASSWORD ]; then
+    log_info "Setting password for MySQL root user ..."
+    # for 5.6 and lower we use the trick that GRANT creates a user if not exists
+    # because IF NOT EXISTS clause does not exist in that versions yet
+    if [[ "$MYSQL_VERSION" > "5.6" ]] ; then
+      mysql $mysql_flags <<EOSQL
+        CREATE USER IF NOT EXISTS 'root'@'%';
+EOSQL
+    fi
+mysql $mysql_flags <<EOSQL
+    GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION;
+EOSQL
+  fi
+  log_info 'Initialization finished'
+
+  # remember that the database was just initialized, it may be needed on other places
+  export MYSQL_DATADIR_FIRST_INIT=true
+}
diff --git a/root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh b/root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh
new file mode 100644
index 0000000..3b9fa31
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-init/60-galera-config.sh
@@ -0,0 +1,6 @@
+if [ -v POD_NAMESPACE ]; then
+    export MYSQL_GALERA_CLUSTER="$(hostname -f | cut -d'.' -f2)"
+
+    log_info 'Processing basic Galera configuration files ...'
+    envsubst < ${CONTAINER_SCRIPTS_PATH}/galera-init/galera.cnf.template > /etc/my.cnf.d/galera.cnf
+fi
diff --git a/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template
new file mode 100644
index 0000000..e1013d7
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template
@@ -0,0 +1,15 @@
+[mysqld]
+wsrep_on = ON
+wsrep_provider = /usr/lib64/galera-3/libgalera_smm.so
+wsrep_sst_auth=${MYSQL_GALERA_USER}:${MYSQL_GALERA_PASSWORD}
+wsrep_cluster_name=${MYSQL_GALERA_CLUSTER}
+#wsrep_provider_options="gcache.size=300M; gcache.page_size=300M"
+wsrep_sst_method = xtrabackup-v2
+default_storage_engine = innodb
+binlog_format = row
+
+# Performance settings
+innodb_autoinc_lock_mode = 2
+innodb_flush_log_at_trx_commit = 0
+query_cache_size = 0
+query_cache_type = 0
diff --git a/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria
new file mode 100644
index 0000000..3adbf58
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera-init/galera.cnf.template.maria
@@ -0,0 +1,17 @@
+[galera]
+wsrep_on = ON
+wsrep_provider = /usr/lib64/galera/libgalera_smm.so
+wsrep_sst_method = xtrabackup-v2
+default_storage_engine = innodb
+binlog_format = row
+innodb_autoinc_lock_mode = 2
+innodb_flush_log_at_trx_commit = 0
+query_cache_size = 0
+query_cache_type = 0
+
+wsrep_sst_auth=${MYSQL_GALERA_USER}:${MYSQL_GALERA_PASSWORD}
+wsrep_cluster_name=${MYSQL_GALERA_CLUSTER}
+
+# By default every node is standalone
+wsrep_cluster_address=gcomm://
+wsrep_node_address=127.0.0.1
diff --git a/root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf b/root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf
new file mode 100644
index 0000000..5e9d444
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera/cluster.cnf
@@ -0,0 +1,4 @@
+[mysqld]
+# By default every node is standalone
+wsrep_cluster_address=gcomm://
+wsrep_node_address=127.0.0.1
diff --git a/root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh b/root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh
new file mode 100755
index 0000000..05829a4
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/galera/configure-galera.sh
@@ -0,0 +1,48 @@
+#! /bin/bash
+
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script writes out a mysql galera config using a list of newline seperated
+# peer DNS names it accepts through stdin.
+
+# /etc/mysql is assumed to be a shared volume so we can modify my.cnf as required
+# to keep the config up to date, without wrapping mysqld in a custom pid1.
+# The config location is intentionally not /etc/mysql/my.cnf because the
+# standard base image clobbers that location.
+CFG=/etc/my.cnf.d/cluster.cnf
+
+function join {
+    local IFS="$1"; shift; echo "$*";
+}
+
+HOSTNAME=$(hostname)
+while read -ra LINE; do
+    if [[ "${LINE}" == *"${HOSTNAME}"* ]]; then
+        MY_NAME=$LINE
+    fi
+    PEERS=("${PEERS[@]}" $LINE)
+done
+
+if [ "${#PEERS[@]}" = 1 ]; then
+    WSREP_CLUSTER_ADDRESS=""
+else
+    WSREP_CLUSTER_ADDRESS=$(join , "${PEERS[@]}")
+fi
+
+sed -i -e "s|^wsrep_node_address=.*$|wsrep_node_address=${MY_NAME}|" ${CFG}
+sed -i -e "s|^wsrep_cluster_address=.*$|wsrep_cluster_address=gcomm://${WSREP_CLUSTER_ADDRESS}|" ${CFG}
+
+# don't need a restart, we're just writing the conf in case there's an
+# unexpected restart on the node.
diff --git a/root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh b/root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh
new file mode 100644
index 0000000..2844d5f
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/50-galera-passwd-change.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+password_change() {
+mysql $mysql_flags <<EOSQL
+    CREATE USER IF NOT EXISTS '${MYSQL_GALERA_USER}'@'localhost';
+    SET PASSWORD FOR '${MYSQL_GALERA_USER}'@'localhost' = PASSWORD('${MYSQL_GALERA_PASSWORD}');
+    GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '${MYSQL_GALERA_USER}'@'localhost';
+    UPDATE mysql.user SET Super_Priv='Y', Process_priv='Y' WHERE user='${MYSQL_GALERA_USER}' AND host='localhost';
+    FLUSH PRIVILEGES;
+EOSQL
+}
+
+password_change
+unset -f password_change
diff --git a/root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh b/root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh
new file mode 100644
index 0000000..c047265
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/51-extradb.sh
@@ -0,0 +1,14 @@
+extradb() {
+for db in "$MYSQL_EXTRADB"; do
+mysql $mysql_flags <<EOSQL
+      GRANT ALL ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;
+      FLUSH PRIVILEGES ;
+EOSQL
+done;
+}
+
+if [ -v MYSQL_EXTRADB ]; then 
+    extradb
+fi
+
+unset -f extradb
diff --git a/root-galera/usr/share/container-scripts/mysql/init/52-super.sh b/root-galera/usr/share/container-scripts/mysql/init/52-super.sh
new file mode 100644
index 0000000..9e49151
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/52-super.sh
@@ -0,0 +1,12 @@
+set_super() {
+mysql $mysql_flags <<EOSQL
+    UPDATE mysql.user SET Super_Priv='Y' WHERE user='${MYSQL_USER}' AND host='%';
+    FLUSH PRIVILEGES;
+EOSQL
+}
+
+if [ -v MYSQL_USER_PRIV_SUPER ]; then 
+    set_super
+fi
+
+unset -f set_super
diff --git a/root-galera/usr/share/container-scripts/mysql/init/53-pma.sh b/root-galera/usr/share/container-scripts/mysql/init/53-pma.sh
new file mode 100644
index 0000000..5644b8f
--- /dev/null
+++ b/root-galera/usr/share/container-scripts/mysql/init/53-pma.sh
@@ -0,0 +1,26 @@
+set_pma() {
+mysql $mysql_flags <<EOSQL
+    CREATE USER IF NOT EXISTS 'pma'@'%' IDENTIFIED BY '${MYSQL_PMA_PASSWORD}';
+    ALTER USER 'pma'@'%' IDENTIFIED BY '${MYSQL_PMA_PASSWORD}';
+    
+    GRANT USAGE ON mysql.* TO 'pma'@'%';
+    GRANT SELECT (
+        Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
+        Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
+        File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
+        Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
+        Execute_priv, Repl_slave_priv, Repl_client_priv
+    ) ON mysql.user TO 'pma'@'%';
+
+    GRANT SELECT ON mysql.db TO 'pma'@'%';
+    #GRANT SELECT ON mysql.host TO 'pma'@'%';
+    GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'%';
+    GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'%';
+EOSQL
+}
+
+if [ -v MYSQL_PMA_PASSWORD ]; then 
+    set_pma
+fi
+
+unset -f set_pma
-- 
cgit v1.2.3