diff --git a/.env b/.env index b288ff0..9d2a6db 100644 --- a/.env +++ b/.env @@ -31,3 +31,5 @@ COMPOSE_PROJECT_NAME=european-airports # Set Image versions NGINX_VERSION=1.23-alpine PHP_VERSION=8.2-fpm-alpine +MARIADB_VERSION=10.11 + diff --git a/.gitignore b/.gitignore index 183d197..1be4c4b 100644 --- a/.gitignore +++ b/.gitignore @@ -30,7 +30,7 @@ config.php # Docker Secrets -**/secrets/ +**/secrets/*_pw.txt # Include all README files !**/README.md diff --git a/database b/database index 98b09ea..a0e8c93 160000 --- a/database +++ b/database @@ -1 +1 @@ -Subproject commit 98b09ea1738f3acae35048ae70db30c1fc069e65 +Subproject commit a0e8c932c36b0f6fa3144e626d162fbd42285c4c diff --git a/docker-compose.yml b/docker-compose.yml index 94e6857..a49b361 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -59,6 +59,8 @@ services: PHP_VERSION: ${PHP_VERSION} image: european-airports/api-php-fpm restart: always + depends_on: + - database env_file: - ./php-fpm/php.env - ./backend/php.env @@ -66,9 +68,10 @@ services: - ./backend/src/:/var/www/html networks: - backend -# secrets: -# - - + secrets: + - eaBackendUser + - eaBackendPw + frontend-nginx: container_name: european-airports_www-nginx build: @@ -104,9 +107,35 @@ services: - ./frontend/src/:/var/www/html networks: - web -# secrets: -# - - + + database: + container_name: european-airports_mariadb + build: + context: ./mariadb + args: + MARIADB_VERSION: ${MARIADB_VERSION} + image: european-airports/mariadb + restart: "no" # always + env_file: + - ./mariadb/mariadb.env + - ./database/mariadb.env + volumes: + - ./database/data:/var/lib/mysql + - ./database/init:/docker-entrypoint-initdb.d:ro + secrets: + - rootUser + - rootPw + - eaBackendUser + - eaBackendPw + - eaBackendGrantTable + - checkmkUser + - checkmkPw + - checkmkPrivs + networks: + - backend + labels: + - "traefik.enable=false" + networks: backend: driver: bridge @@ -116,6 +145,20 @@ networks: driver: bridge name: "european-airports/web" -# secrets: -# vereinsflieger: -# file: ./secrets/vereinsflieger.txt +secrets: + checkmkUser: + file: ./secrets/checkmk_name.txt + checkmkPw: + file: ./secrets/checkmk_pw.txt + checkmkPrivs: + file: ./secrets/checkmk_privileges.txt + eaBackendUser: + file: ./secrets/eaBackend_name.txt + eaBackendPw: + file: ./secrets/eaBackend_pw.txt + eaBackendGrantTable: + file: ./secrets/eaBackend_grantTable.txt + rootUser: + file: ./secrets/root_name.txt + rootPw: + file: ./secrets/root_pw.txt diff --git a/mariadb/.dockerignore b/mariadb/.dockerignore new file mode 100644 index 0000000..f0bf590 --- /dev/null +++ b/mariadb/.dockerignore @@ -0,0 +1,31 @@ +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + +# List files to exclude from the docker context here. Syntax is the same as for .gitignore. + +data/ \ No newline at end of file diff --git a/mariadb/Dockerfile b/mariadb/Dockerfile new file mode 100644 index 0000000..d88dde2 --- /dev/null +++ b/mariadb/Dockerfile @@ -0,0 +1,74 @@ +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + + +ARG MARIADB_VERSION +FROM mariadb:${MARIADB_VERSION} + +# Set timezone +RUN echo "Etc/UTC" > /etc/timezone && \ + dpkg-reconfigure -f noninteractive tzdata + +# Copy config files +COPY etc/ /etc/ + +# Copy update script +COPY tools/osupdate /sbin/osupdate +COPY tools/dbInit.sh /dbInit.sh +COPY tools/dbDump.sh /dbDump.sh + +# Copy CheckMk files +#COPY checkmk/check-mk-agent_2.1.0p18-1_all.deb /tmp/checkmk_agent.deb +#COPY checkmk/plugins /usr/lib/check_mk_agent/plugins +#COPY checkmk/config /etc/check_mk +#COPY checkmk/mk-job /usr/local/bin + +# Install dependencies +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y cron logrotate && \ +# apt-get install -y /tmp/checkmk_agent.deb && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + rm -rf /etc/logrotate.d/mysql-server +# rm /tmp/checkmk_agent.deb + +# Configure cron +COPY tools/crontab /tmp/crontab +RUN service cron start && \ + crontab /tmp/crontab && \ + rm /tmp/crontab + +# Define healthcheck +HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \ + CMD [ "/usr/local/bin/healthcheck.sh", "--connect" ] + +# Set entrypoint script +COPY entrypoint.sh /entrypoint.sh +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/mariadb/entrypoint.sh b/mariadb/entrypoint.sh new file mode 100755 index 0000000..e0061ff --- /dev/null +++ b/mariadb/entrypoint.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + +# Entry script to start the Docker container. This script performs preparatory actions before +# invoking the entrypoint script from the base image. + +# The upstream entrypoint script can be found here: +# https://github.com/MariaDB/mariadb-docker/blob/56ef6d9f842e1ddf50e4359625a6e5cef1748c38/10.11/docker-entrypoint.sh + + +# Set database password for CheckMk from secret +pw=`cat /run/secrets/checkmkPw` +sed -i "s/password=\"\"/password=\"$pw\"/g" /etc/check_mk/mysql.cfg + +# Run custom DB init script. This will superceed the upstream one. +/dbInit.sh + +# Invoke upstream entrypoint. This must be the last entry! +# The call might seem a bit awkward since the original entrypoint script uses functons and skips +# them when called. So the initial function call must be replicated here. Also the original script +# cannot simply be ommitted since it does a lot of importent work without the MariaDB server would +# not start. Also MariaDB insists be be run as PID1 which is the entrypoint script selected in the +# Dockerfile. +source /usr/local/bin/docker-entrypoint.sh +_main mariadbd "$@" diff --git a/mariadb/etc/README.md b/mariadb/etc/README.md new file mode 100644 index 0000000..c22cd68 --- /dev/null +++ b/mariadb/etc/README.md @@ -0,0 +1,9 @@ +# Container Config Files + +All files in this folder are config files of some sort for services that run inside the container. +The contents of this folder will be copied to `/etc/` during the build of the Docker image. + +For further informations regarding the configuration of specific services, check out the commentary +inside the config files and/or the service's manuals. + +Florian Meissner, DL1MRV \ No newline at end of file diff --git a/mariadb/etc/logrotate.d/mariadb b/mariadb/etc/logrotate.d/mariadb new file mode 100644 index 0000000..290055c --- /dev/null +++ b/mariadb/etc/logrotate.d/mariadb @@ -0,0 +1,86 @@ +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + +# This is the MariaDB configuration for the logrotate utility +# +# Note that on most Linux systems logs are written to journald, which has its +# own rotation scheme. +# +# Read https://mariadb.com/kb/en/error-log/ to learn more about logging and +# https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/ about rotating logs. + +/var/log/mysql/*.log { + + # If any of the files listed above is missing, skip them silently without + # emitting any errors + missingok + + # If file exists but is empty, don't rotate it + notifempty + + # Run daily + daily + + # Keep 14 days of logs + rotate 14 + + # Compress logs, as they are text and compression will save a lot of disk space + compress + + # Don't compress the log immediately to avoid errors about "file size changed while zipping" + delaycompress + + # Don't run the postrotate script for each file configured in this file, but + # run it only once if one or more files were rotated + sharedscripts + + # Immediately create new logfile + create 640 mysql adm + + # After each rotation, run this custom script to flush the logs. Note that + # this assumes that the mariadb-admin command has database access, which it + # has thanks to the default use of Unix socket authentication for the 'root' + # account used everywhere since MariaDB 10.4. + postrotate + if test -r /run/secrets/root_name + then + user=`/usr/bin/cat /run/secrets/root_name` + user="-u $user" + fi + + if test -r /run/secrets/root_pw + then + pw=`/usr/bin/cat /run/secrets/root_pw` + pw="-p$pw" + fi + + if test -x /usr/bin/mariadb-admin + then + /usr/bin/mariadb-admin --local $user $pw flush-logs + fi + endscript +} diff --git a/mariadb/etc/mysql/conf.d/01-logging.cnf b/mariadb/etc/mysql/conf.d/01-logging.cnf new file mode 100644 index 0000000..2fb260d --- /dev/null +++ b/mariadb/etc/mysql/conf.d/01-logging.cnf @@ -0,0 +1,52 @@ +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + +# Project specific config file for MariaDB server. +# Place all setting overriding the default values in here. +# This file is linked to the container as a volume + + +[mariadb] + +# Take logging away from Docker so that it can be used by CheckMk +log_output=FILE +log_error=/var/log/mysql/error.log +log_warnings=3 + +# ONLY ENABLE general_log IN DEVELOPMENT ENVIRONTMENTS!!! +# This file will store every query and will grow rather quickly. It may also store confidential data! +general_log=1 +general_log_file=/var/log/mysql/access.log + +# Log slow queries +slow_query_log=1 +slow_query_log_file=/var/log/mysql/slow.log +long_query_time=10 # sec +log_queries_not_using_indexes=ON +min_examined_row_limit=10000 +log_slow_admin_statements=ON +log_slow_verbosity=query_plan,explain \ No newline at end of file diff --git a/mariadb/mariadb.env b/mariadb/mariadb.env new file mode 100644 index 0000000..32b3185 --- /dev/null +++ b/mariadb/mariadb.env @@ -0,0 +1,87 @@ +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + +# Docker-Compose environment file for the MariaDB serice + +# Comment in the needed variables. +# For further information check: +# https://github.com/docker-library/docs/blob/master/mariadb/README.md#environment-variables + +# This specifies the password that will be set for the MariaDB root superuser account. +MARIADB_ROOT_PASSWORD_FILE=/run/secrets/rootPw + +#Set to a non-empty value, like yes, to allow the container to be started with a blank password for +# the root user. +# NOTE: Setting this variable to yes is not recommended unless you really know what you are doing, +# since this will leave your MariaDB instance completely unprotected, allowing anyone to gain +# complete superuser access. +#MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=yes + +# Set to a non-empty value, like yes, to generate a random initial password for the root user. The +# generated root password will be printed to stdout (GENERATED ROOT PASSWORD: .....). +#MARIADB_RANDOM_ROOT_PASSWORD=yes + +# This is the hostname part of the root user created. By default this is %, however it can be set +# to any default MariaDB allowed hostname component. Setting this to localhost will prevent any +# root user being accessible except via the unix socket. +#MARIADB_ROOT_HOST= + +# Set MARIADB_MYSQL_LOCALHOST_USER to a non-empty value to create the mysql@locahost database user. +# This user is especially useful for a variety of health checks and backup scripts. +# The mysql@localhost user gets USAGE privileges by default. If more access is required, additional +# global privileges in the form of a comma separated list can be provided. If you are sharing a +# volume containing MariaDB's unix socket (/var/run/mysqld by default), privileges beyond USAGE can +# result in confidentiality, integrity and availability risks, so use a minimal set. See the example +# below on using Mariabackup. The healthcheck.sh script also documents the required privileges for +# each health check test. +#MARIADB_MYSQL_LOCALHOST_USER= + + +# This variable allows you to specify the name of a database to be created on image startup. +MARIADB_DATABASE=eaMain + +# These are used in conjunction to create a new user and to set that user's password. Both user and +# password variables are required for a user to be created. This user will be granted all access +# (corresponding to GRANT ALL) to the MARIADB_DATABASE database. +# Do note that there is no need to use this mechanism to create the root superuser, that user gets +# created by default with the password specified by the MARIADB_ROOT_PASSWORD variable. +MARIADB_USER_FILE=/run/secrets/eaBackendUser +MARIADB_PASSWORD_FILE=/run/secrets/eaBackendPw + +# By default, the entrypoint script automatically loads the timezone data needed for the +# CONVERT_TZ() function. If it is not needed, any non-empty value disables timezone loading. +#MARIADB_INITDB_SKIP_TZINFO=yes + +# Set MARIADB_AUTO_UPGRADE to a non-empty value to have the entrypoint check whether +# mysql_upgrade/mariadb-upgrade needs to run, and if so, run the upgrade before starting the +# MariaDB server. +# Before the upgrade, a backup of the system database is created in the top of the datadir with the +# name system_mysql_backup_*.sql.zst. This backup process can be disabled with by setting +# MARIADB_DISABLE_UPGRADE_BACKUP to a non-empty value. +#MARIADB_AUTO_UPGRADE=yes +#MARIADB_DISABLE_UPGRADE_BACKUP=yes diff --git a/mariadb/tools/crontab b/mariadb/tools/crontab new file mode 100644 index 0000000..7389228 --- /dev/null +++ b/mariadb/tools/crontab @@ -0,0 +1,56 @@ +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + +# ************************************************* +# * ___ _ * +# * / (_) | | * +# * | ,_ __ _ _ _|_ __, | | * +# * | / | / \_/ |/ | | / | |/ \_ * +# * \___/ |_/\__/ | |_/|_/\_/|_/\_/ * +# * * +# ************************************************* + +# This is the crontab file for user root. It will be loaded and installed during the build process +# of the Docker image. + +# In order for CheckMk to monitor the jobs, the sytax is enhenced a little bit. After the time +# information the script `mk-job` is placed with a CHeckMk description of the Job as first argument. +# The actual job's script or command is then followd as the second argument. For further +# informations see `mk-job` in the `checkmk` folder. + +# Remember that this file must end with a new line! + +# How to install a cronjob in Docker: +# https://github.com/edwardsamuel/Docker-Cron-Job-Sample/blob/master/README.md + +# Florian Meissner, DL1MRV + +# m h dom mon dow `mk-job` desc command [args] +#* * * * * mkjob "Test-Job" echo "Hello world" `date` >> /var/log/cron.log 2>&1 +0 */4 * * * mk-job "DB Dump" /dbDump.sh +15 */4 * * * mk-job "Borg Backup" /borg.sh diff --git a/mariadb/tools/dbDump.sh b/mariadb/tools/dbDump.sh new file mode 100755 index 0000000..b542a52 --- /dev/null +++ b/mariadb/tools/dbDump.sh @@ -0,0 +1,90 @@ +#!/bin/bash + +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + +# **************************************************************************************** +# * ,__ __ ____ , __ ____ * +# * /| | | o (| \/|/ \ (| \ * +# * | | | __, ,_ __, | || __/ | | _ _ _ _ * +# * | | | / | / | | / | _| || \ _| || | / |/ |/ | |/ \_ * +# * | | |_/\_/|_/ |_/|_/\_/|_/(/\___/ |(__/ (/\___/ \_/|_/ | | |_/|__/ * +# * /| * +# * \| * +# **************************************************************************************** + +# Dump database contents to be later backed up. The dump will not contain any DROP or CREATE +# statements in order not to damage any existing data. This way `dbImport.sh` can use these files +# and run them over an eventually existing DB during the Docker entryint script. + +DUMP_DIR="/tmp/mariadb-dump" +DB_USER=`cat /run/secrets/rootUser` +DB_PW=`cat /run/secrets/rootPw` +DB_NAMES=( + #"example-db" + "eaMain" +) +ERROR_LOG="/var/log/mysql/dump.log" + +# Set excluded database tables here. Use an index for each database and separate tables by spaces. +declare -A EXCLUDED_TABLES=( + #[example-db]="table1 table2 table3" + #[toplist]="cty" +) + + +################################################################################################### + + +mkdir -p $DUMP_DIR + +for db in ${DB_NAMES[@]}; do + + # Assemble base command + read -r -d '' cmd << EOF + mariadb-dump + --single-transaction + --no-create-db + --insert-ignore + --user=$DB_USER + --password=$DB_PW + --databases $db + --dump-date + --log-error=$ERROR_LOG + --skip-add-drop-table + --skip-extended-insert + --no-create-info +EOF + + # Append excluded tables + for tbl in ${EXCLUDED_TABLES[$db]}; do + cmd="${cmd} --ignore-table=${db}.${tbl}" + done + + $cmd > $DUMP_DIR/$db.sql +done diff --git a/mariadb/tools/dbImport.sh b/mariadb/tools/dbImport.sh new file mode 100755 index 0000000..a6aaf2e --- /dev/null +++ b/mariadb/tools/dbImport.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + +# ******************************************************************************************** +# * ,__ __ ____ , __ _ * +# * /| | | o (| \/|/ \ | | * +# * | | | __, ,_ __, | || __/ | | _ _ _ _ __ ,_ _|_ * +# * | | | / | / | | / | _| || \ _ |/ / |/ |/ | |/ \_/ \_/ | | * +# * | | |_/\_/|_/ |_/|_/\_/|_/(/\___/ |(__/ \_/\/ | | |_/|__/ \__/ |_/|_/ * +# * /| * +# * \| * +# ******************************************************************************************** + +# Import an existing dump back into the database. It is designed to used dump files created with +# `dbDump.sh` and flush them over an existing DB. For that to work, `initDb.sh` should be run first +# if no database exists. + + +DUMP_DIR="/tmp/mariadb-dump" +DB_USER=`cat /run/secrets/rootUser` +DB_PW=`cat /run/secrets/rootPw` + +for file in $DUMP_DIR/*.sql; do + mariadb \ + --user=$DB_USER \ + --password=$DB_PW \ + < $file +done diff --git a/mariadb/tools/dbInit.sh b/mariadb/tools/dbInit.sh new file mode 100755 index 0000000..f981124 --- /dev/null +++ b/mariadb/tools/dbInit.sh @@ -0,0 +1,115 @@ +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + +# Initialize the database +# ======================= + +# This script will process all *.sh, *.sql, *.sql.gz, *sql.xz and *.sql.zst found in in the init +# directory recursively. They are processed in alphabetical order. + + +# CONFIG +LOG_FILE="/var/log/mysql/init.log" +INIT_DIR="/docker-entrypoint-initdb.d" + + +# Logging functions +# Inspired by MariaDB's upstream docker-entrypoint.sh +mysql_log() { + local type="$1"; + shift + printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" &>> $LOG_FILE +} +mysql_note() { + mysql_log Note "$@" +} + +mysql_warn() { + mysql_log Warn "$@" >&2 +} + +mysql_error() { + mysql_log ERROR "$@" >&2 + exit 1 +} + + +docker_process_sql() { + user=`cat /run/secrets/rootUser` + pw=`cat /run/secrets/rootPw` + +# echo "$user $pw" +# echo "$@" + mariadb \ + --user="${user}" \ + --password="${pw}" \ + "$@" +} + + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + local _top_of_stack=$(( ${#FUNCNAME[@]} - 1 )) + + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[${_top_of_stack}]}" = 'source' ] +} + + +# Main program start +_main() { + for f in $(find ${INIT_DIR} -name "*.sql*" -or -name "*.sh" | sort ); do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + mysql_note "$0: running $f" + "$f" + else + mysql_note "$0: sourcing $f" + # ShellCheck can't follow non-constant source. Use a directive to specify location. + # shellcheck disable=SC1090 + . "$f" + fi + ;; + *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; + *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) mysql_note "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) mysql_warn "$0: ignoring $f" ;; + esac + done +} + + +if ! _is_sourced +then + _main +fi diff --git a/mariadb/tools/osupdate b/mariadb/tools/osupdate new file mode 100755 index 0000000..05f3f3f --- /dev/null +++ b/mariadb/tools/osupdate @@ -0,0 +1,42 @@ +#!/bin/bash + +# **************************************************************************************************** +# * ______ _ _ * +# * | ____| /\ (_) | | * +# * | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +# * | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +# * | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +# * |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +# * | | | | * +# * |_| |_| * +# * * +# **************************************************************************************************** + +# This file is part of the European Airports Project, a free, collaborative platform of airport data +# extending beyond the official AIPs. + +# Copyright (C) 2023 + +# Florian Meissner + +# This program is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. This program is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. You should have received a copy of the GNU General Public License along with this program. +# (license.md in the root folder of this project) If not, see . + + +# Update script for Ubuntu based OS's. +# Florian Meissner, DL1MRV +# 03/2023 + +apt -y -qq update +echo "Hostname: ${HOSTNAME_HR}" +apt list --upgradable +read +apt -y -qq upgrade +apt -y -qq autoremove +apt-get clean +rm -rf /var/lib/apt/lists/* diff --git a/secrets/README.md b/secrets/README.md new file mode 100644 index 0000000..1e35c84 --- /dev/null +++ b/secrets/README.md @@ -0,0 +1,58 @@ +**************************************************************************************************** +* ______ _ _ * +* | ____| /\ (_) | | * +* | |__ _ _ _ __ ___ _ __ ___ __ _ _ __ / \ _ _ __ _ __ ___ _ __| |_ ___ * +* | __|| | | | '__/ _ \| '_ \ / _ \/ _` | '_ \ / /\ \ | | '__| '_ \ / _ \| '__| __/ __| * +* | |___| |_| | | | (_) | |_) | __/ (_| | | | | / ____ \| | | | |_) | (_) | | | |_\__ \ * +* |______\__,_|_| \___/| .__/ \___|\__,_|_| |_| /_/ \_\_|_| | .__/ \___/|_| \__|___/ * +* | | | | * +* |_| |_| * +* * +**************************************************************************************************** + +This file is part of the European Airports Project, a free, collaborative platform of airport data +extending beyond the official AIPs. + +Copyright (C) 2023 + +Florian Meissner + +This program is free software: you can redistribute it and/or modify it under the +terms of the GNU General Public License as published by the Free Software Foundation, either +version 3 of the License, or (at your option) any later version. This program is distributed in the +hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +details. You should have received a copy of the GNU General Public License along with this program. +(license.md in the root folder of this project) If not, see . + + +# MariaDB Secrets folder + +This folder contains the secrets files with the user credentials for the MariaDB server. + +You can rename the *.txt.example files into just *.txt and place your user name or password directly +into them. Each file must only hold one data entry and nothing else! The hole content of the file +will be interpreted as user name / password. + + +## What files are there? + +For each user there are up to four files in this folder. Each file starts with a common base string, +followed by an underscore and the kind of value it holds. All files with the same base are assumed +to belonging to the same user. + +The following file must/might exist: + +- `*_name.txt` The user name (required) +- `*_pw.txt` The user's password (required) +- `*_grantTable.txt` The tables on which privileges should be granted. If missing or empty, it + defaults to `*.*`. (Optional) +- `*_privileges.txt` The privileges that should be granted on the table. If missing or empty, it + defaults to `ALL PRIVILEGES`. (Optional) + + +## Additonal steps + +For each user, remember to mount the secrets in the `docker-compose.yml` and at a line to the bottom +of `init/01-mysql_user.sql`. See that file for details. + diff --git a/secrets/checkmk_name.txt b/secrets/checkmk_name.txt new file mode 100644 index 0000000..e723f66 --- /dev/null +++ b/secrets/checkmk_name.txt @@ -0,0 +1 @@ +checkmk \ No newline at end of file diff --git a/secrets/checkmk_privileges.txt b/secrets/checkmk_privileges.txt new file mode 100644 index 0000000..2841b64 --- /dev/null +++ b/secrets/checkmk_privileges.txt @@ -0,0 +1 @@ +SELECT, SHOW DATABASES \ No newline at end of file diff --git a/secrets/eaBackend_grantTable.txt b/secrets/eaBackend_grantTable.txt new file mode 100644 index 0000000..a1e450c --- /dev/null +++ b/secrets/eaBackend_grantTable.txt @@ -0,0 +1 @@ +eaMain \ No newline at end of file diff --git a/secrets/eaBackend_name.txt b/secrets/eaBackend_name.txt new file mode 100644 index 0000000..0ceb2b2 --- /dev/null +++ b/secrets/eaBackend_name.txt @@ -0,0 +1 @@ +eaBackend \ No newline at end of file diff --git a/secrets/root_name.txt b/secrets/root_name.txt new file mode 100644 index 0000000..93ca142 --- /dev/null +++ b/secrets/root_name.txt @@ -0,0 +1 @@ +root \ No newline at end of file