Merge branch 'better_roopw_reset' into 'master'

Better roopw reset See merge request !41

Merge branch 'better_roopw_reset' into 'master'
ce363892 · Martin Bergemann · 3b50818b · 1a466d32 · ce363892 · ce363892
Commit ce363892 authored 2 years ago by Martin Bergemann
--- a/assets/db_service/reset_root_pw.sh
+++ b/assets/db_service/reset_root_pw.sh
@@ -2,17 +2,11 @@
 ### Reset the root password
 set -e
-pw_file=/var/lib/mysql/.pw_file
-if [ ! -f "$pw_file" ];then
-    echo $MYSQL_ROOT_PASSWORD > $pw_file
-fi
-root_pw=$(cat $pw_file)
 echo "USE mysql; FLUSH PRIVILEGES; ALTER USER "\
     "'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASSWORD'; "\
     "ALTER USER 'root'@'%' IDENTIFIED BY '$MYSQL_ROOT_PASSWORD'; "\
     "ALTER USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD'; "\
     "FLUSH PRIVILEGES;" > /tmp/my.sql
-mysql -p$root_pw -u root < /tmp/my.sql
+mysql -u root < /tmp/my.sql
-echo $MYSQL_ROOT_PASSWORD > $pw_file
 rm /tmp/my.sql
--- a/assets/playbooks/db-server-playbook.yml
+++ b/assets/playbooks/db-server-playbook.yml
@@ -16,9 +16,23 @@
        -p {{ db_port }}:3306
        -e MYSQL_ROOT_PASSWORD='{{ root_passwd }}'
        -v /root/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z
-        -v /root/reset_root_pw.sh:/docker-entrypoint-initdb.d/001_reset_passwords.sh:z
        -v /root/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z
        -t mariadb:latest
+    - skip_tables_cmd: >
+        --net {{ project_name }} -v
+        /opt/freva/{{project_name}}/db_service:/var/lib/mysql:z
+        --name {{ db_name }} -e HOST={{ db_host }}
+        -e NUM_BACKUPS=7
+        -e PROJECT={{ project_name }}
+        -e MYSQL_USER={{db_user}}
+        -e MYSQL_PASSWORD='{{db_passwd}}'
+        -e MYSQL_DATABASE={{db_db}}
+        -e BACKUP_DIR=/var/lib/mysql/backup
+        -p {{ db_port }}:3306
+        -e MYSQL_ROOT_PASSWORD='{{ root_passwd }}'
+        -v /root/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z
+        -v /root/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z
+        -t mariadb:latest mysqld_safe --skip-grant-tables
    - continer_name: "{{ db_name }}"
    - vault_name: "{{project_name}}-vault"
  tasks:
@@ -69,7 +83,7 @@
      become: true
    - name: Copying auxillary files to target machine
      become: true
-      copy: src="{{ asset_dir }}/db_service/reset_root_pw.sh" dest=/root/
+      copy: src="{{ asset_dir }}/db_service/reset_root_pw.sh" dest=/tmp/
    - name: Copying systemd files
      copy:
        src: "{{ asset_dir }}/scripts/{{ item }}"
@@ -84,6 +98,21 @@
        repo: https://gitlab.dkrz.de/freva/freva-service-config.git
        dest: /root/freva-service-config
        update: true
+    - name: Preparing the root password reset I
+      become: true
+      shell: /usr/local/bin/docker-or-podman run -d {{skip_tables_cmd}}
+    - pause: seconds=2
+    - name: Preparing the root password reset II
+      become: true
+      shell:  /usr/local/bin/docker-or-podman cp /tmp/reset_root_pw.sh {{db_name}}:/tmp
+    - name: Resetting the root password
+      become: true
+      shell: /usr/local/bin/docker-or-podman exec -it {{db_name}} bash /tmp/reset_root_pw.sh
+    - name: Deleting temp. container
+      become: true
+      shell: |
+        /usr/local/bin/docker-or-podman stop {{db_name}}
+        /usr/local/bin/docker-or-podman rm {{db_name}}
    - name: Creating the mysql docker container
      shell: /usr/local/bin/docker-or-podman run -d {{docker_cmd}}
      become: true
@@ -97,17 +126,14 @@
      shell: sh /tmp/create_cron.sh "{{ db_name }}" "{{db_email}}"
      when: cron.stat.exists == true
    - name: Deleting auxillary files
+      become: true
      file:
        state: absent
        path: "{{ item }}"
      with_items:
        - /tmp/create_systemd.py
        - /tmp/create_cron.sh
-    - name: Resetting the passwords
+        - /tmp/reset_root_pw.sh
-      become: true
-      shell: >
-        /usr/local/bin/docker-or-podman exec -it {{db_name}}
-        /bin/bash /docker-entrypoint-initdb.d/001_reset_passwords.sh
    - name: Restarting docker container
      become: true
      shell: systemctl restart "{{ db_name }}"

--- a/assets/scripts/docker-or-podman
+++ b/assets/scripts/docker-or-podman
@@ -19,7 +19,7 @@ def get_ids(username: Optional[str]) -> Dict[str, int]:
    return dict(uid=user.pw_uid, gid=user.pw_gid)
-def parse_args() -> List[str]:
+def parse_args(cont_cmd: str) -> List[str]:
    """Parse the commandline arguments."""
    app = argparse.ArgumentParser(prog=sys.argv[0], description="Docker/Podman wrapper")
@@ -31,6 +31,7 @@ def parse_args() -> List[str]:
        default=None,
    )
    args, container_args = app.parse_known_args()
+    ipv6_enable = ["--net", "slirp4netns:allow_host_loopback=true,enable_ipv6=true"]
    arguments = [args.command]
    for key, value in get_ids(args.username).items():
        if args.command == "build" and value:
@@ -38,6 +39,8 @@ def parse_args() -> List[str]:
        elif args.command == "run" and value:
            arguments.append("-e")
            arguments.append(f"{key.upper()}={value}")
+        if args.command == "run" and cont_cmd == "podman":
+            arguments += ipv6_enable
    return arguments + container_args
@@ -91,7 +94,7 @@ def write_command_to_disk(
 if __name__ == "__main__":
    container_cmd = get_container_cmd()
-    command = container_cmd + parse_args()
+    command = container_cmd + parse_args(container_cmd[0])
    write_command_to_disk(command)
    try:
        subprocess.run(command, check=True)

--- a/assets/web/freva_web.conf
+++ b/assets/web/freva_web.conf
@@ -163,7 +163,7 @@ Group www-data
 </IfModule>
-ServerName www-regiklim.dkrz.de
+ServerName ${FREVA_HOST}
 ServerAdmin you@example.com
 ServerSignature Off
@@ -189,6 +189,7 @@ SSLCryptoDevice builtin
    ProxyPass /static/ !
    ProxyPass / http://${FREVA_HOST}:8000/
    ProxyPassReverse / http://${FREVA_HOST}:8000/
+    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    SSLEngine on
    Alias /static /srv/static/
    Alias /robots.txt /srv/static/robots.txt

--- a/src/freva_deployment/__init__.py
+++ b/src/freva_deployment/__init__.py
-__version__ = "2205.1.15"
+__version__ = "2207.0.0"
 AVAILABLE_PYTHON_VERSIONS = ["3.7", "3.8", "3.9", "3.10"]
 AVAILABLE_CONDA_ARCHS = [
    "Linux-x86_64",