aboutsummaryrefslogtreecommitdiff
path: root/docker/mariadb
diff options
context:
space:
mode:
authorQuentin <quentin@deuxfleurs.fr>2019-06-01 16:02:49 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2019-07-11 09:33:07 +0200
commit61d009f18d5886db8b22ae41e04bb41a4ba2fddb (patch)
treee44bb326caf3107653c7a48749527cfd77f02cf2 /docker/mariadb
downloadinfrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.tar.gz
infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.zip
Initial commit
Diffstat (limited to 'docker/mariadb')
-rw-r--r--docker/mariadb/60-disable-dialog.cnf3
-rw-r--r--docker/mariadb/60-ldap.cnf3
-rw-r--r--docker/mariadb/60-remote.cnf2
-rw-r--r--docker/mariadb/Dockerfile14
-rw-r--r--docker/mariadb/README.md19
-rwxr-xr-xdocker/mariadb/entrypoint.sh50
-rw-r--r--docker/mariadb/nsswitch.conf21
-rw-r--r--docker/mariadb/pam-mariadb2
8 files changed, 114 insertions, 0 deletions
diff --git a/docker/mariadb/60-disable-dialog.cnf b/docker/mariadb/60-disable-dialog.cnf
new file mode 100644
index 0000000..d41731a
--- /dev/null
+++ b/docker/mariadb/60-disable-dialog.cnf
@@ -0,0 +1,3 @@
+[mariadb]
+pam_use_cleartext_plugin
+bind-address = 0.0.0.0
diff --git a/docker/mariadb/60-ldap.cnf b/docker/mariadb/60-ldap.cnf
new file mode 100644
index 0000000..72ffb9f
--- /dev/null
+++ b/docker/mariadb/60-ldap.cnf
@@ -0,0 +1,3 @@
+[mariadb]
+plugin-load=auth_pam.so
+
diff --git a/docker/mariadb/60-remote.cnf b/docker/mariadb/60-remote.cnf
new file mode 100644
index 0000000..f759a49
--- /dev/null
+++ b/docker/mariadb/60-remote.cnf
@@ -0,0 +1,2 @@
+[mysqld]
+bind-address = 0.0.0.0
diff --git a/docker/mariadb/Dockerfile b/docker/mariadb/Dockerfile
new file mode 100644
index 0000000..15ef954
--- /dev/null
+++ b/docker/mariadb/Dockerfile
@@ -0,0 +1,14 @@
+FROM debian:stretch
+
+RUN apt-get update && \
+ apt-get dist-upgrade -y && \
+ DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client libnss-ldapd
+
+COPY 60-ldap.cnf /etc/mysql/mariadb.conf.d/60-ldap.cnf
+COPY 60-remote.cnf /etc/mysql/mariadb.conf.d/60-remote.cnf
+COPY 60-disable-dialog.cnf /etc/mysql/mariadb.conf.d/60-disable-dialog.cnf
+COPY pam-mariadb /etc/pam.d/mariadb
+COPY nsswitch.conf /etc/nsswitch.conf
+COPY entrypoint.sh /usr/local/bin/entrypoint
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
diff --git a/docker/mariadb/README.md b/docker/mariadb/README.md
new file mode 100644
index 0000000..f20a59f
--- /dev/null
+++ b/docker/mariadb/README.md
@@ -0,0 +1,19 @@
+```
+sudo docker build -t superboum/amd64_mariadb:v2 .
+
+sudo docker run \
+ -t -i \
+ -p 3306:3306 \
+ -v /tmp/mysql:/var/lib/mysql \
+ -e LDAP_URI='ldap://bottin.service.2.cluster.deuxfleurs.fr' \
+ -e LDAP_BASE='ou=users,dc=deuxfleurs,dc=fr' \
+ -e LDAP_VERSION=3 \
+ -e LDAP_BIND_DN='cn=admin,dc=deuxfleurs,dc=fr' \
+ -e LDAP_BIND_PW='xxxx' \
+ -e MYSQL_PASSWORD='xxxx' \
+ superboum/amd64_mariadb:v1 \
+ tail -f /var/log/mysql/error.log
+
+CREATE USER quentin@localhost IDENTIFIED VIA pam USING 'mariadb';
+
+```
diff --git a/docker/mariadb/entrypoint.sh b/docker/mariadb/entrypoint.sh
new file mode 100755
index 0000000..7ebf049
--- /dev/null
+++ b/docker/mariadb/entrypoint.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+set -e
+
+cat > /etc/nslcd.conf <<EOF
+# /etc/nslcd.conf
+# nslcd configuration file. See nslcd.conf(5)
+# for details.
+
+# The user and group nslcd should run as.
+uid nslcd
+gid nslcd
+
+# The location at which the LDAP server(s) should be reachable.
+uri ${LDAP_URI}
+
+# The search base that will be used for all queries.
+base ${LDAP_BASE}
+
+# The LDAP protocol version to use.
+ldap_version ${LDAP_VERSION}
+
+# The DN to bind with for normal lookups.
+binddn ${LDAP_BIND_DN}
+bindpw ${LDAP_BIND_PW}
+
+# The DN used for password modifications by root.
+#rootpwmoddn cn=admin,dc=example,dc=com
+
+# SSL options
+#ssl off
+#tls_reqcert never
+tls_cacertfile /etc/ssl/certs/ca-certificates.crt
+
+# The search scope.
+#scope sub
+EOF
+
+/usr/sbin/nslcd
+
+chown mysql:mysql /var/lib/mysql
+[ -z "$(ls -A /var/lib/mysql)" ] && mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
+
+/usr/bin/mysqld_safe &
+
+until ls /var/run/mysqld/mysqld.sock; do sleep 1; done
+/usr/bin/mysqladmin -u root password ${MYSQL_PASSWORD} || true
+
+exec "$@"
+
diff --git a/docker/mariadb/nsswitch.conf b/docker/mariadb/nsswitch.conf
new file mode 100644
index 0000000..853348e
--- /dev/null
+++ b/docker/mariadb/nsswitch.conf
@@ -0,0 +1,21 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd: files ldap
+group: files ldap
+shadow: files ldap
+gshadow: files
+
+hosts: files dns
+networks: files
+
+protocols: db files
+services: db files
+ethers: db files
+rpc: db files
+
+netgroup: nis
+
diff --git a/docker/mariadb/pam-mariadb b/docker/mariadb/pam-mariadb
new file mode 100644
index 0000000..e1bb814
--- /dev/null
+++ b/docker/mariadb/pam-mariadb
@@ -0,0 +1,2 @@
+auth required pam_ldap.so
+account required pam_ldap.so