feat(jans-linux-setup): remove MariaDB support (#7218)

* feat(jans-linux-setup): remove MariaDB support

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* feat(jans-linux-setup): install mysql for suse

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: Mustafa Baser <mbaser@mail.com>
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

jans-linux-setup/jans_setup/app_info.json

@@ -12,6 +12,7 @@
   "PROMPT_TOOLKIT": "https://github.com/prompt-toolkit/python-prompt-toolkit/archive/refs/tags/3.0.33.zip",
   "WCWIDTH": "https://github.com/jquast/wcwidth/archive/refs/tags/0.2.5.zip",
   "PYGMENTS": "https://github.com/pygments/pygments/archive/refs/tags/2.13.0.zip",
+  "PYMYSQL": "https://github.com/PyMySQL/PyMySQL/archive/refs/tags/v1.0.3.zip",
   "REQUESTS_TOOLBELT": "https://github.com/requests/toolbelt/archive/refs/tags/1.0.0.zip",
   "CRYPTOGRAPHY": "https://files.pythonhosted.org/packages/20/8b/66600f5851ec7893ace9b74445d7eaf3499571b347e339d18c76c876b0f9/cryptography-37.0.4-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
   "TWILIO_MAVEN": "https://repo1.maven.org/maven2/com/twilio/sdk/twilio/",

jans-linux-setup/jans_setup/setup_app/data/package_list.json

@@ -2,66 +2,155 @@
   "red 7": {
     "optional": "",
     "mandatory": "httpd httpd-mod_ssl mod_auth_openidc rsyslog",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel-yaml",
+      "certifi": "python3-certifi",
+      "Crypto": "python3-cryptography",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "red 8": {
     "optional": "",
     "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel-yaml",
+      "certifi": "python3-certifi",
+      "Crypto": "python3-cryptography",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "red 9": {
     "optional": "",
     "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog",
-    "python": {"ldap3":"python-ldap3", "requests":"python-requests", "ruamel.yaml":"python-ruamel-yaml", "certifi":"python-certifi", "pymysql":"python-PyMySQL", "Crypto": "python-cryptography", "psycopg2":"python-psycopg2"}
+    "python": {
+      "ldap3": "python-ldap3",
+      "requests": "python-requests",
+      "ruamel.yaml": "python-ruamel-yaml",
+      "certifi": "python-certifi",
+      "Crypto": "python-cryptography",
+      "psycopg2": "python-psycopg2"
+    }
   },
   "centos 7": {
     "optional": "",
     "mandatory": "httpd mod_ssl mod_auth_openidc  rsyslog  python3-certifi",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel-yaml",
+      "Crypto": "python3-cryptography",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "centos 8": {
     "optional": "",
     "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel-yaml",
+      "certifi": "python3-certifi",
+      "Crypto": "python3-cryptography",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "centos 9": {
     "optional": "",
     "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog",
-    "python": {"ldap3":"python-ldap3", "requests":"python-requests", "ruamel.yaml":"python-ruamel-yaml", "certifi":"python-certifi", "pymysql":"python-PyMySQL", "Crypto": "python-cryptography", "psycopg2":"python-psycopg2"}
+    "python": {
+      "ldap3": "python-ldap3",
+      "requests": "python-requests",
+      "ruamel.yaml": "python-ruamel-yaml",
+      "certifi": "python-certifi",
+      "Crypto": "python-cryptography",
+      "psycopg2": "python-psycopg2"
+    }
   },
   "suse 15": {
     "optional": "",
     "mandatory": "apache2 apache2-mod_auth_openidc rsyslog openssl",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "cryptography": "python3-cryptography", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel.yaml",
+      "certifi": "python3-certifi",
+      "cryptography": "python3-cryptography",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "suse tumbleweed": {
     "optional": "",
     "mandatory": "apache2 apache2-mod_auth_openidc  rsyslog openssl",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "cryptography": "python3-cryptography", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel.yaml",
+      "certifi": "python3-certifi",
+      "cryptography": "python3-cryptography",
+      "psycopg2": "python3-psycopg2"
+    }
   },
-    "debian 11": {
+  "debian 11": {
     "optional": "",
     "mandatory": "apache2 rsyslog",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-pymysql", "cryptography":"python3-cryptography", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel.yaml",
+      "certifi": "python3-certifi",
+      "cryptography": "python3-cryptography",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "debian 10": {
     "optional": "",
     "mandatory": "apache2 rsyslog",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-pymysql", "Crypto": "python3-crypto", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel.yaml",
+      "certifi": "python3-certifi",
+      "Crypto": "python3-crypto",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "debian 9": {
     "optional": "",
     "mandatory": "apache2 rsyslog",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-pymysql", "Crypto": "python3-crypto", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel.yaml",
+      "certifi": "python3-certifi",
+      "Crypto": "python3-crypto",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "ubuntu 20": {
     "optional": "",
     "mandatory": "apache2 rsyslog python3-urllib3 python3-certifi",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "pymysql":"python3-pymysql", "Crypto": "python3-crypto", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel.yaml",
+      "Crypto": "python3-crypto",
+      "psycopg2": "python3-psycopg2"
+    }
   },
   "ubuntu 22": {
     "optional": "",
     "mandatory": "apache2 rsyslog python3-urllib3 python3-certifi",
-    "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "pymysql":"python3-pymysql", "cryptography":"python3-cryptography", "certifi":"python3-certifi", "psycopg2":"python3-psycopg2"}
+    "python": {
+      "ldap3": "python3-ldap3",
+      "requests": "python3-requests",
+      "ruamel.yaml": "python3-ruamel.yaml",
+      "cryptography": "python3-cryptography",
+      "certifi": "python3-certifi",
+      "psycopg2": "python3-psycopg2"
+    }
   }
 }

jans-linux-setup/jans_setup/setup_app/downloads.py

@@ -54,6 +54,19 @@ def download_pyjwt():
         base.download(base.current_app.app_info['PYJWT'], pyjwt_dir_zip_file, verbose=True)
         base.extract_subdir(pyjwt_dir_zip_file, 'jwt', pyjwt_dir)
 
+
+def download_pymysql():
+    pylib_dir = os.path.join(base.pylib_dir, 'pymysql')
+
+    if os.path.exists(pylib_dir) and not base.argsp.force_download:
+        return
+
+    with tempfile.TemporaryDirectory() as tmp_dir:
+        pylib_dir_zip_file = os.path.join(tmp_dir, os.path.basename(base.current_app.app_info['PYMYSQL']))
+        base.download(base.current_app.app_info['PYMYSQL'], pylib_dir_zip_file, verbose=True)
+        base.extract_subdir(pylib_dir_zip_file, 'pymysql', pylib_dir)
+
+
 def download_all():
     download_files = []
     modules = glob.glob(os.path.join(base.ces_dir, 'installers/*.py'))
@@ -79,3 +92,4 @@ def download_apps():
     download_sqlalchemy()
     download_cryptography()
     download_pyjwt()
+    download_pymysql()

jans-linux-setup/jans_setup/setup_app/installers/rdbm.py

@@ -6,6 +6,7 @@
 import sqlalchemy
 import shutil
 import zipfile
+import random
 
 from string import Template
 from schema import AttributeType
@@ -107,9 +108,14 @@ def fix_unit_file(self, service_name):
                 self.writeFile(unit_fn, '\n'.join(unit_file_content_list))
                 self.run(['systemctl', 'daemon-reload'])
 
+
+    def get_rdbm_pw(self):
+        return str(random.randint(10,99)) + random.choice('*_.<->') + self.getPW()
+
+
     def local_install(self):
         if not Config.rdbm_password:
-            Config.rdbm_password = self.getPW()
+            Config.rdbm_password = self.get_rdbm_pw()
         if not Config.rdbm_user:
             Config.rdbm_user = 'jans'
 
@@ -119,10 +125,17 @@ def local_install(self):
 
             if Config.rdbm_type == 'mysql':
                 if base.os_type == 'suse':
-                    self.restart('mariadb')
-                    self.fix_unit_file('mariadb')
-                    self.enable('mariadb')
-                    Config.backend_service = 'mariadb.service'
+                    self.restart('mysql')
+                    self.fix_unit_file('mysql')
+                    self.enable('mysql')
+                    Config.backend_service = 'mysql.service'
+                    for l in open('/var/log/mysql/mysqld.log'):
+                        if 'A temporary password is generated for' in l:
+                            n = l.find('root@localhost:')
+                            mysql_tmp_root_passwd = l[n+15:].strip()
+                            break
+                    Config.mysql_root_password = self.get_rdbm_pw()
+                    self.run(f'''mysql -u root -p'{mysql_tmp_root_passwd}' -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '{Config.mysql_root_password}'" --connect-expired-password''', shell=True)
 
                 elif base.clone_type == 'rpm':
                     self.restart('mysqld')
@@ -133,14 +146,15 @@ def local_install(self):
                     Config.backend_service = 'mysql.service'
 
                 result, conn = self.dbUtils.mysqlconnection(log=False)
+                user_passwd_str = f"-u root -p'{Config.mysql_root_password}' " if base.os_type == 'suse' else ''
                 if not result:
                     sql_cmd_list = [
-                        "CREATE DATABASE {};\n".format(Config.rdbm_db),
-                        "CREATE USER '{}'@'localhost' IDENTIFIED BY '{}';\n".format(Config.rdbm_user, Config.rdbm_password),
-                        "GRANT ALL PRIVILEGES ON {}.* TO '{}'@'localhost';\n".format(Config.rdbm_db, Config.rdbm_user),
+                        "CREATE DATABASE {}".format(Config.rdbm_db),
+                        "CREATE USER '{}'@'localhost' IDENTIFIED BY '{}'".format(Config.rdbm_user, Config.rdbm_password),
+                        "GRANT ALL PRIVILEGES ON {}.* TO '{}'@'localhost'".format(Config.rdbm_db, Config.rdbm_user),
                         ]
                     for cmd in sql_cmd_list:
-                        self.run("echo \"{}\" | mysql".format(cmd), shell=True)
+                        self.run(f'mysql {user_passwd_str}-e "{cmd}"', shell=True)
 
             elif Config.rdbm_type == 'pgsql':
                 if base.clone_type == 'rpm':

jans-linux-setup/jans_setup/setup_app/utils/base.py

@@ -48,7 +48,7 @@
     os_initdaemon = f.read().split()[1]
 
 # Determine os_type and os_version
-os_type, os_version = '', ''
+os_type, os_version, os_subversion = '', '', ''
 
 os_release_fn = '/usr/lib/os-release'
 if not os.path.exists(os_release_fn):
@@ -70,7 +70,10 @@
                         os_version = 'tumbleweed'
                         break
             elif row[0] == 'VERSION_ID':
-                os_version = row[1].split('.')[0]
+                version_split = row[1].split('.')
+                os_version = version_split[0]
+                if len(version_split) > 1:
+                    os_subversion = version_split[1]
 
 if not (os_type and os_version):
     print("Can't determine OS type and OS version")
@@ -101,6 +104,8 @@ def get_os_description():
     desc_dict = { 'suse': 'SUSE', 'red': 'RHEL', 'ubuntu': 'Ubuntu', 'deb': 'Debian', 'centos': 'CentOS', 'fedora': 'Fedora' }
     descs = desc_dict.get(os_type, os_type)
     descs += ' ' + os_version
+    if os_subversion:
+        descs += f'.{os_subversion}'
 
     fipsl = subprocess.getoutput("sysctl crypto.fips_enabled").strip().split()
 

jans-linux-setup/jans_setup/setup_app/utils/db_utils.py

@@ -43,7 +43,7 @@ class DBUtils:
     def bind(self, use_ssl=True, force=False):
 
         setattr(base.current_app, self.__class__.__name__, self)
-
+        self.mariadb = None
         base.logIt("Bind to database")
 
         logging.basicConfig(

jans-linux-setup/jans_setup/setup_app/utils/package_utils.py

@@ -56,7 +56,13 @@ def check_and_install_packages(self):
 
         if not Config.installed_instance:
             if base.argsp.local_rdbm == 'mysql' or (Config.get('rdbm_install_type') == InstallTypes.LOCAL and Config.rdbm_type == 'mysql'):
-                package_list[os_type_version]['mandatory'] += ' mysql-server'
+                if base.os_type == 'suse':
+                    self.run(['rpm', '-i', f'https://dev.mysql.com/get/mysql80-community-release-sl{base.os_version}-{base.os_subversion}.noarch.rpm'])
+                    self.run(['rpm', '--import', '/etc/RPM-GPG-KEY-mysql'])
+                    self.run(['zypper', '--gpg-auto-import-keys', 'refresh'])
+                    package_list[os_type_version]['mandatory'] += ' mysql-community-server'
+                else:
+                    package_list[os_type_version]['mandatory'] += ' mysql-server'
             if base.argsp.local_rdbm == 'pgsql' or (Config.get('rdbm_install_type') == InstallTypes.LOCAL and Config.rdbm_type == 'pgsql'):
                 package_list[os_type_version]['mandatory'] += ' postgresql python3-psycopg2 postgresql-contrib'
                 if base.clone_type == 'deb':

jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py

@@ -740,7 +740,11 @@ def prompt_for_rdbm(self):
 
                 if result[0]:
                     print("  {}Successfully connected to {} server{}".format(colors.OKGREEN, Config.rdbm_type.upper(), colors.ENDC))
-                    break
+                    dbUtils.set_mysql_version()
+                    if dbUtils.mariadb:
+                        print("  {}MariaDB is not supported. Please use MySQL Server. {}".format(colors.FAIL, colors.ENDC))
+                    else:
+                        break
                 else:
                     print("  {}Can't connect to {} server with provided credidentals.{}".format(colors.FAIL, Config.rdbm_type.upper(), colors.ENDC))
                     print("  ERROR:", result[1])
@@ -881,7 +885,10 @@ def prompt_for_backend(self):
 
                 try:
                     if Config.rdbm_type == 'mysql':
-                        pymysql.connect(host=Config.rdbm_host, user=Config.rdbm_user, password=Config.rdbm_password, database=Config.rdbm_db, port=Config.rdbm_port)
+                        conn = pymysql.connect(host=Config.rdbm_host, user=Config.rdbm_user, password=Config.rdbm_password, database=Config.rdbm_db, port=Config.rdbm_port)
+                        if 'mariadb' in conn.server_version.lower():
+                            print("  {}MariaDB is not supported. Please use MySQL Server. {}".format(colors.FAIL, colors.ENDC))
+                            continue
                     else:
                         psycopg2.connect(dbname=Config.rdbm_db, user=Config.rdbm_user, password=Config.rdbm_password, host=Config.rdbm_host, port=Config.rdbm_port)
                     print("  {}{} connection was successful{}".format(colors.OKGREEN, Config.rdbm_type.upper(), colors.ENDC))