initial

rootfs/opt/bitnami/scripts/libldapclient.sh

@@ -0,0 +1,222 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Bitnami LDAP library
+
+# shellcheck disable=SC1090,SC1091
+
+# Load libraries
+. /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/liblog.sh
+. /opt/bitnami/scripts/libos.sh
+
+########################
+# Loads global variables used on LDAP configuration.
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   Series of exports to be used as 'eval' arguments
+#########################
+ldap_env() {
+    cat <<"EOF"
+export LDAP_NSLCD_USER="nslcd"
+export LDAP_URI="${LDAP_URI:-}"
+export LDAP_BASE="${LDAP_BASE:-}"
+export LDAP_BIND_DN="${LDAP_BIND_DN:-}"
+export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}"
+export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}"
+export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}"
+export LDAP_SCOPE="${LDAP_SCOPE:-}"
+export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}"
+export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}"
+export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}"
+
+EOF
+    if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then
+        cat <<"EOF"
+export LDAP_NSLCD_GROUP="nslcd"
+EOF
+    elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then
+        cat <<"EOF"
+export LDAP_NSLCD_GROUP="ldap"
+EOF
+    fi
+}
+
+########################
+# Return LDAP config file path depending on distro
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   None
+# Returns:
+#   (String) LDAP config file path
+#########################
+ldap_openldap_config_path() {
+    local openldap_config
+    case "$OS_FLAVOUR" in
+    debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;;
+    photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;;
+    *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;;
+    esac
+    echo "$openldap_config"
+}
+
+########################
+# Configure LDAP permissions (to be used at postunpack leve).
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_configure_permissions() {
+    ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775"
+    # The nslcd.conf file may not exist in distros like UBI, so we need to create it first
+    touch "/etc/nslcd.conf"
+    configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660"
+    configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660"
+}
+
+########################
+# Create nslcd.conf file
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_create_nslcd_config() {
+    if am_i_root; then
+        chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf"
+        chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd"
+        cat >"/etc/nslcd.conf" <<EOF
+# The user and group nslcd should run as
+uid $LDAP_NSLCD_USER
+gid $LDAP_NSLCD_GROUP
+EOF
+    else
+        cat >"/etc/nslcd.conf" <<EOF
+# Comment out uid,gid to avoid attempting change user/group to run as
+# uid
+# gid
+EOF
+    fi
+    cat >>"/etc/nslcd.conf" <<EOF
+nss_initgroups_ignoreusers $LDAP_NSS_INITGROUPS_IGNOREUSERS
+
+# The location at which the LDAP server(s) should be reachable.
+uri $LDAP_URI
+# The search base that will be used for all queries
+base $LDAP_BASE
+# The DN to bind with for normal lookups
+binddn $LDAP_BIND_DN
+bindpw $LDAP_BIND_PASSWORD
+EOF
+    if [[ -n "${LDAP_BASE_LOOKUP}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+base passwd $LDAP_BASE_LOOKUP
+EOF
+    fi
+    if [[ -n "${LDAP_SCOPE}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# The search scope
+scope $LDAP_SCOPE
+EOF
+    fi
+    if [[ -n "${LDAP_SEARCH_FILTER}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# LDAP search filter to use for posix users
+filter passwd (objectClass=$LDAP_SEARCH_FILTER)
+EOF
+    fi
+    if [[ -n "${LDAP_SEARCH_MAP}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# Used for lookup of custom attributes
+map passwd uid $LDAP_SEARCH_MAP
+EOF
+    fi
+    if [[ -n "${LDAP_TLS_REQCERT}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# TLS options
+tls_reqcert $LDAP_TLS_REQCERT
+EOF
+    fi
+    if am_i_root; then
+        chmod "600" "/etc/nslcd.conf"
+    fi
+}
+
+########################
+# Create ldap.conf file
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_create_openldap_config() {
+    cat >>"$(ldap_openldap_config_path)" <<EOF
+BASE $LDAP_BASE
+URI $LDAP_URI
+
+TLS_CACERTDIR   /etc/openldap/certs
+
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON    on
+EOF
+}
+
+########################
+# Create PAM configuration file
+# Globals:
+#   LDAP_*
+# Arguments:
+#   filename - PAM configuration file name
+# Returns:
+#   None
+#########################
+ldap_create_pam_config() {
+    local filename="${1:?ip is missing}"
+    cat >"/etc/pam.d/${filename}" <<EOF
+auth     required  pam_ldap.so  try_first_pass debug
+account  required  pam_ldap.so  debug
+EOF
+}
+
+########################
+# Initialize LDAP services
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_initialize() {
+    if [[ -n "${LDAP_URI}" && "${LDAP_BASE}" && "${LDAP_BIND_DN}" && "${LDAP_BIND_PASSWORD}" ]]; then
+        info "Configuring LDAP connection"
+        ldap_create_nslcd_config
+        ldap_create_openldap_config
+    else
+        info "Missing LDAP settings. Skipping LDAP initialization"
+    fi
+}
+
+########################
+# Start nslcd in background
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_start_nslcd_bg() {
+    info "Starting nslcd in background"
+    nslcd
+}

rootfs/opt/bitnami/scripts/mariadb-env.sh

@@ -0,0 +1,264 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Environment configuration for mariadb
+
+# The values for all environment variables will be set in the below order of precedence
+# 1. Custom environment variables defined below after Bitnami defaults
+# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
+# 3. Environment variables overridden via external files using *_FILE variables (see below)
+# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
+
+# Load logging library
+# shellcheck disable=SC1090,SC1091
+. /opt/bitnami/scripts/liblog.sh
+
+export BITNAMI_ROOT_DIR="/opt/bitnami"
+export BITNAMI_VOLUME_DIR="/bitnami"
+
+# Logging configuration
+export MODULE="${MODULE:-mariadb}"
+export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
+
+# By setting an environment variable matching *_FILE to a file path, the prefixed environment
+# variable will be overridden with the value specified in that file
+mariadb_env_vars=(
+    ALLOW_EMPTY_PASSWORD
+    MARIADB_AUTHENTICATION_PLUGIN
+    MARIADB_ROOT_USER
+    MARIADB_ROOT_PASSWORD
+    MARIADB_USER
+    MARIADB_PASSWORD
+    MARIADB_DATABASE
+    MARIADB_MASTER_HOST
+    MARIADB_MASTER_PORT_NUMBER
+    MARIADB_MASTER_ROOT_USER
+    MARIADB_MASTER_ROOT_PASSWORD
+    MARIADB_MASTER_DELAY
+    MARIADB_REPLICATION_USER
+    MARIADB_REPLICATION_PASSWORD
+    MARIADB_PORT_NUMBER
+    MARIADB_REPLICATION_MODE
+    MARIADB_REPLICATION_SLAVE_DUMP
+    MARIADB_EXTRA_FLAGS
+    MARIADB_INIT_SLEEP_TIME
+    MARIADB_CHARACTER_SET
+    MARIADB_COLLATE
+    MARIADB_BIND_ADDRESS
+    MARIADB_SQL_MODE
+    MARIADB_UPGRADE
+    MARIADB_SKIP_TEST_DB
+    MARIADB_CLIENT_ENABLE_SSL
+    MARIADB_CLIENT_SSL_CA_FILE
+    MARIADB_CLIENT_SSL_CERT_FILE
+    MARIADB_CLIENT_SSL_KEY_FILE
+    MARIADB_CLIENT_EXTRA_FLAGS
+    MARIADB_STARTUP_WAIT_RETRIES
+    MARIADB_STARTUP_WAIT_SLEEP_TIME
+    MARIADB_ENABLE_SLOW_QUERY
+    MARIADB_LONG_QUERY_TIME
+    MARIADB_GALERA_CONF_DIR
+    MARIADB_GALERA_MOUNTED_CONF_DIR
+    MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP
+    MARIADB_GALERA_CLUSTER_BOOTSTRAP
+    MARIADB_GALERA_CLUSTER_ADDRESS
+    MARIADB_GALERA_CLUSTER_NAME
+    MARIADB_GALERA_NODE_NAME
+    MARIADB_GALERA_NODE_ADDRESS
+    MARIADB_GALERA_SST_METHOD
+    MARIADB_GALERA_MARIABACKUP_USER
+    MARIADB_GALERA_MARIABACKUP_PASSWORD
+    MARIADB_ENABLE_LDAP
+    MARIADB_ENABLE_TLS
+    MARIADB_TLS_CERT_FILE
+    MARIADB_TLS_KEY_FILE
+    MARIADB_TLS_CA_FILE
+    MARIADB_REPLICATION_USER
+    MARIADB_REPLICATION_PASSWORD
+    DB_ENABLE_SLOW_QUERY
+    DB_LONG_QUERY_TIME
+)
+for env_var in "${mariadb_env_vars[@]}"; do
+    file_env_var="${env_var}_FILE"
+    if [[ -n "${!file_env_var:-}" ]]; then
+        if [[ -r "${!file_env_var:-}" ]]; then
+            export "${env_var}=$(< "${!file_env_var}")"
+            unset "${file_env_var}"
+        else
+            warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
+        fi
+    fi
+done
+unset mariadb_env_vars
+export DB_FLAVOR="mariadb"
+
+# Paths
+export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb"
+export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb"
+export DB_DATA_DIR="${DB_VOLUME_DIR}/data"
+export DB_BIN_DIR="${DB_BASE_DIR}/bin"
+export DB_SBIN_DIR="${DB_BASE_DIR}/sbin"
+export DB_CONF_DIR="${DB_BASE_DIR}/conf"
+export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default"
+export DB_LOGS_DIR="${DB_BASE_DIR}/logs"
+export DB_TMP_DIR="${DB_BASE_DIR}/tmp"
+export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf"
+export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid"
+export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock"
+export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}"
+
+# System users (when running with a privileged user)
+export DB_DAEMON_USER="mysql"
+export DB_DAEMON_GROUP="mysql"
+
+# Default configuration (build-time)
+export MARIADB_DEFAULT_PORT_NUMBER="3306"
+export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time
+export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4"
+export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time
+export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0"
+export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time
+
+# MariaDB Galera authentication.
+export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}"
+export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}"
+export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN"
+export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}"
+export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization
+export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}"
+export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization
+export MARIADB_USER="${MARIADB_USER:-}"
+export DB_USER="$MARIADB_USER" # only used during the first initialization
+export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}"
+export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization
+export MARIADB_DATABASE="${MARIADB_DATABASE:-}"
+export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization
+export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}"
+export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization
+export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}"
+export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization
+export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}"
+export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization
+export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}"
+export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization
+export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}"
+export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization
+export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}"
+export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization
+export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}"
+export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization
+
+# Settings
+export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}"
+export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER"
+export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}"
+export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE"
+export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}"
+export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP"
+export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}"
+export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS"
+export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}"
+export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME"
+export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}"
+export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET"
+# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE
+MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}"
+export MARIADB_COLLATE="${MARIADB_COLLATE:-}"
+export DB_COLLATE="$MARIADB_COLLATE"
+export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}"
+export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS"
+export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}"
+export DB_SQL_MODE="$MARIADB_SQL_MODE"
+export MARIADB_UPGRADE="${MARIADB_UPGRADE:-AUTO}"
+export DB_UPGRADE="$MARIADB_UPGRADE"
+export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}"
+export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB"
+export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}"
+export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL"
+export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}"
+export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE"
+export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}"
+export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE"
+export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}"
+export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE"
+export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}"
+export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS"
+export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}"
+export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES"
+export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}"
+export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME"
+MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}"
+export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}"
+export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY"
+MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}"
+export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}"
+export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME"
+
+# Galera paths
+export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat"
+export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE"
+export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap"
+export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR"
+export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done"
+export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE"
+
+# Galera build-time defaults for cluster configuration
+export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://"
+export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS"
+export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera"
+export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME"
+export MARIADB_GALERA_DEFAULT_NODE_NAME=""
+export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME"
+export MARIADB_GALERA_DEFAULT_NODE_ADDRESS=""
+export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS"
+export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup"
+export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD"
+export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup"
+export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER"
+export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD=""
+export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD"
+
+# Galera cluster configuration.
+export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}"
+export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR"
+export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}"
+export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR"
+export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}"
+export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP"
+export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}"
+export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP"
+export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}"
+export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS"
+export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}"
+export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME"
+export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}"
+export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME"
+export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}"
+export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS"
+export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}"
+export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD"
+export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}"
+export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER"
+export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}"
+export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD"
+
+# LDAP
+export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}"
+export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP"
+
+# SSL/TLS configuration
+export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}"
+export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS"
+export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}"
+export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE"
+export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}"
+export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE"
+export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}"
+export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE"
+export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}"
+export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization
+export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}"
+export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization
+
+# Custom environment variables may be defined below

rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
+# Load libraries
+. /opt/bitnami/scripts/libbitnami.sh
+. /opt/bitnami/scripts/libmariadbgalera.sh
+
+# Load MariaDB environment variables
+. /opt/bitnami/scripts/mariadb-env.sh
+
+# We add the copy from default config in the entrypoint to not break users 
+# bypassing the setup.sh logic. If the file already exists do not overwrite (in
+# case someone mounts a configuration file in /opt/bitnami/mariadb/conf)
+debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR"
+cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR"
+
+print_welcome_page
+
+if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then
+    info "** Starting MariaDB setup **"
+    /opt/bitnami/scripts/mariadb-galera/setup.sh
+    info "** MariaDB setup finished! **"
+fi
+
+echo ""
+exec "$@"

rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
+# Load libraries
+. /opt/bitnami/scripts/libmariadbgalera.sh
+
+# Load MariaDB environment variables
+. /opt/bitnami/scripts/mariadb-env.sh
+
+mysql_healthcheck

rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
+# Load libraries
+. /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/libldapclient.sh
+. /opt/bitnami/scripts/libmariadbgalera.sh
+
+# Load MariaDB environment variables
+. /opt/bitnami/scripts/mariadb-env.sh
+
+# Load LDAP environment variables
+eval "$(ldap_env)"
+
+# Configure MariaDB options based on build-time defaults
+info "Configuring default MariaDB options"
+ensure_dir_exists "$DB_CONF_DIR"
+mysql_create_default_config
+
+for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do
+    ensure_dir_exists "$dir"
+    chmod -R g+rwX "$dir"
+done
+
+# LDAP permissions
+ldap_configure_permissions
+ldap_create_pam_config "mariadb"
+
+# Fix to avoid issues detecting plugins in mysql_install_db
+ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin"
+
+# Redirect all logging to stdout
+ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log"
+
+# Copy all initially generated configuration files to the default directory
+# (this is to avoid breaking when entrypoint is being overridden)
+cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR"

rootfs/opt/bitnami/scripts/mariadb-galera/run.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
+# Load libraries
+. /opt/bitnami/scripts/libos.sh
+. /opt/bitnami/scripts/libldapclient.sh
+. /opt/bitnami/scripts/libmariadbgalera.sh
+
+# Load MariaDB environment variables
+. /opt/bitnami/scripts/mariadb-env.sh
+
+# Load LDAP environment variables
+eval "$(ldap_env)"
+
+# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld
+EXEC="${DB_SBIN_DIR}/mysqld"
+
+flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}")
+[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}")
+
+# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable
+read -r -a db_extra_flags <<< "$(mysql_extra_flags)"
+[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}")
+
+# Add flags passed to this script
+flags+=("$@")
+
+# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld
+LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}"
+export LD_PRELOAD
+
+is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg
+
+info "** Starting MariaDB **"
+
+set_previous_boot
+
+if am_i_root; then
+    exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}"
+else
+    exec "$EXEC" "${flags[@]}"
+fi

rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
+# Load libraries
+. /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/libos.sh
+. /opt/bitnami/scripts/libmariadbgalera.sh
+. /opt/bitnami/scripts/libldapclient.sh
+
+# Load MariaDB environment variables
+. /opt/bitnami/scripts/mariadb-env.sh
+
+# Load LDAP environment variables
+eval "$(ldap_env)"
+
+# Ensure mysql unix socket file does not exist
+rm -rf "${DB_SOCKET_FILE}.lock"
+# Ensure MariaDB environment variables settings are valid
+mysql_validate
+# Ensure MariaDB is stopped when this script ends.
+trap "mysql_stop" EXIT
+if am_i_root; then
+    # Ensure 'daemon' user exists when running as 'root'
+    ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP"
+    # Ensure 'nslcd' user exists when running as 'root'
+    ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP"
+    # Fix logging issue when running as root
+    chmod o+w "$(readlink /dev/stdout)"
+fi
+# Ensure MariaDB is initialized
+mysql_initialize
+# Ensure LDAP is initialized
+is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize
+# Allow running custom initialization scripts
+mysql_custom_scripts 'init'
+# Allow running custom start scripts
+mysql_custom_scripts 'start'
+# Stop MariaDB before flagging it as fully initialized.
+# Relying only on the trap defined above could produce a race condition.
+mysql_stop