diff options
| -rw-r--r-- | files/backup/CentOS/mysql_backup.cron | 1 | ||||
| l--------- | files/backup/mysql_backup.cron | 1 | ||||
| -rw-r--r-- | files/config/CentOS/my.cnf | 16 | ||||
| -rw-r--r-- | files/config/CentOS/setmysqlpass.sh | 13 | ||||
| -rw-r--r-- | files/config/Gentoo/my.cnf | 146 | ||||
| l--------- | files/config/my.cnf | 1 | ||||
| -rw-r--r-- | manifests/init.pp | 110 | ||||
| -rw-r--r-- | manifests/munin.pp | 22 | ||||
| -rw-r--r-- | manifests/selinux.pp | 2 | ||||
| -rw-r--r-- | templates/root/my.cnf.erb | 4 |
10 files changed, 299 insertions, 17 deletions
diff --git a/files/backup/CentOS/mysql_backup.cron b/files/backup/CentOS/mysql_backup.cron new file mode 100644 index 0000000..fed14fb --- /dev/null +++ b/files/backup/CentOS/mysql_backup.cron @@ -0,0 +1 @@ +00 01 * * * root /usr/bin/mysqldump --all-databases --all | gzip > /var/lib/mysql/mysqldump.sql.gz && chmod 600 /var/lib/mysql/mysqldump.sql.gz diff --git a/files/backup/mysql_backup.cron b/files/backup/mysql_backup.cron new file mode 120000 index 0000000..7241624 --- /dev/null +++ b/files/backup/mysql_backup.cron @@ -0,0 +1 @@ +CentOS/mysql_backup.cron
\ No newline at end of file diff --git a/files/config/CentOS/my.cnf b/files/config/CentOS/my.cnf new file mode 100644 index 0000000..6d3efc6 --- /dev/null +++ b/files/config/CentOS/my.cnf @@ -0,0 +1,16 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +# Default to using old password format for compatibility with mysql 3.x +# clients (those using the mysqlclient10 compatibility package). +old_passwords=0 + +bind-address=127.0.0.1 + +[mysql.server] +user=mysql +basedir=/var/lib + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid diff --git a/files/config/CentOS/setmysqlpass.sh b/files/config/CentOS/setmysqlpass.sh new file mode 100644 index 0000000..8199292 --- /dev/null +++ b/files/config/CentOS/setmysqlpass.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +test $# -gt 0 || exit 1 + +/sbin/service mysqld stop + +/usr/libexec/mysqld --skip-grant-tables --user=root & +sleep 5 +echo "USE mysql; UPDATE user SET Password=PASSWORD('$1') WHERE User='root' AND Host='localhost';" | mysql -u root +killall mysqld + +/sbin/service mysqld start + diff --git a/files/config/Gentoo/my.cnf b/files/config/Gentoo/my.cnf new file mode 100644 index 0000000..b51ec21 --- /dev/null +++ b/files/config/Gentoo/my.cnf @@ -0,0 +1,146 @@ +# /etc/mysql/my.cnf: The global mysql configuration file. +# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-4.1,v 1.3 2006/05/05 19:51:40 chtekk Exp $ + +# The following options will be passed to all MySQL clients +[client] +#password = your_password +port = 3306 +socket = /var/run/mysqld/mysqld.sock + +[mysql] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqladmin] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlcheck] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqldump] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlimport] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlshow] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[myisamchk] +character-sets-dir=/usr/share/mysql/charsets + +[myisampack] +character-sets-dir=/usr/share/mysql/charsets + +# use [safe_mysqld] with mysql-3 +[mysqld_safe] +err-log = /var/log/mysql/mysql.err + +# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations +[mysqld] +character-set-server = utf8 +default-character-set = utf8 +user = mysql +port = 3306 +socket = /var/run/mysqld/mysqld.sock +pid-file = /var/run/mysqld/mysqld.pid +log-error = /var/log/mysql/mysqld.err +basedir = /usr +datadir = /var/lib/mysql +skip-locking +key_buffer = 16M +max_allowed_packet = 1M +table_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M +language = /usr/share/mysql/english + +# security: +# using "localhost" in connects uses sockets by default +# skip-networking +bind-address = 127.0.0.1 + +log-bin +server-id = 1 + +# point the following paths to different dedicated disks +tmpdir = /tmp/ +#log-update = /path-to-dedicated-directory/hostname + +# you need the debug USE flag enabled to use the following directives, +# if needed, uncomment them, start the server and issue +# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace +# this will show you *exactly* what's happening in your server ;) + +#log = /tmp/mysqld.sql +#gdb +#debug = d:t:i:o,/tmp/mysqld.trace +#one-thread + +# uncomment the following directives if you are using BDB tables +#bdb_cache_size = 4M +#bdb_max_lock = 10000 + +# the following is the InnoDB configuration +# if you wish to disable innodb instead +# uncomment just the next line +#skip-innodb +# +# the rest of the innodb config follows: +# don't eat too much memory, we're trying to be safe on 64Mb boxes +# you might want to bump this up a bit on boxes with more RAM +innodb_buffer_pool_size = 16M +# this is the default, increase it if you have lots of tables +innodb_additional_mem_pool_size = 2M +# +# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-( +# and upstream wants things to be under /var/lib/mysql/, so that's the route +# we have to take for the moment +#innodb_data_home_dir = /var/lib/mysql/ +#innodb_log_arch_dir = /var/lib/mysql/ +#innodb_log_group_home_dir = /var/lib/mysql/ +# you may wish to change this size to be more suitable for your system +# the max is there to avoid run-away growth on your machine +innodb_data_file_path = ibdata1:10M:autoextend:max:128M +# we keep this at around 25% of of innodb_buffer_pool_size +# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) +innodb_log_file_size = 5M +# this is the default, increase it if you have very large transactions going on +innodb_log_buffer_size = 8M +# this is the default and won't hurt you +# you shouldn't need to tweak it +set-variable = innodb_log_files_in_group=2 +# see the innodb config docs, the other options are not always safe +innodb_flush_log_at_trx_commit = 1 +innodb_lock_wait_timeout = 50 + +[mysqldump] +quick +max_allowed_packet = 16M + +[mysql] +# uncomment the next directive if you are not familiar with SQL +#safe-updates + +[isamchk] +key_buffer = 20M +sort_buffer_size = 20M +read_buffer = 2M +write_buffer = 2M + +[myisamchk] +key_buffer = 20M +sort_buffer_size = 20M +read_buffer = 2M +write_buffer = 2M + +[mysqlhotcopy] +interactive-timeout diff --git a/files/config/my.cnf b/files/config/my.cnf new file mode 120000 index 0000000..2892fbd --- /dev/null +++ b/files/config/my.cnf @@ -0,0 +1 @@ +CentOS/my.cnf
\ No newline at end of file diff --git a/manifests/init.pp b/manifests/init.pp index d21176a..fee8219 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,57 +1,135 @@ -# mysql.pp +# +# mysql module +# # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> -# See LICENSE for the full license granted to you. -# changed by immerda project group (admin(at)immerda.ch) +# Copyright 2008, admin(at)immerda.ch +# Copyright 2008, Puzzle ITC GmbH +# Marcel Härry haerry+puppet(at)puzzle.ch +# Simon Josi josi+puppet(at)puzzle.ch +# +# This program is free software; you can redistribute +# it and/or modify it under the terms of the GNU +# General Public License version 3 as published by +# the Free Software Foundation. +# + +# modules_dir { "mysql": } class mysql::server { case $operatingsystem { gentoo: { include mysql::server::gentoo } + centos: { include mysql::server::centos } default: { include mysql::server::base } } if $selinux { include mysql::selinux } + + if $use_munin { + include mysql::munin + } } class mysql::server::base { - package { mysql: + + package { mysql-server: ensure => present, } - file{ - "/etc/mysql/my.cnf": + file{'/etc/mysql/my.cnf': source => [ "puppet://$server/files/mysql/${fqdn}/my.cnf", "puppet://$server/files/mysql/my.cnf", - "puppet://$server/mysql/my.cnf" + "puppet://$server/mysql/config/${operatingsystem}/my.cnf", + "puppet://$server/mysql/config/my.cnf" ], ensure => file, - owner => root, - group => 0, - mode => 0444, - require => Package[mysql], + require => Package[mysql-server], notify => Service[mysql], + owner => root, group => 0, mode => 0644; + } + + case $mysql_rootpw { + '': { fail("You need to define a mysql root password! Please set \$mysql_rootpw in your site.pp or host config") } + } + + file{'/opt/bin/setmysqlpass.sh': + source => "puppet://$server/mysql/config/${operatingsystem}/setmysqlpass.sh", + require => Package[mysql-server], + owner => root, group => 0, mode => 0500; + } + + file {'/root/.my.cnf': + content => template('mysql/root/my.cnf.erb'), + require => [ Package[mysql-server] ], + owner => root, group => 0, mode => 0400; + } + + exec{'set_mysql_rootpw': + command => "/opt/bin/setmysqlpass.sh $mysql_rootpw", + unless => "mysqladmin -uroot status > /dev/null", + require => [ File['/opt/bin/setmysqlpass.sh'], Package[mysql-server] ], } - service { mysql: + file{'/etc/cron.d/mysql_backup.cron': + source => [ "puppet://$server/mysql/backup/${operatingsystem}/mysql_backup.cron", + "puppet://$server/mysql/backup/mysql_backup.cron" ], + require => [ Exec[set_mysql_rootpw], File['/root/.my.cnf'] ], + owner => root, group => 0, mode => 0600; + } + + service {mysql: ensure => running, + enable => true, hasstatus => true, require => Package[mysql], } munin::plugin { [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads]: + require => [ Package[mysql-server], Exec['set_mysql_rootpw'] ], } # Collect all databases and users - Mysql_database<<||>> - Mysql_user<<||>> - Mysql_grant<<||>> + Mysql_database<<| tag == "mysql_${fqdn}" |>> + Mysql_user<<| tag == "mysql_${fqdn}" |>> + Mysql_grant<<| tag == "mysql_${fqdn}" |>> } class mysql::server::gentoo inherits mysql::server::base { - Package[mysql] { + Package[mysql-server] { + alias => 'mysql', category => 'dev-db', } } + +class mysql::server::clientpackage inherits mysql::server::base { + package{mysql: + ensure => present, + } + + File['/opt/bin/setmysqlpass.sh']{ + require +> Package[mysql], + } + + File['/root/.my.cnf']{ + require +> Package[mysql], + } + + Exec['set_mysql_rootpw']{ + require +> Package[mysql], + } + File['/etc/cron.d/mysql_backup.cron']{ + require +> Package[mysql], + } +} + +class mysql::server::centos inherits mysql::server::clientpackage { + Service[mysql]{ + name => 'mysqld', + } + File['/etc/mysql/my.cnf']{ + path => '/etc/my.cnf', + } +} diff --git a/manifests/munin.pp b/manifests/munin.pp new file mode 100644 index 0000000..a7a862e --- /dev/null +++ b/manifests/munin.pp @@ -0,0 +1,22 @@ +# manifests/munin.pp + +class mysql::munin { + case $munin_mysql_password { + '': { fail("please specify \$munin_mysql_password to enable mysql munin plugin")} + } + + mysql_user{'munin@localhost': + password_hash => mysql_password("$munin_mysql_password"), + } + + mysql_grant{'munin@localhost': + privileges => 'select_priv', + require => Mysql_user['munin@localhost'], + } + + munin::plugin { + [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads]: + config => "env.mysqlopts --user=munin --password=\"${munin_mysql_password}\" -h localhost", + require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'] ] + } +} diff --git a/manifests/selinux.pp b/manifests/selinux.pp index 14115c7..1ec2e03 100644 --- a/manifests/selinux.pp +++ b/manifests/selinux.pp @@ -12,5 +12,5 @@ class mysql::selinux::gentoo { category => 'sec-policy', require => Package[mysql], } - selinux::loadmodule {"mysql": } + selinux::loadmodule {'mysql': } } diff --git a/templates/root/my.cnf.erb b/templates/root/my.cnf.erb new file mode 100644 index 0000000..7800843 --- /dev/null +++ b/templates/root/my.cnf.erb @@ -0,0 +1,4 @@ +[client] +user=root +host=localhost +password=<%= mysql_rootpw %> |