diff options
27 files changed, 1151 insertions, 394 deletions
@@ -0,0 +1,102 @@ +Introduction/Notes +================== + +This module manages your mysql resources. + +Requirements +------------ + +If you are wanting munin integration, you will need the munin module installed. + +If you are wanting shorewall integration, you will need the shorewall module +installed. + +If you are wanting nagios integration, you will need the nagios module +installed, specifically it must have nagios::plugin::deploy functionality. + +You will need to have activated storedconfigs on the puppetmaster. + +Mysql Server +============ + +On a node where you wish to have a mysql server installed, you should first +define the mysql root password and then include mysql::server, for example: + +node foo { + $mysql_rootpw = "b00changem3" + include mysql::server +} + +This will manage the necessary directories and configuration files, it will +install the mysql client program and set the root password as you designated, +along with setting a /root/.my.cnf for various module operations. It will also +make sure the mysql service is running, and setup all the databases, users and +grant tables. + +The my.cnf file will installed from one of many possible places, see +manifests/server/base.pp for possible locations for managing this. + +Backups +------- + +If you wish to automatically setup a cronjob to backup your databases, you can +set the "$mysql_backup_cron = true" variable. This will setup a cronjob to do a +mysqldump at 1am of all the databases on the system and put them in +/var/backups/mysql by default. You can override this location by specifying +$mysql_backup_dir. + +Optimizing tables +----------------- + +If you wish mysql to periodically optimize tables, set the +"$mysql_optimize_cron = true" variable before you include mysql::server. + +Munin +----- + +If you wish to use munin you need to set the variables: $munin_mysql_password +and "$use_munin = true", before you include mysql::server. This will be used to +setup a mysql user for munin, with reduced privileges to allow for the various +munin graphs to be setup and queried. The munin graphs are: mysql_bytes, +mysql_queries, mysql_slowqueries and mysql_threads. NOTE: The +$munin_mysql_password is not necessary on Debian systems as it will handled with +Debian's /etc/mysql/debian.cnf. + +Nagios +------ + +If you wish nagios to check mysql, you should set the variable "$use_nagios = +true" along with the "$nagios_check_mysql = true" variable. You will also need +to set a password for the nagios mysql user which will be automatically created +for you with reduced privileges used only for nagios checks. You can do that by +setting the variable: $nagios_mysql_password = "f00changem3". These should be +set before you include mysql::server. + +Unless you specify otherwise, the default nagios check which will be performed +is the basic 'check_mysql' nagios plugin which simply tests connectivity to a +MySQL server. You can specify more advanced mysql health checks as follows: + +mysql::server::nagios::check_health { [ 'connection-time', 'uptime', 'threads-connected', + 'slave-lag', 'slave-io-running', 'slave-sql-running' ]: } + +See the files/nagios/check_mysql_health script for the various mysql health +checks that you can perform. Additionally, see the define "check_health" in +manifests/server/nagios.pp for various options that you can pass to check_health. + +Firewall +-------- + +If you wish to have firewall rules setup automatically for you, using shorewall, +you will need to set: $use_shorewall = true. See the shorewall module for more +information about how this works. + + +Client +====== + +On a node where you wish to have the mysql client managed, you can 'include +mysql::client' in the node definition. This will install the appropriate +package. + +You can also 'include mysql::client::ruby' if you want the 'libmysql-ruby' +libraries installed.
\ No newline at end of file diff --git a/files/munin/mysql_connections b/files/munin/mysql_connections new file mode 100644 index 0000000..658b401 --- /dev/null +++ b/files/munin/mysql_connections @@ -0,0 +1,125 @@ +#!/usr/bin/perl +# +# This plugin is based off of the Connection Usage +# section of the MySQL Connection Health Page +# +# http://dev.mysql.com/doc/administrator/en/mysql-administrator-health-connection-health.html +# +# To enable, link mysql_connections to this file. E.g. +# +# ln -s /usr/share/node/node/plugins/mysql_connections /etc/munin/plugins/mysql_connections +# +# Revision 1.0 2007/08/03 +# Created by Justin Shepherd <galstrom21@gmail.com> +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# warning - Override default warning limit +# critical - Override default critical limit +# +#%# family=auto +#%# capabilities=autoconf + +use strict; + +# Define the mysqladmin paths, and commands +my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; +my $TEST_COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; +my $MYSQL_VARIABLES = "$MYSQLADMIN $ENV{mysqlopts} extended-status variables"; +my $warning = $ENV{warning} || "80"; +my $critical = $ENV{critical} || "90"; + +# Pull in any arguments +my $arg = shift(); + +# Check to see how the script was called +if ($arg eq 'config') { + print_graph_information(); + exit(); +} elsif ($arg eq 'autoconf') { + if (test_service()) { print "yes\n"; } + else { print "no\n"; } + exit; +} else { + # Define the values that are returned to munin + my ($available, $current, $upper_limit) = (0,0,0); + + # Gather the values from mysqladmin + $current = poll_variables($MYSQL_VARIABLES,"Threads_connected"); + $upper_limit = poll_variables($MYSQL_VARIABLES,"max_connections"); + $available = $upper_limit - $current; + + # Return the values to Munin + print "current.value $current\n"; + print "available.value $available\n"; +} + + +sub poll_variables { + my $command = shift; + my $expression = shift; + my $ret = 0; + open(SERVICE, "$command |") + or die("Coult not execute '$command': $!"); + while (<SERVICE>) { + my ($field, $value) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + next unless ($field); + if ($field eq $expression ) { + $ret = "$value"; + } + } + close(SERVICE); + return $ret; +} + + +sub print_graph_information { +print <<EOM; +graph_title MySQL Connections +graph_args --base 1000 -l 0 +graph_vlabel Connections +graph_info The number of current connections with respect to the max_connections setting. +graph_category mysql +graph_order current available +graph_total Total +current.label In Use +current.draw AREA +current.info The number of current threads connected +current.warning $warning +current.critical $critical +available.label Available +available.draw STACK +available.info The current value of the "max_connections" variable +EOM +} + + +sub test_service { + my $return = 1; + system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$TEST_COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} diff --git a/files/munin/mysql_qcache b/files/munin/mysql_qcache new file mode 100644 index 0000000..b074436 --- /dev/null +++ b/files/munin/mysql_qcache @@ -0,0 +1,123 @@ +#!/usr/bin/perl +# +# Copyright (C) 2006 - Rodolphe Quiedeville <rodolphe@quiedeville.org> +# Copyright (C) 2003-2004 - Andreas Buer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 dated June, +# 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Log$ +# Revision 1.0 2006/04/26 16:04:01 rodo +# Created by Rodolphe Quiedeville +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# +#%# family=auto +#%# capabilities=autoconf + +use strict; + +my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; +my $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; + +my %WANTED = ( "Qcache_queries_in_cache" => "queries"); + +my %WANTEDTYPE = ( "Qcache_queries_in_cache" => "GAUGE"); + +my $arg = shift(); + +if ($arg eq 'config') { + print_config(); + exit(); +} elsif ($arg eq 'autoconf') { + unless (test_service() ) { + print "yes\n"; + } else { + print "no\n"; + } + exit; +} + + +open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + +while (<SERVICE>) { + my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + next unless ($k); + if (exists $WANTED{$k} ) { + print("$WANTED{$k}.value $v\n"); + } +} + +close(SERVICE); + + +sub print_config { + + my $num = 0; + + print('graph_title MySQL Queries in cache +graph_args --base 1000 +graph_vlabel queries +graph_category mysql +graph_info Plugin available at <a href="http://rodolphe.quiedeville.org/hack/munin/">http://rodolphe.quiedeville.org/hack/munin/</a> +'); + + for my $key (keys %WANTED) { + my $title = $WANTED{$key}; + print("$title.label ${title}\n", + "$title.min 0\n", + "$title.type ".$WANTEDTYPE{$key}."\n", + "$title.max 500000\n", + "$title.draw ", ($num) ? "STACK" : "AREA" , "\n", + ); + $num++; + } + +} + + +sub test_service { + + my $return = 1; + + system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} diff --git a/files/munin/mysql_qcache_mem b/files/munin/mysql_qcache_mem new file mode 100644 index 0000000..0fe06c3 --- /dev/null +++ b/files/munin/mysql_qcache_mem @@ -0,0 +1,129 @@ +#!/usr/bin/perl +# +# Copyright (C) 2006 - Rodolphe Quiedeville <rodolphe@quiedeville.org> +# Copyright (C) 2003-2004 - Andreas Buer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 dated June, +# 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Log$ +# Revision 1.0 2006/04/28 09:04:01 rodo +# Add lower limit fixed to 0 +# +# Revision 1.0 2006/04/26 16:04:01 rodo +# Created by Rodolphe Quiedeville +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# +#%# family=auto +#%# capabilities=autoconf + +use strict; + +my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; +my $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; +my $COMMANDSIZE = "$MYSQLADMIN $ENV{mysqlopts} variables"; + +my %WANTED = ( "Qcache_free_memory" => "free" ); + +my $arg = shift(); + +if ($arg eq 'config') { + print_config(); + exit(); +} elsif ($arg eq 'autoconf') { + unless (test_service() ) { + print "yes\n"; + } else { + print "no\n"; + } + exit; +} + +my ($free, $used) = (0,0); + +open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + +while (<SERVICE>) { + my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + next unless ($k); + if (exists $WANTED{$k} ) { + $free = $v; + print("$WANTED{$k}.value $v\n"); + } +} +close(SERVICE); + +open(SERVICE, "$COMMANDSIZE |") + or die("Coult not execute '$COMMANDSIZE': $!"); + +while (<SERVICE>) { + my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + + next unless ($k); + if ($k eq "query_cache_size" ) { + print("used.value ",($v-$free),"\n"); + } +} +close(SERVICE); + +sub print_config { + + print('graph_title MySQL Queries Cache Size +graph_args --base 1024 -l 0 +graph_vlabel bytes +graph_category mysql +graph_order used free +graph_total Total +graph_info Plugin available at <a href="http://rodolphe.quiedeville.org/hack/munin/">http://rodolphe.quiedeville.org/hack/munin/</a> +used.label Used +used.draw AREA +free.label Free +free.draw STACK +'); +} + +sub test_service { + + my $return = 1; + + system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} diff --git a/files/munin/mysql_size_all b/files/munin/mysql_size_all new file mode 100644 index 0000000..f5954ad --- /dev/null +++ b/files/munin/mysql_size_all @@ -0,0 +1,179 @@ +#!/usr/bin/perl +# +# Copyright (C) 2007 - Rodolphe Quiedeville <rodolphe@quiedeville.org> +# Copyright (C) 2003-2004 - Andreas Buer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 dated June, +# 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Log$ +# Revision 1.1 2007/01/17 10:41:01 rodo +# Change incorrect family +# +# Revision 1.0 2007/01/16 15:57:01 rodo +# Created by Rodolphe Quiedeville +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# +#%# family=manual +#%# capabilities=autoconf + +use strict; + +# unless ($0 =~ /mysql_size(?:_([^_]+)|)_(.+)\s*$/) +# { +# die "Could not parse name $0.\n"; +# } +# my $db = $2; + +my $COMMAND; +my $MYSQLADMIN = $ENV{mysqladmin} || "mysql"; + +my %WANTED = ( "Index" => "index", + "Datas" => "datas", + ); + +my $arg = shift(); + +if ($arg eq 'config') { + print_config(); + exit(); +} elsif ($arg eq 'autoconf') { + unless (test_service() ) { + print "yes\n"; + } else { + print "no\n"; + } + exit; +} + +sub getDBList; +foreach my $db (getDBList()) { + + my $datas = 0; + my $indexes = 0; + my (@infos,$info,$i_data,$i_index); + + $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} $db -e 'show table status;' | head -n 1"; + + open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + + while (<SERVICE>) { + (@infos) = split; + } + close(SERVICE); + + my $i = 0; + foreach $info (@infos) { + $i++; + if ($info eq 'Data_length') { + $i_data = $i; + next; + } + if ($info eq 'Index_length') { + $i_index = $i; + last; + } + } + my $total_size = 0; + if ($i_data>0 && $i_index>0) { + $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} $db -e 'show table status;' | cut -f $i_data,$i_index | grep -v leng"; + + open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + + while (<SERVICE>) { + (m/(\d+).*?(\d+(?:\.\d+)?)/); + $datas += $1; + $indexes += $2; + } + close(SERVICE); + + $total_size = $datas+$indexes; + } + print("$db.value $total_size\n"); +# print("datas.value $datas\n"); +# print("index.value $indexes\n"); +} + + +sub print_config { + + my $num = 0; + + my @dbs = getDBList; + + print("graph_title MySQL databases size\n"); + print ('graph_args --base 1024 -l 0 +graph_vlabel bytes +graph_category mysql +graph_info Plugin available at <a href="http://rodolphe.quiedeville.org/hack/munin/">http://rodolphe.quiedeville.org/hack/munin/</a> +'); + + for my $db (@dbs) { + my $title = "$db"; + print("$title.label ${title}\n", + "$title.min 0\n", + "$title.type GAUGE\n", + "$title.draw ", ($num) ? "STACK" : "AREA" , "\n", + ); + $num++; + } +} + + +sub test_service { + + my $return = 1; + + system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} + +sub getDBList { + my @dbs; + foreach my $f (glob("/var/lib/mysql/*")) { + if (-d $f) { + $f =~ s!.*/!!; + @dbs[$#dbs+1]=$f }; + } + return @dbs; +} + diff --git a/files/scripts/Debian/setmysqlpass.sh b/files/scripts/Debian/setmysqlpass.sh index 5bd63e2..427daf0 100644 --- a/files/scripts/Debian/setmysqlpass.sh +++ b/files/scripts/Debian/setmysqlpass.sh @@ -8,7 +8,7 @@ test $# -gt 0 || exit 1 sleep 5 echo "USE mysql; UPDATE user SET Password=PASSWORD('$1') WHERE User='root' AND Host='localhost';" | mysql -u root killall mysqld -sleep 5 +sleep 15 # chown to be on the safe side ls -al /var/lib/mysql/mysql-bin.* &> /dev/null [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* diff --git a/files/scripts/optimize_tables.rb b/files/scripts/optimize_tables.rb index 52e726e..46e223e 100644 --- a/files/scripts/optimize_tables.rb +++ b/files/scripts/optimize_tables.rb @@ -5,8 +5,8 @@ ENV['HOME'] = '/root' tables = %x{mysql -Bse "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','mysql') AND Data_free > 0 AND ENGINE IN ('MyISAM','InnoDB','ARCHIVE')"} tables.each { |table| tableitems = table.chomp.split(/\t/) - system "mysql #{tableitems[0]} -Bse \"OPTIMIZE TABLE #{tableitems[1]}\" | grep -q OK" + system "mysql #{tableitems[0]} -Bse \"OPTIMIZE TABLE \\`#{tableitems[0]}\\`.\\`#{tableitems[1]}\\`\" | grep -q OK" if $?.to_i > 0 then - puts "error while optimizing #{tableitems[0]}. #{tableitems[1]}" + puts "error while optimizing #{tableitems[0]}.#{tableitems[1]}" end } diff --git a/lib/facter/mysql.rb b/lib/facter/mysql.rb index e262ec1..d08dabe 100644 --- a/lib/facter/mysql.rb +++ b/lib/facter/mysql.rb @@ -1,8 +1,5 @@ Facter.add("mysql_exists") do - ENV["PATH"]="/bin:/sbin:/usr/bin:/usr/sbin" - setcode do - mysqlexists = system "which mysql > /dev/null 2>&1" - ($?.exitstatus == 0) + File.exist? '/usr/bin/mysql' end end diff --git a/lib/puppet/provider/mysql_database/mysql.rb b/lib/puppet/provider/mysql_database/mysql.rb index 2b70e04..18b0a5a 100644 --- a/lib/puppet/provider/mysql_database/mysql.rb +++ b/lib/puppet/provider/mysql_database/mysql.rb @@ -1,55 +1,55 @@ require 'puppet/provider/package' Puppet::Type.type(:mysql_database).provide(:mysql, - :parent => Puppet::Provider::Package) do - - desc "Use mysql as database." - commands :mysqladmin => '/usr/bin/mysqladmin' - commands :mysql => '/usr/bin/mysql' - - # retrieve the current set of mysql users - def self.instances - dbs = [] - - cmd = "#{command(:mysql)} mysql -NBe 'show databases'" - execpipe(cmd) do |process| - process.each do |line| - dbs << new( { :ensure => :present, :name => line.chomp } ) - end - end - return dbs - end - - def query - result = { - :name => @resource[:name], - :ensure => :absent - } - - cmd = "#{command(:mysql)} mysql -NBe 'show databases'" - execpipe(cmd) do |process| - process.each do |line| - if line.chomp.eql?(@resource[:name]) - result[:ensure] = :present - end - end - end - result - end - - def create - mysqladmin "create", @resource[:name] - end - def destroy - mysqladmin "-f", "drop", @resource[:name] - end - - def exists? - if mysql("mysql", "-NBe", "show databases").match(/^#{@resource[:name]}$/) - true - else - false - end - end + :parent => Puppet::Provider::Package) do + + desc "Use mysql as database." + commands :mysqladmin => '/usr/bin/mysqladmin' + commands :mysql => '/usr/bin/mysql' + + # retrieve the current set of mysql users + def self.instances + dbs = [] + + cmd = "#{command(:mysql)} mysql -NBe 'show databases'" + execpipe(cmd) do |process| + process.each do |line| + dbs << new( { :ensure => :present, :name => line.chomp } ) + end + end + return dbs + end + + def query + result = { + :name => @resource[:name], + :ensure => :absent + } + + cmd = "#{command(:mysql)} mysql -NBe 'show databases'" + execpipe(cmd) do |process| + process.each do |line| + if line.chomp.eql?(@resource[:name]) + result[:ensure] = :present + end + end + end + result + end + + def create + mysqladmin "create", @resource[:name] + end + def destroy + mysqladmin "-f", "drop", @resource[:name] + end + + def exists? + if mysql("mysql", "-NBe", "show databases").match(/^#{@resource[:name]}$/) + true + else + false + end + end end diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index 61c32d9..2c44e0b 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -1,155 +1,155 @@ # A grant is either global or per-db. This can be distinguished by the syntax # of the name: -# user@host => global -# user@host/db => per-db +# user@host => global +# user@host/db => per-db require 'puppet/provider/package' MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, - :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, - :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, - :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, - :create_user_priv + :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, + :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, + :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, + :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, + :create_user_priv ] MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, - :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv + :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, + :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv ] Puppet::Type.type(:mysql_grant).provide(:mysql) do - desc "Uses mysql as database." - - commands :mysql => '/usr/bin/mysql' - commands :mysqladmin => '/usr/bin/mysqladmin' - - def mysql_flush - mysqladmin "flush-privileges" - end - - # this parses the - def split_name(string) - matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact - case matches.length - when 2 - { - :type => :user, - :user => matches[0], - :host => matches[1] - } - when 4 - { - :type => :db, - :user => matches[0], - :host => matches[1], - :db => matches[3] - } - end - end - - def create_row - unless @resource.should(:privileges).empty? - name = split_name(@resource[:name]) - case name[:type] - when :user - mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ - name[:host], name[:user], - ] - when :db - mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ - name[:host], name[:user], name[:db], - ] - end - mysql_flush - end - end - - def destroy - mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] - end - - def row_exists? - name = split_name(@resource[:name]) - fields = [:user, :host] - if name[:type] == :db - fields << :db - end - not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? - end - - def all_privs_set? - all_privs = case split_name(@resource[:name])[:type] - when :user - MYSQL_USER_PRIVS - when :db - MYSQL_DB_PRIVS - end - all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") - privs = privileges.collect do |p| p.to_s end.sort.join("|") - - all_privs == privs - end - - def privileges - name = split_name(@resource[:name]) - privs = "" - - case name[:type] - when :user - privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] - when :db - privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] - end - - if privs.match(/^$/) - privs = [] # no result, no privs - else - # returns a line with field names and a line with values, each tab-separated - privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end - # transpose the lines, so we have key/value pairs - privs = privs[0].zip(privs[1]) - privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end - end - - privs.collect do |p| symbolize(p[0].downcase) end - end - - def privileges=(privs) - unless row_exists? - create_row - end - - # puts "Setting privs: ", privs.join(", ") - name = split_name(@resource[:name]) - stmt = '' - where = '' - all_privs = [] - case name[:type] - when :user - stmt = 'update user set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_USER_PRIVS - when :db - stmt = 'update db set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_DB_PRIVS - end - - if privs[0] == :all - privs = all_privs - end - - # puts "stmt:", stmt - set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') - # puts "set:", set - stmt = stmt << set << where - - mysql "mysql", "-Be", stmt - mysql_flush - end + desc "Uses mysql as database." + + commands :mysql => '/usr/bin/mysql' + commands :mysqladmin => '/usr/bin/mysqladmin' + + def mysql_flush + mysqladmin "flush-privileges" + end + + # this parses the + def split_name(string) + matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact + case matches.length + when 2 + { + :type => :user, + :user => matches[0], + :host => matches[1] + } + when 4 + { + :type => :db, + :user => matches[0], + :host => matches[1], + :db => matches[3] + } + end + end + + def create_row + unless @resource.should(:privileges).empty? + name = split_name(@resource[:name]) + case name[:type] + when :user + mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ + name[:host], name[:user], + ] + when :db + mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ + name[:host], name[:user], name[:db], + ] + end + mysql_flush + end + end + + def destroy + mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] + end + + def row_exists? + name = split_name(@resource[:name]) + fields = [:user, :host] + if name[:type] == :db + fields << :db + end + not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? + end + + def all_privs_set? + all_privs = case split_name(@resource[:name])[:type] + when :user + MYSQL_USER_PRIVS + when :db + MYSQL_DB_PRIVS + end + all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") + privs = privileges.collect do |p| p.to_s end.sort.join("|") + + all_privs == privs + end + + def privileges + name = split_name(@resource[:name]) + privs = "" + + case name[:type] + when :user + privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] + when :db + privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] + end + + if privs.match(/^$/) + privs = [] # no result, no privs + else + # returns a line with field names and a line with values, each tab-separated + privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end + # transpose the lines, so we have key/value pairs + privs = privs[0].zip(privs[1]) + privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end + end + + privs.collect do |p| symbolize(p[0].downcase) end + end + + def privileges=(privs) + unless row_exists? + create_row + end + + # puts "Setting privs: ", privs.join(", ") + name = split_name(@resource[:name]) + stmt = '' + where = '' + all_privs = [] + case name[:type] + when :user + stmt = 'update user set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_USER_PRIVS + when :db + stmt = 'update db set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_DB_PRIVS + end + + if privs[0] == :all + privs = all_privs + end + + # puts "stmt:", stmt + set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') + # puts "set:", set + stmt = stmt << set << where + + mysql "mysql", "-Be", stmt + mysql_flush + end end diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb index adc46c3..e3908be 100644 --- a/lib/puppet/provider/mysql_user/mysql.rb +++ b/lib/puppet/provider/mysql_user/mysql.rb @@ -1,76 +1,76 @@ require 'puppet/provider/package' Puppet::Type.type(:mysql_user).provide(:mysql, - # T'is funny business, this code is quite generic - :parent => Puppet::Provider::Package) do + # T'is funny business, this code is quite generic + :parent => Puppet::Provider::Package) do - desc "Use mysql as database." - commands :mysql => '/usr/bin/mysql' - commands :mysqladmin => '/usr/bin/mysqladmin' + desc "Use mysql as database." + commands :mysql => '/usr/bin/mysql' + commands :mysqladmin => '/usr/bin/mysqladmin' - # retrieve the current set of mysql users - def self.instances - users = [] + # retrieve the current set of mysql users + def self.instances + users = [] - cmd = "#{command(:mysql)} mysql -NBe 'select concat(user, \"@\", host), password from user'" - execpipe(cmd) do |process| - process.each do |line| - users << new( query_line_to_hash(line) ) - end - end - return users - end + cmd = "#{command(:mysql)} mysql -NBe 'select concat(user, \"@\", host), password from user'" + execpipe(cmd) do |process| + process.each do |line| + users << new( query_line_to_hash(line) ) + end + end + return users + end - def self.query_line_to_hash(line) - fields = line.chomp.split(/\t/) - { - :name => fields[0], - :password_hash => fields[1], - :ensure => :present - } - end + def self.query_line_to_hash(line) + fields = line.chomp.split(/\t/) + { + :name => fields[0], + :password_hash => fields[1], + :ensure => :present + } + end - def mysql_flush - mysqladmin "flush-privileges" - end + def mysql_flush + mysqladmin "flush-privileges" + end - def query - result = {} + def query + result = {} - cmd = "#{command(:mysql)} -NBe 'select concat(user, \"@\", host), password from user where concat(user, \"@\", host) = \"%s\"'" % @resource[:name] - execpipe(cmd) do |process| - process.each do |line| - unless result.empty? - raise Puppet::Error, - "Got multiple results for user '%s'" % @resource[:name] - end - result = query_line_to_hash(line) - end - end - result - end + cmd = "#{command(:mysql)} -NBe 'select concat(user, \"@\", host), password from user where concat(user, \"@\", host) = \"%s\"'" % @resource[:name] + execpipe(cmd) do |process| + process.each do |line| + unless result.empty? + raise Puppet::Error, + "Got multiple results for user '%s'" % @resource[:name] + end + result = query_line_to_hash(line) + end + end + result + end - def create - mysql "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.should(:password_hash) ] - mysql_flush - end + def create + mysql "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.should(:password_hash) ] + mysql_flush + end - def destroy - mysql "mysql", "-e", "drop user '%s'" % @resource[:name].sub("@", "'@'") - mysql_flush - end + def destroy + mysql "mysql", "-e", "drop user '%s'" % @resource[:name].sub("@", "'@'") + mysql_flush + end - def exists? - not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource[:name]).empty? - end + def exists? + not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource[:name]).empty? + end - def password_hash - @property_hash[:password_hash] - end + def password_hash + @property_hash[:password_hash] + end - def password_hash=(string) - mysql "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] - mysql_flush - end + def password_hash=(string) + mysql "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] + mysql_flush + end end diff --git a/lib/puppet/type/mysql_database.rb b/lib/puppet/type/mysql_database.rb index bb25ffa..0ba929f 100644 --- a/lib/puppet/type/mysql_database.rb +++ b/lib/puppet/type/mysql_database.rb @@ -1,11 +1,14 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_database) do - @doc = "Manage a database." - ensurable - newparam(:name) do - desc "The name of the database." + @doc = "Manage a database." - # TODO: only [[:alnum:]_] allowed - end + ensurable + autorequire(:service) { 'mysql' } + + newparam(:name) do + desc "The name of the database." + + # TODO: only [[:alnum:]_] allowed + end end diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index 415f5aa..6bc7533 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -1,77 +1,79 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_grant) do - @doc = "Manage a database user's rights." - #ensurable + @doc = "Manage a database user's rights." - autorequire :mysql_db do - # puts "Starting db autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) - unless matches.nil? - reqs << matches[3] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + #ensurable + autorequire(:service) { 'mysqld' } - autorequire :mysql_user do - # puts "Starting user autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) - unless matches.nil? - reqs << "%s@%s" % [ matches[1], matches[2] ] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + autorequire :mysql_db do + # puts "Starting db autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) + unless matches.nil? + reqs << matches[3] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - newparam(:name) do - desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" - end - newproperty(:privileges, :array_matching => :all) do - desc "The privileges the user should have. The possible values are implementation dependent." - munge do |v| - symbolize(v) - end + autorequire :mysql_user do + # puts "Starting user autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) + unless matches.nil? + reqs << "%s@%s" % [ matches[1], matches[2] ] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - def should_to_s(newvalue = @should) - if newvalue - unless newvalue.is_a?(Array) - newvalue = [ newvalue ] - end - newvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end + newparam(:name) do + desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" + end + newproperty(:privileges, :array_matching => :all) do + desc "The privileges the user should have. The possible values are implementation dependent." + munge do |v| + symbolize(v) + end - def is_to_s(currentvalue = @is) - if currentvalue - unless currentvalue.is_a?(Array) - currentvalue = [ currentvalue ] - end - currentvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end + def should_to_s(newvalue = @should) + if newvalue + unless newvalue.is_a?(Array) + newvalue = [ newvalue ] + end + newvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end - # use the sorted outputs for comparison - def insync?(is) - if defined? @should and @should - case self.should_to_s - when "all" - self.provider.all_privs_set? - when self.is_to_s(is) - true - else - false - end - else - true - end - end + def is_to_s(currentvalue = @is) + if currentvalue + unless currentvalue.is_a?(Array) + currentvalue = [ currentvalue ] + end + currentvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end - end + # use the sorted outputs for comparison + def insync?(is) + if defined? @should and @should + case self.should_to_s + when "all" + self.provider.all_privs_set? + when self.is_to_s(is) + true + else + false + end + else + true + end + end + + end end diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb index 55d97b6..0b7e9af 100644 --- a/lib/puppet/type/mysql_user.rb +++ b/lib/puppet/type/mysql_user.rb @@ -1,7 +1,10 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_user) do @doc = "Manage a database user." + ensurable + autorequire(:service) { 'mysqld' } + newparam(:name) do desc "The name of the user. This uses the 'username@hostname' form." diff --git a/manifests/client/perl.pp b/manifests/client/perl.pp new file mode 100644 index 0000000..09a790b --- /dev/null +++ b/manifests/client/perl.pp @@ -0,0 +1,7 @@ +class mysql::client::perl { + + case $operatingsystem { + debian: { include mysql::client::perl::debian } + } + +} diff --git a/manifests/client/perl/debian.pp b/manifests/client/perl/debian.pp new file mode 100644 index 0000000..790eaff --- /dev/null +++ b/manifests/client/perl/debian.pp @@ -0,0 +1,6 @@ +class mysql::client::perl::debian { + + package { 'libdbd-mysql-perl': + ensure => present, + } +} diff --git a/manifests/default_database.pp b/manifests/default_database.pp new file mode 100644 index 0000000..1c99af5 --- /dev/null +++ b/manifests/default_database.pp @@ -0,0 +1,45 @@ +# create default database +# generate hashed password with: +# ruby -r'digest/sha1' -e 'puts "*" + Digest::SHA1.hexdigest(Digest::SHA1.digest(ARGV[0])).upcase' PASSWORD +define mysql::default_database( + $username = 'absent', + $password, + $password_is_encrypted = true, + $privileges = 'all', + $host = '127.0.0.1', + $ensure = 'present' +) { + $real_username = $username ? { + 'absent' => $name, + default => $username + } + mysql_database{"$name": + ensure => $ensure + } + case $password { + 'absent': { + info("we don't create the user for database: ${name}") + $grant_require = Mysql_database["$name"] + } + default: { + mysql_user{"${real_username}@${host}": + password_hash => $password_is_encrypted ? { + true => "$password", + default => mysql_password("$password") + }, + ensure => $ensure, + require => [ + Mysql_database["$name"] + ], + } + $grant_require = [ + Mysql_database["$name"], + Mysql_user["${real_username}@${host}"] + ] + } + } + mysql_grant{"${real_username}@${host}/${name}": + privileges => "$privileges", + require => $grant_require, + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 3d8d8e3..85fc88a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,9 +1,11 @@ # mysql module # # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> -# See LICENSE for the full license granted to you. # Copyright 2008, admin(at)immerda.ch # Copyright 2008, Puzzle ITC GmbH # Marcel Härry haerry+puppet(at)puzzle.ch # Simon Josi josi+puppet(at)puzzle.ch -# +# Copyright 2009-2010, Riseup Labs <http://riseuplabs.org> +# Pietro Ferrari <pietro@riseup.net> +# Micah Anderson <micah@riseup.net> + diff --git a/manifests/server.pp b/manifests/server.pp index 51324b5..e6e5fac 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,9 +1,5 @@ class mysql::server { - include common::moduledir - $mysql_moduledir = "${common::moduledir::module_dir_path}/mysql" - module_dir { ['mysql', 'mysql/server']: } - case $operatingsystem { gentoo: { include mysql::server::gentoo } centos: { include mysql::server::centos } @@ -19,7 +15,10 @@ class mysql::server { } if $use_nagios { - include mysql::server::nagios + case $nagios_check_mysql { + false: { info("We don't do nagioschecks for mysql on ${fqdn}" ) } + default: { include mysql::server::nagios } + } } if $use_shorewall { diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 480eda9..7ddff38 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -5,10 +5,13 @@ class mysql::server::base { file { 'mysql_main_cnf': path => '/etc/mysql/my.cnf', source => [ - "puppet://$server/modules/site-mysql/${fqdn}/my.cnf", - "puppet://$server/modules/site-mysql/my.cnf", - "puppet://$server/modules/mysql/config/my.cnf.${operatingsystem}", - "puppet://$server/modules/mysql/config/my.cnf" + "puppet:///modules/site-mysql/${fqdn}/my.cnf", + "puppet:///modules/site-mysql/my.cnf.${operatingsystem}.{lsbdistcodename}", + "puppet:///modules/site-mysql/my.cnf.${operatingsystem}", + "puppet:///modules/site-mysql/my.cnf", + "puppet:///modules/mysql/config/my.cnf.${operatingsystem}.{lsbdistcodename}", + "puppet:///modules/mysql/config/my.cnf.${operatingsystem}", + "puppet:///modules/mysql/config/my.cnf" ], ensure => file, require => Package['mysql-server'], @@ -37,8 +40,8 @@ class mysql::server::base { } file { 'mysql_setmysqlpass.sh': - path => "${mysql_moduledir}/server/setmysqlpass.sh", - source => "puppet://${server}/modules/mysql/scripts/${operatingsystem}/setmysqlpass.sh", + path => '/usr/local/sbin/setmysqlpass.sh', + source => "puppet:///modules/mysql/scripts/${operatingsystem}/setmysqlpass.sh", require => Package['mysql-server'], owner => root, group => 0, mode => 0500; } @@ -52,8 +55,8 @@ class mysql::server::base { } exec { 'mysql_set_rootpw': - command => "${mysql_moduledir}/server/setmysqlpass.sh ${mysql_rootpw}", - unless => "mysqladmin -uroot status > /dev/null", + command => "/usr/local/sbin/setmysqlpass.sh ${mysql_rootpw}", + unless => "/usr/bin/mysqladmin -uroot status > /dev/null", require => [ File['mysql_setmysqlpass.sh'], Package['mysql-server'] ], refreshonly => true, } @@ -70,7 +73,7 @@ class mysql::server::base { ensure => running, enable => true, hasstatus => true, - require => Package['mysql-client'], + require => Package['mysql-server'], } # Collect all databases and users diff --git a/manifests/server/cron.pp b/manifests/server/cron.pp deleted file mode 100644 index 36a7a1f..0000000 --- a/manifests/server/cron.pp +++ /dev/null @@ -1,2 +0,0 @@ -class mysql::server::cron { -} diff --git a/manifests/server/cron/backup.pp b/manifests/server/cron/backup.pp index 33b8f0f..c1e84d1 100644 --- a/manifests/server/cron/backup.pp +++ b/manifests/server/cron/backup.pp @@ -5,18 +5,23 @@ class mysql::server::cron::backup { default => $mysql_backup_dir, } - file { 'mysql_backup_dir': - path => $real_mysql_backup_dir, - source => "puppet://${server}/modules/common/empty", - ensure => directory, - owner => root, group => 0, mode => 0700, + case $mysql_manage_backup_dir { + false: { info("We don't manage \$mysql_backup_dir ($mysql_backup_dir)") } + default: { + file { 'mysql_backup_dir': + path => $real_mysql_backup_dir, + ensure => directory, + before => Cron['mysql_backup_cron'], + owner => root, group => 0, mode => 0700; + } + } } cron { 'mysql_backup_cron': - command => '/usr/bin/mysqldump --default-character-set=utf8 --all-databases --all --flush-logs --lock-tables --single-transaction | gzip > ${real_mysql_backup_dir}/mysqldump.sql.gz && chmod 600 ${real_mysql_backup_dir}/mysqldump.sql.gz', + command => "/usr/bin/mysqldump --default-character-set=utf8 --all-databases --all --flush-logs --lock-tables --single-transaction | gzip > ${real_mysql_backup_dir}/mysqldump.sql.gz && chmod 600 ${real_mysql_backup_dir}/mysqldump.sql.gz", user => 'root', minute => 0, hour => 1, - require => [ Exec['mysql_set_rootpw'], File['mysql_root_cnf'], File['mysql_backup_dir'] ], + require => [ Exec['mysql_set_rootpw'], File['mysql_root_cnf'] ], } } diff --git a/manifests/server/cron/optimize.pp b/manifests/server/cron/optimize.pp index 29ee66e..c238930 100644 --- a/manifests/server/cron/optimize.pp +++ b/manifests/server/cron/optimize.pp @@ -1,13 +1,13 @@ class mysql::server::cron::optimize { file { 'mysql_optimize_script': - path => "${mysql_moduledir}/server/optimize_tables.rb", - source => "puppet://${server}/modules/mysql/scripts/optimize_tables.rb", + path => '/usr/local/sbin/optimize_mysql_tables.rb', + source => "puppet:///modules/mysql/scripts/optimize_tables.rb", owner => root, group => 0, mode => 0700; } cron { 'mysql_optimize_cron': - command => "${mysql_moduledir}/server/optimize_tables.rb", + command => '/usr/local/sbin/optimize_mysql_tables.rb', user => 'root', minute => 40, hour => 6, diff --git a/manifests/server/munin/base.pp b/manifests/server/munin/base.pp new file mode 100644 index 0000000..ad4bb8a --- /dev/null +++ b/manifests/server/munin/base.pp @@ -0,0 +1,20 @@ +class mysql::server::munin::base { + + file { + "/usr/local/share/munin-plugins/mysql_connections": + source => "puppet:///modules/mysql/munin/mysql_connections", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_qcache": + source => "puppet:///modules/mysql/munin/mysql_qcache", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_qcache_mem": + source => "puppet:///modules/mysql/munin/mysql_qcache_mem", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_size_all": + source => "puppet:///modules/mysql/munin/mysql_size_all", + mode => 0755, owner => root, group => root; + } +} diff --git a/manifests/server/munin/debian.pp b/manifests/server/munin/debian.pp index 2b2acb4..d1636d5 100644 --- a/manifests/server/munin/debian.pp +++ b/manifests/server/munin/debian.pp @@ -1,9 +1,14 @@ # manifests/server/munin/debian.pp -class mysql::server::munin::debian { - munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads]: - config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", - require => Package['mysql'], - } +class mysql::server::munin::debian inherits mysql::server::munin::base { + munin::plugin { + [ mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads ]: + config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", + require => Package['mysql']; + + [ mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all ]: + config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", + script_path_in => "/usr/local/share/munin-plugins", + require => Package['mysql']; + } } diff --git a/manifests/server/munin/default.pp b/manifests/server/munin/default.pp index b60ff0d..2660ea0 100644 --- a/manifests/server/munin/default.pp +++ b/manifests/server/munin/default.pp @@ -1,6 +1,6 @@ # manifests/server/munin/default.pp -class mysql::server::munin::default { +class mysql::server::munin::default inherits mysql::server::munin::base { case $munin_mysql_password { '': { fail("please specify \$munin_mysql_password to enable mysql munin plugin")} } @@ -16,8 +16,13 @@ class mysql::server::munin::default { } munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads]: - config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", - require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ] + [ mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads ]: + config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", + require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ]; + + [ mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all ]: + script_path_in => "/usr/local/share/munin-plugins", + config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", + require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ]; } } diff --git a/manifests/server/nagios.pp b/manifests/server/nagios.pp index 4c1c153..4e2b8b8 100644 --- a/manifests/server/nagios.pp +++ b/manifests/server/nagios.pp @@ -1,33 +1,32 @@ # manifests/server/nagios.pp class mysql::server::nagios { - case $nagios_mysql_password { - '': { fail("please specify \$nagios_mysql_password to enable nagios mysql check")} - } - - # Flip this variable if you need to check MySQL through check_ssh or check_nrpe, - # in that case you will have to manually define nagios::service::mysql - if ($nagios_mysql_notcp != true) { - $nagios_mysql_user = 'nagios@%' - nagios::service::mysql { 'mysql': - check_hostname => $fqdn, - check_username => 'nagios', - check_password => $nagios_mysql_password, - check_mode => 'tcp', - require => Mysql_grant[$nagios_mysql_user], - } - } - else { - $nagios_mysql_user = 'nagios@localhost' - } - - mysql_user{$nagios_mysql_user: - password_hash => mysql_password("${nagios_mysql_password}"), - require => Package['mysql'], - } - - mysql_grant{$nagios_mysql_user: - privileges => 'select_priv', - require => [ Mysql_user[$nagios_mysql_user], Package['mysql'] ], + case $nagios_mysql_password { + '': { fail("please specify \$nagios_mysql_password to enable nagios mysql check")} + } + + # Flip this variable if you need to check MySQL through check_ssh or check_nrpe, + # in that case you will have to manually define nagios::service::mysql + if ($nagios_mysql_notcp != true) { + $nagios_mysql_user = 'nagios@%' + nagios::service::mysql { 'connection-time': + check_hostname => $fqdn, + require => Mysql_grant[$nagios_mysql_user], } + } + else { + $nagios_mysql_user = 'nagios@localhost' + } + + mysql_user{$nagios_mysql_user: + password_hash => mysql_password("${nagios_mysql_password}"), + require => Package['mysql'], + } + + # repl_client_priv is needed to check the replication slave status + # modes: slave-lag, slave-io-running and slave-sql-running + mysql_grant{$nagios_mysql_user: + privileges => [ 'select_priv', 'repl_client_priv' ], + require => [ Mysql_user[$nagios_mysql_user], Package['mysql'] ], + } } |