| Age | Commit message (Collapse) | Author |
|---|
|
Every time the root password reset is used we're leaking the password to
the process list. If we use the already present /root/.my.cnf for
credentials then it has the same effect for verification and we avoid
leaking the password.
|
|
Conflicts:
files/scripts/optimize_tables.rb
manifests/server/base.pp
|
|
* EL7 uses mariadb & systemd -> adjust setpasswd script to that
* move the security ensurance to the setpassword script, as it's
easier to ensure that there
|
|
|
|
|
|
|
|
|
|
To workaround a limitation of the exec provider within puppet, we
do the unless check no within the script itself and ensure that
we use the password there.
https://labs.riseup.net/code/issues/6638
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Since this script is rooting the database, it'd be good to use a little
more precaution so that we don't let systems be in an inconsistent case
when crashing.
In cases where the PATH variable is not appropriately set (variable is
empty by default when script is invoked by puppet) the script shuts down
mysql and then is not able to call most commands.
|
|
|
|
Conflicts:
files/config/my.cnf.Debian
manifests/server/base.pp
manifests/server/munin/default.pp
manifests/server/nagios.pp
|
|
Conflicts:
manifests/server/cron/backup.pp
|
|
|
|
Lenny support was phased out and squeeze is the current stable.
There is an instruction in the file that originally came from lenny:
skip-bdb doesn't exist anymore in the mysql version in squeeze, so the
config file makes a fresh mysql install crash on Squeeze.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
Conflicts:
files/munin/mysql_connections
manifests/server/base.pp
manifests/server/munin/default.pp
|
|
Conflicts:
manifests/server/base.pp
|
|
mysql has one innodb file per default and this can become very
huge, which can trigger various issues [1]. So in general it
is recommended to set the innodb_file_per_table option [2].
[1] http://forums.mysql.com/read.php?35,121880,121886
[2] http://dev.mysql.com/doc/refman/5.0/en/innodb-multiple-tablespaces.html
|
|
It would make the daemon fail to load if put in the config.
|
|
|
|
The current procedure of setting the root MySQL password leaks the root
password by giving it to the setmysqlpass.sh script on the command line.
This means that during the couple of seconds that the script is
executing, the password is visible in the process list!
Since we're already writing the password in the /root/.my.cnf file, make
the setmysqlpass.sh script parse this file to retrieve the password
instead of receiving it from a command line argument.
Also, in some shells the 'echo' command might appear in the process
list. Use a heredoc notation to create the output without using a
command.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
The current procedure of setting the root MySQL password leaks the root
password by giving it to the setmysqlpass.sh script on the command line.
This means that during the couple of seconds that the script is
executing, the password is visible in the process list!
Since we're already writing the password in the /root/.my.cnf file, make
the setmysqlpass.sh script parse this file to retrieve the password
instead of receiving it from a command line argument.
Also, in some shells the 'echo' command might appear in the process
list. Use a heredoc notation to create the output without using a
command.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
location of where they are
|
|
belongs in the nagios module
. change the default nagios::service::mysql check to use the check_mysql_health 'connection-time' check mode, which is identical to the original check, with some additional information
. stop using nagios::plugin::deploy because this doesn't work when more than one node attempts to realize this class
. stop exporting the nagios_command because this doesn't work when more than one node attempts to realize this class
. remove the check_health define, instead this be how it was before, as the previous nagios::service::mysql define
|
|
|
|
* create a mysql::server::nagios::base class with the common parts needed for the basic plugin, and the health plugin
* make mysql::server:nagios inherit mysql::server:nagios::base
* create a new class mysql::server::nagios::check_health inheriting ::base
the nagios module has also received a new define to setup the different nagios::service pieces for the different health check modes that might be desired
its assumed you would setup the different health check modes in site-mysql/init.pp as different hosts will require different modes and/or parameters, for example:
class site-mysql::server {
include mysql::server::nagios::check_health
nagios::service::mysql_health { [ 'connection-time', 'uptime', 'threads-connected', 'threadcache-hitrate' ]:
require => Mysql_grant[$nagios_mysql_user],
}
case $hostname {
"eider": {
nagios::service::mysql_health { [ 'slave-io-running', 'slave-sql-running', 'slave-lag' ]:
require => Mysql_grant[$nagios_mysql_user],
}
}
}
}
|
|
Conflicts:
manifests/server/base.pp
|
|
larger databases
|
|
|
|
|
|
|
|
$mysql_backup_dir and$mysql_optimize_cron; use a module_dir for scripts
|
|
|
|
sometimes it can happen that by locking all tables we run into
error 24, which means to many open files.
According to http://rackerhacker.com/2007/08/19/mysql-errcode-24-when-using-lock-tables/
we can use single-transaction to be nicer during backups.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
