From bd6abae490891984283988a0b3c798b31b552ba3 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 3 May 2013 11:38:14 +0200 Subject: some mysql versions start to display a nasty warning - http://bugs.mysql.com/bug.php?id=68376 --- manifests/server/cron/backup.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/server/cron/backup.pp b/manifests/server/cron/backup.pp index 671ad9c..2b9dc6c 100644 --- a/manifests/server/cron/backup.pp +++ b/manifests/server/cron/backup.pp @@ -11,8 +11,14 @@ class mysql::server::cron::backup { } } + if versioncmp($::mysql_version,'5.1.68') > 0 { + $backup_command = "/usr/bin/mysqldump --default-character-set=utf8 --all-databases --create-options --flush-logs --lock-tables --single-transaction --events --ignore-table=mysql.event | gzip > ${mysql::server::backup_dir}/mysqldump.sql.gz && chmod 600 ${mysql::server::backup_dir}/mysqldump.sql.gz" + } else { + $backup_command = "/usr/bin/mysqldump --default-character-set=utf8 --all-databases --create-options --flush-logs --lock-tables --single-transaction | gzip > ${mysql::server::backup_dir}/mysqldump.sql.gz && chmod 600 ${mysql::server::backup_dir}/mysqldump.sql.gz" + } + cron { 'mysql_backup_cron': - command => "/usr/bin/mysqldump --default-character-set=utf8 --all-databases --create-options --flush-logs --lock-tables --single-transaction | gzip > ${mysql::server::backup_dir}/mysqldump.sql.gz && chmod 600 ${mysql::server::backup_dir}/mysqldump.sql.gz", + command => $backup_command, user => 'root', minute => 0, hour => 1, -- cgit v1.2.3 From 1e8e9f472c2321e0468b346653f1f3bc4403e318 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 20 May 2013 14:05:00 +0200 Subject: symbolize was removed in puppet 3 - See http://projects.puppetlabs.com/issues/16791 --- lib/puppet/provider/mysql_grant/mysql.rb | 2 +- lib/puppet/type/mysql_grant.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index d93b951..765ffe0 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -177,7 +177,7 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do # transpose the lines, so we have key/value pairs privs = privs[0].zip(privs[1]) privs = privs.select do |p| (/_priv$/) and p[1] == 'Y' end - privs.collect do |p| symbolize(p[0].downcase) end + privs.collect{|p| p[0].downcase.intern } end end end diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index c6311e5..e61f429 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -43,7 +43,7 @@ Puppet::Type.newtype(:mysql_grant) do newproperty(:privileges, :array_matching => :all) do desc "The privileges the user should have. The possible values are implementation dependent." munge do |v| - symbolize(v) + v.intern end def should_to_s(newvalue = @should) -- cgit v1.2.3 From 86ef2c3dd27e2c05dd66ead59aaea49a5c01d258 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 20 May 2013 14:32:43 +0200 Subject: use the defaults file if available --- lib/puppet/provider/mysql_database/mysql.rb | 22 +++++++++++---- lib/puppet/provider/mysql_grant/mysql.rb | 42 ++++++++++++++++++----------- lib/puppet/provider/mysql_user/mysql.rb | 26 +++++++++++++----- 3 files changed, 63 insertions(+), 27 deletions(-) diff --git a/lib/puppet/provider/mysql_database/mysql.rb b/lib/puppet/provider/mysql_database/mysql.rb index 18b0a5a..dc1730d 100644 --- a/lib/puppet/provider/mysql_database/mysql.rb +++ b/lib/puppet/provider/mysql_database/mysql.rb @@ -7,11 +7,23 @@ Puppet::Type.type(:mysql_database).provide(:mysql, commands :mysqladmin => '/usr/bin/mysqladmin' commands :mysql => '/usr/bin/mysql' + def self.defaults_file + if File.file?("#{Facter.value(:root_home)}/.my.cnf") + "--defaults-file=#{Facter.value(:root_home)}/.my.cnf" + else + nil + end + end + + def defaults_file + self.class.defaults_file + end + # retrieve the current set of mysql users def self.instances dbs = [] - cmd = "#{command(:mysql)} mysql -NBe 'show databases'" + cmd = "#{command(:mysql)} mysql #{defaults_file} -NBe 'show databases'" execpipe(cmd) do |process| process.each do |line| dbs << new( { :ensure => :present, :name => line.chomp } ) @@ -26,7 +38,7 @@ Puppet::Type.type(:mysql_database).provide(:mysql, :ensure => :absent } - cmd = "#{command(:mysql)} mysql -NBe 'show databases'" + cmd = "#{command(:mysql)} #{defaults_file} mysql -NBe 'show databases'" execpipe(cmd) do |process| process.each do |line| if line.chomp.eql?(@resource[:name]) @@ -38,14 +50,14 @@ Puppet::Type.type(:mysql_database).provide(:mysql, end def create - mysqladmin "create", @resource[:name] + mysqladmin(defaults_file, "create", @resource[:name]) end def destroy - mysqladmin "-f", "drop", @resource[:name] + mysqladmin(defaults_file, "-f", "drop", @resource[:name]) end def exists? - if mysql("mysql", "-NBe", "show databases").match(/^#{@resource[:name]}$/) + if mysql(defaults_file, "mysql" ,"-NBe", "show databases").match(/^#{@resource[:name]}$/) true else false diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index 765ffe0..17aaa33 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -54,8 +54,20 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do commands :mysql => '/usr/bin/mysql' commands :mysqladmin => '/usr/bin/mysqladmin' + # Optional defaults file + def self.defaults_file + if File.file?("#{Facter.value(:root_home)}/.my.cnf") + "--defaults-file=#{Facter.value(:root_home)}/.my.cnf" + else + nil + end + end + def defaults_file + self.class.defaults_file + end + def mysql_flush - mysqladmin "flush-privileges" + mysqladmin(defaults_file, "flush-privileges") end # this parses the @@ -101,24 +113,24 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do name = split_name(@resource[:name]) case name[:type] when :user - mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ + mysql(defaults_file, "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ name[:host], name[:user], - ] + ]) when :db - mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ + mysql(defaults_file, "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ name[:host], name[:user], name[:db], - ] + ]) when :column - mysql "mysql", "-e", "INSERT INTO columns_priv (host, user, db, table, column_name) VALUES ('%s', '%s', '%s', '%s', '%s')" % [ + mysql(defaults_file, "mysql", "-e", "INSERT INTO columns_priv (host, user, db, table, column_name) VALUES ('%s', '%s', '%s', '%s', '%s')" % [ name[:host], name[:user], name[:db], name[:table], name[:column], - ] + ]) end mysql_flush end end def destroy - mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] + mysql(defaults_file, "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]) end def row_exists? @@ -130,7 +142,7 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do if name[:type] == :column fields << :column end - not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? + not mysql(defaults_file, "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? end def all_privs_set? @@ -156,15 +168,15 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do case name[:type] when :user - privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] + privs = mysql(defaults_file, "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]) when :db - privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] + privs = mysql(defaults_file, "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]) when :tables_priv - privs = mysql "mysql", "-NBe", 'select Table_priv from tables_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s"' % [ name[:user], name[:host], name[:db], name[:table_name] ] + privs = mysql(defaults_file, "mysql", "-NBe", 'select Table_priv from tables_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s"' % [ name[:user], name[:host], name[:db], name[:table_name] ]) privs = privs.chomp.downcase return privs when :columns - privs = mysql "mysql", "-Be", 'select * from columns_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s" and Column_name="%s"' % [ name[:user], name[:host], name[:db], name[:table], name[:column] ] + privs = mysql(defaults_file, "mysql", "-Be", 'select * from columns_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s" and Column_name="%s"' % [ name[:user], name[:host], name[:db], name[:table], name[:column] ]) end if privs.match(/^$/) @@ -213,7 +225,7 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do if !revoke.empty? #puts "Revoking table privs: ", revoke - mysql "mysql", "-e", "REVOKE %s ON %s.%s FROM '%s'@'%s'" % [ revoke.join(", "), name[:db], name[:table_name], name[:user], name[:host] ] + mysql(defaults_file, "mysql", "-e", "REVOKE %s ON %s.%s FROM '%s'@'%s'" % [ revoke.join(", "), name[:db], name[:table_name], name[:user], name[:host] ]) end set = privs - currently_set @@ -245,7 +257,7 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do #puts "stmt:", stmt if !set.empty? - mysql "mysql", "-Be", stmt + mysql(defaults_file, "mysql", "-Be", stmt) mysql_flush end end diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb index e3908be..21a49d2 100644 --- a/lib/puppet/provider/mysql_user/mysql.rb +++ b/lib/puppet/provider/mysql_user/mysql.rb @@ -8,11 +8,23 @@ Puppet::Type.type(:mysql_user).provide(:mysql, commands :mysql => '/usr/bin/mysql' commands :mysqladmin => '/usr/bin/mysqladmin' + # Optional defaults file + def self.defaults_file + if File.file?("#{Facter.value(:root_home)}/.my.cnf") + "--defaults-file=#{Facter.value(:root_home)}/.my.cnf" + else + nil + end + end + def defaults_file + self.class.defaults_file + end + # retrieve the current set of mysql users def self.instances users = [] - cmd = "#{command(:mysql)} mysql -NBe 'select concat(user, \"@\", host), password from user'" + cmd = "#{command(:mysql)} #{defaults_file} mysql -NBe 'select concat(user, \"@\", host), password from user'" execpipe(cmd) do |process| process.each do |line| users << new( query_line_to_hash(line) ) @@ -31,13 +43,13 @@ Puppet::Type.type(:mysql_user).provide(:mysql, end def mysql_flush - mysqladmin "flush-privileges" + mysqladmin(defaults_file,"flush-privileges") end def query result = {} - cmd = "#{command(:mysql)} -NBe 'select concat(user, \"@\", host), password from user where concat(user, \"@\", host) = \"%s\"'" % @resource[:name] + cmd = "#{command(:mysql)} #{defaults_file} -NBe 'select concat(user, \"@\", host), password from user where concat(user, \"@\", host) = \"%s\"'" % @resource[:name] execpipe(cmd) do |process| process.each do |line| unless result.empty? @@ -51,17 +63,17 @@ Puppet::Type.type(:mysql_user).provide(:mysql, end def create - mysql "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.should(:password_hash) ] + mysql(defaults_file, "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.should(:password_hash) ]) mysql_flush end def destroy - mysql "mysql", "-e", "drop user '%s'" % @resource[:name].sub("@", "'@'") + mysql(defaults_file, "mysql", "-e", "drop user '%s'" % @resource[:name].sub("@", "'@'")) mysql_flush end def exists? - not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource[:name]).empty? + not mysql(defaults_file, "mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource[:name]).empty? end def password_hash @@ -69,7 +81,7 @@ Puppet::Type.type(:mysql_user).provide(:mysql, end def password_hash=(string) - mysql "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] + mysql(defaults_file, "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ]) mysql_flush end end -- cgit v1.2.3 From 0e8a73ecea0536b016e089d7772f0e5cbb50e1ae Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 20 May 2013 14:36:59 +0200 Subject: fix ordering --- lib/puppet/provider/mysql_database/mysql.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/provider/mysql_database/mysql.rb b/lib/puppet/provider/mysql_database/mysql.rb index dc1730d..69016ae 100644 --- a/lib/puppet/provider/mysql_database/mysql.rb +++ b/lib/puppet/provider/mysql_database/mysql.rb @@ -23,7 +23,7 @@ Puppet::Type.type(:mysql_database).provide(:mysql, def self.instances dbs = [] - cmd = "#{command(:mysql)} mysql #{defaults_file} -NBe 'show databases'" + cmd = "#{command(:mysql)} #{defaults_file} mysql -NBe 'show databases'" execpipe(cmd) do |process| process.each do |line| dbs << new( { :ensure => :present, :name => line.chomp } ) -- cgit v1.2.3 From 5665884209ae9364d262d5ae6596a289faf18531 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 4 Dec 2013 23:12:22 +0100 Subject: EL6.4 doesn't know about bdb --- files/config/my.cnf.CentOS | 2 -- 1 file changed, 2 deletions(-) diff --git a/files/config/my.cnf.CentOS b/files/config/my.cnf.CentOS index 1be434a..3e152b6 100644 --- a/files/config/my.cnf.CentOS +++ b/files/config/my.cnf.CentOS @@ -9,8 +9,6 @@ old_passwords=0 bind-address=127.0.0.1 -skip-bdb - # Query cache is used to cache SELECT results and later return them # without actual executing the same query once again. Having the query # cache enabled may result in significant speed improvements, if your -- cgit v1.2.3 From e9f030452523f96129c7aacdf77afbd84afa9fe4 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 4 Dec 2013 23:15:26 +0100 Subject: this is not really necessary --- manifests/server/base.pp | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 14f3c1b..c424c34 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -31,13 +31,6 @@ class mysql::server::base { owner => mysql, group => mysql, mode => '0755'; - 'mysql_ibdata1': - path => '/var/lib/mysql/data/ibdata1', - require => Package['mysql-server'], - before => File['mysql_setmysqlpass.sh'], - owner => mysql, - group => mysql, - mode => '0660'; 'mysql_setmysqlpass.sh': path => '/usr/local/sbin/setmysqlpass.sh', source => "puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh", @@ -80,7 +73,7 @@ class mysql::server::base { require => Package['mysql-server'], } - if $::mysql_exists == 'true' { + if str2bool($::mysql_exists) { include mysql::server::account_security # Collect all databases and users -- cgit v1.2.3 From bad8721b44b01e9656257a19ae334d46231d2c3d Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 4 Dec 2013 23:19:09 +0100 Subject: also chown the data dir --- files/scripts/CentOS/setmysqlpass.sh | 5 ++++- files/scripts/Debian/setmysqlpass.sh | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh index 01d8fbf..870494c 100644 --- a/files/scripts/CentOS/setmysqlpass.sh +++ b/files/scripts/CentOS/setmysqlpass.sh @@ -13,8 +13,11 @@ UPDATE mysql.user SET Password=PASSWORD('$rootpw') WHERE User='root' AND Host='l FLUSH PRIVILEGES; EOF killall mysqld +sleep 15 # chown to be on the safe side -chown mysql.mysql /var/lib/mysql/mysql-bin.* +ls -al /var/lib/mysql/mysql-bin.* &> /dev/null +[ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* +chown -R mysql.mysql /var/lib/mysql/data/ /sbin/service mysqld start diff --git a/files/scripts/Debian/setmysqlpass.sh b/files/scripts/Debian/setmysqlpass.sh index f7d5357..1ef4aaa 100644 --- a/files/scripts/Debian/setmysqlpass.sh +++ b/files/scripts/Debian/setmysqlpass.sh @@ -17,6 +17,7 @@ sleep 15 # chown to be on the safe side ls -al /var/lib/mysql/mysql-bin.* &> /dev/null [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* +chown -R mysql.mysql /var/lib/mysql/data/ /etc/init.d/mysql start -- cgit v1.2.3 From 808a83374cc96e93971c80fc08c503981f8e9bc5 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 4 Dec 2013 23:24:59 +0100 Subject: rename deprecated option --- files/config/my.cnf.CentOS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/config/my.cnf.CentOS b/files/config/my.cnf.CentOS index 3e152b6..7265fdd 100644 --- a/files/config/my.cnf.CentOS +++ b/files/config/my.cnf.CentOS @@ -25,7 +25,7 @@ query_cache_size = 64M # indexes well, if log_long_format is enabled. It is normally good idea # to have this turned on if you frequently add new queries to the # system. -log_slow_queries +slow_query_log # How many threads we should keep in a cache for reuse. When a client # disconnects, the client's threads are put in the cache if there aren't @@ -34,7 +34,7 @@ log_slow_queries # connections. (Normally this doesn't give a notable performance # improvement if you have a good thread implementation.) thread_cache_size = 4 - + # InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and # row data. The bigger you set this the less disk I/O is needed to # access data in tables. On a dedicated database server you may set this -- cgit v1.2.3 From eb03b7f647f7f17d86a9314150a31edf3f9880a4 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 4 Dec 2013 23:40:38 +0100 Subject: update to latest EL release --- files/config/my.cnf.CentOS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/files/config/my.cnf.CentOS b/files/config/my.cnf.CentOS index 7265fdd..1b6ee1a 100644 --- a/files/config/my.cnf.CentOS +++ b/files/config/my.cnf.CentOS @@ -9,6 +9,9 @@ old_passwords=0 bind-address=127.0.0.1 +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 + # Query cache is used to cache SELECT results and later return them # without actual executing the same query once again. Having the query # cache enabled may result in significant speed improvements, if your -- cgit v1.2.3 From 1caaa07190f05cf2e5a535de271f249321f9f8d2 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 5 Dec 2013 10:47:25 +0100 Subject: some reasonable defaults --- files/config/my.cnf.CentOS | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/files/config/my.cnf.CentOS b/files/config/my.cnf.CentOS index 1b6ee1a..58090f7 100644 --- a/files/config/my.cnf.CentOS +++ b/files/config/my.cnf.CentOS @@ -7,7 +7,11 @@ socket=/var/lib/mysql/mysql.sock # clients (those using the mysqlclient10 compatibility package). old_passwords=0 +character-set-server = utf8 +skip-name-resolve + bind-address=127.0.0.1 +max_allowed_packet = 10M # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 @@ -46,12 +50,27 @@ thread_cache_size = 4 # cause paging in the operating system. Note that on 32bit systems you # might be limited to 2-3.5G of user level memory per process, so do not # set it too high. +innodb_data_home_dir = /var/lib/mysql/data +innodb_data_file_path = ibdata1:10M:autoextend +innodb_log_group_home_dir = /var/lib/mysql/ innodb_buffer_pool_size = 50MB innodb_file_per_table query_cache_limit=5M +[mysql] +no-auto-rehash +# Remove the next comment character if you are not familiar with SQL +#safe-updates +default-character-set=utf8 + +[mysqlimport] +default-character-set=utf8 + +[mysqlshow] +default-character-set=utf8 + [mysql.server] user=mysql basedir=/usr @@ -59,3 +78,9 @@ basedir=/usr [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid + +[mysqldump] +quick +max_allowed_packet = 16M +default-character-set=utf8 + -- cgit v1.2.3 From 6d485b169360f5d113537f14e2dbbd83e56b2f9c Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 5 Dec 2013 10:49:54 +0100 Subject: better use this built in fact now --- manifests/server/base.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/server/base.pp b/manifests/server/base.pp index c424c34..da82e2f 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -8,10 +8,10 @@ class mysql::server::base { path => '/etc/mysql/my.cnf', source => [ "puppet:///modules/site_mysql/${::fqdn}/my.cnf", - "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.{lsbdistcodename}", + "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}", 'puppet:///modules/site_mysql/my.cnf', - "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.{lsbdistcodename}", + "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}", 'puppet:///modules/mysql/config/my.cnf' ], -- cgit v1.2.3 From c38546e15fe62e964c63b03222cc3c2824ee5c36 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 5 Dec 2013 20:14:04 +0100 Subject: introduce the /etc/mysql/conf.d/ directory for CentOS --- files/config/my.cnf.CentOS | 1 + manifests/server/centos.pp | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/files/config/my.cnf.CentOS b/files/config/my.cnf.CentOS index 58090f7..1abf15c 100644 --- a/files/config/my.cnf.CentOS +++ b/files/config/my.cnf.CentOS @@ -84,3 +84,4 @@ quick max_allowed_packet = 16M default-character-set=utf8 +!includedir /etc/mysql/conf.d/ diff --git a/manifests/server/centos.pp b/manifests/server/centos.pp index a55a57f..50678cf 100644 --- a/manifests/server/centos.pp +++ b/manifests/server/centos.pp @@ -6,4 +6,21 @@ class mysql::server::centos inherits mysql::server::clientpackage { File['mysql_main_cnf']{ path => '/etc/my.cnf', } + + file{ + '/etc/mysql': + ensure => directory, + owner => root, + group => 0, + mode => '0644'; + '/etc/mysql/conf.d': + ensure => directory, + recurse => true, + purge => true, + force => true, + owner => root, + group => 0, + mode => '0644', + notify => Service['mysql']; + } } -- cgit v1.2.3 From d459760890e27738c0d577f5c80defb679c4d243 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 5 Dec 2013 20:18:27 +0100 Subject: update README to document the stdlib dependency --- README | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README b/README index a454dbd..3b55e22 100644 --- a/README +++ b/README @@ -6,6 +6,8 @@ This module manages your mysql resources. Requirements ------------ +The puppetlabs-stdlib module is required for some functions used in this module. + If you are wanting munin integration, you will need the munin module installed. If you are wanting shorewall integration, you will need the shorewall module -- cgit v1.2.3 From 7bde4efe1e680d21dfa8ecd15e5e9a3c5eb41df2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 12 Jan 2014 14:19:26 +0100 Subject: improve optimize script --- files/scripts/optimize_tables.rb | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/files/scripts/optimize_tables.rb b/files/scripts/optimize_tables.rb index 46e223e..e1a71ef 100644 --- a/files/scripts/optimize_tables.rb +++ b/files/scripts/optimize_tables.rb @@ -3,10 +3,12 @@ # set home as we runit as weekly cron, where HOME is / ENV['HOME'] = '/root' tables = %x{mysql -Bse "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','mysql') AND Data_free > 0 AND ENGINE IN ('MyISAM','InnoDB','ARCHIVE')"} -tables.each { |table| - tableitems = table.chomp.split(/\t/) - system "mysql #{tableitems[0]} -Bse \"OPTIMIZE TABLE \\`#{tableitems[0]}\\`.\\`#{tableitems[1]}\\`\" | grep -q OK" - if $?.to_i > 0 then - puts "error while optimizing #{tableitems[0]}.#{tableitems[1]}" - end -} +tables.each do |table| + tableitems = table.chomp.split(/\t/) + output = %x{mysql #{tableitems[0]} -Bse "OPTIMIZE TABLE \\`#{tableitems[0]}\\`.\\`#{tableitems[1]}\\`" 2>&1} + unless output =~ /status\t+OK/ + puts "Error while optimizing #{tableitems[0]}.#{tableitems[1]}:" + puts output + puts + end +end -- cgit v1.2.3 From cae3a3cbe85d1dffcd7a7a964669d2b758561dc0 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 5 Feb 2014 22:34:17 +0100 Subject: fix #6638 - remove the unless check & improve script To workaround a limitation of the exec provider within puppet, we do the unless check no within the script itself and ensure that we use the password there. https://labs.riseup.net/code/issues/6638 --- files/scripts/CentOS/setmysqlpass.sh | 2 ++ files/scripts/Debian/setmysqlpass.sh | 2 ++ manifests/server/base.pp | 1 - 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh index 870494c..8b468e1 100644 --- a/files/scripts/CentOS/setmysqlpass.sh +++ b/files/scripts/CentOS/setmysqlpass.sh @@ -4,6 +4,8 @@ test -f /root/.my.cnf || exit 1 rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') +/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 + /sbin/service mysqld stop /usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin & diff --git a/files/scripts/Debian/setmysqlpass.sh b/files/scripts/Debian/setmysqlpass.sh index 1ef4aaa..ec2c971 100644 --- a/files/scripts/Debian/setmysqlpass.sh +++ b/files/scripts/Debian/setmysqlpass.sh @@ -4,6 +4,8 @@ test -f /root/.my.cnf || exit 1 rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') +/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 + /etc/init.d/mysql stop /usr/sbin/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql --log-bin=/var/lib/mysql/mysql-bin & diff --git a/manifests/server/base.pp b/manifests/server/base.pp index da82e2f..2d55605 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -50,7 +50,6 @@ class mysql::server::base { exec { 'mysql_set_rootpw': command => '/usr/local/sbin/setmysqlpass.sh', - unless => 'mysqladmin -uroot status > /dev/null', require => [ File['mysql_setmysqlpass.sh'], Service['mysql'] ], # this is for security so that we only change the password # if the password file itself has changed -- cgit v1.2.3 From c06abd681ce71893466b29390e1199c293cdd37e Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Feb 2014 14:50:17 +0100 Subject: add mysqltuner class --- manifests/server/tuner.pp | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 manifests/server/tuner.pp diff --git a/manifests/server/tuner.pp b/manifests/server/tuner.pp new file mode 100644 index 0000000..5aa6772 --- /dev/null +++ b/manifests/server/tuner.pp @@ -0,0 +1,6 @@ +# install mysqltuner package +class mysql::server::tuner { + package{'mysqltuner': + ensure => present, + } +} -- cgit v1.2.3 From 553831bf3440fb139b9e95616d9dc79728ec2669 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Jan 2015 01:50:39 +0100 Subject: on EL7 there is now mariadb --- manifests/client/base.pp | 10 ++++++++-- manifests/server/centos.pp | 13 +++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/manifests/client/base.pp b/manifests/client/base.pp index b09b90e..8106ded 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -1,7 +1,13 @@ # basic mysql client stuff class mysql::client::base { package { 'mysql': - ensure => present, - alias => 'mysql-client', + ensure => present, + alias => 'mysql-client', + } + if $::operatingsystem in ['RedHat', 'CentOS'] and + $::operatingsystemmajrelease > 6 { + Package[mysql]{ + name => 'mariadb' + } } } diff --git a/manifests/server/centos.pp b/manifests/server/centos.pp index 50678cf..5c0ab34 100644 --- a/manifests/server/centos.pp +++ b/manifests/server/centos.pp @@ -1,7 +1,16 @@ # centos specific things class mysql::server::centos inherits mysql::server::clientpackage { - Service['mysql']{ - name => 'mysqld', + if $::operatingsystemmajrelease > 6 { + Package['mysql-server']{ + name => 'mariadb-server', + } + Service['mysql']{ + name => 'mariadb', + } + } else { + Service['mysql']{ + name => 'mysqld', + } } File['mysql_main_cnf']{ path => '/etc/my.cnf', -- cgit v1.2.3 From 6be4faa81f4db5b918a2c59a50de00da564b2e3c Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Jan 2015 02:04:55 +0100 Subject: =?UTF-8?q?There=20is=20no=20need=20to=20call=20=E2=80=9Csuper?= =?UTF-8?q?=E2=80=9D=20here.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch avoid the following error: Validate method failed for class sleep: implicit argument passing of super from method defined by define_method() is not supported. Specify all arguments explicitly. See https://git.openstack.org/cgit/stackforge/puppet-vswitch/commit/?id=25afbfe58867fb39266a8862cfd6a3f8f38a9564 --- lib/puppet/type/mysql_user.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb index 0b7e9af..7d41890 100644 --- a/lib/puppet/type/mysql_user.rb +++ b/lib/puppet/type/mysql_user.rb @@ -12,8 +12,6 @@ Puppet::Type.newtype(:mysql_user) do if value.split('@').first.size > 16 raise ArgumentError, "MySQL usernames are limited to a maximum of 16 characters" - else - super end end end -- cgit v1.2.3 From 02c8f3342ec9de4a822e68f3f494f7c108bff574 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Jan 2015 02:18:15 +0100 Subject: introduce new mariadb based config for EL7 --- files/config/my.cnf.CentOS | 45 ++++++----------------- files/config/my.cnf.CentOS.5 | 87 ++++++++++++++++++++++++++++++++++++++++++++ files/config/my.cnf.CentOS.6 | 87 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+), 33 deletions(-) create mode 100644 files/config/my.cnf.CentOS.5 create mode 100644 files/config/my.cnf.CentOS.6 diff --git a/files/config/my.cnf.CentOS b/files/config/my.cnf.CentOS index 1abf15c..c15d2b8 100644 --- a/files/config/my.cnf.CentOS +++ b/files/config/my.cnf.CentOS @@ -3,19 +3,16 @@ datadir=/var/lib/mysql/data log-bin=/var/lib/mysql/mysql-bin expire_logs_days=5 socket=/var/lib/mysql/mysql.sock -# Default to using old password format for compatibility with mysql 3.x -# clients (those using the mysqlclient10 compatibility package). -old_passwords=0 - -character-set-server = utf8 -skip-name-resolve +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 +# Settings user and group are ignored when systemd is used. +# If you need to run mysqld under a different user or group, +# customize your systemd unit file for mariadb according to the +# instructions in http://fedoraproject.org/wiki/Systemd bind-address=127.0.0.1 max_allowed_packet = 10M -# Disabling symbolic-links is recommended to prevent assorted security risks -symbolic-links=0 - # Query cache is used to cache SELECT results and later return them # without actual executing the same query once again. Having the query # cache enabled may result in significant speed improvements, if your @@ -59,29 +56,11 @@ innodb_file_per_table query_cache_limit=5M -[mysql] -no-auto-rehash -# Remove the next comment character if you are not familiar with SQL -#safe-updates -default-character-set=utf8 - -[mysqlimport] -default-character-set=utf8 - -[mysqlshow] -default-character-set=utf8 - -[mysql.server] -user=mysql -basedir=/usr - [mysqld_safe] -log-error=/var/log/mysqld.log -pid-file=/var/run/mysqld/mysqld.pid - -[mysqldump] -quick -max_allowed_packet = 16M -default-character-set=utf8 +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid -!includedir /etc/mysql/conf.d/ +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/files/config/my.cnf.CentOS.5 b/files/config/my.cnf.CentOS.5 new file mode 100644 index 0000000..1abf15c --- /dev/null +++ b/files/config/my.cnf.CentOS.5 @@ -0,0 +1,87 @@ +[mysqld] +datadir=/var/lib/mysql/data +log-bin=/var/lib/mysql/mysql-bin +expire_logs_days=5 +socket=/var/lib/mysql/mysql.sock +# Default to using old password format for compatibility with mysql 3.x +# clients (those using the mysqlclient10 compatibility package). +old_passwords=0 + +character-set-server = utf8 +skip-name-resolve + +bind-address=127.0.0.1 +max_allowed_packet = 10M + +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 + +# Query cache is used to cache SELECT results and later return them +# without actual executing the same query once again. Having the query +# cache enabled may result in significant speed improvements, if your +# have a lot of identical queries and rarely changing tables. See the +# "Qcache_lowmem_prunes" status variable to check if the current value +# is high enough for your load. +# Note: In case your tables change very often or if your queries are +# textually different every time, the query cache may result in a +# slowdown instead of a performance improvement. +query_cache_size = 64M + +# Log slow queries. Slow queries are queries which take more than the +# amount of time defined in "long_query_time" or which do not use +# indexes well, if log_long_format is enabled. It is normally good idea +# to have this turned on if you frequently add new queries to the +# system. +slow_query_log + +# How many threads we should keep in a cache for reuse. When a client +# disconnects, the client's threads are put in the cache if there aren't +# more than thread_cache_size threads from before. This greatly reduces +# the amount of thread creations needed if you have a lot of new +# connections. (Normally this doesn't give a notable performance +# improvement if you have a good thread implementation.) +thread_cache_size = 4 + +# InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and +# row data. The bigger you set this the less disk I/O is needed to +# access data in tables. On a dedicated database server you may set this +# parameter up to 80% of the machine physical memory size. Do not set it +# too large, though, because competition of the physical memory may +# cause paging in the operating system. Note that on 32bit systems you +# might be limited to 2-3.5G of user level memory per process, so do not +# set it too high. +innodb_data_home_dir = /var/lib/mysql/data +innodb_data_file_path = ibdata1:10M:autoextend +innodb_log_group_home_dir = /var/lib/mysql/ +innodb_buffer_pool_size = 50MB + +innodb_file_per_table + +query_cache_limit=5M + +[mysql] +no-auto-rehash +# Remove the next comment character if you are not familiar with SQL +#safe-updates +default-character-set=utf8 + +[mysqlimport] +default-character-set=utf8 + +[mysqlshow] +default-character-set=utf8 + +[mysql.server] +user=mysql +basedir=/usr + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +[mysqldump] +quick +max_allowed_packet = 16M +default-character-set=utf8 + +!includedir /etc/mysql/conf.d/ diff --git a/files/config/my.cnf.CentOS.6 b/files/config/my.cnf.CentOS.6 new file mode 100644 index 0000000..1abf15c --- /dev/null +++ b/files/config/my.cnf.CentOS.6 @@ -0,0 +1,87 @@ +[mysqld] +datadir=/var/lib/mysql/data +log-bin=/var/lib/mysql/mysql-bin +expire_logs_days=5 +socket=/var/lib/mysql/mysql.sock +# Default to using old password format for compatibility with mysql 3.x +# clients (those using the mysqlclient10 compatibility package). +old_passwords=0 + +character-set-server = utf8 +skip-name-resolve + +bind-address=127.0.0.1 +max_allowed_packet = 10M + +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 + +# Query cache is used to cache SELECT results and later return them +# without actual executing the same query once again. Having the query +# cache enabled may result in significant speed improvements, if your +# have a lot of identical queries and rarely changing tables. See the +# "Qcache_lowmem_prunes" status variable to check if the current value +# is high enough for your load. +# Note: In case your tables change very often or if your queries are +# textually different every time, the query cache may result in a +# slowdown instead of a performance improvement. +query_cache_size = 64M + +# Log slow queries. Slow queries are queries which take more than the +# amount of time defined in "long_query_time" or which do not use +# indexes well, if log_long_format is enabled. It is normally good idea +# to have this turned on if you frequently add new queries to the +# system. +slow_query_log + +# How many threads we should keep in a cache for reuse. When a client +# disconnects, the client's threads are put in the cache if there aren't +# more than thread_cache_size threads from before. This greatly reduces +# the amount of thread creations needed if you have a lot of new +# connections. (Normally this doesn't give a notable performance +# improvement if you have a good thread implementation.) +thread_cache_size = 4 + +# InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and +# row data. The bigger you set this the less disk I/O is needed to +# access data in tables. On a dedicated database server you may set this +# parameter up to 80% of the machine physical memory size. Do not set it +# too large, though, because competition of the physical memory may +# cause paging in the operating system. Note that on 32bit systems you +# might be limited to 2-3.5G of user level memory per process, so do not +# set it too high. +innodb_data_home_dir = /var/lib/mysql/data +innodb_data_file_path = ibdata1:10M:autoextend +innodb_log_group_home_dir = /var/lib/mysql/ +innodb_buffer_pool_size = 50MB + +innodb_file_per_table + +query_cache_limit=5M + +[mysql] +no-auto-rehash +# Remove the next comment character if you are not familiar with SQL +#safe-updates +default-character-set=utf8 + +[mysqlimport] +default-character-set=utf8 + +[mysqlshow] +default-character-set=utf8 + +[mysql.server] +user=mysql +basedir=/usr + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +[mysqldump] +quick +max_allowed_packet = 16M +default-character-set=utf8 + +!includedir /etc/mysql/conf.d/ -- cgit v1.2.3 From 3820ed70a0bdc35096457303a629520434d52603 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Jan 2015 11:42:33 +0100 Subject: this should be variables --- manifests/server/base.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 2d55605..1ed75f2 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -8,10 +8,10 @@ class mysql::server::base { path => '/etc/mysql/my.cnf', source => [ "puppet:///modules/site_mysql/${::fqdn}/my.cnf", - "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", + "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.${::operatingsystemmajrelease}", "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}", 'puppet:///modules/site_mysql/my.cnf', - "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", + "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.${::operatingsystemmajrelease}", "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}", 'puppet:///modules/mysql/config/my.cnf' ], -- cgit v1.2.3 From fd71b9473fcb4c4e9f839bd9e579e899d424b71f Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Jan 2015 23:29:41 +0100 Subject: split on new line, which fixes an issue if no table is found --- files/scripts/optimize_tables.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/scripts/optimize_tables.rb b/files/scripts/optimize_tables.rb index e1a71ef..1b76704 100644 --- a/files/scripts/optimize_tables.rb +++ b/files/scripts/optimize_tables.rb @@ -3,7 +3,7 @@ # set home as we runit as weekly cron, where HOME is / ENV['HOME'] = '/root' tables = %x{mysql -Bse "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','mysql') AND Data_free > 0 AND ENGINE IN ('MyISAM','InnoDB','ARCHIVE')"} -tables.each do |table| +tables.split("\n").each do |table| tableitems = table.chomp.split(/\t/) output = %x{mysql #{tableitems[0]} -Bse "OPTIMIZE TABLE \\`#{tableitems[0]}\\`.\\`#{tableitems[1]}\\`" 2>&1} unless output =~ /status\t+OK/ -- cgit v1.2.3 From e1649647f326abeb256a73e4cb1060840f846f24 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 24 Jan 2015 18:05:08 +0100 Subject: fix issues for EL7 + simplify account security * EL7 uses mariadb & systemd -> adjust setpasswd script to that * move the security ensurance to the setpassword script, as it's easier to ensure that there --- files/scripts/CentOS/setmysqlpass.sh | 10 +++++----- files/scripts/CentOS/setmysqlpass.sh.5 | 26 ++++++++++++++++++++++++++ files/scripts/CentOS/setmysqlpass.sh.6 | 26 ++++++++++++++++++++++++++ files/scripts/Debian/setmysqlpass.sh | 1 + manifests/server/account_security.pp | 8 -------- manifests/server/base.pp | 15 ++++++--------- 6 files changed, 64 insertions(+), 22 deletions(-) create mode 100644 files/scripts/CentOS/setmysqlpass.sh.5 create mode 100644 files/scripts/CentOS/setmysqlpass.sh.6 delete mode 100644 manifests/server/account_security.pp diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh index 8b468e1..b84aa7a 100644 --- a/files/scripts/CentOS/setmysqlpass.sh +++ b/files/scripts/CentOS/setmysqlpass.sh @@ -6,20 +6,20 @@ rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') /usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 -/sbin/service mysqld stop +/usr/bin/systemctl stop mariadb -/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin & +/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin --pid-file=/var/run/mariadb/mariadb.pid & sleep 5 mysql -u root mysql < /dev/null [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* chown -R mysql.mysql /var/lib/mysql/data/ -/sbin/service mysqld start - +/usr/bin/systemctl start mariadb diff --git a/files/scripts/CentOS/setmysqlpass.sh.5 b/files/scripts/CentOS/setmysqlpass.sh.5 new file mode 100644 index 0000000..abd0931 --- /dev/null +++ b/files/scripts/CentOS/setmysqlpass.sh.5 @@ -0,0 +1,26 @@ +#!/bin/sh + +test -f /root/.my.cnf || exit 1 + +rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') + +/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 + +/sbin/service mysqld stop + +/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin & +sleep 5 +mysql -u root mysql < /dev/null +[ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* +chown -R mysql.mysql /var/lib/mysql/data/ + +/sbin/service mysqld start + diff --git a/files/scripts/CentOS/setmysqlpass.sh.6 b/files/scripts/CentOS/setmysqlpass.sh.6 new file mode 100644 index 0000000..abd0931 --- /dev/null +++ b/files/scripts/CentOS/setmysqlpass.sh.6 @@ -0,0 +1,26 @@ +#!/bin/sh + +test -f /root/.my.cnf || exit 1 + +rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') + +/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 + +/sbin/service mysqld stop + +/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin & +sleep 5 +mysql -u root mysql < /dev/null +[ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* +chown -R mysql.mysql /var/lib/mysql/data/ + +/sbin/service mysqld start + diff --git a/files/scripts/Debian/setmysqlpass.sh b/files/scripts/Debian/setmysqlpass.sh index ec2c971..3a3e336 100644 --- a/files/scripts/Debian/setmysqlpass.sh +++ b/files/scripts/Debian/setmysqlpass.sh @@ -12,6 +12,7 @@ rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') sleep 5 mysql -u root mysql < 'absent', - require => Exec['mysql_set_rootpw'], - } -} diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 1ed75f2..0863950 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -33,7 +33,8 @@ class mysql::server::base { mode => '0755'; 'mysql_setmysqlpass.sh': path => '/usr/local/sbin/setmysqlpass.sh', - source => "puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh", + source => ["puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh.${::operatingsystemmajrelease}", + "puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh", ], require => Package['mysql-server'], owner => root, group => 0, @@ -72,12 +73,8 @@ class mysql::server::base { require => Package['mysql-server'], } - if str2bool($::mysql_exists) { - include mysql::server::account_security - - # Collect all databases and users - Mysql_database<<| tag == "mysql_${::fqdn}" |>> - Mysql_user<<| tag == "mysql_${::fqdn}" |>> - Mysql_grant<<| tag == "mysql_${::fqdn}" |>> - } + # Collect all databases and users + Mysql_database<<| tag == "mysql_${::fqdn}" |>> + Mysql_user<<| tag == "mysql_${::fqdn}" |>> + Mysql_grant<<| tag == "mysql_${::fqdn}" |>> } -- cgit v1.2.3 From 0ce33a632f30f8845359e2fc146789013dcd4984 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Jan 2015 13:48:52 +0100 Subject: we only need to ensure grants if the user is present --- manifests/admin_user.pp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/manifests/admin_user.pp b/manifests/admin_user.pp index 66e0cc1..78085bc 100644 --- a/manifests/admin_user.pp +++ b/manifests/admin_user.pp @@ -14,8 +14,10 @@ define mysql::admin_user( password_hash => $password_hash, require => Exec['mysql_set_rootpw'], } - mysql_grant{"${name}@${host}": - privileges => 'all', - require => Mysql_user["${name}@${host}"], + if $ensure == 'present' { + mysql_grant{"${name}@${host}": + privileges => 'all', + require => Mysql_user["${name}@${host}"], + } } } -- cgit v1.2.3