From 50b6789a3ad88366566c4d8e46567c26091a535f Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Oct 2010 11:12:14 -0400 Subject: add the mysql munin graphs: . mysql_connections . mysql_qcache . mysql_qcache_mem . mysql_size_all --- manifests/server/munin/debian.pp | 4 ++-- manifests/server/munin/default.pp | 25 +++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/manifests/server/munin/debian.pp b/manifests/server/munin/debian.pp index 2b2acb4..99e2b02 100644 --- a/manifests/server/munin/debian.pp +++ b/manifests/server/munin/debian.pp @@ -1,8 +1,8 @@ # manifests/server/munin/debian.pp -class mysql::server::munin::debian { +class mysql::server::munin::debian inherits mysql::server::munin::base { munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads]: + [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_bytes, mysql_queries, mysql_slow_queries, mysql_threads]: config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", require => Package['mysql'], } diff --git a/manifests/server/munin/default.pp b/manifests/server/munin/default.pp index b60ff0d..c7dcb8f 100644 --- a/manifests/server/munin/default.pp +++ b/manifests/server/munin/default.pp @@ -1,6 +1,27 @@ # manifests/server/munin/default.pp -class mysql::server::munin::default { +class mysql::server::munin::base { + + file { + "/usr/local/share/munin-plugins/mysql_connections": + source => "$fileserver/munin/mysql_connections", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_qcache": + source => "$fileserver/munin/mysql_qcache", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_qcache_mem": + source => "$fileserver/munin/mysql_qcache_mem", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_size_all": + source => "$fileserver/munin/mysql_size_all", + mode => 0755, owner => root, group => root; + } +} + +class mysql::server::munin::default inherits mysql::server::munin::base { case $munin_mysql_password { '': { fail("please specify \$munin_mysql_password to enable mysql munin plugin")} } @@ -16,7 +37,7 @@ class mysql::server::munin::default { } munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads]: + [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_bytes, mysql_queries, mysql_slow_queries, mysql_threads]: config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ] } -- cgit v1.2.3 From b1ef87fbdacc19fe8f1c56b520e1f870661f688c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Oct 2010 11:27:59 -0400 Subject: fix incorrect munin graph names --- manifests/server/munin/debian.pp | 2 +- manifests/server/munin/default.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/server/munin/debian.pp b/manifests/server/munin/debian.pp index 99e2b02..d657674 100644 --- a/manifests/server/munin/debian.pp +++ b/manifests/server/munin/debian.pp @@ -2,7 +2,7 @@ class mysql::server::munin::debian inherits mysql::server::munin::base { munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_bytes, mysql_queries, mysql_slow_queries, mysql_threads]: + [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all]: config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", require => Package['mysql'], } diff --git a/manifests/server/munin/default.pp b/manifests/server/munin/default.pp index c7dcb8f..3b3d361 100644 --- a/manifests/server/munin/default.pp +++ b/manifests/server/munin/default.pp @@ -37,7 +37,7 @@ class mysql::server::munin::default inherits mysql::server::munin::base { } munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_bytes, mysql_queries, mysql_slow_queries, mysql_threads]: + [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all]: config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ] } -- cgit v1.2.3 From 9871e9319c123e2edead294c1645b2baca2fc8a6 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Oct 2010 11:28:17 -0400 Subject: move the mysql::server::munin::base class to its own file --- manifests/server/munin/base.pp | 20 ++++++++++++++++++++ manifests/server/munin/default.pp | 21 --------------------- 2 files changed, 20 insertions(+), 21 deletions(-) create mode 100644 manifests/server/munin/base.pp diff --git a/manifests/server/munin/base.pp b/manifests/server/munin/base.pp new file mode 100644 index 0000000..a5331c5 --- /dev/null +++ b/manifests/server/munin/base.pp @@ -0,0 +1,20 @@ +class mysql::server::munin::base { + + file { + "/usr/local/share/munin-plugins/mysql_connections": + source => "$fileserver/munin/mysql_connections", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_qcache": + source => "$fileserver/munin/mysql_qcache", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_qcache_mem": + source => "$fileserver/munin/mysql_qcache_mem", + mode => 0755, owner => root, group => root; + + "/usr/local/share/munin-plugins/mysql_size_all": + source => "$fileserver/munin/mysql_size_all", + mode => 0755, owner => root, group => root; + } +} diff --git a/manifests/server/munin/default.pp b/manifests/server/munin/default.pp index 3b3d361..bd68e42 100644 --- a/manifests/server/munin/default.pp +++ b/manifests/server/munin/default.pp @@ -1,26 +1,5 @@ # manifests/server/munin/default.pp -class mysql::server::munin::base { - - file { - "/usr/local/share/munin-plugins/mysql_connections": - source => "$fileserver/munin/mysql_connections", - mode => 0755, owner => root, group => root; - - "/usr/local/share/munin-plugins/mysql_qcache": - source => "$fileserver/munin/mysql_qcache", - mode => 0755, owner => root, group => root; - - "/usr/local/share/munin-plugins/mysql_qcache_mem": - source => "$fileserver/munin/mysql_qcache_mem", - mode => 0755, owner => root, group => root; - - "/usr/local/share/munin-plugins/mysql_size_all": - source => "$fileserver/munin/mysql_size_all", - mode => 0755, owner => root, group => root; - } -} - class mysql::server::munin::default inherits mysql::server::munin::base { case $munin_mysql_password { '': { fail("please specify \$munin_mysql_password to enable mysql munin plugin")} -- cgit v1.2.3 From 78fa3e62cfd29756886940bf245b92ecfc2a4359 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Oct 2010 13:05:40 -0400 Subject: fix munin script path --- manifests/server/munin/base.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/manifests/server/munin/base.pp b/manifests/server/munin/base.pp index a5331c5..50aa084 100644 --- a/manifests/server/munin/base.pp +++ b/manifests/server/munin/base.pp @@ -3,18 +3,22 @@ class mysql::server::munin::base { file { "/usr/local/share/munin-plugins/mysql_connections": source => "$fileserver/munin/mysql_connections", - mode => 0755, owner => root, group => root; + mode => 0755, owner => root, group => root, + script_path_in => "/usr/local/share/munin-plugins"; "/usr/local/share/munin-plugins/mysql_qcache": source => "$fileserver/munin/mysql_qcache", - mode => 0755, owner => root, group => root; + mode => 0755, owner => root, group => root, + script_path_in => "/usr/local/share/munin-plugins"; "/usr/local/share/munin-plugins/mysql_qcache_mem": source => "$fileserver/munin/mysql_qcache_mem", - mode => 0755, owner => root, group => root; + mode => 0755, owner => root, group => root, + script_path_in => "/usr/local/share/munin-plugins"; "/usr/local/share/munin-plugins/mysql_size_all": source => "$fileserver/munin/mysql_size_all", - mode => 0755, owner => root, group => root; + mode => 0755, owner => root, group => root, + script_path_in => "/usr/local/share/munin-plugins"; } } -- cgit v1.2.3 From f43c0c883a3b182dfdb5ddfe17a31380859c4bbe Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Oct 2010 17:37:36 -0400 Subject: fix script_path_in parameter --- manifests/server/munin/base.pp | 12 ++++-------- manifests/server/munin/debian.pp | 15 ++++++++++----- manifests/server/munin/default.pp | 11 ++++++++--- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/manifests/server/munin/base.pp b/manifests/server/munin/base.pp index 50aa084..a5331c5 100644 --- a/manifests/server/munin/base.pp +++ b/manifests/server/munin/base.pp @@ -3,22 +3,18 @@ class mysql::server::munin::base { file { "/usr/local/share/munin-plugins/mysql_connections": source => "$fileserver/munin/mysql_connections", - mode => 0755, owner => root, group => root, - script_path_in => "/usr/local/share/munin-plugins"; + mode => 0755, owner => root, group => root; "/usr/local/share/munin-plugins/mysql_qcache": source => "$fileserver/munin/mysql_qcache", - mode => 0755, owner => root, group => root, - script_path_in => "/usr/local/share/munin-plugins"; + mode => 0755, owner => root, group => root; "/usr/local/share/munin-plugins/mysql_qcache_mem": source => "$fileserver/munin/mysql_qcache_mem", - mode => 0755, owner => root, group => root, - script_path_in => "/usr/local/share/munin-plugins"; + mode => 0755, owner => root, group => root; "/usr/local/share/munin-plugins/mysql_size_all": source => "$fileserver/munin/mysql_size_all", - mode => 0755, owner => root, group => root, - script_path_in => "/usr/local/share/munin-plugins"; + mode => 0755, owner => root, group => root; } } diff --git a/manifests/server/munin/debian.pp b/manifests/server/munin/debian.pp index d657674..b746f87 100644 --- a/manifests/server/munin/debian.pp +++ b/manifests/server/munin/debian.pp @@ -1,9 +1,14 @@ # manifests/server/munin/debian.pp class mysql::server::munin::debian inherits mysql::server::munin::base { - munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all]: - config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", - require => Package['mysql'], - } + munin::plugin { + [ mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads ]: + config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", + require => Package['mysql']; + + [ mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all ]: + config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", + script_path_in => "/usr/local/share/munin-plugins"; + require => Package['mysql']; + } } diff --git a/manifests/server/munin/default.pp b/manifests/server/munin/default.pp index bd68e42..2660ea0 100644 --- a/manifests/server/munin/default.pp +++ b/manifests/server/munin/default.pp @@ -16,8 +16,13 @@ class mysql::server::munin::default inherits mysql::server::munin::base { } munin::plugin { - [mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads, mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all]: - config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", - require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ] + [ mysql_bytes, mysql_queries, mysql_slowqueries, mysql_threads ]: + config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", + require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ]; + + [ mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all ]: + script_path_in => "/usr/local/share/munin-plugins", + config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", + require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ]; } } -- cgit v1.2.3 From 8067a1042bc47337849dd1e8b542ee887e02e6b3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Oct 2010 17:39:40 -0400 Subject: fixed stray semicolon --- manifests/server/munin/debian.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/server/munin/debian.pp b/manifests/server/munin/debian.pp index b746f87..d1636d5 100644 --- a/manifests/server/munin/debian.pp +++ b/manifests/server/munin/debian.pp @@ -8,7 +8,7 @@ class mysql::server::munin::debian inherits mysql::server::munin::base { [ mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all ]: config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", - script_path_in => "/usr/local/share/munin-plugins"; + script_path_in => "/usr/local/share/munin-plugins", require => Package['mysql']; } } -- cgit v1.2.3 From b48f864b30eda104c8ec33b33bad8526dd46187c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 29 Oct 2010 15:05:16 -0400 Subject: fully qualify the path to mysqladmin, without it, you will get this error: Parameter unless failed: 'mysqladmin -uroot status > /dev/null' is both unqualifed and specified no search path at /etc/puppet/modules/mysql/manifests/server/base.pp:62 unless you have set globally: Exec { path => "/usr/bin:/usr/sbin/:/bin:/sbin:/usr/local/bin:/usr/local/sbin" } --- manifests/server/base.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/server/base.pp b/manifests/server/base.pp index bdc81b1..7ddff38 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -56,7 +56,7 @@ class mysql::server::base { exec { 'mysql_set_rootpw': command => "/usr/local/sbin/setmysqlpass.sh ${mysql_rootpw}", - unless => "mysqladmin -uroot status > /dev/null", + unless => "/usr/bin/mysqladmin -uroot status > /dev/null", require => [ File['mysql_setmysqlpass.sh'], Package['mysql-server'] ], refreshonly => true, } -- cgit v1.2.3 From 9583889456e889763d27eed9d88582af6df7dd2e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 1 Nov 2010 19:43:23 -0400 Subject: add mysql munin graphs and adjust the file distribution to match the right location of where they are --- files/munin/mysql_connections | 125 ++++++++++++++++++++++++++++ files/munin/mysql_qcache | 123 ++++++++++++++++++++++++++++ files/munin/mysql_qcache_mem | 129 +++++++++++++++++++++++++++++ files/munin/mysql_size_all | 179 +++++++++++++++++++++++++++++++++++++++++ manifests/server/munin/base.pp | 8 +- 5 files changed, 560 insertions(+), 4 deletions(-) create mode 100644 files/munin/mysql_connections create mode 100644 files/munin/mysql_qcache create mode 100644 files/munin/mysql_qcache_mem create mode 100644 files/munin/mysql_size_all diff --git a/files/munin/mysql_connections b/files/munin/mysql_connections new file mode 100644 index 0000000..658b401 --- /dev/null +++ b/files/munin/mysql_connections @@ -0,0 +1,125 @@ +#!/usr/bin/perl +# +# This plugin is based off of the Connection Usage +# section of the MySQL Connection Health Page +# +# http://dev.mysql.com/doc/administrator/en/mysql-administrator-health-connection-health.html +# +# To enable, link mysql_connections to this file. E.g. +# +# ln -s /usr/share/node/node/plugins/mysql_connections /etc/munin/plugins/mysql_connections +# +# Revision 1.0 2007/08/03 +# Created by Justin Shepherd +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# warning - Override default warning limit +# critical - Override default critical limit +# +#%# family=auto +#%# capabilities=autoconf + +use strict; + +# Define the mysqladmin paths, and commands +my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; +my $TEST_COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; +my $MYSQL_VARIABLES = "$MYSQLADMIN $ENV{mysqlopts} extended-status variables"; +my $warning = $ENV{warning} || "80"; +my $critical = $ENV{critical} || "90"; + +# Pull in any arguments +my $arg = shift(); + +# Check to see how the script was called +if ($arg eq 'config') { + print_graph_information(); + exit(); +} elsif ($arg eq 'autoconf') { + if (test_service()) { print "yes\n"; } + else { print "no\n"; } + exit; +} else { + # Define the values that are returned to munin + my ($available, $current, $upper_limit) = (0,0,0); + + # Gather the values from mysqladmin + $current = poll_variables($MYSQL_VARIABLES,"Threads_connected"); + $upper_limit = poll_variables($MYSQL_VARIABLES,"max_connections"); + $available = $upper_limit - $current; + + # Return the values to Munin + print "current.value $current\n"; + print "available.value $available\n"; +} + + +sub poll_variables { + my $command = shift; + my $expression = shift; + my $ret = 0; + open(SERVICE, "$command |") + or die("Coult not execute '$command': $!"); + while () { + my ($field, $value) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + next unless ($field); + if ($field eq $expression ) { + $ret = "$value"; + } + } + close(SERVICE); + return $ret; +} + + +sub print_graph_information { +print </dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$TEST_COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} diff --git a/files/munin/mysql_qcache b/files/munin/mysql_qcache new file mode 100644 index 0000000..b074436 --- /dev/null +++ b/files/munin/mysql_qcache @@ -0,0 +1,123 @@ +#!/usr/bin/perl +# +# Copyright (C) 2006 - Rodolphe Quiedeville +# Copyright (C) 2003-2004 - Andreas Buer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 dated June, +# 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Log$ +# Revision 1.0 2006/04/26 16:04:01 rodo +# Created by Rodolphe Quiedeville +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# +#%# family=auto +#%# capabilities=autoconf + +use strict; + +my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; +my $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; + +my %WANTED = ( "Qcache_queries_in_cache" => "queries"); + +my %WANTEDTYPE = ( "Qcache_queries_in_cache" => "GAUGE"); + +my $arg = shift(); + +if ($arg eq 'config') { + print_config(); + exit(); +} elsif ($arg eq 'autoconf') { + unless (test_service() ) { + print "yes\n"; + } else { + print "no\n"; + } + exit; +} + + +open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + +while () { + my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + next unless ($k); + if (exists $WANTED{$k} ) { + print("$WANTED{$k}.value $v\n"); + } +} + +close(SERVICE); + + +sub print_config { + + my $num = 0; + + print('graph_title MySQL Queries in cache +graph_args --base 1000 +graph_vlabel queries +graph_category mysql +graph_info Plugin available at http://rodolphe.quiedeville.org/hack/munin/ +'); + + for my $key (keys %WANTED) { + my $title = $WANTED{$key}; + print("$title.label ${title}\n", + "$title.min 0\n", + "$title.type ".$WANTEDTYPE{$key}."\n", + "$title.max 500000\n", + "$title.draw ", ($num) ? "STACK" : "AREA" , "\n", + ); + $num++; + } + +} + + +sub test_service { + + my $return = 1; + + system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} diff --git a/files/munin/mysql_qcache_mem b/files/munin/mysql_qcache_mem new file mode 100644 index 0000000..0fe06c3 --- /dev/null +++ b/files/munin/mysql_qcache_mem @@ -0,0 +1,129 @@ +#!/usr/bin/perl +# +# Copyright (C) 2006 - Rodolphe Quiedeville +# Copyright (C) 2003-2004 - Andreas Buer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 dated June, +# 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Log$ +# Revision 1.0 2006/04/28 09:04:01 rodo +# Add lower limit fixed to 0 +# +# Revision 1.0 2006/04/26 16:04:01 rodo +# Created by Rodolphe Quiedeville +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# +#%# family=auto +#%# capabilities=autoconf + +use strict; + +my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; +my $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; +my $COMMANDSIZE = "$MYSQLADMIN $ENV{mysqlopts} variables"; + +my %WANTED = ( "Qcache_free_memory" => "free" ); + +my $arg = shift(); + +if ($arg eq 'config') { + print_config(); + exit(); +} elsif ($arg eq 'autoconf') { + unless (test_service() ) { + print "yes\n"; + } else { + print "no\n"; + } + exit; +} + +my ($free, $used) = (0,0); + +open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + +while () { + my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + next unless ($k); + if (exists $WANTED{$k} ) { + $free = $v; + print("$WANTED{$k}.value $v\n"); + } +} +close(SERVICE); + +open(SERVICE, "$COMMANDSIZE |") + or die("Coult not execute '$COMMANDSIZE': $!"); + +while () { + my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); + + next unless ($k); + if ($k eq "query_cache_size" ) { + print("used.value ",($v-$free),"\n"); + } +} +close(SERVICE); + +sub print_config { + + print('graph_title MySQL Queries Cache Size +graph_args --base 1024 -l 0 +graph_vlabel bytes +graph_category mysql +graph_order used free +graph_total Total +graph_info Plugin available at http://rodolphe.quiedeville.org/hack/munin/ +used.label Used +used.draw AREA +free.label Free +free.draw STACK +'); +} + +sub test_service { + + my $return = 1; + + system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} diff --git a/files/munin/mysql_size_all b/files/munin/mysql_size_all new file mode 100644 index 0000000..f5954ad --- /dev/null +++ b/files/munin/mysql_size_all @@ -0,0 +1,179 @@ +#!/usr/bin/perl +# +# Copyright (C) 2007 - Rodolphe Quiedeville +# Copyright (C) 2003-2004 - Andreas Buer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 dated June, +# 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Log$ +# Revision 1.1 2007/01/17 10:41:01 rodo +# Change incorrect family +# +# Revision 1.0 2007/01/16 15:57:01 rodo +# Created by Rodolphe Quiedeville +# +# Parameters: +# +# config +# autoconf +# +# Configuration variables +# +# mysqlopts - Options to pass to mysql +# mysqladmin - Override location of mysqladmin +# +#%# family=manual +#%# capabilities=autoconf + +use strict; + +# unless ($0 =~ /mysql_size(?:_([^_]+)|)_(.+)\s*$/) +# { +# die "Could not parse name $0.\n"; +# } +# my $db = $2; + +my $COMMAND; +my $MYSQLADMIN = $ENV{mysqladmin} || "mysql"; + +my %WANTED = ( "Index" => "index", + "Datas" => "datas", + ); + +my $arg = shift(); + +if ($arg eq 'config') { + print_config(); + exit(); +} elsif ($arg eq 'autoconf') { + unless (test_service() ) { + print "yes\n"; + } else { + print "no\n"; + } + exit; +} + +sub getDBList; +foreach my $db (getDBList()) { + + my $datas = 0; + my $indexes = 0; + my (@infos,$info,$i_data,$i_index); + + $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} $db -e 'show table status;' | head -n 1"; + + open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + + while () { + (@infos) = split; + } + close(SERVICE); + + my $i = 0; + foreach $info (@infos) { + $i++; + if ($info eq 'Data_length') { + $i_data = $i; + next; + } + if ($info eq 'Index_length') { + $i_index = $i; + last; + } + } + my $total_size = 0; + if ($i_data>0 && $i_index>0) { + $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} $db -e 'show table status;' | cut -f $i_data,$i_index | grep -v leng"; + + open(SERVICE, "$COMMAND |") + or die("Coult not execute '$COMMAND': $!"); + + while () { + (m/(\d+).*?(\d+(?:\.\d+)?)/); + $datas += $1; + $indexes += $2; + } + close(SERVICE); + + $total_size = $datas+$indexes; + } + print("$db.value $total_size\n"); +# print("datas.value $datas\n"); +# print("index.value $indexes\n"); +} + + +sub print_config { + + my $num = 0; + + my @dbs = getDBList; + + print("graph_title MySQL databases size\n"); + print ('graph_args --base 1024 -l 0 +graph_vlabel bytes +graph_category mysql +graph_info Plugin available at http://rodolphe.quiedeville.org/hack/munin/ +'); + + for my $db (@dbs) { + my $title = "$db"; + print("$title.label ${title}\n", + "$title.min 0\n", + "$title.type GAUGE\n", + "$title.draw ", ($num) ? "STACK" : "AREA" , "\n", + ); + $num++; + } +} + + +sub test_service { + + my $return = 1; + + system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); + if ($? == 0) + { + system ("$COMMAND >/dev/null 2>/dev/null"); + if ($? == 0) + { + print "yes\n"; + $return = 0; + } + else + { + print "no (could not connect to mysql)\n"; + } + } + else + { + print "no (mysqladmin not found)\n"; + } + exit $return; +} + +sub getDBList { + my @dbs; + foreach my $f (glob("/var/lib/mysql/*")) { + if (-d $f) { + $f =~ s!.*/!!; + @dbs[$#dbs+1]=$f }; + } + return @dbs; +} + diff --git a/manifests/server/munin/base.pp b/manifests/server/munin/base.pp index a5331c5..ad4bb8a 100644 --- a/manifests/server/munin/base.pp +++ b/manifests/server/munin/base.pp @@ -2,19 +2,19 @@ class mysql::server::munin::base { file { "/usr/local/share/munin-plugins/mysql_connections": - source => "$fileserver/munin/mysql_connections", + source => "puppet:///modules/mysql/munin/mysql_connections", mode => 0755, owner => root, group => root; "/usr/local/share/munin-plugins/mysql_qcache": - source => "$fileserver/munin/mysql_qcache", + source => "puppet:///modules/mysql/munin/mysql_qcache", mode => 0755, owner => root, group => root; "/usr/local/share/munin-plugins/mysql_qcache_mem": - source => "$fileserver/munin/mysql_qcache_mem", + source => "puppet:///modules/mysql/munin/mysql_qcache_mem", mode => 0755, owner => root, group => root; "/usr/local/share/munin-plugins/mysql_size_all": - source => "$fileserver/munin/mysql_size_all", + source => "puppet:///modules/mysql/munin/mysql_size_all", mode => 0755, owner => root, group => root; } } -- cgit v1.2.3 From eeb5febdaa11611443586dccc4432804f47a4271 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 2 Nov 2010 21:32:39 -0400 Subject: add mysql::client::perl, same as mysql::client::ruby --- manifests/client/perl.pp | 7 +++++++ manifests/client/perl/debian.pp | 6 ++++++ 2 files changed, 13 insertions(+) create mode 100644 manifests/client/perl.pp create mode 100644 manifests/client/perl/debian.pp diff --git a/manifests/client/perl.pp b/manifests/client/perl.pp new file mode 100644 index 0000000..09a790b --- /dev/null +++ b/manifests/client/perl.pp @@ -0,0 +1,7 @@ +class mysql::client::perl { + + case $operatingsystem { + debian: { include mysql::client::perl::debian } + } + +} diff --git a/manifests/client/perl/debian.pp b/manifests/client/perl/debian.pp new file mode 100644 index 0000000..790eaff --- /dev/null +++ b/manifests/client/perl/debian.pp @@ -0,0 +1,6 @@ +class mysql::client::perl::debian { + + package { 'libdbd-mysql-perl': + ensure => present, + } +} -- cgit v1.2.3 From af8b414c325dd2454c8fc98e9b1b0829c834c856 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Tue, 14 Dec 2010 12:10:54 -0500 Subject: Avoid root password leak to process list The current procedure of setting the root MySQL password leaks the root password by giving it to the setmysqlpass.sh script on the command line. This means that during the couple of seconds that the script is executing, the password is visible in the process list! Since we're already writing the password in the /root/.my.cnf file, make the setmysqlpass.sh script parse this file to retrieve the password instead of receiving it from a command line argument. Also, in some shells the 'echo' command might appear in the process list. Use a heredoc notation to create the output without using a command. Signed-off-by: Gabriel Filion --- files/scripts/CentOS/setmysqlpass.sh | 9 +++++++-- files/scripts/Debian/setmysqlpass.sh | 9 +++++++-- manifests/server/base.pp | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh index d762a20..01d8fbf 100644 --- a/files/scripts/CentOS/setmysqlpass.sh +++ b/files/scripts/CentOS/setmysqlpass.sh @@ -1,12 +1,17 @@ #!/bin/sh -test $# -gt 0 || exit 1 +test -f /root/.my.cnf || exit 1 + +rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') /sbin/service mysqld stop /usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin & sleep 5 -echo "USE mysql; UPDATE user SET Password=PASSWORD('$1') WHERE User='root' AND Host='localhost';" | mysql -u root +mysql -u root mysql < "${mysql_moduledir}/server/setmysqlpass.sh ${mysql_rootpw}", + command => "${mysql_moduledir}/server/setmysqlpass.sh", unless => "mysqladmin -uroot status > /dev/null", require => [ File['mysql_setmysqlpass.sh'], Package['mysql-server'] ], refreshonly => true, -- cgit v1.2.3 From 74bf6b84e413b3cc1cce83c334341c1fe58b3b1c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 30 Dec 2011 12:11:03 -0500 Subject: add table and column privilege management to mysql_grant --- lib/puppet/provider/mysql_grant/mysql.rb | 335 ++++++++++++++++++------------- lib/puppet/type/mysql_grant.rb | 144 +++++++------ 2 files changed, 273 insertions(+), 206 deletions(-) diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index 61c32d9..b782f12 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -1,155 +1,210 @@ # A grant is either global or per-db. This can be distinguished by the syntax # of the name: -# user@host => global -# user@host/db => per-db +# user@host => global +# user@host/db => per-db require 'puppet/provider/package' MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, - :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, - :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, - :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, - :create_user_priv + :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, + :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, + :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, + :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, + :create_user_priv ] MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, - :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv + :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, + :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv ] +MYSQL_TABLE_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, + :create_priv, :drop_priv, :grant_privt, :references_priv, + :index_priv, :alter_priv, :create_view_priv, :show_view_priv, + :trigger_priv +] + +MYSQL_COLUMN_PRIVS = [ :select_priv, :insert_priv, :update_priv, :references_priv ] + Puppet::Type.type(:mysql_grant).provide(:mysql) do - desc "Uses mysql as database." - - commands :mysql => '/usr/bin/mysql' - commands :mysqladmin => '/usr/bin/mysqladmin' - - def mysql_flush - mysqladmin "flush-privileges" - end - - # this parses the - def split_name(string) - matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact - case matches.length - when 2 - { - :type => :user, - :user => matches[0], - :host => matches[1] - } - when 4 - { - :type => :db, - :user => matches[0], - :host => matches[1], - :db => matches[3] - } - end - end - - def create_row - unless @resource.should(:privileges).empty? - name = split_name(@resource[:name]) - case name[:type] - when :user - mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ - name[:host], name[:user], - ] - when :db - mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ - name[:host], name[:user], name[:db], - ] - end - mysql_flush - end - end - - def destroy - mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] - end - - def row_exists? - name = split_name(@resource[:name]) - fields = [:user, :host] - if name[:type] == :db - fields << :db - end - not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? - end - - def all_privs_set? - all_privs = case split_name(@resource[:name])[:type] - when :user - MYSQL_USER_PRIVS - when :db - MYSQL_DB_PRIVS - end - all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") - privs = privileges.collect do |p| p.to_s end.sort.join("|") - - all_privs == privs - end - - def privileges - name = split_name(@resource[:name]) - privs = "" - - case name[:type] - when :user - privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] - when :db - privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] - end - - if privs.match(/^$/) - privs = [] # no result, no privs - else - # returns a line with field names and a line with values, each tab-separated - privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end - # transpose the lines, so we have key/value pairs - privs = privs[0].zip(privs[1]) - privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end - end - - privs.collect do |p| symbolize(p[0].downcase) end - end - - def privileges=(privs) - unless row_exists? - create_row - end - - # puts "Setting privs: ", privs.join(", ") - name = split_name(@resource[:name]) - stmt = '' - where = '' - all_privs = [] - case name[:type] - when :user - stmt = 'update user set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_USER_PRIVS - when :db - stmt = 'update db set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_DB_PRIVS - end - - if privs[0] == :all - privs = all_privs - end - - # puts "stmt:", stmt - set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') - # puts "set:", set - stmt = stmt << set << where - - mysql "mysql", "-Be", stmt - mysql_flush - end + desc "Uses mysql as database." + + commands :mysql => '/usr/bin/mysql' + commands :mysqladmin => '/usr/bin/mysqladmin' + + def mysql_flush + mysqladmin "flush-privileges" + end + + # this parses the + def split_name(string) + matches = /^([^@]*)@([^\/]*)(\/(.*))?(\/(.*))?(\/(.*))?$/.match(string).captures.compact + case matches.length + when 2 + { + :type => :user, + :user => matches[0], + :host => matches[1] + } + when 4 + { + :type => :db, + :user => matches[0], + :host => matches[1], + :db => matches[3] + } + when 6 + { + :type => :table, + :user => matches[0], + :host => matches[1], + :db => matches[3], + :table => matches[5] + } + when 8 + { + :type => :table, + :user => matches[0], + :host => matches[1], + :db => matches[3], + :table => matches[5], + :column => matches[7] + } + end + end + + def create_row + unless @resource.should(:privileges).empty? + name = split_name(@resource[:name]) + case name[:type] + when :user + mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ + name[:host], name[:user], + ] + when :db + mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ + name[:host], name[:user], name[:db], + ] + when :table + mysql "mysql", "-e", "INSERT INTO tables_priv (host, user, db, table) VALUES ('%s', '%s', '%s', '%s')" % [ + name[:host], name[:user], name[:db], name[:table], + ] + when :column + mysql "mysql", "-e", "INSERT INTO columns_priv (host, user, db, table, column_name) VALUES ('%s', '%s', '%s', '%s', '%s')" % [ + name[:host], name[:user], name[:db], name[:table], name[:column], + ] + end + mysql_flush + end + end + + def destroy + mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] + end + + def row_exists? + name = split_name(@resource[:name]) + fields = [:user, :host] + if name[:type] == :db + fields << :db + end + if name[:type] == :table + fields << :table + end + if name[:type] == :column + fields << :column + end + not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? + end + + def all_privs_set? + all_privs = case split_name(@resource[:name])[:type] + when :user + MYSQL_USER_PRIVS + when :db + MYSQL_DB_PRIVS + when :table + MYSQL_TABLE_PRIVS + when :column + MYSQL_COLUMN_PRIVS + end + all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") + privs = privileges.collect do |p| p.to_s end.sort.join("|") + + all_privs == privs + end + + def privileges + name = split_name(@resource[:name]) + privs = "" + + case name[:type] + when :user + privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] + when :db + privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] + when :table + privs = mysql "mysql", "-Be", 'select * from tables_priv where User="%s" and Host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ] + when :column + privs = mysql "mysql", "-Be", 'select * from columns_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s" and Column_name="%s"' % [ name[:user], name[:host], name[:db], name[:table], name[:column] ] + end + + if privs.match(/^$/) + privs = [] # no result, no privs + else + # returns a line with field names and a line with values, each tab-separated + privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end + # transpose the lines, so we have key/value pairs + privs = privs[0].zip(privs[1]) + privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end + end + + privs.collect do |p| symbolize(p[0].downcase) end + end + + def privileges=(privs) + unless row_exists? + create_row + end + + # puts "Setting privs: ", privs.join(", ") + name = split_name(@resource[:name]) + stmt = '' + where = '' + all_privs = [] + case name[:type] + when :user + stmt = 'update user set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_USER_PRIVS + when :db + stmt = 'update db set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_DB_PRIVS + when :table + stmt = 'update table_priv set ' + where = ' where user="%s" and host="%s" and Db="%s"' % [ name[:user], name[:host], name[:db] ] + all_privs = MYSQL_DB_PRIVS + when :column + stmt = 'update columns_priv set ' + where = ' where user="%s" and host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ] + all_privs = MYSQL_DB_PRIVS + end + + if privs[0] == :all + privs = all_privs + end + + # puts "stmt:", stmt + set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') + # puts "set:", set + stmt = stmt << set << where + + mysql "mysql", "-Be", stmt + mysql_flush + end end diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index 415f5aa..c6311e5 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -1,77 +1,89 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_grant) do - @doc = "Manage a database user's rights." - #ensurable + @doc = "Manage a database user's rights." - autorequire :mysql_db do - # puts "Starting db autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) - unless matches.nil? - reqs << matches[3] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + #ensurable + autorequire(:service) { 'mysqld' } - autorequire :mysql_user do - # puts "Starting user autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) - unless matches.nil? - reqs << "%s@%s" % [ matches[1], matches[2] ] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + autorequire :mysql_table do + reqs = [] + matches = self[:name].match(/^([^@]*)@([^\/]*)\/(.+)\/(.+)$/) + unless matches.nil? + reqs << matches[4] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - newparam(:name) do - desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" - end - newproperty(:privileges, :array_matching => :all) do - desc "The privileges the user should have. The possible values are implementation dependent." - munge do |v| - symbolize(v) - end + autorequire :mysql_db do + # puts "Starting db autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) + unless matches.nil? + reqs << matches[3] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - def should_to_s(newvalue = @should) - if newvalue - unless newvalue.is_a?(Array) - newvalue = [ newvalue ] - end - newvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end + autorequire :mysql_user do + # puts "Starting user autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) + unless matches.nil? + reqs << "%s@%s" % [ matches[1], matches[2] ] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - def is_to_s(currentvalue = @is) - if currentvalue - unless currentvalue.is_a?(Array) - currentvalue = [ currentvalue ] - end - currentvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end + newparam(:name) do + desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" + end + newproperty(:privileges, :array_matching => :all) do + desc "The privileges the user should have. The possible values are implementation dependent." + munge do |v| + symbolize(v) + end - # use the sorted outputs for comparison - def insync?(is) - if defined? @should and @should - case self.should_to_s - when "all" - self.provider.all_privs_set? - when self.is_to_s(is) - true - else - false - end - else - true - end - end + def should_to_s(newvalue = @should) + if newvalue + unless newvalue.is_a?(Array) + newvalue = [ newvalue ] + end + newvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end - end + def is_to_s(currentvalue = @is) + if currentvalue + unless currentvalue.is_a?(Array) + currentvalue = [ currentvalue ] + end + currentvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end + + # use the sorted outputs for comparison + def insync?(is) + if defined? @should and @should + case self.should_to_s + when "all" + self.provider.all_privs_set? + when self.is_to_s(is) + true + else + false + end + else + true + end + end + + end end -- cgit v1.2.3 From dfd86c83a3032d1df92dda57884fcd9254f30ae5 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 30 Dec 2011 12:20:14 -0500 Subject: Revert "add table and column privilege management to mysql_grant" This reverts commit 74bf6b84e413b3cc1cce83c334341c1fe58b3b1c. It was accidentally pushed to shared_mysql before it was ready --- lib/puppet/provider/mysql_grant/mysql.rb | 335 +++++++++++++------------------ lib/puppet/type/mysql_grant.rb | 144 ++++++------- 2 files changed, 206 insertions(+), 273 deletions(-) diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index b782f12..61c32d9 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -1,210 +1,155 @@ # A grant is either global or per-db. This can be distinguished by the syntax # of the name: -# user@host => global -# user@host/db => per-db +# user@host => global +# user@host/db => per-db require 'puppet/provider/package' MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, - :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, - :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, - :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, - :create_user_priv + :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, + :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, + :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, + :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, + :create_user_priv ] MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, - :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv + :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, + :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv ] -MYSQL_TABLE_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :grant_privt, :references_priv, - :index_priv, :alter_priv, :create_view_priv, :show_view_priv, - :trigger_priv -] - -MYSQL_COLUMN_PRIVS = [ :select_priv, :insert_priv, :update_priv, :references_priv ] - Puppet::Type.type(:mysql_grant).provide(:mysql) do - desc "Uses mysql as database." - - commands :mysql => '/usr/bin/mysql' - commands :mysqladmin => '/usr/bin/mysqladmin' - - def mysql_flush - mysqladmin "flush-privileges" - end - - # this parses the - def split_name(string) - matches = /^([^@]*)@([^\/]*)(\/(.*))?(\/(.*))?(\/(.*))?$/.match(string).captures.compact - case matches.length - when 2 - { - :type => :user, - :user => matches[0], - :host => matches[1] - } - when 4 - { - :type => :db, - :user => matches[0], - :host => matches[1], - :db => matches[3] - } - when 6 - { - :type => :table, - :user => matches[0], - :host => matches[1], - :db => matches[3], - :table => matches[5] - } - when 8 - { - :type => :table, - :user => matches[0], - :host => matches[1], - :db => matches[3], - :table => matches[5], - :column => matches[7] - } - end - end - - def create_row - unless @resource.should(:privileges).empty? - name = split_name(@resource[:name]) - case name[:type] - when :user - mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ - name[:host], name[:user], - ] - when :db - mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ - name[:host], name[:user], name[:db], - ] - when :table - mysql "mysql", "-e", "INSERT INTO tables_priv (host, user, db, table) VALUES ('%s', '%s', '%s', '%s')" % [ - name[:host], name[:user], name[:db], name[:table], - ] - when :column - mysql "mysql", "-e", "INSERT INTO columns_priv (host, user, db, table, column_name) VALUES ('%s', '%s', '%s', '%s', '%s')" % [ - name[:host], name[:user], name[:db], name[:table], name[:column], - ] - end - mysql_flush - end - end - - def destroy - mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] - end - - def row_exists? - name = split_name(@resource[:name]) - fields = [:user, :host] - if name[:type] == :db - fields << :db - end - if name[:type] == :table - fields << :table - end - if name[:type] == :column - fields << :column - end - not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? - end - - def all_privs_set? - all_privs = case split_name(@resource[:name])[:type] - when :user - MYSQL_USER_PRIVS - when :db - MYSQL_DB_PRIVS - when :table - MYSQL_TABLE_PRIVS - when :column - MYSQL_COLUMN_PRIVS - end - all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") - privs = privileges.collect do |p| p.to_s end.sort.join("|") - - all_privs == privs - end - - def privileges - name = split_name(@resource[:name]) - privs = "" - - case name[:type] - when :user - privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] - when :db - privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] - when :table - privs = mysql "mysql", "-Be", 'select * from tables_priv where User="%s" and Host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ] - when :column - privs = mysql "mysql", "-Be", 'select * from columns_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s" and Column_name="%s"' % [ name[:user], name[:host], name[:db], name[:table], name[:column] ] - end - - if privs.match(/^$/) - privs = [] # no result, no privs - else - # returns a line with field names and a line with values, each tab-separated - privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end - # transpose the lines, so we have key/value pairs - privs = privs[0].zip(privs[1]) - privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end - end - - privs.collect do |p| symbolize(p[0].downcase) end - end - - def privileges=(privs) - unless row_exists? - create_row - end - - # puts "Setting privs: ", privs.join(", ") - name = split_name(@resource[:name]) - stmt = '' - where = '' - all_privs = [] - case name[:type] - when :user - stmt = 'update user set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_USER_PRIVS - when :db - stmt = 'update db set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_DB_PRIVS - when :table - stmt = 'update table_priv set ' - where = ' where user="%s" and host="%s" and Db="%s"' % [ name[:user], name[:host], name[:db] ] - all_privs = MYSQL_DB_PRIVS - when :column - stmt = 'update columns_priv set ' - where = ' where user="%s" and host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ] - all_privs = MYSQL_DB_PRIVS - end - - if privs[0] == :all - privs = all_privs - end - - # puts "stmt:", stmt - set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') - # puts "set:", set - stmt = stmt << set << where - - mysql "mysql", "-Be", stmt - mysql_flush - end + desc "Uses mysql as database." + + commands :mysql => '/usr/bin/mysql' + commands :mysqladmin => '/usr/bin/mysqladmin' + + def mysql_flush + mysqladmin "flush-privileges" + end + + # this parses the + def split_name(string) + matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact + case matches.length + when 2 + { + :type => :user, + :user => matches[0], + :host => matches[1] + } + when 4 + { + :type => :db, + :user => matches[0], + :host => matches[1], + :db => matches[3] + } + end + end + + def create_row + unless @resource.should(:privileges).empty? + name = split_name(@resource[:name]) + case name[:type] + when :user + mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ + name[:host], name[:user], + ] + when :db + mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ + name[:host], name[:user], name[:db], + ] + end + mysql_flush + end + end + + def destroy + mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] + end + + def row_exists? + name = split_name(@resource[:name]) + fields = [:user, :host] + if name[:type] == :db + fields << :db + end + not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? + end + + def all_privs_set? + all_privs = case split_name(@resource[:name])[:type] + when :user + MYSQL_USER_PRIVS + when :db + MYSQL_DB_PRIVS + end + all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") + privs = privileges.collect do |p| p.to_s end.sort.join("|") + + all_privs == privs + end + + def privileges + name = split_name(@resource[:name]) + privs = "" + + case name[:type] + when :user + privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] + when :db + privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] + end + + if privs.match(/^$/) + privs = [] # no result, no privs + else + # returns a line with field names and a line with values, each tab-separated + privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end + # transpose the lines, so we have key/value pairs + privs = privs[0].zip(privs[1]) + privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end + end + + privs.collect do |p| symbolize(p[0].downcase) end + end + + def privileges=(privs) + unless row_exists? + create_row + end + + # puts "Setting privs: ", privs.join(", ") + name = split_name(@resource[:name]) + stmt = '' + where = '' + all_privs = [] + case name[:type] + when :user + stmt = 'update user set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_USER_PRIVS + when :db + stmt = 'update db set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_DB_PRIVS + end + + if privs[0] == :all + privs = all_privs + end + + # puts "stmt:", stmt + set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') + # puts "set:", set + stmt = stmt << set << where + + mysql "mysql", "-Be", stmt + mysql_flush + end end diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index c6311e5..415f5aa 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -1,89 +1,77 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_grant) do - @doc = "Manage a database user's rights." + @doc = "Manage a database user's rights." + #ensurable - #ensurable - autorequire(:service) { 'mysqld' } + autorequire :mysql_db do + # puts "Starting db autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) + unless matches.nil? + reqs << matches[3] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - autorequire :mysql_table do - reqs = [] - matches = self[:name].match(/^([^@]*)@([^\/]*)\/(.+)\/(.+)$/) - unless matches.nil? - reqs << matches[4] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + autorequire :mysql_user do + # puts "Starting user autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) + unless matches.nil? + reqs << "%s@%s" % [ matches[1], matches[2] ] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - autorequire :mysql_db do - # puts "Starting db autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) - unless matches.nil? - reqs << matches[3] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + newparam(:name) do + desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" + end + newproperty(:privileges, :array_matching => :all) do + desc "The privileges the user should have. The possible values are implementation dependent." + munge do |v| + symbolize(v) + end - autorequire :mysql_user do - # puts "Starting user autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) - unless matches.nil? - reqs << "%s@%s" % [ matches[1], matches[2] ] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + def should_to_s(newvalue = @should) + if newvalue + unless newvalue.is_a?(Array) + newvalue = [ newvalue ] + end + newvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end - newparam(:name) do - desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" - end - newproperty(:privileges, :array_matching => :all) do - desc "The privileges the user should have. The possible values are implementation dependent." - munge do |v| - symbolize(v) - end + def is_to_s(currentvalue = @is) + if currentvalue + unless currentvalue.is_a?(Array) + currentvalue = [ currentvalue ] + end + currentvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end - def should_to_s(newvalue = @should) - if newvalue - unless newvalue.is_a?(Array) - newvalue = [ newvalue ] - end - newvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end + # use the sorted outputs for comparison + def insync?(is) + if defined? @should and @should + case self.should_to_s + when "all" + self.provider.all_privs_set? + when self.is_to_s(is) + true + else + false + end + else + true + end + end - def is_to_s(currentvalue = @is) - if currentvalue - unless currentvalue.is_a?(Array) - currentvalue = [ currentvalue ] - end - currentvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end - - # use the sorted outputs for comparison - def insync?(is) - if defined? @should and @should - case self.should_to_s - when "all" - self.provider.all_privs_set? - when self.is_to_s(is) - true - else - false - end - else - true - end - end - - end + end end -- cgit v1.2.3 From 64bbe64b96e32af931ed8fb50ce2ad6ca8543eb1 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Thu, 23 Feb 2012 04:52:55 -0500 Subject: Use the right parameter to nagios::service::mysql check_hostname is not defined. We need to use check_host instead --- manifests/server/nagios.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/server/nagios.pp b/manifests/server/nagios.pp index 4e2b8b8..28e52bb 100644 --- a/manifests/server/nagios.pp +++ b/manifests/server/nagios.pp @@ -10,7 +10,7 @@ class mysql::server::nagios { if ($nagios_mysql_notcp != true) { $nagios_mysql_user = 'nagios@%' nagios::service::mysql { 'connection-time': - check_hostname => $fqdn, + check_host => $fqdn, require => Mysql_grant[$nagios_mysql_user], } } -- cgit v1.2.3 From 7f4f7e00526e6ba5f9ffb93798350d7447322bd1 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 7 Mar 2012 15:10:48 -0500 Subject: fix typo in name of mysql_qcache_mem graph --- manifests/server/munin/default.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/server/munin/default.pp b/manifests/server/munin/default.pp index 130f3dc..d64c831 100644 --- a/manifests/server/munin/default.pp +++ b/manifests/server/munin/default.pp @@ -20,7 +20,7 @@ class mysql::server::munin::default inherits mysql::server::munin::base { config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ]; - [ mysql_connections, mysql_qcache, mysql_cache_mem, mysql_size_all ]: + [ mysql_connections, mysql_qcache, mysql_qcache_mem, mysql_size_all ]: script_path_in => "/usr/local/share/munin-plugins", config => "env.mysqlopts --user=munin --password=${munin_mysql_password} -h localhost", require => [ Mysql_grant['munin@localhost'], Mysql_user['munin@localhost'], Package['mysql'] ]; -- cgit v1.2.3 From 8180e27115c43830b6a4a237468fe14113b7af48 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Mon, 9 Apr 2012 02:26:23 -0400 Subject: Import my.cnf from Debian Squeeze Lenny support was phased out and squeeze is the current stable. There is an instruction in the file that originally came from lenny: skip-bdb doesn't exist anymore in the mysql version in squeeze, so the config file makes a fresh mysql install crash on Squeeze. Signed-off-by: Gabriel Filion --- files/config/my.cnf.Debian | 34 ++++++++-------------------------- 1 file changed, 8 insertions(+), 26 deletions(-) diff --git a/files/config/my.cnf.Debian b/files/config/my.cnf.Debian index 1935cfb..21daf6a 100644 --- a/files/config/my.cnf.Debian +++ b/files/config/my.cnf.Debian @@ -50,27 +50,29 @@ bind-address = 127.0.0.1 # key_buffer = 16M max_allowed_packet = 16M -thread_stack = 128K -thread_cache_size = 8 +thread_stack = 192K +thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched -myisam-recover = BACKUP +myisam-recover = BACKUP #max_connections = 100 #table_cache = 64 #thread_concurrency = 10 # # * Query Cache Configuration # -query_cache_limit = 1M +query_cache_limit = 1M query_cache_size = 16M # # * Logging and Replication # # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. -#log = /var/log/mysql/mysql.log +# As of 5.1 you can enable the log at runtime! +#general_log_file = /var/log/mysql/mysql.log +#general_log = 1 # -# Error logging goes to syslog. This is a Debian improvement :) +# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. # # Here you can see queries with especially long duration #log_slow_queries = /var/log/mysql/mysql-slow.log @@ -87,17 +89,10 @@ max_binlog_size = 100M #binlog_do_db = include_database_name #binlog_ignore_db = include_database_name # -# * BerkeleyDB -# -# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12. -skip-bdb -# # * InnoDB # # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! -# You might want to disable InnoDB to shrink the mysqld process by circa 100MB. -#skip-innodb # # * Security Features # @@ -123,21 +118,8 @@ max_allowed_packet = 16M [isamchk] key_buffer = 16M -# -# * NDB Cluster -# -# See /usr/share/doc/mysql-server-*/README.Debian for more information. -# -# The following configuration is read by the NDB Data Nodes (ndbd processes) -# not from the NDB Management Nodes (ndb_mgmd processes). -# -# [MYSQL_CLUSTER] -# ndb-connectstring=127.0.0.1 - - # # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/ - -- cgit v1.2.3