From bad8721b44b01e9656257a19ae334d46231d2c3d Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Wed, 4 Dec 2013 23:19:09 +0100
Subject: also chown the data dir

---
 files/scripts/CentOS/setmysqlpass.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'files/scripts/CentOS/setmysqlpass.sh')

diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh
index 01d8fbf..870494c 100644
--- a/files/scripts/CentOS/setmysqlpass.sh
+++ b/files/scripts/CentOS/setmysqlpass.sh
@@ -13,8 +13,11 @@ UPDATE mysql.user SET Password=PASSWORD('$rootpw') WHERE User='root' AND Host='l
 FLUSH PRIVILEGES;
 EOF
 killall mysqld
+sleep 15
 # chown to be on the safe side
-chown mysql.mysql /var/lib/mysql/mysql-bin.*
+ls -al /var/lib/mysql/mysql-bin.* &> /dev/null
+[ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.*
+chown -R mysql.mysql /var/lib/mysql/data/
 
 /sbin/service mysqld start
 
-- 
cgit v1.2.3


From cae3a3cbe85d1dffcd7a7a964669d2b758561dc0 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Wed, 5 Feb 2014 22:34:17 +0100
Subject: fix #6638 - remove the unless check & improve script

To workaround a limitation of the exec provider within puppet, we
do the unless check no within the script itself and ensure that
we use the password there.

https://labs.riseup.net/code/issues/6638
---
 files/scripts/CentOS/setmysqlpass.sh | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'files/scripts/CentOS/setmysqlpass.sh')

diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh
index 870494c..8b468e1 100644
--- a/files/scripts/CentOS/setmysqlpass.sh
+++ b/files/scripts/CentOS/setmysqlpass.sh
@@ -4,6 +4,8 @@ test -f /root/.my.cnf || exit 1
 
 rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 
+/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
+
 /sbin/service mysqld stop
 
 /usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin &
-- 
cgit v1.2.3


From e1649647f326abeb256a73e4cb1060840f846f24 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 24 Jan 2015 18:05:08 +0100
Subject: fix issues for EL7 + simplify account security

* EL7 uses mariadb & systemd -> adjust setpasswd script to that
* move the security ensurance to the setpassword script, as it's
  easier to ensure that there
---
 files/scripts/CentOS/setmysqlpass.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'files/scripts/CentOS/setmysqlpass.sh')

diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh
index 8b468e1..b84aa7a 100644
--- a/files/scripts/CentOS/setmysqlpass.sh
+++ b/files/scripts/CentOS/setmysqlpass.sh
@@ -6,20 +6,20 @@ rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 
 /usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
 
-/sbin/service mysqld stop
+/usr/bin/systemctl stop mariadb
 
-/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin &
+/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin --pid-file=/var/run/mariadb/mariadb.pid &
 sleep 5
 mysql -u root mysql <<EOF
 UPDATE mysql.user SET Password=PASSWORD('$rootpw') WHERE User='root' AND Host='localhost';
+DELETE FROM mysql.user WHERE (User='root' AND Host!='localhost') OR USER='';
 FLUSH PRIVILEGES;
 EOF
-killall mysqld
+kill `cat /var/run/mariadb/mariadb.pid`
 sleep 15
 # chown to be on the safe side
 ls -al /var/lib/mysql/mysql-bin.* &> /dev/null
 [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.*
 chown -R mysql.mysql /var/lib/mysql/data/
 
-/sbin/service mysqld start
-
+/usr/bin/systemctl start mariadb
-- 
cgit v1.2.3