From bd6abae490891984283988a0b3c798b31b552ba3 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 3 May 2013 11:38:14 +0200 Subject: some mysql versions start to display a nasty warning - http://bugs.mysql.com/bug.php?id=68376 --- manifests/server/cron/backup.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/server/cron/backup.pp b/manifests/server/cron/backup.pp index 671ad9c..2b9dc6c 100644 --- a/manifests/server/cron/backup.pp +++ b/manifests/server/cron/backup.pp @@ -11,8 +11,14 @@ class mysql::server::cron::backup { } } + if versioncmp($::mysql_version,'5.1.68') > 0 { + $backup_command = "/usr/bin/mysqldump --default-character-set=utf8 --all-databases --create-options --flush-logs --lock-tables --single-transaction --events --ignore-table=mysql.event | gzip > ${mysql::server::backup_dir}/mysqldump.sql.gz && chmod 600 ${mysql::server::backup_dir}/mysqldump.sql.gz" + } else { + $backup_command = "/usr/bin/mysqldump --default-character-set=utf8 --all-databases --create-options --flush-logs --lock-tables --single-transaction | gzip > ${mysql::server::backup_dir}/mysqldump.sql.gz && chmod 600 ${mysql::server::backup_dir}/mysqldump.sql.gz" + } + cron { 'mysql_backup_cron': - command => "/usr/bin/mysqldump --default-character-set=utf8 --all-databases --create-options --flush-logs --lock-tables --single-transaction | gzip > ${mysql::server::backup_dir}/mysqldump.sql.gz && chmod 600 ${mysql::server::backup_dir}/mysqldump.sql.gz", + command => $backup_command, user => 'root', minute => 0, hour => 1, -- cgit v1.2.3 From e9f030452523f96129c7aacdf77afbd84afa9fe4 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 4 Dec 2013 23:15:26 +0100 Subject: this is not really necessary --- manifests/server/base.pp | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'manifests') diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 14f3c1b..c424c34 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -31,13 +31,6 @@ class mysql::server::base { owner => mysql, group => mysql, mode => '0755'; - 'mysql_ibdata1': - path => '/var/lib/mysql/data/ibdata1', - require => Package['mysql-server'], - before => File['mysql_setmysqlpass.sh'], - owner => mysql, - group => mysql, - mode => '0660'; 'mysql_setmysqlpass.sh': path => '/usr/local/sbin/setmysqlpass.sh', source => "puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh", @@ -80,7 +73,7 @@ class mysql::server::base { require => Package['mysql-server'], } - if $::mysql_exists == 'true' { + if str2bool($::mysql_exists) { include mysql::server::account_security # Collect all databases and users -- cgit v1.2.3 From 6d485b169360f5d113537f14e2dbbd83e56b2f9c Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 5 Dec 2013 10:49:54 +0100 Subject: better use this built in fact now --- manifests/server/base.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/server/base.pp b/manifests/server/base.pp index c424c34..da82e2f 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -8,10 +8,10 @@ class mysql::server::base { path => '/etc/mysql/my.cnf', source => [ "puppet:///modules/site_mysql/${::fqdn}/my.cnf", - "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.{lsbdistcodename}", + "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}", 'puppet:///modules/site_mysql/my.cnf', - "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.{lsbdistcodename}", + "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}", 'puppet:///modules/mysql/config/my.cnf' ], -- cgit v1.2.3 From c38546e15fe62e964c63b03222cc3c2824ee5c36 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 5 Dec 2013 20:14:04 +0100 Subject: introduce the /etc/mysql/conf.d/ directory for CentOS --- manifests/server/centos.pp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'manifests') diff --git a/manifests/server/centos.pp b/manifests/server/centos.pp index a55a57f..50678cf 100644 --- a/manifests/server/centos.pp +++ b/manifests/server/centos.pp @@ -6,4 +6,21 @@ class mysql::server::centos inherits mysql::server::clientpackage { File['mysql_main_cnf']{ path => '/etc/my.cnf', } + + file{ + '/etc/mysql': + ensure => directory, + owner => root, + group => 0, + mode => '0644'; + '/etc/mysql/conf.d': + ensure => directory, + recurse => true, + purge => true, + force => true, + owner => root, + group => 0, + mode => '0644', + notify => Service['mysql']; + } } -- cgit v1.2.3 From cae3a3cbe85d1dffcd7a7a964669d2b758561dc0 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 5 Feb 2014 22:34:17 +0100 Subject: fix #6638 - remove the unless check & improve script To workaround a limitation of the exec provider within puppet, we do the unless check no within the script itself and ensure that we use the password there. https://labs.riseup.net/code/issues/6638 --- manifests/server/base.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'manifests') diff --git a/manifests/server/base.pp b/manifests/server/base.pp index da82e2f..2d55605 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -50,7 +50,6 @@ class mysql::server::base { exec { 'mysql_set_rootpw': command => '/usr/local/sbin/setmysqlpass.sh', - unless => 'mysqladmin -uroot status > /dev/null', require => [ File['mysql_setmysqlpass.sh'], Service['mysql'] ], # this is for security so that we only change the password # if the password file itself has changed -- cgit v1.2.3 From c06abd681ce71893466b29390e1199c293cdd37e Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Feb 2014 14:50:17 +0100 Subject: add mysqltuner class --- manifests/server/tuner.pp | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 manifests/server/tuner.pp (limited to 'manifests') diff --git a/manifests/server/tuner.pp b/manifests/server/tuner.pp new file mode 100644 index 0000000..5aa6772 --- /dev/null +++ b/manifests/server/tuner.pp @@ -0,0 +1,6 @@ +# install mysqltuner package +class mysql::server::tuner { + package{'mysqltuner': + ensure => present, + } +} -- cgit v1.2.3 From 553831bf3440fb139b9e95616d9dc79728ec2669 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Jan 2015 01:50:39 +0100 Subject: on EL7 there is now mariadb --- manifests/client/base.pp | 10 ++++++++-- manifests/server/centos.pp | 13 +++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/client/base.pp b/manifests/client/base.pp index b09b90e..8106ded 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -1,7 +1,13 @@ # basic mysql client stuff class mysql::client::base { package { 'mysql': - ensure => present, - alias => 'mysql-client', + ensure => present, + alias => 'mysql-client', + } + if $::operatingsystem in ['RedHat', 'CentOS'] and + $::operatingsystemmajrelease > 6 { + Package[mysql]{ + name => 'mariadb' + } } } diff --git a/manifests/server/centos.pp b/manifests/server/centos.pp index 50678cf..5c0ab34 100644 --- a/manifests/server/centos.pp +++ b/manifests/server/centos.pp @@ -1,7 +1,16 @@ # centos specific things class mysql::server::centos inherits mysql::server::clientpackage { - Service['mysql']{ - name => 'mysqld', + if $::operatingsystemmajrelease > 6 { + Package['mysql-server']{ + name => 'mariadb-server', + } + Service['mysql']{ + name => 'mariadb', + } + } else { + Service['mysql']{ + name => 'mysqld', + } } File['mysql_main_cnf']{ path => '/etc/my.cnf', -- cgit v1.2.3 From 3820ed70a0bdc35096457303a629520434d52603 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Jan 2015 11:42:33 +0100 Subject: this should be variables --- manifests/server/base.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 2d55605..1ed75f2 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -8,10 +8,10 @@ class mysql::server::base { path => '/etc/mysql/my.cnf', source => [ "puppet:///modules/site_mysql/${::fqdn}/my.cnf", - "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", + "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.${::operatingsystemmajrelease}", "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}", 'puppet:///modules/site_mysql/my.cnf', - "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.{::operatingsystemmajrelease}", + "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.${::operatingsystemmajrelease}", "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}", 'puppet:///modules/mysql/config/my.cnf' ], -- cgit v1.2.3 From e1649647f326abeb256a73e4cb1060840f846f24 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 24 Jan 2015 18:05:08 +0100 Subject: fix issues for EL7 + simplify account security * EL7 uses mariadb & systemd -> adjust setpasswd script to that * move the security ensurance to the setpassword script, as it's easier to ensure that there --- manifests/server/account_security.pp | 8 -------- manifests/server/base.pp | 15 ++++++--------- 2 files changed, 6 insertions(+), 17 deletions(-) delete mode 100644 manifests/server/account_security.pp (limited to 'manifests') diff --git a/manifests/server/account_security.pp b/manifests/server/account_security.pp deleted file mode 100644 index a17f0b3..0000000 --- a/manifests/server/account_security.pp +++ /dev/null @@ -1,8 +0,0 @@ -# some installations have some default users which are not required. -# We remove them here. You can subclass this class to overwrite this behavior. -class mysql::server::account_security { - mysql_user{ [ "root@${::fqdn}", 'root@127.0.0.1', "@${::fqdn}", '@localhost', '@%' ]: - ensure => 'absent', - require => Exec['mysql_set_rootpw'], - } -} diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 1ed75f2..0863950 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -33,7 +33,8 @@ class mysql::server::base { mode => '0755'; 'mysql_setmysqlpass.sh': path => '/usr/local/sbin/setmysqlpass.sh', - source => "puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh", + source => ["puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh.${::operatingsystemmajrelease}", + "puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh", ], require => Package['mysql-server'], owner => root, group => 0, @@ -72,12 +73,8 @@ class mysql::server::base { require => Package['mysql-server'], } - if str2bool($::mysql_exists) { - include mysql::server::account_security - - # Collect all databases and users - Mysql_database<<| tag == "mysql_${::fqdn}" |>> - Mysql_user<<| tag == "mysql_${::fqdn}" |>> - Mysql_grant<<| tag == "mysql_${::fqdn}" |>> - } + # Collect all databases and users + Mysql_database<<| tag == "mysql_${::fqdn}" |>> + Mysql_user<<| tag == "mysql_${::fqdn}" |>> + Mysql_grant<<| tag == "mysql_${::fqdn}" |>> } -- cgit v1.2.3 From 0ce33a632f30f8845359e2fc146789013dcd4984 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Jan 2015 13:48:52 +0100 Subject: we only need to ensure grants if the user is present --- manifests/admin_user.pp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/admin_user.pp b/manifests/admin_user.pp index 66e0cc1..78085bc 100644 --- a/manifests/admin_user.pp +++ b/manifests/admin_user.pp @@ -14,8 +14,10 @@ define mysql::admin_user( password_hash => $password_hash, require => Exec['mysql_set_rootpw'], } - mysql_grant{"${name}@${host}": - privileges => 'all', - require => Mysql_user["${name}@${host}"], + if $ensure == 'present' { + mysql_grant{"${name}@${host}": + privileges => 'all', + require => Mysql_user["${name}@${host}"], + } } } -- cgit v1.2.3