From 42145601c1cc268c1b120d75f6d4e5f455a8c103 Mon Sep 17 00:00:00 2001 From: Jan Collijs Date: Thu, 16 May 2013 09:37:50 +0200 Subject: [PATCH 01/16] Puppet-lint 0.3.2 qualified code --- .puppet-lint.rc | 1 + manifests/adminpass.pp | 2 +- manifests/service.pp | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index b0d12b7..fb37551 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,2 @@ --no-80chars-check +--no-class_inherits_from_params_class-check diff --git a/manifests/adminpass.pp b/manifests/adminpass.pp index cf11239..a3baf69 100644 --- a/manifests/adminpass.pp +++ b/manifests/adminpass.pp @@ -48,7 +48,7 @@ ) { exec {"percona-adminpass-${name}": - onlyif => [ + onlyif => [ 'test -f /usr/bin/mysqladmin', "mysqladmin -u${user} -h${host} status", ], diff --git a/manifests/service.pp b/manifests/service.pp index 921cf48..81fe610 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -9,8 +9,8 @@ if $::percona::server { service { $service_name: - alias => 'mysql', ensure => $service_ensure, + alias => 'mysql', enable => $service_enable, require => [ Class['percona::config::server'], From 925a7e3c7c012ce790d6f98f860ae841ebe8f9fa Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Thu, 23 May 2013 14:38:11 +0200 Subject: [PATCH 02/16] fix a syntax error in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fdf1a4a..e756bee 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ For debian users, the config_include_dir has been defaulted to /etc/mysql/conf.d percona::rights {'userbar on dbfoo': priv => 'select_priv', host => 'localhost', - database => '*' + database => '*', password => 'default', } From becd4deecdc0acbb244e8023eb2b50d0cce2a9b6 Mon Sep 17 00:00:00 2001 From: Lars Fronius Date: Tue, 16 Jul 2013 16:54:33 +0200 Subject: [PATCH 03/16] client tools might use client section --- templates/mgmt_cnf.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/mgmt_cnf.erb b/templates/mgmt_cnf.erb index 7dc83d7..354b610 100644 --- a/templates/mgmt_cnf.erb +++ b/templates/mgmt_cnf.erb @@ -2,6 +2,10 @@ ## Served by: '<%= scope.lookupvar('::servername') %>' ## Module: '<%= scope.to_hash['module_name'] %>' ## Template source: 'MODULES<%= template_source.gsub(Regexp.new("^#{Puppet::Node::Environment.current[:modulepath].gsub(':','|')}"),"") %>' +[client] + user = <%= user %> + password = <%= password %> + [mysql] user = <%= user %> password = <%= password %> From 7599cb670ceb5cc7311f758ac666bb2795415e09 Mon Sep 17 00:00:00 2001 From: Vadim Lebedev Date: Tue, 30 Jul 2013 11:16:58 -0700 Subject: [PATCH 04/16] Bug fix Debug: Exec[percona-adminpass-root](provider=posix): Executing check 'mysqladmin -uroot -hlocalhost --no-defaults status' Debug: Executing 'mysqladmin -uroot -hlocalhost --no-defaults status' --- manifests/adminpass.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/adminpass.pp b/manifests/adminpass.pp index 7fd9c4c..719caef 100644 --- a/manifests/adminpass.pp +++ b/manifests/adminpass.pp @@ -50,7 +50,7 @@ exec {"percona-adminpass-${name}": onlyif => [ 'test -f /usr/bin/mysqladmin', - "mysqladmin -u${user} -h${host} --no-defaults status", + "mysqladmin --no-defaults -u${user} -h${host} status", ], path => ['/usr/bin','/bin',], command => "mysqladmin -h ${host} -u${user} password ${password}", From 33b363511b36bc55b6375354d7eb73ea78a03c94 Mon Sep 17 00:00:00 2001 From: Eloi Poch Date: Sat, 31 Aug 2013 12:49:35 +0200 Subject: [PATCH 05/16] Fix rights (always present) The rights, until now, always ensure present instead of the passed value --- manifests/rights.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/rights.pp b/manifests/rights.pp index 6ac33f8..38c8194 100644 --- a/manifests/rights.pp +++ b/manifests/rights.pp @@ -133,7 +133,7 @@ } mysql_user { "${_user}@${_host}": - ensure => 'present', + ensure => $ensure, password_hash => $pwhash, mgmt_cnf => $mycnf, require => [ From 30edf3c9c2dc27fd40113074425eb0d3e4726964 Mon Sep 17 00:00:00 2001 From: Eloi Poch Date: Mon, 2 Sep 2013 00:14:53 +0200 Subject: [PATCH 06/16] Add posibility to add users directly --- manifests/init.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 3b22b73..8438eee 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -105,6 +105,7 @@ # They are specific for this server instance. $configuration = {}, $servername = $::fqdn, + $users = undef, ## These settings are defaulted distro specific ## $template = $percona::params::template, @@ -149,6 +150,10 @@ include percona::config include percona::service + if $users { + create_resources('percona::rights', hiera_hash('percona::users', $users)) + } + Class['percona::preinstall'] -> Class['percona::install'] -> Class['percona::config'] -> From 63f636abedcbe99f39995af0bcb496e66f873585 Mon Sep 17 00:00:00 2001 From: Eloi Poch Date: Mon, 2 Sep 2013 02:33:52 +0200 Subject: [PATCH 07/16] Fix log directory group and owner --- manifests/config/server.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/config/server.pp b/manifests/config/server.pp index b0b4976..75482ac 100644 --- a/manifests/config/server.pp +++ b/manifests/config/server.pp @@ -27,6 +27,9 @@ $configuration = $::percona::configuration $default_configuration = $::percona::params::default_configuration + $daemon_group = $::percona::daemon_group + $daemon_user = $::percona::daemon_user + File { owner => $config_user, group => $config_group, @@ -134,6 +137,8 @@ file { $logdir : ensure => 'directory', mode => $config_dir_mode, + group => $daemon_group, + owner => $daemon_user, } if $config_skip != true { From db12e7111cc75107173ba69c4f083b725b27de4e Mon Sep 17 00:00:00 2001 From: Eloi Poch Date: Mon, 2 Sep 2013 12:19:21 +0200 Subject: [PATCH 08/16] Add posibility to add datbases directly --- manifests/init.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 8438eee..2df222d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -105,6 +105,7 @@ # They are specific for this server instance. $configuration = {}, $servername = $::fqdn, + $databases = undef, $users = undef, ## These settings are defaulted distro specific ## @@ -154,6 +155,10 @@ create_resources('percona::rights', hiera_hash('percona::users', $users)) } + if $databases { + create_resources('percona::database', hiera_hash('percona::databases', $databases)) + } + Class['percona::preinstall'] -> Class['percona::install'] -> Class['percona::config'] -> From a01da24bf6b07f0f26d8c99c06c0633002be262f Mon Sep 17 00:00:00 2001 From: Eloi Poch Date: Tue, 3 Sep 2013 03:35:54 +0200 Subject: [PATCH 09/16] Improve security Remove default users & databases and allow pass user admin directly --- manifests/init.pp | 12 ++++++++++++ manifests/security.pp | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 manifests/security.pp diff --git a/manifests/init.pp b/manifests/init.pp index 2df222d..5c049c1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -100,6 +100,7 @@ $pkg_version = $percona::params::pkg_version, $mgmt_cnf = $percona::params::mgmt_cnf, + $root_password = undef, ## These options can NOT be defaulted in percona::params. # They are specific for this server instance. @@ -159,6 +160,17 @@ create_resources('percona::database', hiera_hash('percona::databases', $databases)) } + if $root_password { + percona::adminpass{ 'root': + password => $root_password, + } + + percona::mgmt_cnf { $mgmt_cnf: + password => $root_password, + user => 'root', + } + } + Class['percona::preinstall'] -> Class['percona::install'] -> Class['percona::config'] -> diff --git a/manifests/security.pp b/manifests/security.pp new file mode 100644 index 0000000..c037067 --- /dev/null +++ b/manifests/security.pp @@ -0,0 +1,38 @@ +# == Class: percona::security +# +# === Todo: +# +# TODO: Document class. +# +# Some installations have some default users which are not required. +# We remove them here. You can subclass this class to overwrite this behavior. +class percona::security ( + $mgmt_cnf = undef +) { + $mycnf = $mgmt_cnf ? { + undef => $::percona::mgmt_cnf, + default => $mgmt_cnf, + } + + $users = ["root@${::fqdn}", 'root@127.0.0.1', 'root@::1', "@${::fqdn}", '@localhost', '@%'] + + mysql_user { $users: + ensure => 'absent', + mgmt_cnf => $mycnf, + require => [Service[$::percona::service_name], Percona::Mgmt_cnf[$mycnf]], + } + + if ($::fqdn != $::hostname) { + mysql_user { ["root@${::hostname}", "@${::hostname}"]: + ensure => 'absent', + mgmt_cnf => $mycnf, + require => [Service[$::percona::service_name], Percona::Mgmt_cnf[$mycnf]], + } + } + + mysql_database { 'test': + ensure => 'absent', + mgmt_cnf => $mycnf, + require => [Service[$::percona::service_name], Percona::Mgmt_cnf[$mycnf]], + } +} From 2acf7f664ac29d303c912b25cc8efc312e343cab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A0rius?= Date: Thu, 26 Sep 2013 16:02:05 +0200 Subject: [PATCH 10/16] Add logdir_link parameter --- manifests/config/server.pp | 33 ++++++++++++++++++++++++++++----- manifests/init.pp | 1 + manifests/params.pp | 7 +++++++ 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/manifests/config/server.pp b/manifests/config/server.pp index 75482ac..67c1ea0 100644 --- a/manifests/config/server.pp +++ b/manifests/config/server.pp @@ -18,6 +18,7 @@ $config_skip = $::percona::config_skip $logdir = $::percona::logdir + $logdir_link = $::percona::logdir_link $server = $::percona::server $service_name = $::percona::service_name $service_restart = $::percona::service_restart @@ -134,12 +135,34 @@ } } - file { $logdir : - ensure => 'directory', - mode => $config_dir_mode, - group => $daemon_group, - owner => $daemon_user, + + + if $logdir_link { + file { $logdir_link : + ensure => 'directory', + mode => $config_dir_mode, + group => $daemon_group, + owner => $daemon_user, + } + + file { $logdir : + ensure => 'link', + target => $logdir_link, + mode => $config_dir_mode, + group => $daemon_group, + owner => $daemon_user, + } } + else { + file { $logdir : + ensure => 'directory', + mode => $config_dir_mode, + group => $daemon_group, + owner => $daemon_user, + } + } + + if $config_skip != true { file { $config_file: diff --git a/manifests/init.pp b/manifests/init.pp index 5c049c1..4e87c55 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -86,6 +86,7 @@ $tmpdir = $percona::params::tmpdir, $logdir = $percona::params::logdir, + $logdir_link = $percona::params::logdir_link, $socket = $percona::params::socket, $datadir = $percona::params::datadir, $targetdir = $percona::params::targetdir, diff --git a/manifests/params.pp b/manifests/params.pp index b1511d0..e898711 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -32,6 +32,12 @@ # $config_file:: Location of the default mysql my.cnf config file # for your operatingsystem. # +# +# === Extra parameters: +# +# $logdir_link:: Location of the folder which holds the mysql logs +# linked from original logs directory +# # === Examples: # # ==== Setting global and default configuration options. @@ -62,6 +68,7 @@ $daemon_user = 'mysql', $tmpdir = undef, $logdir = '/var/log/percona', + $logdir_link = undef, $socket = '/var/lib/mysql/mysql.sock', $datadir = '/var/lib/mysql', $targetdir = '/data/backups/mysql/', From 2ea3db4735e61400e8feb7d7a7ca7c70f3b09993 Mon Sep 17 00:00:00 2001 From: Dani Codina Date: Tue, 9 Dec 2014 11:56:18 +0100 Subject: [PATCH 11/16] Adding socket to /root/.my.cnf --- templates/mgmt_cnf.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/mgmt_cnf.erb b/templates/mgmt_cnf.erb index 4e1b8ab..fbe8914 100644 --- a/templates/mgmt_cnf.erb +++ b/templates/mgmt_cnf.erb @@ -5,15 +5,19 @@ [client] user = <%= user %> password = <%= password %> + socket = <%= socket %> [mysql] user = <%= user %> password = <%= password %> + socket = <%= socket %> [mysqldump] user = <%= user %> password = <%= password %> + socket = <%= socket %> [mysqladmin] user = <%= user %> password = <%= password %> + socket = <%= socket %> From a8c68db61c0f76c897ce9d8adbcbb1998b366476 Mon Sep 17 00:00:00 2001 From: Dani Codina Date: Tue, 9 Dec 2014 12:13:16 +0100 Subject: [PATCH 12/16] Adding socket to /root/.my.cnf --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index 4e87c55..6163a45 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -169,6 +169,7 @@ percona::mgmt_cnf { $mgmt_cnf: password => $root_password, user => 'root', + socket => $socket, } } From 640826e5fa5b269569637eb26aa09aeeaadc9c7b Mon Sep 17 00:00:00 2001 From: Dani Codina Date: Tue, 9 Dec 2014 13:03:09 +0100 Subject: [PATCH 13/16] Adding sock to /root/.my.cnf --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 6163a45..188b9d3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -169,7 +169,7 @@ percona::mgmt_cnf { $mgmt_cnf: password => $root_password, user => 'root', - socket => $socket, + socket => percona::socket, } } From 2006939ace30b24dda16257caa6afdb2b25c10d9 Mon Sep 17 00:00:00 2001 From: Dani Codina Date: Tue, 9 Dec 2014 13:14:09 +0100 Subject: [PATCH 14/16] Adding sock to /root/.my.cnf --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 188b9d3..aa6cf9f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -169,7 +169,7 @@ percona::mgmt_cnf { $mgmt_cnf: password => $root_password, user => 'root', - socket => percona::socket, + socket => $::percona::socket, } } From ad0b3a1fa495680a538dc351821e4c205d6d1081 Mon Sep 17 00:00:00 2001 From: Dani Codina Date: Tue, 9 Dec 2014 13:34:55 +0100 Subject: [PATCH 15/16] Adding socket /root/.my.cnf --- manifests/mgmt_cnf.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mgmt_cnf.pp b/manifests/mgmt_cnf.pp index eba67a0..6b3f52e 100644 --- a/manifests/mgmt_cnf.pp +++ b/manifests/mgmt_cnf.pp @@ -23,6 +23,7 @@ # define percona::mgmt_cnf ( $password, + $socket, $user = 'root', $owner = 'root', $group = 'root', From 74427767ec6d8e68ce8a8af6ce174104bea4a2bc Mon Sep 17 00:00:00 2001 From: Dani Codina Date: Tue, 9 Dec 2014 15:33:32 +0100 Subject: [PATCH 16/16] Adding socket to xtrabackup section in /etc/my.cnf --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index aa6cf9f..11c0571 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -145,6 +145,7 @@ 'xtrabackup/datadir' => $::percona::datadir, 'xtrabackup/target_dir' => $::percona::targetdir, + 'xtrabackup/socket' => $::percona::socket, }, }