├── README ├── files ├── backup_helpers │ └── mysql_extract_from_backup.sh ├── config │ ├── logrotate.conf │ ├── logrotate.conf.CentOS.6 │ ├── my.cnf.CentOS │ ├── my.cnf.CentOS.5 │ ├── my.cnf.CentOS.6 │ ├── my.cnf.Debian │ └── my.cnf.Gentoo ├── munin │ ├── mysql_connections │ ├── mysql_qcache │ ├── mysql_qcache_mem │ └── mysql_size_all └── scripts │ ├── CentOS │ ├── setmysqlpass.sh │ ├── setmysqlpass.sh.5 │ └── setmysqlpass.sh.6 │ ├── Debian │ └── setmysqlpass.sh │ └── optimize_tables.rb ├── lib ├── facter │ └── mysql_version.rb └── puppet │ ├── parser │ └── functions │ │ └── mysql_password.rb │ ├── provider │ ├── mysql_database │ │ └── mysql.rb │ ├── mysql_grant │ │ └── mysql.rb │ └── mysql_user │ │ └── mysql.rb │ └── type │ ├── mysql_database.rb │ ├── mysql_grant.rb │ └── mysql_user.rb ├── manifests ├── admin_user.pp ├── client.pp ├── client │ ├── base.pp │ ├── debian.pp │ ├── perl.pp │ ├── perl │ │ └── debian.pp │ ├── ruby.pp │ └── ruby │ │ └── debian.pp ├── default_database.pp ├── devel.pp ├── disable.pp ├── server.pp └── server │ ├── backup_helpers.pp │ ├── base.pp │ ├── centos.pp │ ├── clientpackage.pp │ ├── cron │ ├── backup.pp │ └── optimize.pp │ ├── debian.pp │ ├── gentoo.pp │ ├── munin │ ├── debian.pp │ └── default.pp │ ├── nagios.pp │ └── tuner.pp ├── templates └── root │ └── my.cnf.erb └── tests ├── 001_create_database.pp ├── 010_create_user.pp ├── 012_change_password.pp ├── 100_create_user_grant.pp ├── 101_remove_user_privilege.pp ├── 102_add_user_privilege.pp ├── 103_change_user_grant.pp ├── 104_mix_user_grants.pp ├── 150_create_db_grant.pp ├── 151_remove_db_privilege.pp ├── 152_add_db_privilege.pp ├── 153_change_db_priv.pp ├── 154_mix_db_grants.pp ├── 200_give_all_user_privs.pp ├── 201_give_all_db_privs.pp ├── 996_remove_db_grant.pp ├── 997_remove_user_grant.pp ├── 998_remove_user.pp ├── 999_remove_database.pp ├── README └── run_tests /README: -------------------------------------------------------------------------------- 1 | Introduction/Notes 2 | ================== 3 | 4 | This module manages your mysql resources. 5 | 6 | Requirements 7 | ------------ 8 | 9 | The puppetlabs-stdlib module is required for some functions used in this module. 10 | 11 | If you are wanting munin integration, you will need the munin module installed. 12 | 13 | If you are wanting shorewall integration, you will need the shorewall module 14 | installed. 15 | 16 | If you are wanting nagios integration, you will need the nagios module 17 | installed, specifically it must have nagios::plugin::deploy functionality. 18 | 19 | You will need to have activated storedconfigs on the puppetmaster. 20 | 21 | Special Notes 22 | ============= 23 | 24 | By using this module, the following users will be automatically removed, if they 25 | exist: "root@${fqdn}", "root@127.0.0.1", "@${fqdn}", "@localhost", "@%" 26 | 27 | If you require any of these, you can subclass class 28 | mysql::server::account_security to override this. 29 | 30 | Mysql Server 31 | ============ 32 | 33 | On a node where you wish to have a mysql server installed, you should include 34 | mysql::server, for example: 35 | 36 | node foo { 37 | class{'mysql::server': 38 | root_password => 'foo', 39 | } 40 | } 41 | 42 | This will manage the necessary directories and configuration files, it will 43 | install the mysql client program and set the root password to 'foo', 44 | along with setting a /root/.my.cnf for various module operations. It will also 45 | make sure the mysql service is running, and setup all the databases, users and 46 | grant tables. 47 | 48 | The my.cnf file will installed from one of many possible places, see 49 | manifests/server/base.pp for possible locations for managing this. 50 | 51 | Backups 52 | ------- 53 | 54 | If you wish to automatically setup a cronjob to backup your databases, you can 55 | set the "$mysql_backup_cron = true" variable. This will setup a cronjob to do a 56 | mysqldump at 1am of all the databases on the system and put them in 57 | /var/backups/mysql by default. You can override this location by specifying 58 | $mysql_backup_dir. 59 | 60 | Optimizing tables 61 | ----------------- 62 | 63 | If you wish mysql to periodically optimize tables, set the 64 | "$mysql_optimize_cron = true" variable before you include mysql::server. 65 | 66 | Munin 67 | ----- 68 | 69 | If you wish to use munin you need to set the variables use_munin to "true" in 70 | hiera, before you include mysql::server. This will be used to 71 | setup a mysql user for munin, with reduced privileges to allow for the various 72 | munin graphs to be setup and queried. The munin graphs are: mysql_bytes, 73 | mysql_queries, mysql_slowqueries and mysql_threads. NOTE: The 74 | munin_mysql_password will be taken from what you passed to the mysql::server 75 | class, but it is not necessary on Debian systems as it will handled with 76 | Debian's /etc/mysql/debian.cnf. 77 | 78 | Nagios 79 | ------ 80 | 81 | If you wish nagios to check mysql, you should set the variable "use_nagios" to 82 | "true" in hiera along with the "nagios_check_mysql" variable to "true". A 83 | password for the nagios mysql user will be created for you with reduced privileges 84 | used only for nagios checks. This will be what you passed as nagios_password_hash 85 | to mysql::server and should be a mysql md5 hash. These should be set before you 86 | include mysql::server. 87 | 88 | Unless you specify otherwise, the default nagios check which will be performed 89 | is the basic 'check_mysql' nagios plugin which simply tests connectivity to a 90 | MySQL server. You can specify more advanced mysql health checks as follows: 91 | 92 | mysql::server::nagios::check_health { [ 'connection-time', 'uptime', 'threads-connected', 93 | 'slave-lag', 'slave-io-running', 'slave-sql-running' ]: } 94 | 95 | See the files/nagios/check_mysql_health script for the various mysql health 96 | checks that you can perform. Additionally, see the define "check_health" in 97 | manifests/server/nagios.pp for various options that you can pass to check_health. 98 | 99 | Firewall 100 | -------- 101 | 102 | If you wish to have firewall rules setup automatically for you, using shorewall, 103 | you will need to set the hiera variable "use_shorewall" to "true". See the 104 | shorewall module for more information about how this works. 105 | 106 | 107 | Client 108 | ====== 109 | 110 | On a node where you wish to have the mysql client managed, you can 'include 111 | mysql::client' in the node definition. This will install the appropriate 112 | package. 113 | 114 | You can also 'include mysql::client::ruby' if you want the 'libmysql-ruby' 115 | libraries installed. 116 | -------------------------------------------------------------------------------- /files/backup_helpers/mysql_extract_from_backup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | file=$1 4 | db=$2 5 | table=$3 6 | 7 | if [ ! -f $file ] || [ -z $db ]; then 8 | echo "USAGE: $0 file database [table] > dump_file" 1>&2 9 | exit 1 10 | fi 11 | 12 | if [ -z $table ]; then 13 | zcat $file | sed -n -e "/CREATE DATABASE.*${db}/,/CREATE DATABASE/p" | head -n -5 14 | else 15 | zcat $file | sed -n -e "/CREATE DATABASE.*${db}/,/CREATE DATABASE/p" | sed -n -e "/CREATE TABLE.*${table}/,/CREATE TABLE/p" | head -n -8 16 | fi 17 | 18 | -------------------------------------------------------------------------------- /files/config/logrotate.conf: -------------------------------------------------------------------------------- 1 | # This logname can be set in /etc/my.cnf 2 | # by setting the variable "log-error" 3 | # in the [mysqld] section as follows: 4 | # 5 | # [mysqld] 6 | # log-error=/var/log/mariadb/mariadb.log 7 | # 8 | # If the root user has a password you have to create a 9 | # /root/.my.cnf configuration file with the following 10 | # content: 11 | # 12 | # [mysqladmin] 13 | # password = 14 | # user= root 15 | # 16 | # where "" is the password. 17 | # 18 | # ATTENTION: This /root/.my.cnf should be readable ONLY 19 | # for root ! 20 | 21 | # Then, un-comment the following lines to enable rotation of mysql's log file: 22 | 23 | /var/log/mariadb/mariadb.log { 24 | create 640 mysql mysql 25 | notifempty 26 | daily 27 | rotate 3 28 | missingok 29 | compress 30 | postrotate 31 | # just if mysqld is really running 32 | if test -x /usr/bin/mysqladmin && \ 33 | /usr/bin/mysqladmin ping &>/dev/null 34 | then 35 | /usr/bin/mysqladmin flush-logs 36 | fi 37 | endscript 38 | } 39 | -------------------------------------------------------------------------------- /files/config/logrotate.conf.CentOS.6: -------------------------------------------------------------------------------- 1 | # This logname can be set in /etc/my.cnf 2 | # by setting the variable "err-log" 3 | # in the [safe_mysqld] section as follows: 4 | # 5 | # [safe_mysqld] 6 | # err-log=/var/log/mysqld.log 7 | # 8 | # If the root user has a password you have to create a 9 | # /root/.my.cnf configuration file with the following 10 | # content: 11 | # 12 | # [mysqladmin] 13 | # password = 14 | # user= root 15 | # 16 | # where "" is the password. 17 | # 18 | # ATTENTION: This /root/.my.cnf should be readable ONLY 19 | # for root ! 20 | 21 | # Then, un-comment the following lines to enable rotation of mysql's log file: 22 | 23 | /var/log/mysqld.log { 24 | create 640 mysql mysql 25 | notifempty 26 | daily 27 | rotate 3 28 | missingok 29 | compress 30 | postrotate 31 | # just if mysqld is really running 32 | if test -x /usr/bin/mysqladmin && \ 33 | /usr/bin/mysqladmin ping &>/dev/null 34 | then 35 | /usr/bin/mysqladmin flush-logs 36 | fi 37 | endscript 38 | } 39 | -------------------------------------------------------------------------------- /files/config/my.cnf.CentOS: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | datadir=/var/lib/mysql/data 3 | log-bin=/var/lib/mysql/mysql-bin 4 | expire_logs_days=5 5 | socket=/var/lib/mysql/mysql.sock 6 | # Disabling symbolic-links is recommended to prevent assorted security risks 7 | symbolic-links=0 8 | # Settings user and group are ignored when systemd is used. 9 | # If you need to run mysqld under a different user or group, 10 | # customize your systemd unit file for mariadb according to the 11 | # instructions in http://fedoraproject.org/wiki/Systemd 12 | 13 | bind-address=127.0.0.1 14 | max_allowed_packet = 10M 15 | 16 | # Query cache is used to cache SELECT results and later return them 17 | # without actual executing the same query once again. Having the query 18 | # cache enabled may result in significant speed improvements, if your 19 | # have a lot of identical queries and rarely changing tables. See the 20 | # "Qcache_lowmem_prunes" status variable to check if the current value 21 | # is high enough for your load. 22 | # Note: In case your tables change very often or if your queries are 23 | # textually different every time, the query cache may result in a 24 | # slowdown instead of a performance improvement. 25 | query_cache_size = 64M 26 | 27 | # Log slow queries. Slow queries are queries which take more than the 28 | # amount of time defined in "long_query_time" or which do not use 29 | # indexes well, if log_long_format is enabled. It is normally good idea 30 | # to have this turned on if you frequently add new queries to the 31 | # system. 32 | slow_query_log 33 | 34 | # How many threads we should keep in a cache for reuse. When a client 35 | # disconnects, the client's threads are put in the cache if there aren't 36 | # more than thread_cache_size threads from before. This greatly reduces 37 | # the amount of thread creations needed if you have a lot of new 38 | # connections. (Normally this doesn't give a notable performance 39 | # improvement if you have a good thread implementation.) 40 | thread_cache_size = 4 41 | 42 | # InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and 43 | # row data. The bigger you set this the less disk I/O is needed to 44 | # access data in tables. On a dedicated database server you may set this 45 | # parameter up to 80% of the machine physical memory size. Do not set it 46 | # too large, though, because competition of the physical memory may 47 | # cause paging in the operating system. Note that on 32bit systems you 48 | # might be limited to 2-3.5G of user level memory per process, so do not 49 | # set it too high. 50 | innodb_data_home_dir = /var/lib/mysql/data 51 | innodb_data_file_path = ibdata1:10M:autoextend 52 | innodb_log_group_home_dir = /var/lib/mysql/ 53 | innodb_buffer_pool_size = 50MB 54 | 55 | innodb_file_per_table 56 | 57 | query_cache_limit=5M 58 | 59 | # safer for a variety of use cases 60 | binlog-format=MIXED 61 | 62 | [mysqld_safe] 63 | log-error=/var/log/mariadb/mariadb.log 64 | pid-file=/var/run/mariadb/mariadb.pid 65 | 66 | # 67 | # include all files from the config directory 68 | # 69 | !includedir /etc/my.cnf.d 70 | -------------------------------------------------------------------------------- /files/config/my.cnf.CentOS.5: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | datadir=/var/lib/mysql/data 3 | log-bin=/var/lib/mysql/mysql-bin 4 | expire_logs_days=5 5 | socket=/var/lib/mysql/mysql.sock 6 | # Default to using old password format for compatibility with mysql 3.x 7 | # clients (those using the mysqlclient10 compatibility package). 8 | old_passwords=0 9 | 10 | character-set-server = utf8 11 | skip-name-resolve 12 | 13 | bind-address=127.0.0.1 14 | max_allowed_packet = 10M 15 | 16 | # Disabling symbolic-links is recommended to prevent assorted security risks 17 | symbolic-links=0 18 | 19 | # Query cache is used to cache SELECT results and later return them 20 | # without actual executing the same query once again. Having the query 21 | # cache enabled may result in significant speed improvements, if your 22 | # have a lot of identical queries and rarely changing tables. See the 23 | # "Qcache_lowmem_prunes" status variable to check if the current value 24 | # is high enough for your load. 25 | # Note: In case your tables change very often or if your queries are 26 | # textually different every time, the query cache may result in a 27 | # slowdown instead of a performance improvement. 28 | query_cache_size = 64M 29 | 30 | # Log slow queries. Slow queries are queries which take more than the 31 | # amount of time defined in "long_query_time" or which do not use 32 | # indexes well, if log_long_format is enabled. It is normally good idea 33 | # to have this turned on if you frequently add new queries to the 34 | # system. 35 | slow_query_log 36 | 37 | # How many threads we should keep in a cache for reuse. When a client 38 | # disconnects, the client's threads are put in the cache if there aren't 39 | # more than thread_cache_size threads from before. This greatly reduces 40 | # the amount of thread creations needed if you have a lot of new 41 | # connections. (Normally this doesn't give a notable performance 42 | # improvement if you have a good thread implementation.) 43 | thread_cache_size = 4 44 | 45 | # InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and 46 | # row data. The bigger you set this the less disk I/O is needed to 47 | # access data in tables. On a dedicated database server you may set this 48 | # parameter up to 80% of the machine physical memory size. Do not set it 49 | # too large, though, because competition of the physical memory may 50 | # cause paging in the operating system. Note that on 32bit systems you 51 | # might be limited to 2-3.5G of user level memory per process, so do not 52 | # set it too high. 53 | innodb_data_home_dir = /var/lib/mysql/data 54 | innodb_data_file_path = ibdata1:10M:autoextend 55 | innodb_log_group_home_dir = /var/lib/mysql/ 56 | innodb_buffer_pool_size = 50MB 57 | 58 | innodb_file_per_table 59 | 60 | query_cache_limit=5M 61 | 62 | [mysql] 63 | no-auto-rehash 64 | # Remove the next comment character if you are not familiar with SQL 65 | #safe-updates 66 | default-character-set=utf8 67 | 68 | [mysqlimport] 69 | default-character-set=utf8 70 | 71 | [mysqlshow] 72 | default-character-set=utf8 73 | 74 | [mysql.server] 75 | user=mysql 76 | basedir=/usr 77 | 78 | [mysqld_safe] 79 | log-error=/var/log/mysqld.log 80 | pid-file=/var/run/mysqld/mysqld.pid 81 | 82 | [mysqldump] 83 | quick 84 | max_allowed_packet = 16M 85 | default-character-set=utf8 86 | 87 | !includedir /etc/mysql/conf.d/ 88 | -------------------------------------------------------------------------------- /files/config/my.cnf.CentOS.6: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | datadir=/var/lib/mysql/data 3 | log-bin=/var/lib/mysql/mysql-bin 4 | expire_logs_days=5 5 | socket=/var/lib/mysql/mysql.sock 6 | # Default to using old password format for compatibility with mysql 3.x 7 | # clients (those using the mysqlclient10 compatibility package). 8 | old_passwords=0 9 | 10 | character-set-server = utf8 11 | skip-name-resolve 12 | 13 | bind-address=127.0.0.1 14 | max_allowed_packet = 10M 15 | 16 | # Disabling symbolic-links is recommended to prevent assorted security risks 17 | symbolic-links=0 18 | 19 | # Query cache is used to cache SELECT results and later return them 20 | # without actual executing the same query once again. Having the query 21 | # cache enabled may result in significant speed improvements, if your 22 | # have a lot of identical queries and rarely changing tables. See the 23 | # "Qcache_lowmem_prunes" status variable to check if the current value 24 | # is high enough for your load. 25 | # Note: In case your tables change very often or if your queries are 26 | # textually different every time, the query cache may result in a 27 | # slowdown instead of a performance improvement. 28 | query_cache_size = 64M 29 | 30 | # Log slow queries. Slow queries are queries which take more than the 31 | # amount of time defined in "long_query_time" or which do not use 32 | # indexes well, if log_long_format is enabled. It is normally good idea 33 | # to have this turned on if you frequently add new queries to the 34 | # system. 35 | slow_query_log 36 | 37 | # How many threads we should keep in a cache for reuse. When a client 38 | # disconnects, the client's threads are put in the cache if there aren't 39 | # more than thread_cache_size threads from before. This greatly reduces 40 | # the amount of thread creations needed if you have a lot of new 41 | # connections. (Normally this doesn't give a notable performance 42 | # improvement if you have a good thread implementation.) 43 | thread_cache_size = 4 44 | 45 | # InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and 46 | # row data. The bigger you set this the less disk I/O is needed to 47 | # access data in tables. On a dedicated database server you may set this 48 | # parameter up to 80% of the machine physical memory size. Do not set it 49 | # too large, though, because competition of the physical memory may 50 | # cause paging in the operating system. Note that on 32bit systems you 51 | # might be limited to 2-3.5G of user level memory per process, so do not 52 | # set it too high. 53 | innodb_data_home_dir = /var/lib/mysql/data 54 | innodb_data_file_path = ibdata1:10M:autoextend 55 | innodb_log_group_home_dir = /var/lib/mysql/ 56 | innodb_buffer_pool_size = 50MB 57 | 58 | innodb_file_per_table 59 | 60 | query_cache_limit=5M 61 | 62 | [mysql] 63 | no-auto-rehash 64 | # Remove the next comment character if you are not familiar with SQL 65 | #safe-updates 66 | default-character-set=utf8 67 | 68 | [mysqlimport] 69 | default-character-set=utf8 70 | 71 | [mysqlshow] 72 | default-character-set=utf8 73 | 74 | [mysql.server] 75 | user=mysql 76 | basedir=/usr 77 | 78 | [mysqld_safe] 79 | log-error=/var/log/mysqld.log 80 | pid-file=/var/run/mysqld/mysqld.pid 81 | 82 | [mysqldump] 83 | quick 84 | max_allowed_packet = 16M 85 | default-character-set=utf8 86 | 87 | !includedir /etc/mysql/conf.d/ 88 | -------------------------------------------------------------------------------- /files/config/my.cnf.Debian: -------------------------------------------------------------------------------- 1 | # 2 | # The MySQL database server configuration file. 3 | # 4 | # You can copy this to one of: 5 | # - "/etc/mysql/my.cnf" to set global options, 6 | # - "~/.my.cnf" to set user-specific options. 7 | # 8 | # One can use all long options that the program supports. 9 | # Run program with --help to get a list of available options and with 10 | # --print-defaults to see which it would actually understand and use. 11 | # 12 | # For explanations see 13 | # http://dev.mysql.com/doc/mysql/en/server-system-variables.html 14 | 15 | # This will be passed to all mysql clients 16 | # It has been reported that passwords should be enclosed with ticks/quotes 17 | # escpecially if they contain "#" chars... 18 | # Remember to edit /etc/mysql/debian.cnf when changing the socket location. 19 | [client] 20 | port = 3306 21 | socket = /var/run/mysqld/mysqld.sock 22 | 23 | # Here is entries for some specific programs 24 | # The following values assume you have at least 32M ram 25 | 26 | # This was formally known as [safe_mysqld]. Both versions are currently parsed. 27 | [mysqld_safe] 28 | socket = /var/run/mysqld/mysqld.sock 29 | nice = 0 30 | 31 | [mysqld] 32 | # 33 | # * Basic Settings 34 | # 35 | user = mysql 36 | pid-file = /var/run/mysqld/mysqld.pid 37 | socket = /var/run/mysqld/mysqld.sock 38 | port = 3306 39 | basedir = /usr 40 | datadir = /var/lib/mysql 41 | tmpdir = /tmp 42 | language = /usr/share/mysql/english 43 | skip-external-locking 44 | # 45 | # Instead of skip-networking the default is now to listen only on 46 | # localhost which is more compatible and is not less secure. 47 | bind-address = 127.0.0.1 48 | # 49 | # * Fine Tuning 50 | # 51 | key_buffer = 16M 52 | max_allowed_packet = 16M 53 | thread_stack = 192K 54 | thread_cache_size = 8 55 | # This replaces the startup script and checks MyISAM tables if needed 56 | # the first time they are touched 57 | myisam-recover = BACKUP 58 | #max_connections = 100 59 | #table_cache = 64 60 | #thread_concurrency = 10 61 | # 62 | # * Query Cache Configuration 63 | # 64 | query_cache_limit = 1M 65 | query_cache_size = 16M 66 | # 67 | # * Logging and Replication 68 | # 69 | # Both location gets rotated by the cronjob. 70 | # Be aware that this log type is a performance killer. 71 | # As of 5.1 you can enable the log at runtime! 72 | #general_log_file = /var/log/mysql/mysql.log 73 | #general_log = 1 74 | # 75 | # Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. 76 | # 77 | # Here you can see queries with especially long duration 78 | #log_slow_queries = /var/log/mysql/mysql-slow.log 79 | #long_query_time = 2 80 | #log-queries-not-using-indexes 81 | # 82 | # The following can be used as easy to replay backup logs or for replication. 83 | # note: if you are setting up a replication slave, see README.Debian about 84 | # other settings you may need to change. 85 | #server-id = 1 86 | #log_bin = /var/log/mysql/mysql-bin.log 87 | expire_logs_days = 10 88 | max_binlog_size = 100M 89 | #binlog_do_db = include_database_name 90 | #binlog_ignore_db = include_database_name 91 | # 92 | # * InnoDB 93 | # 94 | # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. 95 | # Read the manual for more InnoDB related options. There are many! 96 | # You might want to disable InnoDB to shrink the mysqld process by circa 100MB. 97 | #skip-innodb 98 | 99 | innodb_file_per_table 100 | 101 | # 102 | # * Security Features 103 | # 104 | # Read the manual, too, if you want chroot! 105 | # chroot = /var/lib/mysql/ 106 | # 107 | # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". 108 | # 109 | # ssl-ca=/etc/mysql/cacert.pem 110 | # ssl-cert=/etc/mysql/server-cert.pem 111 | # ssl-key=/etc/mysql/server-key.pem 112 | 113 | 114 | 115 | [mysqldump] 116 | quick 117 | quote-names 118 | max_allowed_packet = 16M 119 | 120 | [mysql] 121 | #no-auto-rehash # faster start of mysql but no tab completition 122 | 123 | [isamchk] 124 | key_buffer = 16M 125 | 126 | # 127 | # * IMPORTANT: Additional settings that can override those from this file! 128 | # The files must end with '.cnf', otherwise they'll be ignored. 129 | # 130 | !includedir /etc/mysql/conf.d/ 131 | -------------------------------------------------------------------------------- /files/config/my.cnf.Gentoo: -------------------------------------------------------------------------------- 1 | # /etc/mysql/my.cnf: The global mysql configuration file. 2 | # $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-4.1,v 1.3 2006/05/05 19:51:40 chtekk Exp $ 3 | 4 | # The following options will be passed to all MySQL clients 5 | [client] 6 | #password = your_password 7 | port = 3306 8 | socket = /var/run/mysqld/mysqld.sock 9 | 10 | [mysql] 11 | character-sets-dir=/usr/share/mysql/charsets 12 | default-character-set=utf8 13 | 14 | [mysqladmin] 15 | character-sets-dir=/usr/share/mysql/charsets 16 | default-character-set=utf8 17 | 18 | [mysqlcheck] 19 | character-sets-dir=/usr/share/mysql/charsets 20 | default-character-set=utf8 21 | 22 | [mysqldump] 23 | character-sets-dir=/usr/share/mysql/charsets 24 | default-character-set=utf8 25 | 26 | [mysqlimport] 27 | character-sets-dir=/usr/share/mysql/charsets 28 | default-character-set=utf8 29 | 30 | [mysqlshow] 31 | character-sets-dir=/usr/share/mysql/charsets 32 | default-character-set=utf8 33 | 34 | [myisamchk] 35 | character-sets-dir=/usr/share/mysql/charsets 36 | 37 | [myisampack] 38 | character-sets-dir=/usr/share/mysql/charsets 39 | 40 | # use [safe_mysqld] with mysql-3 41 | [mysqld_safe] 42 | err-log = /var/log/mysql/mysql.err 43 | 44 | # add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations 45 | [mysqld] 46 | character-set-server = utf8 47 | default-character-set = utf8 48 | user = mysql 49 | port = 3306 50 | socket = /var/run/mysqld/mysqld.sock 51 | pid-file = /var/run/mysqld/mysqld.pid 52 | log-error = /var/log/mysql/mysqld.err 53 | basedir = /usr 54 | datadir = /var/lib/mysql 55 | log-bin = /var/lib/mysql 56 | expire_logs_days = 5 57 | skip-locking 58 | key_buffer = 16M 59 | max_allowed_packet = 1M 60 | table_cache = 64 61 | sort_buffer_size = 512K 62 | net_buffer_length = 8K 63 | read_buffer_size = 256K 64 | read_rnd_buffer_size = 512K 65 | myisam_sort_buffer_size = 8M 66 | language = /usr/share/mysql/english 67 | 68 | # security: 69 | # using "localhost" in connects uses sockets by default 70 | # skip-networking 71 | bind-address = 127.0.0.1 72 | 73 | log-bin 74 | server-id = 1 75 | 76 | # point the following paths to different dedicated disks 77 | tmpdir = /tmp/ 78 | #log-update = /path-to-dedicated-directory/hostname 79 | 80 | # you need the debug USE flag enabled to use the following directives, 81 | # if needed, uncomment them, start the server and issue 82 | # #tail -f /tmp/mysqld.sql /tmp/mysqld.trace 83 | # this will show you *exactly* what's happening in your server ;) 84 | 85 | #log = /tmp/mysqld.sql 86 | #gdb 87 | #debug = d:t:i:o,/tmp/mysqld.trace 88 | #one-thread 89 | 90 | # uncomment the following directives if you are using BDB tables 91 | #bdb_cache_size = 4M 92 | #bdb_max_lock = 10000 93 | 94 | # the following is the InnoDB configuration 95 | # if you wish to disable innodb instead 96 | # uncomment just the next line 97 | #skip-innodb 98 | # 99 | # the rest of the innodb config follows: 100 | # don't eat too much memory, we're trying to be safe on 64Mb boxes 101 | # you might want to bump this up a bit on boxes with more RAM 102 | innodb_buffer_pool_size = 16M 103 | # this is the default, increase it if you have lots of tables 104 | innodb_additional_mem_pool_size = 2M 105 | # 106 | # i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-( 107 | # and upstream wants things to be under /var/lib/mysql/, so that's the route 108 | # we have to take for the moment 109 | #innodb_data_home_dir = /var/lib/mysql/ 110 | #innodb_log_arch_dir = /var/lib/mysql/ 111 | #innodb_log_group_home_dir = /var/lib/mysql/ 112 | # you may wish to change this size to be more suitable for your system 113 | # the max is there to avoid run-away growth on your machine 114 | innodb_data_file_path = ibdata1:10M:autoextend:max:128M 115 | # we keep this at around 25% of of innodb_buffer_pool_size 116 | # sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) 117 | innodb_log_file_size = 5M 118 | # this is the default, increase it if you have very large transactions going on 119 | innodb_log_buffer_size = 8M 120 | # this is the default and won't hurt you 121 | # you shouldn't need to tweak it 122 | set-variable = innodb_log_files_in_group=2 123 | # see the innodb config docs, the other options are not always safe 124 | innodb_flush_log_at_trx_commit = 1 125 | innodb_lock_wait_timeout = 50 126 | 127 | innodb_file_per_table 128 | 129 | [mysqldump] 130 | quick 131 | max_allowed_packet = 16M 132 | 133 | [mysql] 134 | # uncomment the next directive if you are not familiar with SQL 135 | #safe-updates 136 | 137 | [isamchk] 138 | key_buffer = 20M 139 | sort_buffer_size = 20M 140 | read_buffer = 2M 141 | write_buffer = 2M 142 | 143 | [myisamchk] 144 | key_buffer = 20M 145 | sort_buffer_size = 20M 146 | read_buffer = 2M 147 | write_buffer = 2M 148 | 149 | [mysqlhotcopy] 150 | interactive-timeout 151 | -------------------------------------------------------------------------------- /files/munin/mysql_connections: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Copyright (C) 2008 Rackspace US, Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; version 2 dated June, 8 | # 1991. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, see http://www.gnu.org/licenses/gpl.txt 17 | # 18 | # 19 | # This plugin is based off of the Connection Usage 20 | # section of the MySQL Connection Health Page 21 | # 22 | # http://dev.mysql.com/doc/administrator/en/mysql-administrator-health-connection-health.html 23 | # 24 | # To enable, link mysql_connections to this file. E.g. 25 | # 26 | # ln -s /usr/share/node/node/plugins/mysql_connections /etc/munin/plugins/mysql_connections 27 | # 28 | # Revision 1.0 2007/08/03 29 | # Created by Justin Shepherd 30 | # 31 | # Parameters: 32 | # 33 | # config 34 | # autoconf 35 | # 36 | # Configuration variables 37 | # 38 | # mysqlopts - Options to pass to mysql 39 | # mysqladmin - Override location of mysqladmin 40 | # warning - Override default warning limit 41 | # critical - Override default critical limit 42 | # 43 | #%# family=auto 44 | #%# capabilities=autoconf 45 | 46 | use strict; 47 | 48 | # Define the mysqladmin paths, and commands 49 | my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; 50 | my $TEST_COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; 51 | my $MYSQL_VARIABLES = "$MYSQLADMIN $ENV{mysqlopts} extended-status variables"; 52 | my $warning = $ENV{warning} || "80"; 53 | my $critical = $ENV{critical} || "90"; 54 | 55 | # Pull in any arguments 56 | my $arg = shift(); 57 | 58 | # Check to see how the script was called 59 | if ($arg eq 'config') { 60 | print_graph_information(); 61 | exit(); 62 | } elsif ($arg eq 'autoconf') { 63 | if (test_service()) { print "yes\n"; } 64 | else { print "no\n"; } 65 | exit; 66 | } else { 67 | # Define the values that are returned to munin 68 | my ($available, $current, $upper_limit) = (0,0,0); 69 | 70 | # Gather the values from mysqladmin 71 | $current = poll_variables($MYSQL_VARIABLES,"Threads_connected"); 72 | $upper_limit = poll_variables($MYSQL_VARIABLES,"max_connections"); 73 | $available = $upper_limit - $current; 74 | 75 | # Return the values to Munin 76 | print "current.value $current\n"; 77 | print "available.value $available\n"; 78 | } 79 | 80 | 81 | sub poll_variables { 82 | my $command = shift; 83 | my $expression = shift; 84 | my $ret = 0; 85 | open(SERVICE, "$command |") 86 | or die("Coult not execute '$command': $!"); 87 | while () { 88 | my ($field, $value) = (m/(\w+).*?(\d+(?:\.\d+)?)/); 89 | next unless ($field); 90 | if ($field eq $expression ) { 91 | $ret = "$value"; 92 | } 93 | } 94 | close(SERVICE); 95 | return $ret; 96 | } 97 | 98 | 99 | sub print_graph_information { 100 | print </dev/null 2>/dev/null"); 123 | if ($? == 0) 124 | { 125 | system ("$TEST_COMMAND >/dev/null 2>/dev/null"); 126 | if ($? == 0) 127 | { 128 | print "yes\n"; 129 | $return = 0; 130 | } 131 | else 132 | { 133 | print "no (could not connect to mysql)\n"; 134 | } 135 | } 136 | else 137 | { 138 | print "no (mysqladmin not found)\n"; 139 | } 140 | exit $return; 141 | } 142 | -------------------------------------------------------------------------------- /files/munin/mysql_qcache: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Copyright (C) 2006 - Rodolphe Quiedeville 4 | # Copyright (C) 2003-2004 - Andreas Buer 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; version 2 dated June, 9 | # 1991. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 | # 20 | # $Log$ 21 | # Revision 1.0 2006/04/26 16:04:01 rodo 22 | # Created by Rodolphe Quiedeville 23 | # 24 | # Parameters: 25 | # 26 | # config 27 | # autoconf 28 | # 29 | # Configuration variables 30 | # 31 | # mysqlopts - Options to pass to mysql 32 | # mysqladmin - Override location of mysqladmin 33 | # 34 | #%# family=auto 35 | #%# capabilities=autoconf 36 | 37 | use strict; 38 | 39 | my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; 40 | my $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; 41 | 42 | my %WANTED = ( "Qcache_queries_in_cache" => "queries"); 43 | 44 | my %WANTEDTYPE = ( "Qcache_queries_in_cache" => "GAUGE"); 45 | 46 | my $arg = shift(); 47 | 48 | if ($arg eq 'config') { 49 | print_config(); 50 | exit(); 51 | } elsif ($arg eq 'autoconf') { 52 | unless (test_service() ) { 53 | print "yes\n"; 54 | } else { 55 | print "no\n"; 56 | } 57 | exit; 58 | } 59 | 60 | 61 | open(SERVICE, "$COMMAND |") 62 | or die("Coult not execute '$COMMAND': $!"); 63 | 64 | while () { 65 | my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); 66 | next unless ($k); 67 | if (exists $WANTED{$k} ) { 68 | print("$WANTED{$k}.value $v\n"); 69 | } 70 | } 71 | 72 | close(SERVICE); 73 | 74 | 75 | sub print_config { 76 | 77 | my $num = 0; 78 | 79 | print('graph_title MySQL Queries in cache 80 | graph_args --base 1000 81 | graph_vlabel queries 82 | graph_category mysql 83 | graph_info Plugin available at http://rodolphe.quiedeville.org/hack/munin/ 84 | '); 85 | 86 | for my $key (keys %WANTED) { 87 | my $title = $WANTED{$key}; 88 | print("$title.label ${title}\n", 89 | "$title.min 0\n", 90 | "$title.type ".$WANTEDTYPE{$key}."\n", 91 | "$title.max 500000\n", 92 | "$title.draw ", ($num) ? "STACK" : "AREA" , "\n", 93 | ); 94 | $num++; 95 | } 96 | 97 | } 98 | 99 | 100 | sub test_service { 101 | 102 | my $return = 1; 103 | 104 | system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); 105 | if ($? == 0) 106 | { 107 | system ("$COMMAND >/dev/null 2>/dev/null"); 108 | if ($? == 0) 109 | { 110 | print "yes\n"; 111 | $return = 0; 112 | } 113 | else 114 | { 115 | print "no (could not connect to mysql)\n"; 116 | } 117 | } 118 | else 119 | { 120 | print "no (mysqladmin not found)\n"; 121 | } 122 | exit $return; 123 | } 124 | -------------------------------------------------------------------------------- /files/munin/mysql_qcache_mem: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Copyright (C) 2006 - Rodolphe Quiedeville 4 | # Copyright (C) 2003-2004 - Andreas Buer 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; version 2 dated June, 9 | # 1991. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 | # 20 | # $Log$ 21 | # Revision 1.0 2006/04/28 09:04:01 rodo 22 | # Add lower limit fixed to 0 23 | # 24 | # Revision 1.0 2006/04/26 16:04:01 rodo 25 | # Created by Rodolphe Quiedeville 26 | # 27 | # Parameters: 28 | # 29 | # config 30 | # autoconf 31 | # 32 | # Configuration variables 33 | # 34 | # mysqlopts - Options to pass to mysql 35 | # mysqladmin - Override location of mysqladmin 36 | # 37 | #%# family=auto 38 | #%# capabilities=autoconf 39 | 40 | use strict; 41 | 42 | my $MYSQLADMIN = $ENV{mysqladmin} || "mysqladmin"; 43 | my $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} extended-status"; 44 | my $COMMANDSIZE = "$MYSQLADMIN $ENV{mysqlopts} variables"; 45 | 46 | my %WANTED = ( "Qcache_free_memory" => "free" ); 47 | 48 | my $arg = shift(); 49 | 50 | if ($arg eq 'config') { 51 | print_config(); 52 | exit(); 53 | } elsif ($arg eq 'autoconf') { 54 | unless (test_service() ) { 55 | print "yes\n"; 56 | } else { 57 | print "no\n"; 58 | } 59 | exit; 60 | } 61 | 62 | my ($free, $used) = (0,0); 63 | 64 | open(SERVICE, "$COMMAND |") 65 | or die("Coult not execute '$COMMAND': $!"); 66 | 67 | while () { 68 | my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); 69 | next unless ($k); 70 | if (exists $WANTED{$k} ) { 71 | $free = $v; 72 | print("$WANTED{$k}.value $v\n"); 73 | } 74 | } 75 | close(SERVICE); 76 | 77 | open(SERVICE, "$COMMANDSIZE |") 78 | or die("Coult not execute '$COMMANDSIZE': $!"); 79 | 80 | while () { 81 | my ($k, $v) = (m/(\w+).*?(\d+(?:\.\d+)?)/); 82 | 83 | next unless ($k); 84 | if ($k eq "query_cache_size" ) { 85 | print("used.value ",($v-$free),"\n"); 86 | } 87 | } 88 | close(SERVICE); 89 | 90 | sub print_config { 91 | 92 | print('graph_title MySQL Queries Cache Size 93 | graph_args --base 1024 -l 0 94 | graph_vlabel bytes 95 | graph_category mysql 96 | graph_order used free 97 | graph_total Total 98 | graph_info Plugin available at http://rodolphe.quiedeville.org/hack/munin/ 99 | used.label Used 100 | used.draw AREA 101 | free.label Free 102 | free.draw STACK 103 | '); 104 | } 105 | 106 | sub test_service { 107 | 108 | my $return = 1; 109 | 110 | system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); 111 | if ($? == 0) 112 | { 113 | system ("$COMMAND >/dev/null 2>/dev/null"); 114 | if ($? == 0) 115 | { 116 | print "yes\n"; 117 | $return = 0; 118 | } 119 | else 120 | { 121 | print "no (could not connect to mysql)\n"; 122 | } 123 | } 124 | else 125 | { 126 | print "no (mysqladmin not found)\n"; 127 | } 128 | exit $return; 129 | } 130 | -------------------------------------------------------------------------------- /files/munin/mysql_size_all: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Copyright (C) 2007 - Rodolphe Quiedeville 4 | # Copyright (C) 2003-2004 - Andreas Buer 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; version 2 dated June, 9 | # 1991. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 | # 20 | # $Log$ 21 | # Revision 1.1 2007/01/17 10:41:01 rodo 22 | # Change incorrect family 23 | # 24 | # Revision 1.0 2007/01/16 15:57:01 rodo 25 | # Created by Rodolphe Quiedeville 26 | # 27 | # Parameters: 28 | # 29 | # config 30 | # autoconf 31 | # 32 | # Configuration variables 33 | # 34 | # mysqlopts - Options to pass to mysql 35 | # mysqladmin - Override location of mysqladmin 36 | # 37 | #%# family=manual 38 | #%# capabilities=autoconf 39 | 40 | use strict; 41 | 42 | # unless ($0 =~ /mysql_size(?:_([^_]+)|)_(.+)\s*$/) 43 | # { 44 | # die "Could not parse name $0.\n"; 45 | # } 46 | # my $db = $2; 47 | 48 | my $COMMAND; 49 | my $MYSQLADMIN = $ENV{mysqladmin} || "mysql"; 50 | 51 | my %WANTED = ( "Index" => "index", 52 | "Datas" => "datas", 53 | ); 54 | 55 | my $arg = shift(); 56 | 57 | if ($arg eq 'config') { 58 | print_config(); 59 | exit(); 60 | } elsif ($arg eq 'autoconf') { 61 | unless (test_service() ) { 62 | print "yes\n"; 63 | } else { 64 | print "no\n"; 65 | } 66 | exit; 67 | } 68 | 69 | sub getDBList; 70 | foreach my $db (getDBList()) { 71 | 72 | my $datas = 0; 73 | my $indexes = 0; 74 | my (@infos,$info,$i_data,$i_index); 75 | 76 | $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} $db -e 'show table status;' | head -n 1"; 77 | 78 | open(SERVICE, "$COMMAND |") 79 | or die("Coult not execute '$COMMAND': $!"); 80 | 81 | while () { 82 | (@infos) = split; 83 | } 84 | close(SERVICE); 85 | 86 | my $i = 0; 87 | foreach $info (@infos) { 88 | $i++; 89 | if ($info eq 'Data_length') { 90 | $i_data = $i; 91 | next; 92 | } 93 | if ($info eq 'Index_length') { 94 | $i_index = $i; 95 | last; 96 | } 97 | } 98 | my $total_size = 0; 99 | if ($i_data>0 && $i_index>0) { 100 | $COMMAND = "$MYSQLADMIN $ENV{mysqlopts} $db -e 'show table status;' | cut -f $i_data,$i_index | grep -v leng"; 101 | 102 | open(SERVICE, "$COMMAND |") 103 | or die("Coult not execute '$COMMAND': $!"); 104 | 105 | while () { 106 | (m/(\d+).*?(\d+(?:\.\d+)?)/); 107 | $datas += $1; 108 | $indexes += $2; 109 | } 110 | close(SERVICE); 111 | 112 | $total_size = $datas+$indexes; 113 | } 114 | print("$db.value $total_size\n"); 115 | # print("datas.value $datas\n"); 116 | # print("index.value $indexes\n"); 117 | } 118 | 119 | 120 | sub print_config { 121 | 122 | my $num = 0; 123 | 124 | my @dbs = getDBList; 125 | 126 | print("graph_title MySQL databases size\n"); 127 | print ('graph_args --base 1024 -l 0 128 | graph_vlabel bytes 129 | graph_category mysql 130 | graph_info Plugin available at http://rodolphe.quiedeville.org/hack/munin/ 131 | '); 132 | 133 | for my $db (@dbs) { 134 | my $title = "$db"; 135 | print("$title.label ${title}\n", 136 | "$title.min 0\n", 137 | "$title.type GAUGE\n", 138 | "$title.draw ", ($num) ? "STACK" : "AREA" , "\n", 139 | ); 140 | $num++; 141 | } 142 | } 143 | 144 | 145 | sub test_service { 146 | 147 | my $return = 1; 148 | 149 | system ("$MYSQLADMIN --version >/dev/null 2>/dev/null"); 150 | if ($? == 0) 151 | { 152 | system ("$COMMAND >/dev/null 2>/dev/null"); 153 | if ($? == 0) 154 | { 155 | print "yes\n"; 156 | $return = 0; 157 | } 158 | else 159 | { 160 | print "no (could not connect to mysql)\n"; 161 | } 162 | } 163 | else 164 | { 165 | print "no (mysqladmin not found)\n"; 166 | } 167 | exit $return; 168 | } 169 | 170 | sub getDBList { 171 | my @dbs; 172 | foreach my $f (glob("/var/lib/mysql/*")) { 173 | if (-d $f) { 174 | $f =~ s!.*/!!; 175 | @dbs[$#dbs+1]=$f }; 176 | } 177 | return @dbs; 178 | } 179 | 180 | -------------------------------------------------------------------------------- /files/scripts/CentOS/setmysqlpass.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | test -f /root/.my.cnf || exit 1 4 | 5 | rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') 6 | 7 | /usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 8 | 9 | /usr/bin/systemctl stop mariadb 10 | 11 | /usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin --pid-file=/var/run/mariadb/mariadb.pid & 12 | sleep 5 13 | mysql -u root mysql < /dev/null 22 | [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* 23 | chown -R mysql.mysql /var/lib/mysql/data/ 24 | 25 | /usr/bin/systemctl start mariadb 26 | -------------------------------------------------------------------------------- /files/scripts/CentOS/setmysqlpass.sh.5: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | test -f /root/.my.cnf || exit 1 4 | 5 | rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') 6 | 7 | /usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 8 | 9 | /sbin/service mysqld stop 10 | 11 | /usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin & 12 | sleep 5 13 | mysql -u root mysql < /dev/null 22 | [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* 23 | chown -R mysql.mysql /var/lib/mysql/data/ 24 | 25 | /sbin/service mysqld start 26 | 27 | -------------------------------------------------------------------------------- /files/scripts/CentOS/setmysqlpass.sh.6: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | test -f /root/.my.cnf || exit 1 4 | 5 | rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') 6 | 7 | /usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 8 | 9 | /sbin/service mysqld stop 10 | 11 | /usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin & 12 | sleep 5 13 | mysql -u root mysql < /dev/null 22 | [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* 23 | chown -R mysql.mysql /var/lib/mysql/data/ 24 | 25 | /sbin/service mysqld start 26 | 27 | -------------------------------------------------------------------------------- /files/scripts/Debian/setmysqlpass.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | test -f /root/.my.cnf || exit 1 4 | 5 | rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') 6 | 7 | /usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 8 | 9 | /etc/init.d/mysql stop 10 | 11 | /usr/sbin/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql --log-bin=/var/lib/mysql/mysql-bin & 12 | sleep 5 13 | mysql -u root mysql < /dev/null 22 | [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.* 23 | chown -R mysql.mysql /var/lib/mysql/data/ 24 | 25 | /etc/init.d/mysql start 26 | 27 | -------------------------------------------------------------------------------- /files/scripts/optimize_tables.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # set home as we runit as weekly cron, where HOME is / 4 | ENV['HOME'] = '/root' 5 | tables = %x{mysql -Bse "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','mysql') AND Data_free > 0 AND ENGINE IN ('MyISAM','InnoDB','ARCHIVE')"} 6 | tables.split("\n").each do |table| 7 | tableitems = table.chomp.split(/\t/) 8 | output = %x{mysql #{tableitems[0]} -Bse "OPTIMIZE TABLE \\`#{tableitems[0]}\\`.\\`#{tableitems[1]}\\`" 2>&1} 9 | unless output =~ /status\t+OK/ 10 | puts "Error while optimizing #{tableitems[0]}.#{tableitems[1]}:" 11 | puts output 12 | puts 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /lib/facter/mysql_version.rb: -------------------------------------------------------------------------------- 1 | Facter.add("mysql_version") do 2 | setcode do 3 | if s = Facter::Util::Resolution.exec('mysql --version') 4 | s.chomp.split(' ')[4].split(',').first 5 | end 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /lib/puppet/parser/functions/mysql_password.rb: -------------------------------------------------------------------------------- 1 | # hash a string as mysql's "PASSWORD()" function would do it 2 | require 'digest/sha1' 3 | 4 | module Puppet::Parser::Functions 5 | newfunction(:mysql_password, :type => :rvalue) do |args| 6 | '*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(args[0])).upcase 7 | end 8 | end 9 | 10 | -------------------------------------------------------------------------------- /lib/puppet/provider/mysql_database/mysql.rb: -------------------------------------------------------------------------------- 1 | require 'puppet/provider/package' 2 | 3 | Puppet::Type.type(:mysql_database).provide(:mysql, 4 | :parent => Puppet::Provider::Package) do 5 | 6 | desc "Use mysql as database." 7 | commands :mysqladmin => '/usr/bin/mysqladmin' 8 | commands :mysql => '/usr/bin/mysql' 9 | 10 | def self.defaults_file 11 | if File.file?("#{Facter.value(:root_home)}/.my.cnf") 12 | "--defaults-file=#{Facter.value(:root_home)}/.my.cnf" 13 | else 14 | nil 15 | end 16 | end 17 | 18 | def defaults_file 19 | self.class.defaults_file 20 | end 21 | 22 | # retrieve the current set of mysql users 23 | def self.instances 24 | dbs = [] 25 | 26 | cmd = "#{command(:mysql)} #{defaults_file} mysql -NBe 'show databases'" 27 | execpipe(cmd) do |process| 28 | process.each do |line| 29 | dbs << new( { :ensure => :present, :name => line.chomp } ) 30 | end 31 | end 32 | return dbs 33 | end 34 | 35 | def query 36 | result = { 37 | :name => @resource[:name], 38 | :ensure => :absent 39 | } 40 | 41 | cmd = "#{command(:mysql)} #{defaults_file} mysql -NBe 'show databases'" 42 | execpipe(cmd) do |process| 43 | process.each do |line| 44 | if line.chomp.eql?(@resource[:name]) 45 | result[:ensure] = :present 46 | end 47 | end 48 | end 49 | result 50 | end 51 | 52 | def create 53 | mysqladmin(defaults_file, "create", @resource[:name]) 54 | end 55 | def destroy 56 | mysqladmin(defaults_file, "-f", "drop", @resource[:name]) 57 | end 58 | 59 | def exists? 60 | if mysql(defaults_file, "mysql" ,"-NBe", "show databases").match(/^#{@resource[:name]}$/) 61 | true 62 | else 63 | false 64 | end 65 | end 66 | end 67 | 68 | -------------------------------------------------------------------------------- /lib/puppet/provider/mysql_grant/mysql.rb: -------------------------------------------------------------------------------- 1 | # A grant is either global or per-db. This can be distinguished by the syntax 2 | # of the name: 3 | # user@host => global 4 | # user@host/db => per-db 5 | 6 | require 'puppet/provider/package' 7 | 8 | mysql_version = Facter.value(:mysql_version) 9 | if mysql_version =~ /^5.0/ 10 | MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, 11 | :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, 12 | :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, 13 | :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, 14 | :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, 15 | :show_view_priv, :create_routine_priv, :alter_routine_priv, 16 | :create_user_priv 17 | ] 18 | else 19 | MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, 20 | :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, 21 | :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, 22 | :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, 23 | :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, 24 | :show_view_priv, :create_routine_priv, :alter_routine_priv, 25 | :create_user_priv, :trigger_priv 26 | ] 27 | end 28 | 29 | split_mysql_version = mysql_version.nil? ? [] : mysql_version.split('.') 30 | if (mysql_version =~ /^5.1/ && split_mysql_version.last.to_i >= 6) || (mysql_version =~ /^5/ && split_mysql_version[1].to_i > 1) 31 | MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, 32 | :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, 33 | :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, 34 | :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv, 35 | :event_priv, :trigger_priv 36 | ] 37 | else 38 | MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, 39 | :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, 40 | :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, 41 | :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv, 42 | ] 43 | end 44 | 45 | MYSQL_TABLE_PRIVS = [ :select, :insert, :update, :delete, :create, :drop, 46 | :references, :index, :alter 47 | ] 48 | 49 | MYSQL_COLUMN_PRIVS = [ :select_priv, :insert_priv, :update_priv, :references_priv ] 50 | 51 | Puppet::Type.type(:mysql_grant).provide(:mysql) do 52 | 53 | desc "Uses mysql as database." 54 | 55 | commands :mysql => '/usr/bin/mysql' 56 | commands :mysqladmin => '/usr/bin/mysqladmin' 57 | 58 | # Optional defaults file 59 | def self.defaults_file 60 | if File.file?("#{Facter.value(:root_home)}/.my.cnf") 61 | "--defaults-file=#{Facter.value(:root_home)}/.my.cnf" 62 | else 63 | nil 64 | end 65 | end 66 | def defaults_file 67 | self.class.defaults_file 68 | end 69 | 70 | def mysql_flush 71 | mysqladmin(defaults_file, "flush-privileges") 72 | end 73 | 74 | # this parses the 75 | def split_name(string) 76 | matches = /^([^@]*)@([^\/]*)(\/([^\/]*))?(\/([^\/]*))?$/.match(string).captures.compact 77 | 78 | case matches.length 79 | when 2 80 | { 81 | :type => :user, 82 | :user => matches[0], 83 | :host => matches[1] 84 | } 85 | when 4 86 | { 87 | :type => :db, 88 | :user => matches[0], 89 | :host => matches[1], 90 | :db => matches[3] 91 | } 92 | when 6 93 | { 94 | :type => :tables_priv, 95 | :user => matches[0], 96 | :host => matches[1], 97 | :db => matches[3], 98 | :table_name => matches[5] 99 | } 100 | when 8 101 | { 102 | :type => :table, 103 | :user => matches[0], 104 | :host => matches[1], 105 | :db => matches[3], 106 | :table => matches[5], 107 | :column => matches[7] 108 | } 109 | end 110 | end 111 | 112 | def create_row 113 | unless @resource.should(:privileges).empty? 114 | name = split_name(@resource[:name]) 115 | case name[:type] 116 | when :user 117 | mysql(defaults_file, "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ 118 | name[:host], name[:user], 119 | ]) 120 | when :db 121 | mysql(defaults_file, "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ 122 | name[:host], name[:user], name[:db], 123 | ]) 124 | when :column 125 | mysql(defaults_file, "mysql", "-e", "INSERT INTO columns_priv (host, user, db, table, column_name) VALUES ('%s', '%s', '%s', '%s', '%s')" % [ 126 | name[:host], name[:user], name[:db], name[:table], name[:column], 127 | ]) 128 | end 129 | mysql_flush 130 | end 131 | end 132 | 133 | def destroy 134 | mysql(defaults_file, "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]) 135 | end 136 | 137 | def row_exists? 138 | name = split_name(@resource[:name]) 139 | fields = [:user, :host] 140 | if name[:type] == :db 141 | fields << :db 142 | end 143 | if name[:type] == :column 144 | fields << :column 145 | end 146 | not mysql(defaults_file, "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? 147 | end 148 | 149 | def all_privs_set? 150 | all_privs = case split_name(@resource[:name])[:type] 151 | when :user 152 | MYSQL_USER_PRIVS 153 | when :db 154 | MYSQL_DB_PRIVS 155 | when :tables_priv 156 | MYSQL_TABLE_PRIVS 157 | when :column 158 | MYSQL_COLUMN_PRIVS 159 | end 160 | all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") 161 | privs = privileges.collect do |p| p.to_s end.sort.join("|") 162 | 163 | all_privs == privs 164 | end 165 | 166 | def privileges 167 | name = split_name(@resource[:name]) 168 | privs = "" 169 | 170 | case name[:type] 171 | when :user 172 | privs = mysql(defaults_file, "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]) 173 | when :db 174 | privs = mysql(defaults_file, "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]) 175 | when :tables_priv 176 | privs = mysql(defaults_file, "mysql", "-NBe", 'select Table_priv from tables_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s"' % [ name[:user], name[:host], name[:db], name[:table_name] ]) 177 | privs = privs.chomp.downcase 178 | return privs 179 | when :columns 180 | privs = mysql(defaults_file, "mysql", "-Be", 'select * from columns_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s" and Column_name="%s"' % [ name[:user], name[:host], name[:db], name[:table], name[:column] ]) 181 | end 182 | 183 | if privs.match(/^$/) 184 | privs = [] # no result, no privs 185 | else 186 | case name[:type] 187 | when :user, :db 188 | # returns a line with field names and a line with values, each tab-separated 189 | privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end 190 | # transpose the lines, so we have key/value pairs 191 | privs = privs[0].zip(privs[1]) 192 | privs = privs.select do |p| (/_priv$/) and p[1] == 'Y' end 193 | privs.collect{|p| p[0].downcase.intern } 194 | end 195 | end 196 | end 197 | 198 | def privileges=(privs) 199 | name = split_name(@resource[:name]) 200 | # don't need to create a row for tables_priv and columns_priv 201 | if name[:type] == :user || name[:type] == :db 202 | unless row_exists? 203 | create_row 204 | end 205 | end 206 | 207 | # puts "Setting privs: ", privs.join(", ") 208 | name = split_name(@resource[:name]) 209 | stmt = '' 210 | where = '' 211 | all_privs = [] 212 | case name[:type] 213 | when :user 214 | stmt = 'update user set ' 215 | where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] 216 | all_privs = MYSQL_USER_PRIVS 217 | when :db 218 | stmt = 'update db set ' 219 | where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] 220 | all_privs = MYSQL_DB_PRIVS 221 | when :tables_priv 222 | currently_set = privileges 223 | currently_set = currently_set.scan(/\w+/) 224 | privs.map! {|i| i.to_s.downcase} 225 | revoke = currently_set - privs 226 | 227 | if !revoke.empty? 228 | #puts "Revoking table privs: ", revoke 229 | mysql(defaults_file, "mysql", "-e", "REVOKE %s ON %s.%s FROM '%s'@'%s'" % [ revoke.join(", "), name[:db], name[:table_name], name[:user], name[:host] ]) 230 | end 231 | 232 | set = privs - currently_set 233 | stmt = 'GRANT ' 234 | where = ' ON %s.%s TO "%s"@"%s"' % [ name[:db], name[:table_name], name[:user], name[:host] ] 235 | all_privs = MYSQL_TABLE_PRIVS 236 | when :column 237 | stmt = 'update columns_priv set ' 238 | where = ' where user="%s" and host="%s" and Db="%s" and Table_name="%s"' % [ name[:user], name[:host], name[:db], name[:table_name] ] 239 | all_privs = MYSQL_COLUMN_PRIVS 240 | end 241 | 242 | if privs[0] == :all 243 | privs = all_privs 244 | end 245 | 246 | #puts "stmt:", stmt 247 | case name[:type] 248 | when :user 249 | set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') 250 | when :db 251 | set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') 252 | when :tables_priv 253 | set = set.join(', ') 254 | end 255 | 256 | #puts "set:", set 257 | stmt = stmt << set << where 258 | #puts "stmt:", stmt 259 | 260 | if !set.empty? 261 | mysql(defaults_file, "mysql", "-Be", stmt) 262 | mysql_flush 263 | end 264 | end 265 | end 266 | 267 | -------------------------------------------------------------------------------- /lib/puppet/provider/mysql_user/mysql.rb: -------------------------------------------------------------------------------- 1 | require 'puppet/provider/package' 2 | 3 | Puppet::Type.type(:mysql_user).provide(:mysql, 4 | # T'is funny business, this code is quite generic 5 | :parent => Puppet::Provider::Package) do 6 | 7 | desc "Use mysql as database." 8 | commands :mysql => '/usr/bin/mysql' 9 | commands :mysqladmin => '/usr/bin/mysqladmin' 10 | 11 | # Optional defaults file 12 | def self.defaults_file 13 | if File.file?("#{Facter.value(:root_home)}/.my.cnf") 14 | "--defaults-file=#{Facter.value(:root_home)}/.my.cnf" 15 | else 16 | nil 17 | end 18 | end 19 | def defaults_file 20 | self.class.defaults_file 21 | end 22 | 23 | # retrieve the current set of mysql users 24 | def self.instances 25 | users = [] 26 | 27 | cmd = "#{command(:mysql)} #{defaults_file} mysql -NBe 'select concat(user, \"@\", host), password from user'" 28 | execpipe(cmd) do |process| 29 | process.each do |line| 30 | users << new( query_line_to_hash(line) ) 31 | end 32 | end 33 | return users 34 | end 35 | 36 | def self.query_line_to_hash(line) 37 | fields = line.chomp.split(/\t/) 38 | { 39 | :name => fields[0], 40 | :password_hash => fields[1], 41 | :ensure => :present 42 | } 43 | end 44 | 45 | def mysql_flush 46 | mysqladmin(defaults_file,"flush-privileges") 47 | end 48 | 49 | def query 50 | result = {} 51 | 52 | cmd = "#{command(:mysql)} #{defaults_file} -NBe 'select concat(user, \"@\", host), password from user where concat(user, \"@\", host) = \"%s\"'" % @resource[:name] 53 | execpipe(cmd) do |process| 54 | process.each do |line| 55 | unless result.empty? 56 | raise Puppet::Error, 57 | "Got multiple results for user '%s'" % @resource[:name] 58 | end 59 | result = query_line_to_hash(line) 60 | end 61 | end 62 | result 63 | end 64 | 65 | def create 66 | mysql(defaults_file, "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.should(:password_hash) ]) 67 | mysql_flush 68 | end 69 | 70 | def destroy 71 | mysql(defaults_file, "mysql", "-e", "drop user '%s'" % @resource[:name].sub("@", "'@'")) 72 | mysql_flush 73 | end 74 | 75 | def exists? 76 | not mysql(defaults_file, "mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource[:name]).empty? 77 | end 78 | 79 | def password_hash 80 | @property_hash[:password_hash] 81 | end 82 | 83 | def password_hash=(string) 84 | mysql(defaults_file, "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ]) 85 | mysql_flush 86 | end 87 | end 88 | 89 | -------------------------------------------------------------------------------- /lib/puppet/type/mysql_database.rb: -------------------------------------------------------------------------------- 1 | # This has to be a separate type to enable collecting 2 | Puppet::Type.newtype(:mysql_database) do 3 | @doc = "Manage a database." 4 | 5 | ensurable 6 | autorequire(:service) { 'mysql' } 7 | 8 | newparam(:name) do 9 | desc "The name of the database." 10 | 11 | # TODO: only [[:alnum:]_] allowed 12 | end 13 | end 14 | 15 | -------------------------------------------------------------------------------- /lib/puppet/type/mysql_grant.rb: -------------------------------------------------------------------------------- 1 | # This has to be a separate type to enable collecting 2 | Puppet::Type.newtype(:mysql_grant) do 3 | @doc = "Manage a database user's rights." 4 | 5 | #ensurable 6 | autorequire(:service) { 'mysqld' } 7 | 8 | autorequire :mysql_table do 9 | reqs = [] 10 | matches = self[:name].match(/^([^@]*)@([^\/]*)\/(.+)\/(.+)$/) 11 | unless matches.nil? 12 | reqs << matches[4] 13 | end 14 | # puts "Autoreq: '%s'" % reqs.join(" ") 15 | reqs 16 | end 17 | 18 | autorequire :mysql_db do 19 | # puts "Starting db autoreq for %s" % self[:name] 20 | reqs = [] 21 | matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) 22 | unless matches.nil? 23 | reqs << matches[3] 24 | end 25 | # puts "Autoreq: '%s'" % reqs.join(" ") 26 | reqs 27 | end 28 | 29 | autorequire :mysql_user do 30 | # puts "Starting user autoreq for %s" % self[:name] 31 | reqs = [] 32 | matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) 33 | unless matches.nil? 34 | reqs << "%s@%s" % [ matches[1], matches[2] ] 35 | end 36 | # puts "Autoreq: '%s'" % reqs.join(" ") 37 | reqs 38 | end 39 | 40 | newparam(:name) do 41 | desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" 42 | end 43 | newproperty(:privileges, :array_matching => :all) do 44 | desc "The privileges the user should have. The possible values are implementation dependent." 45 | munge do |v| 46 | v.intern 47 | end 48 | 49 | def should_to_s(newvalue = @should) 50 | if newvalue 51 | unless newvalue.is_a?(Array) 52 | newvalue = [ newvalue ] 53 | end 54 | newvalue.collect do |v| v.to_s end.sort.join ", " 55 | else 56 | nil 57 | end 58 | end 59 | 60 | def is_to_s(currentvalue = @is) 61 | if currentvalue 62 | unless currentvalue.is_a?(Array) 63 | currentvalue = [ currentvalue ] 64 | end 65 | currentvalue.collect do |v| v.to_s end.sort.join ", " 66 | else 67 | nil 68 | end 69 | end 70 | 71 | # use the sorted outputs for comparison 72 | def insync?(is) 73 | if defined? @should and @should 74 | case self.should_to_s 75 | when "all" 76 | self.provider.all_privs_set? 77 | when self.is_to_s(is) 78 | true 79 | else 80 | false 81 | end 82 | else 83 | true 84 | end 85 | end 86 | 87 | end 88 | end 89 | 90 | -------------------------------------------------------------------------------- /lib/puppet/type/mysql_user.rb: -------------------------------------------------------------------------------- 1 | # This has to be a separate type to enable collecting 2 | Puppet::Type.newtype(:mysql_user) do 3 | @doc = "Manage a database user." 4 | 5 | ensurable 6 | autorequire(:service) { 'mysqld' } 7 | 8 | newparam(:name) do 9 | desc "The name of the user. This uses the 'username@hostname' form." 10 | 11 | validate do |value| 12 | if value.split('@').first.size > 16 13 | raise ArgumentError, 14 | "MySQL usernames are limited to a maximum of 16 characters" 15 | end 16 | end 17 | end 18 | 19 | newproperty(:password_hash) do 20 | desc "The password hash of the user. Use mysql_password() for creating such a hash." 21 | end 22 | end 23 | 24 | -------------------------------------------------------------------------------- /manifests/admin_user.pp: -------------------------------------------------------------------------------- 1 | # add an admin user that has 2 | # access to all databases 3 | define mysql::admin_user( 4 | $password, 5 | $ensure = present, 6 | $host = '127.0.0.1' 7 | ){ 8 | $password_hash = $password ? { 9 | 'trocla' => trocla("mysql_admin-user_${name}",'mysql'), 10 | default => $password, 11 | } 12 | mysql_user{"${name}@${host}": 13 | ensure => $ensure, 14 | password_hash => $password_hash, 15 | require => Exec['mysql_set_rootpw'], 16 | } 17 | if $ensure == 'present' { 18 | mysql_grant{"${name}@${host}": 19 | privileges => 'all', 20 | require => Mysql_user["${name}@${host}"], 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /manifests/client.pp: -------------------------------------------------------------------------------- 1 | # client package for mysql 2 | class mysql::client ( 3 | $manage_shorewall = false 4 | ) { 5 | case $::operatingsystem { 6 | debian: { include mysql::client::debian } 7 | default: { include mysql::client::base } 8 | } 9 | 10 | if $manage_shorewall { 11 | include shorewall::rules::out::mysql 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /manifests/client/base.pp: -------------------------------------------------------------------------------- 1 | # basic mysql client stuff 2 | class mysql::client::base { 3 | package { 'mysql': 4 | ensure => present, 5 | alias => 'mysql-client', 6 | } 7 | if $::operatingsystem in ['RedHat', 'CentOS'] and 8 | versioncmp($::operatingsystemmajrelease,'6') > 0 { 9 | Package['mysql']{ 10 | name => 'mariadb' 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /manifests/client/debian.pp: -------------------------------------------------------------------------------- 1 | # debian client name 2 | class mysql::client::debian inherits mysql::client::base { 3 | Package['mysql'] { 4 | name => 'mysql-client', 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /manifests/client/perl.pp: -------------------------------------------------------------------------------- 1 | # mysql perl config 2 | class mysql::client::perl { 3 | case $::operatingsystem { 4 | debian: { include mysql::client::perl::debian } 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /manifests/client/perl/debian.pp: -------------------------------------------------------------------------------- 1 | # perl package name on debian 2 | class mysql::client::perl::debian { 3 | package { 'libdbd-mysql-perl': 4 | ensure => present, 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /manifests/client/ruby.pp: -------------------------------------------------------------------------------- 1 | # mysql client for ruby 2 | class mysql::client::ruby { 3 | case $::operatingsystem { 4 | debian: { include mysql::client::ruby::debian } 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /manifests/client/ruby/debian.pp: -------------------------------------------------------------------------------- 1 | # debian ruby client 2 | class mysql::client::ruby::debian { 3 | package { 'libmysql-ruby': 4 | ensure => present, 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /manifests/default_database.pp: -------------------------------------------------------------------------------- 1 | # create default database 2 | define mysql::default_database( 3 | $username = $name, 4 | $password = 'absent', 5 | $password_is_encrypted = true, 6 | $privileges = 'all', 7 | $host = '127.0.0.1', 8 | $ensure = 'present' 9 | ) { 10 | mysql_database{$name: 11 | ensure => $ensure, 12 | require => Exec['mysql_set_rootpw'], 13 | } 14 | if $password == 'absent' and $ensure != 'absent' { 15 | info("we don't create the user for database: ${name}") 16 | $grant_require = Mysql_database[$name] 17 | } else { 18 | mysql_user{"${username}@${host}": 19 | ensure => $ensure, 20 | require => Mysql_database[$name], 21 | } 22 | $grant_require = Mysql_user["${username}@${host}"] 23 | if $ensure == 'present' { 24 | $password_hash = $password ? { 25 | 'trocla' => trocla("mysql_${username}",'mysql'), 26 | default => $password_is_encrypted ? { 27 | true => $password, 28 | default => mysql_password($password) 29 | }, 30 | } 31 | Mysql_user["${username}@${host}"]{ 32 | password_hash => $password_hash 33 | } 34 | } 35 | } 36 | if $ensure == 'present' { 37 | mysql_grant{"${username}@${host}/${name}": 38 | privileges => $privileges, 39 | require => $grant_require, 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /manifests/devel.pp: -------------------------------------------------------------------------------- 1 | # devel resources for mysql 2 | class mysql::devel{ 3 | package{"mysql-devel.${::architecture}": 4 | ensure => present, 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /manifests/disable.pp: -------------------------------------------------------------------------------- 1 | # class to install mysql-server 2 | # in a disabled way. 3 | class mysql::disable { 4 | package{'mysql-server': 5 | ensure => installed, 6 | } 7 | 8 | service {mysql: 9 | ensure => stopped, 10 | enable => false, 11 | hasstatus => true, 12 | require => Package['mysql-server'], 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /manifests/server.pp: -------------------------------------------------------------------------------- 1 | # manage a mysql server 2 | class mysql::server ( 3 | $root_password, 4 | $manage_shorewall = false, 5 | $manage_munin = false, 6 | $munin_password = 'absent', 7 | $manage_nagios = false, 8 | $nagios_password_hash = 'absent', 9 | $backup_cron = false, 10 | $optimize_cron = false, 11 | $backup_dir = '/var/backups/mysql', 12 | $manage_backup_dir = true, 13 | $nagios_notcp = false 14 | ) { 15 | case $::operatingsystem { 16 | 'Gentoo': { include ::mysql::server::gentoo } 17 | 'CentOS': { include ::mysql::server::centos } 18 | 'Debian': { include ::mysql::server::debian } 19 | default: { include ::mysql::server::base } 20 | } 21 | 22 | if $manage_munin { 23 | if $munin_password == 'absent' { 24 | fail('need to set the munin password') 25 | } 26 | case $::operatingsystem { 27 | 'Debian': { include ::mysql::server::munin::debian } 28 | default: { include ::mysql::server::munin::default } 29 | } 30 | } 31 | 32 | if $manage_nagios { 33 | if $nagios_password_hash == 'absent' { 34 | fail('need to set the nagios password hash') 35 | } 36 | include ::mysql::server::nagios 37 | } 38 | 39 | if $manage_shorewall { 40 | include ::shorewall::rules::mysql 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /manifests/server/backup_helpers.pp: -------------------------------------------------------------------------------- 1 | # Helpers for mysql servers 2 | # In a dedicated class so they can 3 | # also be pulled in somewhere else 4 | class mysql::server::backup_helpers{ 5 | file{'/usr/local/bin/mysql_extract_from_backup': 6 | source => 'puppet:///modules/mysql/backup_helpers/mysql_extract_from_backup.sh', 7 | owner => root, 8 | group => 0, 9 | mode => '0555'; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/server/base.pp: -------------------------------------------------------------------------------- 1 | # manage the common things of 2 | # a mysql server 3 | class mysql::server::base { 4 | package {'mysql-server': 5 | ensure => present, 6 | } 7 | file { 'mysql_main_cnf': 8 | path => '/etc/mysql/my.cnf', 9 | source => [ 10 | "puppet:///modules/site_mysql/${::fqdn}/my.cnf", 11 | "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}.${::operatingsystemmajrelease}", 12 | "puppet:///modules/site_mysql/my.cnf.${::operatingsystem}", 13 | 'puppet:///modules/site_mysql/my.cnf', 14 | "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}.${::operatingsystemmajrelease}", 15 | "puppet:///modules/mysql/config/my.cnf.${::operatingsystem}", 16 | 'puppet:///modules/mysql/config/my.cnf' 17 | ], 18 | require => Package['mysql-server'], 19 | notify => Service['mysql'], 20 | owner => root, 21 | group => 0, 22 | mode => '0644'; 23 | } 24 | 25 | file { 26 | 'mysql_data_dir': 27 | ensure => directory, 28 | path => '/var/lib/mysql/data', 29 | require => Package['mysql-server'], 30 | before => File['mysql_main_cnf'], 31 | owner => mysql, 32 | group => mysql, 33 | mode => '0755'; 34 | 'mysql_setmysqlpass.sh': 35 | path => '/usr/local/sbin/setmysqlpass.sh', 36 | source => ["puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh.${::operatingsystemmajrelease}", 37 | "puppet:///modules/mysql/scripts/${::operatingsystem}/setmysqlpass.sh", ], 38 | require => Package['mysql-server'], 39 | owner => root, 40 | group => 0, 41 | mode => '0500'; 42 | 'mysql_root_cnf': 43 | path => '/root/.my.cnf', 44 | content => template('mysql/root/my.cnf.erb'), 45 | require => [ Package['mysql-server'] ], 46 | notify => Exec['mysql_set_rootpw'], 47 | owner => root, 48 | group => 0, 49 | mode => '0400'; 50 | } 51 | 52 | exec { 'mysql_set_rootpw': 53 | command => '/usr/local/sbin/setmysqlpass.sh', 54 | require => [ File['mysql_setmysqlpass.sh'], Service['mysql'] ], 55 | # this is for security so that we only change the password 56 | # if the password file itself has changed 57 | refreshonly => true, 58 | } 59 | 60 | if $mysql::server::backup_cron { 61 | include mysql::server::cron::backup 62 | include mysql::server::backup_helpers 63 | } 64 | 65 | if $mysql::server::optimize_cron { 66 | include mysql::server::cron::optimize 67 | } 68 | 69 | service { 'mysql': 70 | ensure => running, 71 | enable => true, 72 | hasstatus => true, 73 | require => Package['mysql-server'], 74 | } 75 | 76 | # Collect all databases and users 77 | Mysql_database<<| tag == "mysql_${::fqdn}" |>> 78 | Mysql_user<<| tag == "mysql_${::fqdn}" |>> 79 | Mysql_grant<<| tag == "mysql_${::fqdn}" |>> 80 | } 81 | -------------------------------------------------------------------------------- /manifests/server/centos.pp: -------------------------------------------------------------------------------- 1 | # centos specific things 2 | class mysql::server::centos inherits mysql::server::clientpackage { 3 | if versioncmp($::operatingsystemmajrelease,'6') > 0 { 4 | Package['mysql-server']{ 5 | name => 'mariadb-server', 6 | } 7 | Service['mysql']{ 8 | name => 'mariadb', 9 | } 10 | } else { 11 | Service['mysql']{ 12 | name => 'mysqld', 13 | } 14 | } 15 | File['mysql_main_cnf']{ 16 | path => '/etc/my.cnf', 17 | } 18 | 19 | file{ 20 | '/etc/mysql': 21 | ensure => directory, 22 | owner => root, 23 | group => 0, 24 | mode => '0644'; 25 | '/etc/mysql/conf.d': 26 | ensure => directory, 27 | recurse => true, 28 | purge => true, 29 | force => true, 30 | owner => root, 31 | group => 0, 32 | mode => '0644', 33 | notify => Service['mysql']; 34 | '/etc/logrotate.d/mariadb': 35 | require => Service['mysql'], 36 | owner => root, 37 | group => 0, 38 | mode => '0644'; 39 | } 40 | 41 | if versioncmp($::operatingsystemmajrelease,'6') == 0 { 42 | File['/etc/logrotate.d/mariadb']{ 43 | path => '/etc/logrotate.d/mysqld', 44 | source => 'puppet:///modules/mysql/config/logrotate.conf.CentOS.6' 45 | } 46 | } else { 47 | File['/etc/logrotate.d/mariadb']{ 48 | source => 'puppet:///modules/mysql/config/logrotate.conf' 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /manifests/server/clientpackage.pp: -------------------------------------------------------------------------------- 1 | # include client package 2 | class mysql::server::clientpackage inherits mysql::server::base { 3 | class { 'mysql::client': 4 | manage_shorewall => $mysql::server::manage_shorewall, 5 | } 6 | File['mysql_setmysqlpass.sh']{ 7 | require +> Package['mysql'], 8 | } 9 | File['mysql_root_cnf']{ 10 | require +> Package['mysql'], 11 | } 12 | Exec['mysql_set_rootpw']{ 13 | require +> Package['mysql'], 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /manifests/server/cron/backup.pp: -------------------------------------------------------------------------------- 1 | # setup a basic cronjob to backup mysql database 2 | class mysql::server::cron::backup { 3 | if $mysql::server::manage_backup_dir { 4 | file { 'mysql_backup_dir': 5 | ensure => directory, 6 | path => $mysql::server::backup_dir, 7 | before => Cron['mysql_backup_cron'], 8 | owner => root, 9 | group => 0, 10 | mode => '0700'; 11 | } 12 | } 13 | 14 | $backup_command = "/usr/bin/mysqldump --default-character-set=utf8mb4 --all-databases --create-options --flush-logs --lock-tables --single-transaction --events --ignore-table=mysql.event | gzip > ${mysql::server::backup_dir}/mysqldump.sql.gz && chmod 600 ${mysql::server::backup_dir}/mysqldump.sql.gz" 15 | 16 | cron { 'mysql_backup_cron': 17 | command => $backup_command, 18 | user => 'root', 19 | minute => 0, 20 | hour => 1, 21 | require => [Exec['mysql_set_rootpw'], File['mysql_root_cnf'],], 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /manifests/server/cron/optimize.pp: -------------------------------------------------------------------------------- 1 | # optimize mysql databases regurarely 2 | class mysql::server::cron::optimize { 3 | 4 | require ruby 5 | file { 'mysql_optimize_script': 6 | path => '/usr/local/sbin/optimize_mysql_tables.rb', 7 | source => 'puppet:///modules/mysql/scripts/optimize_tables.rb', 8 | owner => root, 9 | group => 0, 10 | mode => '0700'; 11 | } 12 | 13 | cron { 'mysql_optimize_cron': 14 | command => '/usr/local/sbin/optimize_mysql_tables.rb', 15 | user => 'root', 16 | minute => 40, 17 | hour => 6, 18 | weekday => 7, 19 | require => [ Exec['mysql_set_rootpw'], 20 | File['mysql_root_cnf'], 21 | File['mysql_optimize_script'] ], 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /manifests/server/debian.pp: -------------------------------------------------------------------------------- 1 | # debian specific stuff 2 | class mysql::server::debian inherits mysql::server::clientpackage { 3 | File['mysql_data_dir'] { 4 | path => '/var/lib/mysql', 5 | } 6 | File['mysql_ibdata1'] { 7 | path => '/var/lib/mysql/ibdata1', 8 | } 9 | file { 'mysql_debian_cnf': 10 | path => '/etc/mysql/debian.cnf', 11 | notify => Service['mysql'], 12 | owner => root, 13 | group => 0, 14 | mode => '0600'; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /manifests/server/gentoo.pp: -------------------------------------------------------------------------------- 1 | # gentoo specific things 2 | class mysql::server::gentoo inherits mysql::server::base { 3 | Package['mysql-server'] { 4 | alias => 'mysql', 5 | category => 'dev-db', 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /manifests/server/munin/debian.pp: -------------------------------------------------------------------------------- 1 | # debian way of calling plugins 2 | class mysql::server::munin::debian inherits mysql::server::munin::default { 3 | Munin::Plugin['mysql_bytes', 'mysql_queries', 'mysql_slowqueries', 4 | 'mysql_threads', 'mysql_connections', 'mysql_qcache', 'mysql_cache_mem', 5 | 'mysql_size_all']{ 6 | config => "user root\nenv.mysqlopts --defaults-file=/etc/mysql/debian.cnf", 7 | require => Package['mysql'], 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/server/munin/default.pp: -------------------------------------------------------------------------------- 1 | #' manage plugins 2 | class mysql::server::munin::default { 3 | $pwd = $mysql::server::munin_password 4 | mysql_user{'munin@localhost': 5 | password_hash => mysql_password($pwd), 6 | require => Exec['mysql_set_rootpw'], 7 | } 8 | 9 | mysql_grant{'munin@localhost': 10 | privileges => 'select_priv', 11 | require => Mysql_user['munin@localhost'], 12 | } 13 | 14 | munin::plugin { 15 | ['mysql_queries', 'mysql_slowqueries']: 16 | config => "env.mysqlopts --user=munin --password='${pwd}' -h localhost", 17 | require => Mysql_grant['munin@localhost']; 18 | ['mysql_bytes', 'mysql_threads']: 19 | config => "env.mysqlopts --user=munin --password=${pwd} -h localhost", 20 | require => Mysql_grant['munin@localhost']; 21 | } 22 | 23 | Munin::Plugin::Deploy{ 24 | config => "env.mysqlopts --user=munin --password='${pwd}' -h localhost", 25 | require => Mysql_grant['munin@localhost'], 26 | } 27 | munin::plugin::deploy{ 28 | 'mysql_connections': 29 | source => 'mysql/munin/mysql_connections'; 30 | 'mysql_qcache': 31 | source => 'mysql/munin/mysql_qcache'; 32 | 'mysql_qcache_mem': 33 | source => 'mysql/munin/mysql_qcache_mem'; 34 | 'mysql_size_all': 35 | source => 'mysql/munin/mysql_size_all'; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /manifests/server/nagios.pp: -------------------------------------------------------------------------------- 1 | # setup nagios check for mysql 2 | class mysql::server::nagios { 3 | # Flip this variable if you need to check MySQL through check_ssh or check_nrpe, 4 | # in that case you will have to manually define nagios::service::mysql 5 | if $mysql::server::nagios_notcp { 6 | $nagios_mysql_user = 'nagios@localhost' 7 | } else { 8 | $nagios_mysql_user = 'nagios@%' 9 | nagios::service::mysql { 'connection-time': 10 | check_host => $::fqdn, 11 | require => Mysql_grant[$nagios_mysql_user], 12 | } 13 | } 14 | 15 | mysql_user{$nagios_mysql_user: 16 | password_hash => $mysql::server::nagios_password_hash, 17 | require => Package['mysql'], 18 | } 19 | 20 | # repl_client_priv is needed to check the replication slave status 21 | # modes: slave-lag, slave-io-running and slave-sql-running 22 | mysql_grant{$nagios_mysql_user: 23 | privileges => [ 'select_priv', 'repl_client_priv' ], 24 | require => [ Mysql_user[$nagios_mysql_user], Package['mysql'] ], 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /manifests/server/tuner.pp: -------------------------------------------------------------------------------- 1 | # install mysqltuner package 2 | class mysql::server::tuner { 3 | package{'mysqltuner': 4 | ensure => present, 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /templates/root/my.cnf.erb: -------------------------------------------------------------------------------- 1 | [client] 2 | user=root 3 | host=localhost 4 | password=<%= scope.lookupvar('mysql::server::root_password') %> 5 | -------------------------------------------------------------------------------- /tests/001_create_database.pp: -------------------------------------------------------------------------------- 1 | 2 | err("Will create 'test_db'") 3 | mysql_database { "test_db": ensure => present } 4 | 5 | -------------------------------------------------------------------------------- /tests/010_create_user.pp: -------------------------------------------------------------------------------- 1 | 2 | err("Will create user 'test_user@%' with password 'blah'") 3 | 4 | mysql_user{ "test_user@%": 5 | password_hash => mysql_password("blah"), 6 | ensure => present 7 | } 8 | -------------------------------------------------------------------------------- /tests/012_change_password.pp: -------------------------------------------------------------------------------- 1 | 2 | err("Changing password for user 'test_user@%'") 3 | mysql_user{ "test_user@%": 4 | password_hash => mysql_password("foo"), 5 | ensure => present 6 | } 7 | -------------------------------------------------------------------------------- /tests/100_create_user_grant.pp: -------------------------------------------------------------------------------- 1 | err("Grant SELECT, INSERT and UPDATE to test_user@%") 2 | 3 | mysql_grant { 4 | "test_user@%": 5 | privileges => [ "select_priv", 'insert_priv', 'update_priv' ], 6 | tag => test; 7 | } 8 | 9 | 10 | -------------------------------------------------------------------------------- /tests/101_remove_user_privilege.pp: -------------------------------------------------------------------------------- 1 | err("Revoke UPDATE from test_user@%") 2 | 3 | mysql_grant { 4 | "test_user@%": 5 | privileges => [ "select_priv", 'insert_priv' ], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/102_add_user_privilege.pp: -------------------------------------------------------------------------------- 1 | err("Grant DELETE to test_user@%") 2 | 3 | mysql_grant { 4 | "test_user@%": 5 | privileges => [ "select_priv", 'insert_priv', 'delete_priv' ], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/103_change_user_grant.pp: -------------------------------------------------------------------------------- 1 | err("Replace DELETE with UPDATE grant for test_user@%") 2 | 3 | mysql_grant { 4 | "test_user@%": 5 | privileges => [ "select_priv", 'insert_priv', 'update_priv' ], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/104_mix_user_grants.pp: -------------------------------------------------------------------------------- 1 | err("Change the order of the defined privileges") 2 | 3 | mysql_grant { 4 | "test_user@%": 5 | privileges => [ "update_priv", 'insert_priv', 'select_priv' ], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/150_create_db_grant.pp: -------------------------------------------------------------------------------- 1 | err("Create a db grant") 2 | 3 | mysql_grant { 4 | "test_user@%test_db": 5 | privileges => [ "select_priv", 'insert_priv', 'update_priv' ], 6 | tag => test; 7 | } 8 | 9 | 10 | -------------------------------------------------------------------------------- /tests/151_remove_db_privilege.pp: -------------------------------------------------------------------------------- 1 | err("Revoke UPDATE from test_user@%test_db") 2 | 3 | mysql_grant { 4 | "test_user@%test_db": 5 | privileges => [ "select_priv", 'insert_priv'], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/152_add_db_privilege.pp: -------------------------------------------------------------------------------- 1 | err("Grant DELETE to test_user@%test_db") 2 | 3 | mysql_grant { 4 | "test_user@%test_db": 5 | privileges => [ "select_priv", 'insert_priv', 'delete_priv'], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/153_change_db_priv.pp: -------------------------------------------------------------------------------- 1 | err("Change DELETE to UPDATE privilege for test_user@%test_db") 2 | 3 | mysql_grant { 4 | "test_user@%test_db": 5 | privileges => [ "select_priv", 'insert_priv', 'update_priv'], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/154_mix_db_grants.pp: -------------------------------------------------------------------------------- 1 | err("Change privilege order") 2 | 3 | mysql_grant { 4 | "test_user@%test_db": 5 | privileges => [ "update_priv", 'insert_priv', 'select_priv'], 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/200_give_all_user_privs.pp: -------------------------------------------------------------------------------- 1 | err("Grant ALL to test_user@%") 2 | 3 | mysql_grant { 4 | "test_user@%": 5 | privileges => all 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/201_give_all_db_privs.pp: -------------------------------------------------------------------------------- 1 | err("Grant ALL to test_user@%/test_db") 2 | 3 | mysql_grant { 4 | "test_user@%/test_db": 5 | privileges => all 6 | } 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/996_remove_db_grant.pp: -------------------------------------------------------------------------------- 1 | err("Remove the db grant") 2 | 3 | mysql_grant { "test_user@%test_db": privileges => [ ] } 4 | 5 | 6 | -------------------------------------------------------------------------------- /tests/997_remove_user_grant.pp: -------------------------------------------------------------------------------- 1 | err("Removing the user grant") 2 | 3 | mysql_grant { "test_user@%": privileges => [] } 4 | 5 | 6 | -------------------------------------------------------------------------------- /tests/998_remove_user.pp: -------------------------------------------------------------------------------- 1 | 2 | err("Removing user 'test_user@%'") 3 | mysql_user{ "test_user@%": ensure => absent } 4 | -------------------------------------------------------------------------------- /tests/999_remove_database.pp: -------------------------------------------------------------------------------- 1 | err("Will remove 'test_db'") 2 | mysql_database { "test_db": ensure => absent } 3 | 4 | -------------------------------------------------------------------------------- /tests/README: -------------------------------------------------------------------------------- 1 | Execute these testfile in asciibetical order to check the functioning of the 2 | types and providers. 3 | 4 | They try to create databases, users, grants, check for their existance, change 5 | attributes, and remove them again. 6 | 7 | -------------------------------------------------------------------------------- /tests/run_tests: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export RUBYLIB=${RUBYLIB:-../plugins} 4 | OPTIONS="$*" 5 | OPTIONS="${OPTIONS:---trace}" 6 | 7 | find -iname \*.pp | sort | while read current; do 8 | echo "Running $current" 9 | puppet $OPTIONS $current 10 | echo "Running $current again" 11 | puppet $OPTIONS $current 12 | echo 13 | done 14 | --------------------------------------------------------------------------------