diff options
| -rw-r--r-- | manifests/init.pp | 11 | ||||
| -rw-r--r-- | manifests/intranet.pp | 80 | ||||
| -rw-r--r-- | templates/my.cnf.erb | 3 |
3 files changed, 89 insertions, 5 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index f7f1c58..479510d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,6 +4,7 @@ import "variables.pp" import "passwords" +import "intranet" class mysql::server { include passwords @@ -150,7 +151,7 @@ define mysql::mysql_replication { } } -define mysql::datasource($rootpw, $ds_name, $ds_owner, $ds_owner_pwd, $ds_user, $ds_user_pwd, $ds_schema, mysql_replication_user, mysql_replication_password, mysql_root_database, mysql_root_local_host) { +define mysql::datasource($rootpw, $ds_name, $ds_owner, $ds_owner_pwd, $ds_user, $ds_user_pwd, $ds_schema, mysql_replication_user, mysql_replication_password, mysql_root_database, mysql_root_local_host, $ds_owner_permissions, $ds_user_permissions) { case $mysql_type { standalone: { $mysql_root_cmd = "/usr/bin/mysql --user=root --password=$rootpw " @@ -162,13 +163,13 @@ define mysql::datasource($rootpw, $ds_name, $ds_owner, $ds_owner_pwd, $ds_user, } exec { "create grants $ds_name": - command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ALL PRIVILEGES ON *.* TO '$ds_owner'@'%' IDENTIFIED BY '$ds_owner_pwd' WITH GRANT OPTION;\"", + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ${ds_owner_permissions} ON *.* TO '$ds_owner'@'%' IDENTIFIED BY '$ds_owner_pwd' WITH GRANT OPTION;\"", unless => "/usr/bin/mysql --host=$ipaddress --user=$ds_owner --password=$ds_owner_pwd --database=$mysql_root_database --execute='\s'", require => Exec["create datasource $ds_name"], } exec { "create grants $ds_user": - command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT SELECT,INSERT,UPDATE,DELETE ON $ds_name.* TO '$ds_user'@'%' IDENTIFIED BY '$ds_user_pwd';\"", + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ${ds_user_permissions} ON $ds_name.* TO '$ds_user'@'%' IDENTIFIED BY '$ds_user_pwd';\"", unless => "/usr/bin/mysql --host=$ipaddress --user=$ds_user --password=$ds_user_pwd --database=$mysql_root_database --execute='\s'", require => Exec["create grants $ds_name"], } @@ -203,14 +204,14 @@ define mysql::datasource($rootpw, $ds_name, $ds_owner, $ds_owner_pwd, $ds_user, } exec { "create all grants $ds_name": - command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ALL PRIVILEGES ON *.* TO '$ds_owner'@'%' IDENTIFIED BY '$ds_owner_pwd' WITH GRANT OPTION;\"", + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ${ds_owner_permissions} ON *.* TO '$ds_owner'@'%' IDENTIFIED BY '$ds_owner_pwd' WITH GRANT OPTION;\"", creates => "/var/lib/mysql/'$ds_name'-all-grants-created.out", unless => "$mysql_cmd_repl_slave --execute=\"select user from user;\" | grep '$ds_owner'", require => Exec["create datasource $ds_name"], } exec { "create select grants $ds_user": - command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT SELECT,INSERT,UPDATE,DELETE ON $ds_name.* TO '$ds_user'@'%' IDENTIFIED BY '$ds_user_pwd';\"", + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ${ds_user_permissions} ON $ds_name.* TO '$ds_user'@'%' IDENTIFIED BY '$ds_user_pwd';\"", creates => "/var/lib/mysql/'$ds_name'-select-grants-created.out", unless => "$mysql_cmd_repl_slave --execute=\"select user from user;\" | grep '$ds_user'", require => Exec["create all grants $ds_name"], diff --git a/manifests/intranet.pp b/manifests/intranet.pp new file mode 100644 index 0000000..43b5c8f --- /dev/null +++ b/manifests/intranet.pp @@ -0,0 +1,80 @@ +define mysql::clearspace::datasource($rootpw, $ds_name, $ds_owner, $ds_owner_pwd, $ds_user, $ds_user_pwd, $ds_schema, mysql_replication_user, mysql_replication_password, mysql_root_database, mysql_root_local_host) { + case $mysql_type { + standalone: { + $mysql_root_cmd = "/usr/bin/mysql --user=root --password=$rootpw " + + exec { "create datasource $ds_name": + command => "/usr/bin/mysqladmin -u root -p$rootpw create $ds_name", + unless => "$mysql_root_cmd $ds_name --execute='\s'", + require => [Service["mysql"], Exec["restart mysql server"]], + } + + exec { "create grants $ds_name": + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ALL PRIVILEGES ON *.* TO '$ds_owner'@'%' IDENTIFIED BY '$ds_owner_pwd' WITH GRANT OPTION;\"", + unless => "/usr/bin/mysql --host=$ipaddress --user=$ds_owner --password=$ds_owner_pwd --database=$mysql_root_database --execute='\s'", + require => Exec["create datasource $ds_name"], + } + + exec { "create grants $ds_user": + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ALL PRIVILEGES ON $ds_name.* TO '$ds_user'@'%' IDENTIFIED BY '$ds_user_pwd';\"", + unless => "/usr/bin/mysql --host=$ipaddress --user=$ds_user --password=$ds_user_pwd --database=$mysql_root_database --execute='\s'", + require => Exec["create grants $ds_name"], + } + + # Only create the schema is a template directory was specified + if $ds_schema { + exec { "create db $ds_name": + command => "$mysql_root_cmd $ds_name < $ds_schema > /var/lib/mysql/${ds_name}-create-db.log", + creates => "/var/lib/mysql/${ds_name}-create-db.log", + onlyif => "$mysql_root_cmd --database=$mysql_root_database --execute='\s'", + require => Exec["create grants $ds_user"], + } + } + + } + primary-master: { + $mysql_root_cmd ="/usr/bin/mysql --user=root --password=$rootpw " + $mysql_cmd_repl_slave ="/usr/bin/mysql --user=$mysql_replication_user --database=$mysql_root_database --host=$mysql_master_ip_address --password=$mysql_replication_password" + + file { "/var/lib/mysql/${ds_name}_verify_slave_configuration.bash": + ensure => present, + owner => "mysql", + group => "mysql", + mode => 0755, + content => template("mysql/verify_slave_configuration.bash.erb"), + require => [Service["mysql"], Exec["restart slave server"]], + } + + exec { "create datasource $ds_name": + command => "/usr/bin/mysqladmin -u root -p$rootpw create $ds_name", + onlyif => "/var/lib/mysql/${ds_name}_verify_slave_configuration.bash", + require => File["/var/lib/mysql/${ds_name}_verify_slave_configuration.bash"], + } + + exec { "create all grants $ds_name": + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT ALL PRIVILEGES ON *.* TO '$ds_owner'@'%' IDENTIFIED BY '$ds_owner_pwd' WITH GRANT OPTION;\"", + creates => "/var/lib/mysql/'$ds_name'-all-grants-created.out", + unless => "$mysql_cmd_repl_slave --execute=\"select user from user;\" | grep '$ds_owner'", + require => Exec["create datasource $ds_name"], + } + + exec { "create select grants $ds_user": + command => "$mysql_root_cmd --database=$mysql_root_database --execute=\"GRANT CREATE,SELECT,INSERT,UPDATE,DELETE ON $ds_name.* TO '$ds_user'@'%' IDENTIFIED BY '$ds_user_pwd';\"", + creates => "/var/lib/mysql/'$ds_name'-select-grants-created.out", + unless => "$mysql_cmd_repl_slave --execute=\"select user from user;\" | grep '$ds_user'", + require => Exec["create all grants $ds_name"], + } + + # Only create the schema is a template directory was specified + if $ds_schema { + exec { "create db schema $ds_name": + command => "$mysql_root_cmd --database=$ds_name < $ds_schema > /var/lib/mysql/${ds_name}-create-db.log", + creates => "/var/lib/mysql/${ds_name}-create-db.log", + onlyif => "$mysql_root_cmd --database=$mysql_root_database --execute='\s'", + require => Exec["create select grants $ds_user"], + } + } + + } + } +} diff --git a/templates/my.cnf.erb b/templates/my.cnf.erb index db1a4ef..e71f9cb 100644 --- a/templates/my.cnf.erb +++ b/templates/my.cnf.erb @@ -210,3 +210,6 @@ innodb_flush_log_at_trx_commit=1 sync_binlog=1 <% end %> + +[mysqld_safe] +syslog |