--password is optional now, and added --no_my_cnf option

if no password is specified, then __mysql_server simply installs the
mysql-server package and doesn't perform any additional tasks.
if --password is specified, it writes its own .my.cnf configuration file
with the root password. This behaviour can be turned of by setting
--no_my_cnf "true"
This commit is contained in:
Benedikt Koeppel 2012-02-21 06:49:47 +01:00
parent 6a491080f8
commit df512162cb
5 changed files with 101 additions and 44 deletions

View file

@ -19,50 +19,75 @@
#
#
# to the database without requiring a passwort input
rootpassword="$(cat "$__object/parameter/password")"
if [ -f "$__object/parameter/no_my_cnf" ]; then
no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
else
no_my_cnf="false"
fi
# set root password
echo "mysqladmin -u root password $rootpassword"
if [ -f "$__object/parameter/password" ]; then
rootpassword="$(cat "$__object/parameter/password")"
else
rootpassword=""
fi
# store the root password in /root/.my.cnf so that processes can connect
cat <<-EOFF
cat <<-EOF > /root/.my.cnf
if [ "$rootpassword" != "" ]; then
# to the database without requiring a passwort input
# set root password
echo "mysqladmin -u root password $rootpassword"
# if we don't want to overwrite the .my.cnf, then take a backup now
if [ "$no_my_cnf" == "true" ]; then
mv /root/.my.cnf /root/.my.cnf.cdist.bkp
fi
# store the root password in /root/.my.cnf so that processes can connect
cat <<-EOFF
cat <<-EOF > /root/.my.cnf
[client]
password=$rootpassword
EOF
EOFF
# remove anonymous users
cat <<-EOFF
mysql -u root <<-EOF
# remove anonymous users
cat <<-EOFF
mysql -u root <<-EOF
DELETE FROM mysql.user WHERE User='';
EOF
EOFF
# remove remote-access for root
cat <<-EOFF
mysql -u root <<-EOF
# remove remote-access for root
cat <<-EOFF
mysql -u root <<-EOF
DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';
EOF
EOFF
# remove test database
cat <<-EOFF
mysql -u root <<-EOF
# remove test database
cat <<-EOFF
mysql -u root <<-EOF
DROP DATABASE IF EXISTS test;
EOF
EOFF
cat <<-EOFF
mysql -u root <<-EOF
cat <<-EOFF
mysql -u root <<-EOF
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'
EOF
EOFF
# flush privileges
cat <<-EOFF
mysql -u root <<-EOF
# flush privileges
cat <<-EOFF
mysql -u root <<-EOF
FLUSH PRIVILEGES;
EOF
EOFF
# if we don't want to overwrite the .my.cnf, then restore the backup now
if [ "$no_my_cnf" == "true" ]; then
mv /root/.my.cnf.cdist.bkp /root/.my.cnf
fi
fi

View file

@ -10,7 +10,10 @@ cdist-type__mysql_server - Manage a MySQL server
DESCRIPTION
-----------
This cdist type allows you to install a MySQL database server.
This cdist type allows you to install a MySQL database server. The
__mysql_server type also takes care of a few basic security tweaks that are
normally done by running the mysql_secure_installation script that is provided
with MySQL.
REQUIRED PARAMETERS
@ -21,14 +24,28 @@ password::
OPTIONAL PARAMETERS
-------------------
None.
no_my_cnf::
The /root/.my.cnf file is used to temporary store the root password when doing
the mysql_secure_installation. If you want to have your own .my.cnf file, then
specify --no_my_cnf "true".
Cdist will then place your original /root/.my.cnf back once cdist has run.
EXAMPLES
--------
--------------------------------------------------------------------------------
# to install a MySQL server
__mysql_server
# to install a MySQL server, remove remote access, remove test databases
# similar to mysql_secure_installation, specify the root password
__mysql_server --password "Uu9jooKe"
# this will also write a /root/.my.cnf file
# if you don't want cdist to write a /root/.my.cnf file permanently, specify
# the --no_my_cnf option
__mysql_server --password "Uu9jooKe" --no_my_cnf
--------------------------------------------------------------------------------

View file

@ -22,6 +22,20 @@
# install mysql-server
__package mysql-server --state installed
# store the root password in /root/.my.cnf so that processes can connect
# to the database without requiring a passwort input
__file "/root/.my.cnf" --group root --owner root --mode 600
if [ -f "$__object/parameter/no_my_cnf" ]; then
no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
else
no_my_cnf="false"
fi
if [ -f "$__object/parameter/password" ]; then
rootpassword="$(cat "$__object/parameter/password")"
else
rootpassword=""
fi
if [ "$no_my_cnf" != "true" -a "$rootpassword" != "" ]; then
# store the root password in /root/.my.cnf so that processes can connect
# to the database without requiring a passwort input
__file "/root/.my.cnf" --group root --owner root --mode 600
fi

View file

@ -0,0 +1,2 @@
no_my_cnf
password

View file

@ -1 +0,0 @@
password