--password is optional now, and added --no_my_cnf option

if no password is specified, then __mysql_server simply installs the mysql-server package and doesn't perform any additional tasks. if --password is specified, it writes its own .my.cnf configuration file with the root password. This behaviour can be turned of by setting --no_my_cnf "true"
2012-02-21 06:49:47 +01:00 · 2012-02-21 06:49:47 +01:00 · df512162cb
commit df512162cb
parent 6a491080f8
5 changed files with 101 additions and 44 deletions
--- a/conf/type/__mysql_server/gencode-remote
+++ b/conf/type/__mysql_server/gencode-remote
@ -19,50 +19,75 @@
 #
 #

-# to the database without requiring a passwort input
-rootpassword="$(cat "$__object/parameter/password")"
+if [ -f "$__object/parameter/no_my_cnf" ]; then
+   no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
+else
+   no_my_cnf="false"
+fi

-# set root password
-echo "mysqladmin -u root password $rootpassword"
+if [ -f "$__object/parameter/password" ]; then
+   rootpassword="$(cat "$__object/parameter/password")"
+else
+   rootpassword=""
+fi

-# store the root password in /root/.my.cnf so that processes can connect
-cat <<-EOFF
-cat <<-EOF > /root/.my.cnf
-	[client]
-	password=$rootpassword
+
+if [ "$rootpassword" != "" ]; then
+   # to the database without requiring a passwort input
+   # set root password
+   echo "mysqladmin -u root password $rootpassword"
+
+   # if we don't want to overwrite the .my.cnf, then take a backup now
+   if [ "$no_my_cnf" == "true" ]; then
+      mv /root/.my.cnf /root/.my.cnf.cdist.bkp
+   fi
+   
+   # store the root password in /root/.my.cnf so that processes can connect
+   cat <<-EOFF
+   cat <<-EOF > /root/.my.cnf
+      [client]
+      password=$rootpassword
 EOF
 EOFF

-# remove anonymous users
-cat <<-EOFF
-mysql -u root <<-EOF
-	DELETE FROM mysql.user WHERE User='';
+
+
+   # remove anonymous users
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DELETE FROM mysql.user WHERE User='';
+EOF
+EOFF
+   
+   # remove remote-access for root
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';
+EOF
+EOFF
+   
+   # remove test database
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DROP DATABASE IF EXISTS test;
+EOF
+EOFF
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'
+EOF
+EOFF
+   
+   # flush privileges
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	FLUSH PRIVILEGES;
 EOF
 EOFF

-# remove remote-access for root
-cat <<-EOFF
-mysql -u root <<-EOF
-	DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';
-EOF
-EOFF
-
-# remove test database
-cat <<-EOFF
-mysql -u root <<-EOF
-	DROP DATABASE IF EXISTS test;
-EOF
-EOFF
-cat <<-EOFF
-mysql -u root <<-EOF
-	DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'
-EOF
-EOFF
-
-# flush privileges
-cat <<-EOFF
-mysql -u root <<-EOF
-	FLUSH PRIVILEGES;
-EOF
-EOFF
+   # if we don't want to overwrite the .my.cnf, then restore the backup now
+   if [ "$no_my_cnf" == "true" ]; then
+      mv /root/.my.cnf.cdist.bkp /root/.my.cnf 
+   fi

+fi
--- a/conf/type/__mysql_server/man.text
+++ b/conf/type/__mysql_server/man.text
@ -10,7 +10,10 @@ cdist-type__mysql_server - Manage a MySQL server

 DESCRIPTION
 -----------
-This cdist type allows you to install a MySQL database server.
+This cdist type allows you to install a MySQL database server. The
+__mysql_server type also takes care of a few basic security tweaks that are 
+normally done by running the mysql_secure_installation script that is provided
+with MySQL.


 REQUIRED PARAMETERS
@ -21,14 +24,28 @@ password::

 OPTIONAL PARAMETERS
 -------------------
-None.
+no_my_cnf::
+   The /root/.my.cnf file is used to temporary store the root password when doing
+   the mysql_secure_installation. If you want to have your own .my.cnf file, then
+   specify --no_my_cnf "true".
+   Cdist will then place your original /root/.my.cnf back once cdist has run.


 EXAMPLES
 --------

 --------------------------------------------------------------------------------
+# to install a MySQL server
+__mysql_server
+
+# to install a MySQL server, remove remote access, remove test databases 
+# similar to mysql_secure_installation, specify the root password
 __mysql_server --password "Uu9jooKe"
+# this will also write a /root/.my.cnf file
+
+# if you don't want cdist to write a /root/.my.cnf file permanently, specify
+# the --no_my_cnf option
+__mysql_server --password "Uu9jooKe" --no_my_cnf
 --------------------------------------------------------------------------------


--- a/conf/type/__mysql_server/manifest
+++ b/conf/type/__mysql_server/manifest
@ -22,6 +22,20 @@
 # install mysql-server
 __package mysql-server --state installed

-# store the root password in /root/.my.cnf so that processes can connect
-# to the database without requiring a passwort input
-__file "/root/.my.cnf" --group root --owner root --mode 600
+if [ -f "$__object/parameter/no_my_cnf" ]; then
+   no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
+else
+   no_my_cnf="false"
+fi
+
+if [ -f "$__object/parameter/password" ]; then
+   rootpassword="$(cat "$__object/parameter/password")"
+else
+   rootpassword=""
+fi
+
+if [ "$no_my_cnf" != "true" -a "$rootpassword" != "" ]; then
+   # store the root password in /root/.my.cnf so that processes can connect
+   # to the database without requiring a passwort input
+   __file "/root/.my.cnf" --group root --owner root --mode 600
+fi
--- a/conf/type/__mysql_server/parameter/optional
+++ b/conf/type/__mysql_server/parameter/optional
@ -0,0 +1,2 @@
+no_my_cnf
+password
--- a/conf/type/__mysql_server/parameter/required
+++ b/conf/type/__mysql_server/parameter/required
@ -1 +0,0 @@
-password