--password is optional now, and added --no_my_cnf option

if no password is specified, then __mysql_server simply installs the
mysql-server package and doesn't perform any additional tasks.
if --password is specified, it writes its own .my.cnf configuration file
with the root password. This behaviour can be turned of by setting
--no_my_cnf "true"

conf/type/__mysql_server/gencode-remote

@@ -19,50 +19,75 @@
 #
 #
 
-# to the database without requiring a passwort input
+if [ -f "$__object/parameter/no_my_cnf" ]; then
-rootpassword="$(cat "$__object/parameter/password")"
+   no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
+else
+   no_my_cnf="false"
+fi
 
-# set root password
+if [ -f "$__object/parameter/password" ]; then
-echo "mysqladmin -u root password $rootpassword"
+   rootpassword="$(cat "$__object/parameter/password")"
+else
+   rootpassword=""
+fi
 
-# store the root password in /root/.my.cnf so that processes can connect
+
-cat <<-EOFF
+if [ "$rootpassword" != "" ]; then
-cat <<-EOF > /root/.my.cnf
+   # to the database without requiring a passwort input
-	[client]
+   # set root password
-	password=$rootpassword
+   echo "mysqladmin -u root password $rootpassword"
+
+   # if we don't want to overwrite the .my.cnf, then take a backup now
+   if [ "$no_my_cnf" == "true" ]; then
+      mv /root/.my.cnf /root/.my.cnf.cdist.bkp
+   fi
+   
+   # store the root password in /root/.my.cnf so that processes can connect
+   cat <<-EOFF
+   cat <<-EOF > /root/.my.cnf
+      [client]
+      password=$rootpassword
 EOF
 EOFF
 
-# remove anonymous users
+
-cat <<-EOFF
+
-mysql -u root <<-EOF
+   # remove anonymous users
-	DELETE FROM mysql.user WHERE User='';
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DELETE FROM mysql.user WHERE User='';
 EOF
 EOFF
    
-# remove remote-access for root
+   # remove remote-access for root
-cat <<-EOFF
+   cat <<-EOFF
-mysql -u root <<-EOF
+   mysql -u root <<-EOF
-	DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';
+   	DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';
 EOF
 EOFF
    
-# remove test database
+   # remove test database
-cat <<-EOFF
+   cat <<-EOFF
-mysql -u root <<-EOF
+   mysql -u root <<-EOF
-	DROP DATABASE IF EXISTS test;
+   	DROP DATABASE IF EXISTS test;
 EOF
 EOFF
-cat <<-EOFF
+   cat <<-EOFF
-mysql -u root <<-EOF
+   mysql -u root <<-EOF
-	DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'
+   	DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'
 EOF
 EOFF
    
-# flush privileges
+   # flush privileges
-cat <<-EOFF
+   cat <<-EOFF
-mysql -u root <<-EOF
+   mysql -u root <<-EOF
-	FLUSH PRIVILEGES;
+   	FLUSH PRIVILEGES;
 EOF
 EOFF
 
+   # if we don't want to overwrite the .my.cnf, then restore the backup now
+   if [ "$no_my_cnf" == "true" ]; then
+      mv /root/.my.cnf.cdist.bkp /root/.my.cnf 
+   fi
+
+fi

conf/type/__mysql_server/man.text

@@ -10,7 +10,10 @@ cdist-type__mysql_server - Manage a MySQL server
 
 DESCRIPTION
 -----------
-This cdist type allows you to install a MySQL database server.
+This cdist type allows you to install a MySQL database server. The
+__mysql_server type also takes care of a few basic security tweaks that are 
+normally done by running the mysql_secure_installation script that is provided
+with MySQL.
 
 
 REQUIRED PARAMETERS
@@ -21,14 +24,28 @@ password::
 
 OPTIONAL PARAMETERS
 -------------------
-None.
+no_my_cnf::
+   The /root/.my.cnf file is used to temporary store the root password when doing
+   the mysql_secure_installation. If you want to have your own .my.cnf file, then
+   specify --no_my_cnf "true".
+   Cdist will then place your original /root/.my.cnf back once cdist has run.
 
 
 EXAMPLES
 --------
 
 --------------------------------------------------------------------------------
+# to install a MySQL server
+__mysql_server
+
+# to install a MySQL server, remove remote access, remove test databases 
+# similar to mysql_secure_installation, specify the root password
 __mysql_server --password "Uu9jooKe"
+# this will also write a /root/.my.cnf file
+
+# if you don't want cdist to write a /root/.my.cnf file permanently, specify
+# the --no_my_cnf option
+__mysql_server --password "Uu9jooKe" --no_my_cnf
 --------------------------------------------------------------------------------
 
 

conf/type/__mysql_server/manifest

@@ -22,6 +22,20 @@
 # install mysql-server
 __package mysql-server --state installed
 
-# store the root password in /root/.my.cnf so that processes can connect
+if [ -f "$__object/parameter/no_my_cnf" ]; then
-# to the database without requiring a passwort input
+   no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
-__file "/root/.my.cnf" --group root --owner root --mode 600
+else
+   no_my_cnf="false"
+fi
+
+if [ -f "$__object/parameter/password" ]; then
+   rootpassword="$(cat "$__object/parameter/password")"
+else
+   rootpassword=""
+fi
+
+if [ "$no_my_cnf" != "true" -a "$rootpassword" != "" ]; then
+   # store the root password in /root/.my.cnf so that processes can connect
+   # to the database without requiring a passwort input
+   __file "/root/.my.cnf" --group root --owner root --mode 600
+fi

conf/type/__mysql_server/parameter/optional

@@ -0,0 +1,2 @@
+no_my_cnf
+password

conf/type/__mysql_server/parameter/required

@@ -1 +0,0 @@
-password