--password is optional now, and added --no_my_cnf option
if no password is specified, then __mysql_server simply installs the mysql-server package and doesn't perform any additional tasks. if --password is specified, it writes its own .my.cnf configuration file with the root password. This behaviour can be turned of by setting --no_my_cnf "true"
This commit is contained in:
		
					parent
					
						
							
								6a491080f8
							
						
					
				
			
			
				commit
				
					
						df512162cb
					
				
			
		
					 5 changed files with 101 additions and 44 deletions
				
			
		|  | @ -19,50 +19,75 @@ | |||
| # | ||||
| # | ||||
| 
 | ||||
| # to the database without requiring a passwort input | ||||
| rootpassword="$(cat "$__object/parameter/password")" | ||||
| if [ -f "$__object/parameter/no_my_cnf" ]; then | ||||
|    no_my_cnf="$(cat "$__object/parameter/no_my_cnf")" | ||||
| else | ||||
|    no_my_cnf="false" | ||||
| fi | ||||
| 
 | ||||
| # set root password | ||||
| echo "mysqladmin -u root password $rootpassword" | ||||
| if [ -f "$__object/parameter/password" ]; then | ||||
|    rootpassword="$(cat "$__object/parameter/password")" | ||||
| else | ||||
|    rootpassword="" | ||||
| fi | ||||
| 
 | ||||
| # store the root password in /root/.my.cnf so that processes can connect | ||||
| cat <<-EOFF | ||||
| cat <<-EOF > /root/.my.cnf | ||||
| 
 | ||||
| if [ "$rootpassword" != "" ]; then | ||||
|    # to the database without requiring a passwort input | ||||
|    # set root password | ||||
|    echo "mysqladmin -u root password $rootpassword" | ||||
| 
 | ||||
|    # if we don't want to overwrite the .my.cnf, then take a backup now | ||||
|    if [ "$no_my_cnf" == "true" ]; then | ||||
|       mv /root/.my.cnf /root/.my.cnf.cdist.bkp | ||||
|    fi | ||||
|     | ||||
|    # store the root password in /root/.my.cnf so that processes can connect | ||||
|    cat <<-EOFF | ||||
|    cat <<-EOF > /root/.my.cnf | ||||
|       [client] | ||||
|       password=$rootpassword | ||||
| EOF | ||||
| EOFF | ||||
| 
 | ||||
| # remove anonymous users | ||||
| cat <<-EOFF | ||||
| mysql -u root <<-EOF | ||||
| 
 | ||||
| 
 | ||||
|    # remove anonymous users | ||||
|    cat <<-EOFF | ||||
|    mysql -u root <<-EOF | ||||
|    	DELETE FROM mysql.user WHERE User=''; | ||||
| EOF | ||||
| EOFF | ||||
|     | ||||
| # remove remote-access for root | ||||
| cat <<-EOFF | ||||
| mysql -u root <<-EOF | ||||
|    # remove remote-access for root | ||||
|    cat <<-EOFF | ||||
|    mysql -u root <<-EOF | ||||
|    	DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; | ||||
| EOF | ||||
| EOFF | ||||
|     | ||||
| # remove test database | ||||
| cat <<-EOFF | ||||
| mysql -u root <<-EOF | ||||
|    # remove test database | ||||
|    cat <<-EOFF | ||||
|    mysql -u root <<-EOF | ||||
|    	DROP DATABASE IF EXISTS test; | ||||
| EOF | ||||
| EOFF | ||||
| cat <<-EOFF | ||||
| mysql -u root <<-EOF | ||||
|    cat <<-EOFF | ||||
|    mysql -u root <<-EOF | ||||
|    	DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' | ||||
| EOF | ||||
| EOFF | ||||
|     | ||||
| # flush privileges | ||||
| cat <<-EOFF | ||||
| mysql -u root <<-EOF | ||||
|    # flush privileges | ||||
|    cat <<-EOFF | ||||
|    mysql -u root <<-EOF | ||||
|    	FLUSH PRIVILEGES; | ||||
| EOF | ||||
| EOFF | ||||
| 
 | ||||
|    # if we don't want to overwrite the .my.cnf, then restore the backup now | ||||
|    if [ "$no_my_cnf" == "true" ]; then | ||||
|       mv /root/.my.cnf.cdist.bkp /root/.my.cnf  | ||||
|    fi | ||||
| 
 | ||||
| fi | ||||
|  |  | |||
|  | @ -10,7 +10,10 @@ cdist-type__mysql_server - Manage a MySQL server | |||
| 
 | ||||
| DESCRIPTION | ||||
| ----------- | ||||
| This cdist type allows you to install a MySQL database server. | ||||
| This cdist type allows you to install a MySQL database server. The | ||||
| __mysql_server type also takes care of a few basic security tweaks that are  | ||||
| normally done by running the mysql_secure_installation script that is provided | ||||
| with MySQL. | ||||
| 
 | ||||
| 
 | ||||
| REQUIRED PARAMETERS | ||||
|  | @ -21,14 +24,28 @@ password:: | |||
| 
 | ||||
| OPTIONAL PARAMETERS | ||||
| ------------------- | ||||
| None. | ||||
| no_my_cnf:: | ||||
|    The /root/.my.cnf file is used to temporary store the root password when doing | ||||
|    the mysql_secure_installation. If you want to have your own .my.cnf file, then | ||||
|    specify --no_my_cnf "true". | ||||
|    Cdist will then place your original /root/.my.cnf back once cdist has run. | ||||
| 
 | ||||
| 
 | ||||
| EXAMPLES | ||||
| -------- | ||||
| 
 | ||||
| -------------------------------------------------------------------------------- | ||||
| # to install a MySQL server | ||||
| __mysql_server | ||||
| 
 | ||||
| # to install a MySQL server, remove remote access, remove test databases  | ||||
| # similar to mysql_secure_installation, specify the root password | ||||
| __mysql_server --password "Uu9jooKe" | ||||
| # this will also write a /root/.my.cnf file | ||||
| 
 | ||||
| # if you don't want cdist to write a /root/.my.cnf file permanently, specify | ||||
| # the --no_my_cnf option | ||||
| __mysql_server --password "Uu9jooKe" --no_my_cnf | ||||
| -------------------------------------------------------------------------------- | ||||
| 
 | ||||
| 
 | ||||
|  |  | |||
|  | @ -22,6 +22,20 @@ | |||
| # install mysql-server | ||||
| __package mysql-server --state installed | ||||
| 
 | ||||
| # store the root password in /root/.my.cnf so that processes can connect | ||||
| # to the database without requiring a passwort input | ||||
| __file "/root/.my.cnf" --group root --owner root --mode 600 | ||||
| if [ -f "$__object/parameter/no_my_cnf" ]; then | ||||
|    no_my_cnf="$(cat "$__object/parameter/no_my_cnf")" | ||||
| else | ||||
|    no_my_cnf="false" | ||||
| fi | ||||
| 
 | ||||
| if [ -f "$__object/parameter/password" ]; then | ||||
|    rootpassword="$(cat "$__object/parameter/password")" | ||||
| else | ||||
|    rootpassword="" | ||||
| fi | ||||
| 
 | ||||
| if [ "$no_my_cnf" != "true" -a "$rootpassword" != "" ]; then | ||||
|    # store the root password in /root/.my.cnf so that processes can connect | ||||
|    # to the database without requiring a passwort input | ||||
|    __file "/root/.my.cnf" --group root --owner root --mode 600 | ||||
| fi | ||||
|  |  | |||
							
								
								
									
										2
									
								
								conf/type/__mysql_server/parameter/optional
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								conf/type/__mysql_server/parameter/optional
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,2 @@ | |||
| no_my_cnf | ||||
| password | ||||
|  | @ -1 +0,0 @@ | |||
| password | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue