From ff5c97342b37069d88bfd64f539ec9e150567333 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 20:40:03 +0100 Subject: [PATCH] new type "__mysql_server" installs a MySQL server and performs some basic security changes. --- conf/type/__mysql_server/files/my.cnf | 1 + conf/type/__mysql_server/man.text | 43 ++++++++++++++++ conf/type/__mysql_server/manifest | 57 +++++++++++++++++++++ conf/type/__mysql_server/parameter/required | 1 + conf/type/__mysql_server/singleton | 0 5 files changed, 102 insertions(+) create mode 100644 conf/type/__mysql_server/files/my.cnf create mode 100644 conf/type/__mysql_server/man.text create mode 100755 conf/type/__mysql_server/manifest create mode 100644 conf/type/__mysql_server/parameter/required create mode 100644 conf/type/__mysql_server/singleton diff --git a/conf/type/__mysql_server/files/my.cnf b/conf/type/__mysql_server/files/my.cnf new file mode 100644 index 00000000..bd651c46 --- /dev/null +++ b/conf/type/__mysql_server/files/my.cnf @@ -0,0 +1 @@ +[client] diff --git a/conf/type/__mysql_server/man.text b/conf/type/__mysql_server/man.text new file mode 100644 index 00000000..e1bcc5a5 --- /dev/null +++ b/conf/type/__mysql_server/man.text @@ -0,0 +1,43 @@ +cdist-type__issue(7) +==================== +Benedikt Koeppel + + +NAME +---- +cdist-type__mysql_server - Manage a MySQL server + + +DESCRIPTION +----------- +This cdist type allows you to install a MySQL database server. + + +REQUIRED PARAMETERS +------------------- +password:: + The root password to set. + + +OPTIONAL PARAMETERS +------------------- +None. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__mysql_server "mysql-server" --password "Uu9jooKe" +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2012 Benedikt Koeppel. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/conf/type/__mysql_server/manifest b/conf/type/__mysql_server/manifest new file mode 100755 index 00000000..88a585da --- /dev/null +++ b/conf/type/__mysql_server/manifest @@ -0,0 +1,57 @@ +#!/bin/sh +# +# 2012 Benedikt Koeppel (code@benediktkoeppel.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# + +# install mysql-server +__package mysql-server --state installed + +# store the root password in /root/.my.cnf so that processes can connect +# to the database without requiring a passwort input +rootpassword="$(cat "$__object/parameter/password")" +__file "/root/.my.cnf" --group root --user root --mode 600 --source "$__type/files/my.cnf" +require="__file/root/.my.cnf" \ + __addifnosuchline "/root/.my.cnf" --line "password=$rootpassword" + +# set root password +mysqladmin -u root password $rootpassword + +# remove anonymous users +mysql -u root -p <<-EOF + DELETE FROM mysql.user WHERE User=''; +EOF + +# remove remote-access for root +mysql -u root -p <<-EOF + DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; +EOF + +# remove test database +mysql -u root -p <<-EOF + DROP DATABASE test; +EOF +mysql -u root -p <<-EOF + DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' +EOF + +# flush privileges +mysql -u root -p <<-EOF + FLUSH PRIVILEGES; +EOF + diff --git a/conf/type/__mysql_server/parameter/required b/conf/type/__mysql_server/parameter/required new file mode 100644 index 00000000..f3097ab1 --- /dev/null +++ b/conf/type/__mysql_server/parameter/required @@ -0,0 +1 @@ +password diff --git a/conf/type/__mysql_server/singleton b/conf/type/__mysql_server/singleton new file mode 100644 index 00000000..e69de29b