Commit graph

165 commits

Author SHA1 Message Date
Micah Anderson
2fc3849818 Instead of doing an update table_priv, we need to do GRANT/REVOKE statements
When we are working with tables_priv we need to first get a downcased array of the currently set privileges, and a downcased array of the desired permissions.

Then we make a list of the permissions to revoke by subtracting the requested permissions from the currently set ones.

If the list of permissions to revoke is not empty, then we issue a REVOKE.

Then we make a list of the permissions to add by subtracting the requested permissions from the current set (no need to add select again if it is already there).

Then if the set of permissions to add is not empty, then we actually execute the statement.
2012-01-01 15:43:47 -05:00
Micah Anderson
7f10702c5a table privileges need to be handled with GRANT/REVOKE statements instead of inserts of Y/N values into the table.
To handle this, this comment removes the create_row for table_privs, it also selects the actual value of the Table_priv so its value can be used instead of the method that is used for Y/N value settings
2012-01-01 15:35:44 -05:00
Micah Anderson
c650057bdc change the type name and the table_name to be less confusing 2012-01-01 15:30:40 -05:00
Micah Anderson
d42aafd7a8 changed the matches regexp to be not greedy so other things like tables and columns can be matched 2012-01-01 15:29:09 -05:00
Micah Anderson
b869455c74 table privileges don't have the name with _privs on the end, also the actually available privileges are less than was originally thought, so I trimmed those down 2012-01-01 15:28:30 -05:00
Micah Anderson
ae6dab7c25 add column grant to mysql_grant 2011-12-30 12:39:27 -05:00
Micah Anderson
1faf0b322f add table grant privilege handling to mysql_grant 2011-12-30 12:32:19 -05:00
Micah Anderson
e68fdf60f5 Merge remote-tracking branch 'riseup/master' 2011-12-30 12:22:50 -05:00
Micah Anderson
dfd86c83a3 Revert "add table and column privilege management to mysql_grant"
This reverts commit 74bf6b84e4. It was
accidentally pushed to shared_mysql before it was ready
2011-12-30 12:20:14 -05:00
Micah Anderson
74bf6b84e4 add table and column privilege management to mysql_grant 2011-12-30 12:11:03 -05:00
mh
8e18c75911 add admin_user define with trocla 2011-10-27 23:28:10 +02:00
mh
8ff5e446d6 make it possible to retrieve password from trocla 2011-10-18 02:55:10 +02:00
mh
585cbc381b fix grant on newer mysql version
MySQL introduced some new privileges in Versions > 5.1.6, add them
to our set, so puppet still knows what :all is.
2011-05-12 22:13:37 +02:00
mh
b8b6705865 we should pass the architecture to devel packages 2011-04-03 12:50:25 +02:00
Laurent Bachelier
fb1ec5b777 --all is deprecated 2011-03-18 17:51:34 +01:00
Laurent Bachelier
27c37a5b1b BDB is not compiled anymore on Debian systems
It would make the daemon fail to load if put in the config.
2011-03-17 15:55:13 +01:00
mh
d31940e3f0 Remove other default accounts due to security reasons 2011-02-25 17:27:19 +01:00
mh
995a291afa improve default database define to also support setting db and user to absent 2011-02-14 19:30:18 +01:00
mh
356fdab814 add some other mysql plugins 2010-12-21 22:10:34 +01:00
Gabriel Filion
e894ddb718 Avoid root password leak to process list
The current procedure of setting the root MySQL password leaks the root
password by giving it to the setmysqlpass.sh script on the command line.
This means that during the couple of seconds that the script is
executing, the password is visible in the process list!

Since we're already writing the password in the /root/.my.cnf file, make
the setmysqlpass.sh script parse this file to retrieve the password
instead of receiving it from a command line argument.

Also, in some shells the 'echo' command might appear in the process
list. Use a heredoc notation to create the output without using a
command.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2010-12-18 12:50:17 +01:00
Gabriel Filion
af8b414c32 Avoid root password leak to process list
The current procedure of setting the root MySQL password leaks the root
password by giving it to the setmysqlpass.sh script on the command line.
This means that during the couple of seconds that the script is
executing, the password is visible in the process list!

Since we're already writing the password in the /root/.my.cnf file, make
the setmysqlpass.sh script parse this file to retrieve the password
instead of receiving it from a command line argument.

Also, in some shells the 'echo' command might appear in the process
list. Use a heredoc notation to create the output without using a
command.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2010-12-15 08:30:53 -05:00
Micah Anderson
eeb5febdaa add mysql::client::perl, same as mysql::client::ruby 2010-11-02 21:32:39 -04:00
Micah Anderson
9583889456 add mysql munin graphs and adjust the file distribution to match the right location of where they are 2010-11-01 19:43:23 -04:00
Micah Anderson
b48f864b30 fully qualify the path to mysqladmin, without it, you will get this error:
Parameter unless failed: 'mysqladmin -uroot status > /dev/null' is both unqualifed and specified no search path at /etc/puppet/modules/mysql/manifests/server/base.pp:62

unless you have set globally:

Exec { path => "/usr/bin:/usr/sbin/:/bin:/sbin:/usr/local/bin:/usr/local/sbin" }
2010-10-29 15:05:16 -04:00
Micah Anderson
8067a1042b fixed stray semicolon 2010-10-26 17:39:40 -04:00
Micah Anderson
f43c0c883a fix script_path_in parameter 2010-10-26 17:37:36 -04:00
Micah Anderson
78fa3e62cf fix munin script path 2010-10-26 13:05:40 -04:00
Micah Anderson
9871e9319c move the mysql::server::munin::base class to its own file 2010-10-26 11:28:17 -04:00
Micah Anderson
b1ef87fbda fix incorrect munin graph names 2010-10-26 11:27:59 -04:00
Micah Anderson
50b6789a3a add the mysql munin graphs:
. mysql_connections
 . mysql_qcache
 . mysql_qcache_mem
 . mysql_size_all
2010-10-26 11:12:14 -04:00
Micah Anderson
fa67257056 . remove the check_mysql_health script from the mysql module, instead it belongs in the nagios module
. change the default nagios::service::mysql check to use the check_mysql_health 'connection-time' check mode, which is identical to the original check, with some additional information

. stop using nagios::plugin::deploy because this doesn't work when more than one node attempts to realize this class

. stop exporting the nagios_command because this doesn't work when more than one node attempts to realize this class

. remove the check_health define, instead this be how it was before, as the previous nagios::service::mysql define
2010-10-18 20:52:42 -04:00
Micah Anderson
f52a66ea0e change the default $check_hostname variable to be the localhost interface. This seems to make more sense than using $fqdn 2010-10-18 15:50:26 -04:00
Micah Anderson
32fa53a593 add a README which describes all the functionality, how to use it, and the pre-requisites necessary for the module 2010-10-17 19:02:06 -04:00
Micah Anderson
6031165200 simplify the nagios check_mysql_health plugin process:
1. use the new plugin deploy feature in nagios (nagios::plugin::deploy)
2. remove unnecessary classes and inheritance - this plugin seems reasonable to install by default, and in fact it could be argued that the other 'check_mysql' plugin that still remains can be removed, as its functionality is vastly overshadowed by this one
3. add the 'repl_client_priv' mysql grant privs to the nagios user. these are needed for the check_mysql_health plugin slave replication modes. According to http://dev.mysql.com/doc/refman/5.0/en/privileges-provided.html#priv_replication-client - The REPLICATION CLIENT privilege enables the use of SHOW MASTER STATUS and SHOW SLAVE STATUS. These privileges are not too much to provide to the nagios user, as they are only informational
4. setup the define "check_health" so it can be used easily
2010-10-17 18:23:42 -04:00
Micah Anderson
9463479afa add new version of check_mysql_health plugin 2010-10-17 14:30:59 -04:00
Micah Anderson
784bd6271f add a more advanced mysql health check plugin:
* create a mysql::server::nagios::base class with the common parts needed for the basic plugin, and the health plugin
 * make mysql::server:nagios inherit mysql::server:nagios::base
 * create a new class mysql::server::nagios::check_health inheriting ::base

the nagios module has also received a new define to setup the different nagios::service pieces for the different health check modes that might be desired

its assumed you would setup the different health check modes in site-mysql/init.pp as different hosts will require different modes and/or parameters, for example:

class site-mysql::server {
  include mysql::server::nagios::check_health

  nagios::service::mysql_health { [ 'connection-time', 'uptime', 'threads-connected', 'threadcache-hitrate' ]:
    require => Mysql_grant[$nagios_mysql_user],
  }

  case $hostname {
    "eider": {
      nagios::service::mysql_health { [ 'slave-io-running', 'slave-sql-running', 'slave-lag' ]:
    require => Mysql_grant[$nagios_mysql_user],
      }
    }
  }
}
2010-09-27 13:18:51 -04:00
Micah Anderson
c4fa879120 fixing merge error which removed a / -- round 2 2010-09-22 19:50:01 -04:00
Micah Anderson
892a2c5f63 fixing merge error which removed a / 2010-09-22 19:38:17 -04:00
Micah Anderson
7b1d2925b9 fix pathing, its /usr not /user 2010-09-22 19:31:06 -04:00
Micah Anderson
a3e7b031a3 Merge remote branch 'remotes/immerda/master'
Conflicts:
	manifests/server/base.pp
2010-09-22 13:12:51 -04:00
Micah Anderson
316e752933 remove license reference from init.pp, as there is no LICENSE file to be referenced 2010-09-22 12:57:16 -04:00
Micah Anderson
eaf52f77a3 increase timeout before killing to account for slower startup speed of larger databases 2010-09-22 12:55:10 -04:00
Micah Anderson
deec3d6a6d add copyright notice in header 2010-09-22 12:53:03 -04:00
Micah Anderson
31de67a0f9 allow for different my.cnf files according to the OS release 2010-09-22 12:52:50 -04:00
Micah Anderson
f1f1d212c1 require package mysql-server for service mysql instead of mysql-client 2010-09-22 12:37:46 -04:00
mh
24d7c6aa24 remove unnecessary fileserver variable (#2460) round II 2010-08-11 15:57:43 +02:00
mh
3bba0859e1 get rid off expensive which call 2010-08-11 10:40:24 +02:00
mh
2f3df107de remove unnecessary fileserver variable (#2460) 2010-08-07 02:12:20 +02:00
mh
0357ccaddc add define to manage a common db/user setup
a db and a corresponding user with all access to that database.
2010-07-21 07:09:55 +02:00
mh
fd690bd339 some minor updates to the providers 2010-07-21 07:04:11 +02:00