From 4158137278387de262dd8c92360d8786892ff3a1 Mon Sep 17 00:00:00 2001
From: Michael Arnold <github@razorsedge.org>
Date: Mon, 23 Apr 2012 22:53:59 -0700
Subject: [PATCH 1/4] Added mysql::backup class.

Installs a mysql backup script, cronjob, and priviledged backup user.
Includes rspec tests and updated documentation.
---
 README.md                         | 10 +++++
 manifests/backup.pp               | 72 +++++++++++++++++++++++++++++++
 manifests/params.pp               |  3 ++
 spec/classes/mysql_backup_spec.rb | 33 ++++++++++++++
 templates/mysqlbackup.sh.erb      | 23 ++++++++++
 tests/backup.pp                   |  8 ++++
 6 files changed, 149 insertions(+)
 create mode 100644 manifests/backup.pp
 create mode 100644 spec/classes/mysql_backup_spec.rb
 create mode 100644 templates/mysqlbackup.sh.erb
 create mode 100644 tests/backup.pp

diff --git a/README.md b/README.md
index 87695c4..6e99758 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ This module is based on work by David Schmitt. The following contributor have co
 * Lowe Schmidt
 * Matthias Pigulla
 * William Van Hevelingen
+* Michael Arnold
 
 ## Usage
 
@@ -75,6 +76,15 @@ Creates a database with a user and assign some privileges.
       grant    => ['all'],
     }
 
+### mysql::backup
+Installs a mysql backup script, cronjob, and priviledged backup user.
+
+    class { 'mysql::backup':
+      backupuser     => 'myuser',
+      backuppassword => 'mypassword',
+      backupdir      => '/tmp/backups',
+    }
+
 ### Providers for database types:
 MySQL provider supports puppet resources command:
 
diff --git a/manifests/backup.pp b/manifests/backup.pp
new file mode 100644
index 0000000..e4b0cb1
--- /dev/null
+++ b/manifests/backup.pp
@@ -0,0 +1,72 @@
+# Class: mysql::backup
+#
+# This module handles ...
+#
+# Parameters:
+#   [*backupuser*]     - The name of the mysql backup user.
+#   [*backuppassword*] - The password of the mysql backup user.
+#   [*backupdir*]      - The target directory of the mysqldump.
+#
+# Actions:
+#   GRANT SELECT, RELOAD, LOCK TABLES ON *.* TO 'user'@'localhost'
+#    IDENTIFIED BY 'password';
+#
+# Requires:
+#   Class['mysql::config']
+#
+# Sample Usage:
+#   class { 'mysql::backup':
+#     backupuser     => 'myuser',
+#     backuppassword => 'mypassword',
+#     backupdir      => '/tmp/backups',
+#   }
+#
+class mysql::backup (
+  $ensure         = 'present',
+  $backupuser     = $mysql::params::backupuser,
+  $backuppassword = $mysql::params::backuppassword,
+  $backupdir      = $mysql::params::backupdir
+) {
+
+  if $backupuser == 'UNSET' or $backupdir == 'UNSET' or $backuppassword == 'UNSET' {
+    fail('mysql::backup - You must specify a backup user, password, and target directory.')
+  }
+
+  database_user { "${backupuser}@localhost":
+    ensure        => $ensure,
+    password_hash => mysql_password($backuppassword),
+    provider      => 'mysql',
+    require       => Class['mysql::config'],
+  }
+
+  database_grant { "${backupuser}@localhost":
+    privileges => [ 'select_priv', 'reload_priv', 'lock_tables_priv' ],
+    require    => Database_user["${backupuser}@localhost"],
+  }
+
+  cron { 'mysql-backup':
+    ensure  => $ensure,
+    command => '/usr/local/sbin/mysqlbackup.sh',
+    user    => 'root',
+    hour    => 23,
+    minute  => 5,
+    require => File['mysqlbackup.sh'],
+  }
+
+  file { 'mysqlbackup.sh':
+    ensure  => $ensure,
+    path    => '/usr/local/sbin/mysqlbackup.sh',
+    mode    => '0700',
+    owner   => 'root',
+    group   => 'root',
+    content => template('mysql/mysqlbackup.sh.erb'),
+  }
+
+  file { 'mysqlbackupdir':
+    ensure => 'directory',
+    path   => $backupdir,
+    mode   => '0700',
+    owner  => 'root',
+    group  => 'root',
+  }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
index 9c732ec..f6940c2 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -21,6 +21,9 @@ class mysql::params {
   $ssl_ca              = '/etc/mysql/cacert.pem'
   $ssl_cert            = '/etc/mysql/server-cert.pem'
   $ssl_key             = '/etc/mysql/server-key.pem'
+  $backupuser          = 'UNSET'
+  $backuppassword      = 'UNSET'
+  $backupdir           = 'UNSET'
 
   case $::operatingsystem {
     "Ubuntu": {
diff --git a/spec/classes/mysql_backup_spec.rb b/spec/classes/mysql_backup_spec.rb
new file mode 100644
index 0000000..1509174
--- /dev/null
+++ b/spec/classes/mysql_backup_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe 'mysql::backup' do
+
+  let(:params) {
+    { 'backupuser'     => 'testuser',
+      'backuppassword' => 'testpass',
+      'backupdir'      => '/tmp',
+    }
+  }
+
+  it { should contain_database_user('testuser@localhost')}
+
+  it { should contain_database_grant('testuser@localhost').with(
+    :privileges => [ 'select_priv', 'reload_priv', 'lock_tables_priv' ]
+  )}
+
+  it { should contain_cron('mysql-backup').with(
+    :command => '/usr/local/sbin/mysqlbackup.sh',
+    :ensure  => 'present'
+  )}
+
+  it { should contain_file('mysqlbackup.sh').with(
+    :path   => '/usr/local/sbin/mysqlbackup.sh',
+    :ensure => 'present'
+  )}
+
+  it { should contain_file('mysqlbackupdir').with(
+    :path   => '/tmp',
+    :ensure => 'directory'
+  )}
+
+end
diff --git a/templates/mysqlbackup.sh.erb b/templates/mysqlbackup.sh.erb
new file mode 100644
index 0000000..a2dba33
--- /dev/null
+++ b/templates/mysqlbackup.sh.erb
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# MySQL Backup Script
+#  Dumps mysql databases to a file for another backup tool to pick up.
+#
+# MySQL code:
+# GRANT SELECT, RELOAD, LOCK TABLES ON *.* TO 'user'@'localhost'
+# IDENTIFIED BY 'password';
+# FLUSH PRIVILEGES;
+#
+##### START CONFIG ###################################################
+
+USER=<%= backupuser %>
+PASS=<%= backuppassword %>
+DIR=<%= backupdir %>
+
+##### STOP CONFIG ####################################################
+PATH=/usr/bin:/usr/sbin:/bin:/sbin
+
+find $DIR -mtime +30 -exec rm -f {} \;
+mysqldump -u${USER} -p${PASS} --opt --flush-logs --single-transaction \
+ --all-databases | bzcat -zc > ${DIR}/mysql_backup_`date +%Y%m%d-%H%M%S`.sql.bz2
+
diff --git a/tests/backup.pp b/tests/backup.pp
new file mode 100644
index 0000000..cb669e6
--- /dev/null
+++ b/tests/backup.pp
@@ -0,0 +1,8 @@
+class { 'mysql::server':
+  config_hash => {'root_password' => 'password'}
+}
+class { 'mysql::backup':
+  backupuser     => 'myuser',
+  backuppassword => 'mypassword',
+  backupdir      => '/tmp/backups',
+}

From fbee243ff6dbd477e5ebba52b4e086e07539d040 Mon Sep 17 00:00:00 2001
From: Michael Arnold <github@razorsedge.org>
Date: Mon, 30 Apr 2012 08:07:46 -0700
Subject: [PATCH 2/4] Rip out backup class parameter defaults.

No need for setting default values to class parameters and then testing
to confirm they are set to non-default values.  Simply do not give them
values to begin with.
---
 manifests/backup.pp | 12 ++++--------
 manifests/params.pp |  3 ---
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/manifests/backup.pp b/manifests/backup.pp
index e4b0cb1..94139f2 100644
--- a/manifests/backup.pp
+++ b/manifests/backup.pp
@@ -22,16 +22,12 @@
 #   }
 #
 class mysql::backup (
-  $ensure         = 'present',
-  $backupuser     = $mysql::params::backupuser,
-  $backuppassword = $mysql::params::backuppassword,
-  $backupdir      = $mysql::params::backupdir
+  $backupuser,
+  $backuppassword,
+  $backupdir,
+  $ensure = 'present'
 ) {
 
-  if $backupuser == 'UNSET' or $backupdir == 'UNSET' or $backuppassword == 'UNSET' {
-    fail('mysql::backup - You must specify a backup user, password, and target directory.')
-  }
-
   database_user { "${backupuser}@localhost":
     ensure        => $ensure,
     password_hash => mysql_password($backuppassword),
diff --git a/manifests/params.pp b/manifests/params.pp
index f6940c2..9c732ec 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -21,9 +21,6 @@ class mysql::params {
   $ssl_ca              = '/etc/mysql/cacert.pem'
   $ssl_cert            = '/etc/mysql/server-cert.pem'
   $ssl_key             = '/etc/mysql/server-key.pem'
-  $backupuser          = 'UNSET'
-  $backuppassword      = 'UNSET'
-  $backupdir           = 'UNSET'
 
   case $::operatingsystem {
     "Ubuntu": {

From 70d14e84d79a08e25705502c67a9e06a940955ec Mon Sep 17 00:00:00 2001
From: Michael Arnold <github@razorsedge.org>
Date: Thu, 3 May 2012 19:54:32 -0700
Subject: [PATCH 3/4] Update privilege names to comply with 3fbb54de6c.

---
 manifests/backup.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/backup.pp b/manifests/backup.pp
index 94139f2..741d497 100644
--- a/manifests/backup.pp
+++ b/manifests/backup.pp
@@ -36,7 +36,7 @@ class mysql::backup (
   }
 
   database_grant { "${backupuser}@localhost":
-    privileges => [ 'select_priv', 'reload_priv', 'lock_tables_priv' ],
+    privileges => [ 'Select_priv', 'Reload_priv', 'Lock_tables_priv' ],
     require    => Database_user["${backupuser}@localhost"],
   }
 

From c06f82eef7f99db4ff47300bacad7b4b7e41b0a0 Mon Sep 17 00:00:00 2001
From: Michael Arnold <github@razorsedge.org>
Date: Thu, 3 May 2012 19:58:25 -0700
Subject: [PATCH 4/4] Update privilege names to comply with 3fbb54de6c.

Forgot to update the rspec test.
---
 spec/classes/mysql_backup_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/classes/mysql_backup_spec.rb b/spec/classes/mysql_backup_spec.rb
index 1509174..e7f99b8 100644
--- a/spec/classes/mysql_backup_spec.rb
+++ b/spec/classes/mysql_backup_spec.rb
@@ -12,7 +12,7 @@ describe 'mysql::backup' do
   it { should contain_database_user('testuser@localhost')}
 
   it { should contain_database_grant('testuser@localhost').with(
-    :privileges => [ 'select_priv', 'reload_priv', 'lock_tables_priv' ]
+    :privileges => [ 'Select_priv', 'Reload_priv', 'Lock_tables_priv' ]
   )}
 
   it { should contain_cron('mysql-backup').with(