Remove default install root password if set

This commit is contained in:
Jesse Cotton 2015-03-03 15:55:42 +00:00
parent 60c0bfb869
commit a26b80d750
4 changed files with 34 additions and 0 deletions

View file

@ -6,6 +6,7 @@ class mysql::params {
$purge_conf_dir = false
$restart = false
$root_password = 'UNSET'
$install_secret_file = '/.mysql_secret'
$server_package_ensure = 'present'
$server_package_manage = true
$server_service_manage = true

View file

@ -3,6 +3,7 @@ class mysql::server (
$config_file = $mysql::params::config_file,
$includedir = $mysql::params::includedir,
$install_options = undef,
$install_secret_file = $mysql::params::install_secret_file,
$manage_config_file = $mysql::params::manage_config_file,
$old_root_password = $mysql::params::old_root_password,
$override_options = {},

View file

@ -2,12 +2,28 @@
class mysql::server::root_password {
$options = $mysql::server::options
$secret_file = $mysql::server::install_secret_file
# New installations of MySQL will configure a default random password for the root user
# with an expiration. No actions can be performed until this password is changed. The
# below exec will remove this default password. If the user has supplied a root
# password it will be set further down with the mysql_user resource.
$rm_pass_cmd = join([
"mysqladmin -u root --password=\$(grep -o '[^ ]\\+\$' ${secret_file}) password ''",
"rm -f ${secret_file}"
], ' && ')
exec { 'remove install pass':
command => $rm_pass_cmd,
onlyif => "test -f ${secret_file}",
path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'
}
# manage root password if it is set
if $mysql::server::create_root_user == true and $mysql::server::root_password != 'UNSET' {
mysql_user { 'root@localhost':
ensure => present,
password_hash => mysql_password($mysql::server::root_password),
require => Exec['remove install pass']
}
}

View file

@ -61,6 +61,13 @@ describe 'mysql::server' do
context 'mysql::server::root_password' do
describe 'when defaults' do
it {
is_expected.to contain_exec('remove install pass').with(
:command => 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /.mysql_secret) password \'\' && rm -f /.mysql_secret',
:onlyif => 'test -f /.mysql_secret',
:path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'
)
}
it { is_expected.not_to contain_mysql_user('root@localhost') }
it { is_expected.not_to contain_file('/root/.my.cnf') }
end
@ -84,6 +91,15 @@ describe 'mysql::server' do
it { is_expected.not_to contain_mysql_user('root@localhost') }
it { is_expected.not_to contain_file('/root/.my.cnf') }
end
describe 'when install_secret_file set to /root/.mysql_secret' do
let(:params) {{ :install_secret_file => '/root/.mysql_secret' }}
it {
is_expected.to contain_exec('remove install pass').with(
:command => 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /root/.mysql_secret) password \'\' && rm -f /root/.mysql_secret',
:onlyif => 'test -f /root/.mysql_secret'
)
}
end
end
context 'mysql::server::providers' do