Merge pull request #682 from eems-leo/process-secret-file

Remove default install root password if set
This commit is contained in:
JT (Jonny) 2015-08-06 15:14:19 +01:00
commit ced1a08c34
4 changed files with 34 additions and 0 deletions

View file

@ -5,6 +5,7 @@ class mysql::params {
$purge_conf_dir = false $purge_conf_dir = false
$restart = false $restart = false
$root_password = 'UNSET' $root_password = 'UNSET'
$install_secret_file = '/.mysql_secret'
$server_package_ensure = 'present' $server_package_ensure = 'present'
$server_package_manage = true $server_package_manage = true
$server_service_manage = true $server_service_manage = true

View file

@ -3,6 +3,7 @@ class mysql::server (
$config_file = $mysql::params::config_file, $config_file = $mysql::params::config_file,
$includedir = $mysql::params::includedir, $includedir = $mysql::params::includedir,
$install_options = undef, $install_options = undef,
$install_secret_file = $mysql::params::install_secret_file,
$manage_config_file = $mysql::params::manage_config_file, $manage_config_file = $mysql::params::manage_config_file,
$override_options = {}, $override_options = {},
$package_ensure = $mysql::params::server_package_ensure, $package_ensure = $mysql::params::server_package_ensure,

View file

@ -2,12 +2,28 @@
class mysql::server::root_password { class mysql::server::root_password {
$options = $mysql::server::options $options = $mysql::server::options
$secret_file = $mysql::server::install_secret_file
# New installations of MySQL will configure a default random password for the root user
# with an expiration. No actions can be performed until this password is changed. The
# below exec will remove this default password. If the user has supplied a root
# password it will be set further down with the mysql_user resource.
$rm_pass_cmd = join([
"mysqladmin -u root --password=\$(grep -o '[^ ]\\+\$' ${secret_file}) password ''",
"rm -f ${secret_file}"
], ' && ')
exec { 'remove install pass':
command => $rm_pass_cmd,
onlyif => "test -f ${secret_file}",
path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'
}
# manage root password if it is set # manage root password if it is set
if $mysql::server::create_root_user == true and $mysql::server::root_password != 'UNSET' { if $mysql::server::create_root_user == true and $mysql::server::root_password != 'UNSET' {
mysql_user { 'root@localhost': mysql_user { 'root@localhost':
ensure => present, ensure => present,
password_hash => mysql_password($mysql::server::root_password), password_hash => mysql_password($mysql::server::root_password),
require => Exec['remove install pass']
} }
} }

View file

@ -69,6 +69,13 @@ describe 'mysql::server' do
context 'mysql::server::root_password' do context 'mysql::server::root_password' do
describe 'when defaults' do describe 'when defaults' do
it {
is_expected.to contain_exec('remove install pass').with(
:command => 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /.mysql_secret) password \'\' && rm -f /.mysql_secret',
:onlyif => 'test -f /.mysql_secret',
:path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'
)
}
it { is_expected.not_to contain_mysql_user('root@localhost') } it { is_expected.not_to contain_mysql_user('root@localhost') }
it { is_expected.not_to contain_file('/root/.my.cnf') } it { is_expected.not_to contain_file('/root/.my.cnf') }
end end
@ -92,6 +99,15 @@ describe 'mysql::server' do
it { is_expected.not_to contain_mysql_user('root@localhost') } it { is_expected.not_to contain_mysql_user('root@localhost') }
it { is_expected.not_to contain_file('/root/.my.cnf') } it { is_expected.not_to contain_file('/root/.my.cnf') }
end end
describe 'when install_secret_file set to /root/.mysql_secret' do
let(:params) {{ :install_secret_file => '/root/.mysql_secret' }}
it {
is_expected.to contain_exec('remove install pass').with(
:command => 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /root/.mysql_secret) password \'\' && rm -f /root/.mysql_secret',
:onlyif => 'test -f /root/.mysql_secret'
)
}
end
end end
context 'mysql::server::providers' do context 'mysql::server::providers' do