Per https://tickets.puppetlabs.com/browse/MODULES-3441, the mysql
module has behaviour which varies by server version. The version is
discovered by running mysqld -V. On hosts without a MySQL server
package install, this fails, which means that contrary to the README,
it's not actually possible to use this module to manage a remote db.
This PR moves the version string discovery into a new fact,
mysqld_version which is used by the provider. This makes it possible
to configure the db version with a custom fact when a remote db
(eg AWS RDS) is being managed.
MySQL from CentOS SCL repository is installed in different location. You should also check for binaries in this location.
Without this change puppet returns error like: Could not find a suitable provider for mysql_datadir
On Gentoo, mysql_install_db script is installed into /usr/share/mysql/scripts
and therefore is not found by mysql_datadir type.
This commit adds scripts path to ENV['PATH'] so it can be found.
MySQL-server-advanced installs install the 'mysql' directory in /var/lib/mysql by default,
therefore the check fails and does not run mysql_install_db.
Check is adjusted to check if any files exist in the directory.
Change the behaviour of applying user and grant related changes to use
the system database of MySQL.
This is a workaround to fix a bug in MySQL
(https://bugs.mysql.com/bug.php?id=65923) that causes users and grants
to be replicated, even if the "mysql" database should not be replicated.
Remove added notices and revert to debug
Add support for Percona
Use log-error for mysqld initialize
Improve description of error log argument
Should be --log-error
Default mysqld_type return value should be "mysql" if another type is not detected. Returning nil breaks mysql 5.7.11 on Ubuntu (at least) due to the conditional used in mysql_user provider.
This function is intended to check for the existence of a table before
declaring some resource, but this is neither portable (because functions
orun on the master, not the agent) nor one-run idempotent (because the
function would run before mysql is even installed, and would take two
runs to do anything).
The correct way of doing this would be to update the providers and
dependency ordering to handle the conditional states.
Luckily this was never released so it is backwards compatible.
Change mysql_grant provider to ignore/delete double-quotes -- as it does with single quotes and backticks -- in the returned list of existing grants. With ANSI_QUOTES enabled in MySQL's sql_mode, grant identifiers (e.g. database name) are quoted with double-quotes rather than backticks, for example "foo".* vs. `foo`.*. This breaks mysql_grant's evaluation of existing grants and causes it to apply grants with every run.
If a user exists in the database upon first Puppet run (for example, in the case of loading a database snapshot) and the run sets that user's :ensure attribute to 'absent', the mysql_grant provider will throw an error when the dependency chain causes it to try to destroy the grants associated with that user because the DROP statement from the mysql_user provider already removed the grants. To fix, we must check if the user exists before revoking the grants.
- Added MySQL version and flavour detection support
- Added mysql_datadir provider/type (replaces Exec[mysql_install_db])
- Added version specific parameters my.cnf ([mysqld-5.X] sections)
- Version specific user mangement SQL (ALTER USER for 5.7.6++ ...)
Rebased-By: David Schmitt <david.schmitt@puppetlabs.com>
The password column has been renamed to authentication_string in MySQL >=5.7.6.
By using: SELECT /*!50706 AUTHENTICATION_STRING AS */ PASSWORD the query will
continue to work in older versions as well as newer ones.
We want to make sure we are validating the entire user parameter (and
validating it consistently between mysql_user and mysql_grant).
Additionally, for munging we do not want to do anything that could
truncate the username.
instead of making mysql::db have a hard dependency on mysql::server, we
now have a (soft) dependency on it through the types (mysql_user, and
mysql_database) that mysql::db uses. (n.b.: mysql_grant depends on
mysql_user so it doesn't need an explicit dependency on mysql::server)
Starting MariaDB 10.0.0, usernames are now 80 long.
Our mysql_user and mysql_grant types now take that into consideration.
This check is *opportunistic*. It will only take place if the
mysql_version fact is available. If that is not the case, it will be
skipped, leaving the database itself to deal with it, and returning its
error verbatim to our users, if it does fail.
Our fixed and extended tests assume this isn't the first run, and the
fact is already in place.
https://tickets.puppetlabs.com/browse/MODULES-1676
This is identical to what PASSWORD('') in MySQL does:
5.6.22-debug-log> CREATE USER 'testpwd'@'localhost' IDENTIFIED BY 'foo';
Query OK, 0 rows affected (0.03 sec)
5.6.22-debug-log> SELECT User,Host,Password FROM mysql.user WHERE
User='testpwd';
+---------+-----------+-------------------------------------------+
| User | Host | Password |
+---------+-----------+-------------------------------------------+
| testpwd | localhost | *F3A2A51A9B0F2BE2468926B4132313728C250DBF |
+---------+-----------+-------------------------------------------+
1 row in set (0.01 sec)
5.6.22-debug-log> SET PASSWORD FOR 'testpwd'@'localhost' = PASSWORD('');
Query OK, 0 rows affected (0.00 sec)
5.6.22-debug-log> SELECT User,Host,Password FROM mysql.user WHERE
User='testpwd';
+---------+-----------+----------+
| User | Host | Password |
+---------+-----------+----------+
| testpwd | localhost | |
+---------+-----------+----------+
1 row in set (0.00 sec)
This uses CREATE USER xxx IDENTIFIED WITH yyy
For tests:
unix_socket is not loaded by default, so this might require:
install plugin unix_socket soname 'auth_socket.so';
The mysql_native_password plugin is available by default and
allows you to also set a password.
Try to make it compatible with MySQL < 5.5.7 it uses version
specific code with "/*!50508 stmt */"
This uses CREATE USER xxx IDENTIFIED WITH yyy
For tests:
unix_socket is not loaded by default, so this might require:
install plugin unix_socket soname 'auth_socket.so';
The mysql_native_password plugin is available by default and
allows you to also set a password.
As usernames containing special characters must be quoted, they
may have two extra characters that are not counted against the
size limit of 16 characters. This patch adds a regex to handle
this case.
Commit cdd7132ff9 added logic to catch invalid database usernames,
but the regex it uses fails to match usernames with special characters that are properly quoted,
causing errors with usernames that used to work in versions < 3.0.0. This fixes the regex so that
if the username is quoted, anything is allowed between the quotes.
From the docs (http://dev.mysql.com/doc/refman/5.5/en/identifiers.html):
"Permitted characters in quoted identifiers include the full Unicode Basic Multilingual Plane (BMP),
except U+0000"
