Remove added notices and revert to debug
Add support for Percona
Use log-error for mysqld initialize
Improve description of error log argument
Should be --log-error
- Added MySQL version and flavour detection support
- Added mysql_datadir provider/type (replaces Exec[mysql_install_db])
- Added version specific parameters my.cnf ([mysqld-5.X] sections)
- Version specific user mangement SQL (ALTER USER for 5.7.6++ ...)
Rebased-By: David Schmitt <david.schmitt@puppetlabs.com>
We want to make sure we are validating the entire user parameter (and
validating it consistently between mysql_user and mysql_grant).
Additionally, for munging we do not want to do anything that could
truncate the username.
instead of making mysql::db have a hard dependency on mysql::server, we
now have a (soft) dependency on it through the types (mysql_user, and
mysql_database) that mysql::db uses. (n.b.: mysql_grant depends on
mysql_user so it doesn't need an explicit dependency on mysql::server)
Starting MariaDB 10.0.0, usernames are now 80 long.
Our mysql_user and mysql_grant types now take that into consideration.
This check is *opportunistic*. It will only take place if the
mysql_version fact is available. If that is not the case, it will be
skipped, leaving the database itself to deal with it, and returning its
error verbatim to our users, if it does fail.
Our fixed and extended tests assume this isn't the first run, and the
fact is already in place.
https://tickets.puppetlabs.com/browse/MODULES-1676
This is identical to what PASSWORD('') in MySQL does:
5.6.22-debug-log> CREATE USER 'testpwd'@'localhost' IDENTIFIED BY 'foo';
Query OK, 0 rows affected (0.03 sec)
5.6.22-debug-log> SELECT User,Host,Password FROM mysql.user WHERE
User='testpwd';
+---------+-----------+-------------------------------------------+
| User | Host | Password |
+---------+-----------+-------------------------------------------+
| testpwd | localhost | *F3A2A51A9B0F2BE2468926B4132313728C250DBF |
+---------+-----------+-------------------------------------------+
1 row in set (0.01 sec)
5.6.22-debug-log> SET PASSWORD FOR 'testpwd'@'localhost' = PASSWORD('');
Query OK, 0 rows affected (0.00 sec)
5.6.22-debug-log> SELECT User,Host,Password FROM mysql.user WHERE
User='testpwd';
+---------+-----------+----------+
| User | Host | Password |
+---------+-----------+----------+
| testpwd | localhost | |
+---------+-----------+----------+
1 row in set (0.00 sec)
This uses CREATE USER xxx IDENTIFIED WITH yyy
For tests:
unix_socket is not loaded by default, so this might require:
install plugin unix_socket soname 'auth_socket.so';
The mysql_native_password plugin is available by default and
allows you to also set a password.
Try to make it compatible with MySQL < 5.5.7 it uses version
specific code with "/*!50508 stmt */"
This uses CREATE USER xxx IDENTIFIED WITH yyy
For tests:
unix_socket is not loaded by default, so this might require:
install plugin unix_socket soname 'auth_socket.so';
The mysql_native_password plugin is available by default and
allows you to also set a password.
As usernames containing special characters must be quoted, they
may have two extra characters that are not counted against the
size limit of 16 characters. This patch adds a regex to handle
this case.
Commit cdd7132ff9 added logic to catch invalid database usernames,
but the regex it uses fails to match usernames with special characters that are properly quoted,
causing errors with usernames that used to work in versions < 3.0.0. This fixes the regex so that
if the username is quoted, anything is allowed between the quotes.
From the docs (http://dev.mysql.com/doc/refman/5.5/en/identifiers.html):
"Permitted characters in quoted identifiers include the full Unicode Basic Multilingual Plane (BMP),
except U+0000"
As per http://dev.mysql.com/doc/refman/5.5/en/identifiers.html , MySQL
allows for more than '\w-'. This commit improves the check to ensure
that:
- if username only contains [0-9a-zA-Z$_], it might be quoted. It is
not a requirement though
- if username contains anything else, it MUST be quoted
I kept 2 checks, but the 2nd one can probably be removed (I can't find a
username which match the 2nd one but not the first.)
mysql_grant has an autorequire()'d dependency on the .my.cnf file used
by the provider to talk to the database.
I've added this to mysql_database and mysql_user too since logically
these also need the file to be in place.
I've hit this bug because of a slightly unusual edge case in our own
manifests, but I think this fix belongs upstream regardless.
This addresses https://tickets.puppetlabs.com/browse/MODULES-1040.
The user parameter is required to have the form username@host. A grant
is identified in the instances method by a name of the form
username@host/table. The resource will fail to be identified as already
existing if the name given to the resource does not match this form.
MySQL/MariaDB automatically downcase hostnames:
MariaDB [mysql]> create user 'testuser'@'HOSTNAME';
MariaDB [mysql]> select user,host from user where host = 'hostname';
+----------+----------+
| user | host |
+----------+----------+
| testuser | hostname |
+----------+----------+
This causes problems when a mysql_user or datbase_user has an hostname
with non-lowercase characters:
database_user { "root@HOSTNAME":
ensure => absent,
}
The SELECT statements used to determine if the user exists will fail
because the comparisons use "HOSTNAME" but the database has "hostname".
This patch forces the hostname part of "user@hostname" to lower case in
the custom type definitions.
Because arrays are ordered lists, Puppet compares the list of retrieved
privileges against the defined privilege list. This causes it to
reapply privilege if the ordering differs. We now forcibly order in
the type and the provider to make sure we never falsely reapply
privileges.
This provider has undergone the largest set of changes and currently
just accepts a full SQL grant string as the name and then applies it,
making things easier for DBAs and removes the awkward attempts at
modelling grants into Puppet.
This work adds max_connections_per_hour, max_queries_per_hour, and
max_updates_per_hour support to the provider and extends self.instances to add
in the new parameters when checking existing users. It also adds
self.prefetch in order to speed up Puppet runs.
Provider is also switched to using mk_resource_methods to generate
all the resource readers, and exists? and other methods now use the
property_hash where appropriate.
Tests rewritten to handle changes and extend code coverage.
Add collate as a new managable parameter, and extend self.instances to
add in all parameters when checking existing databases. It also adds
self.prefetch in order to speed up Puppet runs.
Provider is also switched to using mk_resource_methods to generate
all the resource readers, and exists? and other methods now use the
property_hash where appropriate.
Tests rewritten to handle changes and extend code coverage.
The incorrect regex did not all for the anonymous mysql users to be
removed via the mysql::server::account_security class. The regex is now
increased to cover for @localhost and @%.
This is a major change to the module and would be released as a new
version.
* Add self.instances to database and database_user for puppet resource.
* Update database provider to use flush method.
* Update module to conform to puppet-lint recommendations.
* Cleanup some unecessary logic in mysql::db define type.
* Move mysql_restart to config class.
* Use class to class dependency instead of resource dependency.
* Change appropriate rspec-puppet tests.
* Add fixtures directory to simplify testing.
* Update raketask and spec_helper to reflect fixture changes.
* Update mysql_password function to support validation.
* Move client installation to a separate class.
* Update documentation and readme.
