Mercurial > repos > other > Puppet
annotate modules/mysql/manifests/server/root_password.pp @ 443:c6c9a2cfcfbd
Update MySQL module
Fixes a problem with MariaDB and blank certificate paths
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Mon, 08 May 2023 11:48:41 +0100 |
parents | 668df4711671 |
children | adf6fe9bbc17 |
rev | line source |
---|---|
389 | 1 # @summary |
244 | 2 # Private class for managing the root password |
3 # | |
4 # @api private | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 # |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 class mysql::server::root_password { |
389 | 7 if $mysql::server::root_password =~ Sensitive { |
8 $root_password = $mysql::server::root_password.unwrap | |
9 } else { | |
10 $root_password = $mysql::server::root_password | |
11 } | |
12 if $root_password == 'UNSET' { | |
13 $root_password_set = false | |
14 } else { | |
15 $root_password_set = true | |
16 } | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 |
389 | 18 $options = $mysql::server::_options |
244 | 19 $login_file = $mysql::server::login_file |
20 | |
21 # New installations of MySQL will configure a default random password for the root user | |
22 # with an expiration. No actions can be performed until this password is changed. The | |
23 # below exec will remove this default password. If the user has supplied a root | |
24 # password it will be set further down with the mysql_user resource. | |
25 exec { 'remove install pass': | |
443 | 26 command => "mysqladmin -u root --password=\$(grep -o '[^ ]\\+\$' /.mysql_secret) password && (rm -f /.mysql_secret; exit 0) || (rm -f /.mysql_secret; exit 1)", |
27 onlyif => [['test', '-f' ,'/.mysql_secret']], | |
389 | 28 path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin', |
244 | 29 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 # manage root password if it is set |
389 | 32 if $mysql::server::create_root_user and $root_password_set { |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 mysql_user { 'root@localhost': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
34 ensure => present, |
244 | 35 password_hash => mysql::password($mysql::server::root_password), |
389 | 36 require => Exec['remove install pass'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 } |
26
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
38 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 |
389 | 40 if $mysql::server::create_root_my_cnf and $root_password_set { |
41 # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado | |
443 | 42 file { "${facts['root_home']}/.my.cnf": |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 content => template('mysql/my.cnf.pass.erb'), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 owner => 'root', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 mode => '0600', |
26
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
46 } |
244 | 47 |
48 # show_diff was added with puppet 3.0 | |
443 | 49 if versioncmp($facts['puppetversion'], '3.0') >= 0 { |
50 File["${facts['root_home']}/.my.cnf"] { show_diff => false } | |
244 | 51 } |
389 | 52 if $mysql::server::create_root_user { |
443 | 53 Mysql_user['root@localhost'] -> File["${facts['root_home']}/.my.cnf"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 |
389 | 57 if $mysql::server::create_root_login_file and $root_password_set { |
443 | 58 file { "${facts['root_home']}/.mylogin.cnf": |
244 | 59 source => $login_file, |
60 owner => 'root', | |
61 mode => '0600', | |
62 } | |
63 } | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 } |