Mercurial > repos > other > Puppet

annotate modules/mysql/manifests/server/root_password.pp @ 443:c6c9a2cfcfbd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update MySQL module Fixes a problem with MariaDB and blank certificate paths
author IBBoard <dev@ibboard.co.uk>
date Mon, 08 May 2023 11:48:41 +0100
parents 668df4711671
children adf6fe9bbc17
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
1 # @summary
244
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
2 # Private class for managing the root password
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
3 #
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
4 # @api private
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 #
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
6 class mysql::server::root_password {
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
7 if $mysql::server::root_password =~ Sensitive {
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
8 $root_password = $mysql::server::root_password.unwrap
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
9 } else {
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
10 $root_password = $mysql::server::root_password
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
11 }
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
12 if $root_password == 'UNSET' {
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
13 $root_password_set = false
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
14 } else {
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
15 $root_password_set = true
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
16 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
17
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
18 $options = $mysql::server::_options
244
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
19 $login_file = $mysql::server::login_file
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
20
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
21 # New installations of MySQL will configure a default random password for the root user
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
22 # with an expiration. No actions can be performed until this password is changed. The
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
23 # below exec will remove this default password. If the user has supplied a root
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
24 # password it will be set further down with the mysql_user resource.
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
25 exec { 'remove install pass':
443
c6c9a2cfcfbd Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 389
diff changeset
26 command => "mysqladmin -u root --password=\$(grep -o '[^ ]\\+\$' /.mysql_secret) password && (rm -f /.mysql_secret; exit 0) || (rm -f /.mysql_secret; exit 1)",
c6c9a2cfcfbd Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 389
diff changeset
27 onlyif => [['test', '-f' ,'/.mysql_secret']],
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
28 path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin',
244
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
29 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
30
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
31 # manage root password if it is set
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
32 if $mysql::server::create_root_user and $root_password_set {
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 mysql_user { 'root@localhost':
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
34 ensure => present,
244
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
35 password_hash => mysql::password($mysql::server::root_password),
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
36 require => Exec['remove install pass'],
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
37 }
26
58d1818c2ded Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
38 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
40 if $mysql::server::create_root_my_cnf and $root_password_set {
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
41 # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado
443
c6c9a2cfcfbd Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 389
diff changeset
42 file { "${facts['root_home']}/.my.cnf":
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
43 content => template('mysql/my.cnf.pass.erb'),
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
44 owner => 'root',
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
45 mode => '0600',
26
58d1818c2ded Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
46 }
244
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
47
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
48 # show_diff was added with puppet 3.0
443
c6c9a2cfcfbd Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 389
diff changeset
49 if versioncmp($facts['puppetversion'], '3.0') >= 0 {
c6c9a2cfcfbd Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 389
diff changeset
50 File["${facts['root_home']}/.my.cnf"] { show_diff => false }
244
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
51 }
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
52 if $mysql::server::create_root_user {
443
c6c9a2cfcfbd Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 389
diff changeset
53 Mysql_user['root@localhost'] -> File["${facts['root_home']}/.my.cnf"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
54 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
55 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
56
389
668df4711671 Update MySQL modules
IBBoard <dev@ibboard.co.uk>
parents: 244
diff changeset
57 if $mysql::server::create_root_login_file and $root_password_set {
443
c6c9a2cfcfbd Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 389
diff changeset
58 file { "${facts['root_home']}/.mylogin.cnf":
244
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
59 source => $login_file,
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
60 owner => 'root',
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
61 mode => '0600',
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
62 }
48d3a1948e4d Update MySQL module
IBBoard <dev@ibboard.co.uk>
parents: 26
diff changeset
63 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
64 }