view modules/website/manifests/mysql.pp @ 480:2c3e745be8d2

Update server defs and own modules to match * $osver and $fqdn and others are now all in $facts * Firewall swapped action for jump and has new way to do IPv6 * SSH server setup changed * Resolve warnings from fileserver.conf * has_key() no longer exists because Puppet can do "key in array" * Some variables are now more strictly typed Also: * Try to configure full IPv6 DNS resolver * Clean up old config - unused servers and some CentOS complexity
author IBBoard <dev@ibboard.co.uk>
date Thu, 29 Aug 2024 18:58:49 +0100
parents ab9311e91aca
children
line wrap: on
line source

class website::mysql (
  $mysqluser,
  $mysqlpassword,
  $mysqlsuffix    = '',
  $phpsuffix      = '',
  $phpmysqlsuffix = '',
  $mysqlprefix    = 'mysql')
  {
  if $facts["os"]["family"] == 'RedHat' {
    $client_package_suffix = ''
  }
  elsif $facts["os"]["family"] == 'Debian' {
    $client_package_suffix = '-client'
  }
  
  class { 'mysql::client':
    package_name    => "${mysqlprefix}${mysqlsuffix}${client_package_suffix}",
    bindings_enable => false, #Deal with bindings manually
  }
  class { 'mysql::bindings':
    php_enable       => true,
    php_package_name => "php${phpsuffix}-mysql${phpmysqlsuffix}",
  }
  $mysqld_base_settings = {
    'query_cache_size' => '64M',
    'join_buffer_size' => '524288', #512K
    'tmp_table_size'   => '64M',
    'max_heap_table_size' => '64M',
    'table_open_cache' => '64',
    'log-queries-not-using-indexes' => '1',
    # Set a sensible default character set
    'character-set-server' => 'utf8',
    'collation-server' => 'utf8_general_ci',
    # Settings for best MySQL 4-byte Unicode support
    'innodb_file_per_table' => '1',
  }

  $mysqld_settings = $mysqld_base_settings


  class { 'mysql::server':
    package_name => "${mysqlprefix}${mysqlsuffix}-server",
    override_options => {
      'mysqld' => $mysqld_settings
    },
  }
  $username = strip($mysqluser)
  $password = strip($mysqlpassword)
  $configured_marker = "/etc/.${mysqlprefix}.is-configured"
  exec { 'Rename root MySQL user for security':
    command  => "mysql -uroot -e 'GRANT ALL ON *.* TO \"$username\"@\"localhost\" IDENTIFIED BY \"$password\" WITH GRANT OPTION; DELETE FROM mysql.user WHERE User = \"root\" AND plugin != \"unix_socket\"; DELETE FROM mysql.user WHERE User = \"\"; FLUSH PRIVILEGES;' && touch $configured_marker",
    provider => shell,
    creates  => $configured_marker,
    require  => Class['mysql::server'],
  }
}