Mercurial > repos > other > Puppet
view modules/mysql/manifests/server/root_password.pp @ 482:d83de9b3a62b default tip
Update hiera.yaml within Puppet config
Forgot that we manage it from here. Now has content to match
new packages
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Fri, 30 Aug 2024 16:10:36 +0100 |
parents | adf6fe9bbc17 |
children |
line wrap: on
line source
# @summary # Private class for managing the root password # # @api private # class mysql::server::root_password { if $mysql::server::root_password =~ Sensitive { $root_password = $mysql::server::root_password.unwrap } else { $root_password = $mysql::server::root_password } if $root_password == 'UNSET' { $root_password_set = false } else { $root_password_set = true } $options = $mysql::server::_options $login_file = $mysql::server::login_file # New installations of MySQL will configure a default random password for the root user # with an expiration. No actions can be performed until this password is changed. The # below exec will remove this default password. If the user has supplied a root # password it will be set further down with the mysql_user resource. exec { 'remove install pass': command => "mysqladmin -u root --password=\$(grep -o '[^ ]\\+\$' /.mysql_secret) password && (rm -f /.mysql_secret; exit 0) || (rm -f /.mysql_secret; exit 1)", onlyif => [['test', '-f' ,'/.mysql_secret']], path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin', } # manage root password if it is set if $mysql::server::create_root_user and $root_password_set { mysql_user { 'root@localhost': ensure => present, password_hash => Deferred('mysql::password', [$mysql::server::root_password]), require => Exec['remove install pass'], } } $parameters = { 'root_password_set' => $root_password_set, 'root_password' => $root_password, 'options' => $options, } if $mysql::server::create_root_my_cnf and $root_password_set { # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado file { "${facts['root_home']}/.my.cnf": content => epp('mysql/my.cnf.pass.epp',$parameters), owner => 'root', mode => '0600', } # show_diff was added with puppet 3.0 if versioncmp($facts['puppetversion'], '3.0') >= 0 { File["${facts['root_home']}/.my.cnf"] { show_diff => false } } if $mysql::server::create_root_user { Mysql_user['root@localhost'] -> File["${facts['root_home']}/.my.cnf"] } } if $mysql::server::create_root_login_file and $root_password_set { file { "${facts['root_home']}/.mylogin.cnf": source => $login_file, owner => 'root', mode => '0600', } } }