Mercurial > repos > other > Puppet

view modules/website/manifests/mysql.pp @ 471:65290cb0cec2 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tidy up SSH firewall handling We can be generic while referencing private values for specific ports
author IBBoard <dev@ibboard.co.uk>
date Sun, 12 May 2024 19:51:53 +0100
parents ab9311e91aca
children
line wrap: on
line source

class website::mysql (
  $mysqluser,
  $mysqlpassword,
  $mysqlsuffix    = '',
  $phpsuffix      = '',
  $phpmysqlsuffix = '',
  $mysqlprefix    = 'mysql')
  {
  if $osfamily == 'RedHat' {
    $client_package_suffix = ''
  }
  elsif $osfamily == 'Debian' {
    $client_package_suffix = '-client'
  }
  
  class { 'mysql::client':
    package_name    => "${mysqlprefix}${mysqlsuffix}${client_package_suffix}",
    bindings_enable => false, #Deal with bindings manually
  }
  class { 'mysql::bindings':
    php_enable       => true,
    php_package_name => "php${phpsuffix}-mysql${phpmysqlsuffix}",
  }
  $mysqld_base_settings = {
    'query_cache_size' => '64M',
    'join_buffer_size' => '524288', #512K
    'tmp_table_size'   => '64M',
    'max_heap_table_size' => '64M',
    'table_open_cache' => '64',
    'log-queries-not-using-indexes' => '1',
    # Set a sensible default character set
    'character-set-server' => 'utf8',
    'collation-server' => 'utf8_general_ci',
    # Settings for best MySQL 4-byte Unicode support
    'innodb_file_per_table' => '1',
  }

  if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') < 0 {
    $mysqld_settings = $mysqld_base_settings + {
      'innodb_file_format' => 'barracuda',
      'innodb_large_prefix' => 'true',
    }
  }
  else {
    $mysqld_settings = $mysqld_base_settings
  }


  class { 'mysql::server':
    package_name => "${mysqlprefix}${mysqlsuffix}-server",
    override_options => {
      'mysqld' => $mysqld_settings
    },
  }
  $username = strip($mysqluser)
  $password = strip($mysqlpassword)
  $configured_marker = "/etc/.${mysqlprefix}.is-configured"
  exec { 'Rename root MySQL user for security':
    command  => "mysql -uroot -e 'GRANT ALL ON *.* TO \"$username\"@\"localhost\" IDENTIFIED BY \"$password\" WITH GRANT OPTION; DELETE FROM mysql.user WHERE User = \"root\" AND plugin != \"unix_socket\"; DELETE FROM mysql.user WHERE User = \"\"; FLUSH PRIVILEGES;' && touch $configured_marker",
    provider => shell,
    creates  => $configured_marker,
    require  => Class['mysql::server'],
  }
}