# HG changeset patch
# User IBBoard <dev@ibboard.co.uk>
# Date 1649526663 -3600
# Node ID 687aa581eef0327c4d9b5be6843d0b93950fcd8d
# Parent  a948419a23b1cfdebe8da8609fcf52816afe6e6e
Update initial database setup for modern Maria

The default is now `unix_socket` logins. These are more secure,
so we can keep them for root to allow background jobs and use
a different method to create/grant permissions for our admin.

diff -r a948419a23b1 -r 687aa581eef0 modules/website/manifests/mysql.pp
--- a/modules/website/manifests/mysql.pp	Sat Apr 09 18:49:43 2022 +0100
+++ b/modules/website/manifests/mysql.pp	Sat Apr 09 18:51:03 2022 +0100
@@ -56,7 +56,7 @@
   $password = strip($mysqlpassword)
   $configured_marker = "/etc/.${mysqlprefix}.is-configured"
   exec { 'Rename root MySQL user for security':
-    command  => "mysql -uroot -e 'UPDATE mysql.user SET User = \"$username\", Password = PASSWORD(\"$password\") WHERE User = \"root\"; DELETE FROM mysql.user WHERE User = \"\"; FLUSH PRIVILEGES;' && touch $configured_marker",
+    command  => "mysql -uroot -e 'GRANT ALL ON *.* TO \"$username\"@\"localhost\" IDENTIFIED BY \"$password\"; DELETE FROM mysql.user WHERE User = \"root\" AND plugin != \"unix_socket\"; DELETE FROM mysql.user WHERE User = \"\"; FLUSH PRIVILEGES;' && touch $configured_marker",
     provider => shell,
     creates  => $configured_marker,
     require  => Class['mysql::server'],