Mercurial > repos > other > Puppet
changeset 394:687aa581eef0
Update initial database setup for modern Maria
The default is now `unix_socket` logins. These are more secure,
so we can keep them for root to allow background jobs and use
a different method to create/grant permissions for our admin.
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 09 Apr 2022 18:51:03 +0100 |
| parents | a948419a23b1 |
| children | fa2747b27bb4 |
| files | modules/website/manifests/mysql.pp |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/modules/website/manifests/mysql.pp Sat Apr 09 18:49:43 2022 +0100 +++ b/modules/website/manifests/mysql.pp Sat Apr 09 18:51:03 2022 +0100 @@ -56,7 +56,7 @@ $password = strip($mysqlpassword) $configured_marker = "/etc/.${mysqlprefix}.is-configured" exec { 'Rename root MySQL user for security': - command => "mysql -uroot -e 'UPDATE mysql.user SET User = \"$username\", Password = PASSWORD(\"$password\") WHERE User = \"root\"; DELETE FROM mysql.user WHERE User = \"\"; FLUSH PRIVILEGES;' && touch $configured_marker", + command => "mysql -uroot -e 'GRANT ALL ON *.* TO \"$username\"@\"localhost\" IDENTIFIED BY \"$password\"; DELETE FROM mysql.user WHERE User = \"root\" AND plugin != \"unix_socket\"; DELETE FROM mysql.user WHERE User = \"\"; FLUSH PRIVILEGES;' && touch $configured_marker", provider => shell, creates => $configured_marker, require => Class['mysql::server'],