[MediaWiki-commits] [Gerrit] operations/puppet[production]: proxysql: Add proxysql user to mysql group for tls certs access

Wed, 13 Dec 2017 02:18:07 -0800 

Jcrespo has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398023 )

Change subject: proxysql: Add proxysql user to mysql group for tls certs access
......................................................................

proxysql: Add proxysql user to mysql group for tls certs access

Bug: T175672
Change-Id: I1801e425a42dae648270b03849413c4e2fb7579b
---
M modules/profile/manifests/proxysql.pp
M modules/proxysql/manifests/init.pp
2 files changed, 9 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/398023/1

diff --git a/modules/profile/manifests/proxysql.pp 
b/modules/profile/manifests/proxysql.pp
index ba8cf57..943bbbe 100644
--- a/modules/profile/manifests/proxysql.pp
+++ b/modules/profile/manifests/proxysql.pp
@@ -42,6 +42,14 @@
         require => Class['proxysql'],
     }
 
+    # Let's add proxysql user to the mysql group so it can access mysql's
+    # tls client certs
+    exec { 'proxysql membership to mysql':
+        unless  => '/usr/bin/getent group mysql | /usr/bin/cut -d: -f4 | 
/bin/grep -q proxysql',
+        command => '/usr/sbin/usermod -a -G mysql proxysql',
+        require => Class['proxysql'],
+    }
+
     # lets simplify connections from root
     file { '/root/.my.cnf':
         ensure  => present,
diff --git a/modules/proxysql/manifests/init.pp 
b/modules/proxysql/manifests/init.pp
index 025caee..e69329e 100644
--- a/modules/proxysql/manifests/init.pp
+++ b/modules/proxysql/manifests/init.pp
@@ -36,7 +36,7 @@
         content => template('proxysql/proxysql.cnf.erb'),
     }
 
-    # mostly sqllite intenal config cache, let's make sure it has
+    # mostly sqlite intenal config cache, let's make sure it has
     # the right owner
     file {'/var/run/proxysql':
         ensure => directory,

-- 
To view, visit https://gerrit.wikimedia.org/r/398023
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1801e425a42dae648270b03849413c4e2fb7579b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jcrespo <jcre...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to