jenkins-bot has submitted this change and it was merged. Change subject: Add 'mysql::sql', 'mysql::user' & 'mysql::db' types ......................................................................
Add 'mysql::sql', 'mysql::user' & 'mysql::db' types This patch adds three custom defines for working with MySQL. The base define is 'mysql::sql', which is a wrapper around an Exec resource of the 'mysql' command-line tool that executes arbitrary SQL code. 'mysql::user' and 'mysql::db' provide some additional syntactic sugar by allowing for the concise creation of databases and users. Change-Id: I2db984034d541fd31c558e81abe6b6b5fa0908db --- A puppet/modules/mysql/manifests/db.pp M puppet/modules/mysql/manifests/init.pp A puppet/modules/mysql/manifests/sql.pp A puppet/modules/mysql/manifests/user.pp 4 files changed, 142 insertions(+), 1 deletion(-) Approvals: Ori.livneh: Looks good to me, approved jenkins-bot: Verified diff --git a/puppet/modules/mysql/manifests/db.pp b/puppet/modules/mysql/manifests/db.pp new file mode 100644 index 0000000..7e44591 --- /dev/null +++ b/puppet/modules/mysql/manifests/db.pp @@ -0,0 +1,37 @@ +# == Define: mysql::db +# +# Creates a database on the local MySQL database server. +# +# === Parameters +# +# [*ensure*] +# If 'present', creates the database. If 'absent', drops it. +# Defaults to present. +# +# [*dbname*] +# Database name. Defaults to resource title. Example: 'wikidb'. +# +# === Examples +# +# Creates a 'centralauth' database: +# +# mysql::db { 'centralauth': +# ensure => present, +# } +# +define mysql::db( + $ensure = present, + $dbname = $title, +) { + if $ensure == 'absent' { + $command = 'drop' + $unless = 'not exists' + } else { + $command = 'create' + $unless = 'exists' + } + + mysql::sql { "${command} database ${dbname}": + unless => "select ${unless}(select * from information_schema.schemata where schema_name = '${dbname}')", + } +} diff --git a/puppet/modules/mysql/manifests/init.pp b/puppet/modules/mysql/manifests/init.pp index 3735627..8199163 100644 --- a/puppet/modules/mysql/manifests/init.pp +++ b/puppet/modules/mysql/manifests/init.pp @@ -36,7 +36,7 @@ exec { 'set mysql password': command => "mysqladmin -u root password \"${root_password}\"", - unless => "mysqladmin -u root -p\"${root_password}\" status", + unless => "mysqladmin -u root -p\"${root_password}\" ping", require => Service['mysql'], } @@ -47,4 +47,8 @@ mode => '0600', content => template('mysql/my.cnf.erb'), } + + # Create databases before creating users. User resources sometime + # depend on databases for GRANTs, but the reverse is never true. + Mysql::Db <| |> -> Mysql::User <| |> } diff --git a/puppet/modules/mysql/manifests/sql.pp b/puppet/modules/mysql/manifests/sql.pp new file mode 100644 index 0000000..56a2b01 --- /dev/null +++ b/puppet/modules/mysql/manifests/sql.pp @@ -0,0 +1,38 @@ +# == Define: mysql::sql +# +# This custom resource type allows you to execute arbitrary SQL against +# the MySQL database as the database server's root user. No attempt is +# made to sanitize input. +# +# === Parameters +# +# [*sql*] +# String containing SQL code to execute. Defaults to resource title. +# +# [*unless*] +# String containing SQL query. Its result will be used as the basis +# for determining whether or not to execute the code contained in +# the 'sql' param. +# +# === Examples +# +# Create a user named 'monty', unless one already exists: +# +# mysql::sql { 'add user': +# sql => "create user 'monty'@'localhost'", +# unless => "select 1 from mysql.user where user = 'monty'", +# } +# +define mysql::sql( + $unless, + $sql = $title, +) { + $quoted_sql = regsubst($sql, '"', '\\"', 'G') + $quoted_unless = regsubst($unless, '"', '\\"', 'G') + + exec { $title: + command => "mysql -uroot -p${mysql::root_password} -qfsAe \"${quoted_sql}\"", + unless => "mysql -uroot -p${mysql::root_password} -qfsAe \"${quoted_unless}\" | tail -1 | grep -q 1", + require => Exec['set mysql password'], + } +} diff --git a/puppet/modules/mysql/manifests/user.pp b/puppet/modules/mysql/manifests/user.pp new file mode 100644 index 0000000..dfe9ade --- /dev/null +++ b/puppet/modules/mysql/manifests/user.pp @@ -0,0 +1,62 @@ +# == Define: mysql::user +# +# Creates a user on the local MySQL database server and (optionally) +# grants the user privileges on some database. +# +# === Parameters +# +# [*ensure*] +# If 'present', creates the user. If 'absent', drops it. +# Defaults to present. +# +# [*username*] +# Account name of user to create. Defaults to resource title. +# Example: 'wikiadmin'. +# +# [*password*] +# Password for the new account. Example: 'hunter2'. +# +# [*hostname*] +# Hostname or host mask specifying from where the user may connect. +# Defaults to 'localhost'. +# +# [*grant*] +# SQL sub-expression of the form 'priv_type ON object_type'. +# Defaults to 'usage on *.*'. This allows combining user account +# creation with a database permission grant. +# +# === Examples +# +# Creates an 'wikiadmin' user with full privileges on 'wiki': +# +# mysql::user { 'wikiadmin': +# password => 'hunter2', +# grant => 'all on wiki.*', +# } +# +define mysql::user( + $password, + $ensure = present, + $username = $title, + $grant = 'usage on *.*', + $hostname = 'localhost', +) { + if $ensure == 'absent' { + $command = 'drop' + $unless = 'not exists' + } else { + $command = 'create' + $unless = 'exists' + } + + if $ensure == 'absent' { + mysql::sql { "drop user '${username}'": + unless => "select not exists(select 1 from mysql.user where user = '${username}')", + } + } else { + mysql::sql { "create user ${username}": + sql => "grant ${grant} to '${username}'@'${hostname}' identified by '${password}'", + unless => "select exists(select 1 from mysql.user where user = '${username}')", + } + } +} -- To view, visit https://gerrit.wikimedia.org/r/76886 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I2db984034d541fd31c558e81abe6b6b5fa0908db Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/vagrant Gerrit-Branch: master Gerrit-Owner: Ori.livneh <o...@wikimedia.org> Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits