diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..12ed4ff --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,6 @@ +FROM puppet/pdk:latest + +# [Optional] Uncomment this section to install additional packages. +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..f1a55dc --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,23 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: +// https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet +{ + "name": "Puppet Development Kit (Community)", + "dockerFile": "Dockerfile", + + // Set *default* container specific settings.json values on container create. + "settings": { + "terminal.integrated.shell.linux": "/bin/bash" + }, + + // Add the IDs of extensions you want installed when the container is created. + "extensions": [ + "puppet.puppet-vscode", + "rebornix.Ruby" + ] + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + // "postCreateCommand": "pdk --version", +} diff --git a/.fixtures.yml b/.fixtures.yml index c53ad41..e47db09 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,10 +1,9 @@ fixtures: repositories: "stdlib": "https://github.com/puppetlabs/puppetlabs-stdlib" - "translate": "https://github.com/puppetlabs/puppetlabs-translate" "cron_core": "https://github.com/puppetlabs/puppetlabs-cron_core.git" "facts": "https://github.com/puppetlabs/puppetlabs-facts.git" "puppet_agent": "https://github.com/puppetlabs/puppetlabs-puppet_agent.git" "provision": "https://github.com/puppetlabs/provision.git" symlinks: "mysql": "#{source_dir}" diff --git a/.github/workflows/auto_release.yml b/.github/workflows/auto_release.yml new file mode 100644 index 0000000..e028483 --- /dev/null +++ b/.github/workflows/auto_release.yml @@ -0,0 +1,84 @@ +name: "Auto release" + +on: + workflow_dispatch: + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + auto_release: + name: "Automatic release prep" + runs-on: ubuntu-20.04 + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID="auto-release" >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: "Checkout Source" + if: ${{ github.repository_owner == 'puppetlabs' }} + uses: actions/checkout@v2 + with: + fetch-depth: 0 + persist-credentials: false + + - name: "PDK Release prep" + uses: docker://puppet/iac_release:ci + with: + args: 'release prep --force' + env: + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: "Get Version" + if: ${{ github.repository_owner == 'puppetlabs' }} + id: gv + run: | + echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" + + - name: "Commit changes" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + git config --local user.email "${{ github.repository_owner }}@users.noreply.github.com" + git config --local user.name "GitHub Action" + git add . + git commit -m "Release prep v${{ steps.gv.outputs.ver }}" + + - name: Create Pull Request + id: cpr + uses: puppetlabs/peter-evans-create-pull-request@v3 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "Release prep v${{ steps.gv.outputs.ver }}" + branch: "release-prep" + delete-branch: true + title: "Release prep v${{ steps.gv.outputs.ver }}" + body: | + Automated release-prep through [pdk-templates](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot/.github/workflows/auto_release.yml.erb) from commit ${{ github.sha }}. + Please verify before merging: + - [ ] last [nightly](https://github.com/${{ github.repository }}/actions/workflows/nightly.yml) run is green + - [ ] [Changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) is readable and has no unlabeled pull requests + - [ ] Ensure the [changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) version and [metadata](https://github.com/${{ github.repository }}/blob/release-prep/metadata.json) version match + labels: "maintenance" + + - name: PR outputs + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + + - name: "Honeycomb: Record finish step" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Finished auto release workflow' diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 0000000..865578c --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,204 @@ +name: "nightly" + +on: + schedule: + - cron: '0 0 * * *' + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Setup Acceptance Test Matrix + id: get-matrix + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + name: "${{matrix.platforms.label}}, ${{matrix.collection}}" + needs: + - setup_matrix + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE + + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; + then + FILE='spec/fixtures/litmus_inventory.yaml' + elif [ -f 'inventory.yaml' ]; + then + FILE='inventory.yaml' + fi + sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true + echo ::endgroup:: + + - name: Install agent + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + - name: Install module + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + continue-on-error: true + run: | + if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' + + slack-workflow-status: + if: always() + name: Post Workflow Status To Slack + needs: + - Acceptance + runs-on: ubuntu-20.04 + steps: + - name: Slack Workflow Notification + uses: puppetlabs/Gamesight-slack-workflow-status@pdk-templates-v1 + with: + # Required Input + repo_token: ${{ secrets.GITHUB_TOKEN }} + slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }} + # Optional Input + channel: '#team-ia-bots' + name: 'GABot' diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml new file mode 100644 index 0000000..e37a153 --- /dev/null +++ b/.github/workflows/pr_test.yml @@ -0,0 +1,189 @@ +name: "PR Testing" + +on: [pull_request] + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Run validation steps + run: | + bundle exec rake validate + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Setup Acceptance Test Matrix + id: get-matrix + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + name: "${{matrix.platforms.label}}, ${{matrix.collection}}" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; + then + FILE='spec/fixtures/litmus_inventory.yaml' + elif [ -f 'inventory.yaml' ]; + then + FILE='inventory.yaml' + fi + sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true + echo ::endgroup:: + + - name: Install agent + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + - name: Install module + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + continue-on-error: true + run: | + if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1173a44..1509f6e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,69 +1,47 @@ -name: "release" - -on: - push: - branches: - - 'release' +name: "Publish module" +on: + workflow_dispatch: + jobs: - LitmusAcceptancePuppet5: - env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - runs-on: self-hosted - strategy: - matrix: - ruby_version: [2.5.x] - puppet_gem_version: [~> 6.0] - platform: [release_checks_5] - agent_family: ['puppet5'] - - steps: - - uses: actions/checkout@v1 - - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master - with: - platform: ${{ matrix.platform }} - agent_family: ${{ matrix.agent_family }} - LitmusAcceptancePuppet6: - env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - runs-on: self-hosted - strategy: - matrix: - ruby_version: [2.5.x] - puppet_gem_version: [~> 6.0] - platform: [release_checks_6] - agent_family: ['puppet6'] - + create-github-release: + name: Deploy GitHub Release + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v1 - - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master - with: - platform: ${{ matrix.platform }} - agent_family: ${{ matrix.agent_family }} - - Spec: - runs-on: self-hosted - - strategy: - matrix: - check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] - ruby_version: [2.5.x] - puppet_gem_version: [~> 5.0, ~> 6.0] - exclude: - - puppet_gem_version: ~> 5.0 - check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - - ruby_version: 2.5.x - puppet_gem_version: ~> 5.0 - + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: ${{ github.ref }} + clean: true + fetch-depth: 0 + - name: Get Version + id: gv + run: | + echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" + - name: Create Release + uses: actions/create-release@v1 + id: create_release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: "v${{ steps.gv.outputs.ver }}" + draft: false + prerelease: false + + deploy-forge: + name: Deploy to Forge + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v1 - - - name: Spec Tests - uses: puppetlabs/action-litmus_spec@master - with: - puppet_gem_versionm: ${{ matrix.puppet_gem_version }} - check: ${{ matrix.check }} + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: ${{ github.ref }} + clean: true + - name: "PDK Build" + uses: docker://puppet/pdk:nightly + with: + args: 'build' + - name: "Push to Forge" + uses: docker://puppet/pdk:nightly + with: + args: 'release publish --forge-token ${{ secrets.FORGE_API_KEY }} --force' diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml new file mode 100644 index 0000000..7da4f3d --- /dev/null +++ b/.github/workflows/spec.yml @@ -0,0 +1,130 @@ +name: "Spec Tests" + +on: + schedule: + - cron: '0 0 * * *' + workflow_dispatch: + pull_request: + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Run Static & Syntax Tests + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + + - name: Setup Spec Test Matrix + id: get-matrix + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=spec_matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Spec: + name: "Spec Tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.spec_matrix != '{}' }} + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.spec_matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' + + steps: + - run: | + echo "SANITIZED_PUPPET_VERSION=$(echo '${{ matrix.puppet_version }}' | sed 's/~> //g')" >> $GITHUB_ENV + + - run: | + echo 'puppet_version=${{ env.SANITIZED_PUPPET_VERSION }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start first step" + run: | + echo "STEP_ID=${{ env.SANITIZED_PUPPET_VERSION }}-spec" >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ env.SANITIZED_PUPPET_VERSION }} + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: "Activate Ruby ${{ matrix.ruby_version }}" + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{matrix.ruby_version}} + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: Run parallel_spec tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake parallel_spec Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake parallel_spec diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml deleted file mode 100644 index afc1f70..0000000 --- a/.github/workflows/weekly.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: "weekly" - -on: - schedule: - - cron: '0 5 * * 6' - -jobs: - LitmusAcceptancePuppet5: - env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - runs-on: self-hosted - strategy: - matrix: - ruby_version: [2.5.x] - puppet_gem_version: [~> 6.0] - platform: [release_checks_5] - agent_family: ['puppet5'] - - steps: - - uses: actions/checkout@v1 - - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master - with: - platform: ${{ matrix.platform }} - agent_family: ${{ matrix.agent_family }} - LitmusAcceptancePuppet6: - env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - runs-on: self-hosted - strategy: - matrix: - ruby_version: [2.5.x] - puppet_gem_version: [~> 6.0] - platform: [release_checks_6] - agent_family: ['puppet6'] - - steps: - - uses: actions/checkout@v1 - - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master - with: - platform: ${{ matrix.platform }} - agent_family: ${{ matrix.agent_family }} - Spec: - runs-on: self-hosted - strategy: - matrix: - check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] - ruby_version: [2.5.x] - puppet_gem_version: [~> 5.0, ~> 6.0] - exclude: - - puppet_gem_version: ~> 5.0 - check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - - ruby_version: 2.5.x - puppet_gem_version: ~> 5.0 - steps: - - uses: actions/checkout@v1 - - name: Spec Tests - uses: puppetlabs/action-litmus_spec@master - with: - puppet_gem_version: ${{ matrix.puppet_gem_version }} - check: ${{ matrix.check }} diff --git a/.gitignore b/.gitignore index 2767022..988dcbb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,27 +1,28 @@ .git/ .*.sw[op] .metadata .yardoc .yardwarns *.iml /.bundle/ /.idea/ /.vagrant/ /coverage/ /bin/ /doc/ /Gemfile.local /Gemfile.lock /junit/ /log/ /pkg/ /spec/fixtures/manifests/ /spec/fixtures/modules/ /tmp/ /vendor/ /convert_report.txt /update_report.txt .DS_Store .project .envrc /inventory.yaml +/spec/fixtures/litmus_inventory.yaml diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile new file mode 100644 index 0000000..0814c5e --- /dev/null +++ b/.gitpod.Dockerfile @@ -0,0 +1,18 @@ +FROM gitpod/workspace-full +RUN sudo wget https://apt.puppet.com/puppet-tools-release-bionic.deb && \ + wget https://apt.puppetlabs.com/puppet6-release-bionic.deb && \ + sudo dpkg -i puppet6-release-bionic.deb && \ + sudo dpkg -i puppet-tools-release-bionic.deb && \ + sudo apt-get update && \ + sudo apt-get install -y pdk zsh puppet-agent && \ + sudo apt-get clean && \ + sudo rm -rf /var/lib/apt/lists/* +RUN sudo usermod -s $(which zsh) gitpod && \ + sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \ + echo "plugins=(git gitignore github gem pip bundler python ruby docker docker-compose)" >> /home/gitpod/.zshrc && \ + echo 'PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin"' >> /home/gitpod/.zshrc && \ + sudo /opt/puppetlabs/puppet/bin/gem install puppet-debugger hub -N && \ + mkdir -p /home/gitpod/.config/puppet && \ + /opt/puppetlabs/puppet/bin/ruby -r yaml -e "puts ({'disabled' => true}).to_yaml" > /home/gitpod/.config/puppet/analytics.yml +RUN rm -f puppet6-release-bionic.deb puppet-tools-release-bionic.deb +ENTRYPOINT /usr/bin/zsh diff --git a/.gitpod.yml b/.gitpod.yml new file mode 100644 index 0000000..9d89d9f --- /dev/null +++ b/.gitpod.yml @@ -0,0 +1,9 @@ +image: + file: .gitpod.Dockerfile + +tasks: + - init: pdk bundle install + +vscode: + extensions: + - puppet.puppet-vscode@1.2.0:f5iEPbmOj6FoFTOV6q8LTg== diff --git a/.nodeset.yml b/.nodeset.yml deleted file mode 100644 index 767f9cd..0000000 --- a/.nodeset.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -default_set: 'centos-64-x64' -sets: - 'centos-59-x64': - nodes: - "main.foo.vm": - prefab: 'centos-59-x64' - 'centos-64-x64': - nodes: - "main.foo.vm": - prefab: 'centos-64-x64' - 'fedora-18-x64': - nodes: - "main.foo.vm": - prefab: 'fedora-18-x64' - 'debian-607-x64': - nodes: - "main.foo.vm": - prefab: 'debian-607-x64' - 'debian-70rc1-x64': - nodes: - "main.foo.vm": - prefab: 'debian-70rc1-x64' - 'ubuntu-server-10044-x64': - nodes: - "main.foo.vm": - prefab: 'ubuntu-server-10044-x64' - 'ubuntu-server-12042-x64': - nodes: - "main.foo.vm": - prefab: 'ubuntu-server-12042-x64' diff --git a/.pdkignore b/.pdkignore index e6215cd..c538bea 100644 --- a/.pdkignore +++ b/.pdkignore @@ -1,42 +1,47 @@ .git/ .*.sw[op] .metadata .yardoc .yardwarns *.iml /.bundle/ /.idea/ /.vagrant/ /coverage/ /bin/ /doc/ /Gemfile.local /Gemfile.lock /junit/ /log/ /pkg/ /spec/fixtures/manifests/ /spec/fixtures/modules/ /tmp/ /vendor/ /convert_report.txt /update_report.txt .DS_Store .project .envrc /inventory.yaml +/spec/fixtures/litmus_inventory.yaml /appveyor.yml +/.editorconfig /.fixtures.yml /Gemfile /.gitattributes /.gitignore /.gitlab-ci.yml /.pdkignore +/.puppet-lint.rc /Rakefile /rakelib/ /.rspec /.rubocop.yml /.travis.yml /.yardopts /spec/ /.vscode/ +/.sync.yml +/.devcontainer/ diff --git a/.rubocop.yml b/.rubocop.yml index 2006754..8f782e7 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,138 +1,519 @@ --- require: +- rubocop-performance - rubocop-rspec -- rubocop-i18n AllCops: DisplayCopNames: true - TargetRubyVersion: '2.1' + TargetRubyVersion: '2.4' Include: - - "./**/*.rb" + - "**/*.rb" Exclude: - bin/* - ".vendor/**/*" - "**/Gemfile" - "**/Rakefile" - pkg/**/* - spec/fixtures/**/* - vendor/**/* - "**/Puppetfile" - "**/Vagrantfile" - "**/Guardfile" -Metrics/LineLength: +Layout/LineLength: Description: People have wide screens, use them. Max: 200 -GetText: - Enabled: false -GetText/DecorateString: - Description: We don't want to decorate test output. - Exclude: - - spec/**/* - Enabled: false RSpec/BeforeAfterAll: Description: Beware of using after(:all) as it may cause state to leak between tests. A necessary evil in acceptance testing. Exclude: - spec/acceptance/**/*.rb RSpec/HookArgument: Description: Prefer explicit :each argument, matching existing module's style EnforcedStyle: each +RSpec/DescribeSymbol: + Exclude: + - spec/unit/facter/**/*.rb Style/BlockDelimiters: Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to be consistent then. EnforcedStyle: braces_for_chaining -Style/BracesAroundHashParameters: - Description: Braces are required by Ruby 2.7. Cop removed from RuboCop v0.80.0. - See https://github.com/rubocop-hq/rubocop/pull/7643 - Enabled: true Style/ClassAndModuleChildren: Description: Compact style reduces the required amount of indentation. EnforcedStyle: compact Style/EmptyElse: Description: Enforce against empty else clauses, but allow `nil` for clarity. EnforcedStyle: empty Style/FormatString: Description: Following the main puppet project's style, prefer the % format format. EnforcedStyle: percent Style/FormatStringToken: Description: Following the main puppet project's style, prefer the simpler template tokens over annotated ones. EnforcedStyle: template Style/Lambda: Description: Prefer the keyword for easier discoverability. EnforcedStyle: literal Style/RegexpLiteral: Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 EnforcedStyle: percent_r Style/TernaryParentheses: Description: Checks for use of parentheses around ternary conditions. Enforce parentheses on complex expressions for better readability, but seriously consider breaking it up. EnforcedStyle: require_parentheses_when_complex Style/TrailingCommaInArguments: Description: Prefer always trailing comma on multiline argument lists. This makes diffs, and re-ordering nicer. EnforcedStyleForMultiline: comma -Style/TrailingCommaInLiteral: +Style/TrailingCommaInArrayLiteral: Description: Prefer always trailing comma on multiline literals. This makes diffs, and re-ordering nicer. EnforcedStyleForMultiline: comma Style/SymbolArray: Description: Using percent style obscures symbolic intent of array's contents. EnforcedStyle: brackets -inherit_from: ".rubocop_todo.yml" RSpec/MessageSpies: EnforcedStyle: receive Style/Documentation: Exclude: - lib/puppet/parser/functions/**/* - spec/**/* Style/WordArray: EnforcedStyle: brackets +Performance/AncestorsInclude: + Enabled: true +Performance/BigDecimalWithNumericArgument: + Enabled: true +Performance/BlockGivenWithExplicitBlock: + Enabled: true +Performance/CaseWhenSplat: + Enabled: true +Performance/ConstantRegexp: + Enabled: true +Performance/MethodObjectAsBlock: + Enabled: true +Performance/RedundantSortBlock: + Enabled: true +Performance/RedundantStringChars: + Enabled: true +Performance/ReverseFirst: + Enabled: true +Performance/SortReverse: + Enabled: true +Performance/Squeeze: + Enabled: true +Performance/StringInclude: + Enabled: true +Performance/Sum: + Enabled: true Style/CollectionMethods: Enabled: true Style/MethodCalledOnDoEndBlock: Enabled: true Style/StringMethods: Enabled: true -GetText/DecorateFunctionMessage: +Bundler/InsecureProtocolSource: + Enabled: false +Gemspec/DuplicatedAssignment: + Enabled: false +Gemspec/OrderedDependencies: + Enabled: false +Gemspec/RequiredRubyVersion: + Enabled: false +Gemspec/RubyVersionGlobalsUsage: + Enabled: false +Layout/ArgumentAlignment: + Enabled: false +Layout/BeginEndAlignment: + Enabled: false +Layout/ClosingHeredocIndentation: Enabled: false -GetText/DecorateStringFormattingUsingInterpolation: +Layout/EmptyComment: Enabled: false -GetText/DecorateStringFormattingUsingPercent: +Layout/EmptyLineAfterGuardClause: + Enabled: false +Layout/EmptyLinesAroundArguments: + Enabled: false +Layout/EmptyLinesAroundAttributeAccessor: Enabled: false Layout/EndOfLine: Enabled: false -Layout/IndentHeredoc: +Layout/FirstArgumentIndentation: + Enabled: false +Layout/HashAlignment: + Enabled: false +Layout/HeredocIndentation: + Enabled: false +Layout/LeadingEmptyLines: + Enabled: false +Layout/SpaceAroundMethodCallOperator: + Enabled: false +Layout/SpaceInsideArrayLiteralBrackets: + Enabled: false +Layout/SpaceInsideReferenceBrackets: + Enabled: false +Lint/BigDecimalNew: + Enabled: false +Lint/BooleanSymbol: + Enabled: false +Lint/ConstantDefinitionInBlock: + Enabled: false +Lint/DeprecatedOpenSSLConstant: + Enabled: false +Lint/DisjunctiveAssignmentInConstructor: + Enabled: false +Lint/DuplicateElsifCondition: + Enabled: false +Lint/DuplicateRequire: + Enabled: false +Lint/DuplicateRescueException: + Enabled: false +Lint/EmptyConditionalBody: + Enabled: false +Lint/EmptyFile: + Enabled: false +Lint/ErbNewArguments: + Enabled: false +Lint/FloatComparison: + Enabled: false +Lint/HashCompareByIdentity: + Enabled: false +Lint/IdentityComparison: + Enabled: false +Lint/InterpolationCheck: + Enabled: false +Lint/MissingCopEnableDirective: + Enabled: false +Lint/MixedRegexpCaptureTypes: + Enabled: false +Lint/NestedPercentLiteral: + Enabled: false +Lint/NonDeterministicRequireOrder: + Enabled: false +Lint/OrderedMagicComments: + Enabled: false +Lint/OutOfRangeRegexpRef: + Enabled: false +Lint/RaiseException: + Enabled: false +Lint/RedundantCopEnableDirective: + Enabled: false +Lint/RedundantRequireStatement: + Enabled: false +Lint/RedundantSafeNavigation: + Enabled: false +Lint/RedundantWithIndex: + Enabled: false +Lint/RedundantWithObject: + Enabled: false +Lint/RegexpAsCondition: + Enabled: false +Lint/ReturnInVoidContext: + Enabled: false +Lint/SafeNavigationConsistency: + Enabled: false +Lint/SafeNavigationWithEmpty: + Enabled: false +Lint/SelfAssignment: + Enabled: false +Lint/SendWithMixinArgument: + Enabled: false +Lint/ShadowedArgument: + Enabled: false +Lint/StructNewOverride: + Enabled: false +Lint/ToJSON: + Enabled: false +Lint/TopLevelReturnWithArgument: + Enabled: false +Lint/TrailingCommaInAttributeDeclaration: + Enabled: false +Lint/UnreachableLoop: + Enabled: false +Lint/UriEscapeUnescape: + Enabled: false +Lint/UriRegexp: + Enabled: false +Lint/UselessMethodDefinition: + Enabled: false +Lint/UselessTimes: Enabled: false Metrics/AbcSize: Enabled: false Metrics/BlockLength: Enabled: false +Metrics/BlockNesting: + Enabled: false Metrics/ClassLength: Enabled: false Metrics/CyclomaticComplexity: Enabled: false Metrics/MethodLength: Enabled: false Metrics/ModuleLength: Enabled: false Metrics/ParameterLists: Enabled: false Metrics/PerceivedComplexity: Enabled: false +Migration/DepartmentName: + Enabled: false +Naming/AccessorMethodName: + Enabled: false +Naming/BlockParameterName: + Enabled: false +Naming/HeredocDelimiterCase: + Enabled: false +Naming/HeredocDelimiterNaming: + Enabled: false +Naming/MemoizedInstanceVariableName: + Enabled: false +Naming/MethodParameterName: + Enabled: false +Naming/RescuedExceptionsVariableName: + Enabled: false +Naming/VariableNumber: + Enabled: false +Performance/BindCall: + Enabled: false +Performance/DeletePrefix: + Enabled: false +Performance/DeleteSuffix: + Enabled: false +Performance/InefficientHashSearch: + Enabled: false +Performance/UnfreezeString: + Enabled: false +Performance/UriDefaultParser: + Enabled: false +RSpec/Be: + Enabled: false +RSpec/Capybara/CurrentPathExpectation: + Enabled: false +RSpec/Capybara/FeatureMethods: + Enabled: false +RSpec/Capybara/VisibilityMatcher: + Enabled: false +RSpec/ContextMethod: + Enabled: false +RSpec/ContextWording: + Enabled: false RSpec/DescribeClass: Enabled: false +RSpec/EmptyHook: + Enabled: false +RSpec/EmptyLineAfterExample: + Enabled: false +RSpec/EmptyLineAfterExampleGroup: + Enabled: false +RSpec/EmptyLineAfterHook: + Enabled: false RSpec/ExampleLength: Enabled: false -RSpec/MessageExpectation: +RSpec/ExampleWithoutDescription: + Enabled: false +RSpec/ExpectChange: + Enabled: false +RSpec/ExpectInHook: + Enabled: false +RSpec/FactoryBot/AttributeDefinedStatically: + Enabled: false +RSpec/FactoryBot/CreateList: + Enabled: false +RSpec/FactoryBot/FactoryClassName: + Enabled: false +RSpec/HooksBeforeExamples: + Enabled: false +RSpec/ImplicitBlockExpectation: + Enabled: false +RSpec/ImplicitSubject: + Enabled: false +RSpec/LeakyConstantDeclaration: + Enabled: false +RSpec/LetBeforeExamples: + Enabled: false +RSpec/MissingExampleGroupArgument: Enabled: false RSpec/MultipleExpectations: Enabled: false +RSpec/MultipleMemoizedHelpers: + Enabled: false +RSpec/MultipleSubjects: + Enabled: false RSpec/NestedGroups: Enabled: false +RSpec/PredicateMatcher: + Enabled: false +RSpec/ReceiveCounts: + Enabled: false +RSpec/ReceiveNever: + Enabled: false +RSpec/RepeatedExampleGroupBody: + Enabled: false +RSpec/RepeatedExampleGroupDescription: + Enabled: false +RSpec/RepeatedIncludeExample: + Enabled: false +RSpec/ReturnFromStub: + Enabled: false +RSpec/SharedExamples: + Enabled: false +RSpec/StubbedMock: + Enabled: false +RSpec/UnspecifiedException: + Enabled: false +RSpec/VariableDefinition: + Enabled: false +RSpec/VoidExpect: + Enabled: false +RSpec/Yield: + Enabled: false +Security/Open: + Enabled: false +Style/AccessModifierDeclarations: + Enabled: false +Style/AccessorGrouping: + Enabled: false Style/AsciiComments: Enabled: false +Style/BisectedAttrAccessor: + Enabled: false +Style/CaseLikeIf: + Enabled: false +Style/ClassEqualityComparison: + Enabled: false +Style/ColonMethodDefinition: + Enabled: false +Style/CombinableLoops: + Enabled: false +Style/CommentedKeyword: + Enabled: false +Style/Dir: + Enabled: false +Style/DoubleCopDisableDirective: + Enabled: false +Style/EmptyBlockParameter: + Enabled: false +Style/EmptyLambdaParameter: + Enabled: false +Style/Encoding: + Enabled: false +Style/EvalWithLocation: + Enabled: false +Style/ExpandPathArguments: + Enabled: false +Style/ExplicitBlockArgument: + Enabled: false +Style/ExponentialNotation: + Enabled: false +Style/FloatDivision: + Enabled: false +Style/FrozenStringLiteralComment: + Enabled: false +Style/GlobalStdStream: + Enabled: false +Style/HashAsLastArrayItem: + Enabled: false +Style/HashLikeCase: + Enabled: false +Style/HashTransformKeys: + Enabled: false +Style/HashTransformValues: + Enabled: false Style/IfUnlessModifier: Enabled: false +Style/KeywordParametersOrder: + Enabled: false +Style/MinMax: + Enabled: false +Style/MixinUsage: + Enabled: false +Style/MultilineWhenThen: + Enabled: false +Style/NegatedUnless: + Enabled: false +Style/NumericPredicate: + Enabled: false +Style/OptionalBooleanParameter: + Enabled: false +Style/OrAssignment: + Enabled: false +Style/RandomWithOffset: + Enabled: false +Style/RedundantAssignment: + Enabled: false +Style/RedundantCondition: + Enabled: false +Style/RedundantConditional: + Enabled: false +Style/RedundantFetchBlock: + Enabled: false +Style/RedundantFileExtensionInRequire: + Enabled: false +Style/RedundantRegexpCharacterClass: + Enabled: false +Style/RedundantRegexpEscape: + Enabled: false +Style/RedundantSelfAssignment: + Enabled: false +Style/RedundantSort: + Enabled: false +Style/RescueStandardError: + Enabled: false +Style/SingleArgumentDig: + Enabled: false +Style/SlicingWithRange: + Enabled: false +Style/SoleNestedConditional: + Enabled: false +Style/StderrPuts: + Enabled: false +Style/StringConcatenation: + Enabled: false +Style/Strip: + Enabled: false Style/SymbolProc: Enabled: false +Style/TrailingBodyOnClass: + Enabled: false +Style/TrailingBodyOnMethodDefinition: + Enabled: false +Style/TrailingBodyOnModule: + Enabled: false +Style/TrailingCommaInHashLiteral: + Enabled: false +Style/TrailingMethodEndStatement: + Enabled: false +Style/UnpackFirst: + Enabled: false +Lint/DuplicateBranch: + Enabled: false +Lint/DuplicateRegexpCharacterClassElement: + Enabled: false +Lint/EmptyBlock: + Enabled: false +Lint/EmptyClass: + Enabled: false +Lint/NoReturnInBeginEndBlocks: + Enabled: false +Lint/ToEnumArguments: + Enabled: false +Lint/UnexpectedBlockArity: + Enabled: false +Lint/UnmodifiedReduceAccumulator: + Enabled: false +Performance/CollectionLiteralInLoop: + Enabled: false +Style/ArgumentsForwarding: + Enabled: false +Style/CollectionCompact: + Enabled: false +Style/DocumentDynamicEvalDefinition: + Enabled: false +Style/NegatedIfElseCondition: + Enabled: false +Style/NilLambda: + Enabled: false +Style/RedundantArgument: + Enabled: false +Style/SwapValues: + Enabled: false diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml deleted file mode 100644 index 57dd86c..0000000 --- a/.rubocop_todo.yml +++ /dev/null @@ -1,2 +0,0 @@ -GetText/DecorateString: - Enabled: false diff --git a/.sync.yml b/.sync.yml index 033e010..9fe0564 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,58 +1,33 @@ --- ".gitlab-ci.yml": delete: true -".rubocop.yml": - default_configs: - inherit_from: ".rubocop_todo.yml" - require: - - rubocop-i18n - - rubocop-rspec -".travis.yml": - global_env: - - HONEYCOMB_WRITEKEY="7f3c63a70eecc61d635917de46bea4e6",HONEYCOMB_DATASET="litmus tests" - deploy_to_forge: - enabled: false - branches: - - release - use_litmus: true - litmus: - provision_list: - - ---travis_el - - travis_deb - - travis_el6 - - travis_el7 - - travis_el8 - complex: - - collection: - puppet_collection: - - puppet6 - provision_list: - - travis_ub_6 - - collection: - puppet_collection: - - puppet5 - provision_list: - - travis_ub_5 - simplecov: true - notifications: - slack: - secure: XpBD602OXRZHSTDylzzx/OqpfThEJPbx0PLhXctWuES4GpW1EHWnyPgrliNOaJOh0Zb7qMrdaKWLOltfqPT5IanPd0XF7GbT8RrNeLTmLXqvHmC6dDqWxnvFvdSrGwqpj7s7Dbwl79nmszONRj1OlolPmJgY/2kGw88c71biaas= appveyor.yml: delete: true + Gemfile: optional: ":development": - - gem: puppet-lint-i18n - gem: github_changelog_generator - git: https://github.com/skywinder/github-changelog-generator - ref: 20ee04ba1234e9e83eb2ffb5056e23d641c7a018 - condition: Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2') - - gem: puppet-resource_api -Rakefile: - requires: - - puppet_pot_generator/rake_tasks spec/spec_helper.rb: spec_overrides: - require 'spec_helper_local' coverage_report: true "  changelog_user": puppetlabs +.gitpod.Dockerfile: + unmanaged: false +.gitpod.yml: + unmanaged: false +.github/workflows/nightly.yml: + unmanaged: false +.github/workflows/pr_test.yml: + unmanaged: false +.github/workflows/auto_release.yml: + unmanaged: false +.github/workflows/spec.yml: + checks: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' + unmanaged: false +.github/workflows/release.yml: + unmanaged: false +.travis.yml: + delete: true +changelog_since_tag: 'v11.0.3' diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ab85314..0000000 --- a/.travis.yml +++ /dev/null @@ -1,159 +0,0 @@ ---- -os: linux -dist: xenial -language: ruby -cache: bundler -before_install: - - bundle -v - - rm -f Gemfile.lock - - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" - - "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used" - - "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set" - - '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION' - - gem --version - - bundle -v -script: - - 'SIMPLECOV=yes bundle exec rake $CHECK' -bundler_args: --without system_tests -rvm: - - 2.5.7 -env: - global: - - HONEYCOMB_WRITEKEY="7f3c63a70eecc61d635917de46bea4e6",HONEYCOMB_DATASET="litmus tests" -stages: - - static - - spec - - acceptance -jobs: - fast_finish: true - include: - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_ub_6]'" - - "bundle exec rake 'litmus:install_agent[puppet6]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_ub_6_puppet6 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_ub_5]'" - - "bundle exec rake 'litmus:install_agent[puppet5]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_ub_5_puppet5 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_deb]'" - - "bundle exec rake 'litmus:install_agent[puppet5]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_deb_puppet5 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_el6]'" - - "bundle exec rake 'litmus:install_agent[puppet5]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_el6_puppet5 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_el7]'" - - "bundle exec rake 'litmus:install_agent[puppet5]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_el7_puppet5 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_el8]'" - - "bundle exec rake 'litmus:install_agent[puppet5]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_el8_puppet5 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_deb]'" - - "bundle exec rake 'litmus:install_agent[puppet6]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_deb_puppet6 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_el6]'" - - "bundle exec rake 'litmus:install_agent[puppet6]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_el6_puppet6 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_el7]'" - - "bundle exec rake 'litmus:install_agent[puppet6]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_el7_puppet6 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - before_script: - - "bundle exec rake 'litmus:provision_list[travis_el8]'" - - "bundle exec rake 'litmus:install_agent[puppet6]'" - - "bundle exec rake litmus:install_module" - bundler_args: - env: PLATFORMS=travis_el8_puppet6 - rvm: 2.5.7 - script: ["travis_wait 45 bundle exec rake litmus:acceptance:parallel"] - services: docker - stage: acceptance - - - env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint" - stage: static - - - env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec - rvm: 2.4.5 - stage: spec - - - env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec - rvm: 2.5.7 - stage: spec -branches: - only: - - main - - /^v\d/ - - release -notifications: - email: false - slack: - secure: XpBD602OXRZHSTDylzzx/OqpfThEJPbx0PLhXctWuES4GpW1EHWnyPgrliNOaJOh0Zb7qMrdaKWLOltfqPT5IanPd0XF7GbT8RrNeLTmLXqvHmC6dDqWxnvFvdSrGwqpj7s7Dbwl79nmszONRj1OlolPmJgY/2kGw88c71biaas= diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fde543..88b2d6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,1178 +1,1280 @@ # Change log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -## [v10.7.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.7.0) (2020-09-25) +## [v12.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v12.0.0) (2021-07-26) -[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.7.0...v10.7.0) +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.1.0...v12.0.0) + +### Changed + +- Deprecate mysql::server::mysqltuner and show it as an example [\#1409](https://github.com/puppetlabs/puppetlabs-mysql/pull/1409) ([ghoneycutt](https://github.com/ghoneycutt)) +- Deprecate mysql::server::monitor and show as an example [\#1408](https://github.com/puppetlabs/puppetlabs-mysql/pull/1408) ([ghoneycutt](https://github.com/ghoneycutt)) +- Remove EOL platforms Debian 8 and Ubuntu 14.04 [\#1406](https://github.com/puppetlabs/puppetlabs-mysql/pull/1406) ([ghoneycutt](https://github.com/ghoneycutt)) + +## [v11.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v11.1.0) (2021-07-05) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.0.3...v11.1.0) + +### Added + +- \(MODULES-11115\) add Rocky Linux 8 compatibility [\#1405](https://github.com/puppetlabs/puppetlabs-mysql/pull/1405) ([vchepkov](https://github.com/vchepkov)) +- Use Puppet-Datatype Sensitive [\#1400](https://github.com/puppetlabs/puppetlabs-mysql/pull/1400) ([cocker-cc](https://github.com/cocker-cc)) + +### Fixed + +- Fix mysql\_user parameters update on modern MySQL [\#1415](https://github.com/puppetlabs/puppetlabs-mysql/pull/1415) ([weastur](https://github.com/weastur)) +- \(IAC-1677\) Fix issue with deprecated rspec [\#1414](https://github.com/puppetlabs/puppetlabs-mysql/pull/1414) ([ghoneycutt](https://github.com/ghoneycutt)) +- Fix broken link and style in documentation [\#1403](https://github.com/puppetlabs/puppetlabs-mysql/pull/1403) ([ghoneycutt](https://github.com/ghoneycutt)) + +## v11.0.3 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.0.2...v11.0.3) + +### Fixed + +- \(IAC-1430\) - Minor docs updating [\#1401](https://github.com/puppetlabs/puppetlabs-mysql/pull/1401) ([pmcmaw](https://github.com/pmcmaw)) + +## [v11.0.2](https://github.com/puppetlabs/puppetlabs-mysql/tree/v11.0.2) (2021-06-07) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.0.1...v11.0.2) + +### Fixed + +- \(bugfix\) - Pull python3-mysqldb in Debian Bullseye [\#1396](https://github.com/puppetlabs/puppetlabs-mysql/pull/1396) ([thomasgoirand](https://github.com/thomasgoirand)) +- Update xtrabackup package name for Ubuntu 20.04 [\#1387](https://github.com/puppetlabs/puppetlabs-mysql/pull/1387) ([rsynnest](https://github.com/rsynnest)) + +## [v11.0.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v11.0.1) (2021-04-19) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.0.0...v11.0.1) + +### Fixed + +- Fix: Puppet Unknown variable: 'mysql::params::exec\_path' [\#1378](https://github.com/puppetlabs/puppetlabs-mysql/pull/1378) ([JvGinkel](https://github.com/JvGinkel)) +- \(IAC-1497\) - Removal of unsupported `translate` dependency [\#1375](https://github.com/puppetlabs/puppetlabs-mysql/pull/1375) ([david22swan](https://github.com/david22swan)) +- \(MODULES-10926\) Fix Java binding package for Ubuntu 20.04 [\#1373](https://github.com/puppetlabs/puppetlabs-mysql/pull/1373) ([treydock](https://github.com/treydock)) + +## [v11.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v11.0.0) (2021-03-01) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.10.0...v11.0.0) + +### Changed + +- pdksync - \(MAINT\) Remove SLES 11 support [\#1370](https://github.com/puppetlabs/puppetlabs-mysql/pull/1370) ([sanfrancrisko](https://github.com/sanfrancrisko)) +- pdksync - \(MAINT\) Remove RHEL 5 family support [\#1369](https://github.com/puppetlabs/puppetlabs-mysql/pull/1369) ([sanfrancrisko](https://github.com/sanfrancrisko)) +- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#1366](https://github.com/puppetlabs/puppetlabs-mysql/pull/1366) ([carabasdaniel](https://github.com/carabasdaniel)) + +### Added + +- Support compression command and extension [\#1363](https://github.com/puppetlabs/puppetlabs-mysql/pull/1363) ([dploeger](https://github.com/dploeger)) + +## [v10.10.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.10.0) (2021-02-11) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.9.1...v10.10.0) + +### Added + +- Set default MySQL version for FreeBSD [\#1360](https://github.com/puppetlabs/puppetlabs-mysql/pull/1360) ([olevole](https://github.com/olevole)) + +## [v10.9.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.9.1) (2021-01-06) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.9.0...v10.9.1) + +### Fixed + +- Repair check of logbindir [\#1348](https://github.com/puppetlabs/puppetlabs-mysql/pull/1348) ([qha](https://github.com/qha)) + +## [v10.9.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.9.0) (2020-12-16) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.8.0...v10.9.0) + +### Added + +- \(FEAT\) Add support for Puppet 7 [\#1347](https://github.com/puppetlabs/puppetlabs-mysql/pull/1347) ([daianamezdrea](https://github.com/daianamezdrea)) +- \(IAC-996\) Removal of inappropriate terminology [\#1340](https://github.com/puppetlabs/puppetlabs-mysql/pull/1340) ([pmcmaw](https://github.com/pmcmaw)) + +## [v10.8.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.8.0) (2020-11-03) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.7.1...v10.8.0) + +### Added + +- Add compatibility for Amazon Linux 2 [\#1328](https://github.com/puppetlabs/puppetlabs-mysql/pull/1328) ([greno2](https://github.com/greno2)) + +### Fixed + +- \(IAC-1137\) Ensure curl package is installed for xtrabackup tests [\#1338](https://github.com/puppetlabs/puppetlabs-mysql/pull/1338) ([pmcmaw](https://github.com/pmcmaw)) +- \(MODULES-10788\) - fix for password prompt when creating mysql\_login\_path resource [\#1334](https://github.com/puppetlabs/puppetlabs-mysql/pull/1334) ([andeman](https://github.com/andeman)) +- \(MODULES-10790\) - Setting logbin results in error Unknown variable: 'managed\_dirs\_path' [\#1325](https://github.com/puppetlabs/puppetlabs-mysql/pull/1325) ([pmcmaw](https://github.com/pmcmaw)) +- Fix package for python bindings on Ubuntu 20.04 [\#1323](https://github.com/puppetlabs/puppetlabs-mysql/pull/1323) ([tobias-urdin](https://github.com/tobias-urdin)) + +## [v10.7.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.7.1) (2020-09-25) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.7.0...v10.7.1) ### Fixed - \(IAC-1175\) Pin percona-release to version 1.0-22 for Debian 8 [\#1329](https://github.com/puppetlabs/puppetlabs-mysql/pull/1329) ([pmcmaw](https://github.com/pmcmaw)) - \[MODULES-10773\] Fix for rh-mysql80 [\#1322](https://github.com/puppetlabs/puppetlabs-mysql/pull/1322) ([carabasdaniel](https://github.com/carabasdaniel)) ## [v10.7.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.7.0) (2020-08-12) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.6.0...v10.7.0) ### Added - pdksync - \(IAC-973\) - Update travis/appveyor to run on new default branch `main` [\#1316](https://github.com/puppetlabs/puppetlabs-mysql/pull/1316) ([david22swan](https://github.com/david22swan)) - add package provider and source [\#1314](https://github.com/puppetlabs/puppetlabs-mysql/pull/1314) ([fe80](https://github.com/fe80)) ### Fixed - Remove non printable characters [\#1315](https://github.com/puppetlabs/puppetlabs-mysql/pull/1315) ([elmobp](https://github.com/elmobp)) - Remove control character from manifests/server.pp [\#1312](https://github.com/puppetlabs/puppetlabs-mysql/pull/1312) ([tomkrouper](https://github.com/tomkrouper)) ## [v10.6.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.6.0) (2020-06-23) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.5.0...v10.6.0) ### Added - Handle cron package from different module [\#1306](https://github.com/puppetlabs/puppetlabs-mysql/pull/1306) ([ashish1099](https://github.com/ashish1099)) - \(IAC-746\) - Add ubuntu 20.04 support [\#1303](https://github.com/puppetlabs/puppetlabs-mysql/pull/1303) ([david22swan](https://github.com/david22swan)) - \(MODULES-1550\) add new Feature MySQL login paths [\#1295](https://github.com/puppetlabs/puppetlabs-mysql/pull/1295) ([andeman](https://github.com/andeman)) ### Fixed - Add managed\_dirs parameter [\#1305](https://github.com/puppetlabs/puppetlabs-mysql/pull/1305) ([evgenkisel](https://github.com/evgenkisel)) - change split on whitespace to split on tab in mysql\_user [\#1233](https://github.com/puppetlabs/puppetlabs-mysql/pull/1233) ([koshatul](https://github.com/koshatul)) ## [v10.5.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.5.0) (2020-05-13) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.4.0...v10.5.0) ### Added - Support mariadb's ed25519-based authentication [\#1292](https://github.com/puppetlabs/puppetlabs-mysql/pull/1292) ([dciabrin](https://github.com/dciabrin)) - Allow changing the mysql-config-file group-ownership [\#1284](https://github.com/puppetlabs/puppetlabs-mysql/pull/1284) ([unki](https://github.com/unki)) ### Fixed -- Remove legacy \(old API\) `mysql\_password` function [\#1299](https://github.com/puppetlabs/puppetlabs-mysql/pull/1299) ([alexjfisher](https://github.com/alexjfisher)) +- Remove legacy \(old API\) `mysql_password` function [\#1299](https://github.com/puppetlabs/puppetlabs-mysql/pull/1299) ([alexjfisher](https://github.com/alexjfisher)) - Improve differences between generated mysql service id values [\#1293](https://github.com/puppetlabs/puppetlabs-mysql/pull/1293) ([ryaner](https://github.com/ryaner)) - \(MODULES-10023\) Fix multiple xtrabackup regressions [\#1245](https://github.com/puppetlabs/puppetlabs-mysql/pull/1245) ([fraenki](https://github.com/fraenki)) - Fix binarylog by allowing users to specify managed directories [\#1194](https://github.com/puppetlabs/puppetlabs-mysql/pull/1194) ([elfranne](https://github.com/elfranne)) ## [v10.4.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.4.0) (2020-03-02) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.3.0...v10.4.0) ### Added - Allow adapting MySQL configuration file's permissions mode [\#1278](https://github.com/puppetlabs/puppetlabs-mysql/pull/1278) ([unki](https://github.com/unki)) - pdksync - \(FM-8581\) - Debian 10 added to travis and provision file refactored [\#1275](https://github.com/puppetlabs/puppetlabs-mysql/pull/1275) ([david22swan](https://github.com/david22swan)) - Allow backupcompress for xtrabackup profile [\#1196](https://github.com/puppetlabs/puppetlabs-mysql/pull/1196) ([Spuffnduff](https://github.com/Spuffnduff)) - Enable module to not use default options [\#1192](https://github.com/puppetlabs/puppetlabs-mysql/pull/1192) ([morremeyer](https://github.com/morremeyer)) ## [v10.3.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.3.0) (2019-12-11) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.2.1...v10.3.0) ### Added - \(FM-8677\) - Support added for CentOS 8 [\#1254](https://github.com/puppetlabs/puppetlabs-mysql/pull/1254) ([david22swan](https://github.com/david22swan)) ### Fixed - Fix java and ruby binding packages for Debian 10 [\#1264](https://github.com/puppetlabs/puppetlabs-mysql/pull/1264) ([treydock](https://github.com/treydock)) - \(MODULES-10114\) Confine fact for only when mysql is in PATH [\#1256](https://github.com/puppetlabs/puppetlabs-mysql/pull/1256) ([bFekete](https://github.com/bFekete)) -# Change log - -All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). - ## [v10.2.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.2.1) (2019-10-30) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.2.0...v10.2.1) ### Fixed - Fix mysql::sql task error message [\#1243](https://github.com/puppetlabs/puppetlabs-mysql/pull/1243) ([alexjfisher](https://github.com/alexjfisher)) - Fix xtrabackup regression introduced in \#1207 [\#1242](https://github.com/puppetlabs/puppetlabs-mysql/pull/1242) ([fraenki](https://github.com/fraenki)) - Repair mysql\_grant docs and diagnostics [\#1237](https://github.com/puppetlabs/puppetlabs-mysql/pull/1237) ([qha](https://github.com/qha)) ## [v10.2.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.2.0) (2019-09-24) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.1.0...v10.2.0) ### Added - FM-8406 add support on Debian10 [\#1230](https://github.com/puppetlabs/puppetlabs-mysql/pull/1230) ([lionce](https://github.com/lionce)) - Make backup success file path configurable [\#1207](https://github.com/puppetlabs/puppetlabs-mysql/pull/1207) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB)) ### Fixed - No package under FreeBSD [\#1227](https://github.com/puppetlabs/puppetlabs-mysql/pull/1227) ([jas01](https://github.com/jas01)) - Fix group on FreeBSD [\#1226](https://github.com/puppetlabs/puppetlabs-mysql/pull/1226) ([jas01](https://github.com/jas01)) - Don't run fact when you can't find mysqld [\#1224](https://github.com/puppetlabs/puppetlabs-mysql/pull/1224) ([jstewart612](https://github.com/jstewart612)) - Bugfix on Debian 9 : ruby\_package\_name must be ruby-mysql2 [\#1223](https://github.com/puppetlabs/puppetlabs-mysql/pull/1223) ([leopoiroux](https://github.com/leopoiroux)) - Fix errors for /bin/sh with the xtrabackup cron [\#1222](https://github.com/puppetlabs/puppetlabs-mysql/pull/1222) ([baldurmen](https://github.com/baldurmen)) - Fix/fix dependency issue in freebsd with log error file creation from 10.0.0 [\#1221](https://github.com/puppetlabs/puppetlabs-mysql/pull/1221) ([rick-pri](https://github.com/rick-pri)) ## [v10.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.1.0) (2019-07-30) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.0.0...v10.1.0) ### Added - Allow backup::mysqldump::time to accept monthday, month, weekday [\#1214](https://github.com/puppetlabs/puppetlabs-mysql/pull/1214) ([malakai97](https://github.com/malakai97)) ## [v10.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.0.0) (2019-06-26) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v9.1.0...v10.0.0) ### Added - add support for rh-mariadb102 [\#1209](https://github.com/puppetlabs/puppetlabs-mysql/pull/1209) ([martin-schlossarek](https://github.com/martin-schlossarek)) - Freebsd compat [\#1208](https://github.com/puppetlabs/puppetlabs-mysql/pull/1208) ([kapouik](https://github.com/kapouik)) ### Fixed - FM-7982 - update provisioner to docker\_exp [\#1205](https://github.com/puppetlabs/puppetlabs-mysql/pull/1205) ([lionce](https://github.com/lionce)) ## [v9.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v9.1.0) (2019-06-10) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v9.0.0...v9.1.0) ### Added - Add option to specify $backupdir as a symlink target, for use with dm… [\#1200](https://github.com/puppetlabs/puppetlabs-mysql/pull/1200) ([comport3](https://github.com/comport3)) - \(FM-8029\) Add RedHat 8 support [\#1199](https://github.com/puppetlabs/puppetlabs-mysql/pull/1199) ([eimlav](https://github.com/eimlav)) - Allow own Xtrabackup script [\#1189](https://github.com/puppetlabs/puppetlabs-mysql/pull/1189) ([SaschaDoering](https://github.com/SaschaDoering)) - Litmus conversion [\#1175](https://github.com/puppetlabs/puppetlabs-mysql/pull/1175) ([pmcmaw](https://github.com/pmcmaw)) ### Fixed - \(MODULES-6875,MODULES-7487\) - Fix mariadb mysql\_user password idempotency [\#1195](https://github.com/puppetlabs/puppetlabs-mysql/pull/1195) ([alexjfisher](https://github.com/alexjfisher)) ## [v9.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v9.0.0) (2019-05-21) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/8.1.0...v9.0.0) ### Changed - pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1184](https://github.com/puppetlabs/puppetlabs-mysql/pull/1184) ([david22swan](https://github.com/david22swan)) ### Added - Make incremental backups deactivable [\#1188](https://github.com/puppetlabs/puppetlabs-mysql/pull/1188) ([SaschaDoering](https://github.com/SaschaDoering)) - Allow multiple backupmethods [\#1187](https://github.com/puppetlabs/puppetlabs-mysql/pull/1187) ([SaschaDoering](https://github.com/SaschaDoering)) ### Fixed - Fix the contribution guide URL [\#1190](https://github.com/puppetlabs/puppetlabs-mysql/pull/1190) ([mauricemeyer](https://github.com/mauricemeyer)) - \(MODULES-8886\) Revert removal of deepmerge function [\#1181](https://github.com/puppetlabs/puppetlabs-mysql/pull/1181) ([eimlav](https://github.com/eimlav)) - Fixed Changelog links for 8.1.0 [\#1180](https://github.com/puppetlabs/puppetlabs-mysql/pull/1180) ([mauricemeyer](https://github.com/mauricemeyer)) ## [8.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/8.1.0) (2019-04-03) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/8.0.1...8.1.0) ### Added - Rotate option for xtrabackup script [\#1176](https://github.com/puppetlabs/puppetlabs-mysql/pull/1176) ([elfranne](https://github.com/elfranne)) - Add support for dynamic backupmethods/mariabackup [\#1171](https://github.com/puppetlabs/puppetlabs-mysql/pull/1171) ([danquack](https://github.com/danquack)) ### Fixed - \(MODULES-6627\) Remove unused --host flags from mysqlcaller [\#1174](https://github.com/puppetlabs/puppetlabs-mysql/pull/1174) ([david22swan](https://github.com/david22swan)) - Set correct packagename for ruby\_mysql on Ubuntu 18.04 [\#1163](https://github.com/puppetlabs/puppetlabs-mysql/pull/1163) ([datty](https://github.com/datty)) - \[MODULES-8779\] Set proper python\_package\_name for RHEL/CentOS 8 [\#1161](https://github.com/puppetlabs/puppetlabs-mysql/pull/1161) ([javierpena](https://github.com/javierpena)) - fix install ordering for innodb data size [\#1160](https://github.com/puppetlabs/puppetlabs-mysql/pull/1160) ([fe80](https://github.com/fe80)) ## [8.0.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/8.0.1) (2019-03-20) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/8.0.0...8.0.1) ### Fixed - \(MODULES-8684\) - Removing private tags from Puppet Types [\#1170](https://github.com/puppetlabs/puppetlabs-mysql/pull/1170) ([david22swan](https://github.com/david22swan)) ## [8.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/8.0.0) (2019-01-18) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/7.0.0...8.0.0) ### Changed - \(MODULES-8193\) - Removal of inbuilt deepmerge and dirname functions [\#1145](https://github.com/puppetlabs/puppetlabs-mysql/pull/1145) ([david22swan](https://github.com/david22swan)) ### Added - \(MODULES-3539\) Allow @ in username [\#1155](https://github.com/puppetlabs/puppetlabs-mysql/pull/1155) ([Fogelholk](https://github.com/Fogelholk)) - \(MODULES-8144\) - Add support for SLES 15 [\#1146](https://github.com/puppetlabs/puppetlabs-mysql/pull/1146) ([eimlav](https://github.com/eimlav)) - Added support for RHSCL mysql versions and support for .mylogin.cnf for MySQL 5.6.6+ [\#1061](https://github.com/puppetlabs/puppetlabs-mysql/pull/1061) ([DJMuggs](https://github.com/DJMuggs)) ### Fixed - \(MODULES-8193\) - Wrapper methods created for inbuilt 4.x functions [\#1151](https://github.com/puppetlabs/puppetlabs-mysql/pull/1151) ([david22swan](https://github.com/david22swan)) - pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1150](https://github.com/puppetlabs/puppetlabs-mysql/pull/1150) ([tphoney](https://github.com/tphoney)) - Add includedir for Gentoo [\#1147](https://github.com/puppetlabs/puppetlabs-mysql/pull/1147) ([baurmatt](https://github.com/baurmatt)) - add mysql\_native\_password for mariadb 10.2 in password\_hash [\#1117](https://github.com/puppetlabs/puppetlabs-mysql/pull/1117) ([mlk-89](https://github.com/mlk-89)) - Removing query\_cache ops that are no longer supported in MySQL \>= 8.0 [\#1107](https://github.com/puppetlabs/puppetlabs-mysql/pull/1107) ([ernstae](https://github.com/ernstae)) ## [7.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/7.0.0) (2018-10-25) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/6.2.0...7.0.0) ### Changed - \(MODULES-6923\) remove staging module [\#1115](https://github.com/puppetlabs/puppetlabs-mysql/pull/1115) ([tphoney](https://github.com/tphoney)) ### Added - \(MODULES-7857\) Support user creation on galera [\#1130](https://github.com/puppetlabs/puppetlabs-mysql/pull/1130) ([MaxFedotov](https://github.com/MaxFedotov)) - MySQL 8 compatibility in user management [\#1092](https://github.com/puppetlabs/puppetlabs-mysql/pull/1092) ([zpetr](https://github.com/zpetr)) ### Fixed - \(MODULES-7487\) Check authentication string for user password on MariaDB 10.2.16+ [\#1135](https://github.com/puppetlabs/puppetlabs-mysql/pull/1135) ([gguillotte](https://github.com/gguillotte)) ## [6.2.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/6.2.0) (2018-09-27) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/6.1.0...6.2.0) ### Added - pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1127](https://github.com/puppetlabs/puppetlabs-mysql/pull/1127) ([tphoney](https://github.com/tphoney)) ### Fixed - \(maint\) - Change versioning comparison [\#1123](https://github.com/puppetlabs/puppetlabs-mysql/pull/1123) ([eimlav](https://github.com/eimlav)) ## [6.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/6.1.0) (2018-09-13) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/6.0.0...6.1.0) ### Fixed - pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1114](https://github.com/puppetlabs/puppetlabs-mysql/pull/1114) ([pmcmaw](https://github.com/pmcmaw)) - \(MODULES-6981\) Do not try to read ~root/.my.cnf when calling "mysqld -V" [\#1063](https://github.com/puppetlabs/puppetlabs-mysql/pull/1063) ([simondeziel](https://github.com/simondeziel)) ## [6.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/6.0.0) (2018-08-01) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/5.4.0...6.0.0) ### Changed - \[FM-6962\] Removal of unsupported OS from mysql [\#1086](https://github.com/puppetlabs/puppetlabs-mysql/pull/1086) ([david22swan](https://github.com/david22swan)) ### Added - \(FM-5985\) - Addition of support for Ubuntu 18.04 to mysql [\#1104](https://github.com/puppetlabs/puppetlabs-mysql/pull/1104) ([david22swan](https://github.com/david22swan)) - \(MODULES-7439\) - Implementing beaker-testmode\_switcher [\#1095](https://github.com/puppetlabs/puppetlabs-mysql/pull/1095) ([pmcmaw](https://github.com/pmcmaw)) - Support for optional\_\_args and prescript to mysqldump backup provider [\#1083](https://github.com/puppetlabs/puppetlabs-mysql/pull/1083) ([eputnam](https://github.com/eputnam)) - Allow empty user passwords [\#1075](https://github.com/puppetlabs/puppetlabs-mysql/pull/1075) ([ThoTischner](https://github.com/ThoTischner)) - Add user tls\_options and grant options to mysql::db [\#1065](https://github.com/puppetlabs/puppetlabs-mysql/pull/1065) ([edestecd](https://github.com/edestecd)) - Use puppet4 functions-api [\#1044](https://github.com/puppetlabs/puppetlabs-mysql/pull/1044) ([juliantodt](https://github.com/juliantodt)) - Replaced 'DROP USER' with 'DROP USER IF EXISTS' [\#942](https://github.com/puppetlabs/puppetlabs-mysql/pull/942) ([libertamohamed](https://github.com/libertamohamed)) ### Fixed - \(MODULES-7353\) Enable service for Debian 9 [\#1094](https://github.com/puppetlabs/puppetlabs-mysql/pull/1094) ([david22swan](https://github.com/david22swan)) - Update locales test for Debian 9 [\#1091](https://github.com/puppetlabs/puppetlabs-mysql/pull/1091) ([HelenCampbell](https://github.com/HelenCampbell)) - \[FM-7045\] Fix to allow Debian 9 test's to run clean [\#1088](https://github.com/puppetlabs/puppetlabs-mysql/pull/1088) ([david22swan](https://github.com/david22swan)) - \(MODULES-7198\) Fix DROP USER IF EXISTS on mariadb [\#1082](https://github.com/puppetlabs/puppetlabs-mysql/pull/1082) ([hunner](https://github.com/hunner)) ## 5.4.0 ### Added - \(PDOC-210\) Puppet Strings documentation [\#1068](https://github.com/puppetlabs/puppetlabs-mysql/pull/1068) ([hunner](https://github.com/hunner)) - Compatibility for Alpine linux [\#1049](https://github.com/puppetlabs/puppetlabs-mysql/pull/1049) ([cisco87](https://github.com/cisco87)) ### Fixed - \(MODULES-6627\) Removed unused --host flag from mysqlcaller [\#1064](https://github.com/puppetlabs/puppetlabs-mysql/pull/1064) ([HelenCampbell](https://github.com/HelenCampbell)) - Fixed archlinux compatibility [\#1057](https://github.com/puppetlabs/puppetlabs-mysql/pull/1057) ([bastelfreak](https://github.com/bastelfreak)) - Changed input param option in export.json from sql to file [\#1054](https://github.com/puppetlabs/puppetlabs-mysql/pull/1054) ([cgoswami](https://github.com/cgoswami)) ## Supported Release [5.3.0] ### Summary This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes, a new task and support for `GRANTS FUNCTION`. ### Added - Add support for `GRANTS FUNCTION` ([MODULES-2075](https://tickets.puppet.com/browse/MODULES-2075)). - Add Export database task. - PDK Convert mysql ([MODULES-6454](https://tickets.puppet.com/browse/MODULES-6454)). ### Changed - Allow authentication plugin to be changed. - Update mysql_user provider. - Plugins don't exist before 5.5; password field name changed - Fix helpful rubocops and disable hurtful cops. - Addressing puppet-lint and rubocop errors - Remove update bundler and add ignore .DS_Store - Skip rubocop warning in task. - Fix a typo in a classname in the changelog. ## Supported Release [5.2.1] ### Summary This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. ### Fixed - Fix export and mysql tasks for arbitrary remote code ## Supported Release [5.2.0] ### Added - Compatibility for puppet-staging 3.0.0 ### Fixed - Centralize all mysql command calls for providers - Add paths to `mysql_datadir` provider for RedHat Software Collections ## Supported Release [5.1.0] ### Summary This release adds Tasks to the Mysql module. #### Added - Adds the execute sql task. ## Supported Release [5.0.0] ### Summary This is a major release that adds support for string translation. Currently the only supported language besides English is Japanese. #### Added - Several gem dependencies required for translation. - Wrapping of strings that require translation. Strings in ruby code are now wrapped with `_()` and strings in puppet code with `translate()`. - Debian 9 support #### Changed - The default php_package_name for Debian and Ubuntu to `php-mysql` ## Supported Release 4.0.1 ### Summary This is a small bugfix release that makes `mysql_install_db` optional and fixes some regular expression issues. #### Bugfixes - ([MODULES-5528](https://tickets.puppet.com/browse/MODULES-5528)) Fixes the `mysql_install_db` command so that it is optional - ([MODULES-5602](https://tickets.puppet.com/browse/MODULES-5602)) Removes superfluous backslashes in some regular expressions that were causing instability ## Supported Release 4.0.0 ### Summary This release sees the enablement of rubocop, also an update to the lib directory with rubocop fixes and several other changes and fixes. Also a bump to the Puppet version compatibility and several Puppet language updates. #### Added - Updated README.md with example how to install MySQL Community Server 5.6 on Centos 7.3 - Enabled Rubocop and addition of Rubocop fixes for /lib directory. #### Removed - Dropped legacy tests for db.pp. #### Changed - Replaced validate function calls with datatypes in db.pp. - Bumped recommended puppet version to between 4.7.0 and 6.0.0. - Conditionalize name validation in mysql_grant type. ([MODULES-4604](https://tickets.puppet.com/browse/MODULES-4604)) #### Fixed - Removal of invalid parameter provider on Mysql_user[user@localhost] in mysql::db ([MODULES-4115](https://tickets.puppet.com/browse/MODULES-4115)) - Fixed server_service_name for Debian/stretch. - Spec fixes for Puppet 5. - Test update for fix:create procedure, then grant ([MODULES-5390](https://tickets.puppet.com/browse/MODULES-5390)) - Fixing empty user/password issue for xtrabackup. Now defaults as undef instead of ''. - Remove unsupported Ubuntu versions ([MODULES-5501](https://tickets.puppet.com/browse/MODULES-5501)) ## Supported Release 3.11.0 ### Summary This release includes README and metadata translations to Japanese, as well as some enhancements and bugfixes. #### Added - New flag for successful backups - Solaris support improvements - New parameter `optional_args` for extra innobackupex options - Specify environment variables (e.g. https_proxy) for MySQLTuner download. - Check to only install bzip2 if `$backupcompress` is `true` - Debian 9 compatibility - Japanese README #### Fixed - Syntax errors - Bug where error logs were being created before the datadir was initialized (MODULES-4743) ## Supported Release 3.10.0 ### Summary This release includes new features for setting TLS options on a mysql user, a new parameter to allow specifying tool to import sql files, as well as various bugfixes. #### Features - (MODULES-3879) Adds `import_cat_cmd` parameter to specify the command to read sql files - Adds support for setting `tls_options` in `mysql_user` #### Bugfixes - (MODULES-3557) Adds Ubuntu 16.04 package names for language bindings - (MODULES-3907) Adds MySQL/Percona 5.7 initialize on fresh deploy ## Supported Release 3.9.0 ### Summary This release adds Percona 5.7 support and compatibility with Ubuntu 16.04, in addition to various bugfixes. #### Features - (MODULES-3441) Adds the `mysqld_version` fact - (MODULES-3513) Adds a new backup dump parameter `maxallowedpacket` - Adds new parameter `xtrabackup_package_name` to `mysql::backup::xtrabackup` class - Adds ability to revoke GRANT privilege #### Bugfixes - Fixes a bug where `mysql_user` fails if facter cannot retrieve fqdn. - Fix global parameter usage in backup script - Adds support for `puppet-staging` version `2.0.0` - (MODULES-3601) Moves binary logging configuration to take place after package install - (MODULES-3711) Add limit to mysql server ID generated value - (MODULES-3698) Fixes defaults for SLES12 - Updates user name length restrictions for MySQL version 5.7.8 and above. - Fixes a bug where error log is not writable by owner ## Supported Release 3.8.0 ### Summary This release adds Percona 5.7 support and compatibility with Ubuntu 16.04, in addition to various bugfixes. #### Features - Adds support for Percona 5.7 - Adds support for Ubuntu 16.04 (Xenial) #### Known Limitations - The mysqlbackup.sh script will not work on MySQL 5.7.0 and up. #### Bugfixes - Use mysql_install_db only with uniq defaults-extra-file - Updates mysqlbackup.sh to ensure backup directory exist - Loosen MariaDB recognition to fix it on Debian 8 - Allow mysql::backup::mysqldump to access root_group in tests - Fixed problem with ignoring parameters from global configs - Fixes ordering issue that initialized mysqld before config is set - (MODULES-1256) Fix parameters on OpenSUSE 12 - Fixes install errors on Debian-based OS by configuring the base of includedir - Configure the configfile location for mariadb - Default mysqld_type return value should be 'mysql' if another type is not detected - Make sure that bzip2 is installed before setting up the cron tab job using mysqlbackup.sh - Fixes path issue on FreeBSD - Check that /var/lib/mysql actually contains files - Removes mysql regex when checking type - (MODULES-2111) Add the system database to user related actions - Updates default group for logfiles on Debian-based OS to 'adm' - Fixes an issue with Amazon linux major release 4 installation - Fixes 'mysql_install_db' script support on Gentoo - Removes erroneous anchors to mysql::client from mysql::db - Adds path to be able to find MySQL 5.5 installation on CentOS ## Supported Release 3.7.0 ### Summary A large release with several new features. Also includes a considerable amount of bugfixes, many around compatibility and improvements to current functionality. #### Features - Now uses mariadb in OpenSuSE >= 13.1. - Switch to rspec-puppet-facts. - Additional function to check if table exists before grant. - Add ability to input password hash directly. - Now checking major release instead of specific release. - Debian 8 support. #### Bugfixes - Minor doc update. - Fixes improper use of function `warn` in backup manifest of server. - Fixes to Compatibility with PE 3.3. - Fixes `when not managing config file` in `mysql_server_spec`. - Improved user validation and munging. - Fixes fetching the mysql_user password for MySQL >=5.7.6. - Fixes unique server_id within my.cnf, the issue were the entire mac address was not being read in to generate the id. - Corrects the daemon_dev_package_name for mariadb on redhat. - Fix version compare to properly suppress show_diff for root password. - Fixes to ensure compatibility with future parser. - Solaris removed from PE in metadata as its not supported. - Use MYSQL_PWD to avoid mysqldump warnings. - Use temp cnf file instead of env variable which creates acceptance test failures. - No longer hash passwords that are already hashed. - Fix Gemfile to work with ruby 1.8.7. - Fixed MySQL 5.7.6++ compatibility. - Fixing error when disabling service management and the service does not exist. - Ubuntu vivid should use systemd not upstart. - Fixed new mysql_datadir provider on CentOS for MySQl 5.7.6 compatibility. - Ensure if service restart to wait till mysql is up. - Move all dependencies to not have them in case of service unmanaged. - Re-Added the ability to set a empty string as option parameter. - Fixes edge-case with dropping pre-existing users with grants. - Fix logic for choosing rspec version. - Refactored main acceptance suite. - Skip idempotency tests on test cells that do have PUP-5016 unfixed. - Fix tmpdir to be shared across examples. - Update to current msync configs [006831f]. - Fix mysql_grant with MySQL ANSI_QUOTES mode. - Generate .my.cnf for all sections. ## Supported Release 3.6.2 ### Summary Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. ## 2015-09-22 - Supported Release 3.6.1 ### Summary This is a security and bugfix release that fixes incorrect username truncation in the munge for the mysql_user type, incorrect function used in `mysql::server::backup` and fixes compatibility issues with PE 3.3.x. #### Bugfixes - Loosen the regex in mysql_user munging so the username is not unintentionally truncated. - Use `warning()` not `warn()` - Metadata had inadvertantly dropped 3.3.x support - Some 3.3.x compatibility issues in `mysqltuner` were corrected ## 2015-08-10 - Supported Release 3.6.0 ### Summary This release adds the ability to use mysql::db and `mysql_*` types against unmanaged or external mysql instances. #### Features - Add ability to use mysql::db WITHOUT mysql::server (ie, externally) - Add prescript attribute to mysql::server::backup for xtrabackup - Add postscript ability to xtrabackup provider. #### Bugfixes - Fix default root passwords blocking puppet on mysql 5.8 - Fix service dependency when package_manage is false - Fix selinux permissions on my.cnf ## 2015-07-23 - Supported Release 3.5.0 ### Summary A small release to add explicit support to newer Puppet versions and accumulated patches. #### Features/Improvements - Start running tests against puppet 4 - Support longer usernames on newer MariaDB versions - Add parameters for Solaris 11 and 12 #### Bugfixes - Fix references to the mysql-server package - mysql_server_id doesn't throw and error on machines without macaddress ## 2015-05-19 - Supported Release 3.4.0 ### Summary This release includes the addition of extra facts, OpenBSD compatibility, and a number of other features, improvements and bug fixes. #### Features/Improvements - Added server_id fact which includes mac address for better uniqueness - Added OpenBSD compatibility, only for 'OpenBSD -current' (due to the recent switch to mariadb) - Added a $mysql_group parameter, and use that instead of the $root_group parameter to define the group membership of the mysql error log file. - Updated tests for rspec-puppet 2 and future parser - Further acceptance testing improvements - MODULES-1928 - allow log-error to be undef - Split package installation and database install - README wording improvements - Added options for including/excluding triggers and routines - Made the 'TRIGGER' privilege of mysqldump backups depend on whether or not we are actually backing up triggers - Cleaned up the privilege assignment in the mysqldump backup script - Add a fact for capturing the mysql version installed #### Bugfixes - mysql backup: fix regression in mysql_user call - Set service_ensure to undef, in the case of an unmanaged service - README Typos fixed - Bugfix on Xtrabackup crons - Fixed a permission problem that was preventing triggers from being backed up - MODULES-1981: Revoke and grant difference of old and new privileges - Fix an issue were we assume triggers work - Change default for mysql::server::backup to ignore_triggers = false #### Deprecations mysql::server::old_root_password property ## 2015-03-03 - Supported Release 3.3.0 ### Summary This release includes major README updates, the addition of backup providers, and a fix for managing the log-bin directory. #### Features - Add package_manage parameters to `mysql::server` and `mysql::client` (MODULES-1143) - README improvements - Add `mysqldump`, `mysqlbackup`, and `xtrabackup` backup providers. #### Bugfixes - log-error overrides were not being properly used (MODULES-1804) - check for full path for log-bin to stop puppet from managing file '.' ## 2015-02-09 - Supported Release 3.2.0 ### Summary This release includes several new features and bugfixes, including support for various plugins, making the output from mysql_password more consistent when input is empty and improved username validation. #### Features - Add type and provider to manage plugins - Add support for authentication plugins - Add support for mysql_install_db on freebsd - Add `create_root_user` and `create_root_my_cnf` parameters to `mysql::server` #### Bugfixes - Remove dependency on stdlib >= 4.1.0 (MODULES-1759) - Make grant autorequire user - Remove invalid parameter 'provider' from mysql_user instance (MODULES-1731) - Return empty string for empty input in mysql_password - Fix `mysql::account_security` when fqdn==localhost - Update username validation (MODULES-1520) - Future parser fix in params.pp - Fix package name for debian 8 - Don't start the service until the server package is installed and the config file is in place - Test fixes - Lint fixes ## 2014-12-16 - Supported Release 3.1.0 ### Summary This release includes several new features, including SLES12 support, and a number of bug fixes. #### Notes `mysql::server::mysqltuner` has been refactored to fetch the mysqltuner script from github by default. If you are running on a non-network-connected system, you will need to download that file and have it available to your node at a path specified by the `source` parameter to the `mysqltuner` class. #### Features - Add support for install_options for all package resources (MODULES-1484) - Add log-bin directory creation - Allow mysql::db to import multiple files (MODULES-1338) - SLES12 support - Improved identifier quoting detections - Reworked `mysql::server::mysqltuner` so that we are no longer packaging the script as it is licensed under the GPL. #### Bugfixes - Fix regression in username validation - Proper containment for mysql::client in mysql::db - Support quoted usernames of length 15 and 16 chars ## 2014-11-11 - Supported Release 3.0.0 ### Summary Added several new features including MariaDB support and future parser #### Backwards-incompatible Changes * Remove the deprecated `database`, `database_user`, and `database_grant` resources. The correct resources to use are `mysql`, `mysql_user`, and `mysql_grant` respectively. #### Features * Add MariaDB Support * The mysqltuner perl script has been updated to 1.3.0 based on work at http://github.com/major/MySQLTuner-perl * Add future parse support, fixed issues with undef to empty string * Pass the backup credentials to 'SHOW DATABASES' * Ability to specify the Includedir for `mysql::server` * `mysql::db` now has an import\_timeout feature that defaults to 300 * The `mysql` class has been removed * `mysql::server` now takes an `override_options` hash that will affect the installation * Ability to install both dev and client dev #### BugFix * `mysql::server::backup` now passes `ensure` param to the nested `mysql_grant` * `mysql::server::service` now properly requires the presence of the `log_error` file * `mysql::config` now occurs before `mysql::server::install_db` correctly ## 2014-07-15 - Supported Release 2.3.1 ### Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. ## 2014-05-14 - Supported Release 2.3.0 This release primarily adds support for RHEL7 and Ubuntu 14.04 but it also adds a couple of new parameters to allow for further customization, as well as ensuring backups can backup stored procedures properly. #### Features Added `execpath` to allow a custom executable path for non-standard mysql installations. Added `dbname` to mysql::db and use ensure_resource to create the resource. Added support for RHEL7 and Fedora Rawhide. Added support for Ubuntu 14.04. Create a warning for if you disable SSL. Ensure the error logfile is owned by MySQL. Disable ssl on FreeBSD. Add PROCESS privilege for backups. #### Bugfixes #### Known Bugs * No known bugs ## 2014-03-04 - Supported Release 2.2.3 ### Summary This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath. #### Features #### Bugfixes #### Known Bugs * No known bugs ## 2014-03-04 - Supported Release 2.2.2 ### Summary This is a supported release. Mostly comprised of enhanced testing, plus a bugfix for Suse. #### Bugfixes - PHP bindings on Suse - Test fixes #### Known Bugs * No known bugs ## 2014-02-19 - Version 2.2.1 ### Summary Minor release that repairs mysql_database{} so that it sees the correct collation settings (it was only checking the global mysql ones, not the actual database and constantly setting it over and over since January 22nd). Also fixes a bunch of tests on various platforms. ## 2014-02-13 - Version 2.2.0 ### Summary #### Features - Add `backupdirmode`, `backupdirowner`, `backupdirgroup` to mysql::server::backup to allow customizing the mysqlbackupdir. - Support multiple options of the same name, allowing you to do 'replicate-do-db' => ['base1', 'base2', 'base3'] in order to get three lines of replicate-do-db = base1, replicate-do-db = base2 etc. #### Bugfixes - Fix `restart` so it actually stops mysql restarting if set to false. - DRY out the defaults_file functionality in the providers. - mysql_grant fixed to work with root@localhost/@. - mysql_grant fixed for WITH MAX_QUERIES_PER_HOUR - mysql_grant fixed so revoking all privileges accounts for GRANT OPTION - mysql_grant fixed to remove duplicate privileges. - mysql_grant fixed to handle PROCEDURES when removing privileges. - mysql_database won't try to create existing databases, breaking replication. - bind_address renamed bind-address in 'mysqld' options. - key_buffer renamed to key_buffer_size. - log_error renamed to log-error. - pid_file renamed to pid-file. - Ensure mysql::server::root_password runs before mysql::server::backup - Fix options_override -> override_options in the README. - Extensively rewrite the README to be accurate and awesome. - Move to requiring stdlib 3.2.0, shipped in PE3.0 - Add many new tests. ## 2013-11-13 - Version 2.1.0 ### Summary The most important changes in 2.1.0 are improvements to the my.cnf creation, as well as providers. Setting options to = true strips them to be just the key name itself, which is required for some options. The provider updates fix a number of bugs, from lowercase privileges to deprecation warnings. Last, the new hiera integration functionality should make it easier to externalize all your grants, users, and, databases. Another great set of community submissions helped to make this release. #### Features - Some options can not take a argument. Gets rid of the '= true' when an option is set to true. - Easier hiera integration: Add hash parameters to mysql::server to allow specifying grants, users, and databases. #### Bugfixes - Fix an issue with lowercase privileges in mysql_grant{} causing them to be reapplied needlessly. - Changed defaults-file to defaults-extra-file in providers. - Ensure /root/.my.cnf is 0600 and root owned. - database_user deprecation warning was incorrect. - Add anchor pattern for client.pp - Documentation improvements. - Various test fixes. ## 2013-10-21 - Version 2.0.1 ### Summary This is a bugfix release to handle an issue where unsorted mysql_grant{} privileges could cause Puppet to incorrectly reapply the permissions on each run. #### Bugfixes - Mysql_grant now sorts privileges in the type and provider for comparison. - Comment and test tweak for PE3.1. ## 2013-10-14 - Version 2.0.0 ### Summary (Previously detailed in the changelog for 2.0.0-rc1) This module has been completely refactored and works significantly different. The changes are broad and touch almost every piece of the module. See the README.md for full details of all changes and syntax. Please remain on 1.0.0 if you don't have time to fully test this in dev. * mysql::server, mysql::client, and mysql::bindings are the primary interface classes. * mysql::server takes an `override_options` parameter to set my.cnf options, with the hash format: { 'section' => { 'thing' => 'value' }} * mysql attempts backwards compatibility by forwarding all parameters to mysql::server. ## 2013-10-09 - Version 2.0.0-rc5 ### Summary Hopefully the final rc! Further fixes to mysql_grant (stripping out the cleverness so we match a much wider range of input.) #### Bugfixes - Make mysql_grant accept '.*'@'.*' in terms of input for user@host. ## 2013-10-09 - Version 2.0.0-rc4 ### Summary Bugfixes to mysql_grant and mysql_user form the bulk of this rc, as well as ensuring that values in the override_options hash that contain a value of '' are created as just "key" in the conf rather than "key =" or "key = false". #### Bugfixes - Improve mysql_grant to work with IPv6 addresses (both long and short). - Ensure @host users work as well as user@host users. - Updated my.cnf template to support items with no values. ## 2013-10-07 - Version 2.0.0-rc3 ### Summary Fix mysql::server::monitor's use of mysql_user{}. #### Bugfixes - Fix myql::server::monitor's use of mysql_user{} to grant the proper permissions. Add specs as well. (Thanks to treydock!) ## 2013-10-03 - Version 2.0.0-rc2 ### Summary Bugfixes #### Bugfixes - Fix a duplicate parameter in mysql::server ## 2013-10-03 - Version 2.0.0-rc1 ### Summary This module has been completely refactored and works significantly different. The changes are broad and touch almost every piece of the module. See the README.md for full details of all changes and syntax. Please remain on 1.0.0 if you don't have time to fully test this in dev. * mysql::server, mysql::client, and mysql::bindings are the primary interface classes. * mysql::server takes an `override_options` parameter to set my.cnf options, with the hash format: { 'section' => { 'thing' => 'value' }} * mysql attempts backwards compatibility by forwarding all parameters to mysql::server. --- ## 2013-09-23 - Version 1.0.0 ### Summary This release introduces a number of new type/providers, to eventually replace the database_ ones. The module has been converted to call the new providers rather than the previous ones as they have a number of fixes, additional options, and work with puppet resource. This 1.0.0 release precedes a large refactoring that will be released almost immediately after as 2.0.0. #### Features - Added mysql_grant, mysql_database, and mysql_user. - Add `mysql::bindings` class and refactor all other bindings to be contained underneath mysql::bindings:: namespace. - Added support to back up specified databases only with 'mysqlbackup' parameter. - Add option to mysql::backup to set the backup script to perform a mysqldump on each database to its own file #### Bugfixes - Update my.cnf.pass.erb to allow custom socket support - Add environment variable for .my.cnf in mysql::db. - Add HOME environment variable for .my.cnf to mysqladmin command when (re)setting root password --- ## 2013-07-15 - Version 0.9.0 #### Features - Add `mysql::backup::backuprotate` parameter - Add `mysql::backup::delete_before_dump` parameter - Add `max_user_connections` attribute to `database_user` type #### Bugfixes - Add client package dependency for `mysql::db` - Remove duplicate `expire_logs_days` and `max_binlog_size` settings - Make root's `.my.cnf` file path dynamic - Update pidfile path for Suse variants - Fixes for lint ## 2013-07-05 - Version 0.8.1 #### Bugfixes - Fix a typo in the Fedora 19 support. ## 2013-07-01 - Version 0.8.0 #### Features - mysql::perl class to install perl-DBD-mysql. - minor improvements to the providers to improve reliability - Install the MariaDB packages on Fedora 19 instead of MySQL. - Add new `mysql` class parameters: - `max_connections`: The maximum number of allowed connections. - `manage_config_file`: Opt out of puppetized control of my.cnf. - `ft_min_word_len`: Fine tune the full text search. - `ft_max_word_len`: Fine tune the full text search. - Add new `mysql` class performance tuning parameters: - `key_buffer` - `thread_stack` - `thread_cache_size` - `myisam-recover` - `query_cache_limit` - `query_cache_size` - `max_connections` - `tmp_table_size` - `table_open_cache` - `long_query_time` - Add new `mysql` class replication parameters: - `server_id` - `sql_log_bin` - `log_bin` - `max_binlog_size` - `binlog_do_db` - `expire_logs_days` - `log_bin_trust_function_creators` - `replicate_ignore_table` - `replicate_wild_do_table` - `replicate_wild_ignore_table` - `expire_logs_days` - `max_binlog_size` #### Bugfixes - No longer restart MySQL when /root/.my.cnf changes. - Ensure mysql::config runs before any mysql::db defines. ## 2013-06-26 - Version 0.7.1 #### Bugfixes - Single-quote password for special characters - Update travis testing for puppet 3.2.x and missing Bundler gems ## 2013-06-25 - Version 0.7.0 This is a maintenance release for community bugfixes and exposing configuration variables. * Add new `mysql` class parameters: - `basedir`: The base directory mysql uses - `bind_address`: The IP mysql binds to - `client_package_name`: The name of the mysql client package - `config_file`: The location of the server config file - `config_template`: The template to use to generate my.cnf - `datadir`: The directory MySQL's datafiles are stored - `default_engine`: The default engine to use for tables - `etc_root_password`: Whether or not to add the mysql root password to /etc/my.cnf - `java_package_name`: The name of the java package containing the java connector - `log_error`: Where to log errors - `manage_service`: Boolean dictating if mysql::server should manage the service - `max_allowed_packet`: Maximum network packet size mysqld will accept - `old_root_password`: Previous root user password - `php_package_name`: The name of the phpmysql package to install - `pidfile`: The location mysql will expect the pidfile to be - `port`: The port mysql listens on - `purge_conf_dir`: Value fed to recurse and purge parameters of the /etc/mysql/conf.d resource - `python_package_name`: The name of the python mysql package to install - `restart`: Whether to restart mysqld - `root_group`: Use specified group for root-owned files - `root_password`: The root MySQL password to use - `ruby_package_name`: The name of the ruby mysql package to install - `ruby_package_provider`: The installation suite to use when installing the ruby package - `server_package_name`: The name of the server package to install - `service_name`: The name of the service to start - `service_provider`: The name of the service provider - `socket`: The location of the MySQL server socket file - `ssl_ca`: The location of the SSL CA Cert - `ssl_cert`: The location of the SSL Certificate to use - `ssl_key`: The SSL key to use - `ssl`: Whether or not to enable ssl - `tmpdir`: The directory MySQL's tmpfiles are stored * Deprecate `mysql::package_name` parameter in favor of `mysql::client_package_name` * Fix local variable template deprecation * Fix dependency ordering in `mysql::db` * Fix ANSI quoting in queries * Fix travis support (but still messy) * Fix typos ## 2013-01-11 - Version 0.6.1 * Fix providers when /root/.my.cnf is absent ## 2013-01-09 - Version 0.6.0 * Add `mysql::server::config` define for specific config directives * Add `mysql::php` class for php support * Add `backupcompress` parameter to `mysql::backup` * Add `restart` parameter to `mysql::config` * Add `purge_conf_dir` parameter to `mysql::config` * Add `manage_service` parameter to `mysql::server` * Add syslog logging support via the `log_error` parameter * Add initial SuSE support * Fix remove non-localhost root user when fqdn != hostname * Fix dependency in `mysql::server::monitor` * Fix .my.cnf path for root user and root password * Fix ipv6 support for users * Fix / update various spec tests * Fix typos * Fix lint warnings ## 2012-08-23 - Version 0.5.0 * Add puppetlabs/stdlib as requirement * Add validation for mysql privs in provider * Add `pidfile` parameter to mysql::config * Add `ensure` parameter to mysql::db * Add Amazon linux support * Change `bind_address` parameter to be optional in my.cnf template * Fix quoting root passwords ## 2012-07-24 - Version 0.4.0 * Fix various bugs regarding database names * FreeBSD support * Allow specifying the storage engine * Add a backup class * Add a security class to purge default accounts ## 2012-05-03 - Version 0.3.0 * 14218 Query the database for available privileges * Add mysql::java class for java connector installation * Use correct error log location on different distros * Fix set_mysql_rootpw to properly depend on my.cnf ## 2012-04-11 - Version 0.2.0 ## 2012-03-19 - William Van Hevelingen * (#13203) Add ssl support (f7e0ea5) ## 2012-03-18 - Nan Liu * Travis ci before script needs success exit code. (0ea463b) ## 2012-03-18 - Nan Liu * Fix Puppet 2.6 compilation issues. (9ebbbc4) ## 2012-03-16 - Nan Liu * Add travis.ci for testing multiple puppet versions. (33c72ef) ## 2012-03-15 - William Van Hevelingen * (#13163) Datadir should be configurable (f353fc6) ## 2012-03-16 - Nan Liu * Document create_resources dependency. (558a59c) ## 2012-03-16 - Nan Liu * Fix spec test issues related to error message. (eff79b5) ## 2012-03-16 - Nan Liu * Fix mysql service on Ubuntu. (72da2c5) ## 2012-03-16 - Dan Bode * Add more spec test coverage (55e399d) ## 2012-03-16 - Nan Liu * (#11963) Fix spec test due to path changes. (1700349) ## 2012-03-07 - François Charlier * Add a test to check path for 'mysqld-restart' (b14c7d1) ## 2012-03-07 - François Charlier * Fix path for 'mysqld-restart' (1a9ae6b) ## 2012-03-15 - Dan Bode * Add rspec-puppet tests for mysql::config (907331a) ## 2012-03-15 - Dan Bode * Moved class dependency between sever and config to server (da62ad6) ## 2012-03-14 - Dan Bode * Notify mysql restart from set_mysql_rootpw exec (0832a2c) ## 2012-03-15 - Nan Liu * Add documentation related to osfamily fact. (8265d28) ## 2012-03-14 - Dan Bode * Mention osfamily value in failure message (e472d3b) ## 2012-03-14 - Dan Bode * Fix bug when querying for all database users (015490c) ## 2012-02-09 - Nan Liu * Major refactor of mysql module. (b1f90fd) ## 2012-01-11 - Justin Ellison * Ruby and Python's MySQL libraries are named differently on different distros. (1e926b4) ## 2012-01-11 - Justin Ellison * Per @ghoneycutt, we should fail explicitly and explain why. (09af083) ## 2012-01-11 - Justin Ellison * Removing duplicate declaration (7513d03) ## 2012-01-10 - Justin Ellison * Use socket value from params class instead of hardcoding. (663e97c) ## 2012-01-10 - Justin Ellison * Instead of hardcoding the config file target, pull it from mysql::params (031a47d) ## 2012-01-10 - Justin Ellison * Moved $socket to within the case to toggle between distros. Added a $config_file variable to allow per-distro config file destinations. (360eacd) ## 2012-01-10 - Justin Ellison * Pretty sure this is a bug, 99% of Linux distros out there won't ever hit the default. (3462e6b) ## 2012-02-09 - William Van Hevelingen * Changed the README to use markdown (3b7dfeb) ## 2012-02-04 - Daniel Black * (#12412) mysqltuner.pl update (b809e6f) ## 2011-11-17 - Matthias Pigulla * (#11363) Add two missing privileges to grant: event_priv, trigger_priv (d15c9d1) ## 2011-12-20 - Jeff McCune * (minor) Fixup typos in Modulefile metadata (a0ed6a1) ## 2011-12-19 - Carl Caum * Only notify Exec to import sql if sql is given (0783c74) ## 2011-12-19 - Carl Caum * (#11508) Only load sql_scripts on DB creation (e3b9fd9) ## 2011-12-13 - Justin Ellison * Require not needed due to implicit dependencies (3058feb) ## 2011-12-13 - Justin Ellison * Bug #11375: puppetlabs-mysql fails on CentOS/RHEL (a557b8d) ## 2011-06-03 - Dan Bode - 0.0.1 * initial commit [5.4.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.3.0...5.4.0 [5.3.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.2.1...5.3.0 [5.2.1]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.2.0...5.2.1 [5.2.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.1.0...5.2.0 [5.1.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.0.0...5.1.0 [5.0.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/4.0.1...5.0.0 \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1a9fb3a..e7a3a7c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,271 +1,3 @@ # Contributing to Puppet modules -So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing -that very thing while setting expectations around code quality as well as a few tips for making the -process as easy as possible. - -### Table of Contents - -1. [Getting Started](#getting-started) -1. [Commit Checklist](#commit-checklist) -1. [Submission](#submission) -1. [More about commits](#more-about-commits) -1. [Testing](#testing) - - [Running Tests](#running-tests) - - [Writing Tests](#writing-tests) -1. [Get Help](#get-help) - -## Getting Started - -- Fork the module repository on GitHub and clone to your workspace - -- Make your changes! - -## Commit Checklist - -### The Basics - -- [x] my commit is a single logical unit of work - -- [x] I have checked for unnecessary whitespace with "git diff --check" - -- [x] my commit does not include commented out code or unneeded files - -### The Content - -- [x] my commit includes tests for the bug I fixed or feature I added - -- [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality - -- [x] my code passes existing test suites - -### The Commit Message - -- [x] the first line of my commit message includes: - - - [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line" - - - [x] a short description (50 characters is the soft limit, excluding ticket number(s)) - -- [x] the body of my commit message: - - - [x] is meaningful - - - [x] uses the imperative, present tense: "change", not "changed" or "changes" - - - [x] includes motivation for the change, and contrasts its implementation with the previous behavior - -## Submission - -### Pre-requisites - -- Make sure you have a [GitHub account](https://github.com/join) - -- [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. - -### Push and PR - -- Push your changes to your fork - -- [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization - -## More about commits - - 1. Make separate commits for logically separate changes. - - Please break your commits down into logically consistent units - which include new or changed tests relevant to the rest of the - change. The goal of doing this is to make the diff easier to - read for whoever is reviewing your code. In general, the easier - your diff is to read, the more likely someone will be happy to - review it and get it into the code base. - - If you are going to refactor a piece of code, please do so as a - separate commit from your feature or bug fix changes. - - We also really appreciate changes that include tests to make - sure the bug is not re-introduced, and that the feature is not - accidentally broken. - - Describe the technical detail of the change(s). If your - description starts to get too long, that is a good sign that you - probably need to split up your commit into more finely grained - pieces. - - Commits which plainly describe the things which help - reviewers check the patch and future developers understand the - code are much more likely to be merged in with a minimum of - bike-shedding or requested changes. Ideally, the commit message - would include information, and be in a form suitable for - inclusion in the release notes for the version of Puppet that - includes them. - - Please also check that you are not introducing any trailing - whitespace or other "whitespace errors". You can do this by - running "git diff --check" on your changes before you commit. - - 2. Sending your patches - - To submit your changes via a GitHub pull request, we _highly_ - recommend that you have them on a topic branch, instead of - directly on "master". - It makes things much easier to keep track of, especially if - you decide to work on another thing before your first change - is merged in. - - GitHub has some pretty good - [general documentation](http://help.github.com/) on using - their site. They also have documentation on - [creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/). - - In general, after pushing your topic branch up to your - repository on GitHub, you can switch to the branch in the - GitHub UI and click "Pull Request" towards the top of the page - in order to open a pull request. - - 3. Update the related JIRA issue. - - If there is a JIRA issue associated with the change you - submitted, then you should update the ticket to include the - location of your branch, along with any other commentary you - may wish to make. - -# Testing - -## Getting Started - -Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages, -or Gems, are required to build, develop, and test this software. - -Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to -install all dependencies needed for this project in the project root by running - -```shell -% bundle install --path .bundle/gems -Fetching gem metadata from https://rubygems.org/........ -Fetching gem metadata from https://rubygems.org/.. -Using rake (10.1.0) -Using builder (3.2.2) --- 8><-- many more --><8 -- -Using rspec-system-puppet (2.2.0) -Using serverspec (0.6.3) -Using rspec-system-serverspec (1.0.0) -Using bundler (1.3.5) -Your bundle is complete! -Use `bundle show [gemname]` to see where a bundled gem is installed. -``` - -NOTE: some systems may require you to run this command with sudo. - -If you already have those gems installed, make sure they are up-to-date: - -```shell -% bundle update -``` - -## Running Tests - -With all dependencies in place and up-to-date, run the tests: - -### Unit Tests - -```shell -% bundle exec rake spec -``` - -This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on. -rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json), -rspec tests define them in [.fixtures.yml](./fixtures.yml). - -### Acceptance Tests - -Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under -[VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test -scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system. - -Run the tests by issuing the following command - -```shell -% bundle exec rake spec_clean -% bundle exec rspec spec/acceptance -``` - -This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), -install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) -and then run all the tests under [spec/acceptance](./spec/acceptance). - -## Writing Tests - -### Unit Tests - -When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a -catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs] -but here's a tiny sample: - -Sample manifest: - -```puppet -file { "a test file": - ensure => present, - path => "/etc/sample", -} -``` - -Sample test: - -```ruby -it 'does a thing' do - expect(subject).to contain_file("a test file").with({:path => "/etc/sample"}) -end -``` - -### Acceptance Tests - -Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it -twice to check for idempotency or errors, then run expectations. - -```ruby -it 'does an end-to-end thing' do - pp = <<-EOF - file { 'a test file': - ensure => present, - path => "/etc/sample", - content => "test string", - } - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - -end - -describe file("/etc/sample") do - it { is_expected.to contain "test string" } -end - -``` - -# If you have commit access to the repository - -Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge -in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that -all changes go through a code review process.** - -The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch. - -# Get Help - -### On the web -* [Puppet help messageboard](http://puppet.com/community/get-help) -* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) -* [General GitHub documentation](http://help.github.com/) -* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) - -### On chat -* Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli -* IRC (freenode) #puppet-dev, #voxpupuli - - -[rspec-puppet]: http://rspec-puppet.com/ -[rspec-puppet_docs]: http://rspec-puppet.com/documentation/ -[beaker]: https://github.com/puppetlabs/beaker -[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec +Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need. diff --git a/Gemfile b/Gemfile index e00553f..135373d 100644 --- a/Gemfile +++ b/Gemfile @@ -1,75 +1,63 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' def location_for(place_or_version, fake_version = nil) git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} file_url_regex = %r{\Afile:\/\/(?.*)} if place_or_version && (git_url = place_or_version.match(git_url_regex)) [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] else [place_or_version, { require: false }] end end ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-posix-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-lint-i18n", require: false - gem "github_changelog_generator", require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2') - gem "puppet-resource_api", require: false + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "github_changelog_generator", require: false +end +group :system_tests do + gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] end puppet_version = ENV['PUPPET_GEM_VERSION'] facter_version = ENV['FACTER_GEM_VERSION'] hiera_version = ENV['HIERA_GEM_VERSION'] gems = {} gems['puppet'] = location_for(puppet_version) # If facter or hiera versions have been specified via the environment # variables gems['facter'] = location_for(facter_version) if facter_version gems['hiera'] = location_for(hiera_version) if hiera_version -if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)} - # If we're using a Puppet gem on Windows which handles its own win32-xxx gem - # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). - gems['win32-dir'] = ['<= 0.4.9', require: false] - gems['win32-eventlog'] = ['<= 0.6.5', require: false] - gems['win32-process'] = ['<= 0.7.5', require: false] - gems['win32-security'] = ['<= 0.2.5', require: false] - gems['win32-service'] = ['0.8.8', require: false] -end - gems.each do |gem_name, gem_params| gem gem_name, *gem_params end # Evaluate Gemfile.local and ~/.gemfile if they exist extra_gemfiles = [ "#{__FILE__}.local", File.join(Dir.home, '.gemfile'), ] extra_gemfiles.each do |gemfile| if File.file?(gemfile) && File.readable?(gemfile) eval(File.read(gemfile), binding) end end # vim: syntax=ruby diff --git a/HISTORY.md b/HISTORY.md index 43908d9..85f008a 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,1093 +1,1251 @@ -# Change log +## v11.0.3 -All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.0.2...v11.0.3) + +### Fixed + +- \(IAC-1430\) - Minor docs updating [\#1401](https://github.com/puppetlabs/puppetlabs-mysql/pull/1401) ([pmcmaw](https://github.com/pmcmaw)) + +## [v11.0.2](https://github.com/puppetlabs/puppetlabs-mysql/tree/v11.0.2) (2021-06-07) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.0.1...v11.0.2) + +### Fixed + +- \(bugfix\) - Pull python3-mysqldb in Debian Bullseye [\#1396](https://github.com/puppetlabs/puppetlabs-mysql/pull/1396) ([thomasgoirand](https://github.com/thomasgoirand)) +- Update xtrabackup package name for Ubuntu 20.04 [\#1387](https://github.com/puppetlabs/puppetlabs-mysql/pull/1387) ([rsynnest](https://github.com/rsynnest)) + +## [v11.0.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v11.0.1) (2021-04-19) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v11.0.0...v11.0.1) + +### Fixed + +- Fix: Puppet Unknown variable: 'mysql::params::exec\_path' [\#1378](https://github.com/puppetlabs/puppetlabs-mysql/pull/1378) ([JvGinkel](https://github.com/JvGinkel)) +- \(IAC-1497\) - Removal of unsupported `translate` dependency [\#1375](https://github.com/puppetlabs/puppetlabs-mysql/pull/1375) ([david22swan](https://github.com/david22swan)) +- \(MODULES-10926\) Fix Java binding package for Ubuntu 20.04 [\#1373](https://github.com/puppetlabs/puppetlabs-mysql/pull/1373) ([treydock](https://github.com/treydock)) + +## [v11.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v11.0.0) (2021-03-01) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.10.0...v11.0.0) + +### Changed + +- pdksync - \(MAINT\) Remove SLES 11 support [\#1370](https://github.com/puppetlabs/puppetlabs-mysql/pull/1370) ([sanfrancrisko](https://github.com/sanfrancrisko)) +- pdksync - \(MAINT\) Remove RHEL 5 family support [\#1369](https://github.com/puppetlabs/puppetlabs-mysql/pull/1369) ([sanfrancrisko](https://github.com/sanfrancrisko)) +- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#1366](https://github.com/puppetlabs/puppetlabs-mysql/pull/1366) ([carabasdaniel](https://github.com/carabasdaniel)) + +### Added + +- Support compression command and extension [\#1363](https://github.com/puppetlabs/puppetlabs-mysql/pull/1363) ([dploeger](https://github.com/dploeger)) + +## [v10.10.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.10.0) (2021-02-11) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.9.1...v10.10.0) + +### Added + +- Set default MySQL version for FreeBSD [\#1360](https://github.com/puppetlabs/puppetlabs-mysql/pull/1360) ([olevole](https://github.com/olevole)) + +## [v10.9.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.9.1) (2021-01-06) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.9.0...v10.9.1) + +### Fixed + +- Repair check of logbindir [\#1348](https://github.com/puppetlabs/puppetlabs-mysql/pull/1348) ([qha](https://github.com/qha)) + +## [v10.9.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.9.0) (2020-12-16) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.8.0...v10.9.0) + +### Added + +- \(FEAT\) Add support for Puppet 7 [\#1347](https://github.com/puppetlabs/puppetlabs-mysql/pull/1347) ([daianamezdrea](https://github.com/daianamezdrea)) +- \(IAC-996\) Removal of inappropriate terminology [\#1340](https://github.com/puppetlabs/puppetlabs-mysql/pull/1340) ([pmcmaw](https://github.com/pmcmaw)) + +## [v10.8.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.8.0) (2020-11-03) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.7.1...v10.8.0) + +### Added + +- Add compatibility for Amazon Linux 2 [\#1328](https://github.com/puppetlabs/puppetlabs-mysql/pull/1328) ([greno2](https://github.com/greno2)) + +### Fixed + +- \(IAC-1137\) Ensure curl package is installed for xtrabackup tests [\#1338](https://github.com/puppetlabs/puppetlabs-mysql/pull/1338) ([pmcmaw](https://github.com/pmcmaw)) +- \(MODULES-10788\) - fix for password prompt when creating mysql\_login\_path resource [\#1334](https://github.com/puppetlabs/puppetlabs-mysql/pull/1334) ([andeman](https://github.com/andeman)) +- \(MODULES-10790\) - Setting logbin results in error Unknown variable: 'managed\_dirs\_path' [\#1325](https://github.com/puppetlabs/puppetlabs-mysql/pull/1325) ([pmcmaw](https://github.com/pmcmaw)) +- Fix package for python bindings on Ubuntu 20.04 [\#1323](https://github.com/puppetlabs/puppetlabs-mysql/pull/1323) ([tobias-urdin](https://github.com/tobias-urdin)) + +## [v10.7.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.7.1) (2020-09-25) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.7.0...v10.7.1) + +### Fixed + +- \(IAC-1175\) Pin percona-release to version 1.0-22 for Debian 8 [\#1329](https://github.com/puppetlabs/puppetlabs-mysql/pull/1329) ([pmcmaw](https://github.com/pmcmaw)) +- \[MODULES-10773\] Fix for rh-mysql80 [\#1322](https://github.com/puppetlabs/puppetlabs-mysql/pull/1322) ([carabasdaniel](https://github.com/carabasdaniel)) + +## [v10.7.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.7.0) (2020-08-12) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.6.0...v10.7.0) + +### Added + +- pdksync - \(IAC-973\) - Update travis/appveyor to run on new default branch `main` [\#1316](https://github.com/puppetlabs/puppetlabs-mysql/pull/1316) ([david22swan](https://github.com/david22swan)) +- add package provider and source [\#1314](https://github.com/puppetlabs/puppetlabs-mysql/pull/1314) ([fe80](https://github.com/fe80)) + +### Fixed + +- Remove non printable characters [\#1315](https://github.com/puppetlabs/puppetlabs-mysql/pull/1315) ([elmobp](https://github.com/elmobp)) +- Remove control character from manifests/server.pp [\#1312](https://github.com/puppetlabs/puppetlabs-mysql/pull/1312) ([tomkrouper](https://github.com/tomkrouper)) + +## [v10.6.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.6.0) (2020-06-23) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.5.0...v10.6.0) + +### Added + +- Handle cron package from different module [\#1306](https://github.com/puppetlabs/puppetlabs-mysql/pull/1306) ([ashish1099](https://github.com/ashish1099)) +- \(IAC-746\) - Add ubuntu 20.04 support [\#1303](https://github.com/puppetlabs/puppetlabs-mysql/pull/1303) ([david22swan](https://github.com/david22swan)) +- \(MODULES-1550\) add new Feature MySQL login paths [\#1295](https://github.com/puppetlabs/puppetlabs-mysql/pull/1295) ([andeman](https://github.com/andeman)) + +### Fixed + +- Add managed\_dirs parameter [\#1305](https://github.com/puppetlabs/puppetlabs-mysql/pull/1305) ([evgenkisel](https://github.com/evgenkisel)) +- change split on whitespace to split on tab in mysql\_user [\#1233](https://github.com/puppetlabs/puppetlabs-mysql/pull/1233) ([koshatul](https://github.com/koshatul)) + +## [v10.5.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.5.0) (2020-05-13) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.4.0...v10.5.0) + +### Added + +- Support mariadb's ed25519-based authentication [\#1292](https://github.com/puppetlabs/puppetlabs-mysql/pull/1292) ([dciabrin](https://github.com/dciabrin)) +- Allow changing the mysql-config-file group-ownership [\#1284](https://github.com/puppetlabs/puppetlabs-mysql/pull/1284) ([unki](https://github.com/unki)) + +### Fixed + +- Remove legacy \(old API\) `mysql_password` function [\#1299](https://github.com/puppetlabs/puppetlabs-mysql/pull/1299) ([alexjfisher](https://github.com/alexjfisher)) +- Improve differences between generated mysql service id values [\#1293](https://github.com/puppetlabs/puppetlabs-mysql/pull/1293) ([ryaner](https://github.com/ryaner)) +- \(MODULES-10023\) Fix multiple xtrabackup regressions [\#1245](https://github.com/puppetlabs/puppetlabs-mysql/pull/1245) ([fraenki](https://github.com/fraenki)) +- Fix binarylog by allowing users to specify managed directories [\#1194](https://github.com/puppetlabs/puppetlabs-mysql/pull/1194) ([elfranne](https://github.com/elfranne)) + +## [v10.4.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.4.0) (2020-03-02) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.3.0...v10.4.0) + +### Added + +- Allow adapting MySQL configuration file's permissions mode [\#1278](https://github.com/puppetlabs/puppetlabs-mysql/pull/1278) ([unki](https://github.com/unki)) +- pdksync - \(FM-8581\) - Debian 10 added to travis and provision file refactored [\#1275](https://github.com/puppetlabs/puppetlabs-mysql/pull/1275) ([david22swan](https://github.com/david22swan)) +- Allow backupcompress for xtrabackup profile [\#1196](https://github.com/puppetlabs/puppetlabs-mysql/pull/1196) ([Spuffnduff](https://github.com/Spuffnduff)) +- Enable module to not use default options [\#1192](https://github.com/puppetlabs/puppetlabs-mysql/pull/1192) ([morremeyer](https://github.com/morremeyer)) + +## [v10.3.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.3.0) (2019-12-11) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.2.1...v10.3.0) + +### Added + +- \(FM-8677\) - Support added for CentOS 8 [\#1254](https://github.com/puppetlabs/puppetlabs-mysql/pull/1254) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- Fix java and ruby binding packages for Debian 10 [\#1264](https://github.com/puppetlabs/puppetlabs-mysql/pull/1264) ([treydock](https://github.com/treydock)) +- \(MODULES-10114\) Confine fact for only when mysql is in PATH [\#1256](https://github.com/puppetlabs/puppetlabs-mysql/pull/1256) ([bFekete](https://github.com/bFekete)) ## [v10.2.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.2.1) (2019-10-30) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.2.0...v10.2.1) ### Fixed - Fix mysql::sql task error message [\#1243](https://github.com/puppetlabs/puppetlabs-mysql/pull/1243) ([alexjfisher](https://github.com/alexjfisher)) - Fix xtrabackup regression introduced in \#1207 [\#1242](https://github.com/puppetlabs/puppetlabs-mysql/pull/1242) ([fraenki](https://github.com/fraenki)) - Repair mysql\_grant docs and diagnostics [\#1237](https://github.com/puppetlabs/puppetlabs-mysql/pull/1237) ([qha](https://github.com/qha)) ## [v10.2.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.2.0) (2019-09-24) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.1.0...v10.2.0) ### Added - FM-8406 add support on Debian10 [\#1230](https://github.com/puppetlabs/puppetlabs-mysql/pull/1230) ([lionce](https://github.com/lionce)) - Make backup success file path configurable [\#1207](https://github.com/puppetlabs/puppetlabs-mysql/pull/1207) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB)) ### Fixed - No package under FreeBSD [\#1227](https://github.com/puppetlabs/puppetlabs-mysql/pull/1227) ([jas01](https://github.com/jas01)) - Fix group on FreeBSD [\#1226](https://github.com/puppetlabs/puppetlabs-mysql/pull/1226) ([jas01](https://github.com/jas01)) - Don't run fact when you can't find mysqld [\#1224](https://github.com/puppetlabs/puppetlabs-mysql/pull/1224) ([jstewart612](https://github.com/jstewart612)) - Bugfix on Debian 9 : ruby\_package\_name must be ruby-mysql2 [\#1223](https://github.com/puppetlabs/puppetlabs-mysql/pull/1223) ([leopoiroux](https://github.com/leopoiroux)) - Fix errors for /bin/sh with the xtrabackup cron [\#1222](https://github.com/puppetlabs/puppetlabs-mysql/pull/1222) ([baldurmen](https://github.com/baldurmen)) - Fix/fix dependency issue in freebsd with log error file creation from 10.0.0 [\#1221](https://github.com/puppetlabs/puppetlabs-mysql/pull/1221) ([rick-pri](https://github.com/rick-pri)) ## [v10.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.1.0) (2019-07-30) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v10.0.0...v10.1.0) ### Added - Allow backup::mysqldump::time to accept monthday, month, weekday [\#1214](https://github.com/puppetlabs/puppetlabs-mysql/pull/1214) ([malakai97](https://github.com/malakai97)) ## [v10.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v10.0.0) (2019-06-26) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v9.1.0...v10.0.0) ### Added - add support for rh-mariadb102 [\#1209](https://github.com/puppetlabs/puppetlabs-mysql/pull/1209) ([martin-schlossarek](https://github.com/martin-schlossarek)) - Freebsd compat [\#1208](https://github.com/puppetlabs/puppetlabs-mysql/pull/1208) ([kapouik](https://github.com/kapouik)) ### Fixed - FM-7982 - update provisioner to docker\_exp [\#1205](https://github.com/puppetlabs/puppetlabs-mysql/pull/1205) ([lionce](https://github.com/lionce)) ## [v9.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v9.1.0) (2019-06-10) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/v9.0.0...v9.1.0) ### Added - Add option to specify $backupdir as a symlink target, for use with dm… [\#1200](https://github.com/puppetlabs/puppetlabs-mysql/pull/1200) ([comport3](https://github.com/comport3)) - \(FM-8029\) Add RedHat 8 support [\#1199](https://github.com/puppetlabs/puppetlabs-mysql/pull/1199) ([eimlav](https://github.com/eimlav)) - Allow own Xtrabackup script [\#1189](https://github.com/puppetlabs/puppetlabs-mysql/pull/1189) ([SaschaDoering](https://github.com/SaschaDoering)) - Litmus conversion [\#1175](https://github.com/puppetlabs/puppetlabs-mysql/pull/1175) ([pmcmaw](https://github.com/pmcmaw)) ### Fixed - \(MODULES-6875,MODULES-7487\) - Fix mariadb mysql\_user password idempotency [\#1195](https://github.com/puppetlabs/puppetlabs-mysql/pull/1195) ([alexjfisher](https://github.com/alexjfisher)) ## [v9.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/v9.0.0) (2019-05-21) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/8.1.0...v9.0.0) ### Changed - pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1184](https://github.com/puppetlabs/puppetlabs-mysql/pull/1184) ([david22swan](https://github.com/david22swan)) ### Added - Make incremental backups deactivable [\#1188](https://github.com/puppetlabs/puppetlabs-mysql/pull/1188) ([SaschaDoering](https://github.com/SaschaDoering)) - Allow multiple backupmethods [\#1187](https://github.com/puppetlabs/puppetlabs-mysql/pull/1187) ([SaschaDoering](https://github.com/SaschaDoering)) ### Fixed - Fix the contribution guide URL [\#1190](https://github.com/puppetlabs/puppetlabs-mysql/pull/1190) ([mauricemeyer](https://github.com/mauricemeyer)) - \(MODULES-8886\) Revert removal of deepmerge function [\#1181](https://github.com/puppetlabs/puppetlabs-mysql/pull/1181) ([eimlav](https://github.com/eimlav)) - Fixed Changelog links for 8.1.0 [\#1180](https://github.com/puppetlabs/puppetlabs-mysql/pull/1180) ([mauricemeyer](https://github.com/mauricemeyer)) ## [8.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/8.1.0) (2019-04-03) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/8.0.1...8.1.0) ### Added - Rotate option for xtrabackup script [\#1176](https://github.com/puppetlabs/puppetlabs-mysql/pull/1176) ([elfranne](https://github.com/elfranne)) - Add support for dynamic backupmethods/mariabackup [\#1171](https://github.com/puppetlabs/puppetlabs-mysql/pull/1171) ([danquack](https://github.com/danquack)) ### Fixed - \(MODULES-6627\) Remove unused --host flags from mysqlcaller [\#1174](https://github.com/puppetlabs/puppetlabs-mysql/pull/1174) ([david22swan](https://github.com/david22swan)) - Set correct packagename for ruby\_mysql on Ubuntu 18.04 [\#1163](https://github.com/puppetlabs/puppetlabs-mysql/pull/1163) ([datty](https://github.com/datty)) - \[MODULES-8779\] Set proper python\_package\_name for RHEL/CentOS 8 [\#1161](https://github.com/puppetlabs/puppetlabs-mysql/pull/1161) ([javierpena](https://github.com/javierpena)) - fix install ordering for innodb data size [\#1160](https://github.com/puppetlabs/puppetlabs-mysql/pull/1160) ([fe80](https://github.com/fe80)) ## [8.0.1](https://github.com/puppetlabs/puppetlabs-mysql/tree/8.0.1) (2019-03-20) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/8.0.0...8.0.1) ### Fixed - \(MODULES-8684\) - Removing private tags from Puppet Types [\#1170](https://github.com/puppetlabs/puppetlabs-mysql/pull/1170) ([david22swan](https://github.com/david22swan)) ## [8.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/8.0.0) (2019-01-18) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/7.0.0...8.0.0) ### Changed - \(MODULES-8193\) - Removal of inbuilt deepmerge and dirname functions [\#1145](https://github.com/puppetlabs/puppetlabs-mysql/pull/1145) ([david22swan](https://github.com/david22swan)) ### Added - \(MODULES-3539\) Allow @ in username [\#1155](https://github.com/puppetlabs/puppetlabs-mysql/pull/1155) ([Fogelholk](https://github.com/Fogelholk)) - \(MODULES-8144\) - Add support for SLES 15 [\#1146](https://github.com/puppetlabs/puppetlabs-mysql/pull/1146) ([eimlav](https://github.com/eimlav)) - Added support for RHSCL mysql versions and support for .mylogin.cnf for MySQL 5.6.6+ [\#1061](https://github.com/puppetlabs/puppetlabs-mysql/pull/1061) ([DJMuggs](https://github.com/DJMuggs)) ### Fixed - \(MODULES-8193\) - Wrapper methods created for inbuilt 4.x functions [\#1151](https://github.com/puppetlabs/puppetlabs-mysql/pull/1151) ([david22swan](https://github.com/david22swan)) - pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1150](https://github.com/puppetlabs/puppetlabs-mysql/pull/1150) ([tphoney](https://github.com/tphoney)) - Add includedir for Gentoo [\#1147](https://github.com/puppetlabs/puppetlabs-mysql/pull/1147) ([baurmatt](https://github.com/baurmatt)) - add mysql\_native\_password for mariadb 10.2 in password\_hash [\#1117](https://github.com/puppetlabs/puppetlabs-mysql/pull/1117) ([mlk-89](https://github.com/mlk-89)) - Removing query\_cache ops that are no longer supported in MySQL \>= 8.0 [\#1107](https://github.com/puppetlabs/puppetlabs-mysql/pull/1107) ([ernstae](https://github.com/ernstae)) ## [7.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/7.0.0) (2018-10-25) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/6.2.0...7.0.0) ### Changed - \(MODULES-6923\) remove staging module [\#1115](https://github.com/puppetlabs/puppetlabs-mysql/pull/1115) ([tphoney](https://github.com/tphoney)) ### Added - \(MODULES-7857\) Support user creation on galera [\#1130](https://github.com/puppetlabs/puppetlabs-mysql/pull/1130) ([MaxFedotov](https://github.com/MaxFedotov)) - MySQL 8 compatibility in user management [\#1092](https://github.com/puppetlabs/puppetlabs-mysql/pull/1092) ([zpetr](https://github.com/zpetr)) ### Fixed - \(MODULES-7487\) Check authentication string for user password on MariaDB 10.2.16+ [\#1135](https://github.com/puppetlabs/puppetlabs-mysql/pull/1135) ([gguillotte](https://github.com/gguillotte)) ## [6.2.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/6.2.0) (2018-09-27) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/6.1.0...6.2.0) ### Added - pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1127](https://github.com/puppetlabs/puppetlabs-mysql/pull/1127) ([tphoney](https://github.com/tphoney)) ### Fixed - \(maint\) - Change versioning comparison [\#1123](https://github.com/puppetlabs/puppetlabs-mysql/pull/1123) ([eimlav](https://github.com/eimlav)) ## [6.1.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/6.1.0) (2018-09-13) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/6.0.0...6.1.0) ### Fixed - pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1114](https://github.com/puppetlabs/puppetlabs-mysql/pull/1114) ([pmcmaw](https://github.com/pmcmaw)) - \(MODULES-6981\) Do not try to read ~root/.my.cnf when calling "mysqld -V" [\#1063](https://github.com/puppetlabs/puppetlabs-mysql/pull/1063) ([simondeziel](https://github.com/simondeziel)) ## [6.0.0](https://github.com/puppetlabs/puppetlabs-mysql/tree/6.0.0) (2018-08-01) [Full Changelog](https://github.com/puppetlabs/puppetlabs-mysql/compare/5.4.0...6.0.0) ### Changed - \[FM-6962\] Removal of unsupported OS from mysql [\#1086](https://github.com/puppetlabs/puppetlabs-mysql/pull/1086) ([david22swan](https://github.com/david22swan)) ### Added - \(FM-5985\) - Addition of support for Ubuntu 18.04 to mysql [\#1104](https://github.com/puppetlabs/puppetlabs-mysql/pull/1104) ([david22swan](https://github.com/david22swan)) - \(MODULES-7439\) - Implementing beaker-testmode\_switcher [\#1095](https://github.com/puppetlabs/puppetlabs-mysql/pull/1095) ([pmcmaw](https://github.com/pmcmaw)) - Support for optional\_\_args and prescript to mysqldump backup provider [\#1083](https://github.com/puppetlabs/puppetlabs-mysql/pull/1083) ([eputnam](https://github.com/eputnam)) - Allow empty user passwords [\#1075](https://github.com/puppetlabs/puppetlabs-mysql/pull/1075) ([ThoTischner](https://github.com/ThoTischner)) - Add user tls\_options and grant options to mysql::db [\#1065](https://github.com/puppetlabs/puppetlabs-mysql/pull/1065) ([edestecd](https://github.com/edestecd)) - Use puppet4 functions-api [\#1044](https://github.com/puppetlabs/puppetlabs-mysql/pull/1044) ([juliantodt](https://github.com/juliantodt)) - Replaced 'DROP USER' with 'DROP USER IF EXISTS' [\#942](https://github.com/puppetlabs/puppetlabs-mysql/pull/942) ([libertamohamed](https://github.com/libertamohamed)) ### Fixed - \(MODULES-7353\) Enable service for Debian 9 [\#1094](https://github.com/puppetlabs/puppetlabs-mysql/pull/1094) ([david22swan](https://github.com/david22swan)) - Update locales test for Debian 9 [\#1091](https://github.com/puppetlabs/puppetlabs-mysql/pull/1091) ([HelenCampbell](https://github.com/HelenCampbell)) - \[FM-7045\] Fix to allow Debian 9 test's to run clean [\#1088](https://github.com/puppetlabs/puppetlabs-mysql/pull/1088) ([david22swan](https://github.com/david22swan)) - \(MODULES-7198\) Fix DROP USER IF EXISTS on mariadb [\#1082](https://github.com/puppetlabs/puppetlabs-mysql/pull/1082) ([hunner](https://github.com/hunner)) ## 5.4.0 ### Added - \(PDOC-210\) Puppet Strings documentation [\#1068](https://github.com/puppetlabs/puppetlabs-mysql/pull/1068) ([hunner](https://github.com/hunner)) - Compatibility for Alpine linux [\#1049](https://github.com/puppetlabs/puppetlabs-mysql/pull/1049) ([cisco87](https://github.com/cisco87)) ### Fixed - \(MODULES-6627\) Removed unused --host flag from mysqlcaller [\#1064](https://github.com/puppetlabs/puppetlabs-mysql/pull/1064) ([HelenCampbell](https://github.com/HelenCampbell)) - Fixed archlinux compatibility [\#1057](https://github.com/puppetlabs/puppetlabs-mysql/pull/1057) ([bastelfreak](https://github.com/bastelfreak)) - Changed input param option in export.json from sql to file [\#1054](https://github.com/puppetlabs/puppetlabs-mysql/pull/1054) ([cgoswami](https://github.com/cgoswami)) ## Supported Release [5.3.0] ### Summary This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes, a new task and support for `GRANTS FUNCTION`. ### Added - Add support for `GRANTS FUNCTION` ([MODULES-2075](https://tickets.puppet.com/browse/MODULES-2075)). - Add Export database task. - PDK Convert mysql ([MODULES-6454](https://tickets.puppet.com/browse/MODULES-6454)). ### Changed - Allow authentication plugin to be changed. - Update mysql_user provider. - Plugins don't exist before 5.5; password field name changed - Fix helpful rubocops and disable hurtful cops. - Addressing puppet-lint and rubocop errors - Remove update bundler and add ignore .DS_Store - Skip rubocop warning in task. - Fix a typo in a classname in the changelog. ## Supported Release [5.2.1] ### Summary This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. ### Fixed - Fix export and mysql tasks for arbitrary remote code ## Supported Release [5.2.0] ### Added - Compatibility for puppet-staging 3.0.0 ### Fixed - Centralize all mysql command calls for providers - Add paths to `mysql_datadir` provider for RedHat Software Collections ## Supported Release [5.1.0] ### Summary This release adds Tasks to the Mysql module. #### Added - Adds the execute sql task. ## Supported Release [5.0.0] ### Summary This is a major release that adds support for string translation. Currently the only supported language besides English is Japanese. #### Added - Several gem dependencies required for translation. - Wrapping of strings that require translation. Strings in ruby code are now wrapped with `_()` and strings in puppet code with `translate()`. - Debian 9 support #### Changed - The default php_package_name for Debian and Ubuntu to `php-mysql` ## Supported Release 4.0.1 ### Summary This is a small bugfix release that makes `mysql_install_db` optional and fixes some regular expression issues. #### Bugfixes - ([MODULES-5528](https://tickets.puppet.com/browse/MODULES-5528)) Fixes the `mysql_install_db` command so that it is optional - ([MODULES-5602](https://tickets.puppet.com/browse/MODULES-5602)) Removes superfluous backslashes in some regular expressions that were causing instability ## Supported Release 4.0.0 ### Summary This release sees the enablement of rubocop, also an update to the lib directory with rubocop fixes and several other changes and fixes. Also a bump to the Puppet version compatibility and several Puppet language updates. #### Added - Updated README.md with example how to install MySQL Community Server 5.6 on Centos 7.3 - Enabled Rubocop and addition of Rubocop fixes for /lib directory. #### Removed - Dropped legacy tests for db.pp. #### Changed - Replaced validate function calls with datatypes in db.pp. - Bumped recommended puppet version to between 4.7.0 and 6.0.0. - Conditionalize name validation in mysql_grant type. ([MODULES-4604](https://tickets.puppet.com/browse/MODULES-4604)) #### Fixed - Removal of invalid parameter provider on Mysql_user[user@localhost] in mysql::db ([MODULES-4115](https://tickets.puppet.com/browse/MODULES-4115)) - Fixed server_service_name for Debian/stretch. - Spec fixes for Puppet 5. - Test update for fix:create procedure, then grant ([MODULES-5390](https://tickets.puppet.com/browse/MODULES-5390)) - Fixing empty user/password issue for xtrabackup. Now defaults as undef instead of ''. - Remove unsupported Ubuntu versions ([MODULES-5501](https://tickets.puppet.com/browse/MODULES-5501)) ## Supported Release 3.11.0 ### Summary This release includes README and metadata translations to Japanese, as well as some enhancements and bugfixes. #### Added - New flag for successful backups - Solaris support improvements - New parameter `optional_args` for extra innobackupex options - Specify environment variables (e.g. https_proxy) for MySQLTuner download. - Check to only install bzip2 if `$backupcompress` is `true` - Debian 9 compatibility - Japanese README #### Fixed - Syntax errors - Bug where error logs were being created before the datadir was initialized (MODULES-4743) ## Supported Release 3.10.0 ### Summary This release includes new features for setting TLS options on a mysql user, a new parameter to allow specifying tool to import sql files, as well as various bugfixes. #### Features - (MODULES-3879) Adds `import_cat_cmd` parameter to specify the command to read sql files - Adds support for setting `tls_options` in `mysql_user` #### Bugfixes - (MODULES-3557) Adds Ubuntu 16.04 package names for language bindings - (MODULES-3907) Adds MySQL/Percona 5.7 initialize on fresh deploy ## Supported Release 3.9.0 ### Summary This release adds Percona 5.7 support and compatibility with Ubuntu 16.04, in addition to various bugfixes. #### Features - (MODULES-3441) Adds the `mysqld_version` fact - (MODULES-3513) Adds a new backup dump parameter `maxallowedpacket` - Adds new parameter `xtrabackup_package_name` to `mysql::backup::xtrabackup` class - Adds ability to revoke GRANT privilege #### Bugfixes - Fixes a bug where `mysql_user` fails if facter cannot retrieve fqdn. - Fix global parameter usage in backup script - Adds support for `puppet-staging` version `2.0.0` - (MODULES-3601) Moves binary logging configuration to take place after package install - (MODULES-3711) Add limit to mysql server ID generated value - (MODULES-3698) Fixes defaults for SLES12 - Updates user name length restrictions for MySQL version 5.7.8 and above. - Fixes a bug where error log is not writable by owner ## Supported Release 3.8.0 ### Summary This release adds Percona 5.7 support and compatibility with Ubuntu 16.04, in addition to various bugfixes. #### Features - Adds support for Percona 5.7 - Adds support for Ubuntu 16.04 (Xenial) #### Known Limitations - The mysqlbackup.sh script will not work on MySQL 5.7.0 and up. #### Bugfixes - Use mysql_install_db only with uniq defaults-extra-file - Updates mysqlbackup.sh to ensure backup directory exist - Loosen MariaDB recognition to fix it on Debian 8 - Allow mysql::backup::mysqldump to access root_group in tests - Fixed problem with ignoring parameters from global configs - Fixes ordering issue that initialized mysqld before config is set - (MODULES-1256) Fix parameters on OpenSUSE 12 - Fixes install errors on Debian-based OS by configuring the base of includedir - Configure the configfile location for mariadb - Default mysqld_type return value should be 'mysql' if another type is not detected - Make sure that bzip2 is installed before setting up the cron tab job using mysqlbackup.sh - Fixes path issue on FreeBSD - Check that /var/lib/mysql actually contains files - Removes mysql regex when checking type - (MODULES-2111) Add the system database to user related actions - Updates default group for logfiles on Debian-based OS to 'adm' - Fixes an issue with Amazon linux major release 4 installation - Fixes 'mysql_install_db' script support on Gentoo - Removes erroneous anchors to mysql::client from mysql::db - Adds path to be able to find MySQL 5.5 installation on CentOS ## Supported Release 3.7.0 ### Summary A large release with several new features. Also includes a considerable amount of bugfixes, many around compatibility and improvements to current functionality. #### Features - Now uses mariadb in OpenSuSE >= 13.1. - Switch to rspec-puppet-facts. - Additional function to check if table exists before grant. - Add ability to input password hash directly. - Now checking major release instead of specific release. - Debian 8 support. #### Bugfixes - Minor doc update. - Fixes improper use of function `warn` in backup manifest of server. - Fixes to Compatibility with PE 3.3. - Fixes `when not managing config file` in `mysql_server_spec`. - Improved user validation and munging. - Fixes fetching the mysql_user password for MySQL >=5.7.6. - Fixes unique server_id within my.cnf, the issue were the entire mac address was not being read in to generate the id. - Corrects the daemon_dev_package_name for mariadb on redhat. - Fix version compare to properly suppress show_diff for root password. - Fixes to ensure compatibility with future parser. - Solaris removed from PE in metadata as its not supported. - Use MYSQL_PWD to avoid mysqldump warnings. - Use temp cnf file instead of env variable which creates acceptance test failures. - No longer hash passwords that are already hashed. - Fix Gemfile to work with ruby 1.8.7. - Fixed MySQL 5.7.6++ compatibility. - Fixing error when disabling service management and the service does not exist. - Ubuntu vivid should use systemd not upstart. - Fixed new mysql_datadir provider on CentOS for MySQl 5.7.6 compatibility. - Ensure if service restart to wait till mysql is up. - Move all dependencies to not have them in case of service unmanaged. - Re-Added the ability to set a empty string as option parameter. - Fixes edge-case with dropping pre-existing users with grants. - Fix logic for choosing rspec version. - Refactored main acceptance suite. - Skip idempotency tests on test cells that do have PUP-5016 unfixed. - Fix tmpdir to be shared across examples. - Update to current msync configs [006831f]. - Fix mysql_grant with MySQL ANSI_QUOTES mode. - Generate .my.cnf for all sections. ## Supported Release 3.6.2 ### Summary Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. ## 2015-09-22 - Supported Release 3.6.1 ### Summary This is a security and bugfix release that fixes incorrect username truncation in the munge for the mysql_user type, incorrect function used in `mysql::server::backup` and fixes compatibility issues with PE 3.3.x. #### Bugfixes - Loosen the regex in mysql_user munging so the username is not unintentionally truncated. - Use `warning()` not `warn()` - Metadata had inadvertantly dropped 3.3.x support - Some 3.3.x compatibility issues in `mysqltuner` were corrected ## 2015-08-10 - Supported Release 3.6.0 ### Summary This release adds the ability to use mysql::db and `mysql_*` types against unmanaged or external mysql instances. #### Features - Add ability to use mysql::db WITHOUT mysql::server (ie, externally) - Add prescript attribute to mysql::server::backup for xtrabackup - Add postscript ability to xtrabackup provider. #### Bugfixes - Fix default root passwords blocking puppet on mysql 5.8 - Fix service dependency when package_manage is false - Fix selinux permissions on my.cnf ## 2015-07-23 - Supported Release 3.5.0 ### Summary A small release to add explicit support to newer Puppet versions and accumulated patches. #### Features/Improvements - Start running tests against puppet 4 - Support longer usernames on newer MariaDB versions - Add parameters for Solaris 11 and 12 #### Bugfixes - Fix references to the mysql-server package - mysql_server_id doesn't throw and error on machines without macaddress ## 2015-05-19 - Supported Release 3.4.0 ### Summary This release includes the addition of extra facts, OpenBSD compatibility, and a number of other features, improvements and bug fixes. #### Features/Improvements - Added server_id fact which includes mac address for better uniqueness - Added OpenBSD compatibility, only for 'OpenBSD -current' (due to the recent switch to mariadb) - Added a $mysql_group parameter, and use that instead of the $root_group parameter to define the group membership of the mysql error log file. - Updated tests for rspec-puppet 2 and future parser - Further acceptance testing improvements - MODULES-1928 - allow log-error to be undef - Split package installation and database install - README wording improvements - Added options for including/excluding triggers and routines - Made the 'TRIGGER' privilege of mysqldump backups depend on whether or not we are actually backing up triggers - Cleaned up the privilege assignment in the mysqldump backup script - Add a fact for capturing the mysql version installed #### Bugfixes - mysql backup: fix regression in mysql_user call - Set service_ensure to undef, in the case of an unmanaged service - README Typos fixed - Bugfix on Xtrabackup crons - Fixed a permission problem that was preventing triggers from being backed up - MODULES-1981: Revoke and grant difference of old and new privileges - Fix an issue were we assume triggers work - Change default for mysql::server::backup to ignore_triggers = false #### Deprecations mysql::server::old_root_password property ## 2015-03-03 - Supported Release 3.3.0 ### Summary This release includes major README updates, the addition of backup providers, and a fix for managing the log-bin directory. #### Features - Add package_manage parameters to `mysql::server` and `mysql::client` (MODULES-1143) - README improvements - Add `mysqldump`, `mysqlbackup`, and `xtrabackup` backup providers. #### Bugfixes - log-error overrides were not being properly used (MODULES-1804) - check for full path for log-bin to stop puppet from managing file '.' ## 2015-02-09 - Supported Release 3.2.0 ### Summary This release includes several new features and bugfixes, including support for various plugins, making the output from mysql_password more consistent when input is empty and improved username validation. #### Features - Add type and provider to manage plugins - Add support for authentication plugins - Add support for mysql_install_db on freebsd - Add `create_root_user` and `create_root_my_cnf` parameters to `mysql::server` #### Bugfixes - Remove dependency on stdlib >= 4.1.0 (MODULES-1759) - Make grant autorequire user - Remove invalid parameter 'provider' from mysql_user instance (MODULES-1731) - Return empty string for empty input in mysql_password - Fix `mysql::account_security` when fqdn==localhost - Update username validation (MODULES-1520) - Future parser fix in params.pp - Fix package name for debian 8 - Don't start the service until the server package is installed and the config file is in place - Test fixes - Lint fixes ## 2014-12-16 - Supported Release 3.1.0 ### Summary This release includes several new features, including SLES12 support, and a number of bug fixes. #### Notes `mysql::server::mysqltuner` has been refactored to fetch the mysqltuner script from github by default. If you are running on a non-network-connected system, you will need to download that file and have it available to your node at a path specified by the `source` parameter to the `mysqltuner` class. #### Features - Add support for install_options for all package resources (MODULES-1484) - Add log-bin directory creation - Allow mysql::db to import multiple files (MODULES-1338) - SLES12 support - Improved identifier quoting detections - Reworked `mysql::server::mysqltuner` so that we are no longer packaging the script as it is licensed under the GPL. #### Bugfixes - Fix regression in username validation - Proper containment for mysql::client in mysql::db - Support quoted usernames of length 15 and 16 chars ## 2014-11-11 - Supported Release 3.0.0 ### Summary Added several new features including MariaDB support and future parser #### Backwards-incompatible Changes * Remove the deprecated `database`, `database_user`, and `database_grant` resources. The correct resources to use are `mysql`, `mysql_user`, and `mysql_grant` respectively. #### Features * Add MariaDB Support * The mysqltuner perl script has been updated to 1.3.0 based on work at http://github.com/major/MySQLTuner-perl * Add future parse support, fixed issues with undef to empty string * Pass the backup credentials to 'SHOW DATABASES' * Ability to specify the Includedir for `mysql::server` * `mysql::db` now has an import\_timeout feature that defaults to 300 * The `mysql` class has been removed * `mysql::server` now takes an `override_options` hash that will affect the installation * Ability to install both dev and client dev #### BugFix * `mysql::server::backup` now passes `ensure` param to the nested `mysql_grant` * `mysql::server::service` now properly requires the presence of the `log_error` file * `mysql::config` now occurs before `mysql::server::install_db` correctly ## 2014-07-15 - Supported Release 2.3.1 ### Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. ## 2014-05-14 - Supported Release 2.3.0 This release primarily adds support for RHEL7 and Ubuntu 14.04 but it also adds a couple of new parameters to allow for further customization, as well as ensuring backups can backup stored procedures properly. #### Features Added `execpath` to allow a custom executable path for non-standard mysql installations. Added `dbname` to mysql::db and use ensure_resource to create the resource. Added support for RHEL7 and Fedora Rawhide. Added support for Ubuntu 14.04. Create a warning for if you disable SSL. Ensure the error logfile is owned by MySQL. Disable ssl on FreeBSD. Add PROCESS privilege for backups. #### Bugfixes #### Known Bugs * No known bugs ## 2014-03-04 - Supported Release 2.2.3 ### Summary This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath. #### Features #### Bugfixes #### Known Bugs * No known bugs ## 2014-03-04 - Supported Release 2.2.2 ### Summary This is a supported release. Mostly comprised of enhanced testing, plus a bugfix for Suse. #### Bugfixes - PHP bindings on Suse - Test fixes #### Known Bugs * No known bugs ## 2014-02-19 - Version 2.2.1 ### Summary Minor release that repairs mysql_database{} so that it sees the correct collation settings (it was only checking the global mysql ones, not the actual database and constantly setting it over and over since January 22nd). Also fixes a bunch of tests on various platforms. ## 2014-02-13 - Version 2.2.0 ### Summary #### Features - Add `backupdirmode`, `backupdirowner`, `backupdirgroup` to mysql::server::backup to allow customizing the mysqlbackupdir. - Support multiple options of the same name, allowing you to do 'replicate-do-db' => ['base1', 'base2', 'base3'] in order to get three lines of replicate-do-db = base1, replicate-do-db = base2 etc. #### Bugfixes - Fix `restart` so it actually stops mysql restarting if set to false. - DRY out the defaults_file functionality in the providers. - mysql_grant fixed to work with root@localhost/@. - mysql_grant fixed for WITH MAX_QUERIES_PER_HOUR - mysql_grant fixed so revoking all privileges accounts for GRANT OPTION - mysql_grant fixed to remove duplicate privileges. - mysql_grant fixed to handle PROCEDURES when removing privileges. - mysql_database won't try to create existing databases, breaking replication. - bind_address renamed bind-address in 'mysqld' options. - key_buffer renamed to key_buffer_size. - log_error renamed to log-error. - pid_file renamed to pid-file. - Ensure mysql::server::root_password runs before mysql::server::backup - Fix options_override -> override_options in the README. - Extensively rewrite the README to be accurate and awesome. - Move to requiring stdlib 3.2.0, shipped in PE3.0 - Add many new tests. ## 2013-11-13 - Version 2.1.0 ### Summary The most important changes in 2.1.0 are improvements to the my.cnf creation, as well as providers. Setting options to = true strips them to be just the key name itself, which is required for some options. The provider updates fix a number of bugs, from lowercase privileges to deprecation warnings. Last, the new hiera integration functionality should make it easier to externalize all your grants, users, and, databases. Another great set of community submissions helped to make this release. #### Features - Some options can not take a argument. Gets rid of the '= true' when an option is set to true. - Easier hiera integration: Add hash parameters to mysql::server to allow specifying grants, users, and databases. #### Bugfixes - Fix an issue with lowercase privileges in mysql_grant{} causing them to be reapplied needlessly. - Changed defaults-file to defaults-extra-file in providers. - Ensure /root/.my.cnf is 0600 and root owned. - database_user deprecation warning was incorrect. - Add anchor pattern for client.pp - Documentation improvements. - Various test fixes. ## 2013-10-21 - Version 2.0.1 ### Summary This is a bugfix release to handle an issue where unsorted mysql_grant{} privileges could cause Puppet to incorrectly reapply the permissions on each run. #### Bugfixes - Mysql_grant now sorts privileges in the type and provider for comparison. - Comment and test tweak for PE3.1. ## 2013-10-14 - Version 2.0.0 ### Summary (Previously detailed in the changelog for 2.0.0-rc1) This module has been completely refactored and works significantly different. The changes are broad and touch almost every piece of the module. See the README.md for full details of all changes and syntax. Please remain on 1.0.0 if you don't have time to fully test this in dev. * mysql::server, mysql::client, and mysql::bindings are the primary interface classes. * mysql::server takes an `override_options` parameter to set my.cnf options, with the hash format: { 'section' => { 'thing' => 'value' }} * mysql attempts backwards compatibility by forwarding all parameters to mysql::server. ## 2013-10-09 - Version 2.0.0-rc5 ### Summary Hopefully the final rc! Further fixes to mysql_grant (stripping out the cleverness so we match a much wider range of input.) #### Bugfixes - Make mysql_grant accept '.*'@'.*' in terms of input for user@host. ## 2013-10-09 - Version 2.0.0-rc4 ### Summary Bugfixes to mysql_grant and mysql_user form the bulk of this rc, as well as ensuring that values in the override_options hash that contain a value of '' are created as just "key" in the conf rather than "key =" or "key = false". #### Bugfixes - Improve mysql_grant to work with IPv6 addresses (both long and short). - Ensure @host users work as well as user@host users. - Updated my.cnf template to support items with no values. ## 2013-10-07 - Version 2.0.0-rc3 ### Summary Fix mysql::server::monitor's use of mysql_user{}. #### Bugfixes - Fix myql::server::monitor's use of mysql_user{} to grant the proper permissions. Add specs as well. (Thanks to treydock!) ## 2013-10-03 - Version 2.0.0-rc2 ### Summary Bugfixes #### Bugfixes - Fix a duplicate parameter in mysql::server ## 2013-10-03 - Version 2.0.0-rc1 ### Summary This module has been completely refactored and works significantly different. The changes are broad and touch almost every piece of the module. See the README.md for full details of all changes and syntax. Please remain on 1.0.0 if you don't have time to fully test this in dev. * mysql::server, mysql::client, and mysql::bindings are the primary interface classes. * mysql::server takes an `override_options` parameter to set my.cnf options, with the hash format: { 'section' => { 'thing' => 'value' }} * mysql attempts backwards compatibility by forwarding all parameters to mysql::server. --- ## 2013-09-23 - Version 1.0.0 ### Summary This release introduces a number of new type/providers, to eventually replace the database_ ones. The module has been converted to call the new providers rather than the previous ones as they have a number of fixes, additional options, and work with puppet resource. This 1.0.0 release precedes a large refactoring that will be released almost immediately after as 2.0.0. #### Features - Added mysql_grant, mysql_database, and mysql_user. - Add `mysql::bindings` class and refactor all other bindings to be contained underneath mysql::bindings:: namespace. - Added support to back up specified databases only with 'mysqlbackup' parameter. - Add option to mysql::backup to set the backup script to perform a mysqldump on each database to its own file #### Bugfixes - Update my.cnf.pass.erb to allow custom socket support - Add environment variable for .my.cnf in mysql::db. - Add HOME environment variable for .my.cnf to mysqladmin command when (re)setting root password --- ## 2013-07-15 - Version 0.9.0 #### Features - Add `mysql::backup::backuprotate` parameter - Add `mysql::backup::delete_before_dump` parameter - Add `max_user_connections` attribute to `database_user` type #### Bugfixes - Add client package dependency for `mysql::db` - Remove duplicate `expire_logs_days` and `max_binlog_size` settings - Make root's `.my.cnf` file path dynamic - Update pidfile path for Suse variants - Fixes for lint ## 2013-07-05 - Version 0.8.1 #### Bugfixes - Fix a typo in the Fedora 19 support. ## 2013-07-01 - Version 0.8.0 #### Features - mysql::perl class to install perl-DBD-mysql. - minor improvements to the providers to improve reliability - Install the MariaDB packages on Fedora 19 instead of MySQL. - Add new `mysql` class parameters: - `max_connections`: The maximum number of allowed connections. - `manage_config_file`: Opt out of puppetized control of my.cnf. - `ft_min_word_len`: Fine tune the full text search. - `ft_max_word_len`: Fine tune the full text search. - Add new `mysql` class performance tuning parameters: - `key_buffer` - `thread_stack` - `thread_cache_size` - `myisam-recover` - `query_cache_limit` - `query_cache_size` - `max_connections` - `tmp_table_size` - `table_open_cache` - `long_query_time` - Add new `mysql` class replication parameters: - `server_id` - `sql_log_bin` - `log_bin` - `max_binlog_size` - `binlog_do_db` - `expire_logs_days` - `log_bin_trust_function_creators` - `replicate_ignore_table` - `replicate_wild_do_table` - `replicate_wild_ignore_table` - `expire_logs_days` - `max_binlog_size` #### Bugfixes - No longer restart MySQL when /root/.my.cnf changes. - Ensure mysql::config runs before any mysql::db defines. ## 2013-06-26 - Version 0.7.1 #### Bugfixes - Single-quote password for special characters - Update travis testing for puppet 3.2.x and missing Bundler gems ## 2013-06-25 - Version 0.7.0 This is a maintenance release for community bugfixes and exposing configuration variables. * Add new `mysql` class parameters: - `basedir`: The base directory mysql uses - `bind_address`: The IP mysql binds to - `client_package_name`: The name of the mysql client package - `config_file`: The location of the server config file - `config_template`: The template to use to generate my.cnf - `datadir`: The directory MySQL's datafiles are stored - `default_engine`: The default engine to use for tables - `etc_root_password`: Whether or not to add the mysql root password to /etc/my.cnf - `java_package_name`: The name of the java package containing the java connector - `log_error`: Where to log errors - `manage_service`: Boolean dictating if mysql::server should manage the service - `max_allowed_packet`: Maximum network packet size mysqld will accept - `old_root_password`: Previous root user password - `php_package_name`: The name of the phpmysql package to install - `pidfile`: The location mysql will expect the pidfile to be - `port`: The port mysql listens on - `purge_conf_dir`: Value fed to recurse and purge parameters of the /etc/mysql/conf.d resource - `python_package_name`: The name of the python mysql package to install - `restart`: Whether to restart mysqld - `root_group`: Use specified group for root-owned files - `root_password`: The root MySQL password to use - `ruby_package_name`: The name of the ruby mysql package to install - `ruby_package_provider`: The installation suite to use when installing the ruby package - `server_package_name`: The name of the server package to install - `service_name`: The name of the service to start - `service_provider`: The name of the service provider - `socket`: The location of the MySQL server socket file - `ssl_ca`: The location of the SSL CA Cert - `ssl_cert`: The location of the SSL Certificate to use - `ssl_key`: The SSL key to use - `ssl`: Whether or not to enable ssl - `tmpdir`: The directory MySQL's tmpfiles are stored * Deprecate `mysql::package_name` parameter in favor of `mysql::client_package_name` * Fix local variable template deprecation * Fix dependency ordering in `mysql::db` * Fix ANSI quoting in queries * Fix travis support (but still messy) * Fix typos ## 2013-01-11 - Version 0.6.1 * Fix providers when /root/.my.cnf is absent ## 2013-01-09 - Version 0.6.0 * Add `mysql::server::config` define for specific config directives * Add `mysql::php` class for php support * Add `backupcompress` parameter to `mysql::backup` * Add `restart` parameter to `mysql::config` * Add `purge_conf_dir` parameter to `mysql::config` * Add `manage_service` parameter to `mysql::server` * Add syslog logging support via the `log_error` parameter * Add initial SuSE support * Fix remove non-localhost root user when fqdn != hostname * Fix dependency in `mysql::server::monitor` * Fix .my.cnf path for root user and root password * Fix ipv6 support for users * Fix / update various spec tests * Fix typos * Fix lint warnings ## 2012-08-23 - Version 0.5.0 * Add puppetlabs/stdlib as requirement * Add validation for mysql privs in provider * Add `pidfile` parameter to mysql::config * Add `ensure` parameter to mysql::db * Add Amazon linux support * Change `bind_address` parameter to be optional in my.cnf template * Fix quoting root passwords ## 2012-07-24 - Version 0.4.0 * Fix various bugs regarding database names * FreeBSD support * Allow specifying the storage engine * Add a backup class * Add a security class to purge default accounts ## 2012-05-03 - Version 0.3.0 * 14218 Query the database for available privileges * Add mysql::java class for java connector installation * Use correct error log location on different distros * Fix set_mysql_rootpw to properly depend on my.cnf ## 2012-04-11 - Version 0.2.0 ## 2012-03-19 - William Van Hevelingen * (#13203) Add ssl support (f7e0ea5) ## 2012-03-18 - Nan Liu * Travis ci before script needs success exit code. (0ea463b) ## 2012-03-18 - Nan Liu * Fix Puppet 2.6 compilation issues. (9ebbbc4) ## 2012-03-16 - Nan Liu * Add travis.ci for testing multiple puppet versions. (33c72ef) ## 2012-03-15 - William Van Hevelingen * (#13163) Datadir should be configurable (f353fc6) ## 2012-03-16 - Nan Liu * Document create_resources dependency. (558a59c) ## 2012-03-16 - Nan Liu * Fix spec test issues related to error message. (eff79b5) ## 2012-03-16 - Nan Liu * Fix mysql service on Ubuntu. (72da2c5) ## 2012-03-16 - Dan Bode * Add more spec test coverage (55e399d) ## 2012-03-16 - Nan Liu * (#11963) Fix spec test due to path changes. (1700349) ## 2012-03-07 - François Charlier * Add a test to check path for 'mysqld-restart' (b14c7d1) ## 2012-03-07 - François Charlier * Fix path for 'mysqld-restart' (1a9ae6b) ## 2012-03-15 - Dan Bode * Add rspec-puppet tests for mysql::config (907331a) ## 2012-03-15 - Dan Bode * Moved class dependency between sever and config to server (da62ad6) ## 2012-03-14 - Dan Bode * Notify mysql restart from set_mysql_rootpw exec (0832a2c) ## 2012-03-15 - Nan Liu * Add documentation related to osfamily fact. (8265d28) ## 2012-03-14 - Dan Bode * Mention osfamily value in failure message (e472d3b) ## 2012-03-14 - Dan Bode * Fix bug when querying for all database users (015490c) ## 2012-02-09 - Nan Liu * Major refactor of mysql module. (b1f90fd) ## 2012-01-11 - Justin Ellison * Ruby and Python's MySQL libraries are named differently on different distros. (1e926b4) ## 2012-01-11 - Justin Ellison * Per @ghoneycutt, we should fail explicitly and explain why. (09af083) ## 2012-01-11 - Justin Ellison * Removing duplicate declaration (7513d03) ## 2012-01-10 - Justin Ellison * Use socket value from params class instead of hardcoding. (663e97c) ## 2012-01-10 - Justin Ellison * Instead of hardcoding the config file target, pull it from mysql::params (031a47d) ## 2012-01-10 - Justin Ellison * Moved $socket to within the case to toggle between distros. Added a $config_file variable to allow per-distro config file destinations. (360eacd) ## 2012-01-10 - Justin Ellison * Pretty sure this is a bug, 99% of Linux distros out there won't ever hit the default. (3462e6b) ## 2012-02-09 - William Van Hevelingen * Changed the README to use markdown (3b7dfeb) ## 2012-02-04 - Daniel Black * (#12412) mysqltuner.pl update (b809e6f) ## 2011-11-17 - Matthias Pigulla * (#11363) Add two missing privileges to grant: event_priv, trigger_priv (d15c9d1) ## 2011-12-20 - Jeff McCune * (minor) Fixup typos in Modulefile metadata (a0ed6a1) ## 2011-12-19 - Carl Caum * Only notify Exec to import sql if sql is given (0783c74) ## 2011-12-19 - Carl Caum * (#11508) Only load sql_scripts on DB creation (e3b9fd9) ## 2011-12-13 - Justin Ellison * Require not needed due to implicit dependencies (3058feb) ## 2011-12-13 - Justin Ellison * Bug #11375: puppetlabs-mysql fails on CentOS/RHEL (a557b8d) ## 2011-06-03 - Dan Bode - 0.0.1 * initial commit [5.4.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.3.0...5.4.0 [5.3.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.2.1...5.3.0 [5.2.1]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.2.0...5.2.1 [5.2.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.1.0...5.2.0 [5.1.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/5.0.0...5.1.0 [5.0.0]:https://github.com/puppetlabs/puppetlabs-mysql/compare/4.0.1...5.0.0 \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/README.md b/README.md index b6264b2..59aa8da 100644 --- a/README.md +++ b/README.md @@ -1,646 +1,649 @@ # mysql #### Table of Contents 1. [Module Description - What the module does and why it is useful](#module-description) 2. [Setup - The basics of getting started with mysql](#setup) * [Beginning with mysql](#beginning-with-mysql) 3. [Usage - Configuration options and additional functionality](#usage) * [Customize server options](#customize-server-options) * [Create a database](#create-a-database) * [Customize configuration](#customize-configuration) * [Work with an existing server](#work-with-an-existing-server) * [Specify passwords](#specify-passwords) * [Install Percona server on CentOS](#install-percona-server-on-centos) * [Install MariaDB on Ubuntu](#install-mariadb-on-ubuntu) * [Install Plugins](#install-plugins) * [Use Percona XtraBackup](#use-percona-xtrabackup) 4. [Reference - An under-the-hood peek at what the module is doing and how](REFERENCE.md) 5. [Limitations - OS compatibility, etc.](#limitations) 6. [Development - Guide for contributing to the module](#development) ## Module Description The mysql module installs, configures, and manages the MySQL service. This module manages both the installation and configuration of MySQL, as well as extending Puppet to allow management of MySQL resources, such as databases, users, and grants. ## Setup ### Beginning with mysql To install a server with the default options: -`include '::mysql::server'`. +`include mysql::server`. To customize options, such as the root password or `/etc/my.cnf` settings, you must also pass in an override hash: ```puppet -class { '::mysql::server': +class { 'mysql::server': root_password => 'strongpassword', remove_default_accounts => true, restart => true, - override_options => $override_options + override_options => $override_options, } ``` Nota bene: Configuration changes will only be applied to the running MySQL server if you pass true as restart to mysql::server. See [**Customize Server Options**](#customize-server-options) below for examples of the hash structure for $override_options. ## Usage All interaction for the server is done via `mysql::server`. To install the client, use `mysql::client`. To install bindings, use `mysql::bindings`. ### Customize server options To define server options, structure a hash structure of overrides in `mysql::server`. This hash resembles a hash in the my.cnf file: ```puppet $override_options = { 'section' => { 'item' => 'thing', - } + }, } ``` For options that you would traditionally represent in this format: -``` +```ini [section] thing = X ``` Entries can be created as `thing => true`, `thing => value`, or `thing => ""` in the hash. Alternatively, you can pass an array as `thing => ['value', 'value2']` or list each `thing => value` separately on individual lines. You can pass a variable in the hash without setting a value for it; the variable would then use MySQL's default settings. To exclude an option from the `my.cnf` file --- for example, when using `override_options` to revert to a default value --- pass `thing => undef`. If an option needs multiple instances, pass an array. For example, ```puppet $override_options = { 'mysqld' => { 'replicate-do-db' => ['base1', 'base2'], - } + }, } ``` produces -```puppet +```ini [mysqld] replicate-do-db = base1 replicate-do-db = base2 ``` To implement version specific parameters, specify the version, such as [mysqld-5.5]. This allows one config for different versions of MySQL. If you don’t want to use the default configuration, you can also supply your options to the `$options` parameter instead of `$override_options`. Please note that `$options` and `$override_options` are mutually exclusive, you can only use one of them. ### Create a database To create a database with a user and some assigned privileges: ```puppet mysql::db { 'mydb': user => 'myuser', password => 'mypass', host => 'localhost', grant => ['SELECT', 'UPDATE'], } ``` To use a different resource name with exported resources: ```puppet @@mysql::db { "mydb_${fqdn}": user => 'myuser', password => 'mypass', dbname => 'mydb', host => ${fqdn}, grant => ['SELECT', 'UPDATE'], tag => $domain, } ``` Then you can collect it on the remote DB server: ```puppet Mysql::Db <<| tag == $domain |>> ``` If you set the sql parameter to a file when creating a database, the file is imported into the new database. For large sql files, increase the `import_timeout` parameter, which defaults to 300 seconds. If you have installed the mysql client in a non standard bin/sbin path you can set this with `mysql_exec_path` . ```puppet mysql::db { 'mydb': - user => 'myuser', - password => 'mypass', - host => 'localhost', - grant => ['SELECT', 'UPDATE'], - sql => '/path/to/sqlfile.gz', - import_cat_cmd => 'zcat', - import_timeout => 900, - mysql_exec_path => '/opt/rh/rh-myql57/root/bin' + user => 'myuser', + password => 'mypass', + host => 'localhost', + grant => ['SELECT', 'UPDATE'], + sql => '/path/to/sqlfile.gz', + import_cat_cmd => 'zcat', + import_timeout => 900, + mysql_exec_path => '/opt/rh/rh-myql57/root/bin', } ``` ### Customize configuration To add custom MySQL configuration, place additional files into `includedir`. This allows you to override settings or add additional ones, which is helpful if you don't use `override_options` in `mysql::server`. The `includedir` location is by default set to `/etc/mysql/conf.d`. +### Managing Root Passwords + +If you want the password managed by puppet for `127.0.0.1` and `::1` as an end user you would need to explicitly manage them with additional manifest entries. For example: + +```puppet +mysql_user { '[root@127.0.0.1]': + ensure => present, + password_hash => mysql::password($mysql::server::root_password), +} + +mysql_user { 'root@::1': + ensure => present, + password_hash => mysql::password($mysql::server::root_password), +} +``` + +**Note:** This module is not designed to carry out additional DNS and aliasing. + ### Work with an existing server To instantiate databases and users on an existing MySQL server, you need a `.my.cnf` file in `root`'s home directory. This file must specify the remote server address and credentials. For example: -```puppet +```ini [client] user=root host=localhost password=secret ``` This module uses the `mysqld_version` fact to discover the server version being used. By default, this is set to the output of `mysqld -V`. If you're working with a remote MySQL server, you may need to set a custom fact for `mysqld_version` to ensure correct behaviour. When working with a remote server, do *not* use the `mysql::server` class in your Puppet manifests. ### Specify passwords In addition to passing passwords as plain text, you can input them as hashes. For example: ```puppet mysql::db { 'mydb': user => 'myuser', password => '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4', host => 'localhost', grant => ['SELECT', 'UPDATE'], } ``` If required, the password can also be an empty string to allow connections without an password. ### Create login paths This feature works only for the MySQL Community Edition >= 5.6.6. A login path is a set of options (host, user, password, port and socket) that specify which MySQL server to connect to and which account to authenticate as. The authentication credentials and the other options are stored in an encrypted login file named .mylogin.cnf typically under the users home directory. More information about MySQL login paths: https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html. -Some example for login paths: +Some example for login paths: + ```puppet mysql_login_path { 'client': owner => root, host => 'localhost', user => 'root', password => Sensitive('secure'), socket => '/var/run/mysqld/mysqld.sock', ensure => present, } mysql_login_path { 'remote_db': owner => root, host => '10.0.0.1', user => 'network', password => Sensitive('secure'), port => 3306, ensure => present, } ``` See examples/mysql_login_path.pp for further examples. ### Install Percona server on CentOS This example shows how to do a minimal installation of a Percona server on a CentOS system. This sets up the Percona server, client, and bindings (including Perl and Python bindings). You can customize this usage and update the version as needed. This usage has been tested on Puppet 4.4, 5.5 and 6.3.0 / CentOS 7 / Percona Server 5.7. **Note:** The installation of the yum repository is not part of this package and is here only to show a full example of how you can install. ```puppet yumrepo { 'percona': descr => 'CentOS $releasever - Percona', baseurl => 'http://repo.percona.com/percona/yum/release/$releasever/RPMS/$basearch', gpgkey => 'https://repo.percona.com/yum/PERCONA-PACKAGING-KEY', enabled => 1, gpgcheck => 1, } -class {'mysql::server': +class { 'mysql::server': package_name => 'Percona-Server-server-57', service_name => 'mysql', config_file => '/etc/my.cnf', includedir => '/etc/my.cnf.d', root_password => 'PutYourOwnPwdHere', override_options => { mysqld => { log-error => '/var/log/mysqld.log', pid-file => '/var/run/mysqld/mysqld.pid', }, mysqld_safe => { log-error => '/var/log/mysqld.log', }, - } + }, } # Note: Installing Percona-Server-server-57 also installs Percona-Server-client-57. # This shows how to install the Percona MySQL client on its own -class {'mysql::client': - package_name => 'Percona-Server-client-57' +class { 'mysql::client': + package_name => 'Percona-Server-client-57', } # These packages are normally installed along with Percona-Server-server-57 # If you needed to install the bindings, however, you could do so with this code class { 'mysql::bindings': - client_dev_package_name => 'Percona-Server-shared-57', - client_dev => true, - daemon_dev_package_name => 'Percona-Server-devel-57', - daemon_dev => true, - perl_enable => true, - perl_package_name => 'perl-DBD-MySQL', - python_enable => true, - python_package_name => 'MySQL-python', + client_dev_package_name => 'Percona-Server-shared-57', + client_dev => true, + daemon_dev_package_name => 'Percona-Server-devel-57', + daemon_dev => true, + perl_enable => true, + perl_package_name => 'perl-DBD-MySQL', + python_enable => true, + python_package_name => 'MySQL-python', } # Dependencies definition Yumrepo['percona']-> Class['mysql::server'] Yumrepo['percona']-> Class['mysql::client'] Yumrepo['percona']-> Class['mysql::bindings'] ``` ### Install MariaDB on Ubuntu #### Optional: Install the MariaDB official repo In this example, we'll use the latest stable (currently 10.3) from the official MariaDB repository, not the one from the distro repository. You could instead use the package from the Ubuntu repository. Make sure you use the repository corresponding to the version you want. **Note:** `sfo1.mirrors.digitalocean.com` is one of many mirrors available. You can use any official mirror. ```puppet include apt apt::source { 'mariadb': location => 'http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.3/ubuntu', - release => $::lsbdistcodename, + release => $::facts['os']['codename'], repos => 'main', key => { id => '177F4010FE56CA3336300305F1656F24C74CD1D8', server => 'hkp://keyserver.ubuntu.com:80', }, include => { src => false, deb => true, }, } ``` #### Install the MariaDB server This example shows MariaDB server installation on Ubuntu Xenial. Adjust the version and the parameters of `my.cnf` as needed. All parameters of the `my.cnf` can be defined using the `override_options` parameter. The folders `/var/log/mysql` and `/var/run/mysqld` are created automatically, but if you are using other custom folders, they should exist as prerequisites for this code. All the values set here are an example of a working minimal configuration. Specify the version of the package you want with the `package_ensure` parameter. ```puppet -class {'::mysql::server': +class { 'mysql::server': package_name => 'mariadb-server', package_ensure => '1:10.3.21+maria~xenial', service_name => 'mysqld', root_password => 'AVeryStrongPasswordUShouldEncrypt!', override_options => { mysqld => { 'log-error' => '/var/log/mysql/mariadb.log', 'pid-file' => '/var/run/mysqld/mysqld.pid', }, mysqld_safe => { 'log-error' => '/var/log/mysql/mariadb.log', }, - } + }, } # Dependency management. Only use that part if you are installing the repository # as shown in the Preliminary step of this example. Apt::Source['mariadb'] ~> Class['apt::update'] -> -Class['::mysql::server'] +Class['mysql::server'] ``` #### Install the MariaDB client This example shows how to install the MariaDB client and all of the bindings at once. You can do this installation separately from the server installation. Specify the version of the package you want with the `package_ensure` parameter. ```puppet -class {'::mysql::client': +class { 'mysql::client': package_name => 'mariadb-client', package_ensure => '1:10.3.21+maria~xenial', bindings_enable => true, } # Dependency management. Only use that part if you are installing the repository as shown in the Preliminary step of this example. Apt::Source['mariadb'] ~> Class['apt::update'] -> -Class['::mysql::client'] +Class['mysql::client'] ``` ### Install MySQL Community server on CentOS You can install MySQL Community Server on CentOS using the mysql module and Hiera. This example was tested with the following versions: * MySQL Community Server 5.6 * Centos 7.3 * Puppet 3.8.7 using Hiera * puppetlabs-mysql module v3.9.0 In Puppet: ```puppet -include ::mysql::server +include mysql::server create_resources(yumrepo, hiera('yumrepo', {})) Yumrepo['repo.mysql.com'] -> Anchor['mysql::server::start'] Yumrepo['repo.mysql.com'] -> Package['mysql_client'] create_resources(mysql::db, hiera('mysql::server::db', {})) ``` In Hiera: ```yaml --- # Centos 7.3 yumrepo: 'repo.mysql.com': baseurl: "http://repo.mysql.com/yum/mysql-5.6-community/el/%{::operatingsystemmajrelease}/$basearch/" descr: 'repo.mysql.com' enabled: 1 gpgcheck: true gpgkey: 'http://repo.mysql.com/RPM-GPG-KEY-mysql' mysql::client::package_name: "mysql-community-client" # required for proper MySQL installation mysql::server::package_name: "mysql-community-server" # required for proper MySQL installation mysql::server::package_ensure: 'installed' # do not specify version here, unfortunately yum fails with error that package is already installed mysql::server::root_password: "change_me_i_am_insecure" mysql::server::manage_config_file: true mysql::server::service_name: 'mysqld' # required for puppet module mysql::server::override_options: 'mysqld': 'bind-address': '127.0.0.1' 'log-error': '/var/log/mysqld.log' # required for proper MySQL installation 'mysqld_safe': 'log-error': '/var/log/mysqld.log' # required for proper MySQL installation # create database + account with access, passwords are not encrypted mysql::server::db: "dev": user: "dev" password: "devpass" host: "127.0.0.1" grant: - "ALL" ``` ### Install Plugins Plugins can be installed by using the `mysql_plugin` defined type. See `examples/mysql_plugin.pp` for futher examples. ### Use Percona XtraBackup This example shows how to configure MySQL backups with Percona XtraBackup. This sets up a weekly cronjob to perform a full backup and additional daily cronjobs for incremental backups. Each backup will create a new directory. A cleanup job will automatically remove backups that are older than 15 days. ```puppet yumrepo { 'percona': descr => 'CentOS $releasever - Percona', baseurl => 'http://repo.percona.com/release/$releasever/RPMS/$basearch', gpgkey => 'https://www.percona.com/downloads/RPM-GPG-KEY-percona https://repo.percona.com/yum/PERCONA-PACKAGING-KEY', enabled => 1, gpgcheck => 1, } class { 'mysql::server::backup': backupuser => 'myuser', backuppassword => 'mypassword', backupdir => '/tmp/backups', provider => 'xtrabackup', backuprotate => 15, execpath => '/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin', time => ['23', '15'], } ``` If the daily or weekly backup was successful, then the empty file `/tmp/mysqlbackup_success` is created, which makes it easy to monitor the status of the database backup. After two weeks the backup directory should look similar to the example below. ``` /tmp/backups/2019-11-10_full /tmp/backups/2019-11-11_23-15-01 /tmp/backups/2019-11-13_23-15-01 /tmp/backups/2019-11-13_23-15-02 /tmp/backups/2019-11-14_23-15-01 /tmp/backups/2019-11-15_23-15-02 /tmp/backups/2019-11-16_23-15-01 /tmp/backups/2019-11-17_full /tmp/backups/2019-11-18_23-15-01 /tmp/backups/2019-11-19_23-15-01 /tmp/backups/2019-11-20_23-15-02 /tmp/backups/2019-11-21_23-15-01 /tmp/backups/2019-11-22_23-15-02 /tmp/backups/2019-11-23_23-15-01 ``` A drawback of using incremental backups is the need to keep at least 7 days of backups, otherwise the full backups is removed early and consecutive incremental backups will fail. Furthermore an incremental backups becomes obsolete once the required full backup was removed. The next example uses XtraBackup with incremental backups disabled. In this case the daily cronjob will always perform a full backup. ```puppet class { 'mysql::server::backup': backupuser => 'myuser', backuppassword => 'mypassword', backupdir => '/tmp/backups', provider => 'xtrabackup', incremental_backups => false, backuprotate => 5, execpath => '/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin', time => ['23', '15'], } ``` ## Reference ### Classes #### Public classes * [`mysql::server`](#mysqlserver): Installs and configures MySQL. -* [`mysql::server::monitor`](#mysqlservermonitor): Sets up a monitoring user. -* [`mysql::server::mysqltuner`](#mysqlservermysqltuner): Installs MySQL tuner script. * [`mysql::server::backup`](#mysqlserverbackup): Sets up MySQL backups via cron. * [`mysql::bindings`](#mysqlbindings): Installs various MySQL language bindings. * [`mysql::client`](#mysqlclient): Installs MySQL client (for non-servers). #### Private classes * `mysql::server::install`: Installs packages. * `mysql::server::installdb`: Implements setup of mysqld data directory (e.g. /var/lib/mysql) * `mysql::server::config`: Configures MYSQL. * `mysql::server::service`: Manages service. * `mysql::server::account_security`: Deletes default MySQL accounts. * `mysql::server::root_password`: Sets MySQL root password. * `mysql::server::providers`: Creates users, grants, and databases. * `mysql::bindings::client_dev`: Installs MySQL client development package. * `mysql::bindings::daemon_dev`: Installs MySQL daemon development package. * `mysql::bindings::java`: Installs Java bindings. * `mysql::bindings::perl`: Installs Perl bindings. * `mysql::bindings::php`: Installs PHP bindings. * `mysql::bindings::python`: Installs Python bindings. * `mysql::bindings::ruby`: Installs Ruby bindings. * `mysql::client::install`: Installs MySQL client. * `mysql::backup::mysqldump`: Implements mysqldump backups. * `mysql::backup::mysqlbackup`: Implements backups with Oracle MySQL Enterprise Backup. * `mysql::backup::xtrabackup`: Implements backups with XtraBackup from Percona or Mariabackup. ### Parameters #### mysql::server ##### `create_root_user` Whether root user should be created. Valid values are `true`, `false`. Defaults to `true`. This is useful for a cluster setup with Galera. The root user has to be created only once. You can set this parameter true on one node and set it to false on the remaining nodes. ##### `create_root_my_cnf` Whether to create `/root/.my.cnf`. Valid values are `true`, `false`. Defaults to `true`. `create_root_my_cnf` allows creation of `/root/.my.cnf` independently of `create_root_user`. You can use this for a cluster setup with Galera where you want `/root/.my.cnf` to exist on all nodes. ##### `root_password` The MySQL root password. Puppet attempts to set the root password and update `/root/.my.cnf` with it. This is required if `create_root_user` or `create_root_my_cnf` are true. If `root_password` is 'UNSET', then `create_root_user` and `create_root_my_cnf` are assumed to be false --- that is, the MySQL root user and `/root/.my.cnf` are not created. Password changes are supported; however, the old password must be set in `/root/.my.cnf`. Effectively, Puppet uses the old password, configured in `/root/my.cnf`, to set the new password in MySQL, and then updates `/root/.my.cnf` with the new password. ##### `old_root_password` This parameter no longer does anything. It exists only for backwards compatibility. See the `root_password` parameter above for details on changing the root password. ##### `create_root_login_file` Whether to create `/root/.mylogin.cnf` when using mysql 5.6.6+. Valid values are `true`, `false`. Defaults to `false`. `create_root_login_file` will put a copy of your existing `.mylogin.cnf` in the `/root/.mylogin.cnf` location. When set to 'true', this option also requires the `login_file` option. The `login_file` option is required when set to true. #### `login_file` Whether to put the `/root/.mylogin.cnf` in place. You need to create the `.mylogin.cnf` file with `mysql_config_editor`, this tool comes with mysql 5.6.6+. The created .mylogin.cnf needs to be put under files in your module, see example below on how to use this. When the `/root/.mylogin.cnf` exists the environment variable `MYSQL_TEST_LOGIN_FILE` will be set. This is required if `create_root_user` and `create_root_login_file` are true. If `root_password` is 'UNSET', then `create_root_user` and `create_root_login_file` are assumed to be false --- that is, the MySQL root user and `/root/.mylogin.cnf` are not created. ```puppet -class { '::mysql::server': -root_password => 'password', -create_root_my_cnf => false, -create_root_login_file => true, -login_file => "puppet:///modules/${module_name}/mylogin.cnf", +class { 'mysql::server': + root_password => 'password', + create_root_my_cnf => false, + create_root_login_file => true, + login_file => 'puppet:///modules/${module_name}/mylogin.cnf', } ``` ##### `override_options` Specifies override options to pass into MySQL. Structured like a hash in the my.cnf file: ```puppet class { 'mysql::server': root_password => 'password' } mysql_plugin { 'auth_pam': ensure => present, soname => 'auth_pam.so', } ``` ### Tasks The MySQL module has an example task that allows a user to execute arbitary SQL against a database. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task. ## Limitations -For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-mysql/blob/master/metadata.json) +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-mysql/blob/main/metadata.json) **Note:** The mysqlbackup.sh does not work and is not supported on MySQL 5.7 and greater. ## Development -We are experimenting with a new tool for running acceptance tests. Its name is [puppet_litmus](https://github.com/puppetlabs/puppet_litmus) this replaces beaker as the test runner. To run the acceptance tests follow the instructions from this point [here](https://github.com/puppetlabs/puppet_litmus/wiki/Tutorial:-use-Litmus-to-execute-acceptance-tests-with-a-sample-module-(MoTD)#install-the-necessary-gems-for-the-module). +We are experimenting with a new tool for running acceptance tests. Its name is [puppet_litmus](https://github.com/puppetlabs/puppet_litmus) this replaces beaker as the test runner. To run the acceptance tests follow the [instructions](https://puppetlabs.github.io/litmus/Running-acceptance-tests.html) from the Litmus documentation. Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. Check out our the complete [module contribution guide](https://puppet.com/docs/puppet/latest/contributing.html). ### Authors -This module is based on work by David Schmitt. The following contributors have contributed to this module (beyond Puppet Labs): - -* Larry Ludwig -* Christian G. Warden -* Daniel Black -* Justin Ellison -* Lowe Schmidt -* Matthias Pigulla -* William Van Hevelingen -* Michael Arnold -* Chris Weyl -* Daniël van Eeden -* Jan-Otto Kröpke -* Timothy Sven Nelson -* Andreas Stürz +This module is based on work by David Schmitt. Thank you to all of our [contributors](https://github.com/puppetlabs/puppetlabs-mysql/graphs/contributors). diff --git a/REFERENCE.md b/REFERENCE.md index 9cd445b..2718f38 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,1613 +1,1696 @@ # Reference ## Table of Contents ### Classes #### Public Classes * [`mysql::bindings`](#mysqlbindings): Parent class for MySQL bindings. * [`mysql::client`](#mysqlclient): Installs and configures the MySQL client. * [`mysql::server`](#mysqlserver): Installs and configures the MySQL server. * [`mysql::server::backup`](#mysqlserverbackup): Create and manage a MySQL backup. -* [`mysql::server::monitor`](#mysqlservermonitor): This is a helper class to add a monitoring user to the database -* [`mysql::server::mysqltuner`](#mysqlservermysqltuner): Manage the MySQLTuner package. #### Private Classes * `mysql::backup::mysqlbackup`: Manage the mysqlbackup client. * `mysql::backup::mysqldump`: "Provider" for mysqldump * `mysql::backup::xtrabackup`: "Provider" for Percona XtraBackup/MariaBackup * `mysql::bindings::client_dev`: Private class for installing client development bindings * `mysql::bindings::daemon_dev`: Private class for installing daemon development bindings * `mysql::bindings::java`: Private class for installing java language bindings. * `mysql::bindings::perl`: Private class for installing perl language bindings. * `mysql::bindings::php`: Private class for installing php language bindings * `mysql::bindings::python`: Private class for installing python language bindings * `mysql::bindings::ruby`: Private class for installing ruby language bindings * `mysql::client::install`: Private class for MySQL client install. * `mysql::params`: Params class. * `mysql::server::account_security`: Private class for ensuring localhost accounts do not exist * `mysql::server::config`: Private class for MySQL server configuration. * `mysql::server::install`: Private class for managing MySQL package. * `mysql::server::installdb`: Builds initial databases on installation. * `mysql::server::managed_dirs`: Binary log configuration requires the mysql user to be present. This must be done after package install. * `mysql::server::providers`: Convenience class to call each of the three providers with the corresponding hashes provided in mysql::server. * `mysql::server::root_password`: Private class for managing the root password * `mysql::server::service`: Private class for managing the MySQL service ### Defined types * [`mysql::db`](#mysqldb): Create and configure a MySQL database. ### Resource types #### Public Resource types * [`mysql_grant`](#mysql_grant): @summary Manage a MySQL user's rights. * [`mysql_login_path`](#mysql_login_path): Manage a MySQL login path. * [`mysql_plugin`](#mysql_plugin): Manage MySQL plugins. * [`mysql_user`](#mysql_user): @summary Manage a MySQL user. This includes management of users password as well as privileges. #### Private Resource types * `mysql_database`: Manage a MySQL database. * `mysql_datadir`: Manage MySQL datadirs with mysql_install_db OR mysqld (5.7.6 and above). ### Functions -* [`mysql::normalise_and_deepmerge`](#mysqlnormalise_and_deepmerge): Recursively merges two or more hashes together, normalises keys with differing use of dashesh and underscores, -then returns the resulting hash. +* [`mysql::normalise_and_deepmerge`](#mysqlnormalise_and_deepmerge): Recursively merges two or more hashes together, normalises keys with differing use of dashes and underscores. * [`mysql::password`](#mysqlpassword): Hash a string as mysql's "PASSWORD()" function would do it * [`mysql::strip_hash`](#mysqlstrip_hash): When given a hash this function strips out all blank entries. * [`mysql_password`](#mysql_password): DEPRECATED. Use the namespaced function [`mysql::password`](#mysqlpassword) instead. ### Data types -* [`Mysql::Options`](#mysqloptions) +* [`Mysql::Options`](#mysqloptions): A hash of options structured like the override_options, but not merged with the default options. ### Tasks * [`export`](#export): Allows you to backup your database to local file. * [`sql`](#sql): Allows you to execute arbitary SQL ## Classes -### `mysql::bindings` +### `mysql::bindings` Parent class for MySQL bindings. #### Examples ##### Install Ruby language bindings ```puppet class { 'mysql::bindings': ruby_enable => true, ruby_package_ensure => 'present', ruby_package_name => 'ruby-mysql-2.7.1-1mdv2007.0.sparc.rpm', ruby_package_provider => 'rpm', } ``` #### Parameters -The following parameters are available in the `mysql::bindings` class. - -##### `install_options` +The following parameters are available in the `mysql::bindings` class: + +* [`install_options`](#install_options) +* [`java_enable`](#java_enable) +* [`perl_enable`](#perl_enable) +* [`php_enable`](#php_enable) +* [`python_enable`](#python_enable) +* [`ruby_enable`](#ruby_enable) +* [`client_dev`](#client_dev) +* [`daemon_dev`](#daemon_dev) +* [`java_package_ensure`](#java_package_ensure) +* [`java_package_name`](#java_package_name) +* [`java_package_provider`](#java_package_provider) +* [`perl_package_ensure`](#perl_package_ensure) +* [`perl_package_name`](#perl_package_name) +* [`perl_package_provider`](#perl_package_provider) +* [`php_package_ensure`](#php_package_ensure) +* [`php_package_name`](#php_package_name) +* [`php_package_provider`](#php_package_provider) +* [`python_package_ensure`](#python_package_ensure) +* [`python_package_name`](#python_package_name) +* [`python_package_provider`](#python_package_provider) +* [`ruby_package_ensure`](#ruby_package_ensure) +* [`ruby_package_name`](#ruby_package_name) +* [`ruby_package_provider`](#ruby_package_provider) +* [`client_dev_package_ensure`](#client_dev_package_ensure) +* [`client_dev_package_name`](#client_dev_package_name) +* [`client_dev_package_provider`](#client_dev_package_provider) +* [`daemon_dev_package_ensure`](#daemon_dev_package_ensure) +* [`daemon_dev_package_name`](#daemon_dev_package_name) +* [`daemon_dev_package_provider`](#daemon_dev_package_provider) + +##### `install_options` Data type: `Any` Passes `install_options` array to managed package resources. You must pass the [appropriate options](https://docs.puppetlabs.com/references/latest/type.html#package-attribute-install_options) for the package manager(s). Default value: ``undef`` -##### `java_enable` +##### `java_enable` Data type: `Any` Specifies whether `::mysql::bindings::java` should be included. Valid values are `true`, `false`. Default value: ``false`` -##### `perl_enable` +##### `perl_enable` Data type: `Any` Specifies whether `mysql::bindings::perl` should be included. Valid values are `true`, `false`. Default value: ``false`` -##### `php_enable` +##### `php_enable` Data type: `Any` Specifies whether `mysql::bindings::php` should be included. Valid values are `true`, `false`. Default value: ``false`` -##### `python_enable` +##### `python_enable` Data type: `Any` Specifies whether `mysql::bindings::python` should be included. Valid values are `true`, `false`. Default value: ``false`` -##### `ruby_enable` +##### `ruby_enable` Data type: `Any` Specifies whether `mysql::bindings::ruby` should be included. Valid values are `true`, `false`. Default value: ``false`` -##### `client_dev` +##### `client_dev` Data type: `Any` Specifies whether `::mysql::bindings::client_dev` should be included. Valid values are `true`', `false`. Default value: ``false`` -##### `daemon_dev` +##### `daemon_dev` Data type: `Any` Specifies whether `::mysql::bindings::daemon_dev` should be included. Valid values are `true`, `false`. Default value: ``false`` -##### `java_package_ensure` +##### `java_package_ensure` Data type: `Any` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `java_enable => true`. Default value: `$mysql::params::java_package_ensure` -##### `java_package_name` +##### `java_package_name` Data type: `Any` The name of the Java package to install. Only applies if `java_enable => true`. Default value: `$mysql::params::java_package_name` -##### `java_package_provider` +##### `java_package_provider` Data type: `Any` The provider to use to install the Java package. Only applies if `java_enable => true`. Default value: `$mysql::params::java_package_provider` -##### `perl_package_ensure` +##### `perl_package_ensure` Data type: `Any` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `perl_enable => true`. Default value: `$mysql::params::perl_package_ensure` -##### `perl_package_name` +##### `perl_package_name` Data type: `Any` The name of the Perl package to install. Only applies if `perl_enable => true`. Default value: `$mysql::params::perl_package_name` -##### `perl_package_provider` +##### `perl_package_provider` Data type: `Any` The provider to use to install the Perl package. Only applies if `perl_enable => true`. Default value: `$mysql::params::perl_package_provider` -##### `php_package_ensure` +##### `php_package_ensure` Data type: `Any` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `php_enable => true`. Default value: `$mysql::params::php_package_ensure` -##### `php_package_name` +##### `php_package_name` Data type: `Any` The name of the PHP package to install. Only applies if `php_enable => true`. Default value: `$mysql::params::php_package_name` -##### `php_package_provider` +##### `php_package_provider` Data type: `Any` The provider to use to install the PHP package. Only applies if `php_enable => true`. Default value: `$mysql::params::php_package_provider` -##### `python_package_ensure` +##### `python_package_ensure` Data type: `Any` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `python_enable => true`. Default value: `$mysql::params::python_package_ensure` -##### `python_package_name` +##### `python_package_name` Data type: `Any` The name of the Python package to install. Only applies if `python_enable => true`. Default value: `$mysql::params::python_package_name` -##### `python_package_provider` +##### `python_package_provider` Data type: `Any` The provider to use to install the Python package. Only applies if `python_enable => true`. Default value: `$mysql::params::python_package_provider` -##### `ruby_package_ensure` +##### `ruby_package_ensure` Data type: `Any` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `ruby_enable => true`. Default value: `$mysql::params::ruby_package_ensure` -##### `ruby_package_name` +##### `ruby_package_name` Data type: `Any` The name of the Ruby package to install. Only applies if `ruby_enable => true`. Default value: `$mysql::params::ruby_package_name` -##### `ruby_package_provider` +##### `ruby_package_provider` Data type: `Any` What provider should be used to install the package. Default value: `$mysql::params::ruby_package_provider` -##### `client_dev_package_ensure` +##### `client_dev_package_ensure` Data type: `Any` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `client_dev => true`. Default value: `$mysql::params::client_dev_package_ensure` -##### `client_dev_package_name` +##### `client_dev_package_name` Data type: `Any` The name of the client_dev package to install. Only applies if `client_dev => true`. Default value: `$mysql::params::client_dev_package_name` -##### `client_dev_package_provider` +##### `client_dev_package_provider` Data type: `Any` The provider to use to install the client_dev package. Only applies if `client_dev => true`. Default value: `$mysql::params::client_dev_package_provider` -##### `daemon_dev_package_ensure` +##### `daemon_dev_package_ensure` Data type: `Any` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `daemon_dev => true`. Default value: `$mysql::params::daemon_dev_package_ensure` -##### `daemon_dev_package_name` +##### `daemon_dev_package_name` Data type: `Any` The name of the daemon_dev package to install. Only applies if `daemon_dev => true`. Default value: `$mysql::params::daemon_dev_package_name` -##### `daemon_dev_package_provider` +##### `daemon_dev_package_provider` Data type: `Any` The provider to use to install the daemon_dev package. Only applies if `daemon_dev => true`. Default value: `$mysql::params::daemon_dev_package_provider` -### `mysql::client` +### `mysql::client` Installs and configures the MySQL client. #### Examples ##### Install the MySQL client ```puppet class {'::mysql::client': package_name => 'mysql-client', package_ensure => 'present', bindings_enable => true, } ``` #### Parameters -The following parameters are available in the `mysql::client` class. +The following parameters are available in the `mysql::client` class: + +* [`bindings_enable`](#bindings_enable) +* [`install_options`](#install_options) +* [`package_ensure`](#package_ensure) +* [`package_manage`](#package_manage) +* [`package_name`](#package_name) +* [`package_provider`](#package_provider) +* [`package_source`](#package_source) -##### `bindings_enable` +##### `bindings_enable` Data type: `Any` Whether to automatically install all bindings. Valid values are `true`, `false`. Default to `false`. Default value: `$mysql::params::bindings_enable` -##### `install_options` +##### `install_options` Data type: `Any` Array of install options for managed package resources. You must pass the appropriate options for the package manager. Default value: ``undef`` -##### `package_ensure` +##### `package_ensure` Data type: `Any` Whether the MySQL package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Default value: `$mysql::params::client_package_ensure` -##### `package_manage` +##### `package_manage` Data type: `Any` Whether to manage the MySQL client package. Defaults to `true`. Default value: `$mysql::params::client_package_manage` -##### `service_name` - -The name of the MySQL server service. Defaults are OS dependent, defined in 'params.pp'. - -##### `service_provider` - -The provider to use to manage the service. For Ubuntu, defaults to 'upstart'; otherwise, default is undefined. - -##### `package_name` +##### `package_name` Data type: `Any` The name of the MySQL client package to install. Default value: `$mysql::params::client_package_name` -##### `package_provider` +##### `package_provider` Data type: `Any` Default value: ``undef`` -##### `package_source` +##### `package_source` Data type: `Any` Default value: ``undef`` -### `mysql::server` +### `mysql::server` Installs and configures the MySQL server. #### Examples ##### Install MySQL Server ```puppet class { '::mysql::server': package_name => 'mysql-server', package_ensure => '5.7.1+mysql~trusty', root_password => 'strongpassword', remove_default_accounts => true, } ``` #### Parameters -The following parameters are available in the `mysql::server` class. - -##### `config_file` +The following parameters are available in the `mysql::server` class: + +* [`config_file`](#config_file) +* [`config_file_mode`](#config_file_mode) +* [`includedir`](#includedir) +* [`install_options`](#install_options) +* [`install_secret_file`](#install_secret_file) +* [`manage_config_file`](#manage_config_file) +* [`options`](#options) +* [`override_options`](#override_options) +* [`package_ensure`](#package_ensure) +* [`package_manage`](#package_manage) +* [`package_name`](#package_name) +* [`package_provider`](#package_provider) +* [`package_source`](#package_source) +* [`purge_conf_dir`](#purge_conf_dir) +* [`remove_default_accounts`](#remove_default_accounts) +* [`restart`](#restart) +* [`root_group`](#root_group) +* [`mysql_group`](#mysql_group) +* [`mycnf_owner`](#mycnf_owner) +* [`mycnf_group`](#mycnf_group) +* [`root_password`](#root_password) +* [`service_enabled`](#service_enabled) +* [`service_manage`](#service_manage) +* [`service_name`](#service_name) +* [`service_provider`](#service_provider) +* [`create_root_user`](#create_root_user) +* [`create_root_my_cnf`](#create_root_my_cnf) +* [`users`](#users) +* [`grants`](#grants) +* [`databases`](#databases) +* [`enabled`](#enabled) +* [`manage_service`](#manage_service) +* [`old_root_password`](#old_root_password) +* [`managed_dirs`](#managed_dirs) +* [`create_root_login_file`](#create_root_login_file) +* [`login_file`](#login_file) + +##### `config_file` Data type: `Any` The location, as a path, of the MySQL configuration file. Default value: `$mysql::params::config_file` -##### `config_file_mode` +##### `config_file_mode` Data type: `Any` The MySQL configuration file's permissions mode. Default value: `$mysql::params::config_file_mode` -##### `includedir` +##### `includedir` Data type: `Any` The location, as a path, of !includedir for custom configuration overrides. Default value: `$mysql::params::includedir` -##### `install_options` +##### `install_options` Data type: `Any` Passes [install_options](https://docs.puppetlabs.com/references/latest/type.html#package-attribute-install_options) array to managed package resources. You must pass the appropriate options for the specified package manager Default value: ``undef`` -##### `install_secret_file` +##### `install_secret_file` Data type: `Any` Path to secret file containing temporary root password. Default value: `$mysql::params::install_secret_file` -##### `manage_config_file` +##### `manage_config_file` Data type: `Any` Whether the MySQL configuration file should be managed. Valid values are `true`, `false`. Defaults to `true`. Default value: `$mysql::params::manage_config_file` -##### `options` +##### `options` Data type: `Mysql::Options` A hash of options structured like the override_options, but not merged with the default options. Use this if you don't want your options merged with the default options. Default value: `{}` -##### `override_options` +##### `override_options` Data type: `Any` Specifies override options to pass into MySQL. Structured like a hash in the my.cnf file: See above for usage details. Default value: `{}` -##### `package_ensure` +##### `package_ensure` Data type: `Any` Whether the package exists or should be a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Defaults to 'present'. Default value: `$mysql::params::server_package_ensure` -##### `package_manage` +##### `package_manage` Data type: `Any` Whether to manage the MySQL server package. Defaults to `true`. Default value: `$mysql::params::server_package_manage` -##### `package_name` +##### `package_name` Data type: `Any` The name of the MySQL server package to install. Default value: `$mysql::params::server_package_name` -##### `package_provider` +##### `package_provider` Data type: `Any` Define a specific provider for package install. Default value: ``undef`` -##### `package_source` +##### `package_source` Data type: `Any` The location of the package source (require for some package provider) Default value: ``undef`` -##### `purge_conf_dir` +##### `purge_conf_dir` Data type: `Any` Whether the `includedir` directory should be purged. Valid values are `true`, `false`. Defaults to `false`. Default value: `$mysql::params::purge_conf_dir` -##### `remove_default_accounts` +##### `remove_default_accounts` Data type: `Any` Specifies whether to automatically include `mysql::server::account_security`. Valid values are `true`, `false`. Defaults to `false`. Default value: ``false`` -##### `restart` +##### `restart` Data type: `Any` Whether the service should be restarted when things change. Valid values are `true`, `false`. Defaults to `false`. Default value: `$mysql::params::restart` -##### `root_group` +##### `root_group` Data type: `Any` The name of the group used for root. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group). Default value: `$mysql::params::root_group` -##### `mysql_group` +##### `mysql_group` Data type: `Any` The name of the group of the MySQL daemon user. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group). Default value: `$mysql::params::mysql_group` -##### `mycnf_owner` +##### `mycnf_owner` Data type: `Any` Name or user-id who owns the mysql-config-file. Default value: `$mysql::params::mycnf_owner` -##### `mycnf_group` +##### `mycnf_group` Data type: `Any` Name or group-id which owns the mysql-config-file. Default value: `$mysql::params::mycnf_group` -##### `root_password` +##### `root_password` -Data type: `Any` +Data type: `Variant[String, Sensitive[String]]` The MySQL root password. Puppet attempts to set the root password and update `/root/.my.cnf` with it. This is required if `create_root_user` or `create_root_my_cnf` are true. If `root_password` is 'UNSET', then `create_root_user` and `create_root_my_cnf` are assumed to be false --- that is, the MySQL root user and `/root/.my.cnf` are not created. Password changes are supported; however, the old password must be set in `/root/.my.cnf`. Effectively, Puppet uses the old password, configured in `/root/my.cnf`, to set the new password in MySQL, and then updates `/root/.my.cnf` with the new password. Default value: `$mysql::params::root_password` -##### `service_enabled` +##### `service_enabled` Data type: `Any` Specifies whether the service should be enabled. Valid values are `true`, `false`. Defaults to `true`. Default value: `$mysql::params::server_service_enabled` -##### `service_manage` +##### `service_manage` Data type: `Any` Specifies whether the service should be managed. Valid values are `true`, `false`. Defaults to `true`. Default value: `$mysql::params::server_service_manage` -##### `service_name` +##### `service_name` Data type: `Any` The name of the MySQL server service. Defaults are OS dependent, defined in 'params.pp'. Default value: `$mysql::params::server_service_name` -##### `service_provider` +##### `service_provider` Data type: `Any` The provider to use to manage the service. For Ubuntu, defaults to 'upstart'; otherwise, default is undefined. Default value: `$mysql::params::server_service_provider` -##### `create_root_user` +##### `create_root_user` Data type: `Any` Whether root user should be created. Valid values are `true`, `false`. Defaults to `true`. This is useful for a cluster setup with Galera. The root user has to be created only once. You can set this parameter true on one node and set it to false on the remaining nodes. Default value: `$mysql::params::create_root_user` -##### `create_root_my_cnf` +##### `create_root_my_cnf` Data type: `Any` Whether to create `/root/.my.cnf`. Valid values are `true`, `false`. Defaults to `true`. `create_root_my_cnf` allows creation of `/root/.my.cnf` independently of `create_root_user`. You can use this for a cluster setup with Galera where you want `/root/.my.cnf` to exist on all nodes. Default value: `$mysql::params::create_root_my_cnf` -##### `users` +##### `users` Data type: `Any` Optional hash of users to create, which are passed to [mysql_user](#mysql_user). Default value: `{}` -##### `grants` +##### `grants` Data type: `Any` Optional hash of grants, which are passed to [mysql_grant](#mysql_grant). Default value: `{}` -##### `databases` +##### `databases` Data type: `Any` Optional hash of databases to create, which are passed to [mysql_database](#mysql_database). Default value: `{}` -##### `enabled` +##### `enabled` Data type: `Any` _Deprecated_ Default value: ``undef`` -##### `manage_service` +##### `manage_service` Data type: `Any` _Deprecated_ Default value: ``undef`` -##### `old_root_password` +##### `old_root_password` Data type: `Any` This parameter no longer does anything. It exists only for backwards compatibility. See the `root_password` parameter above for details on changing the root password. Default value: ``undef`` -##### `managed_dirs` +##### `managed_dirs` Data type: `Any` Default value: `$mysql::params::managed_dirs` -##### `create_root_login_file` +##### `create_root_login_file` Data type: `Any` Default value: `$mysql::params::create_root_login_file` -##### `login_file` +##### `login_file` Data type: `Any` Default value: `$mysql::params::login_file` -### `mysql::server::backup` +### `mysql::server::backup` Create and manage a MySQL backup. #### Examples ##### Create a basic MySQL backup: ```puppet class { 'mysql::server': root_password => 'password' } class { 'mysql::server::backup': backupuser => 'myuser', backuppassword => 'mypassword', backupdir => '/tmp/backups', } class { 'mysql::server::backup': backupmethod => 'mariabackup', provider => 'xtrabackup', backupdir => '/tmp/backups', } ``` #### Parameters -The following parameters are available in the `mysql::server::backup` class. - -##### `backupuser` +The following parameters are available in the `mysql::server::backup` class: + +* [`backupuser`](#backupuser) +* [`backuppassword`](#backuppassword) +* [`backupdir`](#backupdir) +* [`backupdirmode`](#backupdirmode) +* [`backupdirowner`](#backupdirowner) +* [`backupdirgroup`](#backupdirgroup) +* [`backupcompress`](#backupcompress) +* [`backupmethod`](#backupmethod) +* [`backup_success_file_path`](#backup_success_file_path) +* [`backuprotate`](#backuprotate) +* [`ignore_events`](#ignore_events) +* [`delete_before_dump`](#delete_before_dump) +* [`backupdatabases`](#backupdatabases) +* [`file_per_database`](#file_per_database) +* [`include_routines`](#include_routines) +* [`include_triggers`](#include_triggers) +* [`incremental_backups`](#incremental_backups) +* [`ensure`](#ensure) +* [`time`](#time) +* [`prescript`](#prescript) +* [`postscript`](#postscript) +* [`execpath`](#execpath) +* [`provider`](#provider) +* [`maxallowedpacket`](#maxallowedpacket) +* [`optional_args`](#optional_args) +* [`install_cron`](#install_cron) +* [`compression_command`](#compression_command) +* [`compression_extension`](#compression_extension) + +##### `backupuser` Data type: `Any` MySQL user to create with backup administrator privileges. Default value: ``undef`` -##### `backuppassword` +##### `backuppassword` -Data type: `Any` +Data type: `Optional[Variant[String, Sensitive[String]]]` Password to create for `backupuser`. Default value: ``undef`` -##### `backupdir` +##### `backupdir` Data type: `Any` Directory to store backup. Default value: ``undef`` -##### `backupdirmode` +##### `backupdirmode` Data type: `Any` Permissions applied to the backup directory. This parameter is passed directly to the file resource. Default value: `'0700'` -##### `backupdirowner` +##### `backupdirowner` Data type: `Any` Owner for the backup directory. This parameter is passed directly to the file resource. Default value: `'root'` -##### `backupdirgroup` +##### `backupdirgroup` Data type: `Any` Group owner for the backup directory. This parameter is passed directly to the file resource. Default value: `$mysql::params::root_group` -##### `backupcompress` +##### `backupcompress` Data type: `Any` Whether or not to compress the backup (when using the mysqldump or xtrabackup provider) Default value: ``true`` -##### `backupmethod` +##### `backupmethod` Data type: `Any` The execution binary for backing up. ex. mysqldump, xtrabackup, mariabackup Default value: ``undef`` -##### `backup_success_file_path` +##### `backup_success_file_path` Data type: `Any` Specify a path where upon successfull backup a file should be created for checking purposes. Default value: `'/tmp/mysqlbackup_success'` -##### `backuprotate` +##### `backuprotate` Data type: `Any` Backup rotation interval in 24 hour periods. Default value: `30` -##### `ignore_events` +##### `ignore_events` Data type: `Any` Ignore the mysql.event table. Default value: ``true`` -##### `delete_before_dump` +##### `delete_before_dump` Data type: `Any` Whether to delete old .sql files before backing up. Setting to true deletes old files before backing up, while setting to false deletes them after backup. Default value: ``false`` -##### `backupdatabases` +##### `backupdatabases` Data type: `Any` Databases to backup (required if using xtrabackup provider). By default `[]` will back up all databases. Default value: `[]` -##### `file_per_database` +##### `file_per_database` Data type: `Any` Use file per database mode creating one file per database backup. Default value: ``false`` -##### `include_routines` +##### `include_routines` Data type: `Any` Dump stored routines (procedures and functions) from dumped databases when doing a `file_per_database` backup. Default value: ``false`` -##### `include_triggers` +##### `include_triggers` Data type: `Any` Dump triggers for each dumped table when doing a `file_per_database` backup. Default value: ``false`` -##### `incremental_backups` +##### `incremental_backups` Data type: `Any` A flag to activate/deactivate incremental backups. Currently only supported by the xtrabackup provider. Default value: ``true`` -##### `ensure` +##### `ensure` Data type: `Any` Default value: `'present'` -##### `time` +##### `time` Data type: `Any` An array of two elements to set the backup time. Allows ['23', '5'] (i.e., 23:05) or ['3', '45'] (i.e., 03:45) for HH:MM times. Default value: `['23', '5']` -##### `prescript` +##### `prescript` Data type: `Any` A script that is executed before the backup begins. Default value: ``false`` -##### `postscript` +##### `postscript` Data type: `Any` A script that is executed when the backup is finished. This could be used to sync the backup to a central store. This script can be either a single line that is directly executed or a number of lines supplied as an array. It could also be one or more externally managed (executable) files. Default value: ``false`` -##### `execpath` +##### `execpath` Data type: `Any` Allows you to set a custom PATH should your MySQL installation be non-standard places. Defaults to `/usr/bin:/usr/sbin:/bin:/sbin`. Default value: `'/usr/bin:/usr/sbin:/bin:/sbin'` -##### `provider` +##### `provider` Data type: `Any` Sets the server backup implementation. Valid values are: Default value: `'mysqldump'` -##### `maxallowedpacket` +##### `maxallowedpacket` Data type: `Any` Defines the maximum SQL statement size for the backup dump script. The default value is 1MB, as this is the default MySQL Server value. Default value: `'1M'` -##### `optional_args` +##### `optional_args` Data type: `Any` Specifies an array of optional arguments which should be passed through to the backup tool. (Supported by the xtrabackup and mysqldump providers.) Default value: `[]` -##### `install_cron` +##### `install_cron` Data type: `Any` Manage installation of cron package Default value: ``true`` -### `mysql::server::monitor` - -This is a helper class to add a monitoring user to the database - -#### Parameters - -The following parameters are available in the `mysql::server::monitor` class. - -##### `mysql_monitor_username` - -Data type: `Any` - -The username to create for MySQL monitoring. - -Default value: `''` - -##### `mysql_monitor_password` - -Data type: `Any` - -The password to create for MySQL monitoring. - -Default value: `''` - -##### `mysql_monitor_hostname` - -Data type: `Any` - -The hostname from which the monitoring user requests are allowed access. - -Default value: `''` - -### `mysql::server::mysqltuner` - -Manage the MySQLTuner package. - -#### Parameters - -The following parameters are available in the `mysql::server::mysqltuner` class. - -##### `ensure` - -Data type: `Any` - -Ensures that the resource exists. Valid values are 'present', 'absent'. Defaults to 'present'. - -Default value: `'present'` - -##### `version` - -Data type: `Any` - -The version to install from the major/MySQLTuner-perl github repository. Must be a valid tag. Defaults to 'v1.3.0'. - -Default value: `'v1.3.0'` - -##### `source` +##### `compression_command` Data type: `Any` -Source path for the mysqltuner package. +Configure the command used to compress the backup (when using the mysqldump provider). Make sure the command exists +on the target system. Packages for it are NOT automatically installed. Default value: ``undef`` -##### `tuner_location` +##### `compression_extension` Data type: `Any` -Destination for the mysqltuner package. +Configure the file extension for the compressed backup (when using the mysqldump provider) -Default value: `'/usr/local/bin/mysqltuner'` +Default value: ``undef`` ## Defined types -### `mysql::db` +### `mysql::db` Create and configure a MySQL database. #### Examples ##### Create a database ```puppet mysql::db { 'mydb': user => 'myuser', password => 'mypass', host => 'localhost', grant => ['SELECT', 'UPDATE'], } ``` #### Parameters -The following parameters are available in the `mysql::db` defined type. +The following parameters are available in the `mysql::db` defined type: -##### `user` +* [`user`](#user) +* [`password`](#password) +* [`tls_options`](#tls_options) +* [`dbname`](#dbname) +* [`charset`](#charset) +* [`collate`](#collate) +* [`host`](#host) +* [`grant`](#grant) +* [`grant_options`](#grant_options) +* [`sql`](#sql) +* [`enforce_sql`](#enforce_sql) +* [`ensure`](#ensure) +* [`import_timeout`](#import_timeout) +* [`import_cat_cmd`](#import_cat_cmd) +* [`mysql_exec_path`](#mysql_exec_path) + +##### `user` Data type: `Any` The user for the database you're creating. -##### `password` +##### `password` -Data type: `Any` +Data type: `Variant[String, Sensitive[String]]` The password for $user for the database you're creating. -##### `tls_options` +##### `tls_options` Data type: `Any` The tls_options for $user for the database you're creating. Default value: ``undef`` -##### `dbname` +##### `dbname` Data type: `Any` The name of the database to create. Default value: `$name` -##### `charset` +##### `charset` Data type: `Any` The character set for the database. Default value: `'utf8'` -##### `collate` +##### `collate` Data type: `Any` The collation for the database. Default value: `'utf8_general_ci'` -##### `host` +##### `host` Data type: `Any` The host to use as part of user@host for grants. Default value: `'localhost'` -##### `grant` +##### `grant` Data type: `Any` The privileges to be granted for user@host on the database. Default value: `'ALL'` -##### `grant_options` +##### `grant_options` Data type: `Any` The grant_options for the grant for user@host on the database. Default value: ``undef`` -##### `sql` +##### `sql` Data type: `Optional[Variant[Array, Hash, String]]` The path to the sqlfile you want to execute. This can be single file specified as string, or it can be an array of strings. Default value: ``undef`` -##### `enforce_sql` +##### `enforce_sql` Data type: `Any` Specifies whether executing the sqlfiles should happen on every run. If set to false, sqlfiles only run once. Default value: ``false`` -##### `ensure` +##### `ensure` Data type: `Enum['absent', 'present']` Specifies whether to create the database. Valid values are 'present', 'absent'. Defaults to 'present'. Default value: `'present'` -##### `import_timeout` +##### `import_timeout` Data type: `Any` Timeout, in seconds, for loading the sqlfiles. Defaults to 300. Default value: `300` -##### `import_cat_cmd` +##### `import_cat_cmd` Data type: `Any` Command to read the sqlfile for importing the database. Useful for compressed sqlfiles. For example, you can use 'zcat' for .gz files. Default value: `'cat'` -##### `mysql_exec_path` +##### `mysql_exec_path` Data type: `Any` -Default value: `$mysql::params::exec_path` +Default value: ``undef`` ## Resource types -### `mysql_grant` +### `mysql_grant` @summary Manage a MySQL user's rights. #### Properties The following properties are available in the `mysql_grant` type. ##### `ensure` Valid values: `present`, `absent` The basic property that the resource should be in. Default value: `present` ##### `options` Options to grant. ##### `privileges` Privileges for user ##### `table` Valid values: `%r{.*\..*}`, `%r{^[0-9a-zA-Z$_]*@[\w%\.:\-/]*$}` Table to apply privileges to. ##### `user` User to operate on. #### Parameters The following parameters are available in the `mysql_grant` type. -##### `name` +* [`name`](#name) +* [`provider`](#provider) + +##### `name` namevar Name to describe the grant. -##### `provider` +##### `provider` The specific backend to use for this `mysql_grant` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. -### `mysql_login_path` +### `mysql_login_path` This type provides Puppet with the capabilities to store authentication credentials in an obfuscated login path file named .mylogin.cnf created with the mysql_config_editor utility. Supports only MySQL Community Edition > v5.6.6. * **See also** * https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html #### Examples ##### ```puppet mysql_login_path { 'local_socket': owner => 'root', host => 'localhost', user => 'root', password => Sensitive('secure'), socket => '/var/run/mysql/mysql.sock', ensure => present, } mysql_login_path { 'local_tcp': owner => 'root', host => '127.0.0.1', user => 'root', password => Sensitive('more_secure'), port => 3306, ensure => present, } ``` #### Properties The following properties are available in the `mysql_login_path` type. ##### `ensure` Data type: `Enum[present, absent]` Whether this resource should be present or absent on the target system. ##### `host` Data type: `Optional[String]` Host name to be entered into the login path. ##### `password` Data type: `Optional[Sensitive[String[1]]]` Password to be entered into login path ##### `port` Data type: `Optional[Integer[0,65535]]` Port number to be entered into login path. ##### `socket` Data type: `Optional[String]` Socket path to be entered into login path ##### `user` Data type: `Optional[String]` Username to be entered into the login path. #### Parameters The following parameters are available in the `mysql_login_path` type. -##### `name` +* [`name`](#name) +* [`owner`](#owner) + +##### `name` namevar Data type: `String` Name of the login path you want to manage. -##### `owner` +##### `owner` namevar Data type: `String` The user to whom the logon path should belong. Default value: `root` -### `mysql_plugin` +### `mysql_plugin` Manage MySQL plugins. #### Examples ##### ```puppet mysql_plugin { 'some_plugin': soname => 'some_pluginlib.so', } ``` #### Properties The following properties are available in the `mysql_plugin` type. ##### `ensure` Valid values: `present`, `absent` The basic property that the resource should be in. Default value: `present` ##### `soname` Valid values: `%r{^\w+\.\w+$}` The name of the library #### Parameters The following parameters are available in the `mysql_plugin` type. -##### `name` +* [`name`](#name) +* [`provider`](#provider) + +##### `name` namevar The name of the MySQL plugin to manage. -##### `provider` +##### `provider` The specific backend to use for this `mysql_plugin` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. -### `mysql_user` +### `mysql_user` @summary Manage a MySQL user. This includes management of users password as well as privileges. #### Properties The following properties are available in the `mysql_user` type. ##### `ensure` Valid values: `present`, `absent` The basic property that the resource should be in. Default value: `present` ##### `max_connections_per_hour` Valid values: `%r{\d+}` Max connections per hour for the user. 0 means no (or global) limit. ##### `max_queries_per_hour` Valid values: `%r{\d+}` Max queries per hour for the user. 0 means no (or global) limit. ##### `max_updates_per_hour` Valid values: `%r{\d+}` Max updates per hour for the user. 0 means no (or global) limit. ##### `max_user_connections` Valid values: `%r{\d+}` Max concurrent connections for the user. 0 means no (or global) limit. ##### `password_hash` Valid values: `%r{\w*}` The password hash of the user. Use mysql::password() for creating such a hash. ##### `plugin` Valid values: `%r{\w+}` The authentication plugin of the user. ##### `tls_options` Options to that set the TLS-related REQUIRE attributes for the user. #### Parameters The following parameters are available in the `mysql_user` type. -##### `name` +* [`name`](#name) +* [`provider`](#provider) + +##### `name` namevar The name of the user. This uses the 'username@hostname' or username@hostname. -##### `provider` +##### `provider` The specific backend to use for this `mysql_user` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. ## Functions -### `mysql::normalise_and_deepmerge` +### `mysql::normalise_and_deepmerge` Type: Ruby 4.x API - When there is a duplicate key that is a hash, they are recursively merged. - When there is a duplicate key that is not a hash, the key in the rightmost hash will "win." - When there are conficting uses of dashes and underscores in two keys (which mysql would otherwise equate), the rightmost style will win. #### Examples ##### ```puppet $hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } } $hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } } $merged_hash = mysql::normalise_and_deepmerge($hash1, $hash2) # The resulting hash is equivalent to: # $merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } } ``` #### `mysql::normalise_and_deepmerge(Any *$args)` - When there is a duplicate key that is a hash, they are recursively merged. - When there is a duplicate key that is not a hash, the key in the rightmost hash will "win." - When there are conficting uses of dashes and underscores in two keys (which mysql would otherwise equate), the rightmost style will win. -Returns: `Any` +Returns: `Any` hash +The given hash normalised ##### Examples ###### ```puppet $hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } } $hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } } $merged_hash = mysql::normalise_and_deepmerge($hash1, $hash2) # The resulting hash is equivalent to: # $merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } } ``` ##### `*args` Data type: `Any` +Hash to be normalised - -### `mysql::password` +### `mysql::password` Type: Ruby 4.x API Hash a string as mysql's "PASSWORD()" function would do it -#### `mysql::password(String $password)` +#### `mysql::password(Variant[String, Sensitive[String]] $password, Optional[Boolean] $sensitive)` The mysql::password function. -Returns: `String` hash +Returns: `Variant[String, Sensitive[String]]` hash The mysql password hash from the clear text password. ##### `password` -Data type: `String` +Data type: `Variant[String, Sensitive[String]]` Plain text password. -### `mysql::strip_hash` +##### `sensitive` + +Data type: `Optional[Boolean]` + +If the Postgresql-Passwordhash should be of Datatype Sensitive[String] + +### `mysql::strip_hash` Type: Ruby 4.x API When given a hash this function strips out all blank entries. #### `mysql::strip_hash(Hash $hash)` The mysql::strip_hash function. Returns: `Hash` hash The given hash with all blank entries removed ##### `hash` Data type: `Hash` Hash to be stripped -### `mysql_password` +### `mysql_password` Type: Ruby 4.x API DEPRECATED. Use the namespaced function [`mysql::password`](#mysqlpassword) instead. -#### `mysql_password(String $password)` +#### `mysql_password(Variant[String, Sensitive[String]] $password, Optional[Boolean] $sensitive)` The mysql_password function. -Returns: `String` The mysql password hash from the 4.x function mysql::password. +Returns: `Variant[String, Sensitive[String]]` The mysql password hash from the 4.x function mysql::password. ##### `password` -Data type: `String` +Data type: `Variant[String, Sensitive[String]]` Plain text password. +##### `sensitive` + +Data type: `Optional[Boolean]` + + + ## Data types -### `Mysql::Options` +### `Mysql::Options` + +Use this if you don’t want your options merged with the default options. -The Mysql::Options data type. +Alias of -Alias of `Hash[String, Hash]` +```puppet +Hash[String, Hash] +``` ## Tasks -### `export` +### `export` Allows you to backup your database to local file. **Supports noop?** false #### Parameters ##### `database` Data type: `Optional[String[1]]` Database to connect to ##### `user` Data type: `Optional[String[1]]` The user ##### `password` Data type: `Optional[String[1]]` The password ##### `file` Data type: `String[1]` Path to file you want backup to -### `sql` +### `sql` Allows you to execute arbitary SQL **Supports noop?** false #### Parameters ##### `database` Data type: `Optional[String[1]]` Database to connect to ##### `user` Data type: `Optional[String[1]]` The user ##### `password` Data type: `Optional[String[1]]` The password ##### `sql` Data type: `String[1]` The SQL you want to execute diff --git a/Rakefile b/Rakefile index f8ec754..f800356 100644 --- a/Rakefile +++ b/Rakefile @@ -1,88 +1,89 @@ # frozen_string_literal: true +require 'bundler' require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? -require 'puppet_pot_generator/rake_tasks' def changelog_user return unless Rake.application.top_level_tasks.include? "changelog" returnVal = nil || JSON.load(File.read('metadata.json'))['author'] raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil? puts "GitHubChangelogGenerator user:#{returnVal}" returnVal end def changelog_project return unless Rake.application.top_level_tasks.include? "changelog" returnVal = nil returnVal ||= begin metadata_source = JSON.load(File.read('metadata.json'))['source'] metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z}) metadata_source_match && metadata_source_match[1] end raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil? puts "GitHubChangelogGenerator project:#{returnVal}" returnVal end def changelog_future_release return unless Rake.application.top_level_tasks.include? "changelog" returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version'] raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? puts "GitHubChangelogGenerator future_release:#{returnVal}" returnVal end PuppetLint.configuration.send('disable_relative') if Bundler.rubygems.find_name('github_changelog_generator').any? GitHubChangelogGenerator::RakeTask.new :changelog do |config| raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? config.user = "#{changelog_user}" config.project = "#{changelog_project}" + config.since_tag = "v11.0.3" config.future_release = "#{changelog_future_release}" config.exclude_labels = ['maintenance'] config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." config.add_pr_wo_labels = true config.issues = false config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB" config.configure_sections = { "Changed" => { "prefix" => "### Changed", "labels" => ["backwards-incompatible"], }, "Added" => { "prefix" => "### Added", "labels" => ["enhancement", "feature"], }, "Fixed" => { "prefix" => "### Fixed", "labels" => ["bug", "documentation", "bugfix"], }, } end else desc 'Generate a Changelog from GitHub' task :changelog do raise < 1.15' condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')" EOM end end diff --git a/data/common.yaml b/data/common.yaml new file mode 100644 index 0000000..2fbf0ff --- /dev/null +++ b/data/common.yaml @@ -0,0 +1 @@ +--- {} diff --git a/examples/monitor.pp b/examples/monitor.pp new file mode 100644 index 0000000..c56e6e6 --- /dev/null +++ b/examples/monitor.pp @@ -0,0 +1,20 @@ +# @summary +# Add a monitoring user to the database + +$mysql_monitor_password = 'password' +$mysql_monitor_username = 'monitoring' +$mysql_monitor_hostname = $::facts['networking']['hostname'] + +mysql_user { "${mysql_monitor_username}@${mysql_monitor_hostname}": + ensure => present, + password_hash => mysql::password($mysql_monitor_password), + require => Class['mysql::server::service'], +} + +mysql_grant { "${mysql_monitor_username}@${mysql_monitor_hostname}/*.*": + ensure => present, + user => "${mysql_monitor_username}@${mysql_monitor_hostname}", + table => '*.*', + privileges => ['PROCESS', 'SUPER'], + require => Mysql_user["${mysql_monitor_username}@${mysql_monitor_hostname}"], +} diff --git a/examples/mysqltuner.pp b/examples/mysqltuner.pp new file mode 100644 index 0000000..02f618c --- /dev/null +++ b/examples/mysqltuner.pp @@ -0,0 +1,12 @@ +# @summary +# Manage the MySQLTuner package. + +$version = 'v1.3.0' + +file { '/usr/local/bin/mysqltuner': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0550', + source => "https://github.com/major/MySQLTuner-perl/raw/${version}/mysqltuner.pl", +} diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 0000000..545fff3 --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "osfamily/major release" + paths: + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + - name: "osfamily" + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: 'common' + path: 'common.yaml' diff --git a/lib/facter/mysql_server_id.rb b/lib/facter/mysql_server_id.rb index caeafd2..ec8cd99 100644 --- a/lib/facter/mysql_server_id.rb +++ b/lib/facter/mysql_server_id.rb @@ -1,22 +1,24 @@ +# frozen_string_literal: true + def mysql_id_get # Convert the existing mac to an integer macval = Facter.value(:macaddress).delete(':').to_i(16) # Valid range is from 1 - 4294967295 for replication hosts. # We can not guarantee a fully unique value, this reduces the # full mac value down to into that number space. # # The -1/+1 ensures that we keep above 1 if we get unlucky # enough to hit a mac address that evenly divides. (macval % (4_294_967_295 - 1)) + 1 end Facter.add('mysql_server_id') do setcode do begin mysql_id_get rescue nil end end end diff --git a/lib/facter/mysql_version.rb b/lib/facter/mysql_version.rb index 73e14ee..f79b2af 100644 --- a/lib/facter/mysql_version.rb +++ b/lib/facter/mysql_version.rb @@ -1,7 +1,9 @@ +# frozen_string_literal: true + Facter.add('mysql_version') do confine { Facter::Core::Execution.which('mysql') } setcode do mysql_ver = Facter::Util::Resolution.exec('mysql --version') mysql_ver.match(%r{\d+\.\d+\.\d+})[0] if mysql_ver end end diff --git a/lib/facter/mysqld_version.rb b/lib/facter/mysqld_version.rb index a0e67ea..6548f5b 100644 --- a/lib/facter/mysqld_version.rb +++ b/lib/facter/mysqld_version.rb @@ -1,6 +1,8 @@ +# frozen_string_literal: true + Facter.add('mysqld_version') do confine { Facter::Core::Execution.which('mysqld') } setcode do Facter::Util::Resolution.exec('mysqld --no-defaults -V 2>/dev/null') end end diff --git a/lib/puppet/functions/mysql/normalise_and_deepmerge.rb b/lib/puppet/functions/mysql/normalise_and_deepmerge.rb index 70c03f5..bb5f884 100644 --- a/lib/puppet/functions/mysql/normalise_and_deepmerge.rb +++ b/lib/puppet/functions/mysql/normalise_and_deepmerge.rb @@ -1,67 +1,74 @@ -# @summary Recursively merges two or more hashes together, normalises keys with differing use of dashesh and underscores, -# then returns the resulting hash. +# frozen_string_literal: true + +# @summary Recursively merges two or more hashes together, normalises keys with differing use of dashes and underscores. # # @example # $hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } } # $hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } } # $merged_hash = mysql::normalise_and_deepmerge($hash1, $hash2) # # The resulting hash is equivalent to: # # $merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } } # # - When there is a duplicate key that is a hash, they are recursively merged. # - When there is a duplicate key that is not a hash, the key in the rightmost hash will "win." # - When there are conficting uses of dashes and underscores in two keys (which mysql would otherwise equate), the rightmost style will win. # Puppet::Functions.create_function(:'mysql::normalise_and_deepmerge') do + # @param args + # Hash to be normalised + # + # @return hash + # The given hash normalised + # def normalise_and_deepmerge(*args) if args.length < 2 raise Puppet::ParseError, _('mysql::normalise_and_deepmerge(): wrong number of arguments (%{args_length}; must be at least 2)') % { args_length: args.length } end result = {} args.each do |arg| next if arg.is_a?(String) && arg.empty? # empty string is synonym for puppet's undef # If the argument was not a hash, skip it. unless arg.is_a?(Hash) raise Puppet::ParseError, _('mysql::normalise_and_deepmerge: unexpected argument type %{arg_class}, only expects hash arguments.') % { args_class: args.class } end # We need to make a copy of the hash since it is frozen by puppet current = deep_copy(arg) # Now we have to traverse our hash assigning our non-hash values # to the matching keys in our result while following our hash values # and repeating the process. overlay(result, current) end result end def normalized?(hash, key) return true if hash.key?(key) - return false unless key =~ %r{-|_} + return false unless %r{-|_}.match?(key) other_key = key.include?('-') ? key.tr('-', '_') : key.tr('_', '-') return false unless hash.key?(other_key) hash[key] = hash.delete(other_key) true end def overlay(hash1, hash2) hash2.each do |key, value| if normalized?(hash1, key) && value.is_a?(Hash) && hash1[key].is_a?(Hash) overlay(hash1[key], value) else hash1[key] = value end end end def deep_copy(inputhash) return inputhash unless inputhash.is_a? Hash hash = {} inputhash.each do |k, v| hash.store(k, deep_copy(v)) end hash end end diff --git a/lib/puppet/functions/mysql/password.rb b/lib/puppet/functions/mysql/password.rb index 4a8db82..caf9e81 100644 --- a/lib/puppet/functions/mysql/password.rb +++ b/lib/puppet/functions/mysql/password.rb @@ -1,22 +1,41 @@ +# frozen_string_literal: true + require 'digest/sha1' # @summary # Hash a string as mysql's "PASSWORD()" function would do it # Puppet::Functions.create_function(:'mysql::password') do # @param password # Plain text password. + # @param sensitive + # If the Postgresql-Passwordhash should be of Datatype Sensitive[String] # # @return hash # The mysql password hash from the clear text password. # dispatch :password do - required_param 'String', :password - return_type 'String' + required_param 'Variant[String, Sensitive[String]]', :password + optional_param 'Boolean', :sensitive + return_type 'Variant[String, Sensitive[String]]' end - def password(password) - return '' if password.empty? - return password if password =~ %r{\*[A-F0-9]{40}$} - '*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(password)).upcase + def password(password, sensitive = false) + if password.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) + password = password.unwrap + end + + result_string = if %r{\*[A-F0-9]{40}$}.match?(password) + password + elsif password.empty? + '' + else + '*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(password)).upcase + end + + if sensitive + Puppet::Pops::Types::PSensitiveType::Sensitive.new(result_string) + else + result_string + end end end diff --git a/lib/puppet/functions/mysql/strip_hash.rb b/lib/puppet/functions/mysql/strip_hash.rb index a978ae8..00b9cc2 100644 --- a/lib/puppet/functions/mysql/strip_hash.rb +++ b/lib/puppet/functions/mysql/strip_hash.rb @@ -1,22 +1,24 @@ +# frozen_string_literal: true + # @summary # When given a hash this function strips out all blank entries. # Puppet::Functions.create_function(:'mysql::strip_hash') do # @param hash # Hash to be stripped # # @return hash # The given hash with all blank entries removed # dispatch :strip_hash do required_param 'Hash', :hash return_type 'Hash' end def strip_hash(hash) # Filter out all the top level blanks. hash.reject { |_k, v| v == '' }.each do |_k, v| v.reject! { |_ki, vi| vi == '' } if v.is_a?(Hash) end end end diff --git a/lib/puppet/functions/mysql_password.rb b/lib/puppet/functions/mysql_password.rb index d2ac76d..89cf313 100644 --- a/lib/puppet/functions/mysql_password.rb +++ b/lib/puppet/functions/mysql_password.rb @@ -1,17 +1,20 @@ +# frozen_string_literal: true + # @summary DEPRECATED. Use the namespaced function [`mysql::password`](#mysqlpassword) instead. Puppet::Functions.create_function(:mysql_password) do # @param password # Plain text password. # # @return # The mysql password hash from the 4.x function mysql::password. dispatch :mysql_password do - required_param 'String', :password - return_type 'String' + required_param 'Variant[String, Sensitive[String]]', :password + optional_param 'Boolean', :sensitive + return_type 'Variant[String, Sensitive[String]]' end - def mysql_password(password) + def mysql_password(password, sensitive = false) call_function('deprecation', 'mysql_password', "This method has been deprecated, please use the namespaced version 'mysql::password' instead.") - call_function('mysql::password', password) + call_function('mysql::password', password, sensitive) end end diff --git a/lib/puppet/provider/mysql.rb b/lib/puppet/provider/mysql.rb index dd261ab..2c572bb 100644 --- a/lib/puppet/provider/mysql.rb +++ b/lib/puppet/provider/mysql.rb @@ -1,175 +1,177 @@ +# frozen_string_literal: true + # Puppet provider for mysql class Puppet::Provider::Mysql < Puppet::Provider # Without initvars commands won't work. initvars # Make sure we find mysql commands on CentOS and FreeBSD ENV['PATH'] = ENV['PATH'] + ':/usr/libexec:/usr/local/libexec:/usr/local/bin' ENV['LD_LIBRARY_PATH'] = [ ENV['LD_LIBRARY_PATH'], '/usr/lib', '/usr/lib64', '/opt/rh/rh-mysql56/root/usr/lib', '/opt/rh/rh-mysql56/root/usr/lib64', '/opt/rh/rh-mysql57/root/usr/lib', '/opt/rh/rh-mysql57/root/usr/lib64', '/opt/rh/rh-mysql80/root/usr/lib', '/opt/rh/rh-mysql80/root/usr/lib64', '/opt/rh/rh-mariadb100/root/usr/lib', '/opt/rh/rh-mariadb100/root/usr/lib64', '/opt/rh/rh-mariadb101/root/usr/lib', '/opt/rh/rh-mariadb101/root/usr/lib64', '/opt/rh/rh-mariadb102/root/usr/lib', '/opt/rh/rh-mariadb102/root/usr/lib64', '/opt/rh/rh-mariadb103/root/usr/lib', '/opt/rh/rh-mariadb103/root/usr/lib64', '/opt/rh/mysql55/root/usr/lib', '/opt/rh/mysql55/root/usr/lib64', '/opt/rh/mariadb55/root/usr/lib', '/opt/rh/mariadb55/root/usr/lib64', '/usr/mysql/5.5/lib', '/usr/mysql/5.5/lib64', '/usr/mysql/5.6/lib', '/usr/mysql/5.6/lib64', '/usr/mysql/5.7/lib', '/usr/mysql/5.7/lib64', ].join(':') # rubocop:disable Style/HashSyntax commands :mysql_raw => 'mysql' commands :mysqld => 'mysqld' commands :mysqladmin => 'mysqladmin' # rubocop:enable Style/HashSyntax # Optional defaults file def self.defaults_file "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf" if File.file?("#{Facter.value(:root_home)}/.my.cnf") end def self.mysqld_type # find the mysql "dialect" like mariadb / mysql etc. mysqld_version_string.scan(%r{mariadb}i) { return 'mariadb' } mysqld_version_string.scan(%r{\s\(percona}i) { return 'percona' } 'mysql' end def mysqld_type self.class.mysqld_type end def self.mysqld_version_string # As the possibility of the mysqld being remote we need to allow the version string to be overridden, # this can be done by facter.value as seen below. In the case that it has not been set and the facter # value is nil we use the mysql -v command to ensure we report the correct version of mysql for later use cases. @mysqld_version_string ||= Facter.value(:mysqld_version) || mysqld('-V') end def mysqld_version_string self.class.mysqld_version_string end def self.mysqld_version - # note: be prepared for '5.7.6-rc-log' etc results + # NOTE: be prepared for '5.7.6-rc-log' etc results # versioncmp detects 5.7.6-log to be newer then 5.7.6 # this is why we need the trimming. - mysqld_version_string.scan(%r{\d+\.\d+\.\d+}).first unless mysqld_version_string.nil? + mysqld_version_string&.scan(%r{\d+\.\d+\.\d+})&.first end def mysqld_version self.class.mysqld_version end def self.newer_than(forks_versions) - forks_versions.keys.include?(mysqld_type) && Puppet::Util::Package.versioncmp(mysqld_version, forks_versions[mysqld_type]) >= 0 + forks_versions.key?(mysqld_type) && Puppet::Util::Package.versioncmp(mysqld_version, forks_versions[mysqld_type]) >= 0 end def newer_than(forks_versions) self.class.newer_than(forks_versions) end def self.older_than(forks_versions) - forks_versions.keys.include?(mysqld_type) && Puppet::Util::Package.versioncmp(mysqld_version, forks_versions[mysqld_type]) < 0 + forks_versions.key?(mysqld_type) && Puppet::Util::Package.versioncmp(mysqld_version, forks_versions[mysqld_type]) < 0 end def older_than(forks_versions) self.class.older_than(forks_versions) end def defaults_file self.class.defaults_file end def self.mysql_caller(text_of_sql, type) if type.eql? 'system' if File.file?("#{Facter.value(:root_home)}/.mylogin.cnf") ENV['MYSQL_TEST_LOGIN_FILE'] = "#{Facter.value(:root_home)}/.mylogin.cnf" mysql_raw([system_database, '-e', text_of_sql].flatten.compact).scrub else mysql_raw([defaults_file, system_database, '-e', text_of_sql].flatten.compact).scrub end elsif type.eql? 'regular' if File.file?("#{Facter.value(:root_home)}/.mylogin.cnf") ENV['MYSQL_TEST_LOGIN_FILE'] = "#{Facter.value(:root_home)}/.mylogin.cnf" mysql_raw(['-NBe', text_of_sql].flatten.compact).scrub else mysql_raw([defaults_file, '-NBe', text_of_sql].flatten.compact).scrub end else raise Puppet::Error, _("#mysql_caller: Unrecognised type '%{type}'" % { type: type }) end end def self.users mysql_caller("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').split("\n") end # Optional parameter to run a statement on the MySQL system database. def self.system_database '--database=mysql' end def system_database self.class.system_database end # Take root@localhost and munge it to 'root'@'localhost' # Take root@id123@localhost and munge it to 'root@id123'@'localhost' def self.cmd_user(user) "'#{user.reverse.sub('@', "'@'").reverse}'" end # Take root.* and return ON `root`.* def self.cmd_table(table) table_string = '' # We can't escape *.* so special case this. - table_string << if table == '*.*' + table_string += if table == '*.*' '*.*' # Special case also for FUNCTIONs and PROCEDUREs elsif table.start_with?('FUNCTION ', 'PROCEDURE ') table.sub(%r{^(FUNCTION|PROCEDURE) (.*)(\..*)}, '\1 `\2`\3') else table.sub(%r{^(.*)(\..*)}, '`\1`\2') end table_string end def self.cmd_privs(privileges) return 'ALL PRIVILEGES' if privileges.include?('ALL') priv_string = '' privileges.each do |priv| - priv_string << "#{priv}, " + priv_string += "#{priv}, " end # Remove trailing , from the last element. priv_string.sub(%r{, $}, '') end # Take in potential options and build up a query string with them. def self.cmd_options(options) option_string = '' options.each do |opt| - option_string << ' WITH GRANT OPTION' if opt == 'GRANT' + option_string += ' WITH GRANT OPTION' if opt == 'GRANT' end option_string end end diff --git a/lib/puppet/provider/mysql_database/mysql.rb b/lib/puppet/provider/mysql_database/mysql.rb index bbbf216..04d95bf 100644 --- a/lib/puppet/provider/mysql_database/mysql.rb +++ b/lib/puppet/provider/mysql_database/mysql.rb @@ -1,65 +1,67 @@ +# frozen_string_literal: true + require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql')) Puppet::Type.type(:mysql_database).provide(:mysql, parent: Puppet::Provider::Mysql) do desc 'Manages MySQL databases.' commands mysql_raw: 'mysql' def self.instances mysql_caller('show databases', 'regular').split("\n").map do |name| attributes = {} mysql_caller(["show variables like '%_database'", name], 'regular').split("\n").each do |line| k, v = line.split(%r{\s}) attributes[k] = v end new(name: name, ensure: :present, charset: attributes['character_set_database'], collate: attributes['collation_database']) end end # We iterate over each mysql_database entry in the catalog and compare it against # the contents of the property_hash generated by self.instances def self.prefetch(resources) databases = instances - resources.keys.each do |database| + resources.each_key do |database| provider = databases.find { |db| db.name == database } resources[database].provider = provider if provider end end def create self.class.mysql_caller("create database if not exists `#{@resource[:name]}` character set `#{@resource[:charset]}` collate `#{@resource[:collate]}`", 'regular') @property_hash[:ensure] = :present @property_hash[:charset] = @resource[:charset] @property_hash[:collate] = @resource[:collate] exists? ? (return true) : (return false) end def destroy self.class.mysql_caller("drop database if exists `#{@resource[:name]}`", 'regular') @property_hash.clear exists? ? (return false) : (return true) end def exists? @property_hash[:ensure] == :present || false end mk_resource_methods def charset=(value) self.class.mysql_caller("alter database `#{resource[:name]}` CHARACTER SET #{value}", 'regular') @property_hash[:charset] = value (charset == value) ? (return true) : (return false) end def collate=(value) self.class.mysql_caller("alter database `#{resource[:name]}` COLLATE #{value}", 'regular') @property_hash[:collate] = value (collate == value) ? (return true) : (return false) end end diff --git a/lib/puppet/provider/mysql_datadir/mysql.rb b/lib/puppet/provider/mysql_datadir/mysql.rb index 88b8fa3..31cae9d 100644 --- a/lib/puppet/provider/mysql_datadir/mysql.rb +++ b/lib/puppet/provider/mysql_datadir/mysql.rb @@ -1,98 +1,100 @@ +# frozen_string_literal: true + require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql')) Puppet::Type.type(:mysql_datadir).provide(:mysql, parent: Puppet::Provider::Mysql) do desc 'manage data directories for mysql instances' initvars # Make sure we find mysqld on CentOS and mysql_install_db on Gentoo and Solaris 11 ENV['PATH'] = [ ENV['PATH'], '/usr/libexec', '/usr/share/mysql/scripts', '/opt/rh/rh-mysql80/root/usr/bin', '/opt/rh/rh-mysql80/root/usr/libexec', '/opt/rh/rh-mysql57/root/usr/bin', '/opt/rh/rh-mysql57/root/usr/libexec', '/opt/rh/rh-mysql56/root/usr/bin', '/opt/rh/rh-mysql56/root/usr/libexec', '/opt/rh/rh-mariadb101/root/usr/bin', '/opt/rh/rh-mariadb101/root/usr/libexec', '/opt/rh/rh-mariadb100/root/usr/bin', '/opt/rh/rh-mariadb100/root/usr/libexec', '/opt/rh/rh-mariadb102/root/usr/bin', '/opt/rh/rh-mariadb102/root/usr/libexec', '/opt/rh/rh-mariadb103/root/usr/bin', '/opt/rh/rh-mariadb103/root/usr/libexec', '/opt/rh/mysql55/root/usr/bin', '/opt/rh/mysql55/root/usr/libexec', '/opt/rh/mariadb55/root/usr/bin', '/opt/rh/mariadb55/root/usr/libexec', '/usr/mysql/5.5/bin', '/usr/mysql/5.6/bin', '/usr/mysql/5.7/bin', ].join(':') commands mysqld: 'mysqld' optional_commands mysql_install_db: 'mysql_install_db' # rubocop:disable Lint/UselessAssignment def create name = @resource[:name] insecure = @resource.value(:insecure) || true defaults_extra_file = @resource.value(:defaults_extra_file) user = @resource.value(:user) || 'mysql' basedir = @resource.value(:basedir) datadir = @resource.value(:datadir) || @resource[:name] log_error = @resource.value(:log_error) || '/var/tmp/mysqld_initialize.log' # rubocop:enable Lint/UselessAssignment unless defaults_extra_file.nil? unless File.exist?(defaults_extra_file) raise ArgumentError, _('Defaults-extra-file %{file} is missing.') % { file: defaults_extra_file } end defaults_extra_file = "--defaults-extra-file=#{defaults_extra_file}" end initialize = if insecure == true '--initialize-insecure' else '--initialize' end opts = [defaults_extra_file] ['basedir', 'datadir', 'user'].each do |opt| val = eval(opt) # rubocop:disable Security/Eval opts << "--#{opt}=#{val}" unless val.nil? end if mysqld_version.nil? debug("Installing MySQL data directory with mysql_install_db #{opts.compact.join(' ')}") mysql_install_db(opts.compact) elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6') opts << "--log-error=#{log_error}" opts << initialize.to_s debug("Initializing MySQL data directory >= 5.7.6 with mysqld: #{opts.compact.join(' ')}") mysqld(opts.compact) else debug("Installing MySQL data directory with mysql_install_db #{opts.compact.join(' ')}") mysql_install_db(opts.compact) end exists? end def destroy name = @resource[:name] # rubocop:disable Lint/UselessAssignment raise ArgumentError, _('ERROR: `Resource` can not be removed.') end def exists? datadir = @resource[:datadir] File.directory?("#{datadir}/mysql") && (Dir.entries("#{datadir}/mysql") - ['.', '..']).any? end ## ## MySQL datadir properties ## # Generates method for all properties of the property_hash mk_resource_methods end diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index 8829033..b3e97b4 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -1,176 +1,185 @@ +# frozen_string_literal: true + require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql')) Puppet::Type.type(:mysql_grant).provide(:mysql, parent: Puppet::Provider::Mysql) do desc 'Set grants for users in MySQL.' commands mysql_raw: 'mysql' def self.instances instances = [] users.map do |user| user_string = cmd_user(user) query = "SHOW GRANTS FOR #{user_string};" begin grants = mysql_caller(query, 'regular') rescue Puppet::ExecutionFailure => e # Silently ignore users with no grants. Can happen e.g. if user is # defined with fqdn and server is run with skip-name-resolve. Example: # Default root user created by mysql_install_db on a host with fqdn # of myhost.mydomain.my: root@myhost.mydomain.my, when MySQL is started # with --skip-name-resolve. - next if e.inspect =~ %r{There is no such grant defined for user} + next if %r{There is no such grant defined for user}.match?(e.inspect) raise Puppet::Error, _('#mysql had an error -> %{inspect}') % { inspect: e.inspect } end # Once we have the list of grants generate entries for each. grants.each_line do |grant| # Match the munges we do in the type. munged_grant = grant.delete("'").delete('`').delete('"') # Matching: GRANT (SELECT, UPDATE) PRIVILEGES ON (*.*) TO ('root')@('127.0.0.1') (WITH GRANT OPTION) next unless match = munged_grant.match(%r{^GRANT\s(.+)\sON\s(.+)\sTO\s(.*)@(.*?)(\s.*)?$}) # rubocop:disable Lint/AssignmentInCondition privileges, table, user, host, rest = match.captures table.gsub!('\\\\', '\\') # split on ',' if it is not a non-'('-containing string followed by a # closing parenthesis ')'-char - e.g. only split comma separated elements not in # parentheses stripped_privileges = privileges.strip.split(%r{\s*,\s*(?![^(]*\))}).map do |priv| # split and sort the column_privileges in the parentheses and rejoin if priv.include?('(') type, col = priv.strip.split(%r{\s+|\b}, 2) type.upcase + ' (' + col.slice(1...-1).strip.split(%r{\s*,\s*}).sort.join(', ') + ')' else # Once we split privileges up on the , we need to make sure we # shortern ALL PRIVILEGES to just all. (priv == 'ALL PRIVILEGES') ? 'ALL' : priv.strip end end + sorted_privileges = stripped_privileges.sort + if newer_than('mysql' => '8.0.0') && sorted_privileges == ['ALTER', 'ALTER ROUTINE', 'CREATE', 'CREATE ROLE', 'CREATE ROUTINE', 'CREATE TABLESPACE', 'CREATE TEMPORARY TABLES', 'CREATE USER', + 'CREATE VIEW', 'DELETE', 'DROP', 'DROP ROLE', 'EVENT', 'EXECUTE', 'FILE', 'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES', + 'RELOAD', 'REPLICATION CLIENT', 'REPLICATION SLAVE', 'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'SHUTDOWN', 'SUPER', 'TRIGGER', + 'UPDATE'] + sorted_privileges = ['ALL'] + end # Same here, but to remove OPTION leaving just GRANT. - options = if rest =~ %r{WITH\sGRANT\sOPTION} + options = if %r{WITH\sGRANT\sOPTION}.match?(rest) ['GRANT'] else ['NONE'] end # fix double backslash that MySQL prints, so resources match table.gsub!('\\\\', '\\') # We need to return an array of instances so capture these instances << new( name: "#{user}@#{host}/#{table}", ensure: :present, - privileges: stripped_privileges.sort, + privileges: sorted_privileges, table: table, user: "#{user}@#{host}", options: options, ) end end instances end def self.prefetch(resources) users = instances - resources.keys.each do |name| + resources.each_key do |name| if provider = users.find { |user| user.name == name } # rubocop:disable Lint/AssignmentInCondition resources[name].provider = provider end end end def grant(user, table, privileges, options) user_string = self.class.cmd_user(user) priv_string = self.class.cmd_privs(privileges) table_string = privileges.include?('PROXY') ? self.class.cmd_user(table) : self.class.cmd_table(table) query = "GRANT #{priv_string}" - query << " ON #{table_string}" - query << " TO #{user_string}" - query << self.class.cmd_options(options) unless options.nil? + query += " ON #{table_string}" + query += " TO #{user_string}" + query += self.class.cmd_options(options) unless options.nil? self.class.mysql_caller(query, 'system') end def create grant(@resource[:user], @resource[:table], @resource[:privileges], @resource[:options]) @property_hash[:ensure] = :present @property_hash[:table] = @resource[:table] @property_hash[:user] = @resource[:user] @property_hash[:options] = @resource[:options] if @resource[:options] @property_hash[:privileges] = @resource[:privileges] exists? ? (return true) : (return false) end def revoke(user, table, revoke_privileges = ['ALL']) user_string = self.class.cmd_user(user) table_string = revoke_privileges.include?('PROXY') ? self.class.cmd_user(table) : self.class.cmd_table(table) priv_string = self.class.cmd_privs(revoke_privileges) # revoke grant option needs to be a extra query, because # "REVOKE ALL PRIVILEGES, GRANT OPTION [..]" is only valid mysql syntax # if no ON clause is used. # It hast to be executed before "REVOKE ALL [..]" since a GRANT has to # exist to be executed successfully if revoke_privileges.include?('ALL') && !revoke_privileges.include?('PROXY') query = "REVOKE GRANT OPTION ON #{table_string} FROM #{user_string}" self.class.mysql_caller(query, 'system') end query = "REVOKE #{priv_string} ON #{table_string} FROM #{user_string}" self.class.mysql_caller(query, 'system') end def destroy # if the user was dropped, it'll have been removed from the user hash # as the grants are already removed by the DROP statement if self.class.users.include? @property_hash[:user] if @property_hash[:privileges].include?('PROXY') revoke(@property_hash[:user], @property_hash[:table], @property_hash[:privileges]) else revoke(@property_hash[:user], @property_hash[:table]) end end @property_hash.clear exists? ? (return false) : (return true) end def exists? @property_hash[:ensure] == :present || false end def flush @property_hash.clear self.class.mysql_caller('FLUSH PRIVILEGES', 'regular') end mk_resource_methods def diff_privileges(privileges_old, privileges_new) diff = { revoke: [], grant: [] } if privileges_old.include? 'ALL' diff[:revoke] = privileges_old diff[:grant] = privileges_new elsif privileges_new.include? 'ALL' diff[:grant] = privileges_new else diff[:revoke] = privileges_old - privileges_new diff[:grant] = privileges_new - privileges_old end diff end def privileges=(privileges) diff = diff_privileges(@property_hash[:privileges], privileges) unless diff[:revoke].empty? revoke(@property_hash[:user], @property_hash[:table], diff[:revoke]) end unless diff[:grant].empty? grant(@property_hash[:user], @property_hash[:table], diff[:grant], @property_hash[:options]) end @property_hash[:privileges] = privileges self.privileges end def options=(options) revoke(@property_hash[:user], @property_hash[:table]) grant(@property_hash[:user], @property_hash[:table], @property_hash[:privileges], options) @property_hash[:options] = options self.options end end diff --git a/lib/puppet/provider/mysql_login_path/inifile.rb b/lib/puppet/provider/mysql_login_path/inifile.rb index d15632d..dde4237 100644 --- a/lib/puppet/provider/mysql_login_path/inifile.rb +++ b/lib/puppet/provider/mysql_login_path/inifile.rb @@ -1,632 +1,643 @@ # encoding: UTF-8 +# frozen_string_literal: true -# See: https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/inifile.rb +# See: https://github.com/puppetlabs/puppet/blob/main/lib/puppet/util/inifile.rb # This class represents the INI file and can be used to parse, modify, # and write INI files. class Puppet::Provider::MysqlLoginPath::IniFile < Puppet::Provider include Enumerable class Error < StandardError; end # VERSION = '3.0.0' # Public: Open an INI file and load the contents. # # filename - The name of the file as a String # opts - The Hash of options (default: {}) # :comment - String containing the comment character(s) # :parameter - String used to separate parameter and value # :encoding - Encoding String for reading / writing # :default - The String name of the default global section # # Examples # # IniFile.load('file.ini') # #=> IniFile instance # # IniFile.load('does/not/exist.ini') # #=> nil # # Returns an IniFile instance or nil if the file could not be opened. def self.load(filename, opts = {}) return unless File.file? filename new(opts.merge(filename: filename)) end # Get and set the filename attr_accessor :filename # Get and set the encoding attr_accessor :encoding # Public: Create a new INI file from the given set of options. If :content # is provided then it will be used to populate the INI file. If a :filename # is provided then the contents of the file will be parsed and stored in the # INI file. If neither the :content or :filename is provided then an empty # INI file is created. # # opts - The Hash of options (default: {}) # :content - The String/Hash containing the INI contents # :comment - String containing the comment character(s) # :parameter - String used to separate parameter and value # :encoding - Encoding String for reading / writing # :default - The String name of the default global section # :filename - The filename as a String # # Examples # # IniFile.new # #=> an empty IniFile instance # # IniFile.new( :content => "[global]\nfoo=bar" ) # #=> an IniFile instance # # IniFile.new( :filename => 'file.ini', :encoding => 'UTF-8' ) # #=> an IniFile instance # # IniFile.new( :content => "[global]\nfoo=bar", :comment => '#' ) # #=> an IniFile instance # def initialize(opts = {}) + super + @comment = opts.fetch(:comment, ';#') @param = opts.fetch(:parameter, '=') @encoding = opts.fetch(:encoding, nil) @default = opts.fetch(:default, 'global') @filename = opts.fetch(:filename, nil) content = opts.fetch(:content, nil) @ini = Hash.new { |h, k| h[k] = {} } if content.is_a?(Hash) then merge!(content) elsif content then parse(content) elsif @filename then read end end # Public: Write the contents of this IniFile to the file system. If left # unspecified, the currently configured filename and encoding will be used. # Otherwise the filename and encoding can be specified in the options hash. # # opts - The default options Hash # :filename - The filename as a String # :encoding - The encoding as a String # # Returns this IniFile instance. def write(opts = {}) filename = opts.fetch(:filename, @filename) encoding = opts.fetch(:encoding, @encoding) mode = encoding ? "w:#{encoding}" : 'w' File.open(filename, mode) do |f| @ini.each do |section, hash| f.puts "[#{section}]" hash.each { |param, val| f.puts "#{param} #{@param} #{escape_value val}" } f.puts end end self end alias save write # Public: Read the contents of the INI file from the file system and replace # and set the state of this IniFile instance. If left unspecified the # currently configured filename and encoding will be used when reading from # the file system. Otherwise the filename and encoding can be specified in # the options hash. # # opts - The default options Hash # :filename - The filename as a String # :encoding - The encoding as a String # # Returns this IniFile instance if the read was successful; nil is returned # if the file could not be read. def read(opts = {}) filename = opts.fetch(:filename, @filename) encoding = opts.fetch(:encoding, @encoding) return unless File.file? filename mode = encoding ? "r:#{encoding}" : 'r' File.open(filename, mode) { |fd| parse fd } self end alias restore read # Returns this IniFile converted to a String. def to_s s = [] @ini.each do |section, hash| s << "[#{section}]" hash.each { |param, val| s << "#{param} #{@param} #{escape_value val}" } s << '' end s.join("\n") end # Returns this IniFile converted to a Hash. def to_h @ini.dup end # Public: Creates a copy of this inifile with the entries from the # other_inifile merged into the copy. # # other - The other IniFile. # # Returns a new IniFile. def merge(other) dup.merge!(other) end # Public: Merges other_inifile into this inifile, overwriting existing # entries. Useful for having a system inifile with user overridable settings # elsewhere. # # other - The other IniFile. # # Returns this IniFile. def merge!(other) return self if other.nil? my_keys = @ini.keys other_keys = case other when IniFile other.instance_variable_get(:@ini).keys when Hash other.keys else raise Error, "cannot merge contents from '#{other.class.name}'" end (my_keys & other_keys).each do |key| case other[key] when Hash @ini[key].merge!(other[key]) when nil nil else raise Error, "cannot merge section #{key.inspect} - unsupported type: #{other[key].class.name}" end end (other_keys - my_keys).each do |key| @ini[key] = case other[key] when Hash other[key].dup when nil {} else raise Error, "cannot merge section #{key.inspect} - unsupported type: #{other[key].class.name}" end end self end # Public: Yield each INI file section, parameter, and value in turn to the # given block. # # block - The block that will be iterated by the each method. The block will # be passed the current section and the parameter/value pair. # # Examples # # inifile.each do |section, parameter, value| # puts "#{parameter} = #{value} [in section - #{section}]" # end # # Returns this IniFile. def each return unless block_given? @ini.each do |section, hash| hash.each do |param, val| yield section, param, val end end self end # Public: Yield each section in turn to the given block. # # block - The block that will be iterated by the each method. The block will # be passed the current section as a Hash. # # Examples # # inifile.each_section do |section| # puts section.inspect # end # # Returns this IniFile. def each_section return unless block_given? @ini.each_key { |section| yield section } self end # Public: Remove a section identified by name from the IniFile. # # section - The section name as a String. # # Returns the deleted section Hash. def delete_section(section) @ini.delete section.to_s end # Public: Get the section Hash by name. If the section does not exist, then # it will be created. # # section - The section name as a String. # # Examples # # inifile['global'] # #=> global section Hash # # Returns the Hash of parameter/value pairs for this section. def [](section) return nil if section.nil? @ini[section.to_s] end # Public: Set the section to a hash of parameter/value pairs. # # section - The section name as a String. # value - The Hash of parameter/value pairs. # # Examples # # inifile['tenderloin'] = { 'gritty' => 'yes' } # #=> { 'gritty' => 'yes' } # # Returns the value Hash. def []=(section, value) @ini[section.to_s] = value end # Public: Create a Hash containing only those INI file sections whose names # match the given regular expression. # # regex - The Regexp used to match section names. # # Examples # # inifile.match(/^tree_/) # #=> Hash of matching sections # # Return a Hash containing only those sections that match the given regular # expression. def match(regex) @ini.dup.delete_if { |section, _| section !~ regex } end # Public: Check to see if the IniFile contains the section. # # section - The section name as a String. # # Returns true if the section exists in the IniFile. def section?(section) @ini.key? section.to_s end # Returns an Array of section names contained in this IniFile. def sections @ini.keys end # Public: Freeze the state of this IniFile object. Any attempts to change # the object will raise an error. # # Returns this IniFile. def freeze super @ini.each_value { |h| h.freeze } @ini.freeze self end # Public: Mark this IniFile as tainted -- this will traverse each section # marking each as tainted. # # Returns this IniFile. def taint super @ini.each_value { |h| h.taint } @ini.taint self end # Public: Produces a duplicate of this IniFile. The duplicate is independent # of the original -- i.e. the duplicate can be modified without changing the # original. The tainted state of the original is copied to the duplicate. # # Returns a new IniFile. def dup other = super other.instance_variable_set(:@ini, Hash.new { |h, k| h[k] = {} }) @ini.each_pair { |s, h| other[s].merge! h } other.taint if tainted? other end # Public: Produces a duplicate of this IniFile. The duplicate is independent # of the original -- i.e. the duplicate can be modified without changing the # original. The tainted state and the frozen state of the original is copied # to the duplicate. # # Returns a new IniFile. def clone other = dup other.freeze if frozen? other end # Public: Compare this IniFile to some other IniFile. For two INI files to # be equivalent, they must have the same sections with the same parameter / # value pairs in each section. # # other - The other IniFile. # # Returns true if the INI files are equivalent and false if they differ. def eql?(other) return true if equal? other return false unless other.instance_of? self.class @ini == other.instance_variable_get(:@ini) end alias == eql? # Escape special characters. # # value - The String value to escape. # # Returns the escaped value. def escape_value(value) value = value.to_s.dup value.gsub!(%r{\\([0nrt])}, '\\\\\1') value.gsub!(%r{\n}, '\n') value.gsub!(%r{\r}, '\r') value.gsub!(%r{\t}, '\t') value.gsub!(%r{\0}, '\0') value end # Parse the given content and store the information in this IniFile # instance. All data will be cleared out and replaced with the information # read from the content. # # content - A String or a file descriptor (must respond to `each_line`) # # Returns this IniFile. def parse(content) parser = Parser.new(@ini, @param, @comment, @default) parser.parse(content) self end # The IniFile::Parser has the responsibility of reading the contents of an # .ini file and storing that information into a ruby Hash. The object being # parsed must respond to `each_line` - this includes Strings and any IO # object. class Parser attr_writer :section attr_accessor :property attr_accessor :value # Create a new IniFile::Parser that can be used to parse the contents of # an .ini file. # # hash - The Hash where parsed information will be stored # param - String used to separate parameter and value # comment - String containing the comment character(s) # default - The String name of the default global section # def initialize(hash, param, comment, default) @hash = hash @default = default comment = comment.to_s.empty? ? '\\z' : "\\s*(?:[#{comment}].*)?\\z" @section_regexp = %r{\A\s*\[([^\]]+)\]#{comment}} @ignore_regexp = %r{\A#{comment}} @property_regexp = %r{\A(.*?)(? true # "false" --> false # "" --> nil # "42" --> 42 # "3.14" --> 3.14 # "foo" --> "foo" # # Returns the typecast value. def typecast(value) case value when %r{\Atrue\z}i then true when %r{\Afalse\z}i then false when %r{\A\s*\z}i then nil else begin begin Integer(value) - rescue - Float(value) + rescue + Float(value) end rescue unescape_value(value) end end end # Unescape special characters found in the value string. This will convert # escaped null, tab, carriage return, newline, and backslash into their # literal equivalents. # # value - The String value to unescape. # # Returns the unescaped value. def unescape_value(value) value = value.to_s value.gsub!(%r{\\[0nrt\\]}) do |char| case char when '\0' then "\0" when '\n' then "\n" when '\r' then "\r" when '\t' then "\t" when '\\\\' then '\\' end end value end end end # IniFile diff --git a/lib/puppet/provider/mysql_login_path/mysql_login_path.rb b/lib/puppet/provider/mysql_login_path/mysql_login_path.rb index 56e4524..a068fa4 100644 --- a/lib/puppet/provider/mysql_login_path/mysql_login_path.rb +++ b/lib/puppet/provider/mysql_login_path/mysql_login_path.rb @@ -1,165 +1,166 @@ # frozen_string_literal: true require File.expand_path(File.join(File.dirname(__FILE__), 'inifile')) require File.expand_path(File.join(File.dirname(__FILE__), 'sensitive')) require 'puppet/resource_api/simple_provider' require 'puppet/util/execution' require 'puppet/util/suidmanager' require 'open3' require 'pty' require 'expect' require 'fileutils' +require 'English' # Implementation for the mysql_login_path type using the Resource API. class Puppet::Provider::MysqlLoginPath::MysqlLoginPath < Puppet::ResourceApi::SimpleProvider def get_homedir(_context, uid) result = Puppet::Util::Execution.execute(['/usr/bin/getent', 'passwd', uid], failonfail: true) result.split(':')[5] end def mysql_config_editor_set_cmd(context, uid, password = nil, *args) args.unshift('/usr/bin/mysql_config_editor') homedir = get_homedir(context, uid) login_file_path = "#{homedir}/.mylogin.cnf" if args.is_a?(Array) command = args.flatten.map(&:to_s) command_str = command.join(' ') elsif args.is_a?(String) command_str = command end begin Puppet::Util::SUIDManager.asuser(uid) do FileUtils.touch login_file_path FileUtils.chmod 0o600, login_file_path end PTY.spawn({ 'HOME' => homedir }, command_str) do |input, output, _pid| if password input.expect(%r{Enter password:}) output.puts password end end rescue => e raise Puppet::ExecutionFailure, _( "Execution of '%{str}' returned %{exit_status}: %{output}", ) % { str: command_str, - exit_status: $?.exitstatus, + exit_status: $CHILD_STATUS.exitstatus, output: e.message, } end end def mysql_config_editor_cmd(context, uid, *args) args.unshift('/usr/bin/mysql_config_editor') homedir = get_homedir(context, uid) Puppet::Util::Execution.execute( args, failonfail: true, uid: uid, custom_environment: { 'HOME' => homedir }, ) end def my_print_defaults_cmd(context, uid, *args) args.unshift('/usr/bin/my_print_defaults') homedir = get_homedir(context, uid) Puppet::Util::Execution.execute( args, failonfail: true, uid: uid, custom_environment: { 'HOME' => homedir }, ) end def get_password(context, uid, name) result = '' output = my_print_defaults_cmd(context, uid, '-s', name) output.split("\n").each do |line| - if line =~ %r{\-\-password} + if %r{\-\-password}.match?(line) result = line.sub(%r{\-\-password=}, '') end end result end def save_login_path(context, name, should) uid = name.fetch(:owner) args = ['set', '--skip-warn'] args.push('-G', should[:name].to_s) if should[:name] args.push('-h', should[:host].to_s) if should[:host] args.push('-u', should[:user].to_s) if should[:user] args.push('-S', should[:socket].to_s) if should[:socket] args.push('-P', should[:port].to_s) if should[:port] args.push('-p') if should[:password] && extract_pw(should[:password]) password = (should[:password] && extract_pw(should[:password])) ? extract_pw(should[:password]) : nil mysql_config_editor_set_cmd(context, uid, password, args) end def delete_login_path(context, name) login_path = name.fetch(:name) uid = name.fetch(:owner) mysql_config_editor_cmd(context, uid, 'remove', '-G', login_path) end def gen_pw(pw) Puppet::Provider::MysqlLoginPath::Sensitive.new(pw) end def extract_pw(sensitive) sensitive.unwrap end def list_login_paths(context, uid) result = [] output = mysql_config_editor_cmd(context, uid, 'print', '--all') ini = Puppet::Provider::MysqlLoginPath::IniFile.new(content: output) ini.each_section do |section| result.push(ensure: 'present', name: section, owner: uid.to_s, title: section + '-' + uid.to_s, host: ini[section]['host'].nil? ? nil : ini[section]['host'], user: ini[section]['user'].nil? ? nil : ini[section]['user'], password: ini[section]['password'].nil? ? nil : gen_pw(get_password(context, uid, section)), socket: ini[section]['socket'].nil? ? nil : ini[section]['socket'], port: ini[section]['port'].nil? ? nil : ini[section]['port']) end result end def get(context, name) result = [] owner = name.empty? ? ['root'] : name.map { |item| item[:owner] }.compact.uniq owner.each do |uid| login_paths = list_login_paths(context, uid) result += login_paths end result end def create(context, name, should) save_login_path(context, name, should) end def update(context, name, should) delete_login_path(context, name) save_login_path(context, name, should) end def delete(context, name) delete_login_path(context, name) end def canonicalize(_context, resources) resources.each do |r| if r.key?(:password) && r[:password].is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) r[:password] = gen_pw(extract_pw(r[:password])) end end end end diff --git a/lib/puppet/provider/mysql_login_path/sensitive.rb b/lib/puppet/provider/mysql_login_path/sensitive.rb index 4876504..1c026ac 100644 --- a/lib/puppet/provider/mysql_login_path/sensitive.rb +++ b/lib/puppet/provider/mysql_login_path/sensitive.rb @@ -1,7 +1,9 @@ +# frozen_string_literal: true + # A Puppet Language type that makes the Sensitive Type comparable # class Puppet::Provider::MysqlLoginPath::Sensitive < Puppet::Pops::Types::PSensitiveType::Sensitive def ==(other) return true if other.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) && unwrap == other.unwrap end end diff --git a/lib/puppet/provider/mysql_plugin/mysql.rb b/lib/puppet/provider/mysql_plugin/mysql.rb index 7a7ed9f..0a331f4 100644 --- a/lib/puppet/provider/mysql_plugin/mysql.rb +++ b/lib/puppet/provider/mysql_plugin/mysql.rb @@ -1,51 +1,53 @@ +# frozen_string_literal: true + require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql')) Puppet::Type.type(:mysql_plugin).provide(:mysql, parent: Puppet::Provider::Mysql) do desc 'Manages MySQL plugins.' commands mysql_raw: 'mysql' def self.instances mysql_caller('show plugins', 'regular').split("\n").map do |line| name, _status, _type, library, _license = line.split(%r{\t}) new(name: name, ensure: :present, soname: library) end end # We iterate over each mysql_plugin entry in the catalog and compare it against # the contents of the property_hash generated by self.instances def self.prefetch(resources) plugins = instances - resources.keys.each do |plugin| + resources.each_key do |plugin| if provider = plugins.find { |pl| pl.name == plugin } # rubocop:disable Lint/AssignmentInCondition resources[plugin].provider = provider end end end def create # Use plugin_name.so as soname if it's not specified. This won't work on windows as # there it should be plugin_name.dll @resource[:soname].nil? ? (soname = @resource[:name] + '.so') : (soname = @resource[:soname]) self.class.mysql_caller("install plugin #{@resource[:name]} soname '#{soname}'", 'regular') @property_hash[:ensure] = :present @property_hash[:soname] = @resource[:soname] exists? ? (return true) : (return false) end def destroy self.class.mysql_caller("uninstall plugin #{@resource[:name]}", 'regular') @property_hash.clear exists? ? (return false) : (return true) end def exists? @property_hash[:ensure] == :present || false end mk_resource_methods end diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb index 2699495..e655789 100644 --- a/lib/puppet/provider/mysql_user/mysql.rb +++ b/lib/puppet/provider/mysql_user/mysql.rb @@ -1,255 +1,271 @@ +# frozen_string_literal: true + require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql')) Puppet::Type.type(:mysql_user).provide(:mysql, parent: Puppet::Provider::Mysql) do desc 'manage users for a mysql database.' commands mysql_raw: 'mysql' # Build a property_hash containing all the discovered information about MySQL # users. def self.instances users = mysql_caller("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').split("\n") # To reduce the number of calls to MySQL we collect all the properties in # one big swoop. users.map do |name| if mysqld_version.nil? ## Default ... - # rubocop:disable Metrics/LineLength + # rubocop:disable Layout/LineLength query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6') query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" elsif newer_than('mariadb' => '10.1.21') query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD, PLUGIN, AUTHENTICATION_STRING FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" else query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" end @max_user_connections, @max_connections_per_hour, @max_queries_per_hour, @max_updates_per_hour, ssl_type, ssl_cipher, x509_issuer, x509_subject, @password, @plugin, @authentication_string = mysql_caller(query, 'regular').chomp.split(%r{\t}) @tls_options = parse_tls_options(ssl_type, ssl_cipher, x509_issuer, x509_subject) if newer_than('mariadb' => '10.1.21') && @plugin == 'ed25519' # Some auth plugins (e.g. ed25519) use authentication_string # to store password hash or auth information @password = @authentication_string elsif (newer_than('mariadb' => '10.2.16') && older_than('mariadb' => '10.2.19')) || (newer_than('mariadb' => '10.3.8') && older_than('mariadb' => '10.3.11')) # Old mariadb 10.2 or 10.3 store password hash in authentication_string # https://jira.mariadb.org/browse/MDEV-16238 https://jira.mariadb.org/browse/MDEV-16774 @password = @authentication_string end - # rubocop:enable Metrics/LineLength + # rubocop:enable Layout/LineLength new(name: name, ensure: :present, password_hash: @password, plugin: @plugin, max_user_connections: @max_user_connections, max_connections_per_hour: @max_connections_per_hour, max_queries_per_hour: @max_queries_per_hour, max_updates_per_hour: @max_updates_per_hour, tls_options: @tls_options) end end # We iterate over each mysql_user entry in the catalog and compare it against # the contents of the property_hash generated by self.instances def self.prefetch(resources) users = instances # rubocop:disable Lint/AssignmentInCondition - resources.keys.each do |name| + resources.each_key do |name| if provider = users.find { |user| user.name == name } resources[name].provider = provider end end # rubocop:enable Lint/AssignmentInCondition end def create # (MODULES-3539) Allow @ in username merged_name = @resource[:name].reverse.sub('@', "'@'").reverse password_hash = @resource.value(:password_hash) plugin = @resource.value(:plugin) max_user_connections = @resource.value(:max_user_connections) || 0 max_connections_per_hour = @resource.value(:max_connections_per_hour) || 0 max_queries_per_hour = @resource.value(:max_queries_per_hour) || 0 max_updates_per_hour = @resource.value(:max_updates_per_hour) || 0 tls_options = @resource.value(:tls_options) || ['NONE'] + password_hash = password_hash.unwrap if password_hash.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) + # Use CREATE USER to be compatible with NO_AUTO_CREATE_USER sql_mode # This is also required if you want to specify a authentication plugin if !plugin.nil? if !password_hash.nil? self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED WITH '#{plugin}' AS '#{password_hash}'", 'system') else self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED WITH '#{plugin}'", 'system') end @property_hash[:ensure] = :present @property_hash[:plugin] = plugin elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.1.3') self.class.mysql_caller("CREATE USER IF NOT EXISTS '#{merged_name}' IDENTIFIED WITH 'mysql_native_password' AS '#{password_hash}'", 'system') @property_hash[:ensure] = :present @property_hash[:password_hash] = password_hash else self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED BY PASSWORD '#{password_hash}'", 'system') @property_hash[:ensure] = :present @property_hash[:password_hash] = password_hash end - # rubocop:disable Metrics/LineLength + # rubocop:disable Layout/LineLength if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6') self.class.mysql_caller("ALTER USER IF EXISTS '#{merged_name}' WITH MAX_USER_CONNECTIONS #{max_user_connections} MAX_CONNECTIONS_PER_HOUR #{max_connections_per_hour} MAX_QUERIES_PER_HOUR #{max_queries_per_hour} MAX_UPDATES_PER_HOUR #{max_updates_per_hour}", 'system') else self.class.mysql_caller("GRANT USAGE ON *.* TO '#{merged_name}' WITH MAX_USER_CONNECTIONS #{max_user_connections} MAX_CONNECTIONS_PER_HOUR #{max_connections_per_hour} MAX_QUERIES_PER_HOUR #{max_queries_per_hour} MAX_UPDATES_PER_HOUR #{max_updates_per_hour}", 'system') end - # rubocop:enable Metrics/LineLength + # rubocop:enable Layout/LineLength @property_hash[:max_user_connections] = max_user_connections @property_hash[:max_connections_per_hour] = max_connections_per_hour @property_hash[:max_queries_per_hour] = max_queries_per_hour @property_hash[:max_updates_per_hour] = max_updates_per_hour merged_tls_options = tls_options.join(' AND ') if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') self.class.mysql_caller("ALTER USER '#{merged_name}' REQUIRE #{merged_tls_options}", 'system') else self.class.mysql_caller("GRANT USAGE ON *.* TO '#{merged_name}' REQUIRE #{merged_tls_options}", 'system') end @property_hash[:tls_options] = tls_options exists? ? (return true) : (return false) end def destroy # (MODULES-3539) Allow @ in username merged_name = @resource[:name].reverse.sub('@', "'@'").reverse if_exists = if newer_than('mysql' => '5.7', 'percona' => '5.7', 'mariadb' => '10.1.3') 'IF EXISTS ' else '' end self.class.mysql_caller("DROP USER #{if_exists}'#{merged_name}'", 'system') @property_hash.clear exists? ? (return false) : (return true) end def exists? @property_hash[:ensure] == :present || false end ## ## MySQL user properties ## # Generates method for all properties of the property_hash mk_resource_methods def password_hash=(string) merged_name = self.class.cmd_user(@resource[:name]) plugin = @resource.value(:plugin) # We have a fact for the mysql version ... if mysqld_version.nil? # default ... if mysqld_version does not work self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system') elsif newer_than('mariadb' => '10.1.21') && plugin == 'ed25519' raise ArgumentError, _('ed25519 hash should be 43 bytes long.') unless string.length == 43 # ALTER USER statement is only available upstream starting 10.2 # https://mariadb.com/kb/en/mariadb-1020-release-notes/ if newer_than('mariadb' => '10.2.0') sql = "ALTER USER #{merged_name} IDENTIFIED WITH ed25519 AS '#{string}'" else concat_name = @resource[:name] sql = "UPDATE mysql.user SET password = '', plugin = 'ed25519'" - sql << ", authentication_string = '#{string}'" - sql << " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES" + sql += ", authentication_string = '#{string}'" + sql += " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES" end self.class.mysql_caller(sql, 'system') elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') - raise ArgumentError, _('Only mysql_native_password (*ABCD...XXX) hashes are supported.') unless string =~ %r{^\*|^$} + raise ArgumentError, _('Only mysql_native_password (*ABCD...XXX) hashes are supported.') unless %r{^\*|^$}.match?(string) self.class.mysql_caller("ALTER USER #{merged_name} IDENTIFIED WITH mysql_native_password AS '#{string}'", 'system') else self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system') end (password_hash == string) ? (return true) : (return false) end def max_user_connections=(int) merged_name = self.class.cmd_user(@resource[:name]) - self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_USER_CONNECTIONS #{int}", 'system').chomp - + if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') + self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_USER_CONNECTIONS #{int}", 'system').chomp + else + self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_USER_CONNECTIONS #{int}", 'system').chomp + end (max_user_connections == int) ? (return true) : (return false) end def max_connections_per_hour=(int) merged_name = self.class.cmd_user(@resource[:name]) - self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_CONNECTIONS_PER_HOUR #{int}", 'system').chomp - + if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') + self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_CONNECTIONS_PER_HOUR #{int}", 'system').chomp + else + self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_CONNECTIONS_PER_HOUR #{int}", 'system').chomp + end (max_connections_per_hour == int) ? (return true) : (return false) end def max_queries_per_hour=(int) merged_name = self.class.cmd_user(@resource[:name]) - self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_QUERIES_PER_HOUR #{int}", 'system').chomp - + if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') + self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_QUERIES_PER_HOUR #{int}", 'system').chomp + else + self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_QUERIES_PER_HOUR #{int}", 'system').chomp + end (max_queries_per_hour == int) ? (return true) : (return false) end def max_updates_per_hour=(int) merged_name = self.class.cmd_user(@resource[:name]) - self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_UPDATES_PER_HOUR #{int}", 'system').chomp - + if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') + self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_UPDATES_PER_HOUR #{int}", 'system').chomp + else + self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_UPDATES_PER_HOUR #{int}", 'system').chomp + end (max_updates_per_hour == int) ? (return true) : (return false) end def plugin=(string) merged_name = self.class.cmd_user(@resource[:name]) if newer_than('mariadb' => '10.1.21') && string == 'ed25519' if newer_than('mariadb' => '10.2.0') sql = "ALTER USER #{merged_name} IDENTIFIED WITH '#{string}' AS '#{@resource[:password_hash]}'" else concat_name = @resource[:name] sql = "UPDATE mysql.user SET password = '', plugin = '#{string}'" - sql << ", authentication_string = '#{@resource[:password_hash]}'" - sql << " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES" + sql += ", authentication_string = '#{@resource[:password_hash]}'" + sql += " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES" end elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') sql = "ALTER USER #{merged_name} IDENTIFIED WITH '#{string}'" - sql << " AS '#{@resource[:password_hash]}'" if string == 'mysql_native_password' + sql += " AS '#{@resource[:password_hash]}'" if string == 'mysql_native_password' else # See https://bugs.mysql.com/bug.php?id=67449 sql = "UPDATE mysql.user SET plugin = '#{string}'" - sql << ((string == 'mysql_native_password') ? ", password = '#{@resource[:password_hash]}'" : ", password = ''") - sql << " WHERE CONCAT(user, '@', host) = '#{@resource[:name]}'" + sql += ((string == 'mysql_native_password') ? ", password = '#{@resource[:password_hash]}'" : ", password = ''") + sql += " WHERE CONCAT(user, '@', host) = '#{@resource[:name]}'" end self.class.mysql_caller(sql, 'system') (plugin == string) ? (return true) : (return false) end def tls_options=(array) merged_name = self.class.cmd_user(@resource[:name]) merged_tls_options = array.join(' AND ') if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') self.class.mysql_caller("ALTER USER #{merged_name} REQUIRE #{merged_tls_options}", 'system') else self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} REQUIRE #{merged_tls_options}", 'system') end (tls_options == array) ? (return true) : (return false) end def self.parse_tls_options(ssl_type, ssl_cipher, x509_issuer, x509_subject) if ssl_type == 'ANY' ['SSL'] elsif ssl_type == 'X509' ['X509'] elsif ssl_type == 'SPECIFIED' options = [] options << "CIPHER '#{ssl_cipher}'" if !ssl_cipher.nil? && !ssl_cipher.empty? options << "ISSUER '#{x509_issuer}'" if !x509_issuer.nil? && !x509_issuer.empty? options << "SUBJECT '#{x509_subject}'" if !x509_subject.nil? && !x509_subject.empty? options else ['NONE'] end end end diff --git a/lib/puppet/type/mysql_database.rb b/lib/puppet/type/mysql_database.rb index 817f042..916caf6 100644 --- a/lib/puppet/type/mysql_database.rb +++ b/lib/puppet/type/mysql_database.rb @@ -1,29 +1,31 @@ +# frozen_string_literal: true + Puppet::Type.newtype(:mysql_database) do @doc = <<-PUPPET @summary Manage a MySQL database. @api private PUPPET ensurable autorequire(:file) { '/root/.my.cnf' } autorequire(:class) { 'mysql::server' } newparam(:name, namevar: true) do desc 'The name of the MySQL database to manage.' end newproperty(:charset) do desc 'The CHARACTER SET setting for the database' defaultto :utf8 newvalue(%r{^\S+$}) end newproperty(:collate) do desc 'The COLLATE setting for the database' defaultto :utf8_general_ci newvalue(%r{^\S+$}) end end diff --git a/lib/puppet/type/mysql_datadir.rb b/lib/puppet/type/mysql_datadir.rb index 7945f4e..5f8e009 100644 --- a/lib/puppet/type/mysql_datadir.rb +++ b/lib/puppet/type/mysql_datadir.rb @@ -1,39 +1,41 @@ +# frozen_string_literal: true + Puppet::Type.newtype(:mysql_datadir) do @doc = <<-PUPPET @summary Manage MySQL datadirs with mysql_install_db OR mysqld (5.7.6 and above). @api private PUPPET ensurable autorequire(:package) { 'mysql-server' } newparam(:datadir, namevar: true) do desc 'The datadir name' end newparam(:basedir) do desc 'The basedir name, default /usr.' newvalues(%r{^/}) end newparam(:user) do desc 'The user for the directory default mysql (name, not uid).' end newparam(:defaults_extra_file) do desc 'MySQL defaults-extra-file with absolute path (*.cnf).' newvalues(%r{^/.*\.cnf$}) end newparam(:insecure, boolean: true) do desc 'Insecure initialization (needed for 5.7.6++).' end newparam(:log_error) do desc 'The path to the mysqld error log file (used with the --log-error option)' newvalues(%r{^/}) end end diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index bcc8441..abaa332 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -1,119 +1,121 @@ +# frozen_string_literal: true + Puppet::Type.newtype(:mysql_grant) do @doc = <<-PUPPET @summary Manage a MySQL user's rights. PUPPET ensurable autorequire(:file) { '/root/.my.cnf' } autorequire(:mysql_user) { self[:user] } def initialize(*args) super # Forcibly munge any privilege with 'ALL' in the array to exist of just # 'ALL'. This can't be done in the munge in the property as that iterates # over the array and there's no way to replace the entire array before it's # returned to the provider. - if self[:ensure] == :present && Array(self[:privileges]).count > 1 && self[:privileges].to_s.include?('ALL') + if self[:ensure] == :present && Array(self[:privileges]).size > 1 && self[:privileges].to_s.include?('ALL') self[:privileges] = 'ALL' end # Sort the privileges array in order to ensure the comparision in the provider # self.instances method match. Otherwise this causes it to keep resetting the # privileges. # rubocop:disable Style/MultilineBlockChain self[:privileges] = Array(self[:privileges]).map { |priv| # split and sort the column_privileges in the parentheses and rejoin if priv.include?('(') type, col = priv.strip.split(%r{\s+|\b}, 2) type.upcase + ' (' + col.slice(1...-1).strip.split(%r{\s*,\s*}).sort.join(', ') + ')' else priv.strip.upcase end - }.uniq.reject { |k| k == 'GRANT' || k == 'GRANT OPTION' }.sort! + }.uniq.reject { |k| ['GRANT', 'GRANT OPTION'].include?(k) }.sort! end # rubocop:enable Style/MultilineBlockChain validate do raise(_('mysql_grant: `privileges` `parameter` is required.')) if self[:ensure] == :present && self[:privileges].nil? - raise(_('mysql_grant: `privileges` `parameter`: PROXY can only be specified by itself.')) if Array(self[:privileges]).count > 1 && Array(self[:privileges]).include?('PROXY') + raise(_('mysql_grant: `privileges` `parameter`: PROXY can only be specified by itself.')) if Array(self[:privileges]).size > 1 && Array(self[:privileges]).include?('PROXY') raise(_('mysql_grant: `table` `parameter` is required.')) if self[:ensure] == :present && self[:table].nil? raise(_('mysql_grant: `user` `parameter` is required.')) if self[:ensure] == :present && self[:user].nil? if self[:user] && self[:table] raise(_('mysql_grant: `name` `parameter` must match user@host/table format.')) if self[:name] != "#{self[:user]}/#{self[:table]}" end end newparam(:name, namevar: true) do desc 'Name to describe the grant.' munge do |value| value.delete("'") end end newproperty(:privileges, array_matching: :all) do desc 'Privileges for user' validate do |value| mysql_version = Facter.value(:mysql_version) if value =~ %r{proxy}i && Puppet::Util::Package.versioncmp(mysql_version, '5.5.0') < 0 raise(ArgumentError, _('mysql_grant: PROXY user not supported on mysql versions < 5.5.0. Current version %{version}.') % { version: mysql_version }) end end end newproperty(:table) do desc 'Table to apply privileges to.' validate do |value| if Array(@resource[:privileges]).include?('PROXY') && !%r{^[0-9a-zA-Z$_]*@[\w%\.:\-\/]*$}.match(value) raise(ArgumentError, _('mysql_grant: `table` `property` for PROXY should be specified as proxy_user@proxy_host.')) end end munge do |value| value.delete('`') end newvalues(%r{.*\..*}, %r{^[0-9a-zA-Z$_]*@[\w%\.:\-/]*$}) end newproperty(:user) do desc 'User to operate on.' validate do |value| # http://dev.mysql.com/doc/refman/5.5/en/identifiers.html # If at least one special char is used, string must be quoted # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827 # rubocop:disable Lint/AssignmentInCondition # rubocop:disable Lint/UselessAssignment if matches = %r{^(['`"])((?!\1).)*\1@([\w%\.:\-/]+)$}.match(value) user_part = matches[2] host_part = matches[3] elsif matches = %r{^([0-9a-zA-Z$_]*)@([\w%\.:\-/]+)$}.match(value) user_part = matches[1] host_part = matches[2] elsif matches = %r{^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$}.match(value) user_part = matches[1] host_part = matches[2] else raise(ArgumentError, _('mysql_grant: Invalid database user %{user}.') % { user: value }) end # rubocop:enable Lint/AssignmentInCondition # rubocop:enable Lint/UselessAssignment mysql_version = Facter.value(:mysql_version) unless mysql_version.nil? raise(ArgumentError, _('mysql_grant: MySQL usernames are limited to a maximum of 16 characters.')) if Puppet::Util::Package.versioncmp(mysql_version, '5.7.8') < 0 && user_part.size > 16 raise(ArgumentError, _('mysql_grant: MySQL usernames are limited to a maximum of 32 characters.')) if Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') < 0 && user_part.size > 32 raise(ArgumentError, _('mysql_grant: MySQL usernames are limited to a maximum of 80 characters.')) if Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') > 0 && user_part.size > 80 end end munge do |value| matches = %r{^((['`"]?).*\2)@(.+)$}.match(value) "#{matches[1]}@#{matches[3].downcase}" end end newproperty(:options, array_matching: :all) do desc 'Options to grant.' end end diff --git a/lib/puppet/type/mysql_plugin.rb b/lib/puppet/type/mysql_plugin.rb index 433146e..b52539b 100644 --- a/lib/puppet/type/mysql_plugin.rb +++ b/lib/puppet/type/mysql_plugin.rb @@ -1,25 +1,27 @@ +# frozen_string_literal: true + Puppet::Type.newtype(:mysql_plugin) do @doc = <<-PUPPET @summary Manage MySQL plugins. @example mysql_plugin { 'some_plugin': soname => 'some_pluginlib.so', } PUPPET ensurable autorequire(:file) { '/root/.my.cnf' } newparam(:name, namevar: true) do desc 'The name of the MySQL plugin to manage.' end newproperty(:soname) do desc 'The name of the library' newvalue(%r{^\w+\.\w+$}) end end diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb index e008375..dafb9b2 100644 --- a/lib/puppet/type/mysql_user.rb +++ b/lib/puppet/type/mysql_user.rb @@ -1,118 +1,120 @@ +# frozen_string_literal: true + # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_user) do @doc = <<-PUPPET @summary Manage a MySQL user. This includes management of users password as well as privileges. PUPPET ensurable autorequire(:file) { '/root/.my.cnf' } autorequire(:class) { 'mysql::server' } newparam(:name, namevar: true) do desc "The name of the user. This uses the 'username@hostname' or username@hostname." validate do |value| # http://dev.mysql.com/doc/refman/5.5/en/identifiers.html # If at least one special char is used, string must be quoted # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827 mysql_version = Facter.value(:mysql_version) # rubocop:disable Lint/AssignmentInCondition # rubocop:disable Lint/UselessAssignment if matches = %r{^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-/]+)$}.match(value) user_part = matches[2] host_part = matches[3] elsif matches = %r{^([0-9a-zA-Z$_]*)@([\w%\.:\-/]+)$}.match(value) user_part = matches[1] host_part = matches[2] elsif matches = %r{^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$}.match(value) user_part = matches[1] host_part = matches[2] else raise ArgumentError, _('Invalid database user %{user}.') % { user: value } end # rubocop:enable Lint/AssignmentInCondition # rubocop:enable Lint/UselessAssignment unless mysql_version.nil? raise(ArgumentError, _('MySQL usernames are limited to a maximum of 16 characters.')) if Puppet::Util::Package.versioncmp(mysql_version, '5.7.8') < 0 && user_part.size > 16 raise(ArgumentError, _('MySQL usernames are limited to a maximum of 32 characters.')) if Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') < 0 && user_part.size > 32 raise(ArgumentError, _('MySQL usernames are limited to a maximum of 80 characters.')) if Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') > 0 && user_part.size > 80 end end munge do |value| matches = %r{^((['`"]?).*\2)@(.+)$}.match(value) "#{matches[1]}@#{matches[3].downcase}" end end newproperty(:password_hash) do desc 'The password hash of the user. Use mysql::password() for creating such a hash.' newvalue(%r{\w*}) def change_to_s(currentvalue, _newvalue) (currentvalue == :absent) ? 'created password' : 'changed password' end - # rubocop:disable Style/PredicateName + # rubocop:disable Naming/PredicateName def is_to_s(_currentvalue) '[old password hash redacted]' end - # rubocop:enable Style/PredicateName + # rubocop:enable Naming/PredicateName def should_to_s(_newvalue) '[new password hash redacted]' end end newproperty(:plugin) do desc 'The authentication plugin of the user.' newvalue(%r{\w+}) end newproperty(:max_user_connections) do desc 'Max concurrent connections for the user. 0 means no (or global) limit.' newvalue(%r{\d+}) end newproperty(:max_connections_per_hour) do desc 'Max connections per hour for the user. 0 means no (or global) limit.' newvalue(%r{\d+}) end newproperty(:max_queries_per_hour) do desc 'Max queries per hour for the user. 0 means no (or global) limit.' newvalue(%r{\d+}) end newproperty(:max_updates_per_hour) do desc 'Max updates per hour for the user. 0 means no (or global) limit.' newvalue(%r{\d+}) end newproperty(:tls_options, array_matching: :all) do desc 'Options to that set the TLS-related REQUIRE attributes for the user.' validate do |value| value = [value] unless value.is_a?(Array) if value.include?('NONE') || value.include?('SSL') || value.include?('X509') if value.length > 1 raise(ArgumentError, _('`tls_options` `property`: The values NONE, SSL and X509 cannot be used with other options, you may only pick one of them.')) end else value.each do |opt| o = opt.match(%r{^(CIPHER|ISSUER|SUBJECT)}i) raise(ArgumentError, _('Invalid tls option %{option}.') % { option: o }) unless o end end end def insync?(is) # The current value may be nil and we don't # want to call sort on it so make sure we have arrays if is.is_a?(Array) && @should.is_a?(Array) is.sort == @should.sort else is == @should end end end end diff --git a/locales/config.yaml b/locales/config.yaml deleted file mode 100644 index e3f7805..0000000 --- a/locales/config.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# This is the project-specific configuration file for setting up -# fast_gettext for your project. -gettext: - # This is used for the name of the .pot and .po files; they will be - # called .pot? - project_name: puppetlabs-mysql - # This is used in comments in the .pot and .po files to indicate what - # project the files belong to and should bea little more desctiptive than - # - package_name: puppetlabs-mysql - # The locale that the default messages in the .pot file are in - default_locale: en - # The email used for sending bug reports. - bugs_address: docs@puppet.com - # The holder of the copyright. - copyright_holder: Puppet, Inc. - # This determines which comments in code should be eligible for translation. - # Any comments that start with this string will be externalized. (Leave - # empty to include all.) - comments_tag: TRANSLATOR - # Patterns for +Dir.glob+ used to find all files that might contain - # translatable content, relative to the project root directory - source_files: - - './lib/**/*.rb' - diff --git a/locales/ja/puppetlabs-mysql.po b/locales/ja/puppetlabs-mysql.po deleted file mode 100644 index b3ace5f..0000000 --- a/locales/ja/puppetlabs-mysql.po +++ /dev/null @@ -1,190 +0,0 @@ -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2017-09-06T16:20:13+01:00\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: Kojima Ai , 2017\n" -"Language-Team: Japanese (Japan) (https://www.transifex.com/puppet/teams/29089/ja_JP/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ja_JP\n" -"Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Translate Toolkit 2.0.0\n" - -#. ./manifests/bindings/client_dev.pp:12 -msgid "No MySQL client development package configured for %{os}." -msgstr "%{os}向けに設定されたMySQLクライアント開発パッケージはありません。" - -#. ./manifests/bindings/daemon_dev.pp:12 -msgid "No MySQL daemon development package configured for %{os}." -msgstr "%{os}向けに設定されたMySQLデーモン開発パッケージはありません。" - -#. ./manifests/bindings.pp:38 -msgid "" -"::mysql::bindings::java cannot be managed by puppet on %{osfamily} as it is " -"not in official repositories. Please disable java mysql binding." -msgstr "" -"::mysql::bindings::javaは、公式なリポジトリではなく%{osfamily}にあるそのままの状態では、Puppetによる管理はできません。java" -" mysqlバインディングを無効にしてください。" - -#. ./manifests/bindings.pp:40 -msgid "" -"::mysql::bindings::php does not need to be managed by puppet on %{osfamily} " -"as it is included in mysql package by default." -msgstr "" -"::mysql::bindings::phpは、%{osfamily}上にデフォルトでMySQLパッケージに含まれた状態のまま、Puppetで管理する必要はありません。" - -#. ./manifests/bindings.pp:42 -msgid "" -"::mysql::bindings::ruby cannot be managed by puppet on %{osfamily} as it is " -"not in official repositories. Please disable ruby mysql binding." -msgstr "" -"::mysql::bindings::rubyは、公式なリポジトリではなく%{osfamily}にあるそのままの状態では、Puppetによる管理はできません。ruby" -" mysqlバインディングを無効にしてください。" - -#. ./manifests/params.pp:124 -msgid "" -"Unsupported platform: puppetlabs-%{module_name} currently doesn't support " -"%{os}." -msgstr "サポート対象外のプラットフォーム: puppetlabs-%{module_name}は、現在%{os}をサポートしていません" - -#. ./manifests/params.pp:381 -msgid "" -"Unsupported platform: puppetlabs-%{module_name} currently doesn't support " -"%{osfamily} or %{os}." -msgstr "" -"サポート対象外のプラットフォーム: " -"puppetlabs-%{module_name}は、現在%{osfamily}または%{os}をサポートしていません" - -#. ./manifests/params.pp:465 -msgid "" -"Unsupported platform: puppetlabs-%{module_name} only supports RedHat 5.0 and" -" beyond." -msgstr "サポート対象外のプラットフォーム: puppetlabs-%{module_name}は、RedHat 5.0以降のみをサポートしています" - -#. ./manifests/server/backup.pp:28 -msgid "" -"The 'prescript' option is not currently implemented for the %{provider} " -"backup provider." -msgstr "'prescript'オプションは、現在、%{provider}バックアッププロバイダ向けには実装されていません。" - -#. ./manifests/server.pp:48 -msgid "" -"The `old_root_password` attribute is no longer used and will be removed in a" -" future release." -msgstr "`old_root_password`属性は廃止予定であり、今後のリリースで廃止されます。" - -#. metadata.json -#: .summary -msgid "Installs, configures, and manages the MySQL service." -msgstr "MySQLサービスをインストール、設定、管理します。" - -#. metadata.json -#: .description -msgid "MySQL module" -msgstr "MySQLモジュール" - -#: ./lib/puppet/parser/functions/mysql_deepmerge.rb:22 -msgid "" -"mysql_deepmerge(): wrong number of arguments (%{args_length}; must be at " -"least 2)" -msgstr "mysql_deepmerge(): 引数の数が正しくありません(%{args_length}; 2以上にする必要があります)" - -#: ./lib/puppet/parser/functions/mysql_deepmerge.rb:30 -msgid "" -"mysql_deepmerge: unexpected argument type %{arg_class}, only expects hash " -"arguments." -msgstr "mysql_deepmerge: 予期せぬ引数タイプ%{arg_class}です。想定される引数はハッシュ引数のみです。" - -#: ./lib/puppet/parser/functions/mysql_dirname.rb:9 -msgid "" -"mysql_dirname(): Wrong number of arguments given (%{args_length} for 1)" -msgstr "mysql_dirname(): 指定された引数の数が正しくありません(%{args_length}は1)" - -#: ./lib/puppet/parser/functions/mysql_password.rb:11 -msgid "" -"mysql_password(): Wrong number of arguments given (%{args_length} for 1)" -msgstr "mysql_password(): 指定された引数の数が正しくありません(%{args_length}は1)" - -#: ./lib/puppet/parser/functions/mysql_strip_hash.rb:11 -msgid "mysql_strip_hash(): Requires a hash to work." -msgstr "mysql_strip_hash(): 動作するにはハッシュが必要です。" - -#: ./lib/puppet/provider/mysql_datadir/mysql.rb:24 -msgid "Defaults-extra-file %{file} is missing." -msgstr "Defaults-extra-file %{file}が見つかりません" - -#: ./lib/puppet/provider/mysql_datadir/mysql.rb:59 -msgid "ERROR: `Resource` can not be removed." -msgstr "ERROR: `Resource`を削除できませんでした。" - -#: ./lib/puppet/provider/mysql_grant/mysql.rb:19 -msgid "#mysql had an error -> %{inspect}" -msgstr "#mysqlにエラーがありました -> %{inspect}" - -#: ./lib/puppet/provider/mysql_user/mysql.rb:125 -msgid "Only mysql_native_password (*ABCD..XXX) hashes are supported." -msgstr "mysql_native_password (*ABCD...XXX)ハッシュのみサポートされています。" - -#: ./lib/puppet/type/mysql_grant.rb:34 -msgid "`privileges` `parameter` is required." -msgstr "`privileges` `parameter`が必要です。" - -#: ./lib/puppet/type/mysql_grant.rb:35 -msgid "`privileges` `parameter`: PROXY can only be specified by itself." -msgstr "`privileges` `parameter`: PROXYは自身で指定することのみ可能です。" - -#: ./lib/puppet/type/mysql_grant.rb:36 -msgid "`table` `parameter` is required." -msgstr "`table` `parameter`が必要です。" - -#: ./lib/puppet/type/mysql_grant.rb:37 -msgid "`user` `parameter` is required." -msgstr "`user` `parameter`が必要です。" - -#: ./lib/puppet/type/mysql_grant.rb:39 -msgid "`name` `parameter` must match user@host/table format." -msgstr "`name` `parameter`はuser@host/tableの形式と一致している必要があります。" - -#: ./lib/puppet/type/mysql_grant.rb:57 -msgid "" -"PROXY user not supported on mysql versions < 5.5.0. Current version " -"%{version}." -msgstr "PROXYユーザはmysql 5.5.0以前のバージョンではサポートされていません。現在のバージョン%{version}" - -#: ./lib/puppet/type/mysql_grant.rb:67 -msgid "" -"`table` `property` for PROXY should be specified as proxy_user@proxy_host." -msgstr "PROXYの`table` `property`はproxy_user@proxy_hostとして指定されている必要があります。" - -#: ./lib/puppet/type/mysql_grant.rb:96 ./lib/puppet/type/mysql_user.rb:29 -msgid "Invalid database user %{user}." -msgstr "無効なデータベースのユーザ%{user}" - -#: ./lib/puppet/type/mysql_grant.rb:102 ./lib/puppet/type/mysql_user.rb:34 -msgid "MySQL usernames are limited to a maximum of 16 characters." -msgstr "MySQLユーザ名は最大16文字に制限されています。" - -#: ./lib/puppet/type/mysql_grant.rb:103 ./lib/puppet/type/mysql_user.rb:35 -msgid "MySQL usernames are limited to a maximum of 32 characters." -msgstr "MySQLユーザ名は最大32文字に制限されています。" - -#: ./lib/puppet/type/mysql_grant.rb:104 ./lib/puppet/type/mysql_user.rb:36 -msgid "MySQL usernames are limited to a maximum of 80 characters." -msgstr "MySQLユーザ名は最大80文字に制限されています。" - -#: ./lib/puppet/type/mysql_user.rb:82 -msgid "" -"`tls_options` `property`: The values NONE, SSL and X509 cannot be used with " -"other options, you may only pick one of them." -msgstr "" -"`tls_options` `property`: " -"NONE、SSL、X509は他のオプションと同時に使用することはできません。いずれか1つのみ選択可能です。" - -#: ./lib/puppet/type/mysql_user.rb:87 -msgid "Invalid tls option %{option}." -msgstr "無効なtlsオプション%{option}" diff --git a/locales/puppetlabs-mysql.pot b/locales/puppetlabs-mysql.pot deleted file mode 100644 index 610ac97..0000000 --- a/locales/puppetlabs-mysql.pot +++ /dev/null @@ -1,182 +0,0 @@ -"Project-Id-Version: puppetlabs-mysql 3.11.0-50-gd122d86\n" -"\n" -"Report-Msgid-Bugs-To: docs@puppet.com\n" -"POT-Creation-Date: 2017-09-14 14:21+0100\n" -"PO-Revision-Date: 2017-09-14 14:21+0100\n" -"Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"Language: \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" - -#. metadata.json -#: .summary -msgid "Installs, configures, and manages the MySQL service." -msgstr "" - -#. metadata.json -#: .description -msgid "MySQL module" -msgstr "" - -#. ./manifests/bindings/client_dev.pp:12 -msgid "No MySQL client development package configured for %{os}." -msgstr "" - -#. ./manifests/bindings/daemon_dev.pp:12 -msgid "No MySQL daemon development package configured for %{os}." -msgstr "" - -#. ./manifests/bindings.pp:38 -msgid "" -"::mysql::bindings::java cannot be managed by puppet on %{osfamily} as it is " -"not in official repositories. Please disable java mysql binding." -msgstr "" - -#. ./manifests/bindings.pp:40 -msgid "" -"::mysql::bindings::php does not need to be managed by puppet on %{osfamily} " -"as it is included in mysql package by default." -msgstr "" - -#. ./manifests/bindings.pp:42 -msgid "" -"::mysql::bindings::ruby cannot be managed by puppet on %{osfamily} as it is " -"not in official repositories. Please disable ruby mysql binding." -msgstr "" - -#. ./manifests/params.pp:124 -msgid "" -"Unsupported platform: puppetlabs-%{module_name} currently doesn't support " -"%{os}." -msgstr "" - -#. ./manifests/params.pp:381 -msgid "" -"Unsupported platform: puppetlabs-%{module_name} currently doesn't support " -"%{osfamily} or %{os}." -msgstr "" - -#. ./manifests/params.pp:465 -msgid "" -"Unsupported platform: puppetlabs-%{module_name} only supports RedHat 5.0 and " -"beyond." -msgstr "" - -#. ./manifests/server/backup.pp:28 -msgid "" -"The 'prescript' option is not currently implemented for the %{provider} " -"backup provider." -msgstr "" - -#. ./manifests/server.pp:48 -msgid "" -"The `old_root_password` attribute is no longer used and will be removed in a " -"future release." -msgstr "" - -#. ./manifests/server.pp:122 -msgid "" -"You can\'t specify $options and $override_options simultaneously, see the " -"README section \'Customize server options\'!" -msgstr "" - -#: ./lib/puppet/parser/functions/mysql_deepmerge.rb:22 -msgid "" -"mysql_deepmerge(): wrong number of arguments (%{args_length}; must be at " -"least 2)" -msgstr "" - -#: ./lib/puppet/parser/functions/mysql_deepmerge.rb:30 -msgid "" -"mysql_deepmerge: unexpected argument type %{arg_class}, only expects hash " -"arguments." -msgstr "" - -#: ./lib/puppet/parser/functions/mysql_dirname.rb:9 -msgid "mysql_dirname(): Wrong number of arguments given (%{args_length} for 1)" -msgstr "" - -#: ./lib/puppet/parser/functions/mysql_password.rb:11 -msgid "" -"mysql_password(): Wrong number of arguments given (%{args_length} for 1)" -msgstr "" - -#: ./lib/puppet/parser/functions/mysql_strip_hash.rb:11 -msgid "mysql_strip_hash(): Requires a hash to work." -msgstr "" - -#: ./lib/puppet/provider/mysql_datadir/mysql.rb:24 -msgid "Defaults-extra-file %{file} is missing." -msgstr "" - -#: ./lib/puppet/provider/mysql_datadir/mysql.rb:59 -msgid "ERROR: `Resource` can not be removed." -msgstr "" - -#: ./lib/puppet/provider/mysql_grant/mysql.rb:19 -msgid "#mysql had an error -> %{inspect}" -msgstr "" - -#: ./lib/puppet/provider/mysql_user/mysql.rb:125 -msgid "Only mysql_native_password (*ABCD...XXX) hashes are supported." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:34 -msgid "`privileges` `parameter` is required." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:35 -msgid "`privileges` `parameter`: PROXY can only be specified by itself." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:36 -msgid "`table` `parameter` is required." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:37 -msgid "`user` `parameter` is required." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:39 -msgid "`name` `parameter` must match user@host/table format." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:57 -msgid "" -"PROXY user not supported on mysql versions < 5.5.0. Current version " -"%{version}." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:67 -msgid "" -"`table` `property` for PROXY should be specified as proxy_user@proxy_host." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:96 ./lib/puppet/type/mysql_user.rb:29 -msgid "Invalid database user %{user}." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:102 ./lib/puppet/type/mysql_user.rb:34 -msgid "MySQL usernames are limited to a maximum of 16 characters." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:103 ./lib/puppet/type/mysql_user.rb:35 -msgid "MySQL usernames are limited to a maximum of 32 characters." -msgstr "" - -#: ./lib/puppet/type/mysql_grant.rb:104 ./lib/puppet/type/mysql_user.rb:36 -msgid "MySQL usernames are limited to a maximum of 80 characters." -msgstr "" - -#: ./lib/puppet/type/mysql_user.rb:82 -msgid "" -"`tls_options` `property`: The values NONE, SSL and X509 cannot be used with " -"other options, you may only pick one of them." -msgstr "" - -#: ./lib/puppet/type/mysql_user.rb:87 -msgid "Invalid tls option %{option}." -msgstr "" diff --git a/manifests/backup/mysqlbackup.pp b/manifests/backup/mysqlbackup.pp index 549279b..2e7f073 100644 --- a/manifests/backup/mysqlbackup.pp +++ b/manifests/backup/mysqlbackup.pp @@ -1,122 +1,127 @@ # @summary # Manage the mysqlbackup client. # # @api private # class mysql::backup::mysqlbackup ( $backupuser = '', - $backuppassword = '', + Variant[String, Sensitive[String]] $backuppassword = '', $maxallowedpacket = '1M', $backupdir = '', $backupdirmode = '0700', $backupdirowner = 'root', $backupdirgroup = $mysql::params::root_group, $backupcompress = true, $backuprotate = 30, $backupmethod = '', $backup_success_file_path = undef, $ignore_events = true, $delete_before_dump = false, $backupdatabases = [], $file_per_database = false, $include_triggers = true, $include_routines = false, $ensure = 'present', $time = ['23', '5'], $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', $optional_args = [], $incremental_backups = false, $install_cron = true, + $compression_command = undef, + $compression_extension = undef, ) inherits mysql::params { + $backuppassword_unsensitive = if $backuppassword =~ Sensitive { + $backuppassword.unwrap + } else { + $backuppassword + } mysql_user { "${backupuser}@localhost": ensure => $ensure, password_hash => mysql::password($backuppassword), require => Class['mysql::server::root_password'], } package { 'meb': ensure => $ensure, } # http://dev.mysql.com/doc/mysql-enterprise-backup/3.11/en/mysqlbackup.privileges.html mysql_grant { "${backupuser}@localhost/*.*": ensure => $ensure, user => "${backupuser}@localhost", table => '*.*', privileges => ['RELOAD', 'SUPER', 'REPLICATION CLIENT'], require => Mysql_user["${backupuser}@localhost"], } mysql_grant { "${backupuser}@localhost/mysql.backup_progress": ensure => $ensure, user => "${backupuser}@localhost", table => 'mysql.backup_progress', privileges => ['CREATE', 'INSERT', 'DROP', 'UPDATE'], require => Mysql_user["${backupuser}@localhost"], } mysql_grant { "${backupuser}@localhost/mysql.backup_history": ensure => $ensure, user => "${backupuser}@localhost", table => 'mysql.backup_history', privileges => ['CREATE', 'INSERT', 'SELECT', 'DROP', 'UPDATE'], require => Mysql_user["${backupuser}@localhost"], } if $install_cron { - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '5' { - ensure_packages('crontabs') - } elsif $::osfamily == 'RedHat' { + if $::osfamily == 'RedHat' { ensure_packages('cronie') } elsif $::osfamily != 'FreeBSD' { ensure_packages('cron') } } cron { 'mysqlbackup-weekly': ensure => $ensure, command => 'mysqlbackup backup', user => 'root', hour => $time[0], minute => $time[1], weekday => '0', require => Package['meb'], } cron { 'mysqlbackup-daily': ensure => $ensure, command => 'mysqlbackup --incremental backup', user => 'root', hour => $time[0], minute => $time[1], weekday => '1-6', require => Package['meb'], } $default_options = { 'mysqlbackup' => { 'backup-dir' => $backupdir, 'with-timestamp' => true, 'incremental_base' => 'history:last_backup', 'incremental_backup_dir' => $backupdir, 'user' => $backupuser, - 'password' => $backuppassword, + 'password' => $backuppassword_unsensitive }, } $options = mysql::normalise_and_deepmerge($default_options, $mysql::server::override_options) file { 'mysqlbackup-config-file': path => '/etc/mysql/conf.d/meb.cnf', content => template('mysql/meb.cnf.erb'), mode => '0600', } file { $backupdir: ensure => 'directory', mode => $backupdirmode, owner => $backupdirowner, group => $backupdirgroup, } } diff --git a/manifests/backup/mysqldump.pp b/manifests/backup/mysqldump.pp index 5c57a50..af652b0 100644 --- a/manifests/backup/mysqldump.pp +++ b/manifests/backup/mysqldump.pp @@ -1,108 +1,115 @@ # @summary # "Provider" for mysqldump # @api private # class mysql::backup::mysqldump ( $backupuser = '', - $backuppassword = '', + Variant[String, Sensitive[String]] $backuppassword = '', $backupdir = '', $maxallowedpacket = '1M', $backupdirmode = '0700', $backupdirowner = 'root', $backupdirgroup = $mysql::params::root_group, $backupcompress = true, $backuprotate = 30, $backupmethod = 'mysqldump', $backup_success_file_path = undef, $ignore_events = true, $delete_before_dump = false, $backupdatabases = [], $file_per_database = false, $include_triggers = false, $include_routines = false, $ensure = 'present', $time = ['23', '5'], $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', $optional_args = [], $mysqlbackupdir_ensure = 'directory', $mysqlbackupdir_target = undef, $incremental_backups = false, $install_cron = true, + $compression_command = 'bzcat -zc', + $compression_extension = '.bz2' ) inherits mysql::params { + $backuppassword_unsensitive = if $backuppassword =~ Sensitive { + $backuppassword.unwrap + } else { + $backuppassword + } + unless $::osfamily == 'FreeBSD' { - if $backupcompress { + if $backupcompress and $compression_command == 'bzcat -zc' { ensure_packages(['bzip2']) Package['bzip2'] -> File['mysqlbackup.sh'] } } mysql_user { "${backupuser}@localhost": ensure => $ensure, password_hash => mysql::password($backuppassword), require => Class['mysql::server::root_password'], } if $include_triggers { $privs = ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS', 'TRIGGER'] } else { $privs = ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS'] } mysql_grant { "${backupuser}@localhost/*.*": ensure => $ensure, user => "${backupuser}@localhost", table => '*.*', privileges => $privs, require => Mysql_user["${backupuser}@localhost"], } if $install_cron { - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '5' { - ensure_packages('crontabs') - } elsif $::osfamily == 'RedHat' { + if $::osfamily == 'RedHat' { ensure_packages('cronie') } elsif $::osfamily != 'FreeBSD' { ensure_packages('cron') } } cron { 'mysql-backup': ensure => $ensure, command => '/usr/local/sbin/mysqlbackup.sh', user => 'root', hour => $time[0], minute => $time[1], monthday => $time[2], month => $time[3], weekday => $time[4], require => File['mysqlbackup.sh'], } + # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado file { 'mysqlbackup.sh': ensure => $ensure, path => '/usr/local/sbin/mysqlbackup.sh', mode => '0700', owner => 'root', group => $mysql::params::root_group, content => template('mysql/mysqlbackup.sh.erb'), } if $mysqlbackupdir_target { file { $backupdir: ensure => $mysqlbackupdir_ensure, target => $mysqlbackupdir_target, mode => $backupdirmode, owner => $backupdirowner, group => $backupdirgroup, } } else { file { $backupdir: ensure => $mysqlbackupdir_ensure, mode => $backupdirmode, owner => $backupdirowner, group => $backupdirgroup, } } } diff --git a/manifests/backup/xtrabackup.pp b/manifests/backup/xtrabackup.pp index 82c3d42..bc335de 100644 --- a/manifests/backup/xtrabackup.pp +++ b/manifests/backup/xtrabackup.pp @@ -1,130 +1,137 @@ # @summary # "Provider" for Percona XtraBackup/MariaBackup # @api private # class mysql::backup::xtrabackup ( $xtrabackup_package_name = $mysql::params::xtrabackup_package_name, $backupuser = undef, - $backuppassword = undef, + Optional[Variant[String, Sensitive[String]]] $backuppassword = undef, $backupdir = '', $maxallowedpacket = '1M', $backupmethod = 'xtrabackup', $backupdirmode = '0700', $backupdirowner = 'root', $backupdirgroup = $mysql::params::root_group, $backupcompress = true, $backuprotate = 30, $backupscript_template = 'mysql/xtrabackup.sh.erb', $backup_success_file_path = undef, $ignore_events = true, $delete_before_dump = false, $backupdatabases = [], $file_per_database = false, $include_triggers = true, $include_routines = false, $ensure = 'present', $time = ['23', '5'], $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', $optional_args = [], $additional_cron_args = '--backup', $incremental_backups = true, $install_cron = true, + $compression_command = undef, + $compression_extension = undef, ) inherits mysql::params { ensure_packages($xtrabackup_package_name) + $backuppassword_unsensitive = if $backuppassword =~ Sensitive { + $backuppassword.unwrap + } else { + $backuppassword + } + if $backupuser and $backuppassword { mysql_user { "${backupuser}@localhost": ensure => $ensure, password_hash => mysql::password($backuppassword), require => Class['mysql::server::root_password'], } mysql_grant { "${backupuser}@localhost/*.*": ensure => $ensure, user => "${backupuser}@localhost", table => '*.*', privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT'], require => Mysql_user["${backupuser}@localhost"], } } if $install_cron { - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '5' { - ensure_packages('crontabs') - } elsif $::osfamily == 'RedHat' { + if $::osfamily == 'RedHat' { ensure_packages('cronie') } elsif $::osfamily != 'FreeBSD' { ensure_packages('cron') } } if $incremental_backups { # Warn if old backups are removed too soon. Incremental backups will fail # if the full backup is no longer available. if ($backuprotate.convert_to(Integer) < 7) { - warning(translate('The value for `backuprotate` is too low, it must be set to at least 7 days when using incremental backups.')) + warning('The value for `backuprotate` is too low, it must be set to at least 7 days when using incremental backups.') } # The --target-dir uses a more predictable value for the full backup so # that it can easily be calculated and used in incremental backup jobs. # Besides that it allows to have multiple full backups. cron { 'xtrabackup-weekly': ensure => $ensure, command => "/usr/local/sbin/xtrabackup.sh --target-dir=${backupdir}/$(date +\\%F)_full ${additional_cron_args}", user => 'root', hour => $time[0], minute => $time[1], weekday => '0', require => Package[$xtrabackup_package_name], } } # Wether to use GNU or BSD date format. case $::osfamily { 'FreeBSD','OpenBSD': { $dateformat = '$(date -v-sun +\\%F)_full' } default: { $dateformat = '$(date -d "last sunday" +\\%F)_full' } } $daily_cron_data = ($incremental_backups) ? { true => { 'directories' => "--incremental-basedir=${backupdir}/${dateformat} --target-dir=${backupdir}/$(date +\\%F_\\%H-\\%M-\\%S)", 'weekday' => '1-6', }, false => { 'directories' => "--target-dir=${backupdir}/$(date +\\%F_\\%H-\\%M-\\%S)", 'weekday' => '*', }, } cron { 'xtrabackup-daily': ensure => $ensure, command => "/usr/local/sbin/xtrabackup.sh ${daily_cron_data['directories']} ${additional_cron_args}", user => 'root', hour => $time[0], minute => $time[1], weekday => $daily_cron_data['weekday'], require => Package[$xtrabackup_package_name], } file { $backupdir: ensure => 'directory', mode => $backupdirmode, owner => $backupdirowner, group => $backupdirgroup, } + # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado file { 'xtrabackup.sh': ensure => $ensure, path => '/usr/local/sbin/xtrabackup.sh', mode => '0700', owner => 'root', group => $mysql::params::root_group, content => template($backupscript_template), } } diff --git a/manifests/bindings.pp b/manifests/bindings.pp index 9a9eb02..6e29f62 100644 --- a/manifests/bindings.pp +++ b/manifests/bindings.pp @@ -1,129 +1,126 @@ # @summary # Parent class for MySQL bindings. # # @example Install Ruby language bindings # class { 'mysql::bindings': # ruby_enable => true, # ruby_package_ensure => 'present', # ruby_package_name => 'ruby-mysql-2.7.1-1mdv2007.0.sparc.rpm', # ruby_package_provider => 'rpm', # } # @param install_options # Passes `install_options` array to managed package resources. You must pass the [appropriate options](https://docs.puppetlabs.com/references/latest/type.html#package-attribute-install_options) for the package manager(s). # @param java_enable # Specifies whether `::mysql::bindings::java` should be included. Valid values are `true`, `false`. # @param perl_enable # Specifies whether `mysql::bindings::perl` should be included. Valid values are `true`, `false`. # @param php_enable # Specifies whether `mysql::bindings::php` should be included. Valid values are `true`, `false`. # @param python_enable # Specifies whether `mysql::bindings::python` should be included. Valid values are `true`, `false`. # @param ruby_enable # Specifies whether `mysql::bindings::ruby` should be included. Valid values are `true`, `false`. # @param client_dev # Specifies whether `::mysql::bindings::client_dev` should be included. Valid values are `true`', `false`. # @param daemon_dev # Specifies whether `::mysql::bindings::daemon_dev` should be included. Valid values are `true`, `false`. # @param java_package_ensure # Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `java_enable => true`. # @param java_package_name # The name of the Java package to install. Only applies if `java_enable => true`. # @param java_package_provider # The provider to use to install the Java package. Only applies if `java_enable => true`. # @param perl_package_ensure # Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `perl_enable => true`. # @param perl_package_name # The name of the Perl package to install. Only applies if `perl_enable => true`. # @param perl_package_provider # The provider to use to install the Perl package. Only applies if `perl_enable => true`. # @param php_package_ensure # Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `php_enable => true`. # @param php_package_name # The name of the PHP package to install. Only applies if `php_enable => true`. # @param php_package_provider # The provider to use to install the PHP package. Only applies if `php_enable => true`. # @param python_package_ensure # Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `python_enable => true`. # @param python_package_name # The name of the Python package to install. Only applies if `python_enable => true`. # @param python_package_provider # The provider to use to install the Python package. Only applies if `python_enable => true`. # @param ruby_package_ensure # Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `ruby_enable => true`. # @param ruby_package_name # The name of the Ruby package to install. Only applies if `ruby_enable => true`. # @param ruby_package_provider # What provider should be used to install the package. # @param client_dev_package_ensure # Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `client_dev => true`. # @param client_dev_package_name # The name of the client_dev package to install. Only applies if `client_dev => true`. # @param client_dev_package_provider # The provider to use to install the client_dev package. Only applies if `client_dev => true`. # @param daemon_dev_package_ensure # Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `daemon_dev => true`. # @param daemon_dev_package_name # The name of the daemon_dev package to install. Only applies if `daemon_dev => true`. # @param daemon_dev_package_provider # The provider to use to install the daemon_dev package. Only applies if `daemon_dev => true`. # class mysql::bindings ( $install_options = undef, # Boolean to determine if we should include the classes. $java_enable = false, $perl_enable = false, $php_enable = false, $python_enable = false, $ruby_enable = false, $client_dev = false, $daemon_dev = false, # Settings for the various classes. $java_package_ensure = $mysql::params::java_package_ensure, $java_package_name = $mysql::params::java_package_name, $java_package_provider = $mysql::params::java_package_provider, $perl_package_ensure = $mysql::params::perl_package_ensure, $perl_package_name = $mysql::params::perl_package_name, $perl_package_provider = $mysql::params::perl_package_provider, $php_package_ensure = $mysql::params::php_package_ensure, $php_package_name = $mysql::params::php_package_name, $php_package_provider = $mysql::params::php_package_provider, $python_package_ensure = $mysql::params::python_package_ensure, $python_package_name = $mysql::params::python_package_name, $python_package_provider = $mysql::params::python_package_provider, $ruby_package_ensure = $mysql::params::ruby_package_ensure, $ruby_package_name = $mysql::params::ruby_package_name, $ruby_package_provider = $mysql::params::ruby_package_provider, $client_dev_package_ensure = $mysql::params::client_dev_package_ensure, $client_dev_package_name = $mysql::params::client_dev_package_name, $client_dev_package_provider = $mysql::params::client_dev_package_provider, $daemon_dev_package_ensure = $mysql::params::daemon_dev_package_ensure, $daemon_dev_package_name = $mysql::params::daemon_dev_package_name, $daemon_dev_package_provider = $mysql::params::daemon_dev_package_provider ) inherits mysql::params { case $::osfamily { 'Archlinux': { - if $java_enable { fail(translate('::mysql::bindings::java cannot be managed by puppet on %{osfamily} - as it is not in official repositories. Please disable java mysql binding.', - { 'osfamily' => $::osfamily })) } + if $java_enable { fail("::mysql::bindings::java cannot be managed by puppet on ${::facts['os']['family']} + as it is not in official repositories. Please disable java mysql binding.") } if $perl_enable { include 'mysql::bindings::perl' } - if $php_enable { warning(translate('::mysql::bindings::php does not need to be managed by puppet on %{osfamily} - as it is included in mysql package by default.', - { 'osfamily' => $::osfamily })) } + if $php_enable { warning("::mysql::bindings::php does not need to be managed by puppet on ${::facts['os']['family']} + as it is included in mysql package by default.") } if $python_enable { include 'mysql::bindings::python' } - if $ruby_enable { fail(translate('::mysql::bindings::ruby cannot be managed by puppet on %{osfamily} - as it is not in official repositories. Please disable ruby mysql binding.', - { 'osfamily' => $::osfamily })) } + if $ruby_enable { fail("::mysql::bindings::ruby cannot be managed by puppet on %{::facts['os']['family']} + as it is not in official repositories. Please disable ruby mysql binding.") } } default: { if $java_enable { include 'mysql::bindings::java' } if $perl_enable { include 'mysql::bindings::perl' } if $php_enable { include 'mysql::bindings::php' } if $python_enable { include 'mysql::bindings::python' } if $ruby_enable { include 'mysql::bindings::ruby' } } } if $client_dev { include 'mysql::bindings::client_dev' } if $daemon_dev { include 'mysql::bindings::daemon_dev' } } diff --git a/manifests/bindings/client_dev.pp b/manifests/bindings/client_dev.pp index b112ea3..407509d 100644 --- a/manifests/bindings/client_dev.pp +++ b/manifests/bindings/client_dev.pp @@ -1,17 +1,17 @@ # @summary # Private class for installing client development bindings # # @api private # class mysql::bindings::client_dev { if $mysql::bindings::client_dev_package_name { package { 'mysql-client_dev': ensure => $mysql::bindings::client_dev_package_ensure, install_options => $mysql::bindings::install_options, name => $mysql::bindings::client_dev_package_name, provider => $mysql::bindings::client_dev_package_provider, } } else { - warning(translate('No MySQL client development package configured for %{os}.', { 'os' => $::operatingsystem })) + warning("No MySQL client development package configured for ${::facts['os']['family']}.") } } diff --git a/manifests/bindings/daemon_dev.pp b/manifests/bindings/daemon_dev.pp index 1a61a6f..c780f0e 100644 --- a/manifests/bindings/daemon_dev.pp +++ b/manifests/bindings/daemon_dev.pp @@ -1,17 +1,17 @@ # @summary # Private class for installing daemon development bindings # # @api private # class mysql::bindings::daemon_dev { if $mysql::bindings::daemon_dev_package_name { package { 'mysql-daemon_dev': ensure => $mysql::bindings::daemon_dev_package_ensure, install_options => $mysql::bindings::install_options, name => $mysql::bindings::daemon_dev_package_name, provider => $mysql::bindings::daemon_dev_package_provider, } } else { - warning(translate('No MySQL daemon development package configured for %{os}.', { 'os' => $::operatingsystem })) + warning("No MySQL daemon development package configured for ${::facts['os']['family']}.") } } diff --git a/manifests/client.pp b/manifests/client.pp index e1bd10e..402d30e 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,52 +1,48 @@ # @summary # Installs and configures the MySQL client. # # @example Install the MySQL client # class {'::mysql::client': # package_name => 'mysql-client', # package_ensure => 'present', # bindings_enable => true, # } # # @param bindings_enable # Whether to automatically install all bindings. Valid values are `true`, `false`. Default to `false`. # @param install_options # Array of install options for managed package resources. You must pass the appropriate options for the package manager. # @param package_ensure # Whether the MySQL package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. # @param package_manage # Whether to manage the MySQL client package. Defaults to `true`. -# @param service_name -# The name of the MySQL server service. Defaults are OS dependent, defined in 'params.pp'. -# @param service_provider -# The provider to use to manage the service. For Ubuntu, defaults to 'upstart'; otherwise, default is undefined. # @param package_name # The name of the MySQL client package to install. # class mysql::client ( $bindings_enable = $mysql::params::bindings_enable, $install_options = undef, $package_ensure = $mysql::params::client_package_ensure, $package_manage = $mysql::params::client_package_manage, $package_name = $mysql::params::client_package_name, $package_provider = undef, $package_source = undef, ) inherits mysql::params { include 'mysql::client::install' if $bindings_enable { class { 'mysql::bindings': java_enable => true, perl_enable => true, php_enable => true, python_enable => true, ruby_enable => true, } } # Anchor pattern workaround to avoid resources of mysql::client::install to # "float off" outside mysql::client anchor { 'mysql::client::start': } -> Class['mysql::client::install'] -> anchor { 'mysql::client::end': } } diff --git a/manifests/db.pp b/manifests/db.pp index 7c154e6..52cc382 100644 --- a/manifests/db.pp +++ b/manifests/db.pp @@ -1,108 +1,114 @@ # @summary # Create and configure a MySQL database. # # @example Create a database # mysql::db { 'mydb': # user => 'myuser', # password => 'mypass', # host => 'localhost', # grant => ['SELECT', 'UPDATE'], # } # # @param user # The user for the database you're creating. # @param password # The password for $user for the database you're creating. # @param tls_options # The tls_options for $user for the database you're creating. # @param dbname # The name of the database to create. # @param charset # The character set for the database. # @param collate # The collation for the database. # @param host # The host to use as part of user@host for grants. # @param grant # The privileges to be granted for user@host on the database. # @param grant_options # The grant_options for the grant for user@host on the database. # @param sql # The path to the sqlfile you want to execute. This can be single file specified as string, or it can be an array of strings. # @param enforce_sql # Specifies whether executing the sqlfiles should happen on every run. If set to false, sqlfiles only run once. # @param ensure # Specifies whether to create the database. Valid values are 'present', 'absent'. Defaults to 'present'. # @param import_timeout # Timeout, in seconds, for loading the sqlfiles. Defaults to 300. # @param import_cat_cmd # Command to read the sqlfile for importing the database. Useful for compressed sqlfiles. For example, you can use 'zcat' for .gz files. # define mysql::db ( $user, - $password, + Variant[String, Sensitive[String]] $password, $tls_options = undef, $dbname = $name, $charset = 'utf8', $collate = 'utf8_general_ci', $host = 'localhost', $grant = 'ALL', $grant_options = undef, Optional[Variant[Array, Hash, String]] $sql = undef, $enforce_sql = false, Enum['absent', 'present'] $ensure = 'present', $import_timeout = 300, $import_cat_cmd = 'cat', - $mysql_exec_path = $mysql::params::exec_path, + $mysql_exec_path = undef, ) { $table = "${dbname}.*" $sql_inputs = join([$sql], ' ') include 'mysql::client' + if ($mysql_exec_path) { + $_mysql_exec_path = $mysql_exec_path + } else { + $_mysql_exec_path = $mysql::params::exec_path + } + $db_resource = { ensure => $ensure, charset => $charset, collate => $collate, provider => 'mysql', require => [Class['mysql::client']], } ensure_resource('mysql_database', $dbname, $db_resource) $user_resource = { ensure => $ensure, password_hash => mysql::password($password), tls_options => $tls_options, } ensure_resource('mysql_user', "${user}@${host}", $user_resource) if $ensure == 'present' { mysql_grant { "${user}@${host}/${table}": privileges => $grant, provider => 'mysql', user => "${user}@${host}", table => $table, options => $grant_options, require => [ Mysql_database[$dbname], Mysql_user["${user}@${host}"], ], } $refresh = ! $enforce_sql if $sql { exec { "${dbname}-import": command => "${import_cat_cmd} ${sql_inputs} | mysql ${dbname}", logoutput => true, environment => "HOME=${::root_home}", refreshonly => $refresh, - path => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:${mysql_exec_path}", + path => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:${_mysql_exec_path}", require => Mysql_grant["${user}@${host}/${table}"], subscribe => Mysql_database[$dbname], timeout => $import_timeout, } } } } diff --git a/manifests/params.pp b/manifests/params.pp index 25f16f7..4e557d5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,569 +1,550 @@ # @summary # Params class. # # @api private # class mysql::params { $manage_config_file = true $config_file_mode = '0644' $purge_conf_dir = false $restart = false $root_password = 'UNSET' $install_secret_file = '/.mysql_secret' $server_package_ensure = 'present' $server_package_manage = true $server_service_manage = true $server_service_enabled = true $client_package_ensure = 'present' $client_package_manage = true $create_root_user = true $create_root_my_cnf = true $create_root_login_file = false $login_file = undef $exec_path = '' # mysql::bindings $bindings_enable = false $java_package_ensure = 'present' $java_package_provider = undef $perl_package_ensure = 'present' $perl_package_provider = undef $php_package_ensure = 'present' $php_package_provider = undef $python_package_ensure = 'present' $python_package_provider = undef $ruby_package_ensure = 'present' $ruby_package_provider = undef $client_dev_package_ensure = 'present' $client_dev_package_provider = undef $daemon_dev_package_ensure = 'present' $daemon_dev_package_provider = undef $xtrabackup_package_name_default = 'percona-xtrabackup' case $::osfamily { 'RedHat': { case $::operatingsystem { 'Fedora': { if versioncmp($::operatingsystemrelease, '19') >= 0 or $::operatingsystemrelease == 'Rawhide' { $provider = 'mariadb' } else { $provider = 'mysql' } $python_package_name = 'MySQL-python' } - /^(RedHat|CentOS|Scientific|OracleLinux)$/: { + 'Amazon': { + if versioncmp($::operatingsystemrelease, '2') >= 0 { + $provider = 'mariadb' + } else { + $provider = 'mysql' + } + } + /^(RedHat|Rocky|CentOS|Scientific|OracleLinux)$/: { if versioncmp($::operatingsystemmajrelease, '7') >= 0 { $provider = 'mariadb' if versioncmp($::operatingsystemmajrelease, '8') >= 0 { $xtrabackup_package_name_override = 'percona-xtrabackup-24' } } else { $provider = 'mysql' $xtrabackup_package_name_override = 'percona-xtrabackup-20' } if versioncmp($::operatingsystemmajrelease, '8') >= 0 { $java_package_name = 'mariadb-java-client' $python_package_name = 'python3-PyMySQL' } else { $java_package_name = 'mysql-connector-java' $python_package_name = 'MySQL-python' } } default: { $provider = 'mysql' } } if $provider == 'mariadb' { $client_package_name = 'mariadb' $server_package_name = 'mariadb-server' $server_service_name = 'mariadb' $log_error = '/var/log/mariadb/mariadb.log' $config_file = '/etc/my.cnf.d/server.cnf' # mariadb package by default has !includedir set in my.cnf to /etc/my.cnf.d $includedir = undef $pidfile = '/var/run/mariadb/mariadb.pid' $daemon_dev_package_name = 'mariadb-devel' } else { $client_package_name = 'mysql' $server_package_name = 'mysql-server' $server_service_name = 'mysqld' $log_error = '/var/log/mysqld.log' $config_file = '/etc/my.cnf' $includedir = '/etc/my.cnf.d' $pidfile = '/var/run/mysqld/mysqld.pid' $daemon_dev_package_name = 'mysql-devel' } $basedir = '/usr' $datadir = '/var/lib/mysql' $root_group = 'root' $mysql_group = 'mysql' $mycnf_owner = undef $mycnf_group = undef $socket = '/var/lib/mysql/mysql.sock' $ssl_ca = '/etc/mysql/cacert.pem' $ssl_cert = '/etc/mysql/server-cert.pem' $ssl_key = '/etc/mysql/server-key.pem' $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $perl_package_name = 'perl-DBD-MySQL' $php_package_name = 'php-mysql' $ruby_package_name = 'ruby-mysql' $client_dev_package_name = undef } 'Suse': { case $::operatingsystem { 'OpenSuSE': { - if versioncmp( $::operatingsystemmajrelease, '12' ) >= 0 { - $client_package_name = 'mariadb-client' - $server_package_name = 'mariadb' - # First service start fails if this is set. Runs fine without - # it being set, in any case. Leaving it as-is for the mysql. - $basedir = undef - } else { - $client_package_name = 'mysql-community-server-client' - $server_package_name = 'mysql-community-server' - $basedir = '/usr' - } + $socket = '/var/run/mysql/mysql.sock' + $log_error = '/var/log/mysql/mysqld.log' + $pidfile = '/var/run/mysql/mysqld.pid' + $ruby_package_name = 'rubygem-mysql' + $client_package_name = 'mariadb-client' + $server_package_name = 'mariadb' + # First service start fails if this is set. Runs fine without + # it being set, in any case. Leaving it as-is for the mysql. + $basedir = undef } 'SLES','SLED': { - if versioncmp($::operatingsystemrelease, '12') >= 0 { - $client_package_name = 'mariadb-client' - $server_package_name = 'mariadb' - $basedir = undef - } else { - $client_package_name = 'mysql-client' - $server_package_name = 'mysql' - $basedir = '/usr' - } + $socket = '/run/mysql/mysql.sock' + $log_error = '/var/log/mysqld.log' + $pidfile = '/var/lib/mysql/mysqld.pid' + $ruby_package_name = 'ruby-mysql' + $client_package_name = 'mariadb-client' + $server_package_name = 'mariadb' + $basedir = undef } default: { - fail(translate('Unsupported platform: puppetlabs-%{module_name} currently doesn\'t support %{os}.', - { 'module_name' => $module_name, 'os' => $::operatingsystem })) + fail("Unsupported platform: puppetlabs-${module_name} currently doesn\'t support ${::operatingsystem}.") } } $config_file = '/etc/my.cnf' $includedir = '/etc/my.cnf.d' $datadir = '/var/lib/mysql' - $log_error = $::operatingsystem ? { - /OpenSuSE/ => '/var/log/mysql/mysqld.log', - /(SLES|SLED)/ => '/var/log/mysqld.log', - } - $pidfile = $::operatingsystem ? { - /OpenSuSE/ => '/var/run/mysql/mysqld.pid', - /(SLES|SLED)/ => '/var/lib/mysql/mysqld.pid', - } $root_group = 'root' $mysql_group = 'mysql' $mycnf_owner = undef $mycnf_group = undef $server_service_name = 'mysql' $xtrabackup_package_name_override = 'xtrabackup' - if $::operatingsystem =~ /(SLES|SLED)/ { - if versioncmp( $::operatingsystemmajrelease, '12' ) >= 0 { - $socket = '/run/mysql/mysql.sock' - } else { - $socket = '/var/lib/mysql/mysql.sock' - } - } else { - $socket = '/var/run/mysql/mysql.sock' - } - $ssl_ca = '/etc/mysql/cacert.pem' $ssl_cert = '/etc/mysql/server-cert.pem' $ssl_key = '/etc/mysql/server-key.pem' $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $java_package_name = 'mysql-connector-java' $perl_package_name = 'perl-DBD-mysql' $php_package_name = 'apache2-mod_php53' $python_package_name = 'python-mysql' - $ruby_package_name = $::operatingsystem ? { - /OpenSuSE/ => 'rubygem-mysql', - /(SLES|SLED)/ => 'ruby-mysql', - } $client_dev_package_name = 'libmysqlclient-devel' $daemon_dev_package_name = 'mysql-devel' } 'Debian': { - if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0 { + if $::operatingsystem == 'Debian' { $provider = 'mariadb' - } else { + } else { # Ubuntu $provider = 'mysql' } if $provider == 'mariadb' { $client_package_name = 'mariadb-client' $server_package_name = 'mariadb-server' $server_service_name = 'mariadb' $client_dev_package_name = 'libmariadbclient-dev' $daemon_dev_package_name = 'libmariadbd-dev' } else { $client_package_name = 'mysql-client' $server_package_name = 'mysql-server' $server_service_name = 'mysql' $client_dev_package_name = 'libmysqlclient-dev' $daemon_dev_package_name = 'libmysqld-dev' } $basedir = '/usr' $config_file = '/etc/mysql/my.cnf' $includedir = '/etc/mysql/conf.d' $datadir = '/var/lib/mysql' $log_error = '/var/log/mysql/error.log' $pidfile = '/var/run/mysqld/mysqld.pid' $root_group = 'root' $mysql_group = 'adm' $mycnf_owner = undef $mycnf_group = undef $socket = '/var/run/mysqld/mysqld.sock' $ssl_ca = '/etc/mysql/cacert.pem' $ssl_cert = '/etc/mysql/server-cert.pem' $ssl_key = '/etc/mysql/server-key.pem' $tmpdir = '/tmp' $managed_dirs = ['tmpdir','basedir','datadir','innodb_data_home_dir','innodb_log_group_home_dir','innodb_undo_directory','innodb_tmpdir'] # mysql::bindings - if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') >= 0 { + if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') >= 0) or + ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '20.04') >= 0) { $java_package_name = 'libmariadb-java' } else { $java_package_name = 'libmysql-java' } $perl_package_name = 'libdbd-mysql-perl' if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') >= 0) or - ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) { + ($::operatingsystem == 'Debian') { $php_package_name = 'php-mysql' } else { $php_package_name = 'php5-mysql' } if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) or + ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '20.04') >= 0) or ($::operatingsystem == 'Debian') { $xtrabackup_package_name_override = 'percona-xtrabackup-24' } + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '20.04') >= 0) or + ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '11') >= 0){ + $python_package_name = 'python3-mysqldb' + } else { + $python_package_name = 'python-mysqldb' + } - $python_package_name = 'python-mysqldb' - $ruby_package_name = $::lsbdistcodename ? { - 'jessie' => 'ruby-mysql', - 'stretch' => 'ruby-mysql2', - 'buster' => 'ruby-mysql2', - 'trusty' => 'ruby-mysql', - 'xenial' => 'ruby-mysql', - 'bionic' => 'ruby-mysql2', - 'focal' => 'ruby-mysql2', - default => 'libmysql-ruby', + $ruby_package_name = $facts['os']['release']['major'] ? { + '9' => 'ruby-mysql2', # stretch + '10' => 'ruby-mysql2', # buster + '16.04' => 'ruby-mysql', # xenial + '18.04' => 'ruby-mysql2', # bionic + '20.04' => 'ruby-mysql2', # focal + default => 'libmysql-ruby', } } 'Archlinux': { $daemon_dev_package_name = undef $client_dev_package_name = undef $includedir = undef $client_package_name = 'mariadb-clients' $server_package_name = 'mariadb' $basedir = '/usr' $config_file = '/etc/mysql/my.cnf' $datadir = '/var/lib/mysql' $log_error = '/var/log/mysqld.log' $pidfile = '/var/run/mysqld/mysqld.pid' $root_group = 'root' $mysql_group = 'mysql' $mycnf_owner = undef $mycnf_group = undef $server_service_name = 'mysqld' $socket = '/var/lib/mysql/mysql.sock' $ssl_ca = '/etc/mysql/cacert.pem' $ssl_cert = '/etc/mysql/server-cert.pem' $ssl_key = '/etc/mysql/server-key.pem' $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $java_package_name = 'mysql-connector-java' $perl_package_name = 'perl-dbd-mysql' $php_package_name = undef $python_package_name = 'mysql-python' $ruby_package_name = 'mysql-ruby' } 'Gentoo': { $client_package_name = 'virtual/mysql' $includedir = undef $server_package_name = 'virtual/mysql' $basedir = '/usr' $config_file = '/etc/mysql/my.cnf' $datadir = '/var/lib/mysql' $log_error = '/var/log/mysql/mysqld.err' $pidfile = '/run/mysqld/mysqld.pid' $root_group = 'root' $mysql_group = 'mysql' $mycnf_owner = undef $mycnf_group = undef $server_service_name = 'mysql' $socket = '/run/mysqld/mysqld.sock' $ssl_ca = '/etc/mysql/cacert.pem' $ssl_cert = '/etc/mysql/server-cert.pem' $ssl_key = '/etc/mysql/server-key.pem' $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $java_package_name = 'dev-java/jdbc-mysql' $perl_package_name = 'dev-perl/DBD-mysql' $php_package_name = undef $python_package_name = 'dev-python/mysql-python' $ruby_package_name = 'dev-ruby/mysql-ruby' } 'FreeBSD': { - $client_package_name = 'databases/mysql56-client' - $server_package_name = 'databases/mysql56-server' + $client_package_name = 'databases/mysql57-client' + $server_package_name = 'databases/mysql57-server' $basedir = '/usr/local' $config_file = '/usr/local/etc/my.cnf' $includedir = '/usr/local/etc/my.cnf.d' $datadir = '/var/db/mysql' $log_error = '/var/log/mysqld.log' $pidfile = '/var/run/mysql.pid' $root_group = 'wheel' $mysql_group = 'mysql' $mycnf_owner = undef $mycnf_group = undef $server_service_name = 'mysql-server' $socket = '/var/db/mysql/mysql.sock' $ssl_ca = undef $ssl_cert = undef $ssl_key = undef $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $java_package_name = 'databases/mysql-connector-java' $perl_package_name = 'p5-DBD-mysql' $php_package_name = 'php5-mysql' $python_package_name = 'databases/py-MySQLdb' $ruby_package_name = 'databases/ruby-mysql' # The libraries installed by these packages are included in client and server packages, no installation required. $client_dev_package_name = undef $daemon_dev_package_name = undef } 'OpenBSD': { $client_package_name = 'mariadb-client' $server_package_name = 'mariadb-server' $basedir = '/usr/local' $config_file = '/etc/my.cnf' $includedir = undef $datadir = '/var/mysql' $log_error = "/var/mysql/${::hostname}.err" $pidfile = '/var/mysql/mysql.pid' $root_group = 'wheel' $mysql_group = '_mysql' $mycnf_owner = undef $mycnf_group = undef $server_service_name = 'mysqld' $socket = '/var/run/mysql/mysql.sock' $ssl_ca = undef $ssl_cert = undef $ssl_key = undef $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $java_package_name = undef $perl_package_name = 'p5-DBD-mysql' $php_package_name = 'php-mysql' $python_package_name = 'py-mysql' $ruby_package_name = 'ruby-mysql' # The libraries installed by these packages are included in client and server packages, no installation required. $client_dev_package_name = undef $daemon_dev_package_name = undef } 'Solaris': { $client_package_name = 'database/mysql-55/client' $server_package_name = 'database/mysql-55' $basedir = undef $config_file = '/etc/mysql/5.5/my.cnf' $datadir = '/var/mysql/5.5/data' $log_error = "/var/mysql/5.5/data/${::hostname}.err" $pidfile = "/var/mysql/5.5/data/${::hostname}.pid" $root_group = 'bin' $server_service_name = 'application/database/mysql:version_55' $socket = '/tmp/mysql.sock' $ssl_ca = undef $ssl_cert = undef $ssl_key = undef $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $java_package_name = undef $perl_package_name = undef $php_package_name = 'web/php-53/extension/php-mysql' $python_package_name = 'library/python/python-mysql' $ruby_package_name = undef # The libraries installed by these packages are included in client and server packages, no installation required. $client_dev_package_name = undef $daemon_dev_package_name = undef } default: { case $::operatingsystem { 'Alpine': { $client_package_name = 'mariadb-client' $server_package_name = 'mariadb' $basedir = '/usr' $config_file = '/etc/mysql/my.cnf' $datadir = '/var/lib/mysql' $log_error = '/var/log/mysqld.log' $pidfile = '/run/mysqld/mysqld.pid' $root_group = 'root' $mysql_group = 'mysql' $mycnf_owner = undef $mycnf_group = undef $server_service_name = 'mariadb' $socket = '/run/mysqld/mysqld.sock' $ssl_ca = '/etc/mysql/cacert.pem' $ssl_cert = '/etc/mysql/server-cert.pem' $ssl_key = '/etc/mysql/server-key.pem' $tmpdir = '/tmp' $managed_dirs = undef $java_package_name = undef $perl_package_name = 'perl-dbd-mysql' $php_package_name = 'php7-mysqlnd' $python_package_name = 'py-mysqldb' $ruby_package_name = undef $client_dev_package_name = undef $daemon_dev_package_name = undef } 'Amazon': { $client_package_name = 'mysql' $server_package_name = 'mysql-server' $basedir = '/usr' $config_file = '/etc/my.cnf' $includedir = '/etc/my.cnf.d' $datadir = '/var/lib/mysql' $log_error = '/var/log/mysqld.log' $pidfile = '/var/run/mysqld/mysqld.pid' $root_group = 'root' $mysql_group = 'mysql' $mycnf_owner = undef $mycnf_group = undef $server_service_name = 'mysqld' $socket = '/var/lib/mysql/mysql.sock' $ssl_ca = '/etc/mysql/cacert.pem' $ssl_cert = '/etc/mysql/server-cert.pem' $ssl_key = '/etc/mysql/server-key.pem' $tmpdir = '/tmp' $managed_dirs = undef # mysql::bindings $java_package_name = 'mysql-connector-java' $perl_package_name = 'perl-DBD-MySQL' $php_package_name = 'php-mysql' $python_package_name = 'MySQL-python' $ruby_package_name = 'ruby-mysql' # The libraries installed by these packages are included in client and server packages, no installation required. $client_dev_package_name = undef $daemon_dev_package_name = undef } default: { - fail(translate('Unsupported platform: puppetlabs-%{module_name} currently doesn\'t support %{osfamily} or %{os}.', - { 'module_name' => $module_name, 'os' => $::operatingsystem, 'osfamily' => $::osfamily })) + fail("Unsupported platform: puppetlabs-${module_name} currently doesn\'t support ${::osfamily} or ${::operatingsystem}.") } } } } case $::operatingsystem { 'Ubuntu': { - # lint:ignore:only_variable_string - if versioncmp("${::operatingsystemmajrelease}", '14.10') > 0 { - # lint:endignore - $server_service_provider = 'systemd' - } else { - $server_service_provider = 'upstart' - } + $server_service_provider = 'systemd' } 'Alpine': { $server_service_provider = 'rc-service' } + 'FreeBSD': { + $server_service_provider = 'freebsd' + } default: { $server_service_provider = undef } } $default_options = { 'client' => { 'port' => '3306', 'socket' => $mysql::params::socket, }, 'mysqld_safe' => { 'nice' => '0', 'log-error' => $mysql::params::log_error, 'socket' => $mysql::params::socket, }, 'mysqld-5.0' => { 'myisam-recover' => 'BACKUP', }, 'mysqld-5.1' => { 'myisam-recover' => 'BACKUP', }, 'mysqld-5.5' => { 'myisam-recover' => 'BACKUP', 'query_cache_limit' => '1M', 'query_cache_size' => '16M', }, 'mysqld-5.6' => { 'myisam-recover-options' => 'BACKUP', 'query_cache_limit' => '1M', 'query_cache_size' => '16M', }, 'mysqld-5.7' => { 'myisam-recover-options' => 'BACKUP', 'query_cache_limit' => '1M', 'query_cache_size' => '16M', }, 'mysqld' => { 'basedir' => $mysql::params::basedir, 'bind-address' => '127.0.0.1', 'datadir' => $mysql::params::datadir, 'expire_logs_days' => '10', 'key_buffer_size' => '16M', 'log-error' => $mysql::params::log_error, 'max_allowed_packet' => '16M', 'max_binlog_size' => '100M', 'max_connections' => '151', 'pid-file' => $mysql::params::pidfile, 'port' => '3306', 'skip-external-locking' => true, 'socket' => $mysql::params::socket, 'ssl' => false, 'ssl-ca' => $mysql::params::ssl_ca, 'ssl-cert' => $mysql::params::ssl_cert, 'ssl-key' => $mysql::params::ssl_key, 'ssl-disable' => false, 'thread_cache_size' => '8', 'thread_stack' => '256K', 'tmpdir' => $mysql::params::tmpdir, 'user' => 'mysql', }, 'mysqldump' => { 'max_allowed_packet' => '16M', 'quick' => true, 'quote-names' => true, }, 'isamchk' => { 'key_buffer_size' => '16M', }, } if defined('$xtrabackup_package_name_override') { $xtrabackup_package_name = pick($xtrabackup_package_name_override, $xtrabackup_package_name_default) } else { $xtrabackup_package_name = $xtrabackup_package_name_default } ## Additional graceful failures if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '4' and $::operatingsystem != 'Amazon' { - fail(translate('Unsupported platform: puppetlabs-%{module_name} only supports RedHat 5.0 and beyond.', { 'module_name' => $module_name })) + fail("Unsupported platform: puppetlabs-${module_name} only supports RedHat 6.0 and beyond.") } } diff --git a/manifests/server.pp b/manifests/server.pp index 031b8ca..4ad75ac 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,178 +1,178 @@ # @summary # Installs and configures the MySQL server. # # @example Install MySQL Server # class { '::mysql::server': # package_name => 'mysql-server', # package_ensure => '5.7.1+mysql~trusty', # root_password => 'strongpassword', # remove_default_accounts => true, # } # # @param config_file # The location, as a path, of the MySQL configuration file. # @param config_file_mode # The MySQL configuration file's permissions mode. # @param includedir # The location, as a path, of !includedir for custom configuration overrides. # @param install_options # Passes [install_options](https://docs.puppetlabs.com/references/latest/type.html#package-attribute-install_options) array to managed package resources. You must pass the appropriate options for the specified package manager # @param install_secret_file # Path to secret file containing temporary root password. # @param manage_config_file # Whether the MySQL configuration file should be managed. Valid values are `true`, `false`. Defaults to `true`. # @param options # A hash of options structured like the override_options, but not merged with the default options. Use this if you don't want your options merged with the default options. # @param override_options # Specifies override options to pass into MySQL. Structured like a hash in the my.cnf file: See above for usage details. # @param package_ensure # Whether the package exists or should be a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Defaults to 'present'. # @param package_manage # Whether to manage the MySQL server package. Defaults to `true`. # @param package_name # The name of the MySQL server package to install. # @param package_provider # Define a specific provider for package install. # @param package_source # The location of the package source (require for some package provider) # @param purge_conf_dir # Whether the `includedir` directory should be purged. Valid values are `true`, `false`. Defaults to `false`. # @param remove_default_accounts # Specifies whether to automatically include `mysql::server::account_security`. Valid values are `true`, `false`. Defaults to `false`. # @param restart # Whether the service should be restarted when things change. Valid values are `true`, `false`. Defaults to `false`. # @param root_group # The name of the group used for root. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group). # @param mysql_group # The name of the group of the MySQL daemon user. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group). # @param mycnf_owner # Name or user-id who owns the mysql-config-file. # @param mycnf_group # Name or group-id which owns the mysql-config-file. # @param root_password # The MySQL root password. Puppet attempts to set the root password and update `/root/.my.cnf` with it. This is required if `create_root_user` or `create_root_my_cnf` are true. If `root_password` is 'UNSET', then `create_root_user` and `create_root_my_cnf` are assumed to be false --- that is, the MySQL root user and `/root/.my.cnf` are not created. Password changes are supported; however, the old password must be set in `/root/.my.cnf`. Effectively, Puppet uses the old password, configured in `/root/my.cnf`, to set the new password in MySQL, and then updates `/root/.my.cnf` with the new password. # @param service_enabled # Specifies whether the service should be enabled. Valid values are `true`, `false`. Defaults to `true`. # @param service_manage # Specifies whether the service should be managed. Valid values are `true`, `false`. Defaults to `true`. # @param service_name # The name of the MySQL server service. Defaults are OS dependent, defined in 'params.pp'. # @param service_provider # The provider to use to manage the service. For Ubuntu, defaults to 'upstart'; otherwise, default is undefined. # @param create_root_user # Whether root user should be created. Valid values are `true`, `false`. Defaults to `true`. This is useful for a cluster setup with Galera. The root user has to be created only once. You can set this parameter true on one node and set it to false on the remaining nodes. # @param create_root_my_cnf # Whether to create `/root/.my.cnf`. Valid values are `true`, `false`. Defaults to `true`. `create_root_my_cnf` allows creation of `/root/.my.cnf` independently of `create_root_user`. You can use this for a cluster setup with Galera where you want `/root/.my.cnf` to exist on all nodes. # @param users # Optional hash of users to create, which are passed to [mysql_user](#mysql_user). # @param grants # Optional hash of grants, which are passed to [mysql_grant](#mysql_grant). # @param databases # Optional hash of databases to create, which are passed to [mysql_database](#mysql_database). # @param enabled # _Deprecated_ # @param manage_service # _Deprecated_ # @param old_root_password # This parameter no longer does anything. It exists only for backwards compatibility. See the `root_password` parameter above for details on changing the root password. # class mysql::server ( $config_file = $mysql::params::config_file, $config_file_mode = $mysql::params::config_file_mode, $includedir = $mysql::params::includedir, $install_options = undef, $install_secret_file = $mysql::params::install_secret_file, $manage_config_file = $mysql::params::manage_config_file, Mysql::Options $options = {}, $override_options = {}, $package_ensure = $mysql::params::server_package_ensure, $package_manage = $mysql::params::server_package_manage, $package_name = $mysql::params::server_package_name, $package_provider = undef, $package_source = undef, $purge_conf_dir = $mysql::params::purge_conf_dir, $remove_default_accounts = false, $restart = $mysql::params::restart, $root_group = $mysql::params::root_group, $managed_dirs = $mysql::params::managed_dirs, $mysql_group = $mysql::params::mysql_group, $mycnf_owner = $mysql::params::mycnf_owner, $mycnf_group = $mysql::params::mycnf_group, - $root_password = $mysql::params::root_password, + Variant[String, Sensitive[String]] $root_password = $mysql::params::root_password, $service_enabled = $mysql::params::server_service_enabled, $service_manage = $mysql::params::server_service_manage, $service_name = $mysql::params::server_service_name, $service_provider = $mysql::params::server_service_provider, $create_root_user = $mysql::params::create_root_user, $create_root_my_cnf = $mysql::params::create_root_my_cnf, $create_root_login_file = $mysql::params::create_root_login_file, $login_file = $mysql::params::login_file, $users = {}, $grants = {}, $databases = {}, # Deprecated parameters $enabled = undef, $manage_service = undef, $old_root_password = undef ) inherits mysql::params { # Deprecated parameters. if $enabled { crit('This parameter has been renamed to service_enabled.') $real_service_enabled = $enabled } else { $real_service_enabled = $service_enabled } if $manage_service { crit('This parameter has been renamed to service_manage.') $real_service_manage = $manage_service } else { $real_service_manage = $service_manage } if $old_root_password { - warning(translate('The `old_root_password` attribute is no longer used and will be removed in a future release.')) + warning('The `old_root_password` attribute is no longer used and will be removed in a future release.') } if ! empty($options) and ! empty($override_options) { - fail(translate('You can\'t specify $options and $override_options simultaneously, see the README section \'Customize server options\'!')) + fail('You can\'t specify $options and $override_options simultaneously, see the README section \'Customize server options\'!') } # If override_options are set, create a merged together set of options. Rightmost hashes win over left. # If options are set, just use them. $_options = empty($options) ? { true => mysql::normalise_and_deepmerge($mysql::params::default_options, $override_options), false => $options, } Class['mysql::server::root_password'] -> Mysql::Db <| |> include 'mysql::server::config' include 'mysql::server::install' include 'mysql::server::managed_dirs' include 'mysql::server::installdb' include 'mysql::server::service' include 'mysql::server::root_password' include 'mysql::server::providers' if $remove_default_accounts { class { 'mysql::server::account_security': require => Anchor['mysql::server::end'], } } anchor { 'mysql::server::start': } anchor { 'mysql::server::end': } if $restart { Class['mysql::server::config'] ~> Class['mysql::server::service'] } Anchor['mysql::server::start'] -> Class['mysql::server::config'] -> Class['mysql::server::install'] -> Class['mysql::server::managed_dirs'] -> Class['mysql::server::installdb'] -> Class['mysql::server::service'] -> Class['mysql::server::root_password'] -> Class['mysql::server::providers'] -> Anchor['mysql::server::end'] } diff --git a/manifests/server/backup.pp b/manifests/server/backup.pp index f89063a..0233413 100644 --- a/manifests/server/backup.pp +++ b/manifests/server/backup.pp @@ -1,132 +1,140 @@ # @summary # Create and manage a MySQL backup. # # @example Create a basic MySQL backup: # class { 'mysql::server': # root_password => 'password' # } # class { 'mysql::server::backup': # backupuser => 'myuser', # backuppassword => 'mypassword', # backupdir => '/tmp/backups', # } # class { 'mysql::server::backup': # backupmethod => 'mariabackup', # provider => 'xtrabackup', # backupdir => '/tmp/backups', # } # # @param backupuser # MySQL user to create with backup administrator privileges. # @param backuppassword # Password to create for `backupuser`. # @param backupdir # Directory to store backup. # @param backupdirmode # Permissions applied to the backup directory. This parameter is passed directly to the file resource. # @param backupdirowner # Owner for the backup directory. This parameter is passed directly to the file resource. # @param backupdirgroup # Group owner for the backup directory. This parameter is passed directly to the file resource. # @param backupcompress # Whether or not to compress the backup (when using the mysqldump or xtrabackup provider) # @param backupmethod # The execution binary for backing up. ex. mysqldump, xtrabackup, mariabackup # @param backup_success_file_path # Specify a path where upon successfull backup a file should be created for checking purposes. # @param backuprotate # Backup rotation interval in 24 hour periods. # @param ignore_events # Ignore the mysql.event table. # @param delete_before_dump # Whether to delete old .sql files before backing up. Setting to true deletes old files before backing up, while setting to false deletes them after backup. # @param backupdatabases # Databases to backup (required if using xtrabackup provider). By default `[]` will back up all databases. # @param file_per_database # Use file per database mode creating one file per database backup. # @param include_routines # Dump stored routines (procedures and functions) from dumped databases when doing a `file_per_database` backup. # @param include_triggers # Dump triggers for each dumped table when doing a `file_per_database` backup. # @param incremental_backups # A flag to activate/deactivate incremental backups. Currently only supported by the xtrabackup provider. # @param ensure # @param time # An array of two elements to set the backup time. Allows ['23', '5'] (i.e., 23:05) or ['3', '45'] (i.e., 03:45) for HH:MM times. # @param prescript # A script that is executed before the backup begins. # @param postscript # A script that is executed when the backup is finished. This could be used to sync the backup to a central store. This script can be either a single line that is directly executed or a number of lines supplied as an array. It could also be one or more externally managed (executable) files. # @param execpath # Allows you to set a custom PATH should your MySQL installation be non-standard places. Defaults to `/usr/bin:/usr/sbin:/bin:/sbin`. # @param provider # Sets the server backup implementation. Valid values are: # @param maxallowedpacket # Defines the maximum SQL statement size for the backup dump script. The default value is 1MB, as this is the default MySQL Server value. # @param optional_args # Specifies an array of optional arguments which should be passed through to the backup tool. (Supported by the xtrabackup and mysqldump providers.) # @param install_cron # Manage installation of cron package +# @param compression_command +# Configure the command used to compress the backup (when using the mysqldump provider). Make sure the command exists +# on the target system. Packages for it are NOT automatically installed. +# @param compression_extension +# Configure the file extension for the compressed backup (when using the mysqldump provider) class mysql::server::backup ( $backupuser = undef, - $backuppassword = undef, + Optional[Variant[String, Sensitive[String]]] $backuppassword = undef, $backupdir = undef, $backupdirmode = '0700', $backupdirowner = 'root', $backupdirgroup = $mysql::params::root_group, $backupcompress = true, $backuprotate = 30, $backupmethod = undef, $backup_success_file_path = '/tmp/mysqlbackup_success', $ignore_events = true, $delete_before_dump = false, $backupdatabases = [], $file_per_database = false, $include_routines = false, $include_triggers = false, $ensure = 'present', $time = ['23', '5'], $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', $provider = 'mysqldump', $maxallowedpacket = '1M', $optional_args = [], $incremental_backups = true, $install_cron = true, + $compression_command = undef, + $compression_extension = undef ) inherits mysql::params { if $prescript and $provider =~ /(mysqldump|mysqlbackup)/ { - warning(translate("The 'prescript' option is not currently implemented for the %{provider} backup provider.", - { 'provider' => $provider })) + warning("The 'prescript' option is not currently implemented for the ${provider} backup provider.") } create_resources('class', { "mysql::backup::${provider}" => { 'backupuser' => $backupuser, 'backuppassword' => $backuppassword, 'backupdir' => $backupdir, 'backupdirmode' => $backupdirmode, 'backupdirowner' => $backupdirowner, 'backupdirgroup' => $backupdirgroup, 'backupcompress' => $backupcompress, 'backuprotate' => $backuprotate, 'backupmethod' => $backupmethod, 'backup_success_file_path' => $backup_success_file_path, 'ignore_events' => $ignore_events, 'delete_before_dump' => $delete_before_dump, 'backupdatabases' => $backupdatabases, 'file_per_database' => $file_per_database, 'include_routines' => $include_routines, 'include_triggers' => $include_triggers, 'ensure' => $ensure, 'time' => $time, 'prescript' => $prescript, 'postscript' => $postscript, 'execpath' => $execpath, 'maxallowedpacket' => $maxallowedpacket, 'optional_args' => $optional_args, 'incremental_backups' => $incremental_backups, 'install_cron' => $install_cron, + 'compression_command' => $compression_command, + 'compression_extension' => $compression_extension, } }) } diff --git a/manifests/server/managed_dirs.pp b/manifests/server/managed_dirs.pp index 87a765b..d784199 100644 --- a/manifests/server/managed_dirs.pp +++ b/manifests/server/managed_dirs.pp @@ -1,43 +1,45 @@ # @summary # Binary log configuration requires the mysql user to be present. This must be done after package install. # # @api private # class mysql::server::managed_dirs { $options = $mysql::server::_options $includedir = $mysql::server::includedir $managed_dirs = $mysql::server::managed_dirs #Debian: Fix permission on directories if $managed_dirs { $managed_dirs_path = $managed_dirs.map |$path| { $options['mysqld']["${path}"] } $managed_dirs.each | $entry | { $dir = $options['mysqld']["${entry}"] if ( $dir and $dir != '/usr' and $dir != '/tmp' ) { file { "${entry}-managed_dir": ensure => directory, path => $dir, mode => '0700', owner => $options['mysqld']['user'], group => $options['mysqld']['user'], } } } + } else { + $managed_dirs_path = [] } $logbin = pick($options['mysqld']['log-bin'], $options['mysqld']['log_bin'], false) if $logbin { $logbindir = dirname($logbin) #Stop puppet from managing directory if just a filename/prefix is specified or is not already managed - if ($logbindir != '.' or !($logbindir in $managed_dirs_path)) { + if (!($logbindir == '.' or $logbindir in $managed_dirs_path)) { file { $logbindir: ensure => directory, mode => '0700', owner => $options['mysqld']['user'], group => $options['mysqld']['user'], } } } } diff --git a/manifests/server/monitor.pp b/manifests/server/monitor.pp deleted file mode 100644 index 1e9d168..0000000 --- a/manifests/server/monitor.pp +++ /dev/null @@ -1,31 +0,0 @@ -# @summary -# This is a helper class to add a monitoring user to the database -# -# @param mysql_monitor_username -# The username to create for MySQL monitoring. -# @param mysql_monitor_password -# The password to create for MySQL monitoring. -# @param mysql_monitor_hostname -# The hostname from which the monitoring user requests are allowed access. -# -class mysql::server::monitor ( - $mysql_monitor_username = '', - $mysql_monitor_password = '', - $mysql_monitor_hostname = '' -) { - Anchor['mysql::server::end'] -> Class['mysql::server::monitor'] - - mysql_user { "${mysql_monitor_username}@${mysql_monitor_hostname}": - ensure => present, - password_hash => mysql::password($mysql_monitor_password), - require => Class['mysql::server::service'], - } - - mysql_grant { "${mysql_monitor_username}@${mysql_monitor_hostname}/*.*": - ensure => present, - user => "${mysql_monitor_username}@${mysql_monitor_hostname}", - table => '*.*', - privileges => ['PROCESS', 'SUPER'], - require => Mysql_user["${mysql_monitor_username}@${mysql_monitor_hostname}"], - } -} diff --git a/manifests/server/mysqltuner.pp b/manifests/server/mysqltuner.pp deleted file mode 100644 index ae006fc..0000000 --- a/manifests/server/mysqltuner.pp +++ /dev/null @@ -1,28 +0,0 @@ -# @summary -# Manage the MySQLTuner package. -# -# @param ensure -# Ensures that the resource exists. Valid values are 'present', 'absent'. Defaults to 'present'. -# @param version -# The version to install from the major/MySQLTuner-perl github repository. Must be a valid tag. Defaults to 'v1.3.0'. -# @param source -# Source path for the mysqltuner package. -# @param tuner_location -# Destination for the mysqltuner package. -class mysql::server::mysqltuner ( - $ensure = 'present', - $version = 'v1.3.0', - $source = undef, - $tuner_location = '/usr/local/bin/mysqltuner', -) { - if $source { - $_source = $source - } else { - $_source = "https://github.com/major/MySQLTuner-perl/raw/${version}/mysqltuner.pl" - } - file { $tuner_location: - ensure => $ensure, - mode => '0550', - source => $_source, - } -} diff --git a/manifests/server/root_password.pp b/manifests/server/root_password.pp index 9710e2b..470fd78 100644 --- a/manifests/server/root_password.pp +++ b/manifests/server/root_password.pp @@ -1,57 +1,69 @@ -# @summary +# @summary # Private class for managing the root password # # @api private # class mysql::server::root_password { + if $mysql::server::root_password =~ Sensitive { + $root_password = $mysql::server::root_password.unwrap + } else { + $root_password = $mysql::server::root_password + } + if $root_password == 'UNSET' { + $root_password_set = false + } else { + $root_password_set = true + } + $options = $mysql::server::_options $secret_file = $mysql::server::install_secret_file $login_file = $mysql::server::login_file # New installations of MySQL will configure a default random password for the root user # with an expiration. No actions can be performed until this password is changed. The # below exec will remove this default password. If the user has supplied a root # password it will be set further down with the mysql_user resource. $rm_pass_cmd = join([ "mysqladmin -u root --password=\$(grep -o '[^ ]\\+\$' ${secret_file}) password ''", "rm -f ${secret_file}", ], ' && ') exec { 'remove install pass': command => $rm_pass_cmd, onlyif => "test -f ${secret_file}", path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin', } # manage root password if it is set - if $mysql::server::create_root_user == true and $mysql::server::root_password != 'UNSET' { + if $mysql::server::create_root_user and $root_password_set { mysql_user { 'root@localhost': ensure => present, password_hash => mysql::password($mysql::server::root_password), require => Exec['remove install pass'], } } - if $mysql::server::create_root_my_cnf == true and $mysql::server::root_password != 'UNSET' { + if $mysql::server::create_root_my_cnf and $root_password_set { + # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado file { "${::root_home}/.my.cnf": content => template('mysql/my.cnf.pass.erb'), owner => 'root', mode => '0600', } # show_diff was added with puppet 3.0 if versioncmp($::puppetversion, '3.0') >= 0 { File["${::root_home}/.my.cnf"] { show_diff => false } } - if $mysql::server::create_root_user == true { + if $mysql::server::create_root_user { Mysql_user['root@localhost'] -> File["${::root_home}/.my.cnf"] } } - if $mysql::server::create_root_login_file == true and $mysql::server::root_password != 'UNSET' { + if $mysql::server::create_root_login_file and $root_password_set { file { "${::root_home}/.mylogin.cnf": source => $login_file, owner => 'root', mode => '0600', } } } diff --git a/metadata.json b/metadata.json index d6f084d..13b8571 100644 --- a/metadata.json +++ b/metadata.json @@ -1,94 +1,72 @@ { "name": "puppetlabs-mysql", - "version": "10.7.1", + "version": "12.0.0", "author": "puppetlabs", "summary": "Installs, configures, and manages the MySQL service.", "license": "Apache-2.0", "source": "git://github.com/puppetlabs/puppetlabs-mysql", "project_page": "http://github.com/puppetlabs/puppetlabs-mysql", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 3.2.0 < 7.0.0" - }, - { - "name": "puppetlabs/translate", - "version_requirement": ">= 1.0.0 < 3.0.0" - }, - { - "name": "puppetlabs/resource_api", - "version_requirement": ">= 1.0.0 < 2.0.0" + "version_requirement": ">= 3.2.0 < 8.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "5", "6", "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ - "5", "6", "7", "8" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "5", "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ - "11", "12", "15" ] }, - { - "operatingsystem": "Debian", - "operatingsystemrelease": [ - "8", - "9", - "10" - ] - }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "14.04", "16.04", - "18.04", - "20.04" + "18.04" ] } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 5.5.10 < 7.0.0" + "version_requirement": ">= 6.0.0 < 8.0.0" } ], "description": "MySQL module", - "template-url": "https://github.com/puppetlabs/pdk-templates#master", - "template-ref": "heads/master-0-gd610ead", - "pdk-version": "1.18.1" + "template-url": "https://github.com/puppetlabs/pdk-templates#main", + "template-ref": "heads/main-0-g2381db6", + "pdk-version": "2.1.0" } diff --git a/provision.yaml b/provision.yaml index c66768d..d78d6c4 100644 --- a/provision.yaml +++ b/provision.yaml @@ -1,32 +1,88 @@ --- default: provisioner: docker_exp - images: ['litmusimage/centos:7'] + images: + - litmusimage/centos:7 vagrant: provisioner: vagrant - images: ['centos/7', 'generic/ubuntu1804'] + images: + - centos/7 + - generic/ubuntu1804 travis_deb: provisioner: docker - images: ['litmusimage/debian:8', 'litmusimage/debian:9', 'litmusimage/debian:10'] + images: + - litmusimage/debian:9 + - litmusimage/debian:10 travis_ub_5: provisioner: docker - images: ['litmusimage/ubuntu:14.04', 'litmusimage/ubuntu:16.04', 'litmusimage/ubuntu:18.04'] + images: + - litmusimage/ubuntu:16.04 + - litmusimage/ubuntu:18.04 travis_ub_6: provisioner: docker - images: ['litmusimage/ubuntu:14.04', 'litmusimage/ubuntu:16.04', 'litmusimage/ubuntu:18.04', 'litmusimage/ubuntu:20.04'] -travis_el6: - provisioner: docker_exp - images: ['litmusimage/centos:6', 'litmusimage/scientificlinux:6'] + images: + - litmusimage/ubuntu:16.04 + - litmusimage/ubuntu:18.04 + - litmusimage/ubuntu:20.04 travis_el7: provisioner: docker_exp - images: ['litmusimage/centos:7', 'litmusimage/oraclelinux:7', 'litmusimage/scientificlinux:7'] + images: + - litmusimage/centos:7 + - litmusimage/oraclelinux:7 + - litmusimage/scientificlinux:7 travis_el8: provisioner: docker - images: ['litmusimage/centos:8'] + images: + - litmusimage/centos:8 release_checks_5: provisioner: abs - images: ['redhat-5-x86_64', 'redhat-6-x86_64', 'redhat-7-x86_64', 'redhat-8-x86_64', 'centos-5-x86_64', 'centos-6-x86_64', 'centos-7-x86_64', 'centos-8-x86_64', 'oracle-5-x86_64', 'oracle-6-x86_64', 'oracle-7-x86_64', 'scientific-6-x86_64', 'scientific-7-x86_64', 'debian-8-x86_64', 'debian-9-x86_64', 'debian-10-x86_64', 'ubuntu-1404-x86_64', 'ubuntu-1604-x86_64', 'ubuntu-1804-x86_64'] + images: + - redhat-6-x86_64 + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-6-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-5-x86_64 + - oracle-6-x86_64 + - oracle-7-x86_64 + - scientific-6-x86_64 + - scientific-7-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1604-x86_64 + - ubuntu-1804-x86_64 release_checks_6: provisioner: abs - images: ['redhat-5-x86_64', 'redhat-6-x86_64', 'redhat-7-x86_64', 'redhat-8-x86_64', 'centos-5-x86_64', 'centos-6-x86_64', 'centos-7-x86_64', 'centos-8-x86_64', 'oracle-5-x86_64', 'oracle-6-x86_64', 'oracle-7-x86_64', 'scientific-6-x86_64', 'scientific-7-x86_64', 'debian-8-x86_64', 'debian-9-x86_64', 'debian-10-x86_64', 'ubuntu-1404-x86_64', 'ubuntu-1604-x86_64', 'ubuntu-1804-x86_64', 'ubuntu-2004-x86_64'] - + images: + - redhat-6-x86_64 + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-6-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-5-x86_64 + - oracle-6-x86_64 + - oracle-7-x86_64 + - scientific-6-x86_64 + - scientific-7-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1604-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 +release_checks_7: + provisioner: abs + images: + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-7-x86_64 + - scientific-7-x86_64 + - sles-12-x86_64 + - sles-15-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md index 4a305da..99d9bd5 100644 --- a/readmes/README_ja_JP.md +++ b/readmes/README_ja_JP.md @@ -1,543 +1,543 @@ # mysql #### 目次 1. [説明 - モジュールの機能とその有益性](#module-description) 2. [セットアップ - mysql導入の基本](#setup) * [mysqlの導入](#beginning-with-mysql) 3. [使用方法 - 設定オプションと追加機能](#usage) * [サーバオプションのカスタマイズ](#customize-server-options) * [データベースを作成します](#create-a-database) * [設定のカスタマイズ](#customize-configuration) * [既存のサーバに対する操作](#work-with-an-existing-server) * [パスワードの指定](#specify-passwords) * [CentOSへのPerconaサーバのインストール](#install-percona-server-on-centos) * [UbuntuへのMariaDBのインストール](#install-mariadb-on-ubuntu) * [プラグインのインストール](#install-plugins) 4. [参考 - モジュールの機能と動作について](REFERENCE.md) 5. [制約 - OS互換性など](#limitations) 6. [開発 - モジュール貢献についてのガイド](#development) ## モジュールの概要 mysqlモジュールは、MySQLサービスをインストール、設定、管理します。 このモジュールは、MySQLのインストールと設定を管理するとともに、データベース、ユーザ、GRANT権限などのMySQLリソースを管理できるようにPuppetの機能を拡張します。 ## セットアップ ### mysqlの導入 デフォルトのオプションを使用してサーバをインストールするには、次のコマンドを使用します。 `include '::mysql::server'`. ルートパスワードや`/etc/my.cnf`の設定値などのオプションをカスタマイズするには、オーバーライドハッシュも渡す必要があります。 ```puppet class { '::mysql::server': root_password => 'strongpassword', remove_default_accounts => true, override_options => $override_options } ``` $override_options用のハッシュ構造体の例については、後述の[**サーバオプションのカスタマイズ**](#サーバオプションのカスタマイズ)を参照してください。 ## 使用 サーバに関するすべてのインタラクションは`mysql::server`を使用して行われ、クライアントのインストールには`mysql::client`が、バインディングのインストールには`mysql::bindings`が使用されます。 ### サーバオプションのカスタマイズ サーバオプションを定義するには、`mysql::server`でオーバーライドのハッシュ構造体を作成します。このハッシュは、my.cnfファイルに含まれているハッシュと似ています。 ```puppet $override_options = { 'section' => { 'item' => 'thing', } } ``` この形式のオプションを従来の方法で示すと次のようになります。 ``` [section] thing = X ``` ハッシュ内では`thing => true`、`thing => value`、または`thing => ""`の形でエントリを作成できます。または、`thing => ['value', 'value2']`の形で配列を渡したり、`thing => value`を独立した行に個別にリストすることもできます。 値を設定せずに変数をハッシュに含めて渡すことができます。この場合、変数にはMySQLのデフォルトの設定値が使用されます。オプションを`my.cnf`ファイルから除外するには(たとえば`override_options`を使用してデフォルト値に戻す場合など)、`thing => undef`を渡します。 オプションに複数のインスタンスが必要な場合は配列を渡します。たとえば次の例の場合は、 ```puppet $override_options = { 'mysqld' => { 'replicate-do-db' => ['base1', 'base2'], } } ``` 次のようになります。 ```puppet [mysqld] replicate-do-db = base1 replicate-do-db = base2 ``` バージョンに固有なパラメータを実装するには、[mysqld-5.5]のようにバージョンを指定します。こうすると、1つのconfigで複数の異なるバージョンのMySQLに対応できます。 ### データベースを作成します ユーザおよび割り当てられたいくつかの権限を含むデータベースを作成するには、次のようにします。 ```puppet mysql::db { 'mydb': user => 'myuser', password => 'mypass', host => 'localhost', grant => ['SELECT', 'UPDATE'], } ``` エクスポートされたリソースを含む別のリソース名を使用するには、次のようにします。 ```puppet @@mysql::db { "mydb_${fqdn}": user => 'myuser', password => 'mypass', dbname => 'mydb', host => ${fqdn}, grant => ['SELECT', 'UPDATE'], tag => $domain, } ``` さらに、これをリモートDBサーバに集めることができます。 ```puppet Mysql::Db <<| tag == $domain |>> ``` データベースの作成時にファイルにsqlパラメータを設定する場合は、新しいデータベースにファイルがインポートされます。 サイズの大きいsqlファイルの場合は、`import_timeout`パラメータの値(デフォルト値300秒)を大きくします。 MySQLクライアントを標準のbin/sbin以外のパスにインストールしている場合、`mysql_exec_path`にこれを設定します。 ```puppet mysql::db { 'mydb': user => 'myuser', password => 'mypass', host => 'localhost', grant => ['SELECT', 'UPDATE'], sql => '/path/to/sqlfile.gz', import_cat_cmd => 'zcat', import_timeout => 900, mysql_exec_path => '/opt/rh/rh-myql57/root/bin' } ``` ### 設定のカスタマイズ MySQLカスタム設定を追加するには、`includedir`にファイルを追加します。こうすると設定値をオーバーライドしたり別の設定値を追加したりすることができ、`mysql::server`で`override_options`を使用しない場合に役立ちます。`includedir`の場所は、デフォルトでは`/etc/mysql/conf.d`に設定されます。 ### 既存のサーバに対する操作 既存のMySQLサーバ上にデータベースとユーザのインスタンスを作成するには、`root`のホームディレクトリに`.my.cnf`ファイルが必要です。次の例のように、このファイルでリモートサーバのアドレスと認証情報を指定する必要があります。 ```puppet [client] user=root host=localhost password=secret ``` このモジュールは、`mysqld_version`ファクトから、使用されているサーバのバージョンを認識します。デフォルトでは、`mysqld_version`は`mysqld -V`の出力に設定されています。リモートMySQLサーバに対する操作を行う場合は、`mysqld_version`に対応するカスタムファクトを設定しないと正常に動作しない可能性があります。 リモートサーバに対する操作を行う際には、Puppetマニフェスト内で`mysql::server`クラスを使用*しない*でください。 ### パスワードの指定 パスワードは、プレーンテキストとして渡せるだけでなく、次のようにハッシュとして入力することもできます。 ```puppet mysql::db { 'mydb': user => 'myuser', password => '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4', host => 'localhost', grant => ['SELECT', 'UPDATE'], } ``` 必要に応じて、パスワードも空文字列とし、パスワードなしで接続を許可することができます。 ### CentOSへのPerconaサーバのインストール 次の例は、CentOSシステムへのPerconaサーバの最小限のインストール方法を示します。この例では、Perconaサーバ、クライアント、バインディング(PerlとPythonのバインディングを含む)がセットアップされます。この方法をカスタマイズして必要に応じバージョンを更新することができます。 この方法は、Puppet 4.4/CentOS 7/Perconaサーバ5.7でテストされています。 注意:** yumレポジトリのインストールはこのパッケージには含まれていません。 ```puppet yumrepo { 'percona': descr => 'CentOS $releasever - Percona', baseurl => 'http://repo.percona.com/centos/$releasever/os/$basearch/', gpgkey => 'http://www.percona.com/downloads/percona-release/RPM-GPG-KEY-percona', enabled => 1, gpgcheck => 1, } class {'mysql::server': package_name => 'Percona-Server-server-57', package_ensure => '5.7.11-4.1.el7', service_name => 'mysql', config_file => '/etc/my.cnf', includedir => '/etc/my.cnf.d', root_password => 'PutYourOwnPwdHere', override_options => { mysqld => { log-error => '/var/log/mysqld.log', pid-file => '/var/run/mysqld/mysqld.pid', }, mysqld_safe => { log-error => '/var/log/mysqld.log', }, } } # 注意:Percona-Server-server-57をインストールするとPercona-Server-client-57もインストールされます。 # 次の例は、Percona MySQLクライアントを単独でインストールする方法を示します。 class {'mysql::client': package_name => 'Percona-Server-client-57', package_ensure => '5.7.11-4.1.el7', } # 通常、以下のパッケージはPercona-Server-server-57とともにインストールされます。 # バインディングもインストールする必要がある場合は、このコードでインストールできます。 class { 'mysql::bindings': client_dev_package_name => 'Percona-Server-shared-57', client_dev_package_ensure => '5.7.11-4.1.el7', client_dev => true, daemon_dev_package_name => 'Percona-Server-devel-57', daemon_dev_package_ensure => '5.7.11-4.1.el7', daemon_dev => true, perl_enable => true, perl_package_name => 'perl-DBD-MySQL', python_enable => true, python_package_name => 'MySQL-python', } # Dependencies definition Yumrepo['percona']-> Class['mysql::server'] Yumrepo['percona']-> Class['mysql::client'] Yumrepo['percona']-> Class['mysql::bindings'] ``` ### UbuntuへのMariaDBのインストール #### オプション:MariaDBの公式のレポジトリのインストール 次の例では、distroレポジトリでなく公式のMariaDBレポジトリの最新の安定版(現在10.1)を使用しています。代わりに、Ubuntuレポジトリのパッケージを使用することもできます。必要に応じた正しいバージョンのレポジトリを使用してください。 **注意:** `sfo1.mirrors.digitalocean.com`は利用可能な多くのミラーの一例であり、公式のミラーであればいずれも使用できます。 ```puppet include apt apt::source { 'mariadb': location => 'http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu', release => $::lsbdistcodename, repos => 'main', key => { id => '199369E5404BD5FC7D2FE43BCBCB082A1BB943DB', server => 'hkp://keyserver.ubuntu.com:80', }, include => { src => false, deb => true, }, } ``` #### MariaDBサーバのインストール 次の例では、Ubuntu TrustyへのMariaDBサーバのインストール方法を示しています。`my.cnf`のバージョンとパラメータは、必要に応じて調整してください。`my.cnf`のパラメータはすべて`override_options`パラメータを使用して定義できます。 フォルダ`/var/log/mysql`と`/var/run/mysqld`は自動的に作成されますが、他のカスタムフォルダを使用する場合は、それらがコードの必須要件になります。 以下に示す値はすべて、最小限の構成にする場合の例です。 必要なパッケージのバージョンを、`package_ensure`パラメータで指定してください。 ```puppet class {'::mysql::server': package_name => 'mariadb-server', package_ensure => '10.1.14+maria-1~trusty', service_name => 'mysql', root_password => 'AVeryStrongPasswordUShouldEncrypt!', override_options => { mysqld => { 'log-error' => '/var/log/mysql/mariadb.log', 'pid-file' => '/var/run/mysqld/mysqld.pid', }, mysqld_safe => { 'log-error' => '/var/log/mysql/mariadb.log', }, } } # 依存関係の管理。レポジトリをインストールする場合はこの例の前のステップで示されている部分だけを使用してください。 Apt::Source['mariadb'] ~> Class['apt::update'] -> Class['::mysql::server'] ``` #### MariaDBクライアントのインストール 次の例は、MariaDBクライアントとすべてのバインディングを一度にインストールする方法を示します。このインストール操作は、サーバのインストール操作とは別に行うことができます。 必要なパッケージのバージョンを、`package_ensure`パラメータで指定してください。 ```puppet class {'::mysql::client': package_name => 'mariadb-client', package_ensure => '10.1.14+maria-1~trusty', bindings_enable => true, } # Dependency management. Only use that part if you are installing the repository as shown in the Preliminary step of this example. Apt::Source['mariadb'] ~> Class['apt::update'] -> Class['::mysql::client'] ``` ### CentOSへのMySQL Communityサーバのインストール MySQLモジュールおよびHieraを使用して、MySQL CommunityサーバーをCentOSにインストールすることができます。この例は以下のバージョンでテスト済みです。 * MySQL Community Server 5.6 * Centos 7.3 * Hieraを使用したPuppet 3.8.7 * puppetlabs-mysqlモジュールv3.9.0 Puppetで: ```puppet include ::mysql::server create_resources(yumrepo, hiera('yumrepo', {})) Yumrepo['repo.mysql.com'] -> Anchor['mysql::server::start'] Yumrepo['repo.mysql.com'] -> Package['mysql_client'] create_resources(mysql::db, hiera('mysql::server::db', {})) ``` Hieraで: ```yaml --- # Centos 7.3 yumrepo: 'repo.mysql.com': baseurl: "http://repo.mysql.com/yum/mysql-5.6-community/el/%{::operatingsystemmajrelease}/$basearch/" descr: 'repo.mysql.com' enabled: 1 gpgcheck: true gpgkey: 'http://repo.mysql.com/RPM-GPG-KEY-mysql' mysql::client::package_name: "mysql-community-client" # 適切なMySQL導入のために必要 mysql::server::package_name: "mysql-community-server" # 適切なMySQL導入のために必要 mysql::server::package_ensure: 'installed' # ここではバージョンを指定しないでください。残念ながら、パッケージがインストールされているエラーでyumは失敗しました。 mysql::server::root_password: "change_me_i_am_insecure" mysql::server::manage_config_file: true mysql::server::service_name: 'mysqld' # Puppetモジュールに必要 mysql::server::override_options: 'mysqld': 'bind-address': '127.0.0.1' 'log-error': '/var/log/mysqld.log' # 適切なMySQL導入のために必要 'mysqld_safe': 'log-error': '/var/log/mysqld.log' # 適切なMySQL導入のために必要 # データベース+アクセスできるアカウント、暗号化されていないパスワードを作成 mysql::server::db: "dev": user: "dev" password: "devpass" host: "127.0.0.1" grant: - "ALL" ``` ### プラグインのインストール プラグインはユーザ定義のタイプ`mysql_plugin` を使用してインストールできます。`examples/mysql_plugin.pp`で、具体的な例を参照してください。 ## リファレンス ### クラス #### パブリッククラス * [`mysql::server`](#mysqlserver):MySQLをインストールして設定します。 * [`mysql::server::monitor`](#mysqlservermonitor):モニタするユーザをセットアップします。 * [`mysql::server::mysqltuner`](#mysqlservermysqltuner):MySQL tunerスクリプトをインストールします。 * [`mysql::server::backup`](#mysqlserverbackup):cronを使用してMySQLバックアップをセットアップします。 * [`mysql::bindings`](#mysqlbindings):さまざまなMySQL言語バインディングをインストールします。 * [`mysql::client`](#mysqlclient):MySQLクライアントをインストールします(サーバ以外)。 #### プライベートクラス * `mysql::server::install`:パッケージをインストールします。 * `mysql::server::installdb`:mysqldデータディレクトリ(/var/lib/mysqlなど)のセットアップを実行します。 * `mysql::server::config`:MySQLを設定します。 * `mysql::server::service`:サービスを管理します。 * `mysql::server::account_security`:デフォルトのMySQLアカウントを削除します。 * `mysql::server::root_password`:MySQLのルートパスワードを設定します。 * `mysql::server::providers`:ユーザ、GRANT権限、データベースを作成します。 * `mysql::bindings::client_dev`:MySQLクライアント開発パッケージをインストールします。 * `mysql::bindings::daemon_dev`:MySQLデーモン開発パッケージをインストールします。 * `mysql::bindings::java`:javaバインディングをインストールします。 * `mysql::bindings::perl`:Perlバインディングをインストールします。 * `mysql::bindings::php`:PHPバインディングをインストールします。 * `mysql::bindings::python`:Pythonバインディングをインストールします。 * `mysql::bindings::ruby`:Rubyバインディングをインストールします。 * `mysql::client::install`:MySQLクライアントをインストールします。 * `mysql::backup::mysqldump`:mysqldumpのバックアップを実行します。 * `mysql::backup::mysqlbackup`:Oracle MySQL Enterprise Backupを使用してバックアップを実行します。 * `mysql::backup::xtrabackup`:PerconaのXtraBackupを使用してバックアップを実行します。 ### パラメータ #### mysql::server ##### `create_root_user` ルートユーザを作成するかどうかを指定します。 有効な値:`true`、`false`。 デフォルト値:`true`。 このパラメータは、Galeraでクラスタをセットアップする場合に役立ちます。ルートユーザの作成が必要なのは一度だけです。このパラメータを、1つのノードに対しtrueに設定し、他のすべてのノードに対してfalseに設定できます。 ##### `create_root_my_cnf` `/root/.my.cnf`を作成するかどうかを指定します。 有効な値:`true`、`false`。 デフォルト値:`true`。 `create_root_my_cnf`を使用すると`create_root_user`に左右されずに`/root/.my.cnf`を作成できます。すべてのノードに`/root/.my.cnf`が存在するようにしたい場合に、Galeraでこの機能を使用してクラスタをセットアップできます。 ##### `root_password` MySQLのルートパスワード。Puppetは、このパラメータを使用して、ルートパスワードの設定や`/root/.my.cnf`の更新を試みます。 `create_root_user`または`create_root_my_cnf`がtrueの場合にこのパラメータが必要です。`root_password`が'UNSET'の場合は`create_root_user`と`create_root_my_cnf`がfalseになります(MySQLルートユーザと`/root/.my.cnf`が作成されません)。 パスワード変更はサポートされますが、`/root/.my.cnf`に旧パスワードが設定されている必要があります。実際には、Puppetは`/root/.my.cnf`に設定されている旧パスワードを使用してMySQLで新しいパスワードを設定してから、`/root/.my.cnf`を新しいパスワードで更新します。 ##### `old_root_password` 現在、このパラメータでは何も行わず、下位互換性を確保するためだけに存在します。ルートパスワードの変更についての詳細は、上記の`root_password`パラメータの説明を参照してください。 ##### `create_root_login_file` mysql 5.6.6以上を使用するときに、`/root/.mylogin.cnf`を作成するかどうかを指定します。 有効な値:`true`、`false`。 デフォルト値:`false`。 `create_root_login_file`は、既存の`.mylogin.cnf`のコピーを`/root/.mylogin.cnf`に作成します。 このオプションを'true'に設定する場合、`login_file`オプションも指定する必要があります。 'true'に設定する場合、`login_file`オプションが必要です。 #### `login_file` `/root/.mylogin.cnf`を規定の位置に配置するかどうかを指定します。 `.mylogin.cnf`ファイルの作成には、`mysql_config_editor`を使用する必要があります。このツールは、mysql 5.6.6+に付属しています。 作成した.mylogin.cnfファイルは、モジュール内のファイルの下に配置する必要があります。使用法については下記の例を参照してください。 `/root/.mylogin.cnf`が存在する場合、環境変数`MYSQL_TEST_LOGIN_FILE`が設定されます。 このパラメータは、`create_root_user`と`create_root_login_file`がどちらもtrueである場合に必要です。`root_password`が'UNSET'である場合、`create_root_user`および`create_root_login_file`はfalseであると見なされます。このため、MySQLのrootユーザと`/root/.mylogin.cnf`は作成されません。 ```puppet class { '::mysql::server': root_password => 'password', create_root_my_cnf => false, create_root_login_file => true, login_file => "puppet:///modules/${module_name}/mylogin.cnf", } ``` ##### `override_options` MySQLに渡すオーバーライドオプションを指定します。構造はmy.cnfファイルのハッシュと同様です。 ```puppet class { 'mysql::server': root_password => 'password' } mysql_plugin { 'auth_pam': ensure => present, soname => 'auth_pam.so', } ``` ### タスク MySQLモジュールにはサンプルタスクがあり、ユーザはデータベースに対して任意のSQLを実行できます。[Puppet Enterpriseマニュアル](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html)または[Boltマニュアル](https://puppet.com/docs/bolt/latest/bolt.html)で、タスクを実行する方法に関する情報を参照してください。 ## 制約事項 -サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-mysql/blob/master/metadata.json)を参照してください。 +サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-mysql/blob/main/metadata.json)を参照してください。 **注意:** mysqlbackup.shは、MySQL 5.7以降では動作せず、サポートされていません。 ## 開発 Puppet Forge上のPuppetモジュールはオープンプロジェクトであり、その価値を維持するにはコミュニティからの貢献が欠かせません。Puppetが提供する膨大な数のプラットフォームや、無数のハードウェア、ソフトウェア、デプロイ設定に弊社がアクセスすることは不可能です。 弊社は、できるだけ変更に貢献しやすくして、弊社のモジュールがユーザの環境で機能する状態を維持したいと考えています。弊社では、状況を把握できるよう、貢献者に従っていただくべきいくつかのガイドラインを設けています。 弊社の詳細な[モジュール貢献についてのガイドライン](https://docs.puppetlabs.com/forge/contributing.html)をご確認ください。 ### 作成者 このモジュールは、David Schmittが作成したものをベースにして、以下の作成者による貢献内容が加えられています(Puppet Labsを除く)。 * Larry Ludwig * Christian G. Warden * Daniel Black * Justin Ellison * Lowe Schmidt * Matthias Pigulla * William Van Hevelingen * Michael Arnold * Chris Weyl * Daniël van Eeden * Jan-Otto Kröpke * Timothy Sven Nelson diff --git a/spec/acceptance/mysql_server_spec.rb b/spec/acceptance/00_mysql_server_spec.rb similarity index 96% rename from spec/acceptance/mysql_server_spec.rb rename to spec/acceptance/00_mysql_server_spec.rb index cfe4071..1da8281 100644 --- a/spec/acceptance/mysql_server_spec.rb +++ b/spec/acceptance/00_mysql_server_spec.rb @@ -1,83 +1,86 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' +export_locales describe 'mysql class' do describe 'advanced config' do let(:pp) do <<-MANIFEST class { 'mysql::server': manage_config_file => 'true', override_options => { 'mysqld' => { 'key_buffer_size' => '32M' }}, package_ensure => 'present', purge_conf_dir => 'true', remove_default_accounts => 'true', restart => 'true', root_group => 'root', root_password => 'test', service_enabled => 'true', service_manage => 'true', users => { 'someuser@localhost' => { ensure => 'present', max_connections_per_hour => '0', max_queries_per_hour => '0', max_updates_per_hour => '0', max_user_connections => '0', password_hash => '*F3A2A51A9B0F2BE2468926B4132313728C250DBF', }}, grants => { 'someuser@localhost/somedb.*' => { ensure => 'present', options => ['GRANT'], privileges => ['SELECT', 'INSERT', 'UPDATE', 'DELETE'], table => 'somedb.*', user => 'someuser@localhost', }, }, databases => { 'somedb' => { ensure => 'present', - charset => 'utf8', + charset => #{fetch_charset}, }, } } MANIFEST end it 'behaves idempotently' do idempotent_apply(pp) end describe 'override_options' do let(:pp) do <<-MANIFEST class { '::mysql::server': override_options => { 'mysqld' => { 'log-bin' => '/var/log/mariadb/mariadb-bin.log',} } } MANIFEST end it 'can be set' do apply_manifest(pp, catch_failures: true) do |r| expect(r.stderr).to be_empty end end end end describe 'syslog configuration' do let(:pp) do <<-MANIFEST class { 'mysql::server': override_options => { 'mysqld' => { 'log-error' => undef }, 'mysqld_safe' => { 'log-error' => false, 'syslog' => true }}, } MANIFEST end it 'behaves idempotently' do idempotent_apply(pp) end end end diff --git a/spec/acceptance/mysql_db_spec.rb b/spec/acceptance/01_mysql_db_spec.rb similarity index 93% rename from spec/acceptance/mysql_db_spec.rb rename to spec/acceptance/01_mysql_db_spec.rb index 6fccaf7..04586fe 100644 --- a/spec/acceptance/mysql_db_spec.rb +++ b/spec/acceptance/01_mysql_db_spec.rb @@ -1,81 +1,86 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' describe 'mysql::db define' do describe 'creating a database' do let(:pp) do <<-MANIFEST class { 'mysql::server': root_password => 'password', service_enabled => 'true', service_manage => 'true', } mysql::db { 'spec1': user => 'root1', password => 'password', + charset => #{fetch_charset}, } MANIFEST end it 'behaves idempotently' do idempotent_apply(pp) end it 'Checking exit code and stdout' do result = run_shell("mysql -e 'show databases;'") expect(result.exit_code).to eq 0 expect(result.stdout).to match %r{^spec1$} end end describe 'creating a database with post-sql' do let(:pp) do <<-MANIFEST class { 'mysql::server': override_options => { 'root_password' => 'password' } } file { '/tmp/spec.sql': ensure => file, content => 'CREATE TABLE table1 (id int);', before => Mysql::Db['spec2'], } mysql::db { 'spec2': user => 'root1', password => 'password', sql => '/tmp/spec.sql', + charset => #{fetch_charset}, } MANIFEST end it 'behaves idempotently' do idempotent_apply(pp) end it 'Checking exit code and stdout' do result = run_shell("mysql -e 'show tables;' spec2") expect(result.exit_code).to eq 0 expect(result.stdout).to match %r{^table1$} end end describe 'creating a database with dbname parameter' do let(:check_command) { ' | grep realdb' } let(:pp) do <<-MANIFEST class { 'mysql::server': override_options => { 'root_password' => 'password' } } mysql::db { 'spec1': user => 'root1', password => 'password', dbname => 'realdb', + charset => #{fetch_charset}, } MANIFEST end it 'behaves idempotently' do idempotent_apply(pp) end it 'Checking exit code and stdout' do result = run_shell("mysql -e 'show databases;'") expect(result.exit_code).to eq 0 expect(result.stdout).to match %r{^realdb$} end end end diff --git a/spec/acceptance/mysql_mariadb_spec.rb b/spec/acceptance/02_mysql_mariadb_spec.rb similarity index 87% rename from spec/acceptance/mysql_mariadb_spec.rb rename to spec/acceptance/02_mysql_mariadb_spec.rb index f70a5ba..bb5cc46 100644 --- a/spec/acceptance/mysql_mariadb_spec.rb +++ b/spec/acceptance/02_mysql_mariadb_spec.rb @@ -1,44 +1,46 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' -describe 'mysql server class', if: ((os[:family] == 'debian' && os[:release].to_i > 8) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do +describe 'mysql server class', if: ((os[:family] == 'debian') || (os[:family] == 'redhat' && os[:release].to_i > 6)) do describe 'mariadb' do let(:pp) do <<-MANIFEST $osname = $facts['os']['name'].downcase yumrepo {'mariadb': baseurl => "http://yum.mariadb.org/10.4/$osname${facts['os']['release']['major']}-aarch64/", gpgkey => 'https://yum.mariadb.org/RPM-GPG-KEY-MariaDB', descr => "MariaDB 10.4", - enabled => 1, - gpgcheck => 1, + enabled => 0, + gpgcheck => 0, }-> class { '::mysql::server': require => Yumrepo['mariadb'], package_name => 'mariadb-server', service_name => 'mariadb', root_password => 'strongpassword', remove_default_accounts => true, managed_dirs => ['/var/log','/var/run/mysql'], override_options => { mysqld => { log-error => '/var/log/mariadb.log', pid-file => '/var/run/mysql/mysqld.pid', }, mysqld_safe => { log-error => '/var/log/mariadb.log', }, }, } MANIFEST end it 'apply manifest' do apply_manifest(pp) end it 'mariadb connection' do result = run_shell('mysql --user="root" --password="strongpassword" -e "status"') expect(result.stdout).to match(%r{MariaDB}) expect(result.stderr).to be_empty end end end diff --git a/spec/acceptance/mysql_task_spec.rb b/spec/acceptance/03_mysql_task_spec.rb similarity index 95% rename from spec/acceptance/mysql_task_spec.rb rename to spec/acceptance/03_mysql_task_spec.rb index 7cc227f..0b082bc 100644 --- a/spec/acceptance/mysql_task_spec.rb +++ b/spec/acceptance/03_mysql_task_spec.rb @@ -1,24 +1,26 @@ +# frozen_string_literal: true + # run a test task require 'spec_helper_acceptance' describe 'mysql tasks', if: os[:family] != 'sles' do describe 'execute some sql' do pp = <<-MANIFEST class { 'mysql::server': root_password => 'password' } mysql::db { 'spec1': user => 'root1', password => 'password', } MANIFEST it 'sets up a mysql instance' do apply_manifest(pp, catch_failures: true) end it 'execute arbitary sql' do result = run_bolt_task('mysql::sql', 'sql' => 'show databases;', 'password' => 'password') expect(result.stdout).to contain(%r{information_schema}) expect(result.stdout).to contain(%r{spec1}) end end end diff --git a/spec/acceptance/mysql_backup_spec.rb b/spec/acceptance/04_mysql_backup_spec.rb similarity index 57% rename from spec/acceptance/mysql_backup_spec.rb rename to spec/acceptance/04_mysql_backup_spec.rb index 45a00e5..d46fe77 100644 --- a/spec/acceptance/mysql_backup_spec.rb +++ b/spec/acceptance/04_mysql_backup_spec.rb @@ -1,365 +1,341 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' describe 'mysql::server::backup class' do context 'should work with no errors' do pp = <<-MANIFEST class { 'mysql::server': root_password => 'password' } mysql::db { [ 'backup1', 'backup2' ]: user => 'backup', password => 'secret', + charset => #{fetch_charset}, } class { 'mysql::server::backup': backupuser => 'myuser', backuppassword => 'mypassword', backupdir => '/tmp/backups', backupcompress => true, postscript => [ 'rm -rf /var/tmp/mysqlbackups', 'rm -f /var/tmp/mysqlbackups.done', 'cp -r /tmp/backups /var/tmp/mysqlbackups', 'touch /var/tmp/mysqlbackups.done', ], execpath => '/usr/bin:/usr/sbin:/bin:/sbin:/opt/zimbra/bin', } MANIFEST it 'when configuring mysql backups' do idempotent_apply(pp) end end describe 'mysqlbackup.sh', if: Gem::Version.new(mysql_version) < Gem::Version.new('5.7.0') do - before(:all) do - pre_run - end - it 'runs mysqlbackup.sh with no errors' do run_shell('/usr/local/sbin/mysqlbackup.sh') do |r| expect(r.stderr).to eq('') end end it 'dumps all databases to single file' do run_shell('ls -l /tmp/backups/mysql_backup_*-*.sql.bz2 | wc -l') do |r| expect(r.stdout).to match(%r{1}) expect(r.exit_code).to be_zero end end context 'should create one file per database per run' do it 'executes mysqlbackup.sh a second time' do run_shell('sleep 1') run_shell('/usr/local/sbin/mysqlbackup.sh') end it 'creates at least one backup tarball' do run_shell('ls -l /tmp/backups/mysql_backup_*-*.sql.bz2 | wc -l') do |r| expect(r.stdout).to match(%r{2}) expect(r.exit_code).to be_zero end end end end - # rubocop:enable RSpec/MultipleExpectations, RSpec/ExampleLength -end -context 'with one file per database' do - context 'should work with no errors' do - pp = <<-MANIFEST + context 'with one file per database' do + context 'should work with no errors' do + pp = <<-MANIFEST class { 'mysql::server': root_password => 'password' } mysql::db { [ 'backup1', 'backup2' ]: user => 'backup', password => 'secret', + charset => #{fetch_charset}, } class { 'mysql::server::backup': backupuser => 'myuser', backuppassword => 'mypassword', backupdir => '/tmp/backups', backupcompress => true, file_per_database => true, postscript => [ 'rm -rf /var/tmp/mysqlbackups', 'rm -f /var/tmp/mysqlbackups.done', 'cp -r /tmp/backups /var/tmp/mysqlbackups', 'touch /var/tmp/mysqlbackups.done', ], execpath => '/usr/bin:/usr/sbin:/bin:/sbin:/opt/zimbra/bin', } MANIFEST - it 'when configuring mysql backups' do - idempotent_apply(pp) - end - end - - describe 'mysqlbackup.sh', if: Gem::Version.new(mysql_version) < Gem::Version.new('5.7.0') do - before(:all) do - pre_run + it 'when configuring mysql backups' do + idempotent_apply(pp) + end end - it 'runs mysqlbackup.sh with no errors without root credentials' do - run_shell('HOME=/tmp/dontreadrootcredentials /usr/local/sbin/mysqlbackup.sh') do |r| - expect(r.stderr).to eq('') + describe 'mysqlbackup.sh', if: Gem::Version.new(mysql_version) < Gem::Version.new('5.7.0') do + it 'runs mysqlbackup.sh with no errors without root credentials' do + run_shell('HOME=/tmp/dontreadrootcredentials /usr/local/sbin/mysqlbackup.sh') do |r| + expect(r.stderr).to eq('') + end end - end - it 'creates one file per database' do - ['backup1', 'backup2'].each do |database| - run_shell("ls -l /tmp/backups/mysql_backup_#{database}_*-*.sql.bz2 | wc -l") do |r| - expect(r.stdout).to match(%r{1}) - expect(r.exit_code).to be_zero + it 'creates one file per database' do + ['backup1', 'backup2'].each do |database| + run_shell("ls -l /tmp/backups/mysql_backup_#{database}_*-*.sql.bz2 | wc -l") do |r| + expect(r.stdout).to match(%r{1}) + expect(r.exit_code).to be_zero + end end end - end - it 'executes mysqlbackup.sh a second time' do - run_shell('sleep 1') - run_shell('HOME=/tmp/dontreadrootcredentials /usr/local/sbin/mysqlbackup.sh') - end + it 'executes mysqlbackup.sh a second time' do + run_shell('sleep 1') + run_shell('HOME=/tmp/dontreadrootcredentials /usr/local/sbin/mysqlbackup.sh') + end - it 'has one file per database per run' do - ['backup1', 'backup2'].each do |database| - run_shell("ls -l /tmp/backups/mysql_backup_#{database}_*-*.sql.bz2 | wc -l") do |r| - expect(r.stdout).to match(%r{2}) - expect(r.exit_code).to be_zero + it 'has one file per database per run' do + ['backup1', 'backup2'].each do |database| + run_shell("ls -l /tmp/backups/mysql_backup_#{database}_*-*.sql.bz2 | wc -l") do |r| + expect(r.stdout).to match(%r{2}) + expect(r.exit_code).to be_zero + end end end end - # rubocop:enable RSpec/MultipleExpectations, RSpec/ExampleLength end -end -context 'with xtrabackup enabled' do - context 'should work with no errors', if: ((os[:family] == 'debian' && os[:release].to_i >= 8) || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do # rubocop:disable Metrics/LineLength - pp = <<-MANIFEST + context 'with xtrabackup enabled' do + context 'should work with no errors', if: ((os[:family] == 'debian') || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do + pp = <<-MANIFEST class { 'mysql::server': root_password => 'password' } mysql::db { [ 'backup1', 'backup2' ]: user => 'backup', password => 'secret', + charset => #{fetch_charset}, } case $facts['os']['family'] { /Debian/: { if versioncmp($::operatingsystemmajrelease, '8') >= 0 { $source_url = "http://repo.percona.com/apt/percona-release_1.0-22.generic_all.deb" } else { $source_url = "http://repo.percona.com/apt/percona-release_latest.${facts['os']['distro']['codename']}_all.deb" } file { '/tmp/percona-release_latest.deb': ensure => present, source => $source_url, } ensure_packages('gnupg') ensure_packages('gnupg2') + ensure_packages('curl') ensure_packages('percona-release',{ ensure => present, provider => 'dpkg', source => '/tmp/percona-release_latest.deb', notify => Exec['apt-get update'], }) exec { 'apt-get update': path => '/usr/bin:/usr/sbin:/bin:/sbin', refreshonly => true, } } /RedHat/: { # RHEL/CentOS 5 is no longer supported by Percona, but older versions # of the repository are still available. if versioncmp($::operatingsystemmajrelease, '6') >= 0 { $percona_url = 'http://repo.percona.com/yum/percona-release-latest.noarch.rpm' $epel_url = "https://download.fedoraproject.org/pub/epel/epel-release-latest-${facts['os']['release']['major']}.noarch.rpm" } else { $percona_url = 'http://repo.percona.com/yum/release/5/os/noarch/percona-release-0.1-3.noarch.rpm' $epel_url = 'https://archives.fedoraproject.org/pub/archive/epel/epel-release-latest-5.noarch.rpm' } ensure_packages('percona-release',{ ensure => present, provider => 'rpm', source => $percona_url, }) ensure_packages('epel-release',{ ensure => present, provider => 'rpm', source => $epel_url, }) if ($facts['os']['name'] == 'Scientific') { # $releasever resolves to '6.10' instead of '6' which breaks Percona repos file { '/etc/yum/vars/releasever': ensure => present, content => '6', } } } default: { } } class { 'mysql::server::backup': backupuser => 'myuser', backuppassword => 'mypassword', backupdir => '/tmp/xtrabackups', provider => 'xtrabackup', execpath => '/usr/bin:/usr/sbin:/bin:/sbin:/opt/zimbra/bin', } MANIFEST - it 'when configuring mysql backup' do - idempotent_apply(pp) - end - end - - describe 'xtrabackup.sh', if: Gem::Version.new(mysql_version) < Gem::Version.new('5.7.0') && ((os[:family] == 'debian' && os[:release].to_i >= 8) || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do # rubocop:disable Metrics/LineLength - before(:all) do - pre_run + it 'when configuring mysql backup' do + idempotent_apply(pp) + end end - it 'runs xtrabackup.sh full backup with no errors' do - run_shell('/usr/local/sbin/xtrabackup.sh --target-dir=/tmp/xtrabackups/$(date +%F)_full --backup 2>&1 | tee /tmp/xtrabackup_full.log') do |r| - expect(r.exit_code).to be_zero + describe 'xtrabackup.sh', if: Gem::Version.new(mysql_version) < Gem::Version.new('5.7.0') && ((os[:family] == 'debian' && os[:release].to_i >= 9) || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do # rubocop:disable Layout/LineLength + it 'runs xtrabackup.sh full backup with no errors' do + run_shell('/usr/local/sbin/xtrabackup.sh --target-dir=/tmp/xtrabackups/$(date +%F)_full --backup 2>&1 | tee /tmp/xtrabackup_full.log') do |r| + expect(r.exit_code).to be_zero + end end - end - it 'xtrabackup reports success for the full backup' do - # NOTE: Once support for CentOS 6 is dropped, we should check for "completed OK" instead. - run_shell('grep "xtrabackup: Transaction log of lsn" /tmp/xtrabackup_full.log') do |r| - expect(r.exit_code).to be_zero + it 'xtrabackup reports success for the full backup' do + # NOTE: Once support for CentOS 6 is dropped, we should check for "completed OK" instead. + run_shell('grep "xtrabackup: Transaction log of lsn" /tmp/xtrabackup_full.log') do |r| + expect(r.exit_code).to be_zero + end end - end - it 'creates a subdirectory for the full backup' do - run_shell('find /tmp/xtrabackups -mindepth 1 -maxdepth 1 -type d -name $(date +%Y)\*full | wc -l') do |r| - expect(r.stdout).to match(%r{1}) - expect(r.exit_code).to be_zero + it 'creates a subdirectory for the full backup' do + run_shell('find /tmp/xtrabackups -mindepth 1 -maxdepth 1 -type d -name $(date +%Y)\*full | wc -l') do |r| + expect(r.stdout).to match(%r{1}) + expect(r.exit_code).to be_zero + end end - end - it 'runs xtrabackup.sh incremental backup with no errors' do - run_shell('sleep 1') - run_shell('/usr/local/sbin/xtrabackup.sh --incremental-basedir=/tmp/xtrabackups/$(date +%F)_full --target-dir=/tmp/xtrabackups/$(date +%F_%H-%M-%S) --backup 2>&1 | tee /tmp/xtrabackup_inc.log') do |r| # rubocop:disable Metrics/LineLength - expect(r.exit_code).to be_zero + it 'runs xtrabackup.sh incremental backup with no errors' do + run_shell('sleep 1') + run_shell('/usr/local/sbin/xtrabackup.sh --incremental-basedir=/tmp/xtrabackups/$(date +%F)_full --target-dir=/tmp/xtrabackups/$(date +%F_%H-%M-%S) --backup 2>&1 | tee /tmp/xtrabackup_inc.log') do |r| # rubocop:disable Layout/LineLength + expect(r.exit_code).to be_zero + end end - end - it 'xtrabackup reports success for the incremental backup' do - # NOTE: Once support for CentOS 6 is dropped, we should check for "completed OK" instead. - run_shell('grep "xtrabackup: Transaction log of lsn" /tmp/xtrabackup_inc.log') do |r| - expect(r.exit_code).to be_zero + it 'xtrabackup reports success for the incremental backup' do + # NOTE: Once support for CentOS 6 is dropped, we should check for "completed OK" instead. + run_shell('grep "xtrabackup: Transaction log of lsn" /tmp/xtrabackup_inc.log') do |r| + expect(r.exit_code).to be_zero + end end - end - it 'creates a new subdirectory for each backup' do - run_shell('find /tmp/xtrabackups -mindepth 1 -maxdepth 1 -type d -name $(date +%Y)\* | wc -l') do |r| - expect(r.stdout).to match(%r{2}) - expect(r.exit_code).to be_zero + it 'creates a new subdirectory for each backup' do + run_shell('find /tmp/xtrabackups -mindepth 1 -maxdepth 1 -type d -name $(date +%Y)\* | wc -l') do |r| + expect(r.stdout).to match(%r{2}) + expect(r.exit_code).to be_zero + end end end end - # rubocop:enable RSpec/MultipleExpectations, RSpec/ExampleLength -end -context 'with xtrabackup enabled and incremental backups disabled' do - context 'should work with no errors', if: ((os[:family] == 'debian' && os[:release].to_i >= 8) || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do # rubocop:disable Metrics/LineLength - pp = <<-MANIFEST + context 'with xtrabackup enabled and incremental backups disabled' do + context 'should work with no errors', if: ((os[:family] == 'debian' && os[:release].to_i >= 9) || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do # rubocop:disable Layout/LineLength + pp = <<-MANIFEST class { 'mysql::server': root_password => 'password' } mysql::db { [ 'backup1', 'backup2' ]: user => 'backup', password => 'secret', + charset => #{fetch_charset}, } case $facts['os']['family'] { /Debian/: { - if versioncmp($::operatingsystemmajrelease, '8') >= 0 { - $source_url = "http://repo.percona.com/apt/percona-release_1.0-22.generic_all.deb" - } else { - $source_url = "http://repo.percona.com/apt/percona-release_latest.${facts['os']['distro']['codename']}_all.deb" - } + $source_url = "http://repo.percona.com/apt/percona-release_1.0-22.generic_all.deb" file { '/tmp/percona-release_latest.deb': ensure => present, source => $source_url, } ensure_packages('gnupg') ensure_packages('gnupg2') ensure_packages('percona-release',{ ensure => present, provider => 'dpkg', source => '/tmp/percona-release_latest.deb', notify => Exec['apt-get update'], }) exec { 'apt-get update': path => '/usr/bin:/usr/sbin:/bin:/sbin', refreshonly => true, } } /RedHat/: { - # RHEL/CentOS 5 is no longer supported by Percona, but older versions - # of the repository are still available. - if versioncmp($::operatingsystemmajrelease, '6') >= 0 { - $percona_url = 'http://repo.percona.com/yum/percona-release-latest.noarch.rpm' - $epel_url = "https://download.fedoraproject.org/pub/epel/epel-release-latest-${facts['os']['release']['major']}.noarch.rpm" - } else { - $percona_url = 'http://repo.percona.com/yum/release/5/os/noarch/percona-release-0.1-3.noarch.rpm' - $epel_url = 'https://archives.fedoraproject.org/pub/archive/epel/epel-release-latest-5.noarch.rpm' - } + $percona_url = 'http://repo.percona.com/yum/percona-release-latest.noarch.rpm' + $epel_url = "https://download.fedoraproject.org/pub/epel/epel-release-latest-${facts['os']['release']['major']}.noarch.rpm" ensure_packages('percona-release',{ ensure => present, provider => 'rpm', source => $percona_url, }) ensure_packages('epel-release',{ ensure => present, provider => 'rpm', source => $epel_url, }) if ($facts['os']['name'] == 'Scientific') { # $releasever resolves to '6.10' instead of '6' which breaks Percona repos file { '/etc/yum/vars/releasever': ensure => present, content => '6', } } } default: { } } class { 'mysql::server::backup': backupuser => 'myuser', backuppassword => 'mypassword', backupdir => '/tmp/xtrabackups', provider => 'xtrabackup', incremental_backups => false, execpath => '/usr/bin:/usr/sbin:/bin:/sbin:/opt/zimbra/bin', } MANIFEST - it 'when configuring mysql backup' do - idempotent_apply(pp) - end - end - - describe 'xtrabackup.sh', if: Gem::Version.new(mysql_version) < Gem::Version.new('5.7.0') && ((os[:family] == 'debian' && os[:release].to_i >= 8) || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do # rubocop:disable Metrics/LineLength - before(:all) do - pre_run + it 'when configuring mysql backup' do + idempotent_apply(pp) + end end - it 'runs xtrabackup.sh with no errors' do - run_shell('/usr/local/sbin/xtrabackup.sh --target-dir=/tmp/xtrabackups/$(date +%F_%H-%M-%S) --backup 2>&1 | tee /tmp/xtrabackup.log') do |r| - expect(r.exit_code).to be_zero + describe 'xtrabackup.sh', if: Gem::Version.new(mysql_version) < Gem::Version.new('5.7.0') && ((os[:family] == 'debian' && os[:release].to_i >= 9) || (os[:family] == 'ubuntu' && os[:release] =~ %r{^16\.04|^18\.04}) || (os[:family] == 'redhat' && os[:release].to_i > 6)) do # rubocop:disable Layout/LineLength + it 'runs xtrabackup.sh with no errors' do + run_shell('/usr/local/sbin/xtrabackup.sh --target-dir=/tmp/xtrabackups/$(date +%F_%H-%M-%S) --backup 2>&1 | tee /tmp/xtrabackup.log') do |r| + expect(r.exit_code).to be_zero + end end - end - it 'xtrabackup reports success for the backup' do - # NOTE: Once support for CentOS 6 is dropped, we should check for "completed OK" instead. - run_shell('grep "xtrabackup: Transaction log of lsn" /tmp/xtrabackup.log') do |r| - expect(r.exit_code).to be_zero + it 'xtrabackup reports success for the backup' do + # NOTE: Once support for CentOS 6 is dropped, we should check for "completed OK" instead. + run_shell('grep "xtrabackup: Transaction log of lsn" /tmp/xtrabackup.log') do |r| + expect(r.exit_code).to be_zero + end end end end - # rubocop:enable RSpec/MultipleExpectations, RSpec/ExampleLength end diff --git a/spec/acceptance/types/mysql_database_spec.rb b/spec/acceptance/types/mysql_database_spec.rb index 87490a8..247eb57 100644 --- a/spec/acceptance/types/mysql_database_spec.rb +++ b/spec/acceptance/types/mysql_database_spec.rb @@ -1,60 +1,63 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' describe 'mysql_database' do describe 'setup' do pp = <<-MANIFEST class { 'mysql::server': } MANIFEST it 'works with no errors' do apply_manifest(pp, catch_failures: true) end end describe 'creating database' do pp = <<-MANIFEST mysql_database { 'spec_db': - ensure => present, + ensure => present, + charset => #{fetch_charset}, } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the database #stdout' do run_shell("mysql -NBe \"SHOW DATABASES LIKE 'spec_db'\"") do |r| expect(r.stdout).to match(%r{^spec_db$}) expect(r.stderr).to be_empty end end end describe 'charset and collate' do pp = <<-MANIFEST mysql_database { 'spec_latin1': charset => 'latin1', collate => 'latin1_swedish_ci', } mysql_database { 'spec_utf8': - charset => 'utf8', + charset => #{fetch_charset}, collate => 'utf8_general_ci', } MANIFEST it 'creates two db of different types idempotently' do idempotent_apply(pp) end it 'finds latin1 db #stdout' do run_shell("mysql -NBe \"SHOW VARIABLES LIKE '%_database'\" spec_latin1") do |r| expect(r.stdout).to match(%r{^character_set_database\tlatin1\ncollation_database\tlatin1_swedish_ci$}) expect(r.stderr).to be_empty end end it 'finds utf8 db #stdout' do run_shell("mysql -NBe \"SHOW VARIABLES LIKE '%_database'\" spec_utf8") do |r| - expect(r.stdout).to match(%r{^character_set_database\tutf8\ncollation_database\tutf8_general_ci$}) + expect(r.stdout).to match(%r{^character_set_database\tutf8(mb3)?\ncollation_database\tutf8_general_ci$}) expect(r.stderr).to be_empty end end end end diff --git a/spec/acceptance/types/mysql_grant_spec.rb b/spec/acceptance/types/mysql_grant_spec.rb index 84a141f..c61cbb3 100644 --- a/spec/acceptance/types/mysql_grant_spec.rb +++ b/spec/acceptance/types/mysql_grant_spec.rb @@ -1,739 +1,701 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' describe 'mysql_grant' do before(:all) do pp = <<-MANIFEST class { 'mysql::server': root_password => 'password', } MANIFEST apply_manifest(pp, catch_failures: true) end describe 'missing privileges for user' do pp = <<-MANIFEST mysql_user { 'test1@tester': ensure => present, } mysql_grant { 'test1@tester/test.*': ensure => 'present', table => 'test.*', user => 'test1@tester', require => Mysql_user['test1@tester'], } MANIFEST it 'fails' do result = apply_manifest(pp, expect_failures: true) expect(result.stderr).to contain(%r{`privileges` `parameter` is required}) end it 'does not find the user' do result = run_shell('mysql -NBe "SHOW GRANTS FOR test1@tester"', expect_failures: true) expect(result.stderr).to contain(%r{There is no such grant defined for user 'test1' on host 'tester'}) end end describe 'missing table for user' do pp = <<-MANIFEST mysql_user { 'atest@tester': ensure => present, } mysql_grant { 'atest@tester/test.*': ensure => 'present', user => 'atest@tester', privileges => ['ALL'], require => Mysql_user['atest@tester'], } MANIFEST it 'fails' do apply_manifest(pp, expect_failures: true) end it 'does not find the user' do result = run_shell('mysql -NBe "SHOW GRANTS FOR atest@tester"', expect_failures: true) expect(result.stderr).to contain(%r{There is no such grant defined for user 'atest' on host 'tester'}) end end describe 'adding privileges' do pp = <<-MANIFEST mysql_user { 'test2@tester': ensure => present, } mysql_grant { 'test2@tester/test.*': ensure => 'present', table => 'test.*', user => 'test2@tester', privileges => ['SELECT', 'UPDATE'], require => Mysql_user['test2@tester'], } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the user #stdout' do result = run_shell('mysql -NBe "SHOW GRANTS FOR test2@tester"') expect(result.stdout).to contain(%r{GRANT SELECT, UPDATE.*TO ['|`]test2['|`]@['|`]tester['|`]}) expect(result.stderr).to be_empty end end describe 'adding privileges with special character in name' do pp = <<-MANIFEST mysql_user { 'test-2@tester': ensure => present, } mysql_grant { 'test-2@tester/test.*': ensure => 'present', table => 'test.*', user => 'test-2@tester', privileges => ['SELECT', 'UPDATE'], require => Mysql_user['test-2@tester'], } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the user #stdout' do result = run_shell("mysql -NBe \"SHOW GRANTS FOR 'test-2'@tester\"") expect(result.stdout).to contain(%r{GRANT SELECT, UPDATE.*TO ['|`]test-2['|`]@['|`]tester['|`]}) expect(result.stderr).to be_empty end end describe 'adding option' do pp = <<-MANIFEST mysql_user { 'test3@tester': ensure => present, } mysql_grant { 'test3@tester/test.*': ensure => 'present', table => 'test.*', user => 'test3@tester', options => ['GRANT'], privileges => ['SELECT', 'UPDATE'], require => Mysql_user['test3@tester'], } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the user #stdout' do result = run_shell('mysql -NBe "SHOW GRANTS FOR test3@tester"') expect(result.stdout).to contain(%r{GRANT SELECT, UPDATE ON `test`.* TO ['|`]test3['|`]@['|`]tester['|`] WITH GRANT OPTION$}) expect(result.stderr).to be_empty end end describe 'adding all privileges without table' do pp = <<-MANIFEST mysql_user { 'test4@tester': ensure => present, } mysql_grant { 'test4@tester/test.*': ensure => 'present', user => 'test4@tester', options => ['GRANT'], privileges => ['SELECT', 'UPDATE', 'ALL'], require => Mysql_user['test4@tester'], } MANIFEST it 'fails' do result = apply_manifest(pp, expect_failures: true) expect(result.stderr).to contain(%r{`table` `parameter` is required.}) end end describe 'adding all privileges' do pp = <<-MANIFEST mysql_user { 'test4@tester': ensure => present, } mysql_grant { 'test4@tester/test.*': ensure => 'present', table => 'test.*', user => 'test4@tester', options => ['GRANT'], privileges => ['SELECT', 'UPDATE', 'ALL'], require => Mysql_user['test4@tester'], } MANIFEST it 'onlies try to apply ALL' do apply_manifest(pp, catch_failures: true) end it 'finds the user #stdout' do result = run_shell('mysql -NBe "SHOW GRANTS FOR test4@tester"') expect(result.stdout).to contain(%r{GRANT ALL PRIVILEGES ON `test`.* TO ['|`]test4['|`]@['|`]tester['|`] WITH GRANT OPTION}) expect(result.stderr).to be_empty end end # Test combinations of user@host to ensure all cases work. describe 'short hostname' do pp = <<-MANIFEST mysql_user { 'test@short': ensure => present, } mysql_grant { 'test@short/test.*': ensure => 'present', table => 'test.*', user => 'test@short', privileges => 'ALL', require => Mysql_user['test@short'], } mysql_user { 'test@long.hostname.com': ensure => present, } mysql_grant { 'test@long.hostname.com/test.*': ensure => 'present', table => 'test.*', user => 'test@long.hostname.com', privileges => 'ALL', require => Mysql_user['test@long.hostname.com'], } mysql_user { 'test@192.168.5.6': ensure => present, } mysql_grant { 'test@192.168.5.6/test.*': ensure => 'present', table => 'test.*', user => 'test@192.168.5.6', privileges => 'ALL', require => Mysql_user['test@192.168.5.6'], } mysql_user { 'test@2607:f0d0:1002:0051:0000:0000:0000:0004': ensure => present, } mysql_grant { 'test@2607:f0d0:1002:0051:0000:0000:0000:0004/test.*': ensure => 'present', table => 'test.*', user => 'test@2607:f0d0:1002:0051:0000:0000:0000:0004', privileges => 'ALL', require => Mysql_user['test@2607:f0d0:1002:0051:0000:0000:0000:0004'], } mysql_user { 'test@::1/128': ensure => present, } mysql_grant { 'test@::1/128/test.*': ensure => 'present', table => 'test.*', user => 'test@::1/128', privileges => 'ALL', require => Mysql_user['test@::1/128'], } MANIFEST it 'applies' do apply_manifest(pp, catch_failures: true) end it 'finds short hostname #stdout' do result = run_shell('mysql -NBe "SHOW GRANTS FOR test@short"') expect(result.stdout).to contain(%r{GRANT ALL PRIVILEGES ON ['|`]test['|`].* TO ['|`]test['|`]@['|`]short['|`]}) expect(result.stderr).to be_empty end it 'finds long hostname #stdout' do run_shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'long.hostname.com'\"") do |r| expect(r.stdout).to match(%r{GRANT ALL PRIVILEGES ON ['|`]test['|`].* TO ['|`]test['|`]@['|`]long.hostname.com['|`]}) expect(r.stderr).to be_empty end end it 'finds ipv4 #stdout' do run_shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'192.168.5.6'\"") do |r| expect(r.stdout).to match(%r{GRANT ALL PRIVILEGES ON ['|`]test['|`].* TO ['|`]test['|`]@['|`]192.168.5.6['|`]}) expect(r.stderr).to be_empty end end it 'finds ipv6 #stdout' do run_shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'2607:f0d0:1002:0051:0000:0000:0000:0004'\"") do |r| expect(r.stdout).to match(%r{GRANT ALL PRIVILEGES ON ['|`]test['|`].* TO ['|`]test['|`]@['|`]2607:f0d0:1002:0051:0000:0000:0000:0004['|`]}) expect(r.stderr).to be_empty end end it 'finds short ipv6 #stdout' do run_shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'::1/128'\"") do |r| expect(r.stdout).to match(%r{GRANT ALL PRIVILEGES ON ['|`]test['|`].* TO ['|`]test['|`]@['|`]::1\/128['|`]}) expect(r.stderr).to be_empty end end end - # On Ubuntu 20.04 'ALL' now returns as the sum of it's constitute parts and so require a specific test - describe 'ALL privilege on newer MySQL versions', if: os[:family] == 'ubuntu' && os[:release] =~ %r{^20\.04} do - pp_one = <<-MANIFEST - mysql_user { 'all@localhost': - ensure => present, - } - mysql_grant { 'all@localhost/*.*': - user => 'all@localhost', - privileges => ['ALL'], - table => '*.*', - require => Mysql_user['all@localhost'], - } - MANIFEST - it "create ['ALL'] privs" do - apply_manifest(pp_one, catch_failures: true) - end - - pp_two = <<-MANIFEST - mysql_user { 'all@localhost': - ensure => present, - } - mysql_grant { 'all@localhost/*.*': - user => 'all@localhost', - privileges => ['ALTER', 'ALTER ROUTINE', 'CREATE', 'CREATE ROLE', 'CREATE ROUTINE', 'CREATE TABLESPACE', 'CREATE TEMPORARY TABLES', 'CREATE USER', 'CREATE VIEW', 'DELETE', 'DROP', 'DROP ROLE', 'EVENT', 'EXECUTE', 'FILE', 'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES', 'RELOAD', 'REPLICATION CLIENT', 'REPLICATION SLAVE', 'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'SHUTDOWN', 'SUPER', 'TRIGGER', 'UPDATE'], - table => '*.*', - require => Mysql_user['all@localhost'], - } - MANIFEST - it "create ['ALL'] constitute parts privs" do - apply_manifest(pp_two, catch_changes: true) - end - end - describe 'complex test' do - # On Ubuntu 20.04 'ALL' now returns as the sum of it's constitute parts and so is no longer idempotent when set - privileges = if os[:family] == 'ubuntu' && os[:release] =~ %r{^20\.04} - "['SELECT', 'INSERT', 'UPDATE']" - else - "['ALL']" - end pp = <<-MANIFEST $dbSubnet = '10.10.10.%' mysql_database { 'foo': - ensure => present, + ensure => present, + charset => '#{fetch_charset}', } exec { 'mysql-create-table': command => '/usr/bin/mysql -NBe "CREATE TABLE foo.bar (name VARCHAR(20))"', environment => "HOME=${::root_home}", unless => '/usr/bin/mysql -NBe "SELECT 1 FROM foo.bar LIMIT 1;"', require => Mysql_database['foo'], } Mysql_grant { ensure => present, options => ['GRANT'], - privileges => #{privileges}, + privileges => ['ALL'], table => '*.*', require => [ Mysql_database['foo'], Exec['mysql-create-table'] ], } mysql_user { "user1@${dbSubnet}": ensure => present, } mysql_grant { "user1@${dbSubnet}/*.*": user => "user1@${dbSubnet}", require => Mysql_user["user1@${dbSubnet}"], } mysql_user { "user2@${dbSubnet}": ensure => present, } mysql_grant { "user2@${dbSubnet}/foo.bar": privileges => ['SELECT', 'INSERT', 'UPDATE'], user => "user2@${dbSubnet}", table => 'foo.bar', require => Mysql_user["user2@${dbSubnet}"], } mysql_user { "user3@${dbSubnet}": ensure => present, } mysql_grant { "user3@${dbSubnet}/foo.*": privileges => ['SELECT', 'INSERT', 'UPDATE'], user => "user3@${dbSubnet}", table => 'foo.*', require => Mysql_user["user3@${dbSubnet}"], } mysql_user { 'web@%': ensure => present, } mysql_grant { 'web@%/*.*': user => 'web@%', require => Mysql_user['web@%'], } mysql_user { "web@${dbSubnet}": ensure => present, } mysql_grant { "web@${dbSubnet}/*.*": user => "web@${dbSubnet}", require => Mysql_user["web@${dbSubnet}"], } - mysql_user { "web@${fqdn}": + mysql_user { "web@${::networking['ip']}": ensure => present, } - mysql_grant { "web@${fqdn}/*.*": - user => "web@${fqdn}", - require => Mysql_user["web@${fqdn}"], + mysql_grant { "web@${::networking['ip']}/*.*": + user => "web@${::networking['ip']}", + require => Mysql_user["web@${::networking['ip']}"], } mysql_user { 'web@localhost': ensure => present, } mysql_grant { 'web@localhost/*.*': user => 'web@localhost', require => Mysql_user['web@localhost'], } MANIFEST it 'setup mysql::server' do idempotent_apply(pp) end end describe 'lower case privileges' do pp_one = <<-MANIFEST mysql_user { 'lowercase@localhost': ensure => present, } mysql_grant { 'lowercase@localhost/*.*': user => 'lowercase@localhost', privileges => ['SELECT', 'INSERT', 'UPDATE'], table => '*.*', require => Mysql_user['lowercase@localhost'], } MANIFEST it "create ['SELECT', 'INSERT', 'UPDATE'] privs" do apply_manifest(pp_one, catch_failures: true) end pp_two = <<-MANIFEST mysql_user { 'lowercase@localhost': ensure => present, } mysql_grant { 'lowercase@localhost/*.*': user => 'lowercase@localhost', privileges => ['select', 'insert', 'update'], table => '*.*', require => Mysql_user['lowercase@localhost'], } MANIFEST it "create lowercase ['select', 'insert', 'update'] privs" do apply_manifest(pp_two, catch_changes: true) end end describe 'adding procedure privileges' do pp = <<-MANIFEST exec { 'simpleproc-create': command => 'mysql --user="root" --password="password" --database=mysql --delimiter="//" -NBe "CREATE PROCEDURE simpleproc (OUT param1 INT) BEGIN SELECT COUNT(*) INTO param1 FROM t; end//"', path => '/usr/bin/', before => Mysql_user['test2@tester'], } mysql_user { 'test2@tester': ensure => present, } mysql_grant { 'test2@tester/PROCEDURE mysql.simpleproc': ensure => 'present', table => 'PROCEDURE mysql.simpleproc', user => 'test2@tester', privileges => ['EXECUTE'], require => Mysql_user['test2@tester'], } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the user #stdout' do result = run_shell('mysql -NBe "SHOW GRANTS FOR test2@tester"') expect(result.stdout).to match(%r{GRANT EXECUTE ON PROCEDURE `mysql`.`simpleproc` TO ['|`]test2['|`]@['|`]tester['|`]}) expect(result.stderr).to be_empty end end describe 'adding function privileges' do it 'works without errors' do pp = <<-EOS exec { 'simplefunc-create': command => '/usr/bin/mysql --user="root" --password="password" --database=mysql -NBe "CREATE FUNCTION simplefunc (s CHAR(20)) RETURNS CHAR(50) DETERMINISTIC RETURN CONCAT(\\'Hello, \\', s, \\'!\\')"', before => Mysql_user['test3@tester'], } mysql_user { 'test3@tester': ensure => 'present', } mysql_grant { 'test3@tester/FUNCTION mysql.simplefunc': ensure => 'present', table => 'FUNCTION mysql.simplefunc', user => 'test3@tester', privileges => ['EXECUTE'], require => Mysql_user['test3@tester'], } EOS apply_manifest(pp, catch_failures: true) end # rubocop:enable RSpec/ExampleLength it 'finds the user' do result = run_shell('mysql -NBe "SHOW GRANTS FOR test3@tester"') expect(result.stdout).to match(%r{GRANT EXECUTE ON FUNCTION `mysql`.`simplefunc` TO ['|`]test3['|`]@['|`]tester['|`]}) expect(result.stderr).to be_empty end # rubocop:enable RSpec/MultipleExpectations end describe 'proxy privilieges' do - pre_run - describe 'adding proxy privileges', if: Gem::Version.new(mysql_version) > Gem::Version.new('5.5.0') do pp = <<-MANIFEST mysql_user { 'proxy1@tester': ensure => present, } mysql_grant { 'proxy1@tester/proxy_user@proxy_host': ensure => 'present', table => 'proxy_user@proxy_host', user => 'proxy1@tester', privileges => ['PROXY'], require => Mysql_user['proxy1@tester'], } MANIFEST it 'works without errors when version greater than 5.5.0' do apply_manifest(pp, catch_failures: true) end it 'finds the user #stdout' do run_shell('mysql -NBe "SHOW GRANTS FOR proxy1@tester"') do |r| expect(r.stdout).to match(%r{GRANT PROXY ON 'proxy_user'@'proxy_host' TO ['|`]proxy1['|`]@['|`]tester['|`]}) expect(r.stderr).to be_empty end end end describe 'removing proxy privileges', if: Gem::Version.new(mysql_version) > Gem::Version.new('5.5.0') do pp = <<-MANIFEST mysql_user { 'proxy1@tester': ensure => present, } mysql_grant { 'proxy1@tester/proxy_user@proxy_host': ensure => 'absent', table => 'proxy_user@proxy_host', user => 'proxy1@tester', privileges => ['PROXY'], require => Mysql_user['proxy1@tester'], } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the user #stdout' do run_shell('mysql -NBe "SHOW GRANTS FOR proxy1@tester"') do |r| expect(r.stdout).not_to match(%r{GRANT PROXY ON 'proxy_user'@'proxy_host' TO ['|`]proxy1['|`]@['|`]tester['|`]}) expect(r.stderr).to be_empty end end end describe 'adding proxy privileges with other privileges', if: Gem::Version.new(mysql_version) > Gem::Version.new('5.5.0') do pp = <<-MANIFEST mysql_user { 'proxy2@tester': ensure => present, } mysql_grant { 'proxy2@tester/proxy_user@proxy_host': ensure => 'present', table => 'proxy_user@proxy_host', user => 'proxy2@tester', privileges => ['PROXY', 'SELECT'], require => Mysql_user['proxy2@tester'], } MANIFEST it 'fails' do result = apply_manifest(pp, expect_failures: true) expect(result.stderr).to match(%r{`privileges` `parameter`: PROXY can only be specified by itself}) end it 'does not find the user' do result = run_shell('mysql -NBe "SHOW GRANTS FOR proxy2@tester"', expect_failures: true) expect(result.stderr).to match(%r{There is no such grant defined for user 'proxy2' on host 'tester'}) end end describe 'adding proxy privileges with mysql version less than 5.5.0', unless: Gem::Version.new(mysql_version) > Gem::Version.new('5.5.0') do pp = <<-MANIFEST mysql_user { 'proxy3@tester': ensure => present, } mysql_grant { 'proxy3@tester/proxy_user@proxy_host': ensure => 'present', table => 'proxy_user@proxy_host', user => 'proxy3@tester', privileges => ['PROXY', 'SELECT'], require => Mysql_user['proxy3@tester'], } MANIFEST it 'fails' do result = apply_manifest(pp, expect_failures: true) expect(result.stderr).to match(%r{PROXY user not supported on mysql versions < 5\.5\.0}i) end it 'does not find the user' do result = run_shell('mysql -NBe "SHOW GRANTS FOR proxy2@tester"', expect_failures: true) expect(result.stderr).to match(%r{There is no such grant defined for user 'proxy2' on host 'tester'}) end end describe 'adding proxy privileges with invalid proxy user', if: Gem::Version.new(mysql_version) > Gem::Version.new('5.5.0') do pp = <<-MANIFEST mysql_user { 'proxy3@tester': ensure => present, } mysql_grant { 'proxy3@tester/invalid_proxy_user': ensure => 'present', table => 'invalid_proxy_user', user => 'proxy3@tester', privileges => ['PROXY'], require => Mysql_user['proxy3@tester'], } MANIFEST it 'fails' do result = apply_manifest(pp, expect_failures: true) expect(result.stderr).to match(%r{`table` `property` for PROXY should be specified as proxy_user@proxy_host.}) end it 'does not find the user' do result = run_shell('mysql -NBe "SHOW GRANTS FOR proxy3@tester"', expect_failures: true) expect(result.stderr).to contain(%r{There is no such grant defined for user 'proxy3' on host 'tester'}) end end end describe 'grants with skip-name-resolve specified' do pp_one = <<-MANIFEST class { 'mysql::server': override_options => { 'mysqld' => {'skip-name-resolve' => true} }, restart => true, } MANIFEST it 'setup mysql::server' do apply_manifest(pp_one, catch_failures: true) end pp_two = <<-MANIFEST mysql_user { 'test@fqdn.com': ensure => present, } mysql_grant { 'test@fqdn.com/test.*': ensure => 'present', table => 'test.*', user => 'test@fqdn.com', privileges => 'ALL', require => Mysql_user['test@fqdn.com'], } mysql_user { 'test@192.168.5.7': ensure => present, } mysql_grant { 'test@192.168.5.7/test.*': ensure => 'present', table => 'test.*', user => 'test@192.168.5.7', privileges => 'ALL', require => Mysql_user['test@192.168.5.7'], } MANIFEST it 'applies' do apply_manifest(pp_two, catch_failures: true) end it 'fails with fqdn' do - pre_run unless Gem::Version.new(mysql_version) > Gem::Version.new('5.7.0') result = run_shell('mysql -NBe "SHOW GRANTS FOR test@fqdn.com"', expect_failures: true) expect(result.stderr).to contain(%r{There is no such grant defined for user 'test' on host 'fqdn.com'}) end end it 'finds ipv4 #stdout' do run_shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'192.168.5.7'\"") do |r| expect(r.stdout).to match(%r{GRANT ALL PRIVILEGES ON `test`.* TO ['|`]test['|`]@['|`]192.168.5.7['|`]}) expect(r.stderr).to be_empty end end pp_three = <<-MANIFEST mysql_user { 'test@fqdn.com': ensure => present, } mysql_grant { 'test@fqdn.com/test.*': ensure => 'present', table => 'test.*', user => 'test@fqdn.com', privileges => 'ALL', require => Mysql_user['test@fqdn.com'], } MANIFEST it 'fails to execute while applying' do mysql_cmd = run_shell('which mysql').stdout.chomp run_shell("mv #{mysql_cmd} #{mysql_cmd}.bak") result = apply_manifest(pp_three, expect_failures: true) expect(result.stderr).to match(%r{Could not find a suitable provider for mysql_grant}) run_shell("mv #{mysql_cmd}.bak #{mysql_cmd}") end pp_four = <<-MANIFEST class { 'mysql::server': restart => true, } MANIFEST it 'reset mysql::server config' do apply_manifest(pp_four, catch_failures: true) end end describe 'adding privileges to specific table' do # Using puppet_apply as a helper pp_one = <<-MANIFEST class { 'mysql::server': override_options => { 'root_password' => 'password' } } MANIFEST it 'setup mysql server' do apply_manifest(pp_one, catch_failures: true) end pp_two = <<-MANIFEST mysql_user { 'test@localhost': ensure => present, } mysql_grant { 'test@localhost/grant_spec_db.grant_spec_table_doesnt_exist': user => 'test@localhost', privileges => ['SELECT'], table => 'grant_spec_db.grant_spec_table_doesnt_exist', require => Mysql_user['test@localhost'], } MANIFEST it 'creates grant on missing table will fail' do result = apply_manifest(pp_two, expect_failures: true) expect(result.stderr).to match(%r{Table 'grant_spec_db\.grant_spec_table_doesnt_exist' doesn't exist}) end pp_three = <<-MANIFEST file { '/tmp/grant_spec_table.sql': ensure => file, content => 'CREATE TABLE grant_spec_table (id int);', before => Mysql::Db['grant_spec_db'], } mysql::db { 'grant_spec_db': user => 'root1', password => 'password', sql => '/tmp/grant_spec_table.sql', + charset => #{fetch_charset}, } MANIFEST it 'creates table' do apply_manifest(pp_three, catch_failures: true) end it 'has the table' do result = run_shell("mysql -e 'show tables;' grant_spec_db|grep grant_spec_table") expect(result.exit_code).to be_zero end end end diff --git a/spec/acceptance/types/mysql_login_path_spec.rb b/spec/acceptance/types/mysql_login_path_spec.rb index f07aed4..a7f0127 100644 --- a/spec/acceptance/types/mysql_login_path_spec.rb +++ b/spec/acceptance/types/mysql_login_path_spec.rb @@ -1,266 +1,265 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' mysql_version = '5.6' support_bin_dir = '/root/mysql_login_path' if os[:family] == 'redhat' && os[:release].to_i == 8 mysql_version = '8.0' elsif os[:family] == 'debian' && os[:release] =~ %r{9|10} mysql_version = '8.0' elsif os[:family] == 'ubuntu' && os[:release] =~ %r{16\.04|18\.04} mysql_version = '5.7' end -describe 'mysql_login_path', unless: ("#{os[:family]}-#{os[:release].to_i}" =~ %r{redhat\-5|suse}) do +describe 'mysql_login_path', unless: "#{os[:family]}-#{os[:release].to_i}".include?('suse') do before(:all) do run_shell("rm -rf #{support_bin_dir}") bolt_upload_file('spec/support/mysql_login_path', support_bin_dir) run_shell("cp #{support_bin_dir}/mysql-#{mysql_version}/my_print_defaults /usr/bin/.") run_shell("cp #{support_bin_dir}/mysql-#{mysql_version}/mysql_config_editor /usr/bin/.") end after(:all) do pp_cleanup = <<-MANIFEST user { 'loginpath_test': ensure => absent, } file { '/root/.mylogin.cnf': ensure => absent, } MANIFEST apply_manifest(pp_cleanup, catch_failures: true) run_shell("rm -rf #{support_bin_dir}") end describe 'setup' do pp = <<-MANIFEST - if versioncmp($::puppetversion, '6.0.0') < 0 { - include resource_api - } user { 'loginpath_test': ensure => present, managehome => true, } MANIFEST it 'works with no errors' do apply_manifest(pp, catch_failures: true) end it 'finds mysql_config_editor binary for the provider' do run_shell('mysql_config_editor -V') do |r| expect(r.stdout).to match(%r{Ver.*#{mysql_version}.*x86_64}) end end it 'finds my_print_defaults binary for the provider' do run_shell('my_print_defaults -V') do |r| expect(r.exit_status).to eq(0) end end end context 'for user root' do describe 'add login path' do pp = <<-MANIFEST mysql_login_path { 'local_socket': owner => root, host => 'localhost', user => 'root', password => Sensitive('secure'), socket => '/var/run/mysql/mysql.sock', ensure => present, } mysql_login_path { 'local_tcp': owner => root, host => '127.0.0.1', user => 'network', password => Sensitive('more_secure'), port => 3306, ensure => present, } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the login path #stdout' do run_shell('mysql_config_editor print --all') do |r| expect(r.stdout).to match(%r{^\[local_socket\]\n}) expect(r.stdout).to match(%r{host = localhost\n}) expect(r.stdout).to match(%r{user = root\n}) expect(r.stdout).to match(%r{socket = /var/run/mysql/mysql.sock\n}) expect(r.stdout).to match(%r{^\[local_tcp\]\n}) expect(r.stdout).to match(%r{host = 127.0.0.1\n}) expect(r.stdout).to match(%r{user = network\n}) expect(r.stdout).to match(%r{port = 3306\n}) expect(r.stderr).to be_empty end end it 'finds the login path password #stdout' do run_shell('my_print_defaults -s local_socket') do |r| expect(r.stdout).to match(%r{--password=secure\n}) end run_shell('my_print_defaults -s local_tcp') do |r| expect(r.stdout).to match(%r{--password=more_secure\n}) end end end describe 'update login path' do pp = <<-MANIFEST mysql_login_path { 'local_tcp-root': owner => root, host => '10.0.0.1', user => 'network2', password => Sensitive('Fort_kn0X'), port => 3307, ensure => present, } MANIFEST pp2 = <<-MANIFEST mysql_login_path { 'local_tcp-root': ensure => present, host => '192.168.0.1' } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the login path #stdout' do run_shell('mysql_config_editor print -G local_tcp') do |r| expect(r.stdout).to match(%r{^\[local_tcp\]\n}) expect(r.stdout).to match(%r{host = 10.0.0.1\n}) expect(r.stdout).to match(%r{user = network2\n}) expect(r.stdout).to match(%r{port = 3307\n}) expect(r.stderr).to be_empty end end it 'finds the login path password #stdout' do run_shell('my_print_defaults -s local_tcp') do |r| expect(r.stdout).to match(%r{--password=Fort_kn0X\n}) end end it 'applies idempotent' do idempotent_apply(pp) end it 'removes values' do apply_manifest(pp2, catch_failures: true) end it 'ensure values are removed #stdout' do run_shell('mysql_config_editor print -G local_tcp') do |r| expect(r.stdout).to match(%r{^\[local_tcp\]\n}) expect(r.stdout).to match(%r{host = 192.168.0.1\n}) expect(r.stdout).not_to match(%r{host = 10.0.0.1\n}) expect(r.stdout).not_to match(%r{user = network2\n}) expect(r.stdout).not_to match(%r{port = 3307\n}) expect(r.stderr).to be_empty end end it 'ensure password removed from the login path #stdout' do run_shell('my_print_defaults -s local_tcp') do |r| expect(r.stdout).not_to match(%r{--password=Fort_kn0X\n}) end end end describe 'delete login path' do pp = <<-MANIFEST mysql_login_path { 'local_socket': owner => root, ensure => absent, } mysql_login_path { 'local_tcp-root': ensure => absent, } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the login path #stdout' do run_shell('mysql_config_editor print --all') do |r| expect(r.stdout).not_to match(%r{^\[local_socket\]\n}) expect(r.stdout).not_to match(%r{^\[local_tcp\]\n}) expect(r.stderr).to be_empty end end end end context 'for user loginpath_test' do describe 'add login path' do pp = <<-MANIFEST mysql_login_path { 'local_tcp': owner => loginpath_test, host => '10.0.0.2', user => 'other', password => Sensitive('sensitive'), port => 3306, ensure => present, } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the login path #stdout' do run_shell('MYSQL_TEST_LOGIN_FILE=/home/loginpath_test/.mylogin.cnf mysql_config_editor print -G local_tcp') do |r| expect(r.stdout).to match(%r{^\[local_tcp\]\n}) expect(r.stdout).to match(%r{host = 10.0.0.2\n}) expect(r.stdout).to match(%r{user = other\n}) expect(r.stdout).to match(%r{port = 3306\n}) expect(r.stderr).to be_empty end end it 'finds the login path password #stdout' do run_shell('MYSQL_TEST_LOGIN_FILE=/home/loginpath_test/.mylogin.cnf my_print_defaults print -s local_tcp') do |r| expect(r.stdout).to match(%r{--password=sensitive\n}) end end end describe 'update login path' do pp = <<-MANIFEST mysql_login_path { 'local_tcp-loginpath_test': host => '10.0.0.3', user => 'other2', password => Sensitive('password'), port => 3307, ensure => present, } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the login path #stdout' do run_shell('MYSQL_TEST_LOGIN_FILE=/home/loginpath_test/.mylogin.cnf mysql_config_editor print -G local_tcp') do |r| expect(r.stdout).to match(%r{^\[local_tcp\]\n}) expect(r.stdout).to match(%r{host = 10.0.0.3\n}) expect(r.stdout).to match(%r{user = other2\n}) expect(r.stdout).to match(%r{port = 3307\n}) expect(r.stderr).to be_empty end end it 'finds the login path password #stdout' do run_shell('MYSQL_TEST_LOGIN_FILE=/home/loginpath_test/.mylogin.cnf my_print_defaults -s local_tcp') do |r| expect(r.stdout).to match(%r{--password=password\n}) end end end describe 'delete login path' do pp = <<-MANIFEST mysql_login_path { 'local_tcp': owner => loginpath_test, ensure => absent, } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the login path #stdout' do run_shell('MYSQL_TEST_LOGIN_FILE=/home/loginpath_test/.mylogin.cnf mysql_config_editor print --all') do |r| expect(r.stdout).not_to match(%r{^\[local_tcp\]\n}) expect(r.stderr).to be_empty end end end end end diff --git a/spec/acceptance/types/mysql_plugin_spec.rb b/spec/acceptance/types/mysql_plugin_spec.rb index d4766ec..7780241 100644 --- a/spec/acceptance/types/mysql_plugin_spec.rb +++ b/spec/acceptance/types/mysql_plugin_spec.rb @@ -1,63 +1,65 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' # Different operating systems (and therefore different versions/forks # of mysql) have varying levels of support for plugins and have # different plugins available. Choose a plugin that works or don't try # to test plugins if not available. if os[:family] == 'redhat' if os[:release].to_i == 5 plugin = nil # Plugins not supported on mysql on RHEL 5 elsif os[:release].to_i == 6 plugin = 'example' plugin_lib = 'ha_example.so' elsif os[:release].to_i == 7 plugin = 'pam' plugin_lib = 'auth_pam.so' end elsif os[:family] == 'debian' if os[:family] == 'ubuntu' - if os[:release] =~ %r{^16\.04|^18\.04} + if %r{^16\.04|^18\.04}.match?(os[:release]) # On Xenial running 5.7.12, the example plugin does not appear to be available. plugin = 'validate_password' plugin_lib = 'validate_password.so' else plugin = 'example' plugin_lib = 'ha_example.so' end end elsif os[:family] == 'suse' plugin = nil # Plugin library path is broken on Suse http://lists.opensuse.org/opensuse-bugs/2013-08/msg01123.html end describe 'mysql_plugin' do if plugin # if plugins are supported describe 'setup' do it 'works with no errors' do pp = <<-MANIFEST class { 'mysql::server': } MANIFEST apply_manifest(pp, catch_failures: true) end end describe 'load plugin' do pp = <<-MANIFEST mysql_plugin { #{plugin}: ensure => present, soname => '#{plugin_lib}', } MANIFEST it 'works without errors' do apply_manifest(pp, catch_failures: true) end it 'finds the plugin #stdout' do run_shell("mysql -NBe \"select plugin_name from information_schema.plugins where plugin_name='#{plugin}'\"") do |r| expect(r.stdout).to match(%r{^#{plugin}$}i) expect(r.stderr).to be_empty end end end end end diff --git a/spec/acceptance/types/mysql_user_spec.rb b/spec/acceptance/types/mysql_user_spec.rb index 8129a89..5b54b6a 100644 --- a/spec/acceptance/types/mysql_user_spec.rb +++ b/spec/acceptance/types/mysql_user_spec.rb @@ -1,253 +1,254 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' describe 'mysql_user' do describe 'setup' do pp_one = <<-MANIFEST $ed25519_opts = versioncmp($facts['mysql_version'], '10.1.21') >= 0 ? { true => { restart => true, override_options => { 'mysqld' => { 'plugin_load_add' => 'auth_ed25519' } }, }, false => {} } class { 'mysql::server': * => $ed25519_opts } MANIFEST it 'works with no errors' do apply_manifest(pp_one, catch_failures: true) end end context 'using ashp@localhost' do describe 'adding user' do pp_two = <<-MANIFEST mysql_user { 'ashp@localhost': password_hash => '*F9A8E96790775D196D12F53BCC88B8048FF62ED5', } MANIFEST it 'works without errors' do apply_manifest(pp_two, catch_failures: true) end it 'finds the user #stdout' do run_shell("mysql -NBe \"select '1' from mysql.user where CONCAT(user, '@', host) = 'ashp@localhost'\"") do |r| expect(r.stdout).to match(%r{^1$}) expect(r.stderr).to be_empty end end it 'has no SSL options #stdout' do run_shell("mysql -NBe \"select SSL_TYPE from mysql.user where CONCAT(user, '@', host) = 'ashp@localhost'\"") do |r| expect(r.stdout).to match(%r{^\s*$}) expect(r.stderr).to be_empty end end end describe 'changing authentication plugin', if: (Gem::Version.new(mysql_version) > Gem::Version.new('5.5.0') && os[:release] !~ %r{^16\.04}) do - it 'works without errors' do + it 'works without errors', if: (os[:family] != 'sles' && os[:release].to_i == 15) do pp = <<-EOS mysql_user { 'ashp@localhost': plugin => 'auth_socket', } EOS idempotent_apply(pp) end - it 'has the correct plugin' do + it 'has the correct plugin', if: (os[:family] != 'sles' && os[:release].to_i == 15) do run_shell("mysql -NBe \"select plugin from mysql.user where CONCAT(user, '@', host) = 'ashp@localhost'\"") do |r| expect(r.stdout.rstrip).to eq('auth_socket') expect(r.stderr).to be_empty end end - it 'does not have a password' do - pre_run + it 'does not have a password', if: (os[:family] != 'sles' && os[:release].to_i == 15) do table = if Gem::Version.new(mysql_version) > Gem::Version.new('5.7.0') 'authentication_string' else 'password' end run_shell("mysql -NBe \"select #{table} from mysql.user where CONCAT(user, '@', host) = 'ashp@localhost'\"") do |r| expect(r.stdout.rstrip).to be_empty expect(r.stderr).to be_empty end end end describe 'using ed25519 authentication plugin', if: Gem::Version.new(mysql_version) > Gem::Version.new('10.1.21') do it 'works without errors' do pp = <<-EOS mysql_user { 'ashp@localhost': plugin => 'ed25519', password_hash => 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU', } EOS idempotent_apply(pp) end it 'has the correct plugin' do run_shell("mysql -NBe \"select plugin from mysql.user where CONCAT(user, '@', host) = 'ashp@localhost'\"") do |r| expect(r.stdout.rstrip).to eq('ed25519') expect(r.stderr).to be_empty end end end # rubocop:enable RSpec/ExampleLength, RSpec/MultipleExpectations end context 'using ashp-dash@localhost' do describe 'adding user' do pp_three = <<-MANIFEST mysql_user { 'ashp-dash@localhost': password_hash => '*F9A8E96790775D196D12F53BCC88B8048FF62ED5', } MANIFEST it 'works without errors' do apply_manifest(pp_three, catch_failures: true) end it 'finds the user #stdout' do run_shell("mysql -NBe \"select '1' from mysql.user where CONCAT(user, '@', host) = 'ashp-dash@localhost'\"") do |r| expect(r.stdout).to match(%r{^1$}) expect(r.stderr).to be_empty end end end end context 'using ashp@LocalHost' do describe 'adding user' do pp_four = <<-MANIFEST mysql_user { 'ashp@LocalHost': password_hash => '*F9A8E96790775D196D12F53BCC88B8048FF62ED5', } MANIFEST it 'works without errors' do apply_manifest(pp_four, catch_failures: true) end it 'finds the user #stdout' do run_shell("mysql -NBe \"select '1' from mysql.user where CONCAT(user, '@', host) = 'ashp@localhost'\"") do |r| expect(r.stdout).to match(%r{^1$}) expect(r.stderr).to be_empty end end end end context 'using resource should throw no errors' do describe 'find users' do it do result = run_shell('puppet resource mysql_user') expect(result.stdout).not_to match(%r{Error:}) expect(result.stdout).not_to match(%r{must be properly quoted, invalid character:}) end end end context 'using user-w-ssl@localhost with SSL' do describe 'adding user' do pp_five = <<-MANIFEST mysql_user { 'user-w-ssl@localhost': password_hash => '*F9A8E96790775D196D12F53BCC88B8048FF62ED5', tls_options => ['SSL'], } MANIFEST it 'works without errors' do apply_manifest(pp_five, catch_failures: true) end it 'finds the user #stdout' do run_shell("mysql -NBe \"select '1' from mysql.user where CONCAT(user, '@', host) = 'user-w-ssl@localhost'\"") do |r| expect(r.stdout).to match(%r{^1$}) expect(r.stderr).to be_empty end end it 'shows correct ssl_type #stdout' do run_shell("mysql -NBe \"select SSL_TYPE from mysql.user where CONCAT(user, '@', host) = 'user-w-ssl@localhost'\"") do |r| expect(r.stdout).to match(%r{^ANY$}) expect(r.stderr).to be_empty end end end end context 'using user-w-x509@localhost with X509' do describe 'adding user' do pp_six = <<-MANIFEST mysql_user { 'user-w-x509@localhost': password_hash => '*F9A8E96790775D196D12F53BCC88B8048FF62ED5', tls_options => ['X509'], } MANIFEST it 'works without errors' do apply_manifest(pp_six, catch_failures: true) end it 'finds the user #stdout' do run_shell("mysql -NBe \"select '1' from mysql.user where CONCAT(user, '@', host) = 'user-w-x509@localhost'\"") do |r| expect(r.stdout).to match(%r{^1$}) expect(r.stderr).to be_empty end end it 'shows correct ssl_type #stdout' do run_shell("mysql -NBe \"select SSL_TYPE from mysql.user where CONCAT(user, '@', host) = 'user-w-x509@localhost'\"") do |r| expect(r.stdout).to match(%r{^X509$}) expect(r.stderr).to be_empty end end end end context 'using user-w-subject@localhost with ISSUER and SUBJECT' do describe 'adding user' do it 'works without errors' do pp = <<-MANIFEST mysql_user { 'user-w-subject@localhost': tls_options => [ "SUBJECT '/OU=MySQL Users/CN=username'", "ISSUER '/CN=Certificate Authority'", "CIPHER 'EDH-RSA-DES-CBC3-SHA'", ], } MANIFEST idempotent_apply(pp) end it 'finds the user #stdout' do run_shell("mysql -NBe \"select '1' from mysql.user where CONCAT(user, '@', host) = 'user-w-subject@localhost'\"") do |r| expect(r.stdout).to match(%r{^1$}) expect(r.stderr).to be_empty end end it 'shows correct ssl_type #stdout' do run_shell("mysql -NBe \"select SSL_TYPE from mysql.user where CONCAT(user, '@', host) = 'user-w-subject@localhost'\"") do |r| expect(r.stdout).to match(%r{^SPECIFIED$}) expect(r.stderr).to be_empty end end it 'shows correct x509_issuer #stdout' do run_shell("mysql -NBe \"select X509_ISSUER from mysql.user where CONCAT(user, '@', host) = 'user-w-subject@localhost'\"") do |r| expect(r.stdout).to match(%r{^/CN=Certificate Authority$}) expect(r.stderr).to be_empty end end it 'shows correct x509_subject #stdout' do run_shell("mysql -NBe \"select X509_SUBJECT from mysql.user where CONCAT(user, '@', host) = 'user-w-subject@localhost'\"") do |r| expect(r.stdout).to match(%r{^/OU=MySQL Users/CN=username$}) expect(r.stderr).to be_empty end end it 'shows correct ssl_cipher #stdout' do run_shell("mysql -NBe \"select SSL_CIPHER from mysql.user where CONCAT(user, '@', host) = 'user-w-subject@localhost'\"") do |r| expect(r.stdout).to match(%r{^EDH-RSA-DES-CBC3-SHA$}) expect(r.stderr).to be_empty end end end end end diff --git a/spec/classes/graceful_failures_spec.rb b/spec/classes/graceful_failures_spec.rb index 22a677b..6380e00 100644 --- a/spec/classes/graceful_failures_spec.rb +++ b/spec/classes/graceful_failures_spec.rb @@ -1,16 +1,18 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::server' do context 'on an unsupported OS' do let(:facts) do { osfamily: 'UNSUPPORTED', operatingsystem: 'UNSUPPORTED', } end it 'gracefully fails' do is_expected.to compile.and_raise_error(%r{Unsupported platform:}) end end end diff --git a/spec/classes/mycnf_template_spec.rb b/spec/classes/mycnf_template_spec.rb index dc64191..d15514b 100644 --- a/spec/classes/mycnf_template_spec.rb +++ b/spec/classes/mycnf_template_spec.rb @@ -1,164 +1,166 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::server' do on_supported_os.each do |os, facts| context "my.cnf template - on #{os}" do let(:facts) do facts.merge(root_home: '/root') end context 'normal entry' do let(:params) { { override_options: { 'mysqld' => { 'socket' => '/var/lib/mysql/mysql.sock' } } } } it do is_expected.to contain_file('mysql-config-file').with(mode: '0644', selinux_ignore_defaults: true).with_content(%r{socket = \/var\/lib\/mysql\/mysql.sock}) end end describe 'array entry' do let(:params) { { override_options: { 'mysqld' => { 'replicate-do-db' => ['base1', 'base2'] } } } } it do is_expected.to contain_file('mysql-config-file').with_content( %r{.*replicate-do-db = base1\nreplicate-do-db = base2.*}, ) end end describe 'skip-name-resolve set to an empty string' do let(:params) { { override_options: { 'mysqld' => { 'skip-name-resolve' => '' } } } } it { is_expected.to contain_file('mysql-config-file').with_content(%r{^skip-name-resolve$}) } end describe 'ssl set to true' do let(:params) { { override_options: { 'mysqld' => { 'ssl' => true } } } } it { is_expected.to contain_file('mysql-config-file').with_content(%r{ssl}) } it { is_expected.to contain_file('mysql-config-file').without_content(%r{ssl = true}) } end describe 'ssl set to false' do let(:params) { { override_options: { 'mysqld' => { 'ssl' => false } } } } it { is_expected.to contain_file('mysql-config-file').with_content(%r{ssl = false}) } end # ssl-disable (and ssl) are special cased within mysql. describe 'possibility of disabling ssl completely' do let(:params) { { override_options: { 'mysqld' => { 'ssl' => true, 'ssl-disable' => true } } } } it { is_expected.to contain_file('mysql-config-file').without_content(%r{ssl = true}) } end describe 'a non ssl option set to true' do let(:params) { { override_options: { 'mysqld' => { 'test' => true } } } } it { is_expected.to contain_file('mysql-config-file').with_content(%r{^test$}) } it { is_expected.to contain_file('mysql-config-file').without_content(%r{test = true}) } end context 'with includedir' do let(:params) { { includedir: '/etc/my.cnf.d' } } it 'makes the directory' do is_expected.to contain_file('/etc/my.cnf.d').with(ensure: :directory, mode: '0755') end it { is_expected.to contain_file('mysql-config-file').with_content(%r{!includedir}) } end context 'without includedir' do let(:params) { { includedir: '' } } it 'shouldnt contain the directory' do is_expected.not_to contain_file('mysql-config-file').with(ensure: :directory, mode: '0755') end it { is_expected.to contain_file('mysql-config-file').without_content(%r{!includedir}) } end context 'with file mode 0644' do let(:params) { { 'config_file_mode' => '0644' } } it do is_expected.to contain_file('mysql-config-file').with(mode: '0644') end end context 'with file mode 0664' do let(:params) { { 'config_file_mode' => '0664' } } it do is_expected.to contain_file('mysql-config-file').with(mode: '0664') end end context 'with file mode 0660' do let(:params) { { 'config_file_mode' => '0660' } } it do is_expected.to contain_file('mysql-config-file').with(mode: '0660') end end context 'with file mode 0641' do let(:params) { { 'config_file_mode' => '0641' } } it do is_expected.to contain_file('mysql-config-file').with(mode: '0641') end end context 'with file mode 0610' do let(:params) { { 'config_file_mode' => '0610' } } it do is_expected.to contain_file('mysql-config-file').with(mode: '0610') end end context 'with file 0600' do let(:params) { { 'config_file_mode' => '0600' } } it do is_expected.to contain_file('mysql-config-file').with(mode: '0600') end end context 'user owner 12345' do let(:params) { { 'mycnf_owner' => '12345' } } it do is_expected.to contain_file('mysql-config-file').with( owner: '12345', ) end end context 'group owner 12345' do let(:params) { { 'mycnf_group' => '12345' } } it do is_expected.to contain_file('mysql-config-file').with( group: '12345', ) end end context 'user and group owner 12345' do let(:params) { { 'mycnf_owner' => '12345', 'mycnf_group' => '12345' } } it do is_expected.to contain_file('mysql-config-file').with( owner: '12345', group: '12345', ) end end end end end diff --git a/spec/classes/mysql_backup_mysqldump_spec.rb b/spec/classes/mysql_backup_mysqldump_spec.rb index b5bb0e8..4afe8b3 100644 --- a/spec/classes/mysql_backup_mysqldump_spec.rb +++ b/spec/classes/mysql_backup_mysqldump_spec.rb @@ -1,56 +1,77 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::backup::mysqldump' do on_supported_os.each do |os, facts| context "on #{os}" do let(:pre_condition) do <<-EOF class { 'mysql::server': } EOF end let(:facts) do facts.merge(root_home: '/root') end let(:default_params) do { 'backupuser' => 'testuser', 'backuppassword' => 'testpass', 'backupdir' => '/tmp/mysql-backup', 'backuprotate' => '25', 'delete_before_dump' => true, 'execpath' => '/usr/bin:/usr/sbin:/bin:/sbin:/opt/zimbra/bin', 'maxallowedpacket' => '1M' } end context 'with time included' do let(:params) do { time: [23, 59, 30, 12, 6] }.merge(default_params) end it { is_expected.to contain_cron('mysql-backup').with( hour: 23, minute: 59, monthday: 30, month: 12, weekday: 6, ) } end context 'with defaults' do let(:params) { default_params } it { is_expected.to contain_cron('mysql-backup').with( command: '/usr/local/sbin/mysqlbackup.sh', ensure: 'present', hour: 23, minute: 5, ) } end + + context 'with compression_command' do + let(:params) do + { + compression_command: 'TEST -TEST', + compression_extension: '.TEST' + }.merge(default_params) + end + + it { + is_expected.to contain_file('mysqlbackup.sh').with_content( + %r{(\| TEST -TEST)}, + ) + is_expected.to contain_file('mysqlbackup.sh').with_content( + %r{(\.TEST)}, + ) + is_expected.not_to contain_package('bzip2') + } + end end end # rubocop:enable RSpec/NestedGroups end diff --git a/spec/classes/mysql_backup_xtrabackup_spec.rb b/spec/classes/mysql_backup_xtrabackup_spec.rb index a4daa2f..15ebab8 100644 --- a/spec/classes/mysql_backup_xtrabackup_spec.rb +++ b/spec/classes/mysql_backup_xtrabackup_spec.rb @@ -1,232 +1,238 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::backup::xtrabackup' do on_supported_os.each do |os, facts| context "on #{os}" do let(:pre_condition) do <<-EOF class { 'mysql::server': } EOF end let(:facts) do facts.merge(root_home: '/root') end let(:default_params) do { 'backupdir' => '/tmp' } end context 'with defaults' do let(:params) do default_params end it 'contains the wrapper script' do is_expected.to contain_file('xtrabackup.sh').with_content( %r{(\n*^xtrabackup\s+.*\$@)}, ) end package = if facts[:osfamily] == 'RedHat' if Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '8') >= 0 'percona-xtrabackup-24' elsif Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '7') >= 0 'percona-xtrabackup' else 'percona-xtrabackup-20' end elsif facts[:operatingsystem] == 'Debian' 'percona-xtrabackup-24' elsif facts[:operatingsystem] == 'Ubuntu' - if Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '16') >= 0 + if Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '20') >= 0 + 'percona-xtrabackup-24' + elsif Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '16') >= 0 'percona-xtrabackup' else 'percona-xtrabackup-24' end elsif facts[:osfamily] == 'Suse' 'xtrabackup' else 'percona-xtrabackup' end it 'contains the weekly cronjob' do is_expected.to contain_cron('xtrabackup-weekly') .with( ensure: 'present', command: '/usr/local/sbin/xtrabackup.sh --target-dir=/tmp/$(date +\%F)_full --backup', user: 'root', hour: '23', minute: '5', weekday: '0', ) .that_requires("Package[#{package}]") end it 'contains the daily cronjob for weekdays 1-6' do dateformat = case facts[:osfamily] when 'FreeBSD', 'OpenBSD' '$(date -v-sun +\%F)_full' else '$(date -d "last sunday" +\%F)_full' end is_expected.to contain_cron('xtrabackup-daily') .with( ensure: 'present', command: "/usr/local/sbin/xtrabackup.sh --incremental-basedir=/tmp/#{dateformat} --target-dir=/tmp/$(date +\\\%F_\\\%H-\\\%M-\\\%S) --backup", user: 'root', hour: '23', minute: '5', weekday: '1-6', ) .that_requires("Package[#{package}]") end end context 'with backupuser and backuppassword' do let(:params) do { backupuser: 'backupuser', backuppassword: 'backuppassword' }.merge(default_params) end it 'contains the defined mysql user' do is_expected.to contain_mysql_user('backupuser@localhost') .with( ensure: 'present', password_hash: '*4110E08DF51E70A4BA1D4E33A84205E38CF3FE58', ) .that_requires('Class[mysql::server::root_password]') is_expected.to contain_mysql_grant('backupuser@localhost/*.*') .with( ensure: 'present', user: 'backupuser@localhost', table: '*.*', privileges: ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT'], ) .that_requires('Mysql_user[backupuser@localhost]') end end context 'with additional cron args' do let(:params) do { additional_cron_args: '--backup --skip-ssl' }.merge(default_params) end package = if facts[:osfamily] == 'RedHat' if Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '8') >= 0 'percona-xtrabackup-24' elsif Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '7') >= 0 'percona-xtrabackup' else 'percona-xtrabackup-20' end elsif facts[:operatingsystem] == 'Debian' 'percona-xtrabackup-24' elsif facts[:operatingsystem] == 'Ubuntu' - if Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '16') >= 0 + if Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '20') >= 0 + 'percona-xtrabackup-24' + elsif Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '16') >= 0 'percona-xtrabackup' else 'percona-xtrabackup-24' end elsif facts[:osfamily] == 'Suse' 'xtrabackup' else 'percona-xtrabackup' end dateformat = case facts[:osfamily] when 'FreeBSD', 'OpenBSD' '$(date -v-sun +\%F)_full' else '$(date -d "last sunday" +\%F)_full' end it 'contains the weekly cronjob' do is_expected.to contain_cron('xtrabackup-weekly') .with( ensure: 'present', command: '/usr/local/sbin/xtrabackup.sh --target-dir=/tmp/$(date +\%F)_full --backup --skip-ssl', user: 'root', hour: '23', minute: '5', weekday: '0', ) .that_requires("Package[#{package}]") end it 'contains the daily cronjob for weekdays 1-6' do is_expected.to contain_cron('xtrabackup-daily') .with( ensure: 'present', command: "/usr/local/sbin/xtrabackup.sh --incremental-basedir=/tmp/#{dateformat} --target-dir=/tmp/$(date +\\\%F_\\\%H-\\\%M-\\\%S) --backup --skip-ssl", user: 'root', hour: '23', minute: '5', weekday: '1-6', ) .that_requires("Package[#{package}]") end end context 'with deactivated incremental backups' do let(:params) do { incremental_backups: false }.merge(default_params) end it 'not contains the weekly cronjob' do is_expected.not_to contain_cron('xtrabackup-weekly') end it 'contains the daily cronjob with all weekdays' do is_expected.to contain_cron('xtrabackup-daily').with( ensure: 'present', command: '/usr/local/sbin/xtrabackup.sh --target-dir=/tmp/$(date +\%F_\%H-\%M-\%S) --backup', user: 'root', hour: '23', minute: '5', weekday: '*', ) end end context 'with prescript defined' do let(:params) do { prescript: ['rsync -a /tmp backup01.local-lan:', 'rsync -a /tmp backup02.local-lan:'] }.merge(default_params) end it 'contains the prescript' do is_expected.to contain_file('xtrabackup.sh').with_content( %r{.*rsync -a \/tmp backup01.local-lan:\n\nrsync -a \/tmp backup02.local-lan:.*}, ) end end context 'with postscript defined' do let(:params) do { postscript: ['rsync -a /tmp backup01.local-lan:', 'rsync -a /tmp backup02.local-lan:'] }.merge(default_params) end it 'contains the prostscript' do is_expected.to contain_file('xtrabackup.sh').with_content( %r{.*rsync -a \/tmp backup01.local-lan:\n\nrsync -a \/tmp backup02.local-lan:.*}, ) end end context 'with mariabackup' do let(:params) do { backupmethod: 'mariabackup' }.merge(default_params) end it 'contain the mariabackup executor' do is_expected.to contain_file('xtrabackup.sh').with_content( %r{(\n*^mariabackup\s+.*\$@)}, ) end end end end # rubocop:enable RSpec/NestedGroups end diff --git a/spec/classes/mysql_bindings_spec.rb b/spec/classes/mysql_bindings_spec.rb index 1c2283b..ba0dc26 100644 --- a/spec/classes/mysql_bindings_spec.rb +++ b/spec/classes/mysql_bindings_spec.rb @@ -1,33 +1,35 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::bindings' do on_supported_os.each do |os, facts| next if facts[:osfamily] == 'Archlinux' context "on #{os}" do let(:facts) do facts.merge(root_home: '/root') end let(:params) do { 'java_enable' => true, 'perl_enable' => true, 'php_enable' => true, 'python_enable' => true, 'ruby_enable' => true, 'client_dev' => true, 'daemon_dev' => true, 'client_dev_package_name' => 'libmysqlclient-devel', 'daemon_dev_package_name' => 'mysql-devel', } end it { is_expected.to contain_package('mysql-connector-java') } it { is_expected.to contain_package('perl_mysql') } it { is_expected.to contain_package('python-mysqldb') } it { is_expected.to contain_package('ruby_mysql') } it { is_expected.to contain_package('mysql-client_dev') } it { is_expected.to contain_package('mysql-daemon_dev') } end end end diff --git a/spec/classes/mysql_client_spec.rb b/spec/classes/mysql_client_spec.rb index b44b3a2..18c1450 100644 --- a/spec/classes/mysql_client_spec.rb +++ b/spec/classes/mysql_client_spec.rb @@ -1,51 +1,53 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::client' do on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts.merge(root_home: '/root') end context 'with defaults' do it { is_expected.not_to contain_class('mysql::bindings') } it { is_expected.to contain_package('mysql_client') } end context 'with bindings enabled' do let(:params) { { bindings_enable: true } } it { is_expected.to contain_class('mysql::bindings') } it { is_expected.to contain_package('mysql_client') } end context 'with package_manage set to true' do let(:params) { { package_manage: true } } it { is_expected.to contain_package('mysql_client') } end context 'with package_manage set to false' do let(:params) { { package_manage: false } } it { is_expected.not_to contain_package('mysql_client') } end context 'with package provider' do let(:params) do { package_provider: 'dpkg', package_source: '/somewhere', } end it do is_expected.to contain_package('mysql_client').with( provider: 'dpkg', source: '/somewhere', ) end end end end end diff --git a/spec/classes/mysql_server_account_security_spec.rb b/spec/classes/mysql_server_account_security_spec.rb index 5b5e6a7..3750f5c 100644 --- a/spec/classes/mysql_server_account_security_spec.rb +++ b/spec/classes/mysql_server_account_security_spec.rb @@ -1,83 +1,85 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::server::account_security' do on_supported_os.each do |os, facts| context "on #{os}" do let(:pre_condition) do <<-EOF anchor {'mysql::server::end': } EOF end context 'with fqdn==myhost.mydomain' do let(:facts) do facts.merge(root_home: '/root', fqdn: 'myhost.mydomain', hostname: 'myhost') end ['root@myhost.mydomain', 'root@127.0.0.1', 'root@::1', '@myhost.mydomain', '@localhost', '@%'].each do |user| - it "removes Mysql_User[#{user}]" do # rubocop:disable RSpec/RepeatedExample + it "removes Mysql_User[#{user}]" do # rubocop:disable RSpec/RepeatedExample,RSpec/RepeatedDescription is_expected.to contain_mysql_user(user).with_ensure('absent') end end # When the hostname doesn't match the fqdn we also remove these. # We don't need to test the inverse as when they match they are # covered by the above list. ['root@myhost', '@myhost'].each do |user| - it "removes Mysql_User[#{user}]" do # rubocop:disable RSpec/RepeatedExample + it "removes Mysql_User[#{user}]" do # rubocop:disable RSpec/RepeatedExample,RSpec/RepeatedDescription is_expected.to contain_mysql_user(user).with_ensure('absent') end end it 'removes Mysql_database[test]' do is_expected.to contain_mysql_database('test').with_ensure('absent') end end context 'with fqdn==localhost' do let(:facts) do facts.merge(root_home: '/root', fqdn: 'localhost', hostname: 'localhost') end ['root@127.0.0.1', 'root@::1', '@localhost', 'root@localhost.localdomain', '@localhost.localdomain', '@%'].each do |user| it "removes Mysql_User[#{user}] for fqdn==localhost" do is_expected.to contain_mysql_user(user).with_ensure('absent') end end end context 'with fqdn==localhost.localdomain' do let(:facts) do facts.merge(root_home: '/root', fqdn: 'localhost.localdomain', hostname: 'localhost') end ['root@127.0.0.1', 'root@::1', '@localhost', 'root@localhost.localdomain', '@localhost.localdomain', '@%'].each do |user| it "removes Mysql_User[#{user}] for fqdn==localhost.localdomain" do is_expected.to contain_mysql_user(user).with_ensure('absent') end end end end end end diff --git a/spec/classes/mysql_server_backup_spec.rb b/spec/classes/mysql_server_backup_spec.rb index 02c9fa9..217f1bc 100644 --- a/spec/classes/mysql_server_backup_spec.rb +++ b/spec/classes/mysql_server_backup_spec.rb @@ -1,388 +1,390 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::server::backup' do on_supported_os.each do |os, facts| context "on #{os}" do let(:pre_condition) do <<-EOF class { 'mysql::server': } EOF end let(:facts) do facts.merge(root_home: '/root') end let(:default_params) do { 'backupuser' => 'testuser', 'backuppassword' => 'testpass', 'backupdir' => '/tmp/mysql-backup', 'backuprotate' => '25', 'delete_before_dump' => true, 'execpath' => '/usr/bin:/usr/sbin:/bin:/sbin:/opt/zimbra/bin', 'maxallowedpacket' => '1M' } end context 'standard conditions' do let(:params) { default_params } # Cannot use that_requires here, doesn't work on classes. it { is_expected.to contain_mysql_user('testuser@localhost').with( require: 'Class[Mysql::Server::Root_password]', ) } it { is_expected.to contain_mysql_grant('testuser@localhost/*.*').with( privileges: ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS'], ).that_requires('Mysql_user[testuser@localhost]') } context 'with triggers included' do let(:params) do { include_triggers: true }.merge(default_params) end it { is_expected.to contain_mysql_grant('testuser@localhost/*.*').with( privileges: ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS', 'TRIGGER'], ).that_requires('Mysql_user[testuser@localhost]') } end it { is_expected.to contain_cron('mysql-backup').with( command: '/usr/local/sbin/mysqlbackup.sh', ensure: 'present', ) } it { is_expected.to contain_file('mysqlbackup.sh').with( path: '/usr/local/sbin/mysqlbackup.sh', ensure: 'present', ) } it { is_expected.to contain_file('/tmp/mysql-backup').with( ensure: 'directory', ) } it 'has compression by default' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{bzcat -zc}, ) end it 'skips backing up events table by default' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="--ignore-table=mysql.event"}, ) end it 'does not mention triggers by default because file_per_database is false' do is_expected.to contain_file('mysqlbackup.sh').without_content( %r{.*triggers.*}, ) end it 'does not mention routines by default because file_per_database is false' do is_expected.to contain_file('mysqlbackup.sh').without_content( %r{.*routines.*}, ) end it 'has 25 days of rotation' do # MySQL counts from 0 is_expected.to contain_file('mysqlbackup.sh').with_content(%r{.*ROTATE=24.*}) end it 'has a standard PATH' do is_expected.to contain_file('mysqlbackup.sh').with_content(%r{PATH=/usr/bin:/usr/sbin:/bin:/sbin:/opt/zimbra/bin}) end end context 'with delete after dump' do let(:custom_params) do { 'delete_before_dump' => false, } end let(:params) do default_params.merge!(custom_params) end it { is_expected.to contain_file('mysqlbackup.sh').with_content(%r{touch /tmp/mysqlbackup_success}) } end context 'with delete after dump and custom success file path' do let(:custom_params) do { 'delete_before_dump' => false, 'backup_success_file_path' => '/opt/mysqlbackup_success', } end let(:params) do default_params.merge!(custom_params) end it { is_expected.to contain_file('mysqlbackup.sh').with_content(%r{touch /opt/mysqlbackup_success}) } end context 'custom ownership and mode for backupdir' do let(:params) do { backupdirmode: '0750', backupdirowner: 'testuser', backupdirgroup: 'testgrp' }.merge(default_params) end it { is_expected.to contain_file('/tmp/mysql-backup').with( ensure: 'directory', mode: '0750', owner: 'testuser', group: 'testgrp', ) } end context 'with compression disabled' do let(:params) do { backupcompress: false }.merge(default_params) end it { is_expected.to contain_file('mysqlbackup.sh').with( path: '/usr/local/sbin/mysqlbackup.sh', ensure: 'present', ) } it 'is able to disable compression' do is_expected.to contain_file('mysqlbackup.sh').without_content( %r{.*bzcat -zc.*}, ) end end context 'with mysql.events backedup' do let(:params) do { ignore_events: false }.merge(default_params) end it { is_expected.to contain_file('mysqlbackup.sh').with( path: '/usr/local/sbin/mysqlbackup.sh', ensure: 'present', ) } it 'is able to backup events table' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="--events"}, ) end end context 'with database list specified' do let(:params) do { backupdatabases: ['mysql'] }.merge(default_params) end it { is_expected.to contain_file('mysqlbackup.sh').with( path: '/usr/local/sbin/mysqlbackup.sh', ensure: 'present', ) } it 'has a backup file for each database' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{mysql | bzcat -zc \${DIR}\\\${PREFIX}mysql_`date'}, ) end it 'skips backup triggers by default' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-triggers"}, ) end it 'skips backing up routines by default' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-routines"}, ) end context 'with include_triggers set to true' do let(:params) do default_params.merge(backupdatabases: ['mysql'], include_triggers: true) end it 'backups triggers when asked' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --triggers"}, ) end end context 'with include_triggers set to false' do let(:params) do default_params.merge(backupdatabases: ['mysql'], include_triggers: false) end it 'skips backing up triggers when asked to skip' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-triggers"}, ) end end context 'with include_routines set to true' do let(:params) do default_params.merge(backupdatabases: ['mysql'], include_routines: true) end it 'backups routines when asked' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --routines"}, ) end end context 'with include_routines set to false' do let(:params) do default_params.merge(backupdatabases: ['mysql'], include_triggers: true) end it 'skips backing up routines when asked to skip' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-routines"}, ) end end end context 'with file per database' do let(:params) do default_params.merge(file_per_database: true) end it 'loops through backup all databases' do is_expected.to contain_file('mysqlbackup.sh').with_content(%r{.*SHOW DATABASES.*}) end context 'with compression disabled' do let(:params) do default_params.merge(file_per_database: true, backupcompress: false) end it 'loops through backup all databases without compression #show databases' do is_expected.to contain_file('mysqlbackup.sh').with_content(%r{.*SHOW DATABASES.*}) end it 'loops through backup all databases without compression #bzcat' do is_expected.to contain_file('mysqlbackup.sh').without_content(%r{.*bzcat -zc.*}) end end it 'skips backup triggers by default' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-triggers"}, ) end it 'skips backing up routines by default' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-routines"}, ) end context 'with include_triggers set to true' do let(:params) do default_params.merge(file_per_database: true, include_triggers: true) end it 'backups triggers when asked' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --triggers"}, ) end end context 'with include_triggers set to false' do let(:params) do default_params.merge(file_per_database: true, include_triggers: false) end it 'skips backing up triggers when asked to skip' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-triggers"}, ) end end context 'with include_routines set to true' do let(:params) do default_params.merge(file_per_database: true, include_routines: true) end it 'backups routines when asked' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --routines"}, ) end end context 'with include_routines set to false' do let(:params) do default_params.merge(file_per_database: true, include_triggers: true) end it 'skips backing up routines when asked to skip' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{ADDITIONAL_OPTIONS="\$ADDITIONAL_OPTIONS --skip-routines"}, ) end end end context 'with postscript' do let(:params) do default_params.merge(postscript: 'rsync -a /tmp backup01.local-lan:') end it 'is add postscript' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{rsync -a \/tmp backup01.local-lan:}, ) end end context 'with postscripts' do let(:params) do default_params.merge(postscript: [ 'rsync -a /tmp backup01.local-lan:', 'rsync -a /tmp backup02.local-lan:', ]) end it 'is add postscript' do is_expected.to contain_file('mysqlbackup.sh').with_content( %r{.*rsync -a \/tmp backup01.local-lan:\n\nrsync -a \/tmp backup02.local-lan:.*}, ) end end end end # rubocop:enable RSpec/NestedGroups end diff --git a/spec/classes/mysql_server_monitor_spec.rb b/spec/classes/mysql_server_monitor_spec.rb deleted file mode 100644 index 1a79ad7..0000000 --- a/spec/classes/mysql_server_monitor_spec.rb +++ /dev/null @@ -1,36 +0,0 @@ -require 'spec_helper' -describe 'mysql::server::monitor' do - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(root_home: '/root') - end - - let :pre_condition do - "include 'mysql::server'" - end - - let :default_params do - { - mysql_monitor_username: 'monitoruser', - mysql_monitor_password: 'monitorpass', - mysql_monitor_hostname: 'monitorhost', - } - end - - let :params do - default_params - end - - it { is_expected.to contain_mysql_user('monitoruser@monitorhost') } - - it { - is_expected.to contain_mysql_grant('monitoruser@monitorhost/*.*').with( - ensure: 'present', user: 'monitoruser@monitorhost', - table: '*.*', privileges: ['PROCESS', 'SUPER'], - require: 'Mysql_user[monitoruser@monitorhost]' - ) - } - end - end -end diff --git a/spec/classes/mysql_server_mysqltuner_spec.rb b/spec/classes/mysql_server_mysqltuner_spec.rb deleted file mode 100644 index ec31f1b..0000000 --- a/spec/classes/mysql_server_mysqltuner_spec.rb +++ /dev/null @@ -1,35 +0,0 @@ -require 'spec_helper' - -describe 'mysql::server::mysqltuner' do - context 'ensure => present' do - it { is_expected.to compile } - it { - is_expected.to contain_file('/usr/local/bin/mysqltuner') - } - end - - context 'ensure => absent' do - let(:params) { { ensure: 'absent' } } - - it { is_expected.to compile } - it { is_expected.to contain_file('/usr/local/bin/mysqltuner').with(ensure: 'absent') } - end - - context 'custom version' do - let(:params) { { version: 'v1.2.0' } } - - it { is_expected.to compile } - it { - is_expected.to contain_file('/usr/local/bin/mysqltuner') - } - end - - context 'custom source' do - let(:params) { { source: '/tmp/foo' } } - - it { is_expected.to compile } - it { - is_expected.to contain_file('/usr/local/bin/mysqltuner') - } - end -end diff --git a/spec/classes/mysql_server_spec.rb b/spec/classes/mysql_server_spec.rb index 066140b..e354f0c 100644 --- a/spec/classes/mysql_server_spec.rb +++ b/spec/classes/mysql_server_spec.rb @@ -1,296 +1,321 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::server' do on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts.merge(root_home: '/root') end context 'with defaults' do it { is_expected.to contain_class('mysql::server::install') } it { is_expected.to contain_class('mysql::server::config') } it { is_expected.to contain_class('mysql::server::service') } it { is_expected.to contain_class('mysql::server::root_password') } it { is_expected.to contain_class('mysql::server::providers') } end context 'with remove_default_accounts set' do let(:params) { { remove_default_accounts: true } } it { is_expected.to contain_class('mysql::server::account_security') } end context 'when not managing config file' do let(:params) { { manage_config_file: false } } it { is_expected.to compile.with_all_deps } end context 'when not managing the service' do let(:params) { { service_manage: false } } it { is_expected.to compile.with_all_deps } it { is_expected.not_to contain_service('mysqld') } end context 'configuration options' do context 'when specifying both $override_options and $options' do let(:params) do { override_options: { 'mysqld' => { 'datadir' => '/tmp' } }, options: { 'mysqld' => { 'max_allowed_packet' => '12M' } }, } end it { is_expected.to compile.and_raise_error(%r{You can't specify \$options and \$override_options simultaneously, see the README section 'Customize server options'!}) } end context 'when specifying $options' do let(:params) do { options: { 'mysqld' => { 'datadir' => '/tmp' } }, } end it { is_expected.to compile.with_all_deps } it { is_expected.to contain_mysql_datadir('/tmp') } it { is_expected.not_to contain_mysql_bind_addr('127.0.0.1') } end end context 'mysql::server::install' do it 'contains the package by default' do is_expected.to contain_package('mysql-server').with(ensure: :present) end context 'with package_manage set to true' do let(:params) { { package_manage: true } } it { is_expected.to contain_package('mysql-server') } end context 'with package_manage set to false' do let(:params) { { package_manage: false } } it { is_expected.not_to contain_package('mysql-server') } end context 'with datadir overridden' do let(:params) { { override_options: { 'mysqld' => { 'datadir' => '/tmp' } } } } it { is_expected.to contain_mysql_datadir('/tmp') } end context 'with package provider' do let(:params) do { package_provider: 'dpkg', package_source: '/somewhere', } end it do is_expected.to contain_package('mysql-server').with( provider: 'dpkg', source: '/somewhere', ) end end end context 'mysql::server::service' do context 'with defaults' do it { is_expected.to contain_service('mysqld') } end context 'with package_manage set to true' do let(:params) { { package_manage: true } } it { is_expected.to contain_service('mysqld').that_requires('Package[mysql-server]') } end context 'with package_manage set to false' do let(:params) { { package_manage: false } } it { is_expected.to contain_service('mysqld') } it { is_expected.not_to contain_service('mysqld').that_requires('Package[mysql-server]') } end context 'service_enabled set to false' do let(:params) { { service_enabled: false } } it do is_expected.to contain_service('mysqld').with(ensure: :stopped) end context 'with package_manage set to true' do let(:params) { { package_manage: true } } it { is_expected.to contain_package('mysql-server') } end context 'with package_manage set to false' do let(:params) { { package_manage: false } } it { is_expected.not_to contain_package('mysql-server') } end context 'with datadir overridden' do let(:params) { { override_options: { 'mysqld' => { 'datadir' => '/tmp' } } } } it { is_expected.to contain_mysql_datadir('/tmp') } end end context 'with log-error overridden' do let(:params) { { override_options: { 'mysqld' => { 'log-error' => '/tmp/error.log' } } } } it { is_expected.to contain_file('/tmp/error.log') } end context 'default bind-address' do it { is_expected.to contain_file('mysql-config-file').with_content(%r{^bind-address = 127.0.0.1}) } end context 'with defined bind-address' do let(:params) { { override_options: { 'mysqld' => { 'bind-address' => '1.1.1.1' } } } } it { is_expected.to contain_file('mysql-config-file').with_content(%r{^bind-address = 1.1.1.1}) } end context 'without bind-address' do let(:params) { { override_options: { 'mysqld' => { 'bind-address' => :undef } } } } it { is_expected.to contain_file('mysql-config-file').without_content(%r{^bind-address}) } end end context 'mysql::server::root_password' do describe 'when defaults' do it { is_expected.to contain_exec('remove install pass').with( command: 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /.mysql_secret) password \'\' && rm -f /.mysql_secret', onlyif: 'test -f /.mysql_secret', path: '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin', ) } it { is_expected.not_to contain_mysql_user('root@localhost') } it { is_expected.not_to contain_file('/root/.my.cnf') } end describe 'when root_password set' do let(:params) { { root_password: 'SET' } } it { is_expected.to contain_mysql_user('root@localhost') } if Puppet.version.to_f >= 3.0 it { is_expected.to contain_file('/root/.my.cnf').with(show_diff: false).that_requires('Mysql_user[root@localhost]') } else it { is_expected.to contain_file('/root/.my.cnf').that_requires('Mysql_user[root@localhost]') } end end describe 'when root_password set, create_root_user set to false' do let(:params) { { root_password: 'SET', create_root_user: false } } it { is_expected.not_to contain_mysql_user('root@localhost') } if Puppet.version.to_f >= 3.0 it { is_expected.to contain_file('/root/.my.cnf').with(show_diff: false) } else it { is_expected.to contain_file('/root/.my.cnf') } end end describe 'when root_password set, create_root_my_cnf set to false' do let(:params) { { root_password: 'SET', create_root_my_cnf: false } } it { is_expected.to contain_mysql_user('root@localhost') } it { is_expected.not_to contain_file('/root/.my.cnf') } end describe 'when root_password set, create_root_user and create_root_my_cnf set to false' do let(:params) { { root_password: 'SET', create_root_user: false, create_root_my_cnf: false } } it { is_expected.not_to contain_mysql_user('root@localhost') } it { is_expected.not_to contain_file('/root/.my.cnf') } end describe 'when install_secret_file set to /root/.mysql_secret' do let(:params) { { install_secret_file: '/root/.mysql_secret' } } it { is_expected.to contain_exec('remove install pass').with( command: 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /root/.mysql_secret) password \'\' && rm -f /root/.mysql_secret', onlyif: 'test -f /root/.mysql_secret', ) } end end context 'mysql::server::providers' do describe 'with users' do let(:params) do { users: { 'foo@localhost' => { 'max_connections_per_hour' => '1', 'max_queries_per_hour' => '2', 'max_updates_per_hour' => '3', 'max_user_connections' => '4', 'password_hash' => '*F3A2A51A9B0F2BE2468926B4132313728C250DBF', }, 'foo2@localhost' => {}, } } end it { is_expected.to contain_mysql_user('foo@localhost').with( max_connections_per_hour: '1', max_queries_per_hour: '2', max_updates_per_hour: '3', max_user_connections: '4', password_hash: '*F3A2A51A9B0F2BE2468926B4132313728C250DBF' ) } it { is_expected.to contain_mysql_user('foo2@localhost').with( max_connections_per_hour: nil, max_queries_per_hour: nil, max_updates_per_hour: nil, max_user_connections: nil, password_hash: nil ) } end + describe 'with users and Sensitive password_hash' do + let(:params) do + { users: { + 'foo@localhost' => { + 'max_connections_per_hour' => '1', + 'max_queries_per_hour' => '2', + 'max_updates_per_hour' => '3', + 'max_user_connections' => '4', + 'password_hash' => sensitive('*F3A2A51A9B0F2BE2468926B4132313728C250DBF'), + }, + 'foo2@localhost' => {}, + } } + end + + it { + is_expected.to contain_mysql_user('foo@localhost').with( + max_connections_per_hour: '1', max_queries_per_hour: '2', + max_updates_per_hour: '3', max_user_connections: '4', + password_hash: 'Sensitive [value redacted]' + ) + } + end + describe 'with grants' do let(:params) do { grants: { 'foo@localhost/somedb.*' => { 'user' => 'foo@localhost', 'table' => 'somedb.*', 'privileges' => ['SELECT', 'UPDATE'], 'options' => ['GRANT'], }, 'foo2@localhost/*.*' => { 'user' => 'foo2@localhost', 'table' => '*.*', 'privileges' => ['SELECT'], }, } } end it { is_expected.to contain_mysql_grant('foo@localhost/somedb.*').with( user: 'foo@localhost', table: 'somedb.*', privileges: ['SELECT', 'UPDATE'], options: ['GRANT'] ) } it { is_expected.to contain_mysql_grant('foo2@localhost/*.*').with( user: 'foo2@localhost', table: '*.*', privileges: ['SELECT'], options: nil ) } end describe 'with databases' do let(:params) do { databases: { 'somedb' => { 'charset' => 'latin1', 'collate' => 'latin1', }, 'somedb2' => {}, } } end it { is_expected.to contain_mysql_database('somedb').with( charset: 'latin1', collate: 'latin1', ) } it { is_expected.to contain_mysql_database('somedb2') } end end end end # rubocop:enable RSpec/NestedGroups end diff --git a/spec/defines/mysql_db_spec.rb b/spec/defines/mysql_db_spec.rb index 8c175bf..688e7b7 100644 --- a/spec/defines/mysql_db_spec.rb +++ b/spec/defines/mysql_db_spec.rb @@ -1,82 +1,84 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::db', type: :define do on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts.merge(root_home: '/root') end let(:title) { 'test_db' } let(:params) do { 'user' => 'testuser', 'password' => 'testpass', 'mysql_exec_path' => '' } end it 'does not notify the import sql exec if no sql script was provided' do is_expected.to contain_mysql_database('test_db').without_notify end it 'subscribes to database if sql script is given' do params['sql'] = 'test_sql' is_expected.to contain_mysql_database('test_db') is_expected.to contain_exec('test_db-import').with_subscribe('Mysql_database[test_db]') end it 'onlies import sql script on creation if not enforcing' do params.merge!('sql' => 'test_sql', 'enforce_sql' => false) is_expected.to contain_exec('test_db-import').with_refreshonly(true) end it 'imports sql script on creation' do params.merge!('sql' => 'test_sql', 'enforce_sql' => true) # ' if enforcing #refreshonly' is_expected.to contain_exec('test_db-import').with_refreshonly(false) # 'if enforcing #command' is_expected.to contain_exec('test_db-import').with_command('cat test_sql | mysql test_db') end it 'imports sql script with custom command on creation ' do params.merge!('sql' => 'test_sql', 'enforce_sql' => true, 'import_cat_cmd' => 'zcat') # if enforcing #refreshonly is_expected.to contain_exec('test_db-import').with_refreshonly(false) # if enforcing #command is_expected.to contain_exec('test_db-import').with_command('zcat test_sql | mysql test_db') end it 'imports sql scripts when more than one is specified' do params['sql'] = ['test_sql', 'test_2_sql'] is_expected.to contain_exec('test_db-import').with_command('cat test_sql test_2_sql | mysql test_db') end it 'does not create database' do params.merge!('ensure' => 'absent', 'host' => 'localhost') is_expected.to contain_mysql_database('test_db').with_ensure('absent') is_expected.to contain_mysql_user('testuser@localhost').with_ensure('absent') end it 'creates with an appropriate collate and charset' do params.merge!('charset' => 'utf8', 'collate' => 'utf8_danish_ci') is_expected.to contain_mysql_database('test_db').with('charset' => 'utf8', 'collate' => 'utf8_danish_ci') end it 'uses dbname parameter as database name instead of name' do params['dbname'] = 'real_db' is_expected.to contain_mysql_database('real_db') end it 'uses tls_options for user when set' do params['tls_options'] = ['SSL'] is_expected.to contain_mysql_user('testuser@localhost').with_tls_options(['SSL']) end it 'uses grant_options for grant when set' do params['grant_options'] = ['GRANT'] is_expected.to contain_mysql_grant('testuser@localhost/test_db.*').with_options(['GRANT']) end end end end diff --git a/spec/functions/mysql_normalise_and_deepmerge_spec.rb b/spec/functions/mysql_normalise_and_deepmerge_spec.rb index d1c94f8..67cabfa 100644 --- a/spec/functions/mysql_normalise_and_deepmerge_spec.rb +++ b/spec/functions/mysql_normalise_and_deepmerge_spec.rb @@ -1,92 +1,94 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::normalise_and_deepmerge' do it 'exists' do is_expected.not_to eq(nil) end it 'throws error with no arguments' do is_expected.to run.with_params.and_raise_error(Puppet::ParseError) end it 'throws error with only one argument' do is_expected.to run.with_params('one' => 1).and_raise_error(Puppet::ParseError) end it 'accepts empty strings as puppet undef' do is_expected.to run.with_params({}, '') end # rubocop:disable RSpec/NamedSubject index_values = ['one', 'two', 'three'] expected_values_one = ['1', '2', '2'] it 'merge two hashes' do new_hash = subject.execute({ 'one' => '1', 'two' => '1' }, 'two' => '2', 'three' => '2') index_values.each_with_index do |index, expected| expect(new_hash[index]).to eq(expected_values_one[expected]) end end it 'merges multiple hashes' do hash = subject.execute({ 'one' => 1 }, { 'one' => '2' }, 'one' => '3') expect(hash['one']).to eq('3') end it 'accepts empty hashes' do is_expected.to run.with_params({}, {}, {}).and_return({}) end expected_values_two = [1, 2, 'four' => 4] it 'merges subhashes' do hash = subject.execute({ 'one' => 1 }, 'two' => 2, 'three' => { 'four' => 4 }) index_values.each_with_index do |index, expected| expect(hash[index]).to eq(expected_values_two[expected]) end end it 'appends to subhashes' do hash = subject.execute({ 'one' => { 'two' => 2 } }, 'one' => { 'three' => 3 }) expect(hash['one']).to eq('two' => 2, 'three' => 3) end expected_values_three = [1, 'dos', { 'four' => 4, 'five' => 5 }] it 'appends to subhashes 2' do hash = subject.execute({ 'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } }, 'two' => 'dos', 'three' => { 'five' => 5 }) index_values.each_with_index do |index, expected| expect(hash[index]).to eq(expected_values_three[expected]) end end index_values_two = ['key1', 'key2'] expected_values_four = [{ 'a' => 1, 'b' => 99 }, 'c' => 3] it 'appends to subhashes 3' do hash = subject.execute({ 'key1' => { 'a' => 1, 'b' => 2 }, 'key2' => { 'c' => 3 } }, 'key1' => { 'b' => 99 }) index_values_two.each_with_index do |index, expected| expect(hash[index]).to eq(expected_values_four[expected]) end end it 'equates keys mod dash and underscore #value' do hash = subject.execute({ 'a-b-c' => 1 }, 'a_b_c' => 10) expect(hash['a_b_c']).to eq(10) end it 'equates keys mod dash and underscore #not' do hash = subject.execute({ 'a-b-c' => 1 }, 'a_b_c' => 10) expect(hash).not_to have_key('a-b-c') end index_values_three = ['a_b_c', 'b-c-d'] expected_values_five = [10, { 'e-f-g' => 3, 'c_d_e' => 12 }] index_values_error = ['a-b-c', 'b_c_d'] index_values_three.each_with_index do |index, expected| it 'keeps style of the last when keys are equal mod dash and underscore #value' do hash = subject.execute({ 'a-b-c' => 1, 'b_c_d' => { 'c-d-e' => 2, 'e-f-g' => 3 } }, 'a_b_c' => 10, 'b-c-d' => { 'c_d_e' => 12 }) expect(hash[index]).to eq(expected_values_five[expected]) end it 'keeps style of the last when keys are equal mod dash and underscore #not' do hash = subject.execute({ 'a-b-c' => 1, 'b_c_d' => { 'c-d-e' => 2, 'e-f-g' => 3 } }, 'a_b_c' => 10, 'b-c-d' => { 'c_d_e' => 12 }) expect(hash).not_to have_key(index_values_error[expected]) end end # rubocop:enable RSpec/NamedSubject end diff --git a/spec/functions/mysql_password_spec.rb b/spec/functions/mysql_password_spec.rb index a1dfffc..efbc3d3 100644 --- a/spec/functions/mysql_password_spec.rb +++ b/spec/functions/mysql_password_spec.rb @@ -1,41 +1,53 @@ +# frozen_string_literal: true + require 'spec_helper' shared_examples 'mysql::password function' do it 'exists' do is_expected.not_to eq(nil) end it 'raises a ArgumentError if there is less than 1 arguments' do is_expected.to run.with_params.and_raise_error(ArgumentError) end - it 'raises a ArgumentError if there is more than 1 arguments' do - is_expected.to run.with_params('foo', 'bar').and_raise_error(ArgumentError) + it 'raises a ArgumentError if there is more than 2 arguments' do + is_expected.to run.with_params('foo', false, 'bar').and_raise_error(ArgumentError) end it 'converts password into a hash' do is_expected.to run.with_params('password').and_return('*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19') end + it 'accept password as Sensitive' do + is_expected.to run.with_params(sensitive('password')).and_return('*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19') + end + + # Test of a Returnvalue of Datatype Sensitive does not work + it 'returns Sensitive with sensitive=true' do + skip 'should have a Returnvalue of Datatype Sensitive' + is_expected.to run.with_params('password', true).and_return(sensitive('*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19')) + end + it 'password should be String' do is_expected.to run.with_params(123).and_raise_error(ArgumentError) end it 'converts an empty password into a empty string' do is_expected.to run.with_params('').and_return('') end it 'does not convert a password that is already a hash' do is_expected.to run.with_params('*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19').and_return('*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19') end end describe 'mysql::password' do it_behaves_like 'mysql::password function' describe 'non-namespaced shim' do describe 'mysql_password', type: :puppet_function do it_behaves_like 'mysql::password function' end end end diff --git a/spec/functions/mysql_strip_hash_spec.rb b/spec/functions/mysql_strip_hash_spec.rb index be67046..1bc60b6 100644 --- a/spec/functions/mysql_strip_hash_spec.rb +++ b/spec/functions/mysql_strip_hash_spec.rb @@ -1,27 +1,29 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'mysql::strip_hash' do it 'exists' do is_expected.not_to eq(nil) end it 'raises a ArgumentError if there is less than 1 arguments' do is_expected.to run.with_params.and_raise_error(ArgumentError) end it 'raises a ArgumentError if there is more than 1 arguments' do is_expected.to run.with_params({ 'foo' => 1 }, 'bar' => 2).and_raise_error(ArgumentError) end it 'raises a ArgumentError if argument is not a hash' do is_expected.to run.with_params('foo').and_raise_error(ArgumentError) end it 'passes a hash without blanks through' do is_expected.to run.with_params('one' => 1, 'two' => 2, 'three' => 3).and_return('one' => 1, 'two' => 2, 'three' => 3) end it 'removes blank hash elements' do is_expected.to run.with_params('one' => 1, 'two' => '', 'three' => nil, 'four' => 4).and_return('one' => 1, 'three' => nil, 'four' => 4) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 4ee263f..fb5b4d9 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,59 +1,75 @@ # frozen_string_literal: true +RSpec.configure do |c| + c.mock_with :rspec +end + require 'puppetlabs_spec_helper/module_spec_helper' require 'rspec-puppet-facts' require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) include RspecPuppetFacts default_facts = { puppetversion: Puppet.version, facterversion: Facter.version, } default_fact_files = [ File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), ] default_fact_files.each do |f| next unless File.exist?(f) && File.readable?(f) && File.size?(f) begin default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) rescue => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end end # read default_facts and merge them over what is provided by facterdb default_facts.each do |fact, value| add_custom_fact fact, value end RSpec.configure do |c| c.default_facts = default_facts c.before :each do # set to strictest setting for testing # by default Puppet runs at warning level Puppet.settings[:strict] = :warning Puppet.settings[:strict_variables] = true end c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] c.after(:suite) do RSpec::Puppet::Coverage.report!(0) end + + # Filter backtrace noise + backtrace_exclusion_patterns = [ + %r{spec_helper}, + %r{gems}, + ] + + if c.respond_to?(:backtrace_exclusion_patterns) + c.backtrace_exclusion_patterns = backtrace_exclusion_patterns + elsif c.respond_to?(:backtrace_clean_patterns) + c.backtrace_clean_patterns = backtrace_exclusion_patterns + end end # Ensures that a module is defined # @param module_name Name of the module def ensure_module_defined(module_name) module_name.split('::').reduce(Object) do |last_module, next_module| last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) last_module.const_get(next_module, false) end end # 'spec_overrides' from sync.yml will appear below this line require 'spec_helper_local' diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb index 376b413..267f555 100644 --- a/spec/spec_helper_acceptance_local.rb +++ b/spec/spec_helper_acceptance_local.rb @@ -1,34 +1,53 @@ # frozen_string_literal: true require 'singleton' class LitmusHelper include Singleton include PuppetLitmus end -def pre_run - LitmusHelper.instance.apply_manifest("class { 'mysql::server': root_password => 'password' }", catch_failures: true) -end - def mysql_version shell_output = LitmusHelper.instance.run_shell('mysql --version', expect_failures: true) if shell_output.stdout.match(%r{\d+\.\d+\.\d+}).nil? - pre_run + # mysql is not yet installed, so we apply this class to install it + LitmusHelper.instance.apply_manifest('include mysql::server', debug: true, catch_failures: true) shell_output = LitmusHelper.instance.run_shell('mysql --version') raise _('unable to get mysql version') if shell_output.stdout.match(%r{\d+\.\d+\.\d+}).nil? end mysql_version = shell_output.stdout.match(%r{\d+\.\d+\.\d+})[0] mysql_version end +def export_locales + LitmusHelper.instance.run_shell('echo export PATH="/opt/puppetlabs/bin:$PATH" > ~/.bashrc') + LitmusHelper.instance.run_shell('echo export LC_ALL="C" > /etc/profile.d/my-custom.lang.sh') + LitmusHelper.instance.run_shell('echo "## US English ##" >> /etc/profile.d/my-custom.lang.sh') + LitmusHelper.instance.run_shell('echo export LANG=en_US.UTF-8 >> /etc/profile.d/my-custom.lang.sh') + LitmusHelper.instance.run_shell('echo export LANGUAGE=en_US.UTF-8 >> /etc/profile.d/my-custom.lang.sh') + LitmusHelper.instance.run_shell('echo export LC_COLLATE=C >> /etc/profile.d/my-custom.lang.sh') + LitmusHelper.instance.run_shell('echo export LC_CTYPE=en_US.UTF-8 >> /etc/profile.d/my-custom.lang.sh') + LitmusHelper.instance.run_shell('source /etc/profile.d/my-custom.lang.sh') + LitmusHelper.instance.run_shell('echo export LC_ALL="C" >> ~/.bashrc') + LitmusHelper.instance.run_shell('source ~/.bashrc') +end + +def fetch_charset + @charset ||= if os[:family] == 'ubuntu' && os[:release] =~ %r{^20\.04} + 'utf8mb3' + else + 'utf8' + end +end + RSpec.configure do |c| c.before :suite do if os[:family] == 'debian' || os[:family] == 'ubuntu' # needed for the puppet fact LitmusHelper.instance.apply_manifest("package { 'lsb-release': ensure => installed, }", expect_failures: false) + LitmusHelper.instance.apply_manifest("package { 'ap': ensure => installed, }", expect_failures: false) end # needed for the grant tests, not installed on el7 docker images LitmusHelper.instance.apply_manifest("package { 'which': ensure => installed, }", expect_failures: false) end end diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index 0a0c2d7..937b686 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -1,31 +1,33 @@ +# frozen_string_literal: true + require 'rspec-puppet-facts' include RspecPuppetFacts if ENV['COVERAGE'] == 'yes' require 'simplecov' require 'simplecov-console' require 'codecov' SimpleCov.formatters = [ SimpleCov::Formatter::HTMLFormatter, SimpleCov::Formatter::Console, SimpleCov::Formatter::Codecov, ] SimpleCov.start do track_files 'lib/**/*.rb' add_filter '/spec' # do not track vendored files add_filter '/vendor' add_filter '/.vendor' # do not track gitignored files # this adds about 4 seconds to the coverage check # this could definitely be optimized add_filter do |f| # system returns true if exit status is 0, which with git-check-ignore means file is ignored system("git check-ignore --quiet #{f.filename}") end end end diff --git a/spec/unit/facter/mysql_server_id_spec.rb b/spec/unit/facter/mysql_server_id_spec.rb index aab8c52..ee8b75c 100644 --- a/spec/unit/facter/mysql_server_id_spec.rb +++ b/spec/unit/facter/mysql_server_id_spec.rb @@ -1,36 +1,38 @@ +# frozen_string_literal: true + require 'spec_helper' describe Facter::Util::Fact.to_s do before(:each) do Facter.clear end describe 'mysql_server_id' do context "igalic's laptop" do before :each do - Facter.fact(:macaddress).stubs(:value).returns('3c:97:0e:69:fb:e1') + allow(Facter.fact(:macaddress)).to receive(:value).and_return('3c:97:0e:69:fb:e1') end it do Facter.fact(:mysql_server_id).value.to_s.should == '241857808' end end context 'node with lo only' do before :each do - Facter.fact(:macaddress).stubs(:value).returns('00:00:00:00:00:00') + allow(Facter.fact(:macaddress)).to receive(:value).and_return('00:00:00:00:00:00') end it do Facter.fact(:mysql_server_id).value.to_s.should == '1' end end context 'test nil case' do before :each do - Facter.fact(:macaddress).stubs(:value).returns(nil) + allow(Facter.fact(:macaddress)).to receive(:value).and_return(nil) end it do Facter.fact(:mysql_server_id).value.to_s.should == '' end end end end diff --git a/spec/unit/facter/mysql_version_spec.rb b/spec/unit/facter/mysql_version_spec.rb index 07ddbc6..825fb48 100644 --- a/spec/unit/facter/mysql_version_spec.rb +++ b/spec/unit/facter/mysql_version_spec.rb @@ -1,19 +1,21 @@ +# frozen_string_literal: true + require 'spec_helper' describe Facter::Util::Fact.to_s do before(:each) do Facter.clear end describe 'mysql_version' do context 'with value' do before :each do - Facter::Core::Execution.stubs(:which).returns('fake_mysql_path') - Facter::Util::Resolution.stubs(:exec).with('mysql --version').returns('mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using readline 5.1') + allow(Facter::Core::Execution).to receive(:which).and_return('fake_mysql_path') + allow(Facter::Util::Resolution).to receive(:exec).with('mysql --version').and_return('mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using readline 5.1') end it { expect(Facter.fact(:mysql_version).value).to eq('5.0.95') } end end end diff --git a/spec/unit/facter/mysqld_version_spec.rb b/spec/unit/facter/mysqld_version_spec.rb index 3d38e3c..fafc197 100644 --- a/spec/unit/facter/mysqld_version_spec.rb +++ b/spec/unit/facter/mysqld_version_spec.rb @@ -1,19 +1,22 @@ +# frozen_string_literal: true + require 'spec_helper' describe Facter::Util::Fact.to_s do before(:each) do Facter.clear end describe 'mysqld_version' do context 'with value' do before :each do - Facter::Core::Execution.stubs(:which).with('mysqld').returns('/usr/sbin/mysqld') - Facter::Util::Resolution.stubs(:exec).with('mysqld --no-defaults -V 2>/dev/null').returns('mysqld Ver 5.5.49-37.9 for Linux on x86_64 (Percona Server (GPL), Release 37.9, Revision efa0073)') + allow(Facter::Core::Execution).to receive(:which).with('mysqld').and_return('/usr/sbin/mysqld') + allow(Facter::Util::Resolution).to receive(:exec).with('mysqld --no-defaults -V 2>/dev/null') + .and_return('mysqld Ver 5.5.49-37.9 for Linux on x86_64 (Percona Server (GPL), Release 37.9, Revision efa0073)') end it { expect(Facter.fact(:mysqld_version).value).to eq('mysqld Ver 5.5.49-37.9 for Linux on x86_64 (Percona Server (GPL), Release 37.9, Revision efa0073)') } end end end diff --git a/spec/unit/puppet/provider/mysql_database/mysql_spec.rb b/spec/unit/puppet/provider/mysql_database/mysql_spec.rb index 4e29f33..cd974c4 100644 --- a/spec/unit/puppet/provider/mysql_database/mysql_spec.rb +++ b/spec/unit/puppet/provider/mysql_database/mysql_spec.rb @@ -1,112 +1,115 @@ +# frozen_string_literal: true + require 'spec_helper' describe Puppet::Type.type(:mysql_database).provider(:mysql) do let(:defaults_file) { '--defaults-extra-file=/root/.my.cnf' } let(:parsed_databases) { ['information_schema', 'mydb', 'mysql', 'performance_schema', 'test'] } let(:provider) { resource.provider } let(:instance) { provider.class.instances.first } let(:resource) do Puppet::Type.type(:mysql_database).new( ensure: :present, charset: 'latin1', collate: 'latin1_swedish_ci', name: 'new_database', provider: described_class.name ) end let(:raw_databases) do <<-SQL_OUTPUT information_schema mydb mysql performance_schema test SQL_OUTPUT # rubocop:enable Layout/IndentHeredoc end before :each do - Facter.stubs(:value).with(:root_home).returns('/root') - Puppet::Util.stubs(:which).with('mysql').returns('/usr/bin/mysql') - File.stubs(:file?).with('/root/.my.cnf').returns(true) - provider.class.stubs(:mysql_caller).with('show databases', 'regular').returns('new_database') - provider.class.stubs(:mysql_caller).with(["show variables like '%_database'", 'new_database'], 'regular').returns("character_set_database latin1\ncollation_database latin1_swedish_ci\nskip_show_database OFF") # rubocop:disable Metrics/LineLength + allow(Facter.fact(:value)).to receive(:root_home).and_return('/root') + allow(Puppet::Util).to receive(:which).with('mysql').and_return('/usr/bin/mysql') + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(true) + allow(provider.class).to receive(:mysql_caller).with('show databases', 'regular').and_return('new_database') + allow(provider.class).to receive(:mysql_caller).with(["show variables like '%_database'", 'new_database'], 'regular').and_return("character_set_database latin1\ncollation_database latin1_swedish_ci\nskip_show_database OFF") # rubocop:disable Layout/LineLength end describe 'self.instances' do it 'returns an array of databases' do - provider.class.stubs(:mysql_caller).with('show databases', 'regular').returns(raw_databases) + allow(provider.class).to receive(:mysql_caller).with('show databases', 'regular').and_return(raw_databases) raw_databases.each_line do |db| - provider.class.stubs(:mysql_caller).with(["show variables like '%_database'", db.chomp], 'regular').returns("character_set_database latin1\ncollation_database latin1_swedish_ci\nskip_show_database OFF") # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with(["show variables like '%_database'", db.chomp], 'regular').and_return("character_set_database latin1\ncollation_database latin1_swedish_ci\nskip_show_database OFF") # rubocop:disable Layout/LineLength end databases = provider.class.instances.map { |x| x.name } expect(parsed_databases).to match_array(databases) end end describe 'self.prefetch' do it 'exists' do provider.class.instances provider.class.prefetch({}) end end describe 'create' do it 'makes a database' do - provider.class.expects(:mysql_caller).with("create database if not exists `#{resource[:name]}` character set `#{resource[:charset]}` collate `#{resource[:collate]}`", 'regular') - provider.expects(:exists?).returns(true) + expect(provider.class).to receive(:mysql_caller).with("create database if not exists `#{resource[:name]}` character set `#{resource[:charset]}` collate `#{resource[:collate]}`", 'regular') + expect(provider).to receive(:exists?).and_return(true) expect(provider.create).to be_truthy end end describe 'destroy' do it 'removes a database if present' do - provider.class.expects(:mysql_caller).with("drop database if exists `#{resource[:name]}`", 'regular') - provider.expects(:exists?).returns(false) + expect(provider.class).to receive(:mysql_caller).with("drop database if exists `#{resource[:name]}`", 'regular') + expect(provider).to receive(:exists?).and_return(false) expect(provider.destroy).to be_truthy end end describe 'exists?' do it 'checks if database exists' do expect(instance).to be_exists end end describe 'self.defaults_file' do + before :each do + allow(Facter).to receive(:value).with(:root_home).and_return('/root') + end it 'sets --defaults-extra-file' do - File.stubs(:file?).with('/root/.my.cnf').returns(true) + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(true) expect(provider.defaults_file).to eq '--defaults-extra-file=/root/.my.cnf' end it 'fails if file missing' do - File.stubs(:file?).with('/root/.my.cnf').returns(false) + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(false) expect(provider.defaults_file).to be_nil end end describe 'charset' do it 'returns a charset' do expect(instance.charset).to eq('latin1') end end describe 'charset=' do it 'changes the charset' do - provider.class.expects(:mysql_caller).with("alter database `#{resource[:name]}` CHARACTER SET blah", 'regular').returns('0') - + expect(provider.class).to receive(:mysql_caller).with("alter database `#{resource[:name]}` CHARACTER SET blah", 'regular').and_return('0') provider.charset = 'blah' end end describe 'collate' do it 'returns a collate' do expect(instance.collate).to eq('latin1_swedish_ci') end end describe 'collate=' do it 'changes the collate' do - provider.class.expects(:mysql_caller).with("alter database `#{resource[:name]}` COLLATE blah", 'regular').returns('0') - + expect(provider.class).to receive(:mysql_caller).with("alter database `#{resource[:name]}` COLLATE blah", 'regular').and_return('0') provider.collate = 'blah' end end end diff --git a/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb b/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb index 5000c8f..97927d3 100644 --- a/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb +++ b/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb @@ -1,92 +1,90 @@ # frozen_string_literal: true require 'spec_helper' ensure_module_defined('Puppet::Provider::MysqlLoginPath') require 'puppet/provider/mysql_login_path/mysql_login_path' RSpec.describe Puppet::Provider::MysqlLoginPath::MysqlLoginPath do subject(:provider) { described_class.new } - let(:context) { mock('Puppet::ResourceApi::BaseContext') } - let(:wait_thr) { mock('wait_thr') } - let(:wait_thr_value) { mock('wait_thr_value') } + let(:context) { instance_double('Puppet::ResourceApi::BaseContext') } + let(:wait_thr) { instance_double('wait_thr') } + let(:wait_thr_value) { instance_double('wait_thr_value') } let(:sensitive_secure) { Puppet::Provider::MysqlLoginPath::Sensitive.new('secure') } let(:sensitive_more_secure) { Puppet::Provider::MysqlLoginPath::Sensitive.new('more_secure') } before :each do - Puppet::Util::Execution.stubs(:execute).with(['/usr/bin/getent', 'passwd', 'root'], failonfail: true).returns('root:x:0:0:root:/root:/bin/bash') + # Puppet::Util::Execution.stubs(:execute).with(['/usr/bin/getent', 'passwd', 'root'], failonfail: true).returns('root:x:0:0:root:/root:/bin/bash') + allow(Puppet::Util::Execution).to receive(:execute).with(['/usr/bin/getent', 'passwd', 'root'], failonfail: true).and_return('root:x:0:0:root:/root:/bin/bash') + allow(Puppet::Util::Execution).to receive(:execute).with(['/usr/bin/mysql_config_editor', 'print', '--all'], failonfail: true, uid: 'root', + custom_environment: { 'HOME' => '/root' }).and_return("[local_tcp]\nuser = root\npassword = *****\nhost = 127.0.0.1\nport = 3306") + allow(Puppet::Util::Execution).to receive(:execute).with(['/usr/bin/mysql_config_editor', 'remove', '-G', 'local_socket'], failonfail: true, uid: 'root', custom_environment: { 'HOME' => '/root' }) + allow(Puppet::Util::Execution).to receive(:execute).with(['/usr/bin/my_print_defaults', '-s', 'local_tcp'], failonfail: true, uid: 'root', + custom_environment: { 'HOME' => '/root' }).and_return("--user=root\n--password=secure\n--host=127.0.0.1\n--port=3306") + allow(Puppet::Util::Execution).to receive(:execute).with(['/usr/bin/my_print_defaults', '-s', 'local_socket'], failonfail: true, uid: 'root', custom_environment: { 'HOME' => '/root' }) + .and_return("--user=root\n--password=more_secure\n--host=localhost\n--socket=/var/run/mysql.sock") - Puppet::Util::Execution.stubs(:execute).with(['/usr/bin/mysql_config_editor', 'print', '--all'], failonfail: true, uid: 'root', custom_environment: { 'HOME' => '/root' }) - .returns("[local_tcp]\nuser = root\npassword = *****\nhost = 127.0.0.1\nport = 3306") - Puppet::Util::Execution.stubs(:execute).with(['/usr/bin/mysql_config_editor', 'remove', '-G', 'local_socket'], failonfail: true, uid: 'root', custom_environment: { 'HOME' => '/root' }) + allow(Puppet::Util::SUIDManager).to receive(:asuser).with('root').and_return(`(exit 0)`) + allow(PTY).to receive(:spawn) + .with({ 'HOME' => '/root' }, + '/usr/bin/mysql_config_editor set --skip-warn -G local_socket -h localhost -u root ' \ + '-S /var/run/mysql/mysql.sock -p') + .and_return(`(exit 0)`) - Puppet::Util::Execution.stubs(:execute).with(['/usr/bin/my_print_defaults', '-s', 'local_tcp'], failonfail: true, uid: 'root', custom_environment: { 'HOME' => '/root' }) - .returns("--user=root\n--password=secure\n--host=127.0.0.1\n--port=3306") - Puppet::Util::Execution.stubs(:execute).with(['/usr/bin/my_print_defaults', '-s', 'local_socket'], failonfail: true, uid: 'root', custom_environment: { 'HOME' => '/root' }) - .returns("--user=root\n--password=more_secure\n--host=localhost\n--socket=/var/run/mysql.sock") - - wait_thr_value.stubs(:success?).returns(true) - wait_thr.stubs(:value).returns(wait_thr_value) - Open3.stubs(:popen3) - .with({ 'HOME' => '/root' }, - '/usr/bin/mysql_config_editor set --skip-warn -G local_socket -h localhost -u root ' \ - '-S /var/run/mysql/mysql.sock -p') - .returns(wait_thr_value) - - Open3.stubs(:popen3) - .with({ 'HOME' => '/root' }, - '/usr/bin/mysql_config_editor set --skip-warn -G local_socket -h 127.0.0.1 -u root -P 3306 -p') - .returns(wait_thr_value) + allow(PTY).to receive(:spawn) + .with({ 'HOME' => '/root' }, + '/usr/bin/mysql_config_editor set --skip-warn -G local_socket -h 127.0.0.1 -u root -P 3306 -p') + .and_return(`(exit 0)`) end describe '#get' do it 'processes resources' do expect(provider.get(context, [{ owner: 'root' }])).to eq [ { ensure: 'present', host: '127.0.0.1', name: 'local_tcp', owner: 'root', password: sensitive_secure, port: 3306, socket: nil, title: 'local_tcp-root', user: 'root', }, ] end end describe 'create(context, name, should)' do it 'creates the resource' do provider.create(context, { name: 'local_socket', owner: 'root' }, name: 'local_socket', owner: 'root', host: 'localhost', user: 'root', password: sensitive_more_secure, socket: '/var/run/mysql/mysql.sock', ensure: 'present') end end describe 'update(context, name, should)' do it 'updates the resource' do provider.update(context, { name: 'local_socket', owner: 'root' }, name: 'local_socket', owner: 'root', host: '127.0.0.1', user: 'root', password: sensitive_more_secure, port: 3306, ensure: 'present') end end describe 'delete(context, name)' do it 'deletes the resource' do provider.delete(context, name: 'local_socket', owner: 'root') end end end diff --git a/spec/unit/puppet/provider/mysql_plugin/mysql_spec.rb b/spec/unit/puppet/provider/mysql_plugin/mysql_spec.rb index 5dea0f7..a7ad0eb 100644 --- a/spec/unit/puppet/provider/mysql_plugin/mysql_spec.rb +++ b/spec/unit/puppet/provider/mysql_plugin/mysql_spec.rb @@ -1,68 +1,70 @@ +# frozen_string_literal: true + require 'spec_helper' describe Puppet::Type.type(:mysql_plugin).provider(:mysql) do let(:defaults_file) { '--defaults-extra-file=/root/.my.cnf' } let(:provider) { resource.provider } let(:instance) { provider.class.instances.first } let(:resource) do Puppet::Type.type(:mysql_plugin).new( ensure: :present, soname: 'auth_socket.so', name: 'auth_socket', provider: described_class.name, ) end before :each do - Facter.stubs(:value).with(:root_home).returns('/root') - Puppet::Util.stubs(:which).with('mysql').returns('/usr/bin/mysql') - File.stubs(:file?).with('/root/.my.cnf').returns(true) - provider.class.stubs(:mysql_caller).with('show plugins', 'regular').returns('auth_socket ACTIVE AUTHENTICATION auth_socket.so GPL') + allow(Facter).to receive(:value).with(:root_home).and_return('/root') + allow(Puppet::Util).to receive(:which).with('mysql').and_return('/usr/bin/mysql') + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(true) + allow(provider.class).to receive(:mysql_caller).with('show plugins', 'regular').and_return('auth_socket ACTIVE AUTHENTICATION auth_socket.so GPL') end describe 'self.prefetch' do it 'exists' do provider.class.instances provider.class.prefetch({}) end end describe 'create' do it 'loads a plugin' do - provider.class.expects(:mysql_caller).with("install plugin #{resource[:name]} soname '#{resource[:soname]}'", 'regular') - provider.expects(:exists?).returns(true) + expect(provider.class).to receive(:mysql_caller).with("install plugin #{resource[:name]} soname '#{resource[:soname]}'", 'regular') + expect(provider).to receive(:exists?).and_return(true) expect(provider.create).to be_truthy end end describe 'destroy' do it 'unloads a plugin if present' do - provider.class.expects(:mysql_caller).with("uninstall plugin #{resource[:name]}", 'regular') - provider.expects(:exists?).returns(false) + expect(provider.class).to receive(:mysql_caller).with("uninstall plugin #{resource[:name]}", 'regular') + expect(provider).to receive(:exists?).and_return(false) expect(provider.destroy).to be_truthy end end describe 'exists?' do it 'checks if plugin exists' do expect(instance).to be_exists end end describe 'self.defaults_file' do it 'sets --defaults-extra-file' do - File.stubs(:file?).with('/root/.my.cnf').returns(true) + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(true) expect(provider.defaults_file).to eq '--defaults-extra-file=/root/.my.cnf' end it 'fails if file missing' do - File.stubs(:file?).with('/root/.my.cnf').returns(false) + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(false) expect(provider.defaults_file).to be_nil end end describe 'soname' do it 'returns a soname' do expect(instance.soname).to eq('auth_socket.so') end end end diff --git a/spec/unit/puppet/provider/mysql_user/mysql_spec.rb b/spec/unit/puppet/provider/mysql_user/mysql_spec.rb index 5c8d1dc..36a5471 100644 --- a/spec/unit/puppet/provider/mysql_user/mysql_spec.rb +++ b/spec/unit/puppet/provider/mysql_user/mysql_spec.rb @@ -1,495 +1,505 @@ +# frozen_string_literal: true + require 'spec_helper' describe Puppet::Type.type(:mysql_user).provider(:mysql) do # Output of mysqld -V mysql_version_string_hash = { 'mysql-5.5' => { version: '5.5.46', string: '/usr/sbin/mysqld Ver 5.5.46-log for Linux on x86_64 (MySQL Community Server (GPL))', mysql_type: 'mysql', }, 'mysql-5.6' => { version: '5.6.27', string: '/usr/sbin/mysqld Ver 5.6.27 for Linux on x86_64 (MySQL Community Server (GPL))', mysql_type: 'mysql', }, 'mysql-5.7.1' => { version: '5.7.1', string: '/usr/sbin/mysqld Ver 5.7.1 for Linux on x86_64 (MySQL Community Server (GPL))', mysql_type: 'mysql', }, 'mysql-5.7.6' => { version: '5.7.8', string: '/usr/sbin/mysqld Ver 5.7.8-rc for Linux on x86_64 (MySQL Community Server (GPL))', mysql_type: 'mysql', }, 'mariadb-10.0' => { version: '10.0.21', string: '/usr/sbin/mysqld Ver 10.0.21-MariaDB for Linux on x86_64 (MariaDB Server)', mysql_type: 'mariadb', }, 'mariadb-10.0-deb8' => { version: '10.0.23', string: '/usr/sbin/mysqld (mysqld 10.0.23-MariaDB-0+deb8u1)', mysql_type: 'mariadb', }, 'mariadb-10.1.44' => { version: '10.1.44', string: '/usr/sbin/mysqld (mysqld 10.1.44-MariaDB-1~bionic)', mysql_type: 'mariadb', }, 'mariadb-10.3.22' => { version: '10.3.22', string: '/usr/sbin/mysqld (mysqld 10.3.22-MariaDB-0+deb10u1)', mysql_type: 'mariadb', }, 'percona-5.5' => { version: '5.5.39', string: 'mysqld Ver 5.5.39-36.0-55 for Linux on x86_64 (Percona XtraDB Cluster (GPL), Release rel36.0, Revision 824, WSREP version 25.11, wsrep_25.11.r4023)', mysql_type: 'percona', }, } let(:defaults_file) { '--defaults-extra-file=/root/.my.cnf' } let(:system_database) { '--database=mysql' } let(:newhash) { '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5' } let(:raw_users) do <<-SQL_OUTPUT root@127.0.0.1 root@::1 @localhost debian-sys-maint@localhost root@localhost usvn_user@localhost @vagrant-ubuntu-raring-64 SQL_OUTPUT # rubocop:enable Layout/IndentHeredoc end let(:parsed_users) { ['root@127.0.0.1', 'root@::1', '@localhost', 'debian-sys-maint@localhost', 'root@localhost', 'usvn_user@localhost', '@vagrant-ubuntu-raring-64'] } let(:provider) { resource.provider } let(:instance) { provider.class.instances.first } let(:resource) do Puppet::Type.type(:mysql_user).new( ensure: :present, password_hash: '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4', name: 'joe@localhost', max_user_connections: '10', max_connections_per_hour: '10', max_queries_per_hour: '10', max_updates_per_hour: '10', provider: described_class.name, ) end before :each do # Set up the stubs for an instances call. - Facter.stubs(:value).with(:root_home).returns('/root') - Facter.stubs(:value).with(:mysql_version).returns('5.6.24') + allow(Facter).to receive(:value).with(:root_home).and_return('/root') + allow(Facter).to receive(:value).with(:mysql_version).and_return('5.6.24') provider.class.instance_variable_set(:@mysqld_version_string, '5.6.24') - Puppet::Util.stubs(:which).with('mysql').returns('/usr/bin/mysql') - Puppet::Util.stubs(:which).with('mysqld').returns('/usr/sbin/mysqld') - File.stubs(:file?).with('/root/.my.cnf').returns(true) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns('joe@localhost') - provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = 'joe@localhost'", 'regular').returns('10 10 10 10 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4') # rubocop:disable Metrics/LineLength + allow(Puppet::Util).to receive(:which).with('mysql').and_return('/usr/bin/mysql') + allow(Puppet::Util).to receive(:which).with('mysqld').and_return('/usr/sbin/mysqld') + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(true) + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return('joe@localhost') + allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = 'joe@localhost'", 'regular').and_return('10 10 10 10 *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4') # rubocop:disable Layout/LineLength end describe 'self.instances' do it 'returns an array of users MySQL 5.5' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.5'][:string]) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns(raw_users) - parsed_users.each { |user| provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').returns('10 10 10 10 ') } # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return(raw_users) + parsed_users.each { |user| allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').and_return('10 10 10 10 ') } # rubocop:disable Layout/LineLength usernames = provider.class.instances.map { |x| x.name } expect(parsed_users).to match_array(usernames) end it 'returns an array of users MySQL 5.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.6'][:string]) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns(raw_users) - parsed_users.each { |user| provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').returns('10 10 10 10 ') } # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return(raw_users) + parsed_users.each { |user| allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').and_return('10 10 10 10 ') } # rubocop:disable Layout/LineLength usernames = provider.class.instances.map { |x| x.name } expect(parsed_users).to match_array(usernames) end it 'returns an array of users MySQL >= 5.7.0 < 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.1'][:string]) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns(raw_users) - parsed_users.each { |user| provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').returns('10 10 10 10 ') } # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return(raw_users) + parsed_users.each { |user| allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').and_return('10 10 10 10 ') } # rubocop:disable Layout/LineLength usernames = provider.class.instances.map { |x| x.name } expect(parsed_users).to match_array(usernames) end it 'returns an array of users MySQL >= 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.6'][:string]) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns(raw_users) - parsed_users.each { |user| provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').returns('10 10 10 10 ') } # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return(raw_users) + parsed_users.each { |user| allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').and_return('10 10 10 10 ') } # rubocop:disable Layout/LineLength usernames = provider.class.instances.map { |x| x.name } expect(parsed_users).to match_array(usernames) end it 'returns an array of users mariadb 10.0' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.0'][:string]) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns(raw_users) - parsed_users.each { |user| provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').returns('10 10 10 10 ') } # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return(raw_users) + parsed_users.each { |user| allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').and_return('10 10 10 10 ') } # rubocop:disable Layout/LineLength usernames = provider.class.instances.map { |x| x.name } expect(parsed_users).to match_array(usernames) end it 'returns an array of users mariadb >= 10.1.21' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.1.44'][:string]) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns(raw_users) - parsed_users.each { |user| provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD, PLUGIN, AUTHENTICATION_STRING FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').returns('10 10 10 10 ') } # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return(raw_users) + parsed_users.each { |user| allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD, PLUGIN, AUTHENTICATION_STRING FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').and_return('10 10 10 10 ') } # rubocop:disable Layout/LineLength usernames = provider.class.instances.map { |x| x.name } expect(parsed_users).to match_array(usernames) end it 'returns an array of users percona 5.5' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['percona-5.5'][:string]) - provider.class.stubs(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').returns(raw_users) - parsed_users.each { |user| provider.class.stubs(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').returns('10 10 10 10 ') } # rubocop:disable Metrics/LineLength + allow(provider.class).to receive(:mysql_caller).with("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').and_return(raw_users) + parsed_users.each { |user| allow(provider.class).to receive(:mysql_caller).with("SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{user}'", 'regular').and_return('10 10 10 10 ') } # rubocop:disable Layout/LineLength usernames = provider.class.instances.map { |x| x.name } expect(parsed_users).to match_array(usernames) end end describe 'mysql version and type detection' do mysql_version_string_hash.each do |_name, line| version = line[:version] string = line[:string] mysql_type = line[:mysql_type] it "detects version '#{version}'" do provider.class.instance_variable_set(:@mysqld_version_string, string) expect(provider.mysqld_version).to eq(version) end it "detects type '#{mysql_type}'" do provider.class.instance_variable_set(:@mysqld_version_string, string) expect(provider.mysqld_type).to eq(mysql_type) end end end describe 'self.prefetch' do it 'exists' do provider.class.instances provider.class.prefetch({}) end end describe 'create' do it 'makes a user' do - provider.class.expects(:mysql_caller).with("CREATE USER 'joe'@'localhost' IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'", 'system') - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' WITH MAX_USER_CONNECTIONS 10 MAX_CONNECTIONS_PER_HOUR 10 MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 10", 'system') # rubocop:disable Metrics/LineLength - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system') - provider.expects(:exists?).returns(true) + expect(provider.class).to receive(:mysql_caller).with("CREATE USER 'joe'@'localhost' IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'", 'system') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' WITH MAX_USER_CONNECTIONS 10 MAX_CONNECTIONS_PER_HOUR 10 MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 10", 'system') # rubocop:disable Layout/LineLength + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system') + expect(provider).to receive(:exists?).and_return(true) expect(provider.create).to be_truthy end it 'creates a user using IF NOT EXISTS' do provider.class.instance_variable_set(:@mysqld_version_string, '5.7.6') - provider.class.expects(:mysql_caller).with("CREATE USER IF NOT EXISTS 'joe'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'", 'system') # rubocop:disable Metrics/LineLength - provider.class.expects(:mysql_caller).with("ALTER USER IF EXISTS 'joe'@'localhost' WITH MAX_USER_CONNECTIONS 10 MAX_CONNECTIONS_PER_HOUR 10 MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 10", 'system') # rubocop:disable Metrics/LineLength - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' REQUIRE NONE", 'system') - provider.expects(:exists?).returns(true) + expect(provider.class).to receive(:mysql_caller).with("CREATE USER IF NOT EXISTS 'joe'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'", +'system') + expect(provider.class).to receive(:mysql_caller).with("ALTER USER IF EXISTS 'joe'@'localhost' WITH MAX_USER_CONNECTIONS 10 MAX_CONNECTIONS_PER_HOUR 10 MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 10", 'system') # rubocop:disable Layout/LineLength + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' REQUIRE NONE", 'system') + expect(provider).to receive(:exists?).and_return(true) expect(provider.create).to be_truthy end end describe 'destroy' do it 'removes a user if present' do - provider.class.expects(:mysql_caller).with("DROP USER 'joe'@'localhost'", 'system') - provider.expects(:exists?).returns(false) + expect(provider.class).to receive(:mysql_caller).with("DROP USER 'joe'@'localhost'", 'system') + expect(provider).to receive(:exists?).and_return(false) expect(provider.destroy).to be_truthy end it 'removes a user using IF EXISTS' do provider.class.instance_variable_set(:@mysqld_version_string, '5.7.1') - provider.class.expects(:mysql_caller).with("DROP USER IF EXISTS 'joe'@'localhost'", 'system') + expect(provider.class).to receive(:mysql_caller).with("DROP USER IF EXISTS 'joe'@'localhost'", 'system') expect(provider.destroy).to be_truthy end end describe 'exists?' do it 'checks if user exists' do expect(instance).to be_exists end end describe 'self.mysqld_version' do it 'uses the mysqld_version fact if unset' do provider.class.instance_variable_set(:@mysqld_version_string, nil) - Facter.stubs(:value).with(:mysqld_version).returns('5.6.24') + allow(Facter).to receive(:value).with(:mysqld_version).and_return('5.6.24') expect(provider.mysqld_version).to eq '5.6.24' end it 'returns 5.7.6 for "mysqld Ver 5.7.6 for Linux on x86_64 (MySQL Community Server (GPL))"' do provider.class.instance_variable_set(:@mysqld_version_string, 'mysqld Ver 5.7.6 for Linux on x86_64 (MySQL Community Server (GPL))') expect(provider.mysqld_version).to eq '5.7.6' end it 'returns 5.7.6 for "mysqld Ver 5.7.6-rc for Linux on x86_64 (MySQL Community Server (GPL))"' do provider.class.instance_variable_set(:@mysqld_version_string, 'mysqld Ver 5.7.6-rc for Linux on x86_64 (MySQL Community Server (GPL))') expect(provider.mysqld_version).to eq '5.7.6' end it 'detects >= 5.7.6 for 5.7.7-log' do provider.class.instance_variable_set(:@mysqld_version_string, 'mysqld Ver 5.7.7-log for Linux on x86_64 (MySQL Community Server (GPL))') expect(Puppet::Util::Package.versioncmp(provider.mysqld_version, '5.7.6')).to be >= 0 end it 'detects < 5.7.6 for 5.7.5-log' do provider.class.instance_variable_set(:@mysqld_version_string, 'mysqld Ver 5.7.5-log for Linux on x86_64 (MySQL Community Server (GPL))') expect(Puppet::Util::Package.versioncmp(provider.mysqld_version, '5.7.6')).to be < 0 end end describe 'self.defaults_file' do it 'sets --defaults-extra-file' do - File.stubs(:file?).with('/root/.my.cnf').returns(true) + allow(File).to receive(:file?).with('/root/.my.cnf').and_return(true) expect(provider.defaults_file).to eq '--defaults-extra-file=/root/.my.cnf' end it 'fails if file missing' do - File.expects(:file?).with('/root/.my.cnf').returns(false) + expect(File).to receive(:file?).with('/root/.my.cnf').and_return(false) expect(provider.defaults_file).to be_nil end end describe 'password_hash' do it 'returns a hash' do expect(instance.password_hash).to eq('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4') end end describe 'password_hash=' do it 'changes the hash mysql 5.5' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.5'][:string]) - provider.class.expects(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').and_return('0') - provider.expects(:password_hash).returns('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') + expect(provider).to receive(:password_hash).and_return('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') provider.password_hash = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5' end it 'changes the hash mysql 5.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.6'][:string]) - provider.class.expects(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').and_return('0') - provider.expects(:password_hash).returns('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') + expect(provider).to receive(:password_hash).and_return('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') provider.password_hash = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5' end it 'changes the hash mysql < 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.1'][:string]) - provider.class.expects(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').and_return('0') - provider.expects(:password_hash).returns('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') + expect(provider).to receive(:password_hash).and_return('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') provider.password_hash = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5' end it 'changes the hash MySQL >= 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.6'][:string]) - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH mysql_native_password AS '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').returns('0') # rubocop:disable Metrics/LineLength + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH mysql_native_password AS '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", +'system').and_return('0') - provider.expects(:password_hash).returns('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') + expect(provider).to receive(:password_hash).and_return('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') provider.password_hash = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5' end it 'changes the hash mariadb-10.0' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.0'][:string]) - provider.class.expects(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').and_return('0') - provider.expects(:password_hash).returns('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') + expect(provider).to receive(:password_hash).and_return('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') provider.password_hash = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5' end it 'changes the hash to an ed25519 hash mariadb >= 10.1.21 and < 10.2.0' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.1.44'][:string]) - resource.stubs(:value).with(:plugin).returns('ed25519') - provider.class.expects(:mysql_caller).with("UPDATE mysql.user SET password = '', plugin = 'ed25519', authentication_string = 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU' where CONCAT(user, '@', host) = 'joe@localhost'; FLUSH PRIVILEGES", 'system').returns('0') # rubocop:disable Metrics/LineLength - provider.expects(:password_hash).returns('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') + allow(resource).to receive(:value).with(:plugin).and_return('ed25519') + expect(provider.class).to receive(:mysql_caller).with("UPDATE mysql.user SET password = '', plugin = 'ed25519', authentication_string = 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU' where CONCAT(user, '@', host) = 'joe@localhost'; FLUSH PRIVILEGES", 'system').and_return('0') # rubocop:disable Layout/LineLength + expect(provider).to receive(:password_hash).and_return('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') provider.password_hash = 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU' end it 'changes the hash to an ed25519 hash mariadb >= 10.2.0' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.3.22'][:string]) - resource.stubs(:value).with(:plugin).returns('ed25519') - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH ed25519 AS 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU'", 'system').returns('0') # rubocop:disable Metrics/LineLength - provider.expects(:password_hash).returns('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') + allow(resource).to receive(:value).with(:plugin).and_return('ed25519') + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH ed25519 AS 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU'", 'system').and_return('0') + expect(provider).to receive(:password_hash).and_return('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') provider.password_hash = 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU' end it 'changes the hash to an invalid ed25519 hash mariadb >= 10.1.21' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.1.44'][:string]) - resource.stubs(:value).with(:plugin).returns('ed25519') + allow(resource).to receive(:value).with(:plugin).and_return('ed25519') expect { provider.password_hash = 'invalid' }.to raise_error(ArgumentError, 'ed25519 hash should be 43 bytes long.') end it 'changes the hash percona-5.5' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['percona-5.5'][:string]) - provider.class.expects(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("SET PASSWORD FOR 'joe'@'localhost' = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5'", 'system').and_return('0') - provider.expects(:password_hash).returns('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') + expect(provider).to receive(:password_hash).and_return('*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5') provider.password_hash = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF5' end end describe 'plugin=' do context 'auth_socket' do context 'MySQL < 5.7.6' do it 'changes the authentication plugin' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.1'][:string]) - provider.class.expects(:mysql_caller).with("UPDATE mysql.user SET plugin = 'auth_socket', password = '' WHERE CONCAT(user, '@', host) = 'joe@localhost'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("UPDATE mysql.user SET plugin = 'auth_socket', password = '' WHERE CONCAT(user, '@', host) = 'joe@localhost'", 'system').and_return('0') - provider.expects(:plugin).returns('auth_socket') + expect(provider).to receive(:plugin).and_return('auth_socket') provider.plugin = 'auth_socket' end end context 'MySQL >= 5.7.6' do it 'changes the authentication plugin' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.6'][:string]) - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH 'auth_socket'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH 'auth_socket'", 'system').and_return('0') - provider.expects(:plugin).returns('auth_socket') + expect(provider).to receive(:plugin).and_return('auth_socket') provider.plugin = 'auth_socket' end end end context 'mysql_native_password' do context 'MySQL < 5.7.6' do it 'changes the authentication plugin' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.1'][:string]) - provider.class.expects(:mysql_caller).with("UPDATE mysql.user SET plugin = 'mysql_native_password', password = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' WHERE CONCAT(user, '@', host) = 'joe@localhost'", 'system').returns('0') # rubocop:disable Metrics/LineLength + expect(provider.class).to receive(:mysql_caller).with("UPDATE mysql.user SET plugin = 'mysql_native_password', password = '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' WHERE CONCAT(user, '@', host) = 'joe@localhost'", 'system').and_return('0') # rubocop:disable Layout/LineLength - provider.expects(:plugin).returns('mysql_native_password') + expect(provider).to receive(:plugin).and_return('mysql_native_password') provider.plugin = 'mysql_native_password' end end context 'MySQL >= 5.7.6' do it 'changes the authentication plugin' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.6'][:string]) - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'", 'system').returns('0') # rubocop:disable Metrics/LineLength + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'", +'system').and_return('0') - provider.expects(:plugin).returns('mysql_native_password') + expect(provider).to receive(:plugin).and_return('mysql_native_password') provider.plugin = 'mysql_native_password' end end end context 'ed25519' do context 'mariadb >= 10.1.21 and < 10.2.0' do it 'changes the authentication plugin' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.1.44'][:string]) - resource.stubs('[]').with(:name).returns('joe@localhost') - resource.stubs('[]').with(:password_hash).returns('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') - provider.class.expects(:mysql_caller).with("UPDATE mysql.user SET password = '', plugin = 'ed25519', authentication_string = 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU' where CONCAT(user, '@', host) = 'joe@localhost'; FLUSH PRIVILEGES", 'system').returns('0') # rubocop:disable Metrics/LineLength - provider.expects(:plugin).returns('ed25519') + allow(resource).to receive('[]').with(:name).and_return('joe@localhost') + allow(resource).to receive('[]').with(:password_hash).and_return('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') + expect(provider.class).to receive(:mysql_caller).with("UPDATE mysql.user SET password = '', plugin = 'ed25519', authentication_string = 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU' where CONCAT(user, '@', host) = 'joe@localhost'; FLUSH PRIVILEGES", 'system').and_return('0') # rubocop:disable Layout/LineLength + expect(provider).to receive(:plugin).and_return('ed25519') provider.plugin = 'ed25519' end end context 'mariadb >= 10.2.0' do it 'changes the authentication plugin' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.3.22'][:string]) - resource.stubs('[]').with(:name).returns('joe@localhost') - resource.stubs('[]').with(:password_hash).returns('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH 'ed25519' AS 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU'", 'system').returns('0') # rubocop:disable Metrics/LineLength - provider.expects(:plugin).returns('ed25519') + allow(resource).to receive('[]').with(:name).and_return('joe@localhost') + expect(resource).to receive('[]').with(:password_hash).and_return('z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU') + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' IDENTIFIED WITH 'ed25519' AS 'z0pjExBYbzbupUByZRrQvC6kRCcE8n/tC7kUdUD11fU'", 'system').and_return('0') + expect(provider).to receive(:plugin).and_return('ed25519') provider.plugin = 'ed25519' end end end # rubocop:enable RSpec/NestedGroups end describe 'tls_options=' do it 'adds SSL option grant in mysql 5.5' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.5'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').and_return('0') - provider.expects(:tls_options).returns(['NONE']) + expect(provider).to receive(:tls_options).and_return(['NONE']) provider.tls_options = ['NONE'] end it 'adds SSL option grant in mysql 5.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.6'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').and_return('0') - provider.expects(:tls_options).returns(['NONE']) + expect(provider).to receive(:tls_options).and_return(['NONE']) provider.tls_options = ['NONE'] end it 'adds SSL option grant in mysql < 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.1'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').and_return('0') - provider.expects(:tls_options).returns(['NONE']) + expect(provider).to receive(:tls_options).and_return(['NONE']) provider.tls_options = ['NONE'] end it 'adds SSL option grant in mysql >= 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.6'][:string]) - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' REQUIRE NONE", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' REQUIRE NONE", 'system').and_return('0') - provider.expects(:tls_options).returns(['NONE']) + expect(provider).to receive(:tls_options).and_return(['NONE']) provider.tls_options = ['NONE'] end it 'adds SSL option grant in mariadb-10.0' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.0'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE NONE", 'system').and_return('0') - provider.expects(:tls_options).returns(['NONE']) + expect(provider).to receive(:tls_options).and_return(['NONE']) provider.tls_options = ['NONE'] end end describe 'tls_options=required' do it 'adds mTLS option grant in mysql 5.5' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.5'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", +'system').and_return('0') - provider.expects(:tls_options).returns(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) + expect(provider).to receive(:tls_options).and_return(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) provider.tls_options = ['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\''] end it 'adds mTLS option grant in mysql 5.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.6'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", +'system').and_return('0') - provider.expects(:tls_options).returns(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) + expect(provider).to receive(:tls_options).and_return(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) provider.tls_options = ['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\''] end it 'adds mTLS option grant in mysql < 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.1'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", +'system').and_return('0') - provider.expects(:tls_options).returns(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) + expect(provider).to receive(:tls_options).and_return(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) provider.tls_options = ['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\''] end it 'adds mTLS option grant in mysql >= 5.7.6' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mysql-5.7.6'][:string]) - provider.class.expects(:mysql_caller).with("ALTER USER 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("ALTER USER 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", +'system').and_return('0') - provider.expects(:tls_options).returns(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) + expect(provider).to receive(:tls_options).and_return(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) provider.tls_options = ['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\''] end it 'adds mTLS option grant in mariadb-10.0' do provider.class.instance_variable_set(:@mysqld_version_string, mysql_version_string_hash['mariadb-10.0'][:string]) - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", 'system').returns('0') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' REQUIRE ISSUER '/CN=Certificate Authority' AND SUBJECT '/OU=MySQL Users/CN=Username'", +'system').and_return('0') - provider.expects(:tls_options).returns(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) + expect(provider).to receive(:tls_options).and_return(['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\'']) provider.tls_options = ['ISSUER \'/CN=Certificate Authority\'', 'SUBJECT \'/OU=MySQL Users/CN=Username\''] end end ['max_user_connections', 'max_connections_per_hour', 'max_queries_per_hour', 'max_updates_per_hour'].each do |property| describe property do it "returns #{property}" do expect(instance.send(property.to_s.to_sym)).to eq('10') end end describe "#{property}=" do it "changes #{property}" do - provider.class.expects(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' WITH #{property.upcase} 42", 'system').returns('0') - provider.expects(property.to_sym).returns('42') + expect(provider.class).to receive(:mysql_caller).with("GRANT USAGE ON *.* TO 'joe'@'localhost' WITH #{property.upcase} 42", 'system').and_return('0') + expect(provider).to receive(property.to_sym).and_return('42') provider.send("#{property}=".to_sym, '42') end end end end diff --git a/spec/unit/puppet/type/mysql_database_spec.rb b/spec/unit/puppet/type/mysql_database_spec.rb index 9594d0b..b6a9d78 100644 --- a/spec/unit/puppet/type/mysql_database_spec.rb +++ b/spec/unit/puppet/type/mysql_database_spec.rb @@ -1,25 +1,27 @@ +# frozen_string_literal: true + require 'puppet' require 'puppet/type/mysql_database' describe Puppet::Type.type(:mysql_database) do let(:user) { Puppet::Type.type(:mysql_database).new(name: 'test', charset: 'utf8', collate: 'utf8_blah_ci') } it 'accepts a database name' do expect(user[:name]).to eq('test') end it 'accepts a charset' do user[:charset] = 'latin1' expect(user[:charset]).to eq('latin1') end it 'accepts a collate' do user[:collate] = 'latin1_swedish_ci' expect(user[:collate]).to eq('latin1_swedish_ci') end it 'requires a name' do expect { Puppet::Type.type(:mysql_database).new({}) }.to raise_error(Puppet::Error, 'Title or name must be provided') end end diff --git a/spec/unit/puppet/type/mysql_grant_spec.rb b/spec/unit/puppet/type/mysql_grant_spec.rb index 5af6383..c90d660 100644 --- a/spec/unit/puppet/type/mysql_grant_spec.rb +++ b/spec/unit/puppet/type/mysql_grant_spec.rb @@ -1,102 +1,104 @@ +# frozen_string_literal: true + require 'puppet' require 'puppet/type/mysql_grant' require 'spec_helper' describe Puppet::Type.type(:mysql_grant) do let(:user) { Puppet::Type.type(:mysql_grant).new(name: 'foo@localhost/*.*', privileges: ['ALL'], table: ['*.*'], user: 'foo@localhost') } it 'accepts a grant name' do expect(user[:name]).to eq('foo@localhost/*.*') end it 'accepts ALL privileges' do user[:privileges] = 'ALL' expect(user[:privileges]).to eq(['ALL']) end context 'PROXY privilege with mysql greater than or equal to 5.5.0' do before :each do - Facter.stubs(:value).with(:mysql_version).returns('5.5.0') + allow(Facter).to receive(:value).with(:mysql_version).and_return('5.5.0') end it 'does not raise error' do user[:privileges] = 'PROXY' user[:table] = 'proxy_user@proxy_host' expect(user[:privileges]).to eq(['PROXY']) end end context 'PROXY privilege with mysql greater than or equal to 5.4.0' do before :each do - Facter.stubs(:value).with(:mysql_version).returns('5.4.0') + allow(Facter).to receive(:value).with(:mysql_version).and_return('5.4.0') end it 'raises error' do expect { user[:privileges] = 'PROXY' }.to raise_error(Puppet::ResourceError, %r{PROXY user not supported on mysql versions < 5.5.0}) end end it 'accepts a table' do user[:table] = '*.*' expect(user[:table]).to eq('*.*') end it 'accepts @ for table' do user[:table] = '@' expect(user[:table]).to eq('@') end it 'accepts proxy user for table' do user[:table] = 'proxy_user@proxy_host' expect(user[:table]).to eq('proxy_user@proxy_host') end it 'accepts a user' do user[:user] = 'foo@localhost' expect(user[:user]).to eq('foo@localhost') end it 'requires a name' do expect { Puppet::Type.type(:mysql_grant).new({}) }.to raise_error(Puppet::Error, 'Title or name must be provided') end it 'requires the name to match the user and table #general' do expect { Puppet::Type.type(:mysql_grant).new(name: 'foo@localhost/*.*', privileges: ['ALL'], table: ['*.*'], user: 'foo@localhost') }.not_to raise_error end it 'requires the name to match the user and table #specific' do expect { Puppet::Type.type(:mysql_grant).new(name: 'foo', privileges: ['ALL'], table: ['*.*'], user: 'foo@localhost') }.to raise_error %r{mysql_grant: `name` `parameter` must match user@host\/table format} end describe 'it should munge privileges' do it 'to just ALL' do user = Puppet::Type.type(:mysql_grant).new( name: 'foo@localhost/*.*', table: ['*.*'], user: 'foo@localhost', privileges: ['ALL'] ) expect(user[:privileges]).to eq(['ALL']) end it 'to upcase and ordered' do user = Puppet::Type.type(:mysql_grant).new( name: 'foo@localhost/*.*', table: ['*.*'], user: 'foo@localhost', privileges: ['select', 'Insert'] ) expect(user[:privileges]).to eq(['INSERT', 'SELECT']) end it 'ordered including column privileges' do user = Puppet::Type.type(:mysql_grant).new( name: 'foo@localhost/*.*', table: ['*.*'], user: 'foo@localhost', privileges: ['SELECT(Host,Address)', 'Insert'] ) expect(user[:privileges]).to eq(['INSERT', 'SELECT (Address, Host)']) end end end diff --git a/spec/unit/puppet/type/mysql_plugin_spec.rb b/spec/unit/puppet/type/mysql_plugin_spec.rb index d89be25..ce23c98 100644 --- a/spec/unit/puppet/type/mysql_plugin_spec.rb +++ b/spec/unit/puppet/type/mysql_plugin_spec.rb @@ -1,20 +1,22 @@ +# frozen_string_literal: true + require 'puppet' require 'puppet/type/mysql_plugin' describe Puppet::Type.type(:mysql_plugin) do let(:plugin) { Puppet::Type.type(:mysql_plugin).new(name: 'test', soname: 'test.so') } it 'accepts a plugin name' do expect(plugin[:name]).to eq('test') end it 'accepts a library name' do plugin[:soname] = 'test.so' expect(plugin[:soname]).to eq('test.so') end it 'requires a name' do expect { Puppet::Type.type(:mysql_plugin).new({}) }.to raise_error(Puppet::Error, 'Title or name must be provided') end end diff --git a/spec/unit/puppet/type/mysql_user_spec.rb b/spec/unit/puppet/type/mysql_user_spec.rb index cdc66b8..a193596 100644 --- a/spec/unit/puppet/type/mysql_user_spec.rb +++ b/spec/unit/puppet/type/mysql_user_spec.rb @@ -1,136 +1,138 @@ +# frozen_string_literal: true + require 'puppet' require 'puppet/type/mysql_user' require 'spec_helper' describe Puppet::Type.type(:mysql_user) do context 'On MySQL 5.x' do before :each do - Facter.stubs(:value).with(:mysql_version).returns('5.6.24') + allow(Facter).to receive(:value).with(:mysql_version).and_return('5.6.24') end it 'fails with a long user name' do expect { Puppet::Type.type(:mysql_user).new(name: '12345678901234567@localhost', password_hash: 'pass') }.to raise_error %r{MySQL usernames are limited to a maximum of 16 characters} end end context 'On MariaDB 10.0.0+' do let(:user) { Puppet::Type.type(:mysql_user).new(name: '12345678901234567@localhost', password_hash: 'pass') } before :each do - Facter.stubs(:value).with(:mysql_version).returns('10.0.19') + allow(Facter).to receive(:value).with(:mysql_version).and_return('10.0.19') end it 'succeeds with a long user name on MariaDB' do expect(user[:name]).to eq('12345678901234567@localhost') end end it 'requires a name' do expect { Puppet::Type.type(:mysql_user).new({}) }.to raise_error(Puppet::Error, 'Title or name must be provided') end context 'using foo@localhost' do let(:user) { Puppet::Type.type(:mysql_user).new(name: 'foo@localhost', password_hash: 'pass') } it 'accepts a user name' do expect(user[:name]).to eq('foo@localhost') end it 'accepts a password' do user[:password_hash] = 'foo' expect(user[:password_hash]).to eq('foo') end it 'accepts an empty password' do user[:password_hash] = '' expect(user[:password_hash]).to eq('') end end context 'using foo@LocalHost' do let(:user) { Puppet::Type.type(:mysql_user).new(name: 'foo@LocalHost', password_hash: 'pass') } it 'lowercases the user name' do expect(user[:name]).to eq('foo@localhost') end end context 'using foo@192.168.1.0/255.255.255.0' do let(:user) { Puppet::Type.type(:mysql_user).new(name: 'foo@192.168.1.0/255.255.255.0', password_hash: 'pass') } it 'creates the user with the netmask' do expect(user[:name]).to eq('foo@192.168.1.0/255.255.255.0') end end context 'using allo_wed$char@localhost' do let(:user) { Puppet::Type.type(:mysql_user).new(name: 'allo_wed$char@localhost', password_hash: 'pass') } it 'accepts a user name' do expect(user[:name]).to eq('allo_wed$char@localhost') end end context 'ensure the default \'debian-sys-main\'@localhost user can be parsed' do let(:user) { Puppet::Type.type(:mysql_user).new(name: '\'debian-sys-maint\'@localhost', password_hash: 'pass') } it 'accepts a user name' do expect(user[:name]).to eq('\'debian-sys-maint\'@localhost') end end context 'using a quoted 16 char username' do let(:user) { Puppet::Type.type(:mysql_user).new(name: '"debian-sys-maint"@localhost', password_hash: 'pass') } it 'accepts a user name' do expect(user[:name]).to eq('"debian-sys-maint"@localhost') end end context 'using a quoted username that is too long ' do before :each do - Facter.stubs(:value).with(:mysql_version).returns('5.6.24') + allow(Facter).to receive(:value).with(:mysql_version).and_return('5.6.24') end it 'fails with a size error' do expect { Puppet::Type.type(:mysql_user).new(name: '"debian-sys-maint2"@localhost', password_hash: 'pass') }.to raise_error %r{MySQL usernames are limited to a maximum of 16 characters} end end context 'using `speci!al#`@localhost' do let(:user) { Puppet::Type.type(:mysql_user).new(name: '`speci!al#`@localhost', password_hash: 'pass') } it 'accepts a quoted user name with special chatracters' do expect(user[:name]).to eq('`speci!al#`@localhost') end end context 'using in-valid@localhost' do let(:user) { Puppet::Type.type(:mysql_user).new(name: 'in-valid@localhost', password_hash: 'pass') } it 'accepts a user name with special chatracters' do expect(user[:name]).to eq('in-valid@localhost') end end context 'using "misquoted@localhost' do it 'fails with a misquoted username is used' do expect { Puppet::Type.type(:mysql_user).new(name: '"misquoted@localhost', password_hash: 'pass') }.to raise_error %r{Invalid database user "misquoted@localhost} end end context 'using invalid options' do it 'fails with an invalid option' do expect { Puppet::Type.type(:mysql_user).new(name: 'misquoted@localhost', password_hash: 'pass', tls_options: ['SOMETHING_ELSE']) }.to raise_error %r{Invalid tls option} end end end diff --git a/tasks/export.rb b/tasks/export.rb index e3f44d0..6bf3e83 100755 --- a/tasks/export.rb +++ b/tasks/export.rb @@ -1,30 +1,32 @@ #!/opt/puppetlabs/puppet/bin/ruby +# frozen_string_literal: true + require 'json' require 'open3' require 'puppet' def get(file, database, user, password) cmd_string = 'mysqldump' cmd_string << " --databases #{database}" unless database.nil? cmd_string << " --user=#{user}" unless user.nil? cmd_string << " --password=#{password}" unless password.nil? cmd_string << " > #{file}" unless file.nil? stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, _("stderr: '%{stderr}'" % { stderr: stderr }) if status != 0 { status: stdout.strip } end params = JSON.parse(STDIN.read) database = params['database'] user = params['user'] password = params['password'] file = params['file'] begin result = get(file, database, user, password) puts result.to_json exit 0 rescue Puppet::Error => e puts({ status: 'failure', error: e.message }.to_json) exit 1 end diff --git a/tasks/sql.rb b/tasks/sql.rb index 53c9d01..13e3234 100755 --- a/tasks/sql.rb +++ b/tasks/sql.rb @@ -1,29 +1,31 @@ #!/opt/puppetlabs/puppet/bin/ruby +# frozen_string_literal: true + require 'json' require 'open3' require 'puppet' def get(sql, database, user, password) cmd = ['mysql', '-e', "#{sql} "] cmd << "--database=#{database}" unless database.nil? cmd << "--user=#{user}" unless user.nil? cmd << "--password=#{password}" unless password.nil? stdout, stderr, status = Open3.capture3(*cmd) raise Puppet::Error, _("stderr: '%{stderr}'" % { stderr: stderr }) if status != 0 { status: stdout.strip } end params = JSON.parse(STDIN.read) database = params['database'] user = params['user'] password = params['password'] sql = params['sql'] begin result = get(sql, database, user, password) puts result.to_json exit 0 rescue Puppet::Error => e puts({ status: 'failure', error: e.message }.to_json) exit 1 end diff --git a/templates/my.cnf.pass.erb b/templates/my.cnf.pass.erb index b82cca3..9f9d038 100644 --- a/templates/my.cnf.pass.erb +++ b/templates/my.cnf.pass.erb @@ -1,11 +1,11 @@ ### MANAGED BY PUPPET ### <% %w(mysql client mysqldump mysqladmin mysqlcheck).each do |section| %> [<%= section -%>] user=root host=localhost -<% unless scope.lookupvar('mysql::server::root_password') == 'UNSET' -%> -password='<%= scope.lookupvar('mysql::server::root_password') %>' +<% if @root_password_set -%> +password='<%= @root_password %>' <% end -%> socket=<%= @options['client']['socket'] %> <% end %> diff --git a/templates/mysqlbackup.sh.erb b/templates/mysqlbackup.sh.erb index 19706fb..d90d567 100755 --- a/templates/mysqlbackup.sh.erb +++ b/templates/mysqlbackup.sh.erb @@ -1,125 +1,125 @@ <%- if @kernel == 'Linux' -%> #!/bin/bash <%- else -%> #!/bin/sh <%- end -%> # # MySQL Backup Script # Dumps mysql databases to a file for another backup tool to pick up. # # MySQL code: # GRANT SELECT, RELOAD, LOCK TABLES ON *.* TO 'user'@'localhost' # IDENTIFIED BY 'password'; # FLUSH PRIVILEGES; # ##### START CONFIG ################################################### USER=<%= @backupuser %> -PASS='<%= @backuppassword %>' +PASS='<%= @backuppassword_unsensitive %>' MAX_ALLOWED_PACKET=<%= @maxallowedpacket %> DIR=<%= @backupdir %> ROTATE=<%= [ Integer(@backuprotate) - 1, 0 ].max %> # Create temporary mysql cnf file. TMPFILE=`mktemp /tmp/backup.XXXXXX` || exit 1 <%- if @kernel == 'SunOS' -%> echo "[client]\npassword=$PASS\nuser=$USER\nmax_allowed_packet=$MAX_ALLOWED_PACKET" > $TMPFILE <%- else -%> echo -e "[client]\npassword=$PASS\nuser=$USER\nmax_allowed_packet=$MAX_ALLOWED_PACKET" > $TMPFILE <%- end -%> <% if @prescript -%> <%- [@prescript].flatten.compact.each do |script|%> <%= script %> <%- end -%> <% end -%> # Ensure backup directory exist. mkdir -p $DIR PREFIX=mysql_backup_ <% if @ignore_events %> ADDITIONAL_OPTIONS="--ignore-table=mysql.event" <% else %> ADDITIONAL_OPTIONS="--events" <% end %> <%# Only include routines or triggers if we're doing a file per database -%> <%# backup. This happens if we named databases, or if we explicitly set -%> <%# file per database mode -%> <% if !@backupdatabases.empty? || @file_per_database -%> <% if @include_triggers -%> ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --triggers" <% else -%> ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --skip-triggers" <% end -%> <% if @include_routines -%> ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --routines" <% else -%> ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --skip-routines" <% end -%> <% end -%> <%- if @optional_args and @optional_args.is_a?(Array) -%> <%- @optional_args.each do |arg| -%> ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS <%= arg %>" <%- end -%> <%- end -%> ##### STOP CONFIG #################################################### PATH=<%= @execpath %> <%- if @kernel == 'Linux' -%> set -o pipefail <%- end -%> cleanup() { <%- if @kernel == 'SunOS' -%> gfind "${DIR}/" -maxdepth 1 -type f -name "${PREFIX}*.sql*" -mtime +${ROTATE} -print0 | gxargs -0 -r rm -f <%- else -%> find "${DIR}/" -maxdepth 1 -type f -name "${PREFIX}*.sql*" -mtime +${ROTATE} -print0 | xargs -0 -r rm -f <%- end -%> } <% if @delete_before_dump -%> cleanup <% end -%> <% if @backupdatabases.empty? -%> <% if @file_per_database -%> mysql --defaults-extra-file=$TMPFILE -s -r -N -e 'SHOW DATABASES' | while read dbname do <%= @backupmethod -%> --defaults-extra-file=$TMPFILE --opt --flush-logs --single-transaction \ ${ADDITIONAL_OPTIONS} \ - ${dbname} <% if @backupcompress %>| bzcat -zc <% end %>> ${DIR}/${PREFIX}${dbname}_`date +%Y%m%d-%H%M%S`.sql<% if @backupcompress %>.bz2<% end %> + ${dbname} <% if @backupcompress %>| <%= @compression_command %> <% end %>> ${DIR}/${PREFIX}${dbname}_`date +%Y%m%d-%H%M%S`.sql<% if @backupcompress %><%= @compression_extension %><% end %> done <% else -%> <%= @backupmethod -%> --defaults-extra-file=$TMPFILE --opt --flush-logs --single-transaction \ ${ADDITIONAL_OPTIONS} \ - --all-databases <% if @backupcompress %>| bzcat -zc <% end %>> ${DIR}/${PREFIX}`date +%Y%m%d-%H%M%S`.sql<% if @backupcompress %>.bz2<% end %> + --all-databases <% if @backupcompress %>| <%= @compression_command %> <% end %>> ${DIR}/${PREFIX}`date +%Y%m%d-%H%M%S`.sql<% if @backupcompress %><%= @compression_extension %><% end %> <% end -%> <% else -%> <% @backupdatabases.each do |db| -%> <%= @backupmethod -%> --defaults-extra-file=$TMPFILE --opt --flush-logs --single-transaction \ ${ADDITIONAL_OPTIONS} \ - <%= db %><% if @backupcompress %>| bzcat -zc <% end %>> ${DIR}/${PREFIX}<%= db %>_`date +%Y%m%d-%H%M%S`.sql<% if @backupcompress %>.bz2<% end %> + <%= db %><% if @backupcompress %>| <%= @compression_command %> <% end %>> ${DIR}/${PREFIX}<%= db %>_`date +%Y%m%d-%H%M%S`.sql<% if @backupcompress %><%= @compression_extension %><% end %> <% end -%> <% end -%> <% unless @delete_before_dump -%> if [ $? -eq 0 ] ; then cleanup touch <%= @backup_success_file_path %> fi <% end -%> <% if @postscript -%> <%- [@postscript].flatten.compact.each do |script|%> <%= script %> <%- end -%> <% end -%> # Remove temporary file rm -f $TMPFILE diff --git a/templates/xtrabackup.sh.erb b/templates/xtrabackup.sh.erb index 0f7a98c..c3d66bf 100644 --- a/templates/xtrabackup.sh.erb +++ b/templates/xtrabackup.sh.erb @@ -1,75 +1,75 @@ <%- if @kernel == 'Linux' -%> #!/bin/bash <%- else -%> #!/bin/sh <%- end -%> # # A wrapper for Xtrabackup ROTATE=<%= [ Integer(@backuprotate) - 1, 0 ].max %> DIR=<%= @backupdir %> # Ensure backup directory exist. mkdir -p $DIR <%- if @kernel == 'Linux' -%> set -o pipefail <%- end -%> <% if @prescript -%> <%- [@prescript].flatten.compact.each do |script| %> <%= script %> <%- end -%> <% end -%> cleanup() { <%- if @kernel == 'SunOS' -%> gfind "${DIR}/" -mindepth 1 -maxdepth 1 -mtime +${ROTATE} -print0 | gxargs -0 -r rm -rf <%- else -%> find "${DIR}/" -mindepth 1 -maxdepth 1 -mtime +${ROTATE} -print0 | xargs -0 -r rm -rf <%- end -%> } <% if @delete_before_dump -%> cleanup <% end -%> <%- _innobackupex_args = '' -%> -<%- if @backupuser and @backuppassword -%> - <%- _innobackupex_args = '--user="' + @backupuser + '" --password="' + @backuppassword + '"' -%> +<%- if @backupuser and @backuppassword_unsensitive -%> + <%- _innobackupex_args = '--user="' + @backupuser + '" --password="' + @backuppassword_unsensitive + '"' -%> <%- end -%> <%- if @backupcompress -%> <%- _innobackupex_args = _innobackupex_args + ' --compress' -%> <%- end -%> <%- if @backupdatabases and @backupdatabases.is_a?(Array) and !@backupdatabases.empty? -%> <%- _innobackupex_args = _innobackupex_args + ' --databases="' + @backupdatabases.join(' ') + '"' -%> <%- end -%> <%- if @optional_args and @optional_args.is_a?(Array) -%> <%- @optional_args.each do |arg| -%> <%- _innobackupex_args = _innobackupex_args + ' ' + arg -%> <%- end -%> <%- end -%> <%= @backupmethod -%> <%= _innobackupex_args %> $@ <% unless @delete_before_dump -%> if [ $? -eq 0 ] ; then cleanup touch <%= @backup_success_file_path %> fi <% end -%> <% if @postscript -%> <%- [@postscript].flatten.compact.each do |script| %> <%= script %> <%- end -%> <% end -%> diff --git a/types/options.pp b/types/options.pp index ab08945..71a8f59 100644 --- a/types/options.pp +++ b/types/options.pp @@ -1,4 +1,6 @@ +# @summary A hash of options structured like the override_options, but not merged with the default options. +# Use this if you don’t want your options merged with the default options. type Mysql::Options = Hash[ String, Hash, ]