jenkins-bot has submitted this change and it was merged.
Change subject: Add 'mysql::sql', 'mysql::user' & 'mysql::db' types
......................................................................
Add 'mysql::sql', 'mysql::user' & 'mysql::db' types
This patch adds three custom defines for working with MySQL. The base
define is 'mysql::sql', which is a wrapper around an Exec resource of
the 'mysql' command-line tool that executes arbitrary SQL code.
'mysql::user' and 'mysql::db' provide some additional syntactic sugar by
allowing for the concise creation of databases and users.
Change-Id: I2db984034d541fd31c558e81abe6b6b5fa0908db
---
A puppet/modules/mysql/manifests/db.pp
M puppet/modules/mysql/manifests/init.pp
A puppet/modules/mysql/manifests/sql.pp
A puppet/modules/mysql/manifests/user.pp
4 files changed, 142 insertions(+), 1 deletion(-)
Approvals:
Ori.livneh: Looks good to me, approved
jenkins-bot: Verified
diff --git a/puppet/modules/mysql/manifests/db.pp
b/puppet/modules/mysql/manifests/db.pp
new file mode 100644
index 0000000..7e44591
--- /dev/null
+++ b/puppet/modules/mysql/manifests/db.pp
@@ -0,0 +1,37 @@
+# == Define: mysql::db
+#
+# Creates a database on the local MySQL database server.
+#
+# === Parameters
+#
+# [*ensure*]
+# If 'present', creates the database. If 'absent', drops it.
+# Defaults to present.
+#
+# [*dbname*]
+# Database name. Defaults to resource title. Example: 'wikidb'.
+#
+# === Examples
+#
+# Creates a 'centralauth' database:
+#
+# mysql::db { 'centralauth':
+# ensure => present,
+# }
+#
+define mysql::db(
+ $ensure = present,
+ $dbname = $title,
+) {
+ if $ensure == 'absent' {
+ $command = 'drop'
+ $unless = 'not exists'
+ } else {
+ $command = 'create'
+ $unless = 'exists'
+ }
+
+ mysql::sql { "${command} database ${dbname}":
+ unless => "select ${unless}(select * from information_schema.schemata
where schema_name = '${dbname}')",
+ }
+}
diff --git a/puppet/modules/mysql/manifests/init.pp
b/puppet/modules/mysql/manifests/init.pp
index 3735627..8199163 100644
--- a/puppet/modules/mysql/manifests/init.pp
+++ b/puppet/modules/mysql/manifests/init.pp
@@ -36,7 +36,7 @@
exec { 'set mysql password':
command => "mysqladmin -u root password \"${root_password}\"",
- unless => "mysqladmin -u root -p\"${root_password}\" status",
+ unless => "mysqladmin -u root -p\"${root_password}\" ping",
require => Service['mysql'],
}
@@ -47,4 +47,8 @@
mode => '0600',
content => template('mysql/my.cnf.erb'),
}
+
+ # Create databases before creating users. User resources sometime
+ # depend on databases for GRANTs, but the reverse is never true.
+ Mysql::Db <| |> -> Mysql::User <| |>
}
diff --git a/puppet/modules/mysql/manifests/sql.pp
b/puppet/modules/mysql/manifests/sql.pp
new file mode 100644
index 0000000..56a2b01
--- /dev/null
+++ b/puppet/modules/mysql/manifests/sql.pp
@@ -0,0 +1,38 @@
+# == Define: mysql::sql
+#
+# This custom resource type allows you to execute arbitrary SQL against
+# the MySQL database as the database server's root user. No attempt is
+# made to sanitize input.
+#
+# === Parameters
+#
+# [*sql*]
+# String containing SQL code to execute. Defaults to resource title.
+#
+# [*unless*]
+# String containing SQL query. Its result will be used as the basis
+# for determining whether or not to execute the code contained in
+# the 'sql' param.
+#
+# === Examples
+#
+# Create a user named 'monty', unless one already exists:
+#
+# mysql::sql { 'add user':
+# sql => "create user 'monty'@'localhost'",
+# unless => "select 1 from mysql.user where user = 'monty'",
+# }
+#
+define mysql::sql(
+ $unless,
+ $sql = $title,
+) {
+ $quoted_sql = regsubst($sql, '"', '\\"', 'G')
+ $quoted_unless = regsubst($unless, '"', '\\"', 'G')
+
+ exec { $title:
+ command => "mysql -uroot -p${mysql::root_password} -qfsAe
\"${quoted_sql}\"",
+ unless => "mysql -uroot -p${mysql::root_password} -qfsAe
\"${quoted_unless}\" | tail -1 | grep -q 1",
+ require => Exec['set mysql password'],
+ }
+}
diff --git a/puppet/modules/mysql/manifests/user.pp
b/puppet/modules/mysql/manifests/user.pp
new file mode 100644
index 0000000..dfe9ade
--- /dev/null
+++ b/puppet/modules/mysql/manifests/user.pp
@@ -0,0 +1,62 @@
+# == Define: mysql::user
+#
+# Creates a user on the local MySQL database server and (optionally)
+# grants the user privileges on some database.
+#
+# === Parameters
+#
+# [*ensure*]
+# If 'present', creates the user. If 'absent', drops it.
+# Defaults to present.
+#
+# [*username*]
+# Account name of user to create. Defaults to resource title.
+# Example: 'wikiadmin'.
+#
+# [*password*]
+# Password for the new account. Example: 'hunter2'.
+#
+# [*hostname*]
+# Hostname or host mask specifying from where the user may connect.
+# Defaults to 'localhost'.
+#
+# [*grant*]
+# SQL sub-expression of the form 'priv_type ON object_type'.
+# Defaults to 'usage on *.*'. This allows combining user account
+# creation with a database permission grant.
+#
+# === Examples
+#
+# Creates an 'wikiadmin' user with full privileges on 'wiki':
+#
+# mysql::user { 'wikiadmin':
+# password => 'hunter2',
+# grant => 'all on wiki.*',
+# }
+#
+define mysql::user(
+ $password,
+ $ensure = present,
+ $username = $title,
+ $grant = 'usage on *.*',
+ $hostname = 'localhost',
+) {
+ if $ensure == 'absent' {
+ $command = 'drop'
+ $unless = 'not exists'
+ } else {
+ $command = 'create'
+ $unless = 'exists'
+ }
+
+ if $ensure == 'absent' {
+ mysql::sql { "drop user '${username}'":
+ unless => "select not exists(select 1 from mysql.user where user =
'${username}')",
+ }
+ } else {
+ mysql::sql { "create user ${username}":
+ sql => "grant ${grant} to '${username}'@'${hostname}'
identified by '${password}'",
+ unless => "select exists(select 1 from mysql.user where user =
'${username}')",
+ }
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/76886
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2db984034d541fd31c558e81abe6b6b5fa0908db
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: Ori.livneh <[email protected]>
Gerrit-Reviewer: Ori.livneh <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
