diff --git a/import_users.py b/import_users.py new file mode 100755 index 0000000..168c4b4 --- /dev/null +++ b/import_users.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python +"This script helps you to get mysql.user pillar from existent mysql server" + +import argparse +import MySQLdb +import re + +__author__ = "Egor Potiomkin" +__version__ = "1.0" +__email__ = "eg13reg@gmail.com" + +parser = argparse.ArgumentParser() +parser.add_argument('host', metavar='IP', help='host where you want to get users') +parser.add_argument('user', metavar='user', help='mysql user that can show grants') +parser.add_argument('password', metavar='password', help='user password') +args = parser.parse_args() + +# PARSE GRANTS +mysqlcon = MySQLdb.connect(host=args.host,user=args.user,passwd=args.password,db="mysql",use_unicode=True, charset='utf8') +mysqlCur = mysqlcon.cursor(MySQLdb.cursors.DictCursor) + +mysqlCur.execute(r'''select user,host from mysql.user;''') +rows = mysqlCur.fetchall() +users = [] + +for row in rows: + users.append({'name': row['user'], 'host': row['host']}); + +mysqlCur = mysqlcon.cursor() +grants = [] +for user in users: + q = r'''show grants for '%s'@'%s';''' % (user['name'], user['host']) + try: + user['grants'] = [] + mysqlCur.execute(q) + rows = mysqlCur.fetchall() + for row in rows: + mpass = re.search( + r"""GRANT USAGE ON \*\.\* TO .* IDENTIFIED BY PASSWORD '(\*[A-F0-9]*)\'""", + row[0]) + if mpass is None: + mgrant = re.search( + r"""GRANT ([\s,A-Z]+) ON `?([a-zA-Z0-9_\-*\\]*)`?\.`?([a-zA-Z0-9_\-*\\]*)`? TO .*""", + row[0]) + if mgrant is not None: + user['grants'].append({'grant': [x.strip() for x in mgrant.group(1).split(',')], 'database': mgrant.group(2).replace('\\',''), 'table': mgrant.group(3).replace('\\','')}) + else: + print "ERROR: CAN NOT PARSE GRANTS: ",row[0] + else: + user['password'] = mpass.group(1) + + except MySQLdb.DatabaseError: + print "Error while getting grants for '%s'@'%s'" % (user['name'], user['host']) +#raise SystemExit +# PRINT RESULT +""" PRINT EXAMPLE +mysql: + user: + - name: user + host: host + password_hash: '*2792A97371B2D17789364A22A9B35D180166571A' + databases: + - database: testbase + table: table1 + grants: ['select'] +""" +print "mysql:" +print " user:" +for user in users: + print " - name: %s" % user['name'] + print " host: '%s'" % user['host'] + if ('password' in user): + print " password_hash: '%s'" % user['password'] + print " databases:" + for grant in user['grants']: + print " - database: '%s'" % grant['database'] + print " table: '%s'" % grant['table'] + print " grants: ['%s']" % "','".join(grant['grant']).lower() diff --git a/mysql/client.sls b/mysql/client.sls index 8fe378f..33628e6 100644 --- a/mysql/client.sls +++ b/mysql/client.sls @@ -1,4 +1,5 @@ -{% from "mysql/map.jinja" import mysql with context %} +{% from "mysql/defaults.yaml" import rawmap with context %} +{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %} mysql: pkg: diff --git a/mysql/database.sls b/mysql/database.sls index ac2537a..e0f951a 100644 --- a/mysql/database.sls +++ b/mysql/database.sls @@ -1,4 +1,5 @@ -{% from "mysql/map.jinja" import mysql with context %} +{% from "mysql/defaults.yaml" import rawmap with context %} +{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %} {% set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %} {% set db_states = [] %} @@ -13,7 +14,9 @@ include: - name: {{ database }} - host: localhost - connection_user: root + {% if mysql_root_pass %} - connection_pass: '{{ mysql_root_pass }}' + {% endif %} - connection_charset: utf8 {% if salt['pillar.get'](['mysql', 'schema', database, 'load']|join(':'), False) %} diff --git a/mysql/defaults.yaml b/mysql/defaults.yaml new file mode 100644 index 0000000..8159827 --- /dev/null +++ b/mysql/defaults.yaml @@ -0,0 +1,242 @@ +# vim: sts=2 ts=2 sw=2 et ai +{% load_yaml as rawmap %} +Ubuntu: + server: mysql-server + client: mysql-client + service: mysql + python: python-mysqldb + config: + file: /etc/mysql/my.cnf + sections: + client: + port: 3306 + socket: /var/run/mysqld/mysqld.sock + mysqld_safe: + socket: /var/run/mysqld/mysqld.sock + nice: 0 + mysqld: + user: mysql + pid-file: /var/run/mysqld/mysqld.pid + socket: /var/run/mysqld/mysqld.sock + port: 3306 + basedir: /usr + datadir: /var/lib/mysql + tmpdir: /tmp + lc-messages-dir: /usr/share/mysql + skip-external-locking: noarg_present + bind-address: 127.0.0.1 + key_buffer_size: 16M + max_allowed_packet: 16M + thread_stack: 192K + thread_cache_size: 8 + myisam-recover: BACKUP + query_cache_limit: 1M + query_cache_size: 16M + log_error: /var/log/mysql/error.log + expire_logs_days: 10 + max_binlog_size: 100M + mysqldump: + quick: noarg_present + quote-names: noarg_present + max_allowed_packet: 16M + isamchk: + key_buffer: 16M + append: | + !includedir /etc/mysql/conf.d/ +Debian: + server: mysql-server + client: mysql-client + service: mysql + python: python-mysqldb + config: + file: /etc/mysql/my.cnf + sections: + client: + port: 3306 + socket: /var/run/mysqld/mysqld.sock + mysqld_safe: + socket: /var/run/mysqld/mysqld.sock + nice: 0 + mysqld: + user: mysql + pid-file: /var/run/mysqld/mysqld.pid + socket: /var/run/mysqld/mysqld.sock + port: 3306 + basedir: /usr + datadir: /var/lib/mysql + tmpdir: /tmp + lc-messages-dir: /usr/share/mysql + skip-external-locking: noarg_present + bind-address: 127.0.0.1 + key_buffer_size: 16M + max_allowed_packet: 16M + thread_stack: 192K + thread_cache_size: 8 + myisam-recover: BACKUP + query_cache_limit: 1M + query_cache_size: 16M + expire_logs_days: 10 + max_binlog_size: 100M + mysqldump: + quick: noarg_present + quote-names: noarg_present + max_allowed_packet: 16M + isamchk: + key_buffer: 16M + append: | + !includedir /etc/mysql/conf.d/ +CentOS: + server: mysql-server + client: mysql + service: mysqld + python: MySQL-python + config: + file: /etc/my.cnf + sections: + mysqld_safe: + log-error: /var/log/mysqld.log + pid-file: /var/run/mysqld/mysqld.pid + mysqld: + datadir: /var/lib/mysql + socket: /var/lib/mysql/mysql.sock + user: mysql + port: 3306 + bind-address: 127.0.0.1 + symbolic-links: 0 +RedHat: + server: mysql-server + client: mysql + service: mysqld + python: MySQL-python + config: + file: /etc/my.cnf + sections: + mysqld_safe: + log-error: /var/log/mysqld.log + pid-file: /var/run/mysqld/mysqld.pid + mysqld: + datadir: /var/lib/mysql + socket: /var/lib/mysql/mysql.sock + user: mysql + port: 3306 + bind-address: 127.0.0.1 + symbolic-links: 0 +Gentoo: + server: dev-db/mysql + client: dev-db/mysql + service: mysql + python: dev-python/mysql-python + config: + file: /etc/mysql/my.cnf + sections: + client: + port: 3306 + socket: /var/run/mysqld/mysqld.sock + mysql: + character-sets-dir: /usr/share/mysql/charsets + default-character-set: utf8 + mysqladmin: + character-sets-dir: /usr/share/mysql/charsets + default-character-set: utf8 + mysqlcheck: + character-sets-dir: /usr/share/mysql/charsets + default-character-set: utf8 + mysqldump: + character-sets-dir: /usr/share/mysql/charsets + default-character-set: utf8 + mysqlimport: + character-sets-dir: /usr/share/mysql/charsets + default-character-set: utf8 + mysqlshow: + character-sets-dir: /usr/share/mysql/charsets + default-character-set: utf8 + myisamchk: + character-sets-dir: /usr/share/mysql/charsets + key_buffer: 20M + sort_buffer_size: 20M + read_buffer: 2M + write_buffer: 2M + myisampack: + character-sets-dir: /usr/share/mysql/charsets + mysqld_safe: + err-log: /var/log/mysql/mysql.err + mysqld: + character-set-server: utf8 + user: mysql + port: 3306 + socket: /var/run/mysqld/mysqld.sock + pid-file: /var/run/mysqld/mysqld.pid + log-error: /var/log/mysql/mysqld.err + basedir: /usr + datadir: /var/lib/mysql + skip-external-locking: noarg_present + key_buffer_size: 16M + max_allowed_packet: 1M + table_open_cache: 64 + sort_buffer_size: 512K + net_buffer_length: 8K + read_buffer_size: 256K + read_rnd_buffer_size: 512K + myisam_sort_buffer_size: 8M + language: /usr/share/mysql/english + bind-address: 127.0.0.1 + log-bin: noarg_present + server-id: 1 + tmpdir: /tmp/ + innodb_buffer_pool_size: 16M + innodb_additional_mem_pool_size: 2M + innodb_data_file_path: ibdata1:10M:autoextend:max:128M + innodb_log_file_size: 5M + innodb_log_buffer_size: 8M + innodb_log_files_in_group: 2 + innodb_flush_log_at_trx_commit: 1 + innodb_lock_wait_timeout: 50 + innodb_file_per_table: noarg_present + mysqldump: + quick: noarg_present + max_allowed_packet: 16M + isamchk: + key_buffer: 20M + sort_buffer_size: 20M + read_buffer: 2M + write_buffer: 2M + mysqlhotcopy: + interactive-timeout: noarg_present +FreeBSD: + server: mysql56-server + client: mysql56-client + service: mysql-server + python: pymysql + config: + file: /usr/local/etc/my.cnf + client: + port: 3306 + socket: /tmp/mysql.sock + mysqld: + port: 3306 + socket: /tmp/mysql.sock + skip-external-locking: noarg_present + key_buffer_size: 16M + max_allowed_packet: 1M + table_open_cache: 64 + sort_buffer_size: 512K + net_buffer_length: 8K + read_buffer_size: 256K + read_rnd_buffer_size: 512K + myisam_sort_buffer_size: 8M + log-bin: mysql-bin + binlog_format: mixed + server-id: 1 + mysqldump: + quick: noarg_present + max_allowed_packet: 16M + mysql: + no-auto-rehash: noarg_present + myisamchk: + key_buffer_size: 20M + sort_buffer_size: 20M + read_buffer: 2M + write_buffer: 2M + mysqlhotcopy: + interactive-timeout: noarg_present +{% endload %} diff --git a/mysql/files/Debian-my.cnf b/mysql/files/Debian-my.cnf deleted file mode 100644 index 520ea4b..0000000 --- a/mysql/files/Debian-my.cnf +++ /dev/null @@ -1,126 +0,0 @@ -# This file managed by Salt, do not edit by hand!! -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -[client] -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -# This was formally known as [safe_mysqld]. Both versions are currently parsed. -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - -[mysqld] -# -# * Basic Settings -# -user = {{ salt['pillar.get']('mysql:server:user', 'mysql') }} -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = {{ salt['pillar.get']('mysql:server:port', '3306') }} -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -lc-messages-dir = /usr/share/mysql -skip-external-locking -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -bind-address = {{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }} -# -# * Fine Tuning -# -key_buffer = 16M -max_allowed_packet = 16M -thread_stack = 192K -thread_cache_size = 8 -# This replaces the startup script and checks MyISAM tables if needed -# the first time they are touched -myisam-recover = BACKUP -#max_connections = 100 -#table_cache = 64 -#thread_concurrency = 10 -# -# * Query Cache Configuration -# -query_cache_limit = 1M -query_cache_size = 16M -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! -#general_log_file = /var/log/mysql/mysql.log -#general_log = 1 -# -# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. -# -# Here you can see queries with especially long duration -#log_slow_queries = /var/log/mysql/mysql-slow.log -#long_query_time = 2 -#log-queries-not-using-indexes -# -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. -#server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log -expire_logs_days = 10 -max_binlog_size = 100M -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! -# -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem - - - -[mysqldump] -quick -quote-names -max_allowed_packet = 16M - -[mysql] -#no-auto-rehash # faster start of mysql but no tab completition - -[isamchk] -key_buffer = 16M - -# -# * IMPORTANT: Additional settings that can override those from this file! -# The files must end with '.cnf', otherwise they'll be ignored. -# -!includedir /etc/mysql/conf.d/ diff --git a/mysql/files/Gentoo-my.cnf b/mysql/files/Gentoo-my.cnf deleted file mode 100644 index ba236b1..0000000 --- a/mysql/files/Gentoo-my.cnf +++ /dev/null @@ -1,147 +0,0 @@ -# This file managed by Salt, do not edit by hand!! -# /etc/mysql/my.cnf: The global mysql configuration file. -# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-5.1,v 1.4 2013/01/20 02:40:02 robbat2 Exp $ - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -[mysql] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqladmin] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqlcheck] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqldump] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqlimport] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqlshow] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[myisamchk] -character-sets-dir=/usr/share/mysql/charsets - -[myisampack] -character-sets-dir=/usr/share/mysql/charsets - -# use [safe_mysqld] with mysql-3 -[mysqld_safe] -err-log = /var/log/mysql/mysql.err - -# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations -[mysqld] -character-set-server = utf8 -user = {{ salt['pillar.get']('mysql:server:user', 'mysql') }} -port = {{ salt['pillar.get']('mysql:server:port', '3306') }} -socket = /var/run/mysqld/mysqld.sock -pid-file = /var/run/mysqld/mysqld.pid -log-error = /var/log/mysql/mysqld.err -basedir = /usr -datadir = /var/lib/mysql -skip-external-locking -key_buffer = 16M -max_allowed_packet = 1M -table_open_cache = 64 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M -language = /usr/share/mysql/english - -# security: -# using "localhost" in connects uses sockets by default -# skip-networking -bind-address = {{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }} - -log-bin -server-id = 1 - -# point the following paths to different dedicated disks -tmpdir = /tmp/ -#log-update = /path-to-dedicated-directory/hostname - -# you need the debug USE flag enabled to use the following directives, -# if needed, uncomment them, start the server and issue -# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace -# this will show you *exactly* what's happening in your server ;) - -#log = /tmp/mysqld.sql -#gdb -#debug = d:t:i:o,/tmp/mysqld.trace -#one-thread - -# uncomment the following directives if you are using BDB tables -#bdb_cache_size = 4M -#bdb_max_lock = 10000 - -# the following is the InnoDB configuration -# if you wish to disable innodb instead -# uncomment just the next line -#skip-innodb -# -# the rest of the innodb config follows: -# don't eat too much memory, we're trying to be safe on 64Mb boxes -# you might want to bump this up a bit on boxes with more RAM -innodb_buffer_pool_size = 16M -# this is the default, increase it if you have lots of tables -innodb_additional_mem_pool_size = 2M -# -# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-( -# and upstream wants things to be under /var/lib/mysql/, so that's the route -# we have to take for the moment -#innodb_data_home_dir = /var/lib/mysql/ -#innodb_log_arch_dir = /var/lib/mysql/ -#innodb_log_group_home_dir = /var/lib/mysql/ -# you may wish to change this size to be more suitable for your system -# the max is there to avoid run-away growth on your machine -innodb_data_file_path = ibdata1:10M:autoextend:max:128M -# we keep this at around 25% of of innodb_buffer_pool_size -# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) -innodb_log_file_size = 5M -# this is the default, increase it if you have very large transactions going on -innodb_log_buffer_size = 8M -# this is the default and won't hurt you -# you shouldn't need to tweak it -innodb_log_files_in_group=2 -# see the innodb config docs, the other options are not always safe -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_file_per_table - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -# uncomment the next directive if you are not familiar with SQL -#safe-updates - -[isamchk] -key_buffer = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[myisamchk] -key_buffer = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[mysqlhotcopy] -interactive-timeout diff --git a/mysql/files/RedHat-my.cnf b/mysql/files/RedHat-my.cnf deleted file mode 100644 index 69fe12c..0000000 --- a/mysql/files/RedHat-my.cnf +++ /dev/null @@ -1,13 +0,0 @@ -[mysqld] -datadir=/var/lib/mysql -socket=/var/lib/mysql/mysql.sock -user={{ salt['pillar.get']('mysql:server:user', 'mysql') }} -port={{ salt['pillar.get']('mysql:server:port', '3306') }} -bind-address={{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }} -# Disabling symbolic-links is recommended to prevent assorted security risks -symbolic-links=0 - -[mysqld_safe] -log-error=/var/log/mysqld.log -pid-file=/var/run/mysqld/mysqld.pid - diff --git a/mysql/files/Ubuntu-my.cnf b/mysql/files/Ubuntu-my.cnf deleted file mode 100644 index 25ecb96..0000000 --- a/mysql/files/Ubuntu-my.cnf +++ /dev/null @@ -1,128 +0,0 @@ -# This file managed by Salt, do not edit by hand!! -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -[client] -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -# This was formally known as [safe_mysqld]. Both versions are currently parsed. -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - -[mysqld] -# -# * Basic Settings -# -user = {{ salt['pillar.get']('mysql:server:user', 'mysql') }} -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = {{ salt['pillar.get']('mysql:server:port', '3306') }} -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -lc-messages-dir = /usr/share/mysql -skip-external-locking -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -bind-address = {{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }} -# -# * Fine Tuning -# -key_buffer = 16M -max_allowed_packet = 16M -thread_stack = 192K -thread_cache_size = 8 -# This replaces the startup script and checks MyISAM tables if needed -# the first time they are touched -myisam-recover = BACKUP -#max_connections = 100 -#table_cache = 64 -#thread_concurrency = 10 -# -# * Query Cache Configuration -# -query_cache_limit = 1M -query_cache_size = 16M -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! -#general_log_file = /var/log/mysql/mysql.log -#general_log = 1 -# -# Error log - should be very few entries. -# -log_error = /var/log/mysql/error.log -# -# Here you can see queries with especially long duration -#log_slow_queries = /var/log/mysql/mysql-slow.log -#long_query_time = 2 -#log-queries-not-using-indexes -# -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. -#server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log -expire_logs_days = 10 -max_binlog_size = 100M -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! -# -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem - - - -[mysqldump] -quick -quote-names -max_allowed_packet = 16M - -[mysql] -#no-auto-rehash # faster start of mysql but no tab completition - -[isamchk] -key_buffer = 16M - -# -# * IMPORTANT: Additional settings that can override those from this file! -# The files must end with '.cnf', otherwise they'll be ignored. -# -!includedir /etc/mysql/conf.d/ diff --git a/mysql/files/my-huge.cnf b/mysql/files/my-huge.cnf deleted file mode 100644 index 3e9602c..0000000 --- a/mysql/files/my-huge.cnf +++ /dev/null @@ -1,146 +0,0 @@ -# Example MySQL config file for very large systems. -# -# This is for a large system with memory of 1G-2G where the system runs mainly -# MySQL. -# -# MySQL programs look for option files in a set of -# locations which depend on the deployment platform. -# You can copy this option file to one of those -# locations. For information about these locations, see: -# http://dev.mysql.com/doc/mysql/en/option-files.html -# -# In this file, you can use all long options that a program supports. -# If you want to know which options a program supports, run the program -# with the "--help" option. - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = /tmp/mysql.sock - -# Here follows entries for some specific programs - -# The MySQL server -[mysqld] -port = 3306 -socket = /tmp/mysql.sock -skip-external-locking -key_buffer_size = 384M -max_allowed_packet = 1M -table_open_cache = 512 -sort_buffer_size = 2M -read_buffer_size = 2M -read_rnd_buffer_size = 8M -myisam_sort_buffer_size = 64M -thread_cache_size = 8 -query_cache_size = 32M -# Try number of CPU's*2 for thread_concurrency -thread_concurrency = 8 - -# Don't listen on a TCP/IP port at all. This can be a security enhancement, -# if all processes that need to connect to mysqld run on the same host. -# All interaction with mysqld must be made via Unix sockets or named pipes. -# Note that using this option without enabling named pipes on Windows -# (via the "enable-named-pipe" option) will render mysqld useless! -# -#skip-networking - -# Replication Master Server (default) -# binary logging is required for replication -log-bin=mysql-bin - -# required unique id between 1 and 2^32 - 1 -# defaults to 1 if master-host is not set -# but will not function as a master if omitted -server-id = 1 - -# Replication Slave (comment out master section to use this) -# -# To configure this host as a replication slave, you can choose between -# two methods : -# -# 1) Use the CHANGE MASTER TO command (fully described in our manual) - -# the syntax is: -# -# CHANGE MASTER TO MASTER_HOST=, MASTER_PORT=, -# MASTER_USER=, MASTER_PASSWORD= ; -# -# where you replace , , by quoted strings and -# by the master's port number (3306 by default). -# -# Example: -# -# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306, -# MASTER_USER='joe', MASTER_PASSWORD='secret'; -# -# OR -# -# 2) Set the variables below. However, in case you choose this method, then -# start replication for the first time (even unsuccessfully, for example -# if you mistyped the password in master-password and the slave fails to -# connect), the slave will create a master.info file, and any later -# change in this file to the variables' values below will be ignored and -# overridden by the content of the master.info file, unless you shutdown -# the slave server, delete master.info and restart the slaver server. -# For that reason, you may want to leave the lines below untouched -# (commented) and instead use CHANGE MASTER TO (see above) -# -# required unique id between 2 and 2^32 - 1 -# (and different from the master) -# defaults to 2 if master-host is set -# but will not function as a slave if omitted -#server-id = 2 -# -# The replication master for this slave - required -#master-host = -# -# The username the slave will use for authentication when connecting -# to the master - required -#master-user = -# -# The password the slave will authenticate with when connecting to -# the master - required -#master-password = -# -# The port the master is listening on. -# optional - defaults to 3306 -#master-port = -# -# binary logging - not required for slaves, but recommended -#log-bin=mysql-bin -# -# binary logging format - mixed recommended -#binlog_format=mixed - -# Uncomment the following if you are using InnoDB tables -#innodb_data_home_dir = /var/db/mysql -#innodb_data_file_path = ibdata1:2000M;ibdata2:10M:autoextend -#innodb_log_group_home_dir = /var/db/mysql -# You can set .._buffer_pool_size up to 50 - 80 % -# of RAM but beware of setting memory usage too high -#innodb_buffer_pool_size = 384M -#innodb_additional_mem_pool_size = 20M -# Set .._log_file_size to 25 % of buffer pool size -#innodb_log_file_size = 100M -#innodb_log_buffer_size = 8M -#innodb_flush_log_at_trx_commit = 1 -#innodb_lock_wait_timeout = 50 - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -no-auto-rehash -# Remove the next comment character if you are not familiar with SQL -#safe-updates - -[myisamchk] -key_buffer_size = 256M -sort_buffer_size = 256M -read_buffer = 2M -write_buffer = 2M - -[mysqlhotcopy] -interactive-timeout diff --git a/mysql/files/my-medium.cnf b/mysql/files/my-medium.cnf deleted file mode 100644 index 7485b96..0000000 --- a/mysql/files/my-medium.cnf +++ /dev/null @@ -1,144 +0,0 @@ -# Example MySQL config file for medium systems. -# -# This is for a system with little memory (32M - 64M) where MySQL plays -# an important part, or systems up to 128M where MySQL is used together with -# other programs (such as a web server) -# -# MySQL programs look for option files in a set of -# locations which depend on the deployment platform. -# You can copy this option file to one of those -# locations. For information about these locations, see: -# http://dev.mysql.com/doc/mysql/en/option-files.html -# -# In this file, you can use all long options that a program supports. -# If you want to know which options a program supports, run the program -# with the "--help" option. - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = /tmp/mysql.sock - -# Here follows entries for some specific programs - -# The MySQL server -[mysqld] -port = 3306 -socket = /tmp/mysql.sock -skip-external-locking -key_buffer_size = 16M -max_allowed_packet = 1M -table_open_cache = 64 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M - -# Don't listen on a TCP/IP port at all. This can be a security enhancement, -# if all processes that need to connect to mysqld run on the same host. -# All interaction with mysqld must be made via Unix sockets or named pipes. -# Note that using this option without enabling named pipes on Windows -# (via the "enable-named-pipe" option) will render mysqld useless! -# -#skip-networking - -# Replication Master Server (default) -# binary logging is required for replication -log-bin=mysql-bin - -# binary logging format - mixed recommended -binlog_format=mixed - -# required unique id between 1 and 2^32 - 1 -# defaults to 1 if master-host is not set -# but will not function as a master if omitted -server-id = 1 - -# Replication Slave (comment out master section to use this) -# -# To configure this host as a replication slave, you can choose between -# two methods : -# -# 1) Use the CHANGE MASTER TO command (fully described in our manual) - -# the syntax is: -# -# CHANGE MASTER TO MASTER_HOST=, MASTER_PORT=, -# MASTER_USER=, MASTER_PASSWORD= ; -# -# where you replace , , by quoted strings and -# by the master's port number (3306 by default). -# -# Example: -# -# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306, -# MASTER_USER='joe', MASTER_PASSWORD='secret'; -# -# OR -# -# 2) Set the variables below. However, in case you choose this method, then -# start replication for the first time (even unsuccessfully, for example -# if you mistyped the password in master-password and the slave fails to -# connect), the slave will create a master.info file, and any later -# change in this file to the variables' values below will be ignored and -# overridden by the content of the master.info file, unless you shutdown -# the slave server, delete master.info and restart the slaver server. -# For that reason, you may want to leave the lines below untouched -# (commented) and instead use CHANGE MASTER TO (see above) -# -# required unique id between 2 and 2^32 - 1 -# (and different from the master) -# defaults to 2 if master-host is set -# but will not function as a slave if omitted -#server-id = 2 -# -# The replication master for this slave - required -#master-host = -# -# The username the slave will use for authentication when connecting -# to the master - required -#master-user = -# -# The password the slave will authenticate with when connecting to -# the master - required -#master-password = -# -# The port the master is listening on. -# optional - defaults to 3306 -#master-port = -# -# binary logging - not required for slaves, but recommended -#log-bin=mysql-bin - -# Uncomment the following if you are using InnoDB tables -#innodb_data_home_dir = /var/db/mysql -#innodb_data_file_path = ibdata1:10M:autoextend -#innodb_log_group_home_dir = /var/db/mysql -# You can set .._buffer_pool_size up to 50 - 80 % -# of RAM but beware of setting memory usage too high -#innodb_buffer_pool_size = 16M -#innodb_additional_mem_pool_size = 2M -# Set .._log_file_size to 25 % of buffer pool size -#innodb_log_file_size = 5M -#innodb_log_buffer_size = 8M -#innodb_flush_log_at_trx_commit = 1 -#innodb_lock_wait_timeout = 50 - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -no-auto-rehash -# Remove the next comment character if you are not familiar with SQL -#safe-updates - -[myisamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[mysqlhotcopy] -interactive-timeout diff --git a/mysql/files/my-small.cnf b/mysql/files/my-small.cnf deleted file mode 100644 index 66d83cd..0000000 --- a/mysql/files/my-small.cnf +++ /dev/null @@ -1,89 +0,0 @@ -# Example MySQL config file for small systems. -# -# This is for a system with little memory (<= 64M) where MySQL is only used -# from time to time and it's important that the mysqld daemon -# doesn't use much resources. -# -# MySQL programs look for option files in a set of -# locations which depend on the deployment platform. -# You can copy this option file to one of those -# locations. For information about these locations, see: -# http://dev.mysql.com/doc/mysql/en/option-files.html -# -# In this file, you can use all long options that a program supports. -# If you want to know which options a program supports, run the program -# with the "--help" option. - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = /tmp/mysql.sock - -# Here follows entries for some specific programs - -# The MySQL server -[mysqld] -port = 3306 -socket = /tmp/mysql.sock -skip-external-locking -key_buffer_size = 16K -max_allowed_packet = 1M -table_open_cache = 4 -sort_buffer_size = 64K -read_buffer_size = 256K -read_rnd_buffer_size = 256K -net_buffer_length = 2K -thread_stack = 128K - -# Don't listen on a TCP/IP port at all. This can be a security enhancement, -# if all processes that need to connect to mysqld run on the same host. -# All interaction with mysqld must be made via Unix sockets or named pipes. -# Note that using this option without enabling named pipes on Windows -# (using the "enable-named-pipe" option) will render mysqld useless! -# -#skip-networking -server-id = 1 - -# Uncomment the following if you want to log updates -#log-bin=mysql-bin - -# binary logging format - mixed recommended -#binlog_format=mixed - -# Causes updates to non-transactional engines using statement format to be -# written directly to binary log. Before using this option make sure that -# there are no dependencies between transactional and non-transactional -# tables such as in the statement INSERT INTO t_myisam SELECT * FROM -# t_innodb; otherwise, slaves may diverge from the master. -#binlog_direct_non_transactional_updates=TRUE - -# Uncomment the following if you are using InnoDB tables -#innodb_data_home_dir = /var/db/mysql -#innodb_data_file_path = ibdata1:10M:autoextend -#innodb_log_group_home_dir = /var/db/mysql -# You can set .._buffer_pool_size up to 50 - 80 % -# of RAM but beware of setting memory usage too high -#innodb_buffer_pool_size = 16M -#innodb_additional_mem_pool_size = 2M -# Set .._log_file_size to 25 % of buffer pool size -#innodb_log_file_size = 5M -#innodb_log_buffer_size = 8M -#innodb_flush_log_at_trx_commit = 1 -#innodb_lock_wait_timeout = 50 - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -no-auto-rehash -# Remove the next comment character if you are not familiar with SQL -#safe-updates - -[myisamchk] -key_buffer_size = 8M -sort_buffer_size = 8M - -[mysqlhotcopy] -interactive-timeout diff --git a/mysql/files/my.cnf b/mysql/files/my.cnf new file mode 100644 index 0000000..7d97614 --- /dev/null +++ b/mysql/files/my.cnf @@ -0,0 +1,31 @@ +# DO NOT CHANGE THIS FILE! +# This config is generated by SALTSTACK +# and all change will be overrided on next salt call +{% from "mysql/defaults.yaml" import rawmap with context %} +{% from "mysql/supported_params.yaml" import supported_params with context %} +{%- set datamap = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %} +{%- for section_name, supparams in supported_params.items() %} +[{{ section_name }}] + {%- for allowedparam in supparams|default([]) %} + {%- set indents = 40 - allowedparam|count %} + {%- set mparam = salt['pillar.get']('mysql:server:'+section_name+':'+allowedparam, false) %} + {%- if mparam %} + {%- if mparam == "noarg_present" %} +{{ allowedparam }} + {%- else %} +{{ allowedparam }}{{ '='|indent(indents, true) }} {{ mparam }} + {%- endif %} + {%- else %} + {%- if datamap.config.sections[section_name] is defined %} + {%- if datamap.config.sections[section_name][allowedparam] is defined %} + {%- if datamap.config.sections[section_name][allowedparam] == "noarg_present" %} +{{ allowedparam }} + {%- else %} +{{ allowedparam }}{{ '='|indent(indents, true) }} {{ datamap.config.sections[section_name][allowedparam] }} + {%- endif %} + {%- endif %} + {%- endif %} + {%- endif %} + {%- endfor %} +{% endfor %} +{{ datamap.config.append }} diff --git a/mysql/map.jinja b/mysql/map.jinja deleted file mode 100644 index a38812d..0000000 --- a/mysql/map.jinja +++ /dev/null @@ -1,31 +0,0 @@ -{% set mysql = salt['grains.filter_by']({ - 'Debian': { - 'server': 'mysql-server', - 'client': 'mysql-client', - 'service': 'mysql', - 'config': '/etc/mysql/my.cnf', - 'python': 'python-mysqldb', - }, - 'RedHat': { - 'server': 'mysql-server', - 'client': 'mysql', - 'service': 'mysqld', - 'config': '/etc/my.cnf', - 'python': 'MySQL-python', - }, - 'Gentoo': { - 'server': 'dev-db/mysql', - 'client': 'dev-db/mysql', - 'service': 'mysql', - 'config': '/etc/mysql/my.cnf', - 'python': 'dev-python/mysql-python', - }, - 'FreeBSD': { - 'server': 'mysql56-server', - 'client': 'mysql56-client', - 'service': 'mysql-server', - 'config': '/usr/local/etc/my.cnf', - 'python': 'pymysql', - 'mysql_size': 'medium', - }, -}, merge=salt['pillar.get']('mysql:lookup')) %} diff --git a/mysql/python.sls b/mysql/python.sls index ce50064..38b1878 100644 --- a/mysql/python.sls +++ b/mysql/python.sls @@ -1,4 +1,5 @@ -{% from "mysql/map.jinja" import mysql with context %} +{% from "mysql/defaults.yaml" import rawmap with context %} +{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %} mysql_python: pkg: diff --git a/mysql/server.sls b/mysql/server.sls index 03af3bd..e7f5540 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -1,9 +1,11 @@ -{% from "mysql/map.jinja" import mysql with context %} +{% from "mysql/defaults.yaml" import rawmap with context %} +{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %} {% set os = salt['grains.get']('os', None) %} {% set os_family = salt['grains.get']('os_family', None) %} {% set mysql_root_password = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %} +{% if mysql_root_password %} {% if os_family == 'Debian' %} mysql_debconf: debconf.set: @@ -40,6 +42,7 @@ mysql_delete_anonymous_user_{{ host }}: {%- endif %} {% endfor %} {% endif %} +{% endif %} mysqld: pkg.installed: @@ -56,19 +59,13 @@ mysqld: mysql_config: file.managed: - - name: {{ mysql.config }} + - name: {{ mysql.config.file }} - template: jinja + - source: salt://mysql/files/my.cnf - watch_in: - service: mysqld {% if os_family in ['Debian', 'Gentoo', 'RedHat'] %} - {% if os_family == 'RedHat' %} - - source: salt://mysql/files/{{ os_family }}-my.cnf - {% else %} - - source: salt://mysql/files/{{ os }}-my.cnf - {% endif %} - user: root - group: root - mode: 644 - {% elif os == 'FreeBSD' %} - - source: salt://mysql/files/my-{{ mysql.mysql_size }}.cnf {% endif %} diff --git a/mysql/supported_params.yaml b/mysql/supported_params.yaml new file mode 100644 index 0000000..1a68612 --- /dev/null +++ b/mysql/supported_params.yaml @@ -0,0 +1,121 @@ +# vim +{% load_yaml as supported_params %} +client: + - port + - socket +mysqld_safe: + - socket + - nice + - log-error + - pid-file + - err-log +mysqld: + - user + - pid-file + - socket + - port + - basedir + - datadir + - tmpdir + - lc-messages-dir + - skip-external-locking + - bind-address + - key_buffer + - key_buffer_size + - max_allowed_packet + - thread_stack + - thread_cache_size + - myisam-recover + - query_cache_limit + - query_cache_size + - max_connections + - table_cache + - thread_concurrency + - wait_timeout + - tmp_table_size + - max_heap_table_size + - open_files_limit + - general_log_file + - general_log + - log_error + - log_slow_queries + - long_query_time + - log-queries-not-using-indexes + - expire_logs_days + - max_binlog_size + - server-id + - log_bin + - binlog_do_db + - replicate-do-db + - auto_increment_increment + - auto_increment_offset + - max_connect_errors + - join_buffer_size + - chroot + - ssl-ca + - ssl-cert + - ssl-key + - sort_buffer_size + - read_buffer_size + - read_rnd_buffer_size + - myisam_sort_buffer_size + - slow_query_log + - slow_query_log_file + - innodb_file_per_table + - innodb_data_home_dir + - innodb_data_file_path + - innodb_log_group_home_dir + - innodb_buffer_pool_size + - innodb_additional_mem_pool_size + - innodb_log_file_size + - innodb_log_buffer_size + - innodb_flush_log_at_trx_commit + - innodb_flush_method + - innodb_thread_concurrency + - symbolic-links + - character-set-server + - log-error + - table_open_cache + - net_buffer_length + - language + - log-bin + - innodb_log_files_in_group + - innodb_lock_wait_timeout +mysqldump: + - quick + - quote-names + - max_allowed_packet + - character-sets-dir + - default-character-set +mysql: + - no-auto-rehash + - character-sets-dir + - default-character-set +isamchk: + - key_buffer + - sort_buffer_size + - read_buffer + - write_buffer + - character-sets-dir +myisamchk: + - key_buffer + - sort_buffer_size + - read_buffer + - write_buffer +mysqlhotcopy: + - interactive-timeout +mysqladmin: + - character-sets-dir + - default-character-set +mysqlcheck: + - character-sets-dir + - default-character-set +mysqlimport: + - character-sets-dir + - default-character-set +mysqlshow: + - character-sets-dir + - default-character-set +myisampack: + - character-sets-dir +{% endload %} diff --git a/mysql/user.sls b/mysql/user.sls index de2ff8d..2e7b6ec 100644 --- a/mysql/user.sls +++ b/mysql/user.sls @@ -1,4 +1,6 @@ -{% from "mysql/map.jinja" import mysql with context %} +{% from "mysql/defaults.yaml" import rawmap with context %} +{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %} +{%- set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', 'somepass') %} {% set user_states = [] %} @@ -20,20 +22,25 @@ include: {%- endif %} - connection_host: localhost - connection_user: root - - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}' + {% if mysql_root_pass %} + - connection_pass: '{{ mysql_root_pass }}' + {% endif %} - connection_charset: utf8 {% for db in user['databases'] %} {{ state_id ~ '_' ~ loop.index0 }}: mysql_grants.present: - - name: {{ user['name'] ~ '_' ~ db['database'] }} + - name: {{ user['name'] ~ '_' ~ db['database'] ~ '_' ~ db['table'] | default('all') }} - grant: {{db['grants']|join(",")}} - - database: '{{ db['database'] }}.*' + - database: '{{ db['database'] }}.{{ db['table'] | default('*') }}' + - grant_option: {{ db['grant_option'] | default(False) }} - user: {{ user['name'] }} - host: '{{ user['host'] }}' - connection_host: localhost - connection_user: root - - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}' + {% if mysql_root_pass -%} + - connection_pass: '{{ mysql_root_pass }}' + {% endif %} - connection_charset: utf8 - require: - mysql_user: {{ user['name'] }} @@ -41,5 +48,3 @@ include: {% do user_states.append(state_id) %} {% endfor %} - - diff --git a/pillar.example b/pillar.example index d64c05f..747d3c5 100644 --- a/pillar.example +++ b/pillar.example @@ -1,9 +1,19 @@ mysql: server: + # root_password: False - to have root@localhost without password root_password: 'somepass' - bind-address: 127.0.0.1 - port: 3306 user: mysql + # my.cnf sections changes + mysqld: + bind-address: 0.0.0.0 + port: 3307 + log_bin: /var/log/mysql/mysql-bin.log + binlog_do_db: foo + auto_increment_increment: 5 + max_connect_errors: 4294967295 + mysql: + # my.cnf param that not require value + no-auto-rehash: noarg_present # Manage databases database: @@ -17,6 +27,7 @@ mysql: load: False # Manage users + # you can get pillar for existent server using import_users.py script user: - name: frank password: 'somepass' @@ -32,7 +43,9 @@ mysql: databases: - database: foo grants: ['all privileges'] + grant_option: True - database: bar + table: foobar grants: ['select', 'insert', 'update', 'delete'] - name: nopassuser password: ~