From d81c6341e9aebc9af32fdbcd845849fdfd974d3b Mon Sep 17 00:00:00 2001 From: Clayton Kramer Date: Thu, 15 May 2014 16:40:02 -0400 Subject: [PATCH 1/3] Added support for MySQL hashed user password. Also added some improved YAML quoting around passwords. --- README.rst | 12 ++++++++++-- mysql/database.sls | 2 +- mysql/user.sls | 10 +++++++--- pillar.example | 6 +++--- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/README.rst b/README.rst index 9970943..5807fe5 100644 --- a/README.rst +++ b/README.rst @@ -28,11 +28,19 @@ Install the MySQL server package and start the service. Debian OS family supports setting MySQL root password during install via debconf. ``mysql.database`` ----------------- +------------------ Create and manage MySQL databases. ``mysql.user`` ---------------- -Create and manage MySQL database users with definable GRANT privileges. \ No newline at end of file +Create and manage MySQL database users with definable GRANT privileges. + +The state accepts MySQL hashed passwords or clear text. Hashed password have priority. + +.. note:: + See the `salt.states.mysql_user `_ docs for additional information on configuring hashed passwords. + + Make sure the **quote the passwords** in the pillar so YAML doesn't throw an exception. + diff --git a/mysql/database.sls b/mysql/database.sls index f81741d..24c3bcd 100644 --- a/mysql/database.sls +++ b/mysql/database.sls @@ -5,7 +5,7 @@ mysql_database.present: - host: localhost - connection_user: root - - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }} + - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}' - connection_charset: utf8 {% endfor %} diff --git a/mysql/user.sls b/mysql/user.sls index 4f0186e..2e4f935 100644 --- a/mysql/user.sls +++ b/mysql/user.sls @@ -4,10 +4,14 @@ {{ user['name'] }}: mysql_user.present: - host: {{ user['host'] }} - - password: {{ user['password'] }} + {%- if user['password_hash'] is defined %} + - password_hash: '{{ user['password_hash'] }}' + {% else %} + - password: '{{ user['password'] }}' + {% endif %} - connection_host: localhost - connection_user: root - - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }} + - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}' - connection_charset: utf8 {% for db in user['databases'] %} @@ -19,7 +23,7 @@ - host: {{ user['host'] }} - connection_host: localhost - connection_user: root - - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }} + - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}' - connection_charset: utf8 - require: - mysql_user: {{ user['name'] }} diff --git a/pillar.example b/pillar.example index 0c5f9e7..7567fc3 100644 --- a/pillar.example +++ b/pillar.example @@ -1,6 +1,6 @@ mysql: server: - root_password: somepass + root_password: 'somepass' bind-address: 127.0.0.1 port: 3306 user: mysql @@ -13,7 +13,7 @@ mysql: # Manage users user: - name: frank - password: somepass + password: 'somepass' host: localhost databases: - database: foo @@ -21,7 +21,7 @@ mysql: - database: bar grants: ['all privileges'] - name: bob - password: someotherpass + password_hash: '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' host: localhost databases: - database: foo From ad61aef9e5a761f4e7064fcfa03390d5b3d45abb Mon Sep 17 00:00:00 2001 From: Clayton Kramer Date: Thu, 15 May 2014 17:08:31 -0400 Subject: [PATCH 2/3] Typo fix. --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 5807fe5..6c92764 100644 --- a/README.rst +++ b/README.rst @@ -42,5 +42,5 @@ The state accepts MySQL hashed passwords or clear text. Hashed password have pri .. note:: See the `salt.states.mysql_user `_ docs for additional information on configuring hashed passwords. - Make sure the **quote the passwords** in the pillar so YAML doesn't throw an exception. + Make sure to **quote the passwords** in the pillar so YAML doesn't throw an exception. From 13f6ff1c6a0965db3a289819163f46487a89d1b3 Mon Sep 17 00:00:00 2001 From: Clayton Kramer Date: Thu, 15 May 2014 17:15:09 -0400 Subject: [PATCH 3/3] Moved the python-mysql package out of the server installed and added it as a SLS include for the database and user SLS that depend on it. --- mysql/database.sls | 3 +++ mysql/server.sls | 5 ----- mysql/user.sls | 3 +++ 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/mysql/database.sls b/mysql/database.sls index 24c3bcd..e9bbba7 100644 --- a/mysql/database.sls +++ b/mysql/database.sls @@ -1,5 +1,8 @@ {% from "mysql/map.jinja" import mysql with context %} +include: + - mysql.python + {% for database in salt['pillar.get']('mysql:database', []) %} {{ database }}: mysql_database.present: diff --git a/mysql/server.sls b/mysql/server.sls index e620ba1..5b28df9 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -50,11 +50,6 @@ mysqld: - watch: - pkg: mysqld -mysql-python: - pkg: - - installed - - name: {{ mysql.python }} - {% if grains['os'] in ['Ubuntu', 'Debian', 'Gentoo', 'CentOS'] %} my.cnf: file.managed: diff --git a/mysql/user.sls b/mysql/user.sls index 2e4f935..4a09c77 100644 --- a/mysql/user.sls +++ b/mysql/user.sls @@ -1,5 +1,8 @@ {% from "mysql/map.jinja" import mysql with context %} +include: + - mysql.python + {% for user in salt['pillar.get']('mysql:user', []) %} {{ user['name'] }}: mysql_user.present: