From 3d805dd547316178e6556890190424734f7b0c6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bogdan=20R=C4=83dulescu?= Date: Thu, 12 Jan 2017 10:44:42 +0000 Subject: [PATCH 1/8] Added some important settings for Debian --- mysql/defaults.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mysql/defaults.yaml b/mysql/defaults.yaml index 078420f..e17e7eb 100644 --- a/mysql/defaults.yaml +++ b/mysql/defaults.yaml @@ -82,6 +82,9 @@ Debian: query_cache_size: 16M expire_logs_days: 10 max_binlog_size: 100M + innodb_flush_log_at_trx_commit: 1 + innodb_lock_wait_timeout: 50 + innodb_file_per_table: noarg_present mysqldump: quick: noarg_present quote_names: noarg_present From afae4c54b740bd734d26fc8a62661ce85230ecd2 Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Jun 2018 16:02:55 +0200 Subject: [PATCH 2/8] debian: debconf key in pillar Allow debconf keys to be changed via pillars. Useful when using non-standard packages that use different debconf keys to set their passwords. --- mysql/defaults.yaml | 4 ++++ mysql/server.sls | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/mysql/defaults.yaml b/mysql/defaults.yaml index b1319db..224d991 100644 --- a/mysql/defaults.yaml +++ b/mysql/defaults.yaml @@ -9,6 +9,8 @@ Ubuntu: service: mysql python: python-mysqldb debconf_utils: debconf-utils + debconf_root_password: mysql-server/root_password + debconf_root_password_again: mysql-server/root_password_again dev: libmysqlclient-dev config: file: /etc/mysql/my.cnf @@ -61,6 +63,8 @@ Debian: client: {{ mysql_engine }}-client python: python-mysqldb debconf_utils: debconf-utils + debconf_root_password: mysql-server/root_password + debconf_root_password_again: mysql-server/root_password_again dev: lib{{ mysql_engine }}client-dev config: file: /etc/mysql/my.cnf diff --git a/mysql/server.sls b/mysql/server.sls index 96bfde1..d6042fb 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -35,8 +35,8 @@ mysql_password_debconf: debconf.set: - name: mysql-server - data: - 'mysql-server/root_password': {'type': 'password', 'value': '{{ mysql_root_password }}'} - 'mysql-server/root_password_again': {'type': 'password', 'value': '{{ mysql_root_password }}'} + {{mysql.debconf_root_password}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} + {{mysql.debconf_root_password_again}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} - require_in: - pkg: {{ mysql.server }} - require: From bb17c3c512cd948bf9e558173cbec82bcddccf9c Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Jun 2018 16:03:01 +0200 Subject: [PATCH 3/8] debian: debconf root password, support for percona Default values available for percona-server-server. --- mysql/defaults.yaml | 10 ++++++---- mysql/server.sls | 23 +++++++++++++++++++++-- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/mysql/defaults.yaml b/mysql/defaults.yaml index 224d991..f0a31d9 100644 --- a/mysql/defaults.yaml +++ b/mysql/defaults.yaml @@ -9,8 +9,9 @@ Ubuntu: service: mysql python: python-mysqldb debconf_utils: debconf-utils - debconf_root_password: mysql-server/root_password - debconf_root_password_again: mysql-server/root_password_again + ## Having some auto-detect for some different pkg if not explicitly set + #debconf_root_password: mysql-server/root_password + #debconf_root_password_again: mysql-server/root_password_again dev: libmysqlclient-dev config: file: /etc/mysql/my.cnf @@ -63,8 +64,9 @@ Debian: client: {{ mysql_engine }}-client python: python-mysqldb debconf_utils: debconf-utils - debconf_root_password: mysql-server/root_password - debconf_root_password_again: mysql-server/root_password_again + ## Having some auto-detect for some different pkg if not explicitly set + #debconf_root_password: mysql-server/root_password + #debconf_root_password_again: mysql-server/root_password_again dev: lib{{ mysql_engine }}client-dev config: file: /etc/mysql/my.cnf diff --git a/mysql/server.sls b/mysql/server.sls index d6042fb..63dd017 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -16,6 +16,25 @@ include: {% if mysql_root_password %} {% if os_family == 'Debian' %} +{% if 'debconf_root_password' in mysql %} +{% set debconf_root_password = mysql.debconf_root_password %} +{% set debconf_root_password_again = mysql.debconf_root_password_again %} +{% elif mysql.server.startswith('percona-server-server') %} +{% if mysql.server < 'percona-server-server-5.7' %}{# 5.5 and 5.6 uses the same name... #} +{% set debconf_root_password = 'percona-server-server/root_password' %} +{% set debconf_root_password_again = 'percona-server-server/root_password_again' %} +{% elif '5.7' in mysql.server %}{# 5.7 changed option name... #} +{% set debconf_root_password = 'percona-server-server-5.7/root-pass' %} +{% set debconf_root_password_again = 'percona-server-server-5.7/re-root-pass' %} +{% else %}{# attempt to support future version? #} +{% set debconf_root_password = mysql.server + '/root-pass' %} +{% set debconf_root_password_again = mysql.server + '/re-root-pass' %} +{% endif %} +{% else %} +{% set debconf_root_password = 'mysql-server/root_password' %} +{% set debconf_root_password_again = 'mysql-server/root_password_again' %} +{% endif %} + mysql_debconf_utils: pkg.installed: - name: {{ mysql.debconf_utils }} @@ -35,8 +54,8 @@ mysql_password_debconf: debconf.set: - name: mysql-server - data: - {{mysql.debconf_root_password}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} - {{mysql.debconf_root_password_again}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} + {{debconf_root_password}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} + {{debconf_root_password_again}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} - require_in: - pkg: {{ mysql.server }} - require: From 1071effbe1fa480b6e62f0c83dc834e7146b6375 Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Jun 2018 16:03:02 +0200 Subject: [PATCH 4/8] debconf: allow configurable optional root pwd --- mysql/server.sls | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mysql/server.sls b/mysql/server.sls index 63dd017..7c61e80 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -31,8 +31,12 @@ include: {% set debconf_root_password_again = mysql.server + '/re-root-pass' %} {% endif %} {% else %} -{% set debconf_root_password = 'mysql-server/root_password' %} -{% set debconf_root_password_again = 'mysql-server/root_password_again' %} +{% if salt['grains.get']('osmajorrelease')|int < 9 or not salt['grains.get']('os')|lower == 'debian' %} +{% set debconf_root_password = 'mysql-server/root_password' %} +{% set debconf_root_password_again = 'mysql-server/root_password_again' %} +{% else %} +{% set debconf_root_password = False %} +{% endif %} {% endif %} mysql_debconf_utils: @@ -49,7 +53,7 @@ mysql_debconf: - require: - pkg: mysql_debconf_utils -{% if salt['grains.get']('osmajorrelease')|int < 9 or not salt['grains.get']('os')|lower == 'debian' %} +{% if debconf_root_password %} mysql_password_debconf: debconf.set: - name: mysql-server From e7969e3e437a834466fbc48056c8645f8cb614d4 Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Jun 2018 16:03:03 +0200 Subject: [PATCH 5/8] debconf: don't set password if not required No need to setup debconf root password if we ain't installing it. --- mysql/server.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql/server.sls b/mysql/server.sls index 7c61e80..8440441 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -60,7 +60,7 @@ mysql_password_debconf: - data: {{debconf_root_password}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} {{debconf_root_password_again}}: {'type': 'password', 'value': '{{ mysql_root_password }}'} - - require_in: + - prereq: - pkg: {{ mysql.server }} - require: - pkg: mysql_debconf_utils From 168d1e2c125b1efbb4808b67160a7c0a6a139c5f Mon Sep 17 00:00:00 2001 From: Wayne Gemmell Date: Fri, 18 Jan 2019 13:28:15 +0200 Subject: [PATCH 6/8] Support for official mysql 8 packages I've added support for the official mysql 8.0 packages and the relevant repositories. Package names are mysql-community-server and mysql-community-client. I know the repo setting breaks convention a bit but it is compulsory so I'm not sure how else to properly include it. This change requires the salt pull request I created https://github.com/saltstack/salt/pull/51240 to be able to grant users. --- mysql/osfamilymap.yaml | 2 -- mysql/server.sls | 37 ++++++++++++++++++++++++++++++++----- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/mysql/osfamilymap.yaml b/mysql/osfamilymap.yaml index b402d6f..eb306dc 100644 --- a/mysql/osfamilymap.yaml +++ b/mysql/osfamilymap.yaml @@ -27,8 +27,6 @@ Debian: max_allowed_packet: 16M thread_stack: 192K thread_cache_size: 8 - query_cache_limit: 1M - query_cache_size: 16M expire_logs_days: 10 max_binlog_size: 100M #innodb_flush_log_at_trx_commit: 1 diff --git a/mysql/server.sls b/mysql/server.sls index 5f3e6f5..6d5160c 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -4,6 +4,7 @@ include: {% from tpldir ~ "/map.jinja" import mysql with context %} + {% set os = salt['grains.get']('os', None) %} {% set os_family = salt['grains.get']('os_family', None) %} {% set mysql_root_user = salt['pillar.get']('mysql:server:root_user', 'root') %} @@ -12,9 +13,21 @@ include: {% set mysql_salt_user = salt['pillar.get']('mysql:salt_user:salt_user_name', mysql_root_user) %} {% set mysql_salt_password = salt['pillar.get']('mysql:salt_user:salt_user_password', mysql_root_password) %} {% set mysql_datadir = salt['pillar.get']('mysql:server:mysqld:datadir', '/var/lib/mysql') %} - +{% set lsb_distrib_codename = salt['grains.get']('lsb_distrib_codename', None) %} {% if mysql_root_password %} {% if os_family == 'Debian' %} + +{% if mysql.serverpkg == 'mysql-community-server' %} +mysql-community-server_repo: + pkgrepo.managed: + - humanname: "Mysql official repo" + - name: deb http://repo.mysql.com/apt/ubuntu/ {{ lsb_distrib_codename }} mysql-8.0 + - file: /etc/apt/sources.list.d/mysql.list + - refresh: True + - require_in: + - pkg: mysql-community-server +{% endif %} + mysql_debconf_utils: pkg.installed: - name: {{ mysql.debconf_utils }} @@ -31,18 +44,32 @@ mysql_debconf: {% if salt['grains.get']('osmajorrelease')|int < 9 or not salt['grains.get']('os')|lower == 'debian' %} +{% if mysql.serverpkg == 'mysql-community-server' %} mysql_password_debconf: debconf.set: - - name: mysql-server + - name: 'mysql-community-server' - data: - 'mysql-server/root_password': {'type': 'password', 'value': '{{ mysql_root_password }}'} - 'mysql-server/root_password_again': {'type': 'password', 'value': '{{ mysql_root_password }}'} + 'mysql-community-server/root-pass': {'type': 'password', 'value': '{{ mysql_root_password }}'} + 'mysql-community-server/re-root-pass': {'type': 'password', 'value': '{{ mysql_root_password }}'} + 'mysql-server/default-auth-override': {'type': 'string', 'value':'Use Legacy Authentication Method (Retain MySQL 5.x Compatibility)'} + - require_in: + - pkg: {{ mysql.serverpkg }} + - require: + - pkg: mysql_debconf_utils +{% else %} +mysql_password_debconf: + debconf.set: + - name: {{ mysql.serverpkg }} + - data: + '{{ mysql.serverpkg }}/root_password': {'type': 'password', 'value': '{{ mysql_root_password }}'} + '{{ mysql.serverpkg }}/root_password_again': {'type': 'password', 'value': '{{ mysql_root_password }}'} - require_in: - pkg: {{ mysql.serverpkg }} - require: - pkg: mysql_debconf_utils - {% endif %} +{% endif %} + {% endif %} {% elif os_family in ['RedHat', 'Suse', 'FreeBSD'] %} mysql_root_password: From 9b8a21f1074698d99650e6463825308b75b92c0e Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Mon, 26 Oct 2020 22:51:14 +0000 Subject: [PATCH 7/8] chore(gemfile+lock): update to latest gem versions (2020-W44) [skip ci] * Automated using https://github.com/myii/ssf-formula/pull/274 --- Gemfile | 5 +++++ Gemfile.lock | 39 ++++++++++++++++++++------------------- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/Gemfile b/Gemfile index f18b9e9..82c4a31 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,11 @@ source 'https://rubygems.org' +# Use the latest version of `inspec` prior to `4.23.4`, which introduces a +# regression where the diff isn't displayed when comparing using `eq`. +gem 'inspec', '~> 4.22.22' +# Install the `kitchen-docker` gem from GitHub because the latest version +# currently available (`2.10.0`) doesn't include a recent fix for Gentoo. gem 'kitchen-docker', github: 'test-kitchen/kitchen-docker', ref: '41e80fe' gem 'kitchen-inspec', '>= 2.2.1' gem 'kitchen-salt', '>= 0.6.3' diff --git a/Gemfile.lock b/Gemfile.lock index f83e4c9..19bf26d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -17,7 +17,7 @@ GEM addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) aws-eventstream (1.1.0) - aws-partitions (1.383.0) + aws-partitions (1.386.0) aws-sdk-apigateway (1.55.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) @@ -36,7 +36,7 @@ GEM aws-sdk-cloudformation (1.44.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudfront (1.44.0) + aws-sdk-cloudfront (1.46.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) aws-sdk-cloudhsm (1.27.0) @@ -77,7 +77,7 @@ GEM aws-sdk-dynamodb (1.55.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) - aws-sdk-ec2 (1.200.0) + aws-sdk-ec2 (1.202.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) aws-sdk-ecr (1.39.0) @@ -95,7 +95,7 @@ GEM aws-sdk-elasticache (1.44.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) - aws-sdk-elasticbeanstalk (1.38.0) + aws-sdk-elasticbeanstalk (1.39.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) aws-sdk-elasticloadbalancing (1.29.0) @@ -159,7 +159,7 @@ GEM aws-sdk-sms (1.27.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) - aws-sdk-sns (1.33.0) + aws-sdk-sns (1.34.0) aws-sdk-core (~> 3, >= 3.109.0) aws-sigv4 (~> 1.1) aws-sdk-sqs (1.34.0) @@ -209,13 +209,13 @@ GEM ed25519 (1.2.4) erubi (1.9.0) excon (0.78.0) - faraday (1.0.1) + faraday (0.17.3) multipart-post (>= 1.2, < 3) faraday-cookie_jar (0.0.7) faraday (>= 0.8.0) http-cookie (~> 1.0.0) - faraday_middleware (1.0.0) - faraday (~> 1.0) + faraday_middleware (0.12.2) + faraday (>= 0.7.4, < 1.0) ffi (1.13.1) ffi-yajl (2.3.4) libyajl2 (~> 1.2) @@ -247,20 +247,20 @@ GEM i18n (1.8.5) concurrent-ruby (~> 1.0) inifile (3.0.0) - inspec (4.23.11) - faraday_middleware (>= 0.12.2, < 1.1) - inspec-core (= 4.23.11) + inspec (4.22.22) + faraday_middleware (~> 0.12.2) + inspec-core (= 4.22.22) train (~> 3.0) train-aws (~> 0.1) train-habitat (~> 0.1) train-winrm (~> 0.2) - inspec-core (4.23.11) + inspec-core (4.22.22) addressable (~> 2.4) chef-telemetry (~> 1.0) - faraday (>= 0.9.0, < 1.1) + faraday (>= 0.9.0) hashie (~> 3.4) json_schemer (>= 0.2.1, < 0.2.12) - license-acceptance (>= 0.2.13, < 3.0) + license-acceptance (>= 0.2.13, < 2.0) method_source (>= 0.8, < 2.0) mixlib-log (~> 3.0) multipart-post (~> 2.0) @@ -293,11 +293,11 @@ GEM hashie (>= 3.5) test-kitchen (>= 1.4) libyajl2 (1.2.0) - license-acceptance (2.1.2) + license-acceptance (1.0.19) pastel (~> 0.7) tomlrb (~> 1.2) - tty-box (~> 0.6) - tty-prompt (~> 0.20) + tty-box (~> 0.3) + tty-prompt (~> 0.18) little-plugger (1.1.4) logging (2.3.0) little-plugger (~> 1.1) @@ -354,7 +354,7 @@ GEM rspec-mocks (~> 3.9.0) rspec-core (3.9.3) rspec-support (~> 3.9.3) - rspec-expectations (3.9.2) + rspec-expectations (3.9.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) rspec-its (1.3.0) @@ -363,7 +363,7 @@ GEM rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) - rspec-support (3.9.3) + rspec-support (3.9.4) rubyntlm (0.6.2) rubyzip (1.3.0) semverse (3.0.0) @@ -521,6 +521,7 @@ PLATFORMS ruby DEPENDENCIES + inspec (~> 4.22.22) kitchen-docker! kitchen-inspec (>= 2.2.1) kitchen-salt (>= 0.6.3) From d57fd8318614e4a7ac29ffffeabd81eb6115685e Mon Sep 17 00:00:00 2001 From: N Date: Thu, 3 Dec 2020 23:28:38 +0000 Subject: [PATCH 8/8] Update server.sls --- mysql/server.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql/server.sls b/mysql/server.sls index d1375ed..d1d451e 100644 --- a/mysql/server.sls +++ b/mysql/server.sls @@ -59,7 +59,7 @@ mysql_password_debconf: {% else %} mysql_password_debconf: debconf.set: - - name: {{ mysql.serverpkg }} + - name: mysql-server - data: '{{ mysql.serverpkg }}/root_password': {'type': 'password', 'value': '{{ mysql_root_password }}'} '{{ mysql.serverpkg }}/root_password_again': {'type': 'password', 'value': '{{ mysql_root_password }}'}