saltstack-formulas/mysql-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/mysql-formula.git synced 2025-04-15 17:20:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add support table param for mysql.user state (by default table is *)

Browse source 
Add support of changing/adding any attribute in my.cnf. NB!!! It breaks backward compatibility for mysql.server state.
Delete mysql_size param support (now you can customiza all my.cnf parameters in pillar)
Add script import_users.py that create user pillar for existent server
Add support root@localhost mysql user without password (root_password = False)
Add support of grant_option
This commit is contained in:
root 2014-09-29 00:08:11 +09:00
parent d1011db3f9
commit c55c2a4c46
18 changed files with 513 additions and 845 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
import_users.py Executable file
View file

@ -0,0 +1,78 @@
#!/usr/bin/env python
"This script helps you to get mysql.user pillar from existent mysql server"
import argparse
import MySQLdb
import re
__author__ = "Egor Potiomkin"
__version__ = "1.0"
__email__ = "eg13reg@gmail.com"
parser = argparse.ArgumentParser()
parser.add_argument('host', metavar='IP', help='host where you want to get users')
parser.add_argument('user', metavar='user', help='mysql user that can show grants')
parser.add_argument('password', metavar='password', help='user password')
args = parser.parse_args()
# PARSE GRANTS
mysqlcon = MySQLdb.connect(host=args.host,user=args.user,passwd=args.password,db="mysql",use_unicode=True, charset='utf8')
mysqlCur = mysqlcon.cursor(MySQLdb.cursors.DictCursor)
mysqlCur.execute(r'''select user,host from mysql.user;''')
rows = mysqlCur.fetchall()
users = []
for row in rows:
users.append({'name': row['user'], 'host': row['host']});
mysqlCur = mysqlcon.cursor()
grants = []
for user in users:
q = r'''show grants for '%s'@'%s';''' % (user['name'], user['host'])
try:
user['grants'] = []
mysqlCur.execute(q)
rows = mysqlCur.fetchall()
for row in rows:
mpass = re.search(
r"""GRANT USAGE ON \*\.\* TO .* IDENTIFIED BY PASSWORD '(\*[A-F0-9]*)\'""",
row[0])
if mpass is None:
mgrant = re.search(
r"""GRANT ([\s,A-Z]+) ON `?([a-zA-Z0-9_\-*\\]*)`?\.`?([a-zA-Z0-9_\-*\\]*)`? TO .*""",
row[0])
if mgrant is not None:
user['grants'].append({'grant': [x.strip() for x in mgrant.group(1).split(',')], 'database': mgrant.group(2).replace('\\',''), 'table': mgrant.group(3).replace('\\','')})
else:
print "ERROR: CAN NOT PARSE GRANTS: ",row[0]
else:
user['password'] = mpass.group(1)
except MySQLdb.DatabaseError:
print "Error while getting grants for '%s'@'%s'" % (user['name'], user['host'])
#raise SystemExit
# PRINT RESULT
""" PRINT EXAMPLE
mysql:
user:
- name: user
host: host
password_hash: '*2792A97371B2D17789364A22A9B35D180166571A'
databases:
- database: testbase
table: table1
grants: ['select']
"""
print "mysql:"
print " user:"
for user in users:
print " - name: %s" % user['name']
print " host: '%s'" % user['host']
if ('password' in user):
print " password_hash: '%s'" % user['password']
print " databases:"
for grant in user['grants']:
print " - database: '%s'" % grant['database']
print " table: '%s'" % grant['table']
print " grants: ['%s']" % "','".join(grant['grant']).lower()

3
mysql/client.sls
View file

@ -1,4 +1,5 @@
{% from "mysql/map.jinja" import mysql with context %}
{% from "mysql/defaults.yaml" import rawmap with context %}
{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %}
mysql:
pkg:

5
mysql/database.sls
View file

@ -1,4 +1,5 @@
{% from "mysql/map.jinja" import mysql with context %}
{% from "mysql/defaults.yaml" import rawmap with context %}
{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %}
{% set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %}
{% set db_states = [] %}
@ -13,7 +14,9 @@ include:
- name: {{ database }}
- host: localhost
- connection_user: root
{% if mysql_root_pass %}
- connection_pass: '{{ mysql_root_pass }}'
{% endif %}
- connection_charset: utf8
{% if salt['pillar.get'](['mysql', 'schema', database, 'load']|join(':'), False) %}

242
mysql/defaults.yaml Normal file
View file

@ -0,0 +1,242 @@
# vim: sts=2 ts=2 sw=2 et ai
{% load_yaml as rawmap %}
Ubuntu:
server: mysql-server
client: mysql-client
service: mysql
python: python-mysqldb
config:
file: /etc/mysql/my.cnf
sections:
client:
port: 3306
socket: /var/run/mysqld/mysqld.sock
mysqld_safe:
socket: /var/run/mysqld/mysqld.sock
nice: 0
mysqld:
user: mysql
pid-file: /var/run/mysqld/mysqld.pid
socket: /var/run/mysqld/mysqld.sock
port: 3306
basedir: /usr
datadir: /var/lib/mysql
tmpdir: /tmp
lc-messages-dir: /usr/share/mysql
skip-external-locking: noarg_present
bind-address: 127.0.0.1
key_buffer_size: 16M
max_allowed_packet: 16M
thread_stack: 192K
thread_cache_size: 8
myisam-recover: BACKUP
query_cache_limit: 1M
query_cache_size: 16M
log_error: /var/log/mysql/error.log
expire_logs_days: 10
max_binlog_size: 100M
mysqldump:
quick: noarg_present
quote-names: noarg_present
max_allowed_packet: 16M
isamchk:
key_buffer: 16M
append: |
!includedir /etc/mysql/conf.d/
Debian:
server: mysql-server
client: mysql-client
service: mysql
python: python-mysqldb
config:
file: /etc/mysql/my.cnf
sections:
client:
port: 3306
socket: /var/run/mysqld/mysqld.sock
mysqld_safe:
socket: /var/run/mysqld/mysqld.sock
nice: 0
mysqld:
user: mysql
pid-file: /var/run/mysqld/mysqld.pid
socket: /var/run/mysqld/mysqld.sock
port: 3306
basedir: /usr
datadir: /var/lib/mysql
tmpdir: /tmp
lc-messages-dir: /usr/share/mysql
skip-external-locking: noarg_present
bind-address: 127.0.0.1
key_buffer_size: 16M
max_allowed_packet: 16M
thread_stack: 192K
thread_cache_size: 8
myisam-recover: BACKUP
query_cache_limit: 1M
query_cache_size: 16M
expire_logs_days: 10
max_binlog_size: 100M
mysqldump:
quick: noarg_present
quote-names: noarg_present
max_allowed_packet: 16M
isamchk:
key_buffer: 16M
append: |
!includedir /etc/mysql/conf.d/
CentOS:
server: mysql-server
client: mysql
service: mysqld
python: MySQL-python
config:
file: /etc/my.cnf
sections:
mysqld_safe:
log-error: /var/log/mysqld.log
pid-file: /var/run/mysqld/mysqld.pid
mysqld:
datadir: /var/lib/mysql
socket: /var/lib/mysql/mysql.sock
user: mysql
port: 3306
bind-address: 127.0.0.1
symbolic-links: 0
RedHat:
server: mysql-server
client: mysql
service: mysqld
python: MySQL-python
config:
file: /etc/my.cnf
sections:
mysqld_safe:
log-error: /var/log/mysqld.log
pid-file: /var/run/mysqld/mysqld.pid
mysqld:
datadir: /var/lib/mysql
socket: /var/lib/mysql/mysql.sock
user: mysql
port: 3306
bind-address: 127.0.0.1
symbolic-links: 0
Gentoo:
server: dev-db/mysql
client: dev-db/mysql
service: mysql
python: dev-python/mysql-python
config:
file: /etc/mysql/my.cnf
sections:
client:
port: 3306
socket: /var/run/mysqld/mysqld.sock
mysql:
character-sets-dir: /usr/share/mysql/charsets
default-character-set: utf8
mysqladmin:
character-sets-dir: /usr/share/mysql/charsets
default-character-set: utf8
mysqlcheck:
character-sets-dir: /usr/share/mysql/charsets
default-character-set: utf8
mysqldump:
character-sets-dir: /usr/share/mysql/charsets
default-character-set: utf8
mysqlimport:
character-sets-dir: /usr/share/mysql/charsets
default-character-set: utf8
mysqlshow:
character-sets-dir: /usr/share/mysql/charsets
default-character-set: utf8
myisamchk:
character-sets-dir: /usr/share/mysql/charsets
key_buffer: 20M
sort_buffer_size: 20M
read_buffer: 2M
write_buffer: 2M
myisampack:
character-sets-dir: /usr/share/mysql/charsets
mysqld_safe:
err-log: /var/log/mysql/mysql.err
mysqld:
character-set-server: utf8
user: mysql
port: 3306
socket: /var/run/mysqld/mysqld.sock
pid-file: /var/run/mysqld/mysqld.pid
log-error: /var/log/mysql/mysqld.err
basedir: /usr
datadir: /var/lib/mysql
skip-external-locking: noarg_present
key_buffer_size: 16M
max_allowed_packet: 1M
table_open_cache: 64
sort_buffer_size: 512K
net_buffer_length: 8K
read_buffer_size: 256K
read_rnd_buffer_size: 512K
myisam_sort_buffer_size: 8M
language: /usr/share/mysql/english
bind-address: 127.0.0.1
log-bin: noarg_present
server-id: 1
tmpdir: /tmp/
innodb_buffer_pool_size: 16M
innodb_additional_mem_pool_size: 2M
innodb_data_file_path: ibdata1:10M:autoextend:max:128M
innodb_log_file_size: 5M
innodb_log_buffer_size: 8M
innodb_log_files_in_group: 2
innodb_flush_log_at_trx_commit: 1
innodb_lock_wait_timeout: 50
innodb_file_per_table: noarg_present
mysqldump:
quick: noarg_present
max_allowed_packet: 16M
isamchk:
key_buffer: 20M
sort_buffer_size: 20M
read_buffer: 2M
write_buffer: 2M
mysqlhotcopy:
interactive-timeout: noarg_present
FreeBSD:
server: mysql56-server
client: mysql56-client
service: mysql-server
python: pymysql
config:
file: /usr/local/etc/my.cnf
client:
port: 3306
socket: /tmp/mysql.sock
mysqld:
port: 3306
socket: /tmp/mysql.sock
skip-external-locking: noarg_present
key_buffer_size: 16M
max_allowed_packet: 1M
table_open_cache: 64
sort_buffer_size: 512K
net_buffer_length: 8K
read_buffer_size: 256K
read_rnd_buffer_size: 512K
myisam_sort_buffer_size: 8M
log-bin: mysql-bin
binlog_format: mixed
server-id: 1
mysqldump:
quick: noarg_present
max_allowed_packet: 16M
mysql:
no-auto-rehash: noarg_present
myisamchk:
key_buffer_size: 20M
sort_buffer_size: 20M
read_buffer: 2M
write_buffer: 2M
mysqlhotcopy:
interactive-timeout: noarg_present
{% endload %}

126
mysql/files/Debian-my.cnf
View file

@ -1,126 +0,0 @@
# This file managed by Salt, do not edit by hand!!
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
user = {{ salt['pillar.get']('mysql:server:user', 'mysql') }}
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = {{ salt['pillar.get']('mysql:server:port', '3306') }}
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = {{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }}
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf.
#
# Here you can see queries with especially long duration
#log_slow_queries = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

147
mysql/files/Gentoo-my.cnf
View file

@ -1,147 +0,0 @@
# This file managed by Salt, do not edit by hand!!
# /etc/mysql/my.cnf: The global mysql configuration file.
# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-5.1,v 1.4 2013/01/20 02:40:02 robbat2 Exp $
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
character-sets-dir=/usr/share/mysql/charsets
default-character-set=utf8
[mysqladmin]
character-sets-dir=/usr/share/mysql/charsets
default-character-set=utf8
[mysqlcheck]
character-sets-dir=/usr/share/mysql/charsets
default-character-set=utf8
[mysqldump]
character-sets-dir=/usr/share/mysql/charsets
default-character-set=utf8
[mysqlimport]
character-sets-dir=/usr/share/mysql/charsets
default-character-set=utf8
[mysqlshow]
character-sets-dir=/usr/share/mysql/charsets
default-character-set=utf8
[myisamchk]
character-sets-dir=/usr/share/mysql/charsets
[myisampack]
character-sets-dir=/usr/share/mysql/charsets
# use [safe_mysqld] with mysql-3
[mysqld_safe]
err-log = /var/log/mysql/mysql.err
# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
[mysqld]
character-set-server = utf8
user = {{ salt['pillar.get']('mysql:server:user', 'mysql') }}
port = {{ salt['pillar.get']('mysql:server:port', '3306') }}
socket = /var/run/mysqld/mysqld.sock
pid-file = /var/run/mysqld/mysqld.pid
log-error = /var/log/mysql/mysqld.err
basedir = /usr
datadir = /var/lib/mysql
skip-external-locking
key_buffer = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
language = /usr/share/mysql/english
# security:
# using "localhost" in connects uses sockets by default
# skip-networking
bind-address = {{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }}
log-bin
server-id = 1
# point the following paths to different dedicated disks
tmpdir = /tmp/
#log-update = /path-to-dedicated-directory/hostname
# you need the debug USE flag enabled to use the following directives,
# if needed, uncomment them, start the server and issue
# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace
# this will show you *exactly* what's happening in your server ;)
#log = /tmp/mysqld.sql
#gdb
#debug = d:t:i:o,/tmp/mysqld.trace
#one-thread
# uncomment the following directives if you are using BDB tables
#bdb_cache_size = 4M
#bdb_max_lock = 10000
# the following is the InnoDB configuration
# if you wish to disable innodb instead
# uncomment just the next line
#skip-innodb
#
# the rest of the innodb config follows:
# don't eat too much memory, we're trying to be safe on 64Mb boxes
# you might want to bump this up a bit on boxes with more RAM
innodb_buffer_pool_size = 16M
# this is the default, increase it if you have lots of tables
innodb_additional_mem_pool_size = 2M
#
# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-(
# and upstream wants things to be under /var/lib/mysql/, so that's the route
# we have to take for the moment
#innodb_data_home_dir = /var/lib/mysql/
#innodb_log_arch_dir = /var/lib/mysql/
#innodb_log_group_home_dir = /var/lib/mysql/
# you may wish to change this size to be more suitable for your system
# the max is there to avoid run-away growth on your machine
innodb_data_file_path = ibdata1:10M:autoextend:max:128M
# we keep this at around 25% of of innodb_buffer_pool_size
# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size)
innodb_log_file_size = 5M
# this is the default, increase it if you have very large transactions going on
innodb_log_buffer_size = 8M
# this is the default and won't hurt you
# you shouldn't need to tweak it
innodb_log_files_in_group=2
# see the innodb config docs, the other options are not always safe
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
innodb_file_per_table
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
# uncomment the next directive if you are not familiar with SQL
#safe-updates
[isamchk]
key_buffer = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[myisamchk]
key_buffer = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout

13
mysql/files/RedHat-my.cnf
View file

@ -1,13 +0,0 @@
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user={{ salt['pillar.get']('mysql:server:user', 'mysql') }}
port={{ salt['pillar.get']('mysql:server:port', '3306') }}
bind-address={{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }}
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

128
mysql/files/Ubuntu-my.cnf
View file

@ -1,128 +0,0 @@
# This file managed by Salt, do not edit by hand!!
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
user = {{ salt['pillar.get']('mysql:server:user', 'mysql') }}
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = {{ salt['pillar.get']('mysql:server:port', '3306') }}
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = {{ salt['pillar.get']('mysql:server:bind-address', '127.0.0.1') }}
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
#log_slow_queries = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

146
mysql/files/my-huge.cnf
View file

@ -1,146 +0,0 @@
# Example MySQL config file for very large systems.
#
# This is for a large system with memory of 1G-2G where the system runs mainly
# MySQL.
#
# MySQL programs look for option files in a set of
# locations which depend on the deployment platform.
# You can copy this option file to one of those
# locations. For information about these locations, see:
# http://dev.mysql.com/doc/mysql/en/option-files.html
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /tmp/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]
port = 3306
socket = /tmp/mysql.sock
skip-external-locking
key_buffer_size = 384M
max_allowed_packet = 1M
table_open_cache = 512
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size = 32M
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 8
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
# Replication Master Server (default)
# binary logging is required for replication
log-bin=mysql-bin
# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
server-id = 1
# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
# the syntax is:
#
# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
# where you replace <host>, <user>, <password> by quoted strings and
# <port> by the master's port number (3306 by default).
#
# Example:
#
# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
# MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
# start replication for the first time (even unsuccessfully, for example
# if you mistyped the password in master-password and the slave fails to
# connect), the slave will create a master.info file, and any later
# change in this file to the variables' values below will be ignored and
# overridden by the content of the master.info file, unless you shutdown
# the slave server, delete master.info and restart the slaver server.
# For that reason, you may want to leave the lines below untouched
# (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id = 2
#
# The replication master for this slave - required
#master-host = <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user = <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password = <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port = <port>
#
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin
#
# binary logging format - mixed recommended
#binlog_format=mixed
# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /var/db/mysql
#innodb_data_file_path = ibdata1:2000M;ibdata2:10M:autoextend
#innodb_log_group_home_dir = /var/db/mysql
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 384M
#innodb_additional_mem_pool_size = 20M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 100M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates
[myisamchk]
key_buffer_size = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout

144
mysql/files/my-medium.cnf
View file

@ -1,144 +0,0 @@
# Example MySQL config file for medium systems.
#
# This is for a system with little memory (32M - 64M) where MySQL plays
# an important part, or systems up to 128M where MySQL is used together with
# other programs (such as a web server)
#
# MySQL programs look for option files in a set of
# locations which depend on the deployment platform.
# You can copy this option file to one of those
# locations. For information about these locations, see:
# http://dev.mysql.com/doc/mysql/en/option-files.html
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /tmp/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]
port = 3306
socket = /tmp/mysql.sock
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
# Replication Master Server (default)
# binary logging is required for replication
log-bin=mysql-bin
# binary logging format - mixed recommended
binlog_format=mixed
# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
server-id = 1
# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
# the syntax is:
#
# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
# where you replace <host>, <user>, <password> by quoted strings and
# <port> by the master's port number (3306 by default).
#
# Example:
#
# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
# MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
# start replication for the first time (even unsuccessfully, for example
# if you mistyped the password in master-password and the slave fails to
# connect), the slave will create a master.info file, and any later
# change in this file to the variables' values below will be ignored and
# overridden by the content of the master.info file, unless you shutdown
# the slave server, delete master.info and restart the slaver server.
# For that reason, you may want to leave the lines below untouched
# (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id = 2
#
# The replication master for this slave - required
#master-host = <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user = <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password = <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port = <port>
#
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin
# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /var/db/mysql
#innodb_data_file_path = ibdata1:10M:autoextend
#innodb_log_group_home_dir = /var/db/mysql
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 16M
#innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 5M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates
[myisamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout

89
mysql/files/my-small.cnf
View file

@ -1,89 +0,0 @@
# Example MySQL config file for small systems.
#
# This is for a system with little memory (<= 64M) where MySQL is only used
# from time to time and it's important that the mysqld daemon
# doesn't use much resources.
#
# MySQL programs look for option files in a set of
# locations which depend on the deployment platform.
# You can copy this option file to one of those
# locations. For information about these locations, see:
# http://dev.mysql.com/doc/mysql/en/option-files.html
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /tmp/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]
port = 3306
socket = /tmp/mysql.sock
skip-external-locking
key_buffer_size = 16K
max_allowed_packet = 1M
table_open_cache = 4
sort_buffer_size = 64K
read_buffer_size = 256K
read_rnd_buffer_size = 256K
net_buffer_length = 2K
thread_stack = 128K
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (using the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
server-id = 1
# Uncomment the following if you want to log updates
#log-bin=mysql-bin
# binary logging format - mixed recommended
#binlog_format=mixed
# Causes updates to non-transactional engines using statement format to be
# written directly to binary log. Before using this option make sure that
# there are no dependencies between transactional and non-transactional
# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
# t_innodb; otherwise, slaves may diverge from the master.
#binlog_direct_non_transactional_updates=TRUE
# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /var/db/mysql
#innodb_data_file_path = ibdata1:10M:autoextend
#innodb_log_group_home_dir = /var/db/mysql
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 16M
#innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 5M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates
[myisamchk]
key_buffer_size = 8M
sort_buffer_size = 8M
[mysqlhotcopy]
interactive-timeout

31
mysql/files/my.cnf Normal file
View file

@ -0,0 +1,31 @@
# DO NOT CHANGE THIS FILE!
# This config is generated by SALTSTACK
# and all change will be overrided on next salt call
{% from "mysql/defaults.yaml" import rawmap with context %}
{% from "mysql/supported_params.yaml" import supported_params with context %}
{%- set datamap = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %}
{%- for section_name, supparams in supported_params.items() %}
[{{ section_name }}]
{%- for allowedparam in supparams|default([]) %}
{%- set indents = 40 - allowedparam|count %}
{%- set mparam = salt['pillar.get']('mysql:server:'+section_name+':'+allowedparam, false) %}
{%- if mparam %}
{%- if mparam == "noarg_present" %}
{{ allowedparam }}
{%- else %}
{{ allowedparam }}{{ '='|indent(indents, true) }} {{ mparam }}
{%- endif %}
{%- else %}
{%- if datamap.config.sections[section_name] is defined %}
{%- if datamap.config.sections[section_name][allowedparam] is defined %}
{%- if datamap.config.sections[section_name][allowedparam] == "noarg_present" %}
{{ allowedparam }}
{%- else %}
{{ allowedparam }}{{ '='|indent(indents, true) }} {{ datamap.config.sections[section_name][allowedparam] }}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endfor %}
{% endfor %}
{{ datamap.config.append }}

31
mysql/map.jinja
View file

@ -1,31 +0,0 @@
{% set mysql = salt['grains.filter_by']({
'Debian': {
'server': 'mysql-server',
'client': 'mysql-client',
'service': 'mysql',
'config': '/etc/mysql/my.cnf',
'python': 'python-mysqldb',
},
'RedHat': {
'server': 'mysql-server',
'client': 'mysql',
'service': 'mysqld',
'config': '/etc/my.cnf',
'python': 'MySQL-python',
},
'Gentoo': {
'server': 'dev-db/mysql',
'client': 'dev-db/mysql',
'service': 'mysql',
'config': '/etc/mysql/my.cnf',
'python': 'dev-python/mysql-python',
},
'FreeBSD': {
'server': 'mysql56-server',
'client': 'mysql56-client',
'service': 'mysql-server',
'config': '/usr/local/etc/my.cnf',
'python': 'pymysql',
'mysql_size': 'medium',
},
}, merge=salt['pillar.get']('mysql:lookup')) %}

3
mysql/python.sls
View file

@ -1,4 +1,5 @@
{% from "mysql/map.jinja" import mysql with context %}
{% from "mysql/defaults.yaml" import rawmap with context %}
{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %}
mysql_python:
pkg:

15
mysql/server.sls
View file

@ -1,9 +1,11 @@
{% from "mysql/map.jinja" import mysql with context %}
{% from "mysql/defaults.yaml" import rawmap with context %}
{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %}
{% set os = salt['grains.get']('os', None) %}
{% set os_family = salt['grains.get']('os_family', None) %}
{% set mysql_root_password = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %}
{% if mysql_root_password %}
{% if os_family == 'Debian' %}
mysql_debconf:
debconf.set:
@ -40,6 +42,7 @@ mysql_delete_anonymous_user_{{ host }}:
{%- endif %}
{% endfor %}
{% endif %}
{% endif %}
mysqld:
pkg.installed:
@ -56,19 +59,13 @@ mysqld:
mysql_config:
file.managed:
- name: {{ mysql.config }}
- name: {{ mysql.config.file }}
- template: jinja
- source: salt://mysql/files/my.cnf
- watch_in:
- service: mysqld
{% if os_family in ['Debian', 'Gentoo', 'RedHat'] %}
{% if os_family == 'RedHat' %}
- source: salt://mysql/files/{{ os_family }}-my.cnf
{% else %}
- source: salt://mysql/files/{{ os }}-my.cnf
{% endif %}
- user: root
- group: root
- mode: 644
{% elif os == 'FreeBSD' %}
- source: salt://mysql/files/my-{{ mysql.mysql_size }}.cnf
{% endif %}

121
mysql/supported_params.yaml Normal file
View file

@ -0,0 +1,121 @@
# vim
{% load_yaml as supported_params %}
client:
- port
- socket
mysqld_safe:
- socket
- nice
- log-error
- pid-file
- err-log
mysqld:
- user
- pid-file
- socket
- port
- basedir
- datadir
- tmpdir
- lc-messages-dir
- skip-external-locking
- bind-address
- key_buffer
- key_buffer_size
- max_allowed_packet
- thread_stack
- thread_cache_size
- myisam-recover
- query_cache_limit
- query_cache_size
- max_connections
- table_cache
- thread_concurrency
- wait_timeout
- tmp_table_size
- max_heap_table_size
- open_files_limit
- general_log_file
- general_log
- log_error
- log_slow_queries
- long_query_time
- log-queries-not-using-indexes
- expire_logs_days
- max_binlog_size
- server-id
- log_bin
- binlog_do_db
- replicate-do-db
- auto_increment_increment
- auto_increment_offset
- max_connect_errors
- join_buffer_size
- chroot
- ssl-ca
- ssl-cert
- ssl-key
- sort_buffer_size
- read_buffer_size
- read_rnd_buffer_size
- myisam_sort_buffer_size
- slow_query_log
- slow_query_log_file
- innodb_file_per_table
- innodb_data_home_dir
- innodb_data_file_path
- innodb_log_group_home_dir
- innodb_buffer_pool_size
- innodb_additional_mem_pool_size
- innodb_log_file_size
- innodb_log_buffer_size
- innodb_flush_log_at_trx_commit
- innodb_flush_method
- innodb_thread_concurrency
- symbolic-links
- character-set-server
- log-error
- table_open_cache
- net_buffer_length
- language
- log-bin
- innodb_log_files_in_group
- innodb_lock_wait_timeout
mysqldump:
- quick
- quote-names
- max_allowed_packet
- character-sets-dir
- default-character-set
mysql:
- no-auto-rehash
- character-sets-dir
- default-character-set
isamchk:
- key_buffer
- sort_buffer_size
- read_buffer
- write_buffer
- character-sets-dir
myisamchk:
- key_buffer
- sort_buffer_size
- read_buffer
- write_buffer
mysqlhotcopy:
- interactive-timeout
mysqladmin:
- character-sets-dir
- default-character-set
mysqlcheck:
- character-sets-dir
- default-character-set
mysqlimport:
- character-sets-dir
- default-character-set
mysqlshow:
- character-sets-dir
- default-character-set
myisampack:
- character-sets-dir
{% endload %}

19
mysql/user.sls
View file

@ -1,4 +1,6 @@
{% from "mysql/map.jinja" import mysql with context %}
{% from "mysql/defaults.yaml" import rawmap with context %}
{%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %}
{%- set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', 'somepass') %}
{% set user_states = [] %}
@ -20,20 +22,25 @@ include:
{%- endif %}
- connection_host: localhost
- connection_user: root
- connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
{% if mysql_root_pass %}
- connection_pass: '{{ mysql_root_pass }}'
{% endif %}
- connection_charset: utf8
{% for db in user['databases'] %}
{{ state_id ~ '_' ~ loop.index0 }}:
mysql_grants.present:
- name: {{ user['name'] ~ '_' ~ db['database'] }}
- name: {{ user['name'] ~ '_' ~ db['database'] ~ '_' ~ db['table'] | default('all') }}
- grant: {{db['grants']|join(",")}}
- database: '{{ db['database'] }}.*'
- database: '{{ db['database'] }}.{{ db['table'] | default('*') }}'
- grant_option: {{ db['grant_option'] | default(False) }}
- user: {{ user['name'] }}
- host: '{{ user['host'] }}'
- connection_host: localhost
- connection_user: root
- connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
{% if mysql_root_pass -%}
- connection_pass: '{{ mysql_root_pass }}'
{% endif %}
- connection_charset: utf8
- require:
- mysql_user: {{ user['name'] }}
@ -41,5 +48,3 @@ include:
{% do user_states.append(state_id) %}
{% endfor %}

17
pillar.example
View file

@ -1,9 +1,19 @@
mysql:
server:
# root_password: False - to have root@localhost without password
root_password: 'somepass'
bind-address: 127.0.0.1
port: 3306
user: mysql
# my.cnf sections changes
mysqld:
bind-address: 0.0.0.0
port: 3307
log_bin: /var/log/mysql/mysql-bin.log
binlog_do_db: foo
auto_increment_increment: 5
max_connect_errors: 4294967295
mysql:
# my.cnf param that not require value
no-auto-rehash: noarg_present
# Manage databases
database:
@ -17,6 +27,7 @@ mysql:
load: False
# Manage users
# you can get pillar for existent server using import_users.py script
user:
- name: frank
password: 'somepass'
@ -32,7 +43,9 @@ mysql:
databases:
- database: foo
grants: ['all privileges']
grant_option: True
- database: bar
table: foobar
grants: ['select', 'insert', 'update', 'delete']
- name: nopassuser
password: ~