mirror of
https://github.com/saltstack-formulas/mysql-formula.git
synced 2025-04-10 14:51:46 +00:00
148 lines
5.2 KiB
Text
148 lines
5.2 KiB
Text
{%- from tpldir ~ "/map.jinja" import mysql with context %}
|
|
{%- set mysql_root_user = salt['pillar.get']('mysql:server:root_user', 'root') %}
|
|
{%- set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %}
|
|
{%- set mysql_host = salt['pillar.get']('mysql:server:host', 'localhost') %}
|
|
{%- set mysql_salt_user = salt['pillar.get']('mysql:salt_user:salt_user_name', mysql_root_user) %}
|
|
{%- set mysql_salt_pass = salt['pillar.get']('mysql:salt_user:salt_user_password', mysql_root_pass) %}
|
|
{%- set mysql_unix_socket = salt['pillar.get']('mysql:server:unix_socket', '') %}
|
|
|
|
{%- set user_states = [] %}
|
|
{%- set user_hosts = [] %}
|
|
|
|
include:
|
|
- .python
|
|
|
|
{%- for name, user in salt['pillar.get']('mysql:user', {}).items() %}
|
|
|
|
{%- set user_host = salt['pillar.get']('mysql:user:%s:host'|format(name)) %}
|
|
{%- if user_host != '' %}
|
|
{%- set user_hosts = [user_host] %}
|
|
{%- else %}
|
|
{%- set user_hosts = salt['pillar.get']('mysql:user:%s:hosts'|format(name)) %}
|
|
{%- endif %}
|
|
|
|
{%- if not user_hosts %}
|
|
{%- set mine_target = salt['pillar.get']('mysql:user:%s:mine_hosts:target'|format(name)) %}
|
|
{%- set mine_function = salt['pillar.get']('mysql:user:%s:mine_hosts:function'|format(name)) %}
|
|
{%- set mine_expression_form = salt['pillar.get']('mysql:user:%s:mine_hosts:expr_form'|format(name)) %}
|
|
|
|
{%- if mine_target and mine_function and mine_expression_form %}
|
|
{%- set user_hosts = salt['mine.get'](mine_target, mine_function, mine_expression_form).values() %}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
|
|
{%- for host in user_hosts %}
|
|
|
|
{%- set state_id = 'mysql_user_' ~ name ~ '_' ~ host %}
|
|
{{ state_id }}:
|
|
{%- if user.get('present', True) %}
|
|
mysql_user.present:
|
|
- name: {{ name }}
|
|
- host: '{{ host }}'
|
|
{%- if user['password_hash'] is defined %}
|
|
- password_hash: '{{ user['password_hash'] }}'
|
|
{%- elif user['password'] is defined and user['password'] != None %}
|
|
- password: '{{ user['password'] }}'
|
|
{%- elif user['unix_socket'] is defined and user['unix_socket'] != None %}
|
|
- allow_passwordless: True
|
|
- unix_socket: True
|
|
{%- else %}
|
|
- allow_passwordless: True
|
|
{%- endif %}
|
|
{%- else %}
|
|
mysql_user.absent:
|
|
- name: {{ name }}
|
|
- host: '{{ host }}'
|
|
{%- endif %}
|
|
- connection_host: '{{ mysql_host }}'
|
|
- connection_user: '{{ mysql_salt_user }}'
|
|
{%- if mysql_salt_pass %}
|
|
- connection_pass: '{{ mysql_salt_pass }}'
|
|
{%- endif %}
|
|
{%- if mysql_unix_socket %}
|
|
- connection_unix_socket: '{{ mysql_unix_socket }}'
|
|
{%- endif %}
|
|
- connection_charset: utf8
|
|
|
|
{%- if 'grants' in user %}
|
|
{{ state_id ~ '_grants' }}:
|
|
mysql_grants.present:
|
|
- name: {{ name }}
|
|
- grant: {{ user['grants']|join(",") }}
|
|
- database: '*.*'
|
|
- grant_option: {{ user['grant_option'] | default(False) }}
|
|
{%- if 'ssl' in user or 'ssl-X509' in user %}
|
|
- ssl_option:
|
|
- SSL: {{ user['ssl'] | default(False) }}
|
|
{%- if user['ssl-X509'] is defined %}
|
|
- X509: {{ user['ssl-X509'] }}
|
|
{%- endif %}
|
|
{%- if user['ssl-SUBJECT'] is defined %}
|
|
- SUBJECT: {{ user['ssl-SUBJECT'] }}
|
|
{%- endif %}
|
|
{%- if user['ssl-ISSUER'] is defined %}
|
|
- ISSUER: {{ user['ssl-ISSUER'] }}
|
|
{%- endif %}
|
|
{%- if user['ssl-CIPHER'] is defined %}
|
|
- CIPHER: {{ user['ssl-CIPHER'] }}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
- user: {{ name }}
|
|
- host: '{{ host }}'
|
|
- connection_host: '{{ mysql_host }}'
|
|
- connection_user: '{{ mysql_salt_user }}'
|
|
{%- if mysql_salt_pass %}
|
|
- connection_pass: '{{ mysql_salt_pass }}'
|
|
{%- endif %}
|
|
{%- if mysql_unix_socket %}
|
|
- connection_unix_socket: '{{ mysql_unix_socket }}'
|
|
{%- endif %}
|
|
- connection_charset: utf8
|
|
- require:
|
|
- mysql_user: {{ state_id }}
|
|
{%- endif %}
|
|
|
|
{%- if 'databases' in user %}
|
|
{%- for db in user['databases'] %}
|
|
{{ state_id ~ '_' ~ loop.index0 }}:
|
|
mysql_grants.present:
|
|
- name: {{ name ~ '_' ~ db['database'] ~ '_' ~ db['table'] | default('all') }}
|
|
- grant: {{ db['grants']|join(",") }}
|
|
- database: '{{ db['database'] }}.{{ db['table'] | default('*') }}'
|
|
- grant_option: {{ db['grant_option'] | default(False) }}
|
|
{%- if 'ssl' in user or 'ssl-X509' in user %}
|
|
- ssl_option:
|
|
- SSL: {{ user['ssl'] | default(False) }}
|
|
{%- if user['ssl-X509'] is defined %}
|
|
- X509: {{ user['ssl-X509'] }}
|
|
{%- endif %}
|
|
{%- if user['ssl-SUBJECT'] is defined %}
|
|
- SUBJECT: {{ user['ssl-SUBJECT'] }}
|
|
{%- endif %}
|
|
{%- if user['ssl-ISSUER'] is defined %}
|
|
- ISSUER: {{ user['ssl-ISSUER'] }}
|
|
{%- endif %}
|
|
{%- if user['ssl-CIPHER'] is defined %}
|
|
- CIPHER: {{ user['ssl-CIPHER'] }}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
- user: {{ name }}
|
|
- host: '{{ host }}'
|
|
- escape: {{ db['escape'] | default(True) }}
|
|
- connection_host: '{{ mysql_host }}'
|
|
- connection_user: '{{ mysql_salt_user }}'
|
|
{%- if mysql_salt_pass %}
|
|
- connection_pass: '{{ mysql_salt_pass }}'
|
|
{%- endif %}
|
|
- connection_charset: utf8
|
|
{%- if mysql_unix_socket %}
|
|
- connection_unix_socket: '{{ mysql_unix_socket }}'
|
|
{%- endif %}
|
|
- require:
|
|
- mysql_user: {{ state_id }}
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
|
|
{%- do user_states.append(state_id) %}
|
|
{%- endfor %}
|
|
{%- endfor %}
|