From 664d3761b868c527e04cf0500da42cb797146512 Mon Sep 17 00:00:00 2001
From: Andreas Unterkircher <unki@netshadow.net>
Date: Wed, 26 Feb 2020 10:25:32 +0100
Subject: [PATCH 1/2] allow changing the mysql-config-file group-ownership
---
manifests/server/config.pp | 1 +
spec/classes/mycnf_template_spec.rb | 16 ++++++++++++++++
2 files changed, 17 insertions(+)
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index 8a79943b2..e5e2c0fe1 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -38,6 +38,7 @@
path => $mysql::server::config_file,
content => template('mysql/my.cnf.erb'),
mode => $mysql::server::config_file_mode,
+ group => $mysql::server::mysql_group,
selinux_ignore_defaults => true,
}
diff --git a/spec/classes/mycnf_template_spec.rb b/spec/classes/mycnf_template_spec.rb
index 9724db1ec..4ba66423a 100644
--- a/spec/classes/mycnf_template_spec.rb
+++ b/spec/classes/mycnf_template_spec.rb
@@ -128,6 +128,22 @@
is_expected.to contain_file('mysql-config-file').with(mode: '0600')
end
end
+
+ context 'group owner adm' do
+ let(:params) { { 'mysql_group' => 'adm' } }
+
+ it do
+ is_expected.to contain_file('mysql-config-file').with(group: 'adm')
+ end
+ end
+
+ context 'group owner root' do
+ let(:params) { { 'mysql_group' => 'root' } }
+
+ it do
+ is_expected.to contain_file('mysql-config-file').with(group: 'root')
+ end
+ end
end
end
end
From e911dc02406af8e6a9dd821c1f1fdc847b0fb421 Mon Sep 17 00:00:00 2001
From: Andreas Unterkircher <unki@netshadow.net>
Date: Thu, 27 Feb 2020 19:27:36 +0100
Subject: [PATCH 2/2] add new parameteres $mycnf_owner and $mycnf_group - both
default to undef
---
manifests/params.pp | 18 ++++++++++++++++++
manifests/server.pp | 6 ++++++
manifests/server/config.pp | 3 ++-
spec/classes/mycnf_template_spec.rb | 27 +++++++++++++++++++++------
4 files changed, 47 insertions(+), 7 deletions(-)
diff --git a/manifests/params.pp b/manifests/params.pp
index dd15fa5f0..e90accc78 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -96,6 +96,8 @@
$datadir = '/var/lib/mysql'
$root_group = 'root'
$mysql_group = 'mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$socket = '/var/lib/mysql/mysql.sock'
$ssl_ca = '/etc/mysql/cacert.pem'
$ssl_cert = '/etc/mysql/server-cert.pem'
@@ -152,6 +154,8 @@
}
$root_group = 'root'
$mysql_group = 'mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$server_service_name = 'mysql'
if $::operatingsystem =~ /(SLES|SLED)/ {
@@ -209,6 +213,8 @@
$pidfile = '/var/run/mysqld/mysqld.pid'
$root_group = 'root'
$mysql_group = 'adm'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$socket = '/var/run/mysqld/mysqld.sock'
$ssl_ca = '/etc/mysql/cacert.pem'
$ssl_cert = '/etc/mysql/server-cert.pem'
@@ -253,6 +259,8 @@
$pidfile = '/var/run/mysqld/mysqld.pid'
$root_group = 'root'
$mysql_group = 'mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$server_service_name = 'mysqld'
$socket = '/var/lib/mysql/mysql.sock'
$ssl_ca = '/etc/mysql/cacert.pem'
@@ -278,6 +286,8 @@
$pidfile = '/run/mysqld/mysqld.pid'
$root_group = 'root'
$mysql_group = 'mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$server_service_name = 'mysql'
$socket = '/run/mysqld/mysqld.sock'
$ssl_ca = '/etc/mysql/cacert.pem'
@@ -303,6 +313,8 @@
$pidfile = '/var/run/mysql.pid'
$root_group = 'wheel'
$mysql_group = 'mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$server_service_name = 'mysql-server'
$socket = '/var/db/mysql/mysql.sock'
$ssl_ca = undef
@@ -331,6 +343,8 @@
$pidfile = '/var/mysql/mysql.pid'
$root_group = 'wheel'
$mysql_group = '_mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$server_service_name = 'mysqld'
$socket = '/var/run/mysql/mysql.sock'
$ssl_ca = undef
@@ -386,6 +400,8 @@
$pidfile = '/run/mysqld/mysqld.pid'
$root_group = 'root'
$mysql_group = 'mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$server_service_name = 'mariadb'
$socket = '/run/mysqld/mysqld.sock'
$ssl_ca = '/etc/mysql/cacert.pem'
@@ -411,6 +427,8 @@
$pidfile = '/var/run/mysqld/mysqld.pid'
$root_group = 'root'
$mysql_group = 'mysql'
+ $mycnf_owner = undef
+ $mycnf_group = undef
$server_service_name = 'mysqld'
$socket = '/var/lib/mysql/mysql.sock'
$ssl_ca = '/etc/mysql/cacert.pem'
diff --git a/manifests/server.pp b/manifests/server.pp
index 84d6e3c55..77f44b972 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -41,6 +41,10 @@
# The name of the group used for root. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group).
# @param mysql_group
# The name of the group of the MySQL daemon user. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group).
+# @param mycnf_owner
+# Name or user-id who owns the mysql-config-file.
+# @param mycnf_group
+# Name or group-id which owns the mysql-config-file.
# @param root_password
# The MySQL root password. Puppet attempts to set the root password and update `/root/.my.cnf` with it. This is required if `create_root_user` or `create_root_my_cnf` are true. If `root_password` is 'UNSET', then `create_root_user` and `create_root_my_cnf` are assumed to be false --- that is, the MySQL root user and `/root/.my.cnf` are not created. Password changes are supported; however, the old password must be set in `/root/.my.cnf`. Effectively, Puppet uses the old password, configured in `/root/my.cnf`, to set the new password in MySQL, and then updates `/root/.my.cnf` with the new password.
# @param service_enabled
@@ -85,6 +89,8 @@
$restart = $mysql::params::restart,
$root_group = $mysql::params::root_group,
$mysql_group = $mysql::params::mysql_group,
+ $mycnf_owner = $mysql::params::mycnf_owner,
+ $mycnf_group = $mysql::params::mycnf_group,
$root_password = $mysql::params::root_password,
$service_enabled = $mysql::params::server_service_enabled,
$service_manage = $mysql::params::server_service_manage,
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index e5e2c0fe1..a37e7bba8 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -38,7 +38,8 @@
path => $mysql::server::config_file,
content => template('mysql/my.cnf.erb'),
mode => $mysql::server::config_file_mode,
- group => $mysql::server::mysql_group,
+ owner => $mysql::server::mycnf_owner,
+ group => $mysql::server::mycnf_group,
selinux_ignore_defaults => true,
}
diff --git a/spec/classes/mycnf_template_spec.rb b/spec/classes/mycnf_template_spec.rb
index 4ba66423a..dc64191a1 100644
--- a/spec/classes/mycnf_template_spec.rb
+++ b/spec/classes/mycnf_template_spec.rb
@@ -129,19 +129,34 @@
end
end
- context 'group owner adm' do
- let(:params) { { 'mysql_group' => 'adm' } }
+ context 'user owner 12345' do
+ let(:params) { { 'mycnf_owner' => '12345' } }
it do
- is_expected.to contain_file('mysql-config-file').with(group: 'adm')
+ is_expected.to contain_file('mysql-config-file').with(
+ owner: '12345',
+ )
+ end
+ end
+
+ context 'group owner 12345' do
+ let(:params) { { 'mycnf_group' => '12345' } }
+
+ it do
+ is_expected.to contain_file('mysql-config-file').with(
+ group: '12345',
+ )
end
end
- context 'group owner root' do
- let(:params) { { 'mysql_group' => 'root' } }
+ context 'user and group owner 12345' do
+ let(:params) { { 'mycnf_owner' => '12345', 'mycnf_group' => '12345' } }
it do
- is_expected.to contain_file('mysql-config-file').with(group: 'root')
+ is_expected.to contain_file('mysql-config-file').with(
+ owner: '12345',
+ group: '12345',
+ )
end
end
end