Entrar Ainda não tem acesso?
3
respostas

Senha do root mysql pelo puppet

Referente ao curso Vagrant e Puppet: criação e provisionamento de maquinas virtuais, no capítulo Provisionando um MySQL e atividade Criação de banco

por Diego Souza Bezerra Veloso
| 38.9k xp | 9 posts

Em um cenário em que preciso trabalhar com senha do root no mysql, como executo os comandos pelo puppet, uma vez que ao possuir o root com senha é necessário executar o comando e após isso informar a senha do root, ou seja, são dois comando. Como devo proceder?

3 respostas
por Cassio Moreira
| 28.8k xp | 2 posts
Analista Microsoft.

//tenho esse cod de exemplo de um exercício que fiz em outro curso, ele é um script em puppet, que atualiza a maquina, instala o mysql, executa, conecta, cria um banco, adiciona os privilégios a um usuário e senha e ainda remove o usuário anônimo. Acho que pode te ajudar.//

exec { "apt-update": command => "/usr/bin/apt-get update" } package { "mysql-server": ensure => installed, require => Exec["apt-update"], } file { "/etc/mysql/my.cnf": owner => mysql, group => mysql, mode => 0644, content => template ("/vagrant/manifests/my.cnf"), require => Package ["mysql-server"], notify => Service["mysql"], } service{ "mysql": ensure => running, enable => true, hasstatus => true, hasrestart => true, require => Package["mysql-server"], } exec { "loja-schema": unless => "mysql -uroot loja_schema", command => "mysqladmin -uroot create loja_schema", path => "/usr/bin", require => Service["mysql"], } exec { "remove-anonymous-user": command => "mysql -uroot -e "delete from mysql.user where user=''; flush privileges"", onlyif => "mysql -u ''", path => "/usr/bin", require => Service["mysql"], } exec { "loja-user": unless => "mysql -uloja -plojasecretpass loja_schema", command => "mysql -uroot -e "grant all privileges on loja_schema.* to 'loja'@'%' identified by 'lojasecretpass';"", path => "/usr/bin", require => Exec["loja-schema"], }

por Diego Souza Bezerra Veloso
| 38.9k xp | 9 posts

Prezado, primeiramente obrigado pela ajuda! Quanto ao arquivo, na linha content => template ("/vagrant/manifests/my.cnf"), você criou um novo arquivo my.cnf ou fez alguma alteração no mesmo, se sim, poderia me dizer o que preciso fazer?

por Cassio Moreira
| 28.8k xp | 2 posts
Analista Microsoft.

// Isso, o my.cnf sao as configurações do teu mysql, quando ele instala o serviço cria automaticamente o arquivo, no meu caso, tinha um template e o puppet substituia ele na instalação. A alteração foi apenas no BindAdress trocado de 127.0.0.1 para 0.0.0.0 permitindo conexão externa ao banco de dados. Vou colar aqui o código dele//

#

The MySQL database server configuration file.

#

You can copy this to one of:

- "/etc/mysql/my.cnf" to set global options,

- "~/.my.cnf" to set user-specific options.

#

One can use all long options that the program supports.

Run program with --help to get a list of available options and with

--print-defaults to see which it would actually understand and use.

#

For explanations see

http://dev.mysql.com/doc/mysql/en/server-system-variables.html

This will be passed to all mysql clients

It has been reported that passwords should be enclosed with ticks/quotes

escpecially if they contain "#" chars...

Remember to edit /etc/mysql/debian.cnf when changing the socket location.

[client] port = 3306 socket = /var/run/mysqld/mysqld.sock

Here is entries for some specific programs

The following values assume you have at least 32M ram

This was formally known as [safe_mysqld]. Both versions are currently parsed.

[mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0

[mysqld] #

* Basic Settings

# user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking #

Instead of skip-networking the default is now to listen only on

localhost which is more compatible and is not less secure.

bind-address = 0.0.0.0 #

* Fine Tuning

# key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8

This replaces the startup script and checks MyISAM tables if needed

the first time they are touched

myisam-recover = BACKUP

#max_connections = 100

#table_cache = 64

#thread_concurrency = 10 #

* Query Cache Configuration

# query_cache_limit = 1M query_cache_size = 16M #

* Logging and Replication

#

Both location gets rotated by the cronjob.

Be aware that this log type is a performance killer.

As of 5.1 you can enable the log at runtime!

#general_log_file = /var/log/mysql/mysql.log

#general_log = 1 #

Error log - should be very few entries.

# log_error = /var/log/mysql/error.log #

Here you can see queries with especially long duration

#log_slow_queries = /var/log/mysql/mysql-slow.log

#long_query_time = 2

#log-queries-not-using-indexes #

The following can be used as easy to replay backup logs or for replication.

note: if you are setting up a replication slave, see README.Debian about

other settings you may need to change.

#server-id = 1

#log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M

#binlog_do_db = include_database_name

#binlog_ignore_db = include_database_name #

* InnoDB

#

InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.

Read the manual for more InnoDB related options. There are many!

#

* Security Features

#

Read the manual, too, if you want chroot!

chroot = /var/lib/mysql/

#

For generating SSL certificates I recommend the OpenSSL GUI "tinyca".

#

ssl-ca=/etc/mysql/cacert.pem

ssl-cert=/etc/mysql/server-cert.pem

ssl-key=/etc/mysql/server-key.pem

[mysqldump] quick quote-names max_allowed_packet = 16M

[mysql]

#no-auto-rehash # faster start of mysql but no tab completition

[isamchk] key_buffer = 16M

#

* IMPORTANT: Additional settings that can override those from this file!

The files must end with '.cnf', otherwise they'll be ignored.

# !includedir /etc/mysql/conf.d/