Em um cenário em que preciso trabalhar com senha do root no mysql, como executo os comandos pelo puppet, uma vez que ao possuir o root com senha é necessário executar o comando e após isso informar a senha do root, ou seja, são dois comando. Como devo proceder?
3
respostas
respostas
Senha do root mysql pelo puppet
//tenho esse cod de exemplo de um exercício que fiz em outro curso, ele é um script em puppet, que atualiza a maquina, instala o mysql, executa, conecta, cria um banco, adiciona os privilégios a um usuário e senha e ainda remove o usuário anônimo. Acho que pode te ajudar.//
exec { "apt-update": command => "/usr/bin/apt-get update" } package { "mysql-server": ensure => installed, require => Exec["apt-update"], } file { "/etc/mysql/my.cnf": owner => mysql, group => mysql, mode => 0644, content => template ("/vagrant/manifests/my.cnf"), require => Package ["mysql-server"], notify => Service["mysql"], } service{ "mysql": ensure => running, enable => true, hasstatus => true, hasrestart => true, require => Package["mysql-server"], } exec { "loja-schema": unless => "mysql -uroot loja_schema", command => "mysqladmin -uroot create loja_schema", path => "/usr/bin", require => Service["mysql"], } exec { "remove-anonymous-user": command => "mysql -uroot -e "delete from mysql.user where user=''; flush privileges"", onlyif => "mysql -u ''", path => "/usr/bin", require => Service["mysql"], } exec { "loja-user": unless => "mysql -uloja -plojasecretpass loja_schema", command => "mysql -uroot -e "grant all privileges on loja_schema.* to 'loja'@'%' identified by 'lojasecretpass';"", path => "/usr/bin", require => Exec["loja-schema"], }
Prezado, primeiramente obrigado pela ajuda! Quanto ao arquivo, na linha content => template ("/vagrant/manifests/my.cnf"), você criou um novo arquivo my.cnf ou fez alguma alteração no mesmo, se sim, poderia me dizer o que preciso fazer?
// Isso, o my.cnf sao as configurações do teu mysql, quando ele instala o serviço cria automaticamente o arquivo, no meu caso, tinha um template e o puppet substituia ele na instalação. A alteração foi apenas no BindAdress trocado de 127.0.0.1 para 0.0.0.0 permitindo conexão externa ao banco de dados. Vou colar aqui o código dele//
#
The MySQL database server configuration file.
#
You can copy this to one of:
- "/etc/mysql/my.cnf" to set global options,
- "~/.my.cnf" to set user-specific options.
#
One can use all long options that the program supports.
Run program with --help to get a list of available options and with
--print-defaults to see which it would actually understand and use.
#
For explanations see
http://dev.mysql.com/doc/mysql/en/server-system-variables.html
This will be passed to all mysql clients
It has been reported that passwords should be enclosed with ticks/quotes
escpecially if they contain "#" chars...
Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client] port = 3306 socket = /var/run/mysqld/mysqld.sock
Here is entries for some specific programs
The following values assume you have at least 32M ram
This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0
[mysqld] #
* Basic Settings
# user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking #
Instead of skip-networking the default is now to listen only on
localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0 #
* Fine Tuning
# key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8
This replaces the startup script and checks MyISAM tables if needed
the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10 #
* Query Cache Configuration
# query_cache_limit = 1M query_cache_size = 16M #
* Logging and Replication
#
Both location gets rotated by the cronjob.
Be aware that this log type is a performance killer.
As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1 #
Error log - should be very few entries.
# log_error = /var/log/mysql/error.log #
Here you can see queries with especially long duration
#log_slow_queries = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes #
The following can be used as easy to replay backup logs or for replication.
note: if you are setting up a replication slave, see README.Debian about
other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name #
* InnoDB
#
InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
Read the manual for more InnoDB related options. There are many!
#
* Security Features
#
Read the manual, too, if you want chroot!
chroot = /var/lib/mysql/
#
For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
ssl-ca=/etc/mysql/cacert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
[mysqldump] quick quote-names max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk] key_buffer = 16M
#
* IMPORTANT: Additional settings that can override those from this file!
The files must end with '.cnf', otherwise they'll be ignored.
# !includedir /etc/mysql/conf.d/