Repair mysql root password configuration

I had to move mysql login and password to /etc/my.cnf
because mysql client could not get passsword from
~.my.cnf when ran by Puppet for some reason.

There is also a separate class mysql::password to
create this file for both plain mysql setup and Galera

Change-Id: I9a9f2a2f479ee7c4b9457329856eabffb1d2b169
Closes-bug: 1297848

deployment/puppet/mysql/manifests/config.pp

@@ -30,11 +30,8 @@
 #   }
 #
 class mysql::config(
-  $root_password     = 'UNSET',
-  $old_root_password = '',
   $bind_address      = $mysql::params::bind_address,
   $port              = $mysql::params::port,
-  $etc_root_password = $mysql::params::etc_root_password,
   $service_name      = $mysql::params::service_name,
   $config_file       = $mysql::params::config_file,
   $socket            = $mysql::params::socket,
@@ -99,35 +96,6 @@ class mysql::config(
     path        => '/sbin/:/usr/sbin/:/usr/bin/:/bin/',
   }
 
-  # manage root password if it is set
-  if $root_password != 'UNSET' {
-    case $old_root_password {
-      '':      { $old_pw='' }
-      default: { $old_pw="-p${old_root_password}" }
-    }
-
-    exec { 'set_mysql_rootpw':
-      command   => "mysqladmin -u root ${old_pw} password ${root_password}",
-      logoutput => true,
-      unless    => "mysqladmin -u root -p${root_password} status > /dev/null",
-      path      => '/usr/local/sbin:/usr/bin:/usr/local/bin',
-      notify    => Exec['mysqld-restart'],
-      require   => File['/etc/mysql/conf.d'],
-    }
-
-    file { '/root/.my.cnf':
-      content => template('mysql/my.cnf.pass.erb'),
-      require => Exec['set_mysql_rootpw'],
-    }
-
-    if $etc_root_password {
-      file{ '/etc/my.cnf':
-        content => template('mysql/my.cnf.pass.erb'),
-        require => Exec['set_mysql_rootpw'],
-      }
-    }
-  }
-
   file { '/etc/mysql':
     ensure => directory,
     mode   => '0755',

deployment/puppet/mysql/manifests/password.pp

@@ -0,0 +1,50 @@
+class mysql::password (
+  $root_password = 'UNSET',
+  $old_root_password = '',
+  $etc_root_password = false,
+  $config_file = $mysql::params::config_file,
+) inherits mysql::params {
+
+  if $root_password != 'UNSET' {
+
+    case $old_root_password {
+      '':      { $old_pw='' }
+      default: { $old_pw="-p${old_root_password}" }
+    }
+
+    exec { 'set_mysql_rootpw':
+      command   => "mysqladmin -u root ${old_pw} password ${root_password}",
+      logoutput => true,
+      unless    => "mysqladmin -u root -p${root_password} status > /dev/null",
+      path      => '/usr/local/sbin:/usr/bin:/usr/local/bin',
+    }
+
+    if $etc_root_password {
+      $password_file_path = '/etc/mysql/conf.d/password.cnf'
+    } else {
+      $password_file_path = '/root/.my.cnf'
+    }
+
+    file { 'mysql_password' :
+      path    => $password_file_path,
+      content => template('mysql/my.cnf.pass.erb'),
+      mode    => '0640',
+      owner   => 'mysql',
+      group   => 'mysql',
+    }
+
+    Service['mysql'] -> Exec['set_mysql_rootpw']
+    Exec['set_mysql_rootpw'] -> File['mysql_password']
+    File <| title == $config_file |> -> File['mysql_password']
+    File <| title == '/etc/my.cnf' |> -> File['mysql_password']
+    File['mysql_password'] -> Database <||>
+    File['mysql_password'] -> Database_grant <||>
+    File['mysql_password'] -> Database_user <||>
+
+    if defined(Class['galera']) {
+      Class['galera'] -> Class['mysql::password']
+    }
+
+  }
+
+}

deployment/puppet/mysql/manifests/server.pp

@@ -15,48 +15,55 @@
 # Sample Usage:
 #
 class mysql::server (
-  $custom_setup_class = undef,
-  $package_name     = $mysql::params::server_package_name,
-  $package_ensure   = 'present',
-  $service_name     = $mysql::params::service_name,
-  $service_provider = $mysql::params::service_provider,
-  $config_hash      = {},
-  $enabled          = true,
-  $galera_cluster_name = undef,
-  $primary_controller = primary_controller,
-  $galera_node_address = undef,
-  $galera_nodes = undef,
+  $custom_setup_class      = undef,
+  $package_name            = $mysql::params::server_package_name,
+  $package_ensure          = 'present',
+  $service_name            = $mysql::params::service_name,
+  $service_provider        = $mysql::params::service_provider,
+  $config_hash             = {},
+  $enabled                 = true,
+  $galera_cluster_name     = undef,
+  $primary_controller      = 'primary_controller',
+  $galera_node_address     = undef,
+  $galera_nodes            = undef,
   $mysql_skip_name_resolve = false,
-  $server_id         = $mysql::params::server_id,
-  $rep_user = 'replicator',
-  $rep_pass = 'replicant666',
-  $replication_roles = "SELECT, PROCESS, FILE, SUPER, REPLICATION CLIENT, REPLICATION SLAVE, RELOAD",
+  $server_id               = $mysql::params::server_id,
+  $rep_user                = 'replicator',
+  $rep_pass                = 'replicant666',
+  $replication_roles       = "SELECT, PROCESS, FILE, SUPER, REPLICATION CLIENT, REPLICATION SLAVE, RELOAD",
   $use_syslog              = false,
-  $initscript_file         = 'puppet:///modules/mysql/mysql-single.init'
+  $initscript_file         = 'puppet:///modules/mysql/mysql-single.init',
+  $root_password           = 'UNSET',
+  $old_root_password       = '',
+  $etc_root_password       = true,
+  $bind_address            = '0.0.0.0',
+  $use_syslog              = true,
 ) inherits mysql::params {
 
+  class { 'mysql::password' :
+    root_password     => $root_password,
+    old_root_password => $old_root_password,
+    etc_root_password => $etc_root_password,
+  }
+
   Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
   if ($custom_setup_class == undef) {
     include mysql
     Class['mysql::server'] -> Class['mysql::config']
     Class['mysql']         -> Class['mysql::server']
 
-    create_resources( 'class', { 'mysql::config' => $config_hash })
-#    exec { "debug-mysql-server-installation" :
-#      command     => "/usr/bin/yum -d 10 -e 10 -y install MySQL-server-5.5.28-6 2>&1 | tee mysql_install.log",
-#      before => Package["mysql-server"],
-#      logoutput => true,
-#    }
+    class { 'mysql::config' :
+      bind_address => $bind_address,
+      use_syslog   => $use_syslog,
+    }
+
     if !defined(Package[mysql-client]) {
       package { 'mysql-client':
         name   => $package_name,
-       #ensure => $mysql::params::client_version,
       }
     }
     package { 'mysql-server':
       name   => $package_name,
-     #ensure => $mysql::params::server_version,
-     #require=> Package['mysql-shared'],
     }
     if $::operatingsystem == 'RedHat' {
       file { "/etc/init.d/mysqld":
@@ -85,12 +92,9 @@ class mysql::server (
     Cs_commit['mysql']    -> Service['mysql']
     Cs_property <||> -> Cs_shadow <||>
     Cs_shadow['mysql']    -> Service['mysql']
-    #Cs_commit <| title == 'internal-vip' |> -> Cs_shadow['mysql']
 
     $config_hash['custom_setup_class'] = $custom_setup_class
     $allowed_hosts = '%'
-    #$allowed_hosts = 'localhost'
-
 
     create_resources( 'class', { 'mysql::config' => $config_hash })
     Class['mysql::config'] -> Cs_resource["p_${service_name}"]
@@ -110,16 +114,8 @@ class mysql::server (
       unless => "test -d $mysql::params::datadir/mysql",
     }
 
-
-
     Class['openstack::corosync'] -> Cs_resource["p_${service_name}"]
 
-#    #cs_rsc_defaults { "resource-stickiness":
-#    #  ensure => present,
-#    #  value  => '110',
-#    #}->
-#    cs_commit { 'mysqlvip' : cib => "mysqlvip" } ->
-
     file { '/tmp/repl_create.sql' :
       ensure  => present,
       content => template('mysql/repl_create.sql.erb'),
@@ -160,7 +156,7 @@ class mysql::server (
       exec { 'start_mysql_slave_on_second_controller':
          command => "ssh -i /root/.ssh/id_rsa_mysql -o StrictHostKeyChecking=no root@${existing_slave} 'mysql -NBe \"start slave;\"'",
          unless  => "mysql -NBe 'show slave status;' | grep -q ${rep_user}",
-         #before  => Cs_shadow['mysql'],
+
       }
     }
     ### end hacks
@@ -191,7 +187,6 @@ class mysql::server (
       }
     }->
 
-
     cs_commit { 'mysql': cib => 'mysql' } ->
 
     service { 'mysql':
@@ -202,7 +197,6 @@ class mysql::server (
       provider => 'pacemaker',
     }
 
-
     #Tie vip__management_old to p_mysqld
     cs_colocation { 'mysql_to_internal-vip':
       primitives => ['vip__management_old',"master_p_${service_name}:Master"],
@@ -221,7 +215,7 @@ class mysql::server (
       skip_name_resolve  => $mysql_skip_name_resolve,
       use_syslog         => $use_syslog,
     }
-#    require($galera_class)
+
   }
 
    else {

deployment/puppet/mysql/templates/my.cnf.pass.erb

@@ -1,6 +1,6 @@
 [client]
 user=root
 host=localhost
-<% unless root_password == 'UNSET' -%>
-password=<%= root_password %>
+<% unless @root_password == 'UNSET' -%>
+password=<%= @root_password %>
 <% end -%>

deployment/puppet/openstack/manifests/db/mysql.pp

@@ -76,22 +76,11 @@ class openstack::db::mysql (
     $use_syslog              = false,
 ) {
 
-  # Install and configure MySQL Server
-#  class { 'mysql::server':
-#    config_hash => {
-#      'root_password' => $mysql_root_password,
-#      'bind_address'  => $mysql_bind_address,
-#    },
-#    enabled     => $enabled,
-# }
-  class { "mysql::server":
-    config_hash => {
-      # the priv grant fails on precise if I set a root password
-      # TODO I should make sure that this works
-      # 'root_password' => $mysql_root_password,
-      'bind_address'  => '0.0.0.0',
-      'use_syslog' => $use_syslog,
-    },
+  class { "mysql::server" :
+    bind_address            => '0.0.0.0',
+    etc_root_password       => true,
+    root_password           => $mysql_root_password,
+    old_root_password       => '',
     galera_cluster_name	    => $galera_cluster_name,
     primary_controller      => $primary_controller,
     galera_node_address	    => $galera_node_address,
@@ -102,7 +91,6 @@ class openstack::db::mysql (
     use_syslog              => $use_syslog,
   }
 
-
   # This removes default users and guest access
   if $mysql_account_security and $custom_setup_class == undef {
     class { 'mysql::server::account_security': }