openstack/fuel-main
Code Issues Proposed changes

Adding static content to rabbitmq,mysql and stdlib subfolders of puppet folder.

Browse Source
This commit is contained in:
ashaposhnikov 2012-11-30 14:01:49 +00:00
parent dfafe2efa8
commit 2655f546d0
268 changed files with 11535 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
puppet/mysql/.fixtures.yml Normal file
View File

@ -0,0 +1,5 @@
fixtures:
repositories:
"stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib"
symlinks:
"mysql": "#{source_dir}"

5
puppet/mysql/.gemfile Normal file
View File

@ -0,0 +1,5 @@
source :rubygems
puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 2.7']
gem 'puppet', puppetversion
gem 'puppetlabs_spec_helper', '>= 0.1.0'

17
puppet/mysql/.travis.yml Normal file
View File

@ -0,0 +1,17 @@
language: ruby
rvm:
- 1.8.7
before_script:
- "[ '2.6.9' = $PUPPET_VERSION ] && git clone git://github.com/puppetlabs/puppetlabs-create_resources.git spec/fixtures/modules/create_resources || true"
after_script:
script: "rake spec"
branches:
only:
- master
env:
- PUPPET_VERSION=2.7.13
- PUPPET_VERSION=2.7.6
- PUPPET_VERSION=2.6.9
notifications:
email: false
gemfile: .gemfile

128
puppet/mysql/CHANGELOG Normal file
View File

@ -0,0 +1,128 @@
2012-08-23 - Version 0.5.0
* Add puppetlabs/stdlib as requirement
* Add validation for mysql privs in provider
* Add `pidfile` parameter to mysql::config
* Add `ensure` parameter to mysql::db
* Add Amazon linux support
* Change `bind_address` parameter to be optional in my.cnf template
* Fix quoting root passwords
2012-07-24 - Version 0.4.0
* Fix various bugs regarding database names
* FreeBSD support
* Allow specifying the storage engine
* Add a backup class
* Add a security class to purge default accounts
2012-05-03 - Version 0.3.0
* #14218 Query the database for available privileges
* Add mysql::java class for java connector installation
* Use correct error log location on different distros
* Fix set_mysql_rootpw to properly depend on my.cnf
2012-04-11 - Version 0.2.0
2012-03-19 - William Van Hevelingen <blkperl@cat.pdx.edu>
* (#13203) Add ssl support (f7e0ea5)
2012-03-18 - Nan Liu <nan@puppetlabs.com>
* Travis ci before script needs success exit code. (0ea463b)
2012-03-18 - Nan Liu <nan@puppetlabs.com>
* Fix Puppet 2.6 compilation issues. (9ebbbc4)
2012-03-16 - Nan Liu <nan@puppetlabs.com>
* Add travis.ci for testing multiple puppet versions. (33c72ef)
2012-03-15 - William Van Hevelingen <blkperl@cat.pdx.edu>
* (#13163) Datadir should be configurable (f353fc6)
2012-03-16 - Nan Liu <nan@puppetlabs.com>
* Document create_resources dependency. (558a59c)
2012-03-16 - Nan Liu <nan@puppetlabs.com>
* Fix spec test issues related to error message. (eff79b5)
2012-03-16 - Nan Liu <nan@puppetlabs.com>
* Fix mysql service on Ubuntu. (72da2c5)
2012-03-16 - Dan Bode <dan@puppetlabs.com>
* Add more spec test coverage (55e399d)
2012-03-16 - Nan Liu <nan@puppetlabs.com>
* (#11963) Fix spec test due to path changes. (1700349)
2012-03-07 - François Charlier <fcharlier@ploup.net>
* Add a test to check path for 'mysqld-restart' (b14c7d1)
2012-03-07 - François Charlier <fcharlier@ploup.net>
* Fix path for 'mysqld-restart' (1a9ae6b)
2012-03-15 - Dan Bode <dan@puppetlabs.com>
* Add rspec-puppet tests for mysql::config (907331a)
2012-03-15 - Dan Bode <dan@puppetlabs.com>
* Moved class dependency between sever and config to server (da62ad6)
2012-03-14 - Dan Bode <dan@puppetlabs.com>
* Notify mysql restart from set_mysql_rootpw exec (0832a2c)
2012-03-15 - Nan Liu <nan@puppetlabs.com>
* Add documentation related to osfamily fact. (8265d28)
2012-03-14 - Dan Bode <dan@puppetlabs.com>
* Mention osfamily value in failure message (e472d3b)
2012-03-14 - Dan Bode <dan@puppetlabs.com>
* Fix bug when querying for all database users (015490c)
2012-02-09 - Nan Liu <nan@puppetlabs.com>
* Major refactor of mysql module. (b1f90fd)
2012-01-11 - Justin Ellison <justin.ellison@buckle.com>
* Ruby and Python's MySQL libraries are named differently on different distros. (1e926b4)
2012-01-11 - Justin Ellison <justin.ellison@buckle.com>
* Per @ghoneycutt, we should fail explicitly and explain why. (09af083)
2012-01-11 - Justin Ellison <justin.ellison@buckle.com>
* Removing duplicate declaration (7513d03)
2012-01-10 - Justin Ellison <justin.ellison@buckle.com>
* Use socket value from params class instead of hardcoding. (663e97c)
2012-01-10 - Justin Ellison <justin.ellison@buckle.com>
* Instead of hardcoding the config file target, pull it from mysql::params (031a47d)
2012-01-10 - Justin Ellison <justin.ellison@buckle.com>
* Moved $socket to within the case to toggle between distros. Added a $config_file variable to allow per-distro config file destinations. (360eacd)
2012-01-10 - Justin Ellison <justin.ellison@buckle.com>
* Pretty sure this is a bug, 99% of Linux distros out there won't ever hit the default. (3462e6b)
2012-02-09 - William Van Hevelingen <blkperl@cat.pdx.edu>
* Changed the README to use markdown (3b7dfeb)
2012-02-04 - Daniel Black <grooverdan@users.sourceforge.net>
* (#12412) mysqltuner.pl update (b809e6f)
2011-11-17 - Matthias Pigulla <mp@webfactory.de>
* (#11363) Add two missing privileges to grant: event_priv, trigger_priv (d15c9d1)
2011-12-20 - Jeff McCune <jeff@puppetlabs.com>
* (minor) Fixup typos in Modulefile metadata (a0ed6a1)
2011-12-19 - Carl Caum <carl@carlcaum.com>
* Only notify Exec to import sql if sql is given (0783c74)
2011-12-19 - Carl Caum <carl@carlcaum.com>
* (#11508) Only load sql_scripts on DB creation (e3b9fd9)
2011-12-13 - Justin Ellison <justin.ellison@buckle.com>
* Require not needed due to implicit dependencies (3058feb)
2011-12-13 - Justin Ellison <justin.ellison@buckle.com>
* Bug #11375: puppetlabs-mysql fails on CentOS/RHEL (a557b8d)
2011-06-03 - Dan Bode <dan@puppetlabs.com> - 0.0.1
* initial commit

201
puppet/mysql/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

9
puppet/mysql/Modulefile Normal file
View File

@ -0,0 +1,9 @@
name 'puppetlabs-mysql'
version '0.5.0'
source 'git://github.com/puppetlabs/puppetlabs-mysql.git'
author 'Puppet Labs'
license 'Apache 2.0'
summary 'Mysql module'
description 'Mysql module'
project_page 'http://github.com/puppetlabs/puppetlabs-mysql'
dependency 'puppetlabs/stdlib', '>= 2.2.1'

126
puppet/mysql/README.md Normal file
View File

@ -0,0 +1,126 @@
# Mysql module for Puppet
This module manages mysql on Linux (RedHat/Debian) distros. A native mysql provider implements database resource type to handle database, database user, and database permission.
## Description
This module uses the fact osfamily which is supported by Facter 1.6.1+. If you do not have facter 1.6.1 in your environment, the following manifests will provide the same functionality in site.pp (before declaring any node):
if ! $::osfamily {
case $::operatingsystem {
'RedHat', 'Fedora', 'CentOS', 'Scientific', 'SLC', 'Ascendos', 'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL': {
$osfamily = 'RedHat'
}
'ubuntu', 'debian': {
$osfamily = 'Debian'
}
'SLES', 'SLED', 'OpenSuSE', 'SuSE': {
$osfamily = 'Suse'
}
'Solaris', 'Nexenta': {
$osfamily = 'Solaris'
}
default: {
$osfamily = $::operatingsystem
}
}
}
This module depends on creates_resources function which is introduced in Puppet 2.7. Users on puppet 2.6 can use the following module which provides this functionality:
[http://github.com/puppetlabs/puppetlabs-create_resources](http://github.com/puppetlabs/puppetlabs-create_resources)
This module is based on work by David Schmitt. The following contributor have contributed patches to this module (beyond Puppet Labs):
* Christian G. Warden
* Daniel Black
* Justin Ellison
* Lowe Schmidt
* Matthias Pigulla
* William Van Hevelingen
* Michael Arnold
## Usage
### mysql
Installs the mysql-client package.
class { 'mysql': }
### mysql::java
Installs mysql bindings for java.
class { 'mysql::java': }
### mysql::python
Installs mysql bindings for python.
class { 'mysql::python': }
### mysql::ruby
Installs mysql bindings for ruby.
class { 'mysql::ruby': }
### mysql::server
Installs mysql-server packages, configures my.cnf and starts mysqld service:
class { 'mysql::server':
config_hash => { 'root_password' => 'foo' }
}
Database login information stored in `/root/.my.cnf`.
### mysql::db
Creates a database with a user and assign some privileges.
mysql::db { 'mydb':
user => 'myuser',
password => 'mypass',
host => 'localhost',
grant => ['all'],
}
### mysql::backup
Installs a mysql backup script, cronjob, and priviledged backup user.
class { 'mysql::backup':
backupuser => 'myuser',
backuppassword => 'mypassword',
backupdir => '/tmp/backups',
}
### Providers for database types:
MySQL provider supports puppet resources command:
$ puppet resource database
database { 'information_schema':
ensure => 'present',
charset => 'utf8',
}
database { 'mysql':
ensure => 'present',
charset => 'latin1',
}
The custom resources can be used in any other manifests:
database { 'mydb':
charset => 'latin1',
}
database_user { 'bob@localhost':
password_hash => mysql_password('foo')
}
database_grant { 'user@localhost/database':
privileges => ['all'] ,
# Or specify individual privileges with columns from the mysql.db table:
# privileges => ['Select_priv', 'Insert_priv', 'Update_priv', 'Delete_priv']
}
A resource default can be specified to handle dependency:
Database {
require => Class['mysql::server'],
}

1
puppet/mysql/Rakefile Normal file
View File

@ -0,0 +1 @@
require 'puppetlabs_spec_helper/rake_tasks'

8
puppet/mysql/TODO Normal file
View File

@ -0,0 +1,8 @@
The best that I can tell is that this code traces back to David Schmitt. It has been forked many times since then :)
1. you cannot add databases to an instance that has a root password
2. you have to specify username as USER@BLAH or it cannot be found
3. mysql_grant does not complain if user does not exist
4. Needs support for pre-seeding on debian
5. the types may need to take user/password
6. rather or not to configure /etc/.my.cnf should be configurable

966
puppet/mysql/files/mysqltuner.pl Normal file
View File

@ -0,0 +1,966 @@
#!/usr/bin/perl -w
# mysqltuner.pl - Version 1.2.0
# High Performance MySQL Tuning Script
# Copyright (C) 2006-2011 Major Hayden - major@mhtx.net
#
# For the latest updates, please visit http://mysqltuner.com/
# Git repository available at http://github.com/rackerhacker/MySQLTuner-perl
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This project would not be possible without help from:
# Matthew Montgomery Paul Kehrer Dave Burgess
# Jonathan Hinds Mike Jackson Nils Breunese
# Shawn Ashlee Luuk Vosslamber Ville Skytta
# Trent Hornibrook Jason Gill Mark Imbriaco
# Greg Eden Aubin Galinotti Giovanni Bechis
# Bill Bradford Ryan Novosielski Michael Scheidell
# Blair Christensen Hans du Plooy Victor Trac
# Everett Barnes Tom Krouper Gary Barrueto
# Simon Greenaway Adam Stein Isart Montane
# Baptiste M.
#
# Inspired by Matthew Montgomery's tuning-primer.sh script:
# http://forge.mysql.com/projects/view.php?id=44
#
use strict;
use warnings;
use diagnostics;
use File::Spec;
use Getopt::Long;
# Set up a few variables for use in the script
my $tunerversion = "1.2.0";
my (@adjvars, @generalrec);
# Set defaults
my %opt = (
"nobad" => 0,
"nogood" => 0,
"noinfo" => 0,
"nocolor" => 0,
"forcemem" => 0,
"forceswap" => 0,
"host" => 0,
"socket" => 0,
"port" => 0,
"user" => 0,
"pass" => 0,
"skipsize" => 0,
"checkversion" => 0,
);
# Gather the options from the command line
GetOptions(\%opt,
'nobad',
'nogood',
'noinfo',
'nocolor',
'forcemem=i',
'forceswap=i',
'host=s',
'socket=s',
'port=i',
'user=s',
'pass=s',
'skipsize',
'checkversion',
'help',
);
if (defined $opt{'help'} && $opt{'help'} == 1) { usage(); }
sub usage {
# Shown with --help option passed
print "\n".
" MySQLTuner $tunerversion - MySQL High Performance Tuning Script\n".
" Bug reports, feature requests, and downloads at http://mysqltuner.com/\n".
" Maintained by Major Hayden (major\@mhtx.net) - Licensed under GPL\n".
"\n".
" Important Usage Guidelines:\n".
" To run the script with the default options, run the script without arguments\n".
" Allow MySQL server to run for at least 24-48 hours before trusting suggestions\n".
" Some routines may require root level privileges (script will provide warnings)\n".
" You must provide the remote server's total memory when connecting to other servers\n".
"\n".
" Connection and Authentication\n".
" --host <hostname> Connect to a remote host to perform tests (default: localhost)\n".
" --socket <socket> Use a different socket for a local connection\n".
" --port <port> Port to use for connection (default: 3306)\n".
" --user <username> Username to use for authentication\n".
" --pass <password> Password to use for authentication\n".
"\n".
" Performance and Reporting Options\n".
" --skipsize Don't enumerate tables and their types/sizes (default: on)\n".
" (Recommended for servers with many tables)\n".
" --checkversion Check for updates to MySQLTuner (default: don't check)\n".
" --forcemem <size> Amount of RAM installed in megabytes\n".
" --forceswap <size> Amount of swap memory configured in megabytes\n".
"\n".
" Output Options:\n".
" --nogood Remove OK responses\n".
" --nobad Remove negative/suggestion responses\n".
" --noinfo Remove informational responses\n".
" --nocolor Don't print output in color\n".
"\n";
exit;
}
my $devnull = File::Spec->devnull();
# Setting up the colors for the print styles
my $good = ($opt{nocolor} == 0)? "[\e[0;32mOK\e[0m]" : "[OK]" ;
my $bad = ($opt{nocolor} == 0)? "[\e[0;31m!!\e[0m]" : "[!!]" ;
my $info = ($opt{nocolor} == 0)? "[\e[0;34m--\e[0m]" : "[--]" ;
# Functions that handle the print styles
sub goodprint { print $good." ".$_[0] unless ($opt{nogood} == 1); }
sub infoprint { print $info." ".$_[0] unless ($opt{noinfo} == 1); }
sub badprint { print $bad." ".$_[0] unless ($opt{nobad} == 1); }
sub redwrap { return ($opt{nocolor} == 0)? "\e[0;31m".$_[0]."\e[0m" : $_[0] ; }
sub greenwrap { return ($opt{nocolor} == 0)? "\e[0;32m".$_[0]."\e[0m" : $_[0] ; }
# Calculates the parameter passed in bytes, and then rounds it to one decimal place
sub hr_bytes {
my $num = shift;
if ($num >= (1024**3)) { #GB
return sprintf("%.1f",($num/(1024**3)))."G";
} elsif ($num >= (1024**2)) { #MB
return sprintf("%.1f",($num/(1024**2)))."M";
} elsif ($num >= 1024) { #KB
return sprintf("%.1f",($num/1024))."K";
} else {
return $num."B";
}
}
# Calculates the parameter passed in bytes, and then rounds it to the nearest integer
sub hr_bytes_rnd {
my $num = shift;
if ($num >= (1024**3)) { #GB
return int(($num/(1024**3)))."G";
} elsif ($num >= (1024**2)) { #MB
return int(($num/(1024**2)))."M";
} elsif ($num >= 1024) { #KB
return int(($num/1024))."K";
} else {
return $num."B";
}
}
# Calculates the parameter passed to the nearest power of 1000, then rounds it to the nearest integer
sub hr_num {
my $num = shift;
if ($num >= (1000**3)) { # Billions
return int(($num/(1000**3)))."B";
} elsif ($num >= (1000**2)) { # Millions
return int(($num/(1000**2)))."M";
} elsif ($num >= 1000) { # Thousands
return int(($num/1000))."K";
} else {
return $num;
}
}
# Calculates uptime to display in a more attractive form
sub pretty_uptime {
my $uptime = shift;
my $seconds = $uptime % 60;
my $minutes = int(($uptime % 3600) / 60);
my $hours = int(($uptime % 86400) / (3600));
my $days = int($uptime / (86400));
my $uptimestring;
if ($days > 0) {
$uptimestring = "${days}d ${hours}h ${minutes}m ${seconds}s";
} elsif ($hours > 0) {
$uptimestring = "${hours}h ${minutes}m ${seconds}s";
} elsif ($minutes > 0) {
$uptimestring = "${minutes}m ${seconds}s";
} else {
$uptimestring = "${seconds}s";
}
return $uptimestring;
}
# Retrieves the memory installed on this machine
my ($physical_memory,$swap_memory,$duflags);
sub os_setup {
sub memerror {
badprint "Unable to determine total memory/swap; use '--forcemem' and '--forceswap'\n";
exit;
}
my $os = `uname`;
$duflags = ($os =~ /Linux/) ? '-b' : '';
if ($opt{'forcemem'} > 0) {
$physical_memory = $opt{'forcemem'} * 1048576;
infoprint "Assuming $opt{'forcemem'} MB of physical memory\n";
if ($opt{'forceswap'} > 0) {
$swap_memory = $opt{'forceswap'} * 1048576;
infoprint "Assuming $opt{'forceswap'} MB of swap space\n";
} else {
$swap_memory = 0;
badprint "Assuming 0 MB of swap space (use --forceswap to specify)\n";
}
} else {
if ($os =~ /Linux/) {
$physical_memory = `free -b | grep Mem | awk '{print \$2}'` or memerror;
$swap_memory = `free -b | grep Swap | awk '{print \$2}'` or memerror;
} elsif ($os =~ /Darwin/) {
$physical_memory = `sysctl -n hw.memsize` or memerror;
$swap_memory = `sysctl -n vm.swapusage | awk '{print \$3}' | sed 's/\..*\$//'` or memerror;
} elsif ($os =~ /NetBSD|OpenBSD/) {
$physical_memory = `sysctl -n hw.physmem` or memerror;
if ($physical_memory < 0) {
$physical_memory = `sysctl -n hw.physmem64` or memerror;
}
$swap_memory = `swapctl -l | grep '^/' | awk '{ s+= \$2 } END { print s }'` or memerror;
} elsif ($os =~ /BSD/) {
$physical_memory = `sysctl -n hw.realmem`;
$swap_memory = `swapinfo | grep '^/' | awk '{ s+= \$2 } END { print s }'`;
} elsif ($os =~ /SunOS/) {
$physical_memory = `/usr/sbin/prtconf | grep Memory | cut -f 3 -d ' '` or memerror;
chomp($physical_memory);
$physical_memory = $physical_memory*1024*1024;
} elsif ($os =~ /AIX/) {
$physical_memory = `lsattr -El sys0 | grep realmem | awk '{print \$2}'` or memerror;
chomp($physical_memory);
$physical_memory = $physical_memory*1024;
$swap_memory = `lsps -as | awk -F"(MB| +)" '/MB /{print \$2}'` or memerror;
chomp($swap_memory);
$swap_memory = $swap_memory*1024*1024;
}
}
chomp($physical_memory);
}
# Checks to see if a MySQL login is possible
my ($mysqllogin,$doremote,$remotestring);
sub mysql_setup {
$doremote = 0;
$remotestring = '';
my $command = `which mysqladmin`;
chomp($command);
if (! -e $command) {
badprint "Unable to find mysqladmin in your \$PATH. Is MySQL installed?\n";
exit;
}
# Are we being asked to connect via a socket?
if ($opt{socket} ne 0) {
$remotestring = " -S $opt{socket}";
}
# Are we being asked to connect to a remote server?
if ($opt{host} ne 0) {
chomp($opt{host});
$opt{port} = ($opt{port} eq 0)? 3306 : $opt{port} ;
# If we're doing a remote connection, but forcemem wasn't specified, we need to exit
if ($opt{'forcemem'} eq 0) {
badprint "The --forcemem option is required for remote connections\n";
exit;
}
infoprint "Performing tests on $opt{host}:$opt{port}\n";
$remotestring = " -h $opt{host} -P $opt{port}";
$doremote = 1;
}
# Did we already get a username and password passed on the command line?
if ($opt{user} ne 0 and $opt{pass} ne 0) {
$mysqllogin = "-u $opt{user} -p'$opt{pass}'".$remotestring;
my $loginstatus = `mysqladmin ping $mysqllogin 2>&1`;
if ($loginstatus =~ /mysqld is alive/) {
goodprint "Logged in using credentials passed on the command line\n";
return 1;
} else {
badprint "Attempted to use login credentials, but they were invalid\n";
exit 0;
}
}
if ( -r "/etc/psa/.psa.shadow" and $doremote == 0 ) {
# It's a Plesk box, use the available credentials
$mysqllogin = "-u admin -p`cat /etc/psa/.psa.shadow`";
my $loginstatus = `mysqladmin ping $mysqllogin 2>&1`;
unless ($loginstatus =~ /mysqld is alive/) {
badprint "Attempted to use login credentials from Plesk, but they failed.\n";
exit 0;
}
} elsif ( -r "/etc/mysql/debian.cnf" and $doremote == 0 ){
# We have a debian maintenance account, use it
$mysqllogin = "--defaults-file=/etc/mysql/debian.cnf";
my $loginstatus = `mysqladmin $mysqllogin ping 2>&1`;
if ($loginstatus =~ /mysqld is alive/) {
goodprint "Logged in using credentials from debian maintenance account.\n";
return 1;
} else {
badprint "Attempted to use login credentials from debian maintenance account, but they failed.\n";
exit 0;
}
} else {
# It's not Plesk or debian, we should try a login
my $loginstatus = `mysqladmin $remotestring ping 2>&1`;
if ($loginstatus =~ /mysqld is alive/) {
# Login went just fine
$mysqllogin = " $remotestring ";
# Did this go well because of a .my.cnf file or is there no password set?
my $userpath = `printenv HOME`;
if (length($userpath) > 0) {
chomp($userpath);
}
unless ( -e "${userpath}/.my.cnf" ) {
badprint "Successfully authenticated with no password - SECURITY RISK!\n";
}
return 1;
} else {
print STDERR "Please enter your MySQL administrative login: ";
my $name = <>;
print STDERR "Please enter your MySQL administrative password: ";
system("stty -echo >$devnull 2>&1");
my $password = <>;
system("stty echo >$devnull 2>&1");
chomp($password);
chomp($name);
$mysqllogin = "-u $name";
if (length($password) > 0) {
$mysqllogin .= " -p'$password'";
}
$mysqllogin .= $remotestring;
my $loginstatus = `mysqladmin ping $mysqllogin 2>&1`;
if ($loginstatus =~ /mysqld is alive/) {
print STDERR "\n";
if (! length($password)) {
# Did this go well because of a .my.cnf file or is there no password set?
my $userpath = `ls -d ~`;
chomp($userpath);
unless ( -e "$userpath/.my.cnf" ) {
badprint "Successfully authenticated with no password - SECURITY RISK!\n";
}
}
return 1;
} else {
print "\n".$bad." Attempted to use login credentials, but they were invalid.\n";
exit 0;
}
exit 0;
}
}
}
# Populates all of the variable and status hashes
my (%mystat,%myvar,$dummyselect);
sub get_all_vars {
# We need to initiate at least one query so that our data is useable
$dummyselect = `mysql $mysqllogin -Bse "SELECT VERSION();"`;
my @mysqlvarlist = `mysql $mysqllogin -Bse "SHOW /*!50000 GLOBAL */ VARIABLES;"`;
foreach my $line (@mysqlvarlist) {
$line =~ /([a-zA-Z_]*)\s*(.*)/;
$myvar{$1} = $2;
}
my @mysqlstatlist = `mysql $mysqllogin -Bse "SHOW /*!50000 GLOBAL */ STATUS;"`;
foreach my $line (@mysqlstatlist) {
$line =~ /([a-zA-Z_]*)\s*(.*)/;
$mystat{$1} = $2;
}
# Workaround for MySQL bug #59393 wrt. ignore-builtin-innodb
if (($myvar{'ignore_builtin_innodb'} || "") eq "ON") {
$myvar{'have_innodb'} = "NO";
}
# have_* for engines is deprecated and will be removed in MySQL 5.6;
# check SHOW ENGINES and set corresponding old style variables.
# Also works around MySQL bug #59393 wrt. skip-innodb
my @mysqlenginelist = `mysql $mysqllogin -Bse "SHOW ENGINES;" 2>$devnull`;
foreach my $line (@mysqlenginelist) {
if ($line =~ /^([a-zA-Z_]+)\s+(\S+)/) {
my $engine = lc($1);
if ($engine eq "federated" || $engine eq "blackhole") {
$engine .= "_engine";
} elsif ($engine eq "berkeleydb") {
$engine = "bdb";
}
my $val = ($2 eq "DEFAULT") ? "YES" : $2;
$myvar{"have_$engine"} = $val;
}
}
}
sub security_recommendations {
print "\n-------- Security Recommendations -------------------------------------------\n";
my @mysqlstatlist = `mysql $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = '' OR password IS NULL;"`;
if (@mysqlstatlist) {
foreach my $line (sort @mysqlstatlist) {
chomp($line);
badprint "User '".$line."' has no password set.\n";
}
} else {
goodprint "All database users have passwords assigned\n";
}
}
sub get_replication_status {
my $slave_status = `mysql $mysqllogin -Bse "show slave status\\G"`;
my ($io_running) = ($slave_status =~ /slave_io_running\S*\s+(\S+)/i);
my ($sql_running) = ($slave_status =~ /slave_sql_running\S*\s+(\S+)/i);
if ($io_running eq 'Yes' && $sql_running eq 'Yes') {
if ($myvar{'read_only'} eq 'OFF') {
badprint "This replication slave is running with the read_only option disabled.";
} else {
goodprint "This replication slave is running with the read_only option enabled.";
}
}
}
# Checks for updates to MySQLTuner
sub validate_tuner_version {
print "\n-------- General Statistics --------------------------------------------------\n";
if ($opt{checkversion} eq 0) {
infoprint "Skipped version check for MySQLTuner script\n";
return;
}
my $update;
my $url = "http://mysqltuner.com/versioncheck.php?v=$tunerversion";
if (-e "/usr/bin/curl") {
$update = `/usr/bin/curl --connect-timeout 5 '$url' 2>$devnull`;
chomp($update);
} elsif (-e "/usr/bin/wget") {
$update = `/usr/bin/wget -e timestamping=off -T 5 -O - '$url' 2>$devnull`;
chomp($update);
}
if ($update eq 1) {
badprint "There is a new version of MySQLTuner available\n";
} elsif ($update eq 0) {
goodprint "You have the latest version of MySQLTuner\n";
} else {
infoprint "Unable to check for the latest MySQLTuner version\n";
}
}
# Checks for supported or EOL'ed MySQL versions
my ($mysqlvermajor,$mysqlverminor);
sub validate_mysql_version {
($mysqlvermajor,$mysqlverminor) = $myvar{'version'} =~ /(\d)\.(\d)/;
if (!mysql_version_ge(5)) {
badprint "Your MySQL version ".$myvar{'version'}." is EOL software! Upgrade soon!\n";
} elsif (mysql_version_ge(6)) {
badprint "Currently running unsupported MySQL version ".$myvar{'version'}."\n";
} else {
goodprint "Currently running supported MySQL version ".$myvar{'version'}."\n";
}
}
# Checks if MySQL version is greater than equal to (major, minor)
sub mysql_version_ge {
my ($maj, $min) = @_;
return $mysqlvermajor > $maj || ($mysqlvermajor == $maj && $mysqlverminor >= ($min || 0));
}
# Checks for 32-bit boxes with more than 2GB of RAM
my ($arch);
sub check_architecture {
if ($doremote eq 1) { return; }
if (`uname` =~ /SunOS/ && `isainfo -b` =~ /64/) {
$arch = 64;
goodprint "Operating on 64-bit architecture\n";
} elsif (`uname` !~ /SunOS/ && `uname -m` =~ /64/) {
$arch = 64;
goodprint "Operating on 64-bit architecture\n";
} elsif (`uname` =~ /AIX/ && `bootinfo -K` =~ /64/) {
$arch = 64;
goodprint "Operating on 64-bit architecture\n";
} else {
$arch = 32;
if ($physical_memory > 2147483648) {
badprint "Switch to 64-bit OS - MySQL cannot currently use all of your RAM\n";
} else {
goodprint "Operating on 32-bit architecture with less than 2GB RAM\n";
}
}
}
# Start up a ton of storage engine counts/statistics
my (%enginestats,%enginecount,$fragtables);
sub check_storage_engines {
if ($opt{skipsize} eq 1) {
print "\n-------- Storage Engine Statistics -------------------------------------------\n";
infoprint "Skipped due to --skipsize option\n";
return;
}
print "\n-------- Storage Engine Statistics -------------------------------------------\n";
infoprint "Status: ";
my $engines;
$engines .= (defined $myvar{'have_archive'} && $myvar{'have_archive'} eq "YES")? greenwrap "+Archive " : redwrap "-Archive " ;
$engines .= (defined $myvar{'have_bdb'} && $myvar{'have_bdb'} eq "YES")? greenwrap "+BDB " : redwrap "-BDB " ;
$engines .= (defined $myvar{'have_federated_engine'} && $myvar{'have_federated_engine'} eq "YES")? greenwrap "+Federated " : redwrap "-Federated " ;
$engines .= (defined $myvar{'have_innodb'} && $myvar{'have_innodb'} eq "YES")? greenwrap "+InnoDB " : redwrap "-InnoDB " ;
$engines .= (defined $myvar{'have_isam'} && $myvar{'have_isam'} eq "YES")? greenwrap "+ISAM " : redwrap "-ISAM " ;
$engines .= (defined $myvar{'have_ndbcluster'} && $myvar{'have_ndbcluster'} eq "YES")? greenwrap "+NDBCluster " : redwrap "-NDBCluster " ;
print "$engines\n";
if (mysql_version_ge(5)) {
# MySQL 5 servers can have table sizes calculated quickly from information schema
my @templist = `mysql $mysqllogin -Bse "SELECT ENGINE,SUM(DATA_LENGTH),COUNT(ENGINE) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','mysql') AND ENGINE IS NOT NULL GROUP BY ENGINE ORDER BY ENGINE ASC;"`;
foreach my $line (@templist) {
my ($engine,$size,$count);
($engine,$size,$count) = $line =~ /([a-zA-Z_]*)\s+(\d+)\s+(\d+)/;
if (!defined($size)) { next; }
$enginestats{$engine} = $size;
$enginecount{$engine} = $count;
}
$fragtables = `mysql $mysqllogin -Bse "SELECT COUNT(TABLE_NAME) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','mysql') AND Data_free > 0 AND NOT ENGINE='MEMORY';"`;
chomp($fragtables);
} else {
# MySQL < 5 servers take a lot of work to get table sizes
my @tblist;
# Now we build a database list, and loop through it to get storage engine stats for tables
my @dblist = `mysql $mysqllogin -Bse "SHOW DATABASES"`;
foreach my $db (@dblist) {
chomp($db);
if ($db eq "information_schema") { next; }
my @ixs = (1, 6, 9);
if (!mysql_version_ge(4, 1)) {
# MySQL 3.23/4.0 keeps Data_Length in the 5th (0-based) column
@ixs = (1, 5, 8);
}
push(@tblist, map { [ (split)[@ixs] ] } `mysql $mysqllogin -Bse "SHOW TABLE STATUS FROM \\\`$db\\\`"`);
}
# Parse through the table list to generate storage engine counts/statistics
$fragtables = 0;
foreach my $tbl (@tblist) {
my ($engine, $size, $datafree) = @$tbl;
if (defined $enginestats{$engine}) {
$enginestats{$engine} += $size;
$enginecount{$engine} += 1;
} else {
$enginestats{$engine} = $size;
$enginecount{$engine} = 1;
}
if ($datafree > 0) {
$fragtables++;
}
}
}
while (my ($engine,$size) = each(%enginestats)) {
infoprint "Data in $engine tables: ".hr_bytes_rnd($size)." (Tables: ".$enginecount{$engine}.")"."\n";
}
# If the storage engine isn't being used, recommend it to be disabled
if (!defined $enginestats{'InnoDB'} && defined $myvar{'have_innodb'} && $myvar{'have_innodb'} eq "YES") {
badprint "InnoDB is enabled but isn't being used\n";
push(@generalrec,"Add skip-innodb to MySQL configuration to disable InnoDB");
}
if (!defined $enginestats{'BerkeleyDB'} && defined $myvar{'have_bdb'} && $myvar{'have_bdb'} eq "YES") {
badprint "BDB is enabled but isn't being used\n";
push(@generalrec,"Add skip-bdb to MySQL configuration to disable BDB");
}
if (!defined $enginestats{'ISAM'} && defined $myvar{'have_isam'} && $myvar{'have_isam'} eq "YES") {
badprint "ISAM is enabled but isn't being used\n";
push(@generalrec,"Add skip-isam to MySQL configuration to disable ISAM (MySQL > 4.1.0)");
}
# Fragmented tables
if ($fragtables > 0) {
badprint "Total fragmented tables: $fragtables\n";
push(@generalrec,"Run OPTIMIZE TABLE to defragment tables for better performance");
} else {
goodprint "Total fragmented tables: $fragtables\n";
}
}
my %mycalc;
sub calculations {
if ($mystat{'Questions'} < 1) {
badprint "Your server has not answered any queries - cannot continue...";
exit 0;
}
# Per-thread memory
if (mysql_version_ge(4)) {
$mycalc{'per_thread_buffers'} = $myvar{'read_buffer_size'} + $myvar{'read_rnd_buffer_size'} + $myvar{'sort_buffer_size'} + $myvar{'thread_stack'} + $myvar{'join_buffer_size'};
} else {
$mycalc{'per_thread_buffers'} = $myvar{'record_buffer'} + $myvar{'record_rnd_buffer'} + $myvar{'sort_buffer'} + $myvar{'thread_stack'} + $myvar{'join_buffer_size'};
}
$mycalc{'total_per_thread_buffers'} = $mycalc{'per_thread_buffers'} * $myvar{'max_connections'};
$mycalc{'max_total_per_thread_buffers'} = $mycalc{'per_thread_buffers'} * $mystat{'Max_used_connections'};
# Server-wide memory
$mycalc{'max_tmp_table_size'} = ($myvar{'tmp_table_size'} > $myvar{'max_heap_table_size'}) ? $myvar{'max_heap_table_size'} : $myvar{'tmp_table_size'} ;
$mycalc{'server_buffers'} = $myvar{'key_buffer_size'} + $mycalc{'max_tmp_table_size'};
$mycalc{'server_buffers'} += (defined $myvar{'innodb_buffer_pool_size'}) ? $myvar{'innodb_buffer_pool_size'} : 0 ;
$mycalc{'server_buffers'} += (defined $myvar{'innodb_additional_mem_pool_size'}) ? $myvar{'innodb_additional_mem_pool_size'} : 0 ;
$mycalc{'server_buffers'} += (defined $myvar{'innodb_log_buffer_size'}) ? $myvar{'innodb_log_buffer_size'} : 0 ;
$mycalc{'server_buffers'} += (defined $myvar{'query_cache_size'}) ? $myvar{'query_cache_size'} : 0 ;
# Global memory
$mycalc{'max_used_memory'} = $mycalc{'server_buffers'} + $mycalc{"max_total_per_thread_buffers"};
$mycalc{'total_possible_used_memory'} = $mycalc{'server_buffers'} + $mycalc{'total_per_thread_buffers'};
$mycalc{'pct_physical_memory'} = int(($mycalc{'total_possible_used_memory'} * 100) / $physical_memory);
# Slow queries
$mycalc{'pct_slow_queries'} = int(($mystat{'Slow_queries'}/$mystat{'Questions'}) * 100);
# Connections
$mycalc{'pct_connections_used'} = int(($mystat{'Max_used_connections'}/$myvar{'max_connections'}) * 100);
$mycalc{'pct_connections_used'} = ($mycalc{'pct_connections_used'} > 100) ? 100 : $mycalc{'pct_connections_used'} ;
# Key buffers
if (mysql_version_ge(4, 1)) {
$mycalc{'pct_key_buffer_used'} = sprintf("%.1f",(1 - (($mystat{'Key_blocks_unused'} * $myvar{'key_cache_block_size'}) / $myvar{'key_buffer_size'})) * 100);
}
if ($mystat{'Key_read_requests'} > 0) {
$mycalc{'pct_keys_from_mem'} = sprintf("%.1f",(100 - (($mystat{'Key_reads'} / $mystat{'Key_read_requests'}) * 100)));
} else {
$mycalc{'pct_keys_from_mem'} = 0;
}
if ($doremote eq 0 and !mysql_version_ge(5)) {
my $size = 0;
$size += (split)[0] for `find $myvar{'datadir'} -name "*.MYI" 2>&1 | xargs du -L $duflags 2>&1`;
$mycalc{'total_myisam_indexes'} = $size;
} elsif (mysql_version_ge(5)) {
$mycalc{'total_myisam_indexes'} = `mysql $mysqllogin -Bse "SELECT IFNULL(SUM(INDEX_LENGTH),0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'MyISAM';"`;
}
if (defined $mycalc{'total_myisam_indexes'} and $mycalc{'total_myisam_indexes'} == 0) {
$mycalc{'total_myisam_indexes'} = "fail";
} elsif (defined $mycalc{'total_myisam_indexes'}) {
chomp($mycalc{'total_myisam_indexes'});
}
# Query cache
if (mysql_version_ge(4)) {
$mycalc{'query_cache_efficiency'} = sprintf("%.1f",($mystat{'Qcache_hits'} / ($mystat{'Com_select'} + $mystat{'Qcache_hits'})) * 100);
if ($myvar{'query_cache_size'}) {
$mycalc{'pct_query_cache_used'} = sprintf("%.1f",100 - ($mystat{'Qcache_free_memory'} / $myvar{'query_cache_size'}) * 100);
}
if ($mystat{'Qcache_lowmem_prunes'} == 0) {
$mycalc{'query_cache_prunes_per_day'} = 0;
} else {
$mycalc{'query_cache_prunes_per_day'} = int($mystat{'Qcache_lowmem_prunes'} / ($mystat{'Uptime'}/86400));
}
}
# Sorting
$mycalc{'total_sorts'} = $mystat{'Sort_scan'} + $mystat{'Sort_range'};
if ($mycalc{'total_sorts'} > 0) {
$mycalc{'pct_temp_sort_table'} = int(($mystat{'Sort_merge_passes'} / $mycalc{'total_sorts'}) * 100);
}
# Joins
$mycalc{'joins_without_indexes'} = $mystat{'Select_range_check'} + $mystat{'Select_full_join'};
$mycalc{'joins_without_indexes_per_day'} = int($mycalc{'joins_without_indexes'} / ($mystat{'Uptime'}/86400));
# Temporary tables
if ($mystat{'Created_tmp_tables'} > 0) {
if ($mystat{'Created_tmp_disk_tables'} > 0) {
$mycalc{'pct_temp_disk'} = int(($mystat{'Created_tmp_disk_tables'} / ($mystat{'Created_tmp_tables'} + $mystat{'Created_tmp_disk_tables'})) * 100);
} else {
$mycalc{'pct_temp_disk'} = 0;
}
}
# Table cache
if ($mystat{'Opened_tables'} > 0) {
$mycalc{'table_cache_hit_rate'} = int($mystat{'Open_tables'}*100/$mystat{'Opened_tables'});
} else {
$mycalc{'table_cache_hit_rate'} = 100;
}
# Open files
if ($myvar{'open_files_limit'} > 0) {
$mycalc{'pct_files_open'} = int($mystat{'Open_files'}*100/$myvar{'open_files_limit'});
}
# Table locks
if ($mystat{'Table_locks_immediate'} > 0) {
if ($mystat{'Table_locks_waited'} == 0) {
$mycalc{'pct_table_locks_immediate'} = 100;
} else {
$mycalc{'pct_table_locks_immediate'} = int($mystat{'Table_locks_immediate'}*100/($mystat{'Table_locks_waited'} + $mystat{'Table_locks_immediate'}));
}
}
# Thread cache
$mycalc{'thread_cache_hit_rate'} = int(100 - (($mystat{'Threads_created'} / $mystat{'Connections'}) * 100));
# Other
if ($mystat{'Connections'} > 0) {
$mycalc{'pct_aborted_connections'} = int(($mystat{'Aborted_connects'}/$mystat{'Connections'}) * 100);
}
if ($mystat{'Questions'} > 0) {
$mycalc{'total_reads'} = $mystat{'Com_select'};
$mycalc{'total_writes'} = $mystat{'Com_delete'} + $mystat{'Com_insert'} + $mystat{'Com_update'} + $mystat{'Com_replace'};
if ($mycalc{'total_reads'} == 0) {
$mycalc{'pct_reads'} = 0;
$mycalc{'pct_writes'} = 100;
} else {
$mycalc{'pct_reads'} = int(($mycalc{'total_reads'}/($mycalc{'total_reads'}+$mycalc{'total_writes'})) * 100);
$mycalc{'pct_writes'} = 100-$mycalc{'pct_reads'};
}
}
# InnoDB
if ($myvar{'have_innodb'} eq "YES") {
$mycalc{'innodb_log_size_pct'} = ($myvar{'innodb_log_file_size'} * 100 / $myvar{'innodb_buffer_pool_size'});
}
}
sub mysql_stats {
print "\n-------- Performance Metrics -------------------------------------------------\n";
# Show uptime, queries per second, connections, traffic stats
my $qps;
if ($mystat{'Uptime'} > 0) { $qps = sprintf("%.3f",$mystat{'Questions'}/$mystat{'Uptime'}); }
if ($mystat{'Uptime'} < 86400) { push(@generalrec,"MySQL started within last 24 hours - recommendations may be inaccurate"); }
infoprint "Up for: ".pretty_uptime($mystat{'Uptime'})." (".hr_num($mystat{'Questions'}).
" q [".hr_num($qps)." qps], ".hr_num($mystat{'Connections'})." conn,".
" TX: ".hr_num($mystat{'Bytes_sent'}).", RX: ".hr_num($mystat{'Bytes_received'}).")\n";
infoprint "Reads / Writes: ".$mycalc{'pct_reads'}."% / ".$mycalc{'pct_writes'}."%\n";
# Memory usage
infoprint "Total buffers: ".hr_bytes($mycalc{'server_buffers'})." global + ".hr_bytes($mycalc{'per_thread_buffers'})." per thread ($myvar{'max_connections'} max threads)\n";
if ($mycalc{'total_possible_used_memory'} > 2*1024*1024*1024 && $arch eq 32) {
badprint "Allocating > 2GB RAM on 32-bit systems can cause system instability\n";
badprint "Maximum possible memory usage: ".hr_bytes($mycalc{'total_possible_used_memory'})." ($mycalc{'pct_physical_memory'}% of installed RAM)\n";
} elsif ($mycalc{'pct_physical_memory'} > 85) {
badprint "Maximum possible memory usage: ".hr_bytes($mycalc{'total_possible_used_memory'})." ($mycalc{'pct_physical_memory'}% of installed RAM)\n";
push(@generalrec,"Reduce your overall MySQL memory footprint for system stability");
} else {
goodprint "Maximum possible memory usage: ".hr_bytes($mycalc{'total_possible_used_memory'})." ($mycalc{'pct_physical_memory'}% of installed RAM)\n";
}
# Slow queries
if ($mycalc{'pct_slow_queries'} > 5) {
badprint "Slow queries: $mycalc{'pct_slow_queries'}% (".hr_num($mystat{'Slow_queries'})."/".hr_num($mystat{'Questions'}).")\n";
} else {
goodprint "Slow queries: $mycalc{'pct_slow_queries'}% (".hr_num($mystat{'Slow_queries'})."/".hr_num($mystat{'Questions'}).")\n";
}
if ($myvar{'long_query_time'} > 10) { push(@adjvars,"long_query_time (<= 10)"); }
if (defined($myvar{'log_slow_queries'})) {
if ($myvar{'log_slow_queries'} eq "OFF") { push(@generalrec,"Enable the slow query log to troubleshoot bad queries"); }
}
# Connections
if ($mycalc{'pct_connections_used'} > 85) {
badprint "Highest connection usage: $mycalc{'pct_connections_used'}% ($mystat{'Max_used_connections'}/$myvar{'max_connections'})\n";
push(@adjvars,"max_connections (> ".$myvar{'max_connections'}.")");
push(@adjvars,"wait_timeout (< ".$myvar{'wait_timeout'}.")","interactive_timeout (< ".$myvar{'interactive_timeout'}.")");
push(@generalrec,"Reduce or eliminate persistent connections to reduce connection usage")
} else {
goodprint "Highest usage of available connections: $mycalc{'pct_connections_used'}% ($mystat{'Max_used_connections'}/$myvar{'max_connections'})\n";
}
# Key buffer
if (!defined($mycalc{'total_myisam_indexes'}) and $doremote == 1) {
push(@generalrec,"Unable to calculate MyISAM indexes on remote MySQL server < 5.0.0");
} elsif ($mycalc{'total_myisam_indexes'} =~ /^fail$/) {
badprint "Cannot calculate MyISAM index size - re-run script as root user\n";
} elsif ($mycalc{'total_myisam_indexes'} == "0") {
badprint "None of your MyISAM tables are indexed - add indexes immediately\n";
} else {
if ($myvar{'key_buffer_size'} < $mycalc{'total_myisam_indexes'} && $mycalc{'pct_keys_from_mem'} < 95) {
badprint "Key buffer size / total MyISAM indexes: ".hr_bytes($myvar{'key_buffer_size'})."/".hr_bytes($mycalc{'total_myisam_indexes'})."\n";
push(@adjvars,"key_buffer_size (> ".hr_bytes($mycalc{'total_myisam_indexes'}).")");
} else {
goodprint "Key buffer size / total MyISAM indexes: ".hr_bytes($myvar{'key_buffer_size'})."/".hr_bytes($mycalc{'total_myisam_indexes'})."\n";
}
if ($mystat{'Key_read_requests'} > 0) {
if ($mycalc{'pct_keys_from_mem'} < 95) {
badprint "Key buffer hit rate: $mycalc{'pct_keys_from_mem'}% (".hr_num($mystat{'Key_read_requests'})." cached / ".hr_num($mystat{'Key_reads'})." reads)\n";
} else {
goodprint "Key buffer hit rate: $mycalc{'pct_keys_from_mem'}% (".hr_num($mystat{'Key_read_requests'})." cached / ".hr_num($mystat{'Key_reads'})." reads)\n";
}
} else {
# No queries have run that would use keys
}
}
# Query cache
if (!mysql_version_ge(4)) {
# MySQL versions < 4.01 don't support query caching
push(@generalrec,"Upgrade MySQL to version 4+ to utilize query caching");
} elsif ($myvar{'query_cache_size'} < 1) {
badprint "Query cache is disabled\n";
push(@adjvars,"query_cache_size (>= 8M)");
} elsif ($mystat{'Com_select'} == 0) {
badprint "Query cache cannot be analyzed - no SELECT statements executed\n";
} else {
if ($mycalc{'query_cache_efficiency'} < 20) {
badprint "Query cache efficiency: $mycalc{'query_cache_efficiency'}% (".hr_num($mystat{'Qcache_hits'})." cached / ".hr_num($mystat{'Qcache_hits'}+$mystat{'Com_select'})." selects)\n";
push(@adjvars,"query_cache_limit (> ".hr_bytes_rnd($myvar{'query_cache_limit'}).", or use smaller result sets)");
} else {
goodprint "Query cache efficiency: $mycalc{'query_cache_efficiency'}% (".hr_num($mystat{'Qcache_hits'})." cached / ".hr_num($mystat{'Qcache_hits'}+$mystat{'Com_select'})." selects)\n";
}
if ($mycalc{'query_cache_prunes_per_day'} > 98) {
badprint "Query cache prunes per day: $mycalc{'query_cache_prunes_per_day'}\n";
if ($myvar{'query_cache_size'} > 128*1024*1024) {
push(@generalrec,"Increasing the query_cache size over 128M may reduce performance");
push(@adjvars,"query_cache_size (> ".hr_bytes_rnd($myvar{'query_cache_size'}).") [see warning above]");
} else {
push(@adjvars,"query_cache_size (> ".hr_bytes_rnd($myvar{'query_cache_size'}).")");
}
} else {
goodprint "Query cache prunes per day: $mycalc{'query_cache_prunes_per_day'}\n";
}
}
# Sorting
if ($mycalc{'total_sorts'} == 0) {
# For the sake of space, we will be quiet here
# No sorts have run yet
} elsif ($mycalc{'pct_temp_sort_table'} > 10) {
badprint "Sorts requiring temporary tables: $mycalc{'pct_temp_sort_table'}% (".hr_num($mystat{'Sort_merge_passes'})." temp sorts / ".hr_num($mycalc{'total_sorts'})." sorts)\n";
push(@adjvars,"sort_buffer_size (> ".hr_bytes_rnd($myvar{'sort_buffer_size'}).")");
push(@adjvars,"read_rnd_buffer_size (> ".hr_bytes_rnd($myvar{'read_rnd_buffer_size'}).")");
} else {
goodprint "Sorts requiring temporary tables: $mycalc{'pct_temp_sort_table'}% (".hr_num($mystat{'Sort_merge_passes'})." temp sorts / ".hr_num($mycalc{'total_sorts'})." sorts)\n";
}
# Joins
if ($mycalc{'joins_without_indexes_per_day'} > 250) {
badprint "Joins performed without indexes: $mycalc{'joins_without_indexes'}\n";
push(@adjvars,"join_buffer_size (> ".hr_bytes($myvar{'join_buffer_size'}).", or always use indexes with joins)");
push(@generalrec,"Adjust your join queries to always utilize indexes");
} else {
# For the sake of space, we will be quiet here
# No joins have run without indexes
}
# Temporary tables
if ($mystat{'Created_tmp_tables'} > 0) {
if ($mycalc{'pct_temp_disk'} > 25 && $mycalc{'max_tmp_table_size'} < 256*1024*1024) {
badprint "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (".hr_num($mystat{'Created_tmp_disk_tables'})." on disk / ".hr_num($mystat{'Created_tmp_disk_tables'} + $mystat{'Created_tmp_tables'})." total)\n";
push(@adjvars,"tmp_table_size (> ".hr_bytes_rnd($myvar{'tmp_table_size'}).")");
push(@adjvars,"max_heap_table_size (> ".hr_bytes_rnd($myvar{'max_heap_table_size'}).")");
push(@generalrec,"When making adjustments, make tmp_table_size/max_heap_table_size equal");
push(@generalrec,"Reduce your SELECT DISTINCT queries without LIMIT clauses");
} elsif ($mycalc{'pct_temp_disk'} > 25 && $mycalc{'max_tmp_table_size'} >= 256) {
badprint "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (".hr_num($mystat{'Created_tmp_disk_tables'})." on disk / ".hr_num($mystat{'Created_tmp_disk_tables'} + $mystat{'Created_tmp_tables'})." total)\n";
push(@generalrec,"Temporary table size is already large - reduce result set size");
push(@generalrec,"Reduce your SELECT DISTINCT queries without LIMIT clauses");
} else {
goodprint "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (".hr_num($mystat{'Created_tmp_disk_tables'})." on disk / ".hr_num($mystat{'Created_tmp_disk_tables'} + $mystat{'Created_tmp_tables'})." total)\n";
}
} else {
# For the sake of space, we will be quiet here
# No temporary tables have been created
}
# Thread cache
if ($myvar{'thread_cache_size'} eq 0) {
badprint "Thread cache is disabled\n";
push(@generalrec,"Set thread_cache_size to 4 as a starting value");
push(@adjvars,"thread_cache_size (start at 4)");
} else {
if ($mycalc{'thread_cache_hit_rate'} <= 50) {
badprint "Thread cache hit rate: $mycalc{'thread_cache_hit_rate'}% (".hr_num($mystat{'Threads_created'})." created / ".hr_num($mystat{'Connections'})." connections)\n";
push(@adjvars,"thread_cache_size (> $myvar{'thread_cache_size'})");
} else {
goodprint "Thread cache hit rate: $mycalc{'thread_cache_hit_rate'}% (".hr_num($mystat{'Threads_created'})." created / ".hr_num($mystat{'Connections'})." connections)\n";
}
}
# Table cache
if ($mystat{'Open_tables'} > 0) {
if ($mycalc{'table_cache_hit_rate'} < 20) {
badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (".hr_num($mystat{'Open_tables'})." open / ".hr_num($mystat{'Opened_tables'})." opened)\n";
if (mysql_version_ge(5, 1)) {
push(@adjvars,"table_cache (> ".$myvar{'table_open_cache'}.")");
} else {
push(@adjvars,"table_cache (> ".$myvar{'table_cache'}.")");
}
push(@generalrec,"Increase table_cache gradually to avoid file descriptor limits");
} else {
goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (".hr_num($mystat{'Open_tables'})." open / ".hr_num($mystat{'Opened_tables'})." opened)\n";
}
}
# Open files
if (defined $mycalc{'pct_files_open'}) {
if ($mycalc{'pct_files_open'} > 85) {
badprint "Open file limit used: $mycalc{'pct_files_open'}% (".hr_num($mystat{'Open_files'})."/".hr_num($myvar{'open_files_limit'}).")\n";
push(@adjvars,"open_files_limit (> ".$myvar{'open_files_limit'}.")");
} else {
goodprint "Open file limit used: $mycalc{'pct_files_open'}% (".hr_num($mystat{'Open_files'})."/".hr_num($myvar{'open_files_limit'}).")\n";
}
}
# Table locks
if (defined $mycalc{'pct_table_locks_immediate'}) {
if ($mycalc{'pct_table_locks_immediate'} < 95) {
badprint "Table locks acquired immediately: $mycalc{'pct_table_locks_immediate'}%\n";
push(@generalrec,"Optimize queries and/or use InnoDB to reduce lock wait");
} else {
goodprint "Table locks acquired immediately: $mycalc{'pct_table_locks_immediate'}% (".hr_num($mystat{'Table_locks_immediate'})." immediate / ".hr_num($mystat{'Table_locks_waited'}+$mystat{'Table_locks_immediate'})." locks)\n";
}
}
# Performance options
if (!mysql_version_ge(4, 1)) {
push(@generalrec,"Upgrade to MySQL 4.1+ to use concurrent MyISAM inserts");
} elsif ($myvar{'concurrent_insert'} eq "OFF") {
push(@generalrec,"Enable concurrent_insert by setting it to 'ON'");
} elsif ($myvar{'concurrent_insert'} eq 0) {
push(@generalrec,"Enable concurrent_insert by setting it to 1");
}
if ($mycalc{'pct_aborted_connections'} > 5) {
badprint "Connections aborted: ".$mycalc{'pct_aborted_connections'}."%\n";
push(@generalrec,"Your applications are not closing MySQL connections properly");
}
# InnoDB
if (defined $myvar{'have_innodb'} && $myvar{'have_innodb'} eq "YES" && defined $enginestats{'InnoDB'}) {
if ($myvar{'innodb_buffer_pool_size'} > $enginestats{'InnoDB'}) {
goodprint "InnoDB data size / buffer pool: ".hr_bytes($enginestats{'InnoDB'})."/".hr_bytes($myvar{'innodb_buffer_pool_size'})."\n";
} else {
badprint "InnoDB data size / buffer pool: ".hr_bytes($enginestats{'InnoDB'})."/".hr_bytes($myvar{'innodb_buffer_pool_size'})."\n";
push(@adjvars,"innodb_buffer_pool_size (>= ".hr_bytes_rnd($enginestats{'InnoDB'}).")");
}
}
}
# Take the two recommendation arrays and display them at the end of the output
sub make_recommendations {
print "\n-------- Recommendations -----------------------------------------------------\n";
if (@generalrec > 0) {
print "General recommendations:\n";
foreach (@generalrec) { print " ".$_."\n"; }
}
if (@adjvars > 0) {
print "Variables to adjust:\n";
if ($mycalc{'pct_physical_memory'} > 90) {
print " *** MySQL's maximum memory usage is dangerously high ***\n".
" *** Add RAM before increasing MySQL buffer variables ***\n";
}
foreach (@adjvars) { print " ".$_."\n"; }
}
if (@generalrec == 0 && @adjvars ==0) {
print "No additional performance recommendations are available.\n"
}
print "\n";
}
# ---------------------------------------------------------------------------
# BEGIN 'MAIN'
# ---------------------------------------------------------------------------
print "\n >> MySQLTuner $tunerversion - Major Hayden <major\@mhtx.net>\n".
" >> Bug reports, feature requests, and downloads at http://mysqltuner.com/\n".
" >> Run with '--help' for additional options and output filtering\n";
mysql_setup; # Gotta login first
os_setup; # Set up some OS variables
get_all_vars; # Toss variables/status into hashes
validate_tuner_version; # Check current MySQLTuner version
validate_mysql_version; # Check current MySQL version
check_architecture; # Suggest 64-bit upgrade
check_storage_engines; # Show enabled storage engines
security_recommendations; # Display some security recommendations
calculations; # Calculate everything we need
mysql_stats; # Print the server stats
make_recommendations; # Make recommendations based on stats
# ---------------------------------------------------------------------------
# END 'MAIN'
# ---------------------------------------------------------------------------
# Local variables:
# indent-tabs-mode: t
# cperl-indent-level: 8
# perl-indent-level: 8
# End:

15
puppet/mysql/lib/puppet/parser/functions/mysql_password.rb Normal file
View File

@ -0,0 +1,15 @@
# hash a string as mysql's "PASSWORD()" function would do it
require 'digest/sha1'
module Puppet::Parser::Functions
newfunction(:mysql_password, :type => :rvalue, :doc => <<-EOS
Returns the mysql password hash from the clear text password.
EOS
) do |args|
raise(Puppet::ParseError, "mysql_password(): Wrong number of arguments " +
"given (#{args.size} for 1)") if args.size != 1
'*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(args[0])).upcase
end
end

42
puppet/mysql/lib/puppet/provider/database/mysql.rb Normal file
View File

@ -0,0 +1,42 @@
Puppet::Type.type(:database).provide(:mysql) do
desc "Manages MySQL database."
defaultfor :kernel => 'Linux'
optional_commands :mysql => 'mysql'
optional_commands :mysqladmin => 'mysqladmin'
def self.instances
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "show databases").split("\n").collect do |name|
new(:name => name)
end
end
def create
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
end
def destroy
mysqladmin("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-f', 'drop', @resource[:name])
end
def charset
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
end
def charset=(value)
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
end
def exists?
begin
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "show databases").match(/^#{@resource[:name]}$/)
rescue => e
debug(e.message)
return nil
end
end
end

198
puppet/mysql/lib/puppet/provider/database_grant/mysql.rb Normal file
View File

@ -0,0 +1,198 @@
# A grant is either global or per-db. This can be distinguished by the syntax
# of the name:
# user@host => global
# user@host/db => per-db
Puppet::Type.type(:database_grant).provide(:mysql) do
desc "Uses mysql as database."
defaultfor :kernel => 'Linux'
optional_commands :mysql => 'mysql'
optional_commands :mysqladmin => 'mysqladmin'
def self.prefetch(resources)
@user_privs = query_user_privs
@db_privs = query_db_privs
end
def self.user_privs
@user_privs || query_user_privs
end
def self.db_privs
@db_privs || query_db_privs
end
def user_privs
self.class.user_privs
end
def db_privs
self.class.db_privs
end
def self.query_user_privs
results = mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-Be", "describe user")
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
@user_privs = column_names.delete_if { |e| !( e =~/_priv$/) }
end
def self.query_db_privs
results = mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-Be", "describe db")
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
@db_privs = column_names.delete_if { |e| !(e =~/_priv$/) }
end
def mysql_flush
mysqladmin "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "flush-privileges"
end
# this parses the
def split_name(string)
matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact
case matches.length
when 2
{
:type => :user,
:user => matches[0],
:host => matches[1]
}
when 4
{
:type => :db,
:user => matches[0],
:host => matches[1],
:db => matches[3]
}
end
end
def create_row
unless @resource.should(:privileges).empty?
name = split_name(@resource[:name])
case name[:type]
when :user
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
name[:host], name[:user],
]
when :db
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
name[:host], name[:user], name[:db],
]
end
mysql_flush
end
end
def destroy
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
end
def row_exists?
name = split_name(@resource[:name])
fields = [:user, :host]
if name[:type] == :db
fields << :db
end
not mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", '-NBe', 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s=\"%s\"" % [f, name[f]] end.join(' AND ')]).empty?
end
def all_privs_set?
all_privs = case split_name(@resource[:name])[:type]
when :user
user_privs
when :db
db_privs
end
all_privs = all_privs.collect do |p| p.downcase end.sort.join("|")
privs = privileges.collect do |p| p.downcase end.sort.join("|")
all_privs == privs
end
def privileges
name = split_name(@resource[:name])
privs = ""
case name[:type]
when :user
privs = mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-Be", 'select * from mysql.user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
when :db
privs = mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-Be", 'select * from mysql.db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
end
if privs.match(/^$/)
privs = [] # no result, no privs
else
# returns a line with field names and a line with values, each tab-separated
privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end
# transpose the lines, so we have key/value pairs
privs = privs[0].zip(privs[1])
privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end
end
privs.collect do |p| p[0] end
end
def privileges=(privs)
unless row_exists?
create_row
end
# puts "Setting privs: ", privs.join(", ")
name = split_name(@resource[:name])
stmt = ''
where = ''
all_privs = []
case name[:type]
when :user
stmt = 'update user set '
where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ]
all_privs = user_privs
when :db
stmt = 'update db set '
where = ' where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
all_privs = db_privs
end
if privs[0].downcase == 'all'
privs = all_privs
end
# Downcase the requested priviliges for case-insensitive selection
# we don't map! here because the all_privs object has to remain in
# the same case the DB gave it to us in
privs = privs.map { |p| p.downcase }
# puts "stmt:", stmt
set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p.downcase) ? 'Y' : 'N'] end.join(', ')
# puts "set:", set
stmt = stmt << set << where
validate_privs privs, all_privs
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-Be", stmt
mysql_flush
end
def validate_privs(set_privs, all_privs)
all_privs = all_privs.collect { |p| p.downcase }
set_privs = set_privs.collect { |p| p.downcase }
invalid_privs = Array.new
hints = Array.new
# Test each of the user provided privs to see if they exist in all_privs
set_privs.each do |priv|
invalid_privs << priv unless all_privs.include?(priv)
hints << "#{priv}_priv" if all_privs.include?("#{priv}_priv")
end
unless invalid_privs.empty?
# Print a decently helpful and gramatically correct error message
hints = "Did you mean '#{hints.join(',')}'?" unless hints.empty?
p = invalid_privs.size > 1 ? ['s', 'are not valid'] : ['', 'is not valid']
detail = ["The privilege#{p[0]} '#{invalid_privs.join(',')}' #{p[1]}."]
fail [detail, hints].join(' ')
end
end
end

42
puppet/mysql/lib/puppet/provider/database_user/mysql.rb Normal file
View File

@ -0,0 +1,42 @@
Puppet::Type.type(:database_user).provide(:mysql) do
desc "manage users for a mysql database."
defaultfor :kernel => 'Linux'
optional_commands :mysql => 'mysql'
optional_commands :mysqladmin => 'mysqladmin'
def self.instances
users = mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
users.select{ |user| user =~ /.+@/ }.collect do |name|
new(:name => name)
end
end
def create
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
end
def destroy
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
end
def password_hash
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-NBe", "select password from mysql.user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
end
def password_hash=(string)
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
end
def exists?
not mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-NBe", "select '1' from mysql.user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
end
def flush
@property_hash.clear
mysqladmin "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "flush-privileges"
end
end

17
puppet/mysql/lib/puppet/type/database.rb Normal file
View File

@ -0,0 +1,17 @@
# This has to be a separate type to enable collecting
Puppet::Type.newtype(:database) do
@doc = "Manage databases."
ensurable
newparam(:name, :namevar=>true) do
desc "The name of the database."
end
newproperty(:charset) do
desc "The characterset to use for a database"
defaultto :utf8
newvalue(/^\S+$/)
end
end

75
puppet/mysql/lib/puppet/type/database_grant.rb Normal file
View File

@ -0,0 +1,75 @@
# This has to be a separate type to enable collecting
Puppet::Type.newtype(:database_grant) do
@doc = "Manage a database user's rights."
#ensurable
autorequire :database do
# puts "Starting db autoreq for %s" % self[:name]
reqs = []
matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/)
unless matches.nil?
reqs << matches[3]
end
# puts "Autoreq: '%s'" % reqs.join(" ")
reqs
end
autorequire :database_user do
# puts "Starting user autoreq for %s" % self[:name]
reqs = []
matches = self[:name].match(/^([^@]+)@([^\/]+).*$/)
unless matches.nil?
reqs << "%s@%s" % [ matches[1], matches[2] ]
end
# puts "Autoreq: '%s'" % reqs.join(" ")
reqs
end
newparam(:name, :namevar=>true) do
desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges"
end
newproperty(:privileges, :array_matching => :all) do
desc "The privileges the user should have. The possible values are implementation dependent."
def should_to_s(newvalue = @should)
if newvalue
unless newvalue.is_a?(Array)
newvalue = [ newvalue ]
end
newvalue.collect do |v| v.downcase end.sort.join ", "
else
nil
end
end
def is_to_s(currentvalue = @is)
if currentvalue
unless currentvalue.is_a?(Array)
currentvalue = [ currentvalue ]
end
currentvalue.collect do |v| v.downcase end.sort.join ", "
else
nil
end
end
# use the sorted outputs for comparison
def insync?(is)
if defined? @should and @should
case self.should_to_s
when "all"
self.provider.all_privs_set?
when self.is_to_s(is)
true
else
false
end
else
true
end
end
end
end

25
puppet/mysql/lib/puppet/type/database_user.rb Normal file
View File

@ -0,0 +1,25 @@
# This has to be a separate type to enable collecting
Puppet::Type.newtype(:database_user) do
@doc = "Manage a database user. This includes management of users password as well as priveleges"
ensurable
newparam(:name, :namevar=>true) do
desc "The name of the user. This uses the 'username@hostname' or username@hostname."
validate do |value|
# https://dev.mysql.com/doc/refman/5.1/en/account-names.html
# Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
raise(ArgumentError, "Invalid database user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
username = value.split('@')[0]
if username.size > 16
raise ArgumentError, "MySQL usernames are limited to a maximum of 16 characters"
end
end
end
newproperty(:password_hash) do
desc "The password hash of the user. Use mysql_password() for creating such a hash."
newvalue(/\w+/)
end
end

68
puppet/mysql/manifests/backup.pp Normal file
View File

@ -0,0 +1,68 @@
# Class: mysql::backup
#
# This module handles ...
#
# Parameters:
# [*backupuser*] - The name of the mysql backup user.
# [*backuppassword*] - The password of the mysql backup user.
# [*backupdir*] - The target directory of the mysqldump.
#
# Actions:
# GRANT SELECT, RELOAD, LOCK TABLES ON *.* TO 'user'@'localhost'
# IDENTIFIED BY 'password';
#
# Requires:
# Class['mysql::config']
#
# Sample Usage:
# class { 'mysql::backup':
# backupuser => 'myuser',
# backuppassword => 'mypassword',
# backupdir => '/tmp/backups',
# }
#
class mysql::backup (
$backupuser,
$backuppassword,
$backupdir,
$ensure = 'present'
) {
database_user { "${backupuser}@localhost":
ensure => $ensure,
password_hash => mysql_password($backuppassword),
provider => 'mysql',
require => Class['mysql::config'],
}
database_grant { "${backupuser}@localhost":
privileges => [ 'Select_priv', 'Reload_priv', 'Lock_tables_priv', 'Show_view_priv' ],
require => Database_user["${backupuser}@localhost"],
}
cron { 'mysql-backup':
ensure => $ensure,
command => '/usr/local/sbin/mysqlbackup.sh',
user => 'root',
hour => 23,
minute => 5,
require => File['mysqlbackup.sh'],
}
file { 'mysqlbackup.sh':
ensure => $ensure,
path => '/usr/local/sbin/mysqlbackup.sh',
mode => '0700',
owner => 'root',
group => 'root',
content => template('mysql/mysqlbackup.sh.erb'),
}
file { 'mysqlbackupdir':
ensure => 'directory',
path => $backupdir,
mode => '0700',
owner => 'root',
group => 'root',
}
}

134
puppet/mysql/manifests/config.pp Normal file
View File

@ -0,0 +1,134 @@
# Class: mysql::config
#
# Parameters:
#
# [*root_password*] - root user password.
# [*old_root_password*] - previous root user password,
# [*bind_address*] - address to bind service.
# [*port*] - port to bind service.
# [*etc_root_password*] - whether to save /etc/my.cnf.
# [*service_name*] - mysql service name.
# [*config_file*] - my.cnf configuration file path.
# [*socket*] - mysql socket.
# [*datadir*] - path to datadir.
# [*ssl] - enable ssl
# [*ssl_ca] - path to ssl-ca
# [*ssl_cert] - path to ssl-cert
# [*ssl_key] - path to ssl-key
# [*log_error] - path to mysql error log
# [*default_engine] - configure a default table engine
# [*root_group] - use specified group for root-owned files
# [*restart] - whether to restart mysqld (true/false)
#
# Actions:
#
# Requires:
#
# class mysql::server
#
# Usage:
#
# class { 'mysql::config':
# root_password => 'changeme',
# bind_address => $::ipaddress,
# }
#
class mysql::config(
$root_password = 'UNSET',
$old_root_password = '',
$bind_address = $mysql::params::bind_address,
$port = $mysql::params::port,
$etc_root_password = $mysql::params::etc_root_password,
$service_name = $mysql::params::service_name,
$config_file = $mysql::params::config_file,
$socket = $mysql::params::socket,
$pidfile = $mysql::params::pidfile,
$datadir = $mysql::params::datadir,
$ssl = $mysql::params::ssl,
$ssl_ca = $mysql::params::ssl_ca,
$ssl_cert = $mysql::params::ssl_cert,
$ssl_key = $mysql::params::ssl_key,
$log_error = $mysql::params::log_error,
$default_engine = 'UNSET',
$root_group = $mysql::params::root_group,
$restart = $mysql::params::restart
) inherits mysql::params {
File {
owner => 'root',
group => $root_group,
mode => '0400',
notify => $restart ? {
true => Exec['mysqld-restart'],
false => undef,
},
}
if $ssl and $ssl_ca == undef {
fail('The ssl_ca parameter is required when ssl is true')
}
if $ssl and $ssl_cert == undef {
fail('The ssl_cert parameter is required when ssl is true')
}
if $ssl and $ssl_key == undef {
fail('The ssl_key parameter is required when ssl is true')
}
# This kind of sucks, that I have to specify a difference resource for
# restart. the reason is that I need the service to be started before mods
# to the config file which can cause a refresh
exec { 'mysqld-restart':
command => "service ${service_name} restart",
logoutput => on_failure,
refreshonly => true,
path => '/sbin/:/usr/sbin/:/usr/bin/:/bin/',
}
# manage root password if it is set
if $root_password != 'UNSET' {
case $old_root_password {
'': { $old_pw='' }
default: { $old_pw="-p'${old_root_password}'" }
}
exec { 'set_mysql_rootpw':
command => "mysqladmin -u root ${old_pw} password '${root_password}'",
logoutput => true,
unless => "mysqladmin -u root -p'${root_password}' status > /dev/null",
path => '/usr/local/sbin:/usr/bin:/usr/local/bin',
notify => $restart ? {
true => Exec['mysqld-restart'],
false => undef,
},
require => File['/etc/mysql/conf.d'],
}
file { '/root/.my.cnf':
content => template('mysql/my.cnf.pass.erb'),
require => Exec['set_mysql_rootpw'],
}
if $etc_root_password {
file{ '/etc/my.cnf':
content => template('mysql/my.cnf.pass.erb'),
require => Exec['set_mysql_rootpw'],
}
}
}
file { '/etc/mysql':
ensure => directory,
mode => '0755',
}
file { '/etc/mysql/conf.d':
ensure => directory,
mode => '0755',
}
file { $config_file:
content => template('mysql/my.cnf.erb'),
mode => '0644',
}
}

83
puppet/mysql/manifests/db.pp Normal file
View File

@ -0,0 +1,83 @@
# Define: mysql::db
#
# This module creates database instances, a user, and grants that user
# privileges to the database. It can also import SQL from a file in order to,
# for example, initialize a database schema.
#
# Since it requires class mysql::server, we assume to run all commands as the
# root mysql user against the local mysql server.
#
# Parameters:
# [*title*] - mysql database name.
# [*user*] - username to create and grant access.
# [*password*] - user's password.
# [*charset*] - database charset.
# [*host*] - host for assigning privileges to user.
# [*grant*] - array of privileges to grant user.
# [*enforce_sql*] - whether to enforce or conditionally run sql on creation.
# [*sql*] - sql statement to run.
# [*ensure*] - specifies if a database is present or absent.
#
# Actions:
#
# Requires:
#
# class mysql::server
#
# Sample Usage:
#
# mysql::db { 'mydb':
# user => 'my_user',
# password => 'password',
# host => $::hostname,
# grant => ['all']
# }
#
define mysql::db (
$user,
$password,
$charset = 'utf8',
$host = 'localhost',
$grant = 'all',
$sql = '',
$enforce_sql = false,
$ensure = 'present'
) {
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
database { $name:
ensure => $ensure,
charset => $charset,
provider => 'mysql',
require => Class['mysql::server'],
}
database_user { "${user}@${host}":
ensure => $ensure,
password_hash => mysql_password($password),
provider => 'mysql',
require => Database[$name],
}
if $ensure == 'present' {
database_grant { "${user}@${host}/${name}":
privileges => $grant,
provider => 'mysql',
require => Database_user["${user}@${host}"],
}
$refresh = ! $enforce_sql
if $sql {
exec{ "${name}-import":
command => "/usr/bin/mysql ${name} < ${sql}",
logoutput => true,
refreshonly => $refresh,
require => Database_grant["${user}@${host}/${name}"],
subscribe => Database[$name],
}
}
}
}

24
puppet/mysql/manifests/init.pp Normal file
View File

@ -0,0 +1,24 @@
# Class: mysql
#
# This class installs mysql client software.
#
# Parameters:
# [*client_package_name*] - The name of the mysql client package.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class mysql (
$package_name = $mysql::params::client_package_name,
$package_ensure = 'present'
) inherits mysql::params {
package { 'mysql_client':
ensure => $package_ensure,
name => $package_name,
}
}

24
puppet/mysql/manifests/java.pp Normal file
View File

@ -0,0 +1,24 @@
# Class: mysql::java
#
# This class installs the mysql-java-connector.
#
# Parameters:
# [*java_package_name*] - The name of the mysql java package.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class mysql::java (
$package_name = $mysql::params::java_package_name,
$package_ensure = 'present'
) inherits mysql::params {
package { 'mysql-connector-java':
ensure => $package_ensure,
name => $package_name,
}
}

118
puppet/mysql/manifests/params.pp Normal file
View File

@ -0,0 +1,118 @@
# Class: mysql::params
#
# The mysql configuration settings.
#
# Parameters:
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class mysql::params {
$bind_address = '127.0.0.1'
$port = 3306
$etc_root_password = false
$ssl = false
$restart = true
case $::operatingsystem {
'Ubuntu': {
$service_provider = upstart
}
default: {
$service_provider = undef
}
}
case $::osfamily {
'RedHat': {
$basedir = '/usr'
$datadir = '/var/lib/mysql'
$service_name = 'mysqld'
$client_package_name = 'mysql'
$server_package_name = 'mysql-server'
$socket = '/var/lib/mysql/mysql.sock'
$pidfile = '/var/run/mysqld/mysqld.pid'
$config_file = '/etc/my.cnf'
$log_error = '/var/log/mysqld.log'
$ruby_package_name = 'ruby-mysql'
$ruby_package_provider = 'gem'
$python_package_name = 'MySQL-python'
$java_package_name = 'mysql-connector-java'
$root_group = 'root'
$ssl_ca = '/etc/mysql/cacert.pem'
$ssl_cert = '/etc/mysql/server-cert.pem'
$ssl_key = '/etc/mysql/server-key.pem'
}
'Debian': {
$basedir = '/usr'
$datadir = '/var/lib/mysql'
$service_name = 'mysql'
$client_package_name = 'mysql-client'
$server_package_name = 'mysql-server'
$socket = '/var/run/mysqld/mysqld.sock'
$pidfile = '/var/run/mysqld/mysqld.pid'
$config_file = '/etc/mysql/my.cnf'
$log_error = '/var/log/mysql/error.log'
$ruby_package_name = 'libmysql-ruby'
$python_package_name = 'python-mysqldb'
$java_package_name = 'libmysql-java'
$root_group = 'root'
$ssl_ca = '/etc/mysql/cacert.pem'
$ssl_cert = '/etc/mysql/server-cert.pem'
$ssl_key = '/etc/mysql/server-key.pem'
}
'FreeBSD': {
$basedir = '/usr/local'
$datadir = '/var/db/mysql'
$service_name = 'mysql-server'
$client_package_name = 'databases/mysql55-client'
$server_package_name = 'databases/mysql55-server'
$socket = '/tmp/mysql.sock'
$pidfile = '/var/db/mysql/mysql.pid'
$config_file = '/var/db/mysql/my.cnf'
$log_error = "/var/db/mysql/${::hostname}.err"
$ruby_package_name = 'ruby-mysql'
$ruby_package_provider = 'gem'
$python_package_name = 'databases/py-MySQLdb'
$java_package_name = 'databases/mysql-connector-java'
$root_group = 'wheel'
$ssl_ca = undef
$ssl_cert = undef
$ssl_key = undef
}
default: {
case $::operatingsystem {
'Amazon': {
$basedir = '/usr'
$datadir = '/var/lib/mysql'
$service_name = 'mysqld'
$client_package_name = 'mysql'
$server_package_name = 'mysql-server'
$socket = '/var/lib/mysql/mysql.sock'
$config_file = '/etc/my.cnf'
$log_error = '/var/log/mysqld.log'
$ruby_package_name = 'ruby-mysql'
$ruby_package_provider = 'gem'
$python_package_name = 'MySQL-python'
$java_package_name = 'mysql-connector-java'
$root_group = 'root'
$ssl_ca = '/etc/mysql/cacert.pem'
$ssl_cert = '/etc/mysql/server-cert.pem'
$ssl_key = '/etc/mysql/server-key.pem'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only support osfamily RedHat, Debian, and FreeBSD, or operatingsystem Amazon")
}
}
}
}
}

26
puppet/mysql/manifests/python.pp Normal file
View File

@ -0,0 +1,26 @@
# Class: mysql::python
#
# This class installs the python libs for mysql.
#
# Parameters:
# [*ensure*] - ensure state for package.
# can be specified as version.
# [*package_name*] - name of package
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class mysql::python(
$package_name = $mysql::params::python_package_name,
$package_ensure = 'present'
) inherits mysql::params {
package { 'python-mysqldb':
ensure => $package_ensure,
name => $package_name,
}
}

28
puppet/mysql/manifests/ruby.pp Normal file
View File

@ -0,0 +1,28 @@
# Class: mysql::ruby
#
# installs the ruby bindings for mysql
#
# Parameters:
# [*ensure*] - ensure state for package.
# can be specified as version.
# [*package_name*] - name of package
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class mysql::ruby (
$package_name = $mysql::params::ruby_package_name,
$package_provider = $mysql::params::ruby_package_provider,
$package_ensure = 'present'
) inherits mysql::params {
package{ 'ruby_mysql':
ensure => $package_ensure,
name => $package_name,
provider => $package_provider,
}
}

53
puppet/mysql/manifests/server.pp Normal file
View File

@ -0,0 +1,53 @@
# Class: mysql::server
#
# manages the installation of the mysql server. manages the package, service,
# my.cnf
#
# Parameters:
# [*package_name*] - name of package
# [*service_name*] - name of service
# [*config_hash*] - hash of config parameters that need to be set.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class mysql::server (
$package_name = $mysql::params::server_package_name,
$package_ensure = 'present',
$service_name = $mysql::params::service_name,
$service_provider = $mysql::params::service_provider,
$config_hash = {},
$enabled = true,
$manage_service = true
) inherits mysql::params {
Class['mysql::server'] -> Class['mysql::config']
$config_class = { 'mysql::config' => $config_hash }
create_resources( 'class', $config_class )
package { 'mysql-server':
ensure => $package_ensure,
name => $package_name,
}
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
if $manage_service {
service { 'mysqld':
ensure => $service_ensure,
name => $service_name,
enable => $enabled,
require => Package['mysql-server'],
provider => $service_provider,
}
}
}

13
puppet/mysql/manifests/server/account_security.pp Normal file
View File

@ -0,0 +1,13 @@
class mysql::server::account_security {
# Some installations have some default users which are not required.
# We remove them here. You can subclass this class to overwrite this behavior.
database_user { [ "root@${::fqdn}", "root@${::hostname}", 'root@127.0.0.1', 'root@::1',
"@${::fqdn}", "@${::hostname}", '@localhost', '@%' ]:
ensure => 'absent',
require => Class['mysql::config'],
}
database { 'test':
ensure => 'absent',
require => Class['mysql::config'],
}
}

111
puppet/mysql/manifests/server/config.pp Normal file
View File

@ -0,0 +1,111 @@
# Creates a my.cnf like config file in the conf.d/ directory.
#
# IMPORTANT: this should be used AFTER the inclusion of
# mysql::server because it needs some variables
# out of the mysql::config class which will be
# included!
#
# == Parameters:
#
# - name: is the name of the file
# - notify_service: whether to notify the mysql daemon or not (default: true)
# - settings: either a string which should be the content of the file
# or a hash with the following structure
#
# section => {
# <key> => <value>,
# ...
# },
# ...
#
# +section+ means all these sections you can set in
# an configuration file like +mysqld+, +client+,
# +mysqldump+ and so on
# +key+ has to be a valid property which you can set like
# +datadir+, +socket+ or even flags like +read-only+
#
# +value+ can be
# a) a string as the value
# b) +true+ or +false+ to set a flag like 'read-only' or leave
# it out (+false+ means, nothing will be done)
# c) an array of values which can be of type a) and/or b)
#
#
# == Examples:
#
# Easy one:
#
# mysql::server::config { 'basic_config':
# settings => "[mysqld]\nskip-external-locking\n"
# }
#
# This will create the file /etc/mysql/conf.d/basic_config.cnf with
# the following content:
#
# [mysqld]
# skip-external-locking
#
#
# More complex example:
#
# mysql::server::config { 'basic_config':
# settings => {
# 'mysqld' => {
# 'query_cache_limit' => '5M',
# 'query_cache_size' => '128M',
# 'port' => 3300,
# 'skip-external-locking' => true,
# 'replicate-ignore-db' => [
# 'tmp_table',
# 'whateveryouwant'
# ]
# },
#
# 'client' => {
# 'port' => 3300
# }
# }
# }
#
# This will create the file /etc/mysql/conf.d/basic_config.cnf with
# the following content:
#
# [mysqld]
# query_cache_limit = 5M
# query_cache_size = 128M
# port = 3300
# skip-external-locking
# replicate-ignore-db = tmp_table
# replicate-ignore-db = whateveryouwant
#
# [client]
# port = 3300
#
define mysql::server::config (
$settings,
$notify_service = true
) {
include mysql::config
if is_hash($settings) {
$content = template('mysql/my.conf.cnf.erb')
} else {
$content = $settings
}
file { "/etc/mysql/conf.d/${name}.cnf":
ensure => file,
content => $content,
owner => 'root',
group => $mysql::config::root_group,
mode => '0644',
require => Package['mysql-server'],
}
if $notify_service {
File["/etc/mysql/conf.d/${name}.cnf"] {
# XXX notifying the Service gives us a dependency circle but I don't understand why
notify => Exec['mysqld-restart']
}
}
}

19
puppet/mysql/manifests/server/monitor.pp Normal file
View File

@ -0,0 +1,19 @@
class mysql::server::monitor (
$mysql_monitor_username,
$mysql_monitor_password,
$mysql_monitor_hostname
) {
Class['mysql::server'] -> Class['mysql::server::monitor']
database_user{ "${mysql_monitor_username}@${mysql_monitor_hostname}":
ensure => present,
password_hash => mysql_password($mysql_monitor_password),
}
database_grant { "${mysql_monitor_username}@${mysql_monitor_hostname}":
privileges => [ 'process_priv', 'super_priv' ],
require => Mysql_user["${mysql_monitor_username}@${mysql_monitor_hostname}"],
}
}

22
puppet/mysql/manifests/server/mysqltuner.pp Normal file
View File

@ -0,0 +1,22 @@
# Copyright 2009 Larry Ludwig (larrylud@gmail.com)
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
#
class mysql::server::mysqltuner {
# mysql performance tester
file { '/usr/bin/mysqltuner':
ensure => present,
mode => '0550',
source => 'puppet:///modules/mysql/mysqltuner.pl',
}
}

33
puppet/mysql/spec/classes/mysql_backup_spec.rb Normal file
View File

@ -0,0 +1,33 @@
require 'spec_helper'
describe 'mysql::backup' do
let(:params) {
{ 'backupuser' => 'testuser',
'backuppassword' => 'testpass',
'backupdir' => '/tmp',
}
}
it { should contain_database_user('testuser@localhost')}
it { should contain_database_grant('testuser@localhost').with(
:privileges => [ 'Select_priv', 'Reload_priv', 'Lock_tables_priv', 'Show_view_priv' ]
)}
it { should contain_cron('mysql-backup').with(
:command => '/usr/local/sbin/mysqlbackup.sh',
:ensure => 'present'
)}
it { should contain_file('mysqlbackup.sh').with(
:path => '/usr/local/sbin/mysqlbackup.sh',
:ensure => 'present'
)}
it { should contain_file('mysqlbackupdir').with(
:path => '/tmp',
:ensure => 'directory'
)}
end

237
puppet/mysql/spec/classes/mysql_config_spec.rb Normal file
View File

@ -0,0 +1,237 @@
require 'spec_helper'
describe 'mysql::config' do
let :constant_parameter_defaults do
{
:root_password => 'UNSET',
:old_root_password => '',
:bind_address => '127.0.0.1',
:port => '3306',
:etc_root_password => false,
:datadir => '/var/lib/mysql',
:default_engine => 'UNSET',
:ssl => false,
}
end
describe 'with osfamily specific defaults' do
{
'Debian' => {
:datadir => '/var/lib/mysql',
:service_name => 'mysql',
:config_file => '/etc/mysql/my.cnf',
:socket => '/var/run/mysqld/mysqld.sock',
:pidfile => '/var/run/mysqld/mysqld.pid',
:root_group => 'root',
:ssl_ca => '/etc/mysql/cacert.pem',
:ssl_cert => '/etc/mysql/server-cert.pem',
:ssl_key => '/etc/mysql/server-key.pem'
},
'FreeBSD' => {
:datadir => '/var/db/mysql',
:service_name => 'mysql-server',
:config_file => '/var/db/mysql/my.cnf',
:socket => '/tmp/mysql.sock',
:pidfile => '/var/db/mysql/mysql.pid',
:root_group => 'wheel',
},
'Redhat' => {
:datadir => '/var/lib/mysql',
:service_name => 'mysqld',
:config_file => '/etc/my.cnf',
:socket => '/var/lib/mysql/mysql.sock',
:pidfile => '/var/run/mysqld/mysqld.pid',
:root_group => 'root',
:ssl_ca => '/etc/mysql/cacert.pem',
:ssl_cert => '/etc/mysql/server-cert.pem',
:ssl_key => '/etc/mysql/server-key.pem'
}
}.each do |osfamily, osparams|
describe "when osfamily is #{osfamily}" do
let :facts do
{:osfamily => osfamily}
end
describe 'when root password is set' do
let :params do
{:root_password => 'foo'}
end
it { should contain_exec('set_mysql_rootpw').with(
'command' => 'mysqladmin -u root password \'foo\'',
'logoutput' => true,
'unless' => "mysqladmin -u root -p\'foo\' status > /dev/null",
'path' => '/usr/local/sbin:/usr/bin:/usr/local/bin'
)}
it { should contain_file('/root/.my.cnf').with(
'content' => "[client]\nuser=root\nhost=localhost\npassword=foo\n",
'require' => 'Exec[set_mysql_rootpw]'
)}
end
describe 'when root password and old password are set' do
let :params do
{:root_password => 'foo', :old_root_password => 'bar'}
end
it { should contain_exec('set_mysql_rootpw').with(
'command' => 'mysqladmin -u root -p\'bar\' password \'foo\'',
'logoutput' => true,
'unless' => "mysqladmin -u root -p\'foo\' status > /dev/null",
'path' => '/usr/local/sbin:/usr/bin:/usr/local/bin'
)}
end
[
{},
{
:service_name => 'dans_service',
:config_file => '/home/dan/mysql.conf',
:service_name => 'dans_mysql',
:pidfile => '/home/dan/mysql.pid',
:socket => '/home/dan/mysql.sock',
:bind_address => '0.0.0.0',
:port => '3306',
:datadir => '/path/to/datadir',
:default_engine => 'InnoDB',
:ssl => true,
:ssl_ca => '/path/to/cacert.pem',
:ssl_cert => '/path/to/server-cert.pem',
:ssl_key => '/path/to/server-key.pem'
}
].each do |passed_params|
describe "with #{passed_params == {} ? 'default' : 'specified'} parameters" do
let :parameter_defaults do
constant_parameter_defaults.merge(osparams)
end
let :params do
passed_params
end
let :param_values do
parameter_defaults.merge(params)
end
it { should contain_exec('mysqld-restart').with(
:refreshonly => true,
:path => '/sbin/:/usr/sbin/:/usr/bin/:/bin/',
:command => "service #{param_values[:service_name]} restart"
)}
it { should_not contain_exec('set_mysql_rootpw') }
it { should_not contain_file('/root/.my.cnf')}
it { should contain_file('/etc/mysql').with(
'owner' => 'root',
'group' => param_values[:root_group],
'notify' => 'Exec[mysqld-restart]',
'ensure' => 'directory',
'mode' => '0755'
)}
it { should contain_file('/etc/mysql/conf.d').with(
'owner' => 'root',
'group' => param_values[:root_group],
'notify' => 'Exec[mysqld-restart]',
'ensure' => 'directory',
'mode' => '0755'
)}
it { should contain_file(param_values[:config_file]).with(
'owner' => 'root',
'group' => param_values[:root_group],
'notify' => 'Exec[mysqld-restart]',
'mode' => '0644'
)}
it 'should have a template with the correct contents' do
content = param_value(subject, 'file', param_values[:config_file], 'content')
expected_lines = [
"port = #{param_values[:port]}",
"socket = #{param_values[:socket]}",
"pid-file = #{param_values[:pidfile]}",
"datadir = #{param_values[:datadir]}",
"bind-address = #{param_values[:bind_address]}"
]
if param_values[:default_engine] != 'UNSET'
expected_lines = expected_lines | [ "default-storage-engine = #{param_values[:default_engine]}" ]
end
if param_values[:ssl]
expected_lines = expected_lines |
[
"ssl-ca = #{param_values[:ssl_ca]}",
"ssl-cert = #{param_values[:ssl_cert]}",
"ssl-key = #{param_values[:ssl_key]}"
]
end
(content.split("\n") & expected_lines).should == expected_lines
end
end
end
end
end
end
describe 'when etc_root_password is set with password' do
let :facts do
{:osfamily => 'Debian'}
end
let :params do
{:root_password => 'foo', :old_root_password => 'bar', :etc_root_password => true}
end
it { should contain_exec('set_mysql_rootpw').with(
'command' => 'mysqladmin -u root -p\'bar\' password \'foo\'',
'logoutput' => true,
'unless' => "mysqladmin -u root -p\'foo\' status > /dev/null",
'path' => '/usr/local/sbin:/usr/bin:/usr/local/bin'
)}
it { should contain_file('/root/.my.cnf').with(
'content' => "[client]\nuser=root\nhost=localhost\npassword=foo\n",
'require' => 'Exec[set_mysql_rootpw]'
)}
end
describe 'setting etc_root_password should fail on redhat' do
let :facts do
{:osfamily => 'Redhat'}
end
let :params do
{:root_password => 'foo', :old_root_password => 'bar', :etc_root_password => true}
end
it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /Duplicate (declaration|definition)/)
end
end
describe 'unset ssl params should fail when ssl is true on freebsd' do
let :facts do
{:osfamily => 'FreeBSD'}
end
let :params do
{ :ssl => true }
end
it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /required when ssl is true/)
end
end
end

54
puppet/mysql/spec/classes/mysql_init_spec.rb Normal file
View File

@ -0,0 +1,54 @@
require 'spec_helper'
describe 'mysql' do
describe 'on a debian based os' do
let :facts do
{ :osfamily => 'Debian'}
end
it { should contain_package('mysql_client').with(
:name => 'mysql-client',
:ensure => 'present'
)}
end
describe 'on a freebsd based os' do
let :facts do
{ :osfamily => 'FreeBSD'}
end
it { should contain_package('mysql_client').with(
:name => 'databases/mysql55-client',
:ensure => 'present'
)}
end
describe 'on a redhat based os' do
let :facts do
{:osfamily => 'Redhat'}
end
it { should contain_package('mysql_client').with(
:name => 'mysql',
:ensure => 'present'
)}
describe 'when parameters are supplied' do
let :params do
{:package_ensure => 'latest', :package_name => 'mysql_client'}
end
it { should contain_package('mysql_client').with(
:name => 'mysql_client',
:ensure => 'latest'
)}
end
end
describe 'on any other os' do
let :facts do
{:osfamily => 'foo'}
end
it 'should fail' do
expect { subject }.to raise_error(/Unsupported osfamily: foo/)
end
end
end

54
puppet/mysql/spec/classes/mysql_java_spec.rb Normal file
View File

@ -0,0 +1,54 @@
require 'spec_helper'
describe 'mysql::java' do
describe 'on a debian based os' do
let :facts do
{ :osfamily => 'Debian'}
end
it { should contain_package('mysql-connector-java').with(
:name => 'libmysql-java',
:ensure => 'present'
)}
end
describe 'on a freebsd based os' do
let :facts do
{ :osfamily => 'FreeBSD'}
end
it { should contain_package('mysql-connector-java').with(
:name => 'databases/mysql-connector-java',
:ensure => 'present'
)}
end
describe 'on a redhat based os' do
let :facts do
{:osfamily => 'Redhat'}
end
it { should contain_package('mysql-connector-java').with(
:name => 'mysql-connector-java',
:ensure => 'present'
)}
describe 'when parameters are supplied' do
let :params do
{:package_ensure => 'latest', :package_name => 'java-mysql'}
end
it { should contain_package('mysql-connector-java').with(
:name => 'java-mysql',
:ensure => 'latest'
)}
end
end
describe 'on any other os' do
let :facts do
{:osfamily => 'foo'}
end
it 'should fail' do
expect { subject }.to raise_error(/Unsupported osfamily: foo/)
end
end
end

54
puppet/mysql/spec/classes/mysql_python_spec.rb Normal file
View File

@ -0,0 +1,54 @@
require 'spec_helper'
describe 'mysql::python' do
describe 'on a debian based os' do
let :facts do
{ :osfamily => 'Debian'}
end
it { should contain_package('python-mysqldb').with(
:name => 'python-mysqldb',
:ensure => 'present'
)}
end
describe 'on a freebsd based os' do
let :facts do
{ :osfamily => 'FreeBSD'}
end
it { should contain_package('python-mysqldb').with(
:name => 'databases/py-MySQLdb',
:ensure => 'present'
)}
end
describe 'on a redhat based os' do
let :facts do
{:osfamily => 'Redhat'}
end
it { should contain_package('python-mysqldb').with(
:name => 'MySQL-python',
:ensure => 'present'
)}
describe 'when parameters are supplied' do
let :params do
{:package_ensure => 'latest', :package_name => 'python-mysql'}
end
it { should contain_package('python-mysqldb').with(
:name => 'python-mysql',
:ensure => 'latest'
)}
end
end
describe 'on any other os' do
let :facts do
{:osfamily => 'foo'}
end
it 'should fail' do
expect { subject }.to raise_error(/Unsupported osfamily: foo/)
end
end
end

62
puppet/mysql/spec/classes/mysql_ruby_spec.rb Normal file
View File

@ -0,0 +1,62 @@
require 'spec_helper'
describe 'mysql::ruby' do
describe 'on a debian based os' do
let :facts do
{ :osfamily => 'Debian'}
end
it { should contain_package('ruby_mysql').with(
:name => 'libmysql-ruby',
:ensure => 'present',
# TODO is this what we want? does this actually work
# if the provider is blank
:provider => ''
)}
end
describe 'on a freebsd based os' do
let :facts do
{ :osfamily => 'FreeBSD'}
end
it { should contain_package('ruby_mysql').with(
:name => 'ruby-mysql',
:ensure => 'present',
:provider => 'gem'
)}
end
describe 'on a redhat based os' do
let :facts do
{:osfamily => 'Redhat'}
end
it { should contain_package('ruby_mysql').with(
:name => 'ruby-mysql',
:ensure => 'present',
:provider => 'gem'
)}
describe 'when parameters are supplied' do
let :params do
{:package_ensure => 'latest',
:package_provider => 'zypper',
:package_name => 'mysql_ruby'}
end
it { should contain_package('ruby_mysql').with(
:name => 'mysql_ruby',
:ensure => 'latest',
:provider => 'zypper'
)}
end
end
describe 'on any other os' do
let :facts do
{:osfamily => 'foo'}
end
it 'should fail' do
expect { subject }.to raise_error(/Unsupported osfamily: foo/)
end
end
end

40
puppet/mysql/spec/classes/mysql_server_account_security_spec.rb Normal file
View File

@ -0,0 +1,40 @@
require 'spec_helper'
describe 'mysql::server::account_security' do
let :facts do {
:fqdn => 'myhost.mydomain',
:hostname => 'myhost'
}
end
it 'should remove Database_User[root@myhost.mydomain]' do
should contain_database_user('root@myhost.mydomain').with_ensure('absent')
end
it 'should remove Database_User[root@myhost]' do
should contain_database_user('root@myhost').with_ensure('absent')
end
it 'should remove Database_User[root@127.0.0.1]' do
should contain_database_user('root@127.0.0.1').with_ensure('absent')
end
it 'should remove Database_User[root@::1]' do
should contain_database_user('root@::1').with_ensure('absent')
end
it 'should remove Database_User[@myhost.mydomain]' do
should contain_database_user('@myhost.mydomain').with_ensure('absent')
end
it 'should remove Database_User[@myhost]' do
should contain_database_user('@myhost').with_ensure('absent')
end
it 'should remove Database_User[@localhost]' do
should contain_database_user('@localhost').with_ensure('absent')
end
it 'should remove Database_User[@%]' do
should contain_database_user('@%').with_ensure('absent')
end
it 'should remove Database[test]' do
should contain_database('test').with_ensure('absent')
end
end

18
puppet/mysql/spec/classes/mysql_server_monitor_spec.rb Normal file
View File

@ -0,0 +1,18 @@
require 'spec_helper'
describe 'mysql::server::monitor' do
let :facts do
{ :osfamily => 'Debian' }
end
let :pre_condition do
"include 'mysql::server'"
end
let :params do
{
:mysql_monitor_username => 'monitoruser',
:mysql_monitor_password => 'monitorpass',
:mysql_monitor_hostname => 'monitorhost'
}
end
it { should contain_database_user("monitoruser@monitorhost")}
end

98
puppet/mysql/spec/classes/mysql_server_spec.rb Normal file
View File

@ -0,0 +1,98 @@
require 'spec_helper'
describe 'mysql::server' do
let :constant_parameter_defaults do
{:config_hash => {},
:package_ensure => 'present',
:enabled => true,
:manage_service => true
}
end
describe 'when ubuntu use upstart' do
let :facts do
{ :osfamily => 'Debian',
:operatingsystem => 'Ubuntu',
}
end
it { should contain_service('mysqld').with(
:name => 'mysql',
:ensure => 'running',
:enable => 'true',
:provider => 'upstart',
:require => 'Package[mysql-server]'
)}
end
describe 'with osfamily specific defaults' do
{
'Debian' => {
:service_name => 'mysql',
:package_name => 'mysql-server'
},
'FreeBSD' => {
:service_name => 'mysql-server',
:package_name => 'databases/mysql55-server'
},
'Redhat' => {
:service_name => 'mysqld',
:package_name => 'mysql-server'
}
}.each do |osfamily, osparams|
describe "when osfamily is #{osfamily}" do
let :facts do
{ :osfamily => osfamily }
end
[
{},
{
:package_name => 'dans_package',
:package_ensure => 'latest',
:service_name => 'dans_service',
:config_hash => {'root_password' => 'foo'},
:enabled => false,
:manage_service => false
}
].each do |passed_params|
describe "with #{passed_params == {} ? 'default' : 'specified'} parameters" do
let :parameter_defaults do
constant_parameter_defaults.merge(osparams)
end
let :params do
passed_params
end
let :param_values do
parameter_defaults.merge(params)
end
it { should contain_package('mysql-server').with(
:name => param_values[:package_name],
:ensure => param_values[:package_ensure]
)}
it {
if param_values[:manage_service]
should contain_service('mysqld').with(
:name => param_values[:service_name],
:ensure => param_values[:enabled] ? 'running' : 'stopped',
:enable => param_values[:enabled],
:require => 'Package[mysql-server]'
).without_provider
else
should_not contain_service('mysqld')
end
}
end
end
end
end
end
end

42
puppet/mysql/spec/defines/mysql_db_spec.rb Normal file
View File

@ -0,0 +1,42 @@
require 'spec_helper'
describe 'mysql::db', :type => :define do
let(:title) { 'test_db' }
let(:params) {
{ 'user' => 'testuser',
'password' => 'testpass',
}
}
it 'should report an error when ensure is not present or absent' do
params.merge!({'ensure' => 'invalid_val'})
expect { subject }.to raise_error(Puppet::Error,
/invalid_val is not supported for ensure\. Allowed values are 'present' and 'absent'\./)
end
it 'should not notify the import sql exec if no sql script was provided' do
should contain_database('test_db').without_notify
end
it 'should subscribe to database if sql script is given' do
params.merge!({'sql' => 'test_sql'})
should contain_exec('test_db-import').with_subscribe('Database[test_db]')
end
it 'should only import sql script on creation if not enforcing' do
params.merge!({'sql' => 'test_sql', 'enforce_sql' => false})
should contain_exec('test_db-import').with_refreshonly(true)
end
it 'should import sql script on creation if enforcing' do
params.merge!({'sql' => 'test_sql', 'enforce_sql' => true})
should contain_exec('test_db-import').with_refreshonly(false)
end
it 'should not create database and database user' do
params.merge!({'ensure' => 'absent', 'host' => 'localhost'})
should contain_database('test_db').with_ensure('absent')
should contain_database_user('testuser@localhost').with_ensure('absent')
end
end

37
puppet/mysql/spec/defines/mysql_server_config_spec.rb Normal file
View File

@ -0,0 +1,37 @@
require 'spec_helper'
describe 'mysql::server::config', :type => :define do
filename = '/etc/mysql/conf.d/test_config.cnf'
let :facts do
{ :osfamily => 'Debian'}
end
let(:title) { File.basename(filename, '.cnf') }
let(:params) {
{ 'settings' => {
'mysqld' => {
'bind-address' => '0.0.0.0'
}
}
}
}
it 'should notify the mysql daemon' do
should contain_file(filename).with_notify('Exec[mysqld-restart]')
end
it 'should contain config parameter in content' do
should contain_file(filename).with_content("### MANAGED BY PUPPET ###\n[mysqld]\nbind-address = 0.0.0.0\n\n")
end
it 'should not notify the mysql daemon' do
params.merge!({ 'notify_service' => false })
should contain_file(filename).without_notify
end
it 'should require on the mysql-server package' do
should contain_file(filename).with_require('Package[mysql-server]')
end
end

6
puppet/mysql/spec/spec.opts Normal file
View File

@ -0,0 +1,6 @@
--format
s
--colour
--loadby
mtime
--backtrace

1
puppet/mysql/spec/spec_helper.rb Normal file
View File

@ -0,0 +1 @@
require 'puppetlabs_spec_helper/module_spec_helper'

30
puppet/mysql/spec/unit/mysql_password_spec.rb Normal file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env rspec
require 'spec_helper'
describe "the mysql_password function" do
before :all do
Puppet::Parser::Functions.autoloader.loadall
end
before :each do
@scope = Puppet::Parser::Scope.new
end
it "should exist" do
Puppet::Parser::Functions.function("mysql_password").should == "function_mysql_password"
end
it "should raise a ParseError if there is less than 1 arguments" do
lambda { @scope.function_mysql_password([]) }.should( raise_error(Puppet::ParseError))
end
it "should raise a ParseError if there is more than 1 arguments" do
lambda { @scope.function_mysql_password(['foo', 'bar']) }.should( raise_error(Puppet::ParseError))
end
it "should convert password into a hash" do
result = @scope.function_mysql_password(["password"])
result.should(eq('*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19'))
end
end

86
puppet/mysql/spec/unit/puppet/provider/database_grant/mysql_spec.rb Normal file
View File

@ -0,0 +1,86 @@
require 'puppet'
require 'mocha'
require 'spec_helper'
RSpec.configure do |config|
config.mock_with :mocha
end
provider_class = Puppet::Type.type(:database_grant).provider(:mysql)
describe provider_class do
let(:root_home) { '/some/root/home' }
before :each do
@resource = Puppet::Type::Database_grant.new(
{ :privileges => 'all', :provider => 'mysql', :name => 'user@host'}
)
@provider = provider_class.new(@resource)
Facter.stubs(:value).with(:root_home).returns(root_home)
end
it 'should query privilegess from the database' do
provider_class.expects(:mysql) .with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', 'describe user').returns <<-EOT
Field Type Null Key Default Extra
Host char(60) NO PRI
User char(16) NO PRI
Password char(41) NO
Select_priv enum('N','Y') NO N
Insert_priv enum('N','Y') NO N
Update_priv enum('N','Y') NO N
EOT
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', 'describe db').returns <<-EOT
Field Type Null Key Default Extra
Host char(60) NO PRI
Db char(64) NO PRI
User char(16) NO PRI
Select_priv enum('N','Y') NO N
Insert_priv enum('N','Y') NO N
Update_priv enum('N','Y') NO N
EOT
provider_class.user_privs.should == [ 'Select_priv', 'Insert_priv', 'Update_priv' ]
provider_class.db_privs.should == [ 'Select_priv', 'Insert_priv', 'Update_priv' ]
end
it 'should query set priviliges' do
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', 'select * from mysql.user where user="user" and host="host"').returns <<-EOT
Host User Password Select_priv Insert_priv Update_priv
host user Y N Y
EOT
@provider.privileges.should == [ 'Select_priv', 'Update_priv' ]
end
it 'should recognize when all priviliges are set' do
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', 'select * from mysql.user where user="user" and host="host"').returns <<-EOT
Host User Password Select_priv Insert_priv Update_priv
host user Y Y Y
EOT
@provider.all_privs_set?.should == true
end
it 'should recognize when all privileges are not set' do
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', 'select * from mysql.user where user="user" and host="host"').returns <<-EOT
Host User Password Select_priv Insert_priv Update_priv
host user Y N Y
EOT
@provider.all_privs_set?.should == false
end
it 'should be able to set all privileges' do
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-NBe', 'SELECT "1" FROM user WHERE user="user" AND host="host"').returns "1\n"
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("--defaults-file=#{root_home}/.my.cnf", "flush-privileges")
@provider.privileges=(['all'])
end
it 'should be able to set partial privileges' do
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-NBe', 'SELECT "1" FROM user WHERE user="user" AND host="host"').returns "1\n"
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'N', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("--defaults-file=#{root_home}/.my.cnf", "flush-privileges")
@provider.privileges=(['Select_priv', 'Update_priv'])
end
it 'should be case insensitive' do
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-NBe', 'SELECT "1" FROM user WHERE user="user" AND host="host"').returns "1\n"
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("--defaults-file=#{root_home}/.my.cnf", 'flush-privileges')
@provider.privileges=(['SELECT_PRIV', 'insert_priv', 'UpDaTe_pRiV'])
end
end

47
puppet/mysql/templates/my.cnf.erb Normal file
View File

@ -0,0 +1,47 @@
[client]
port = <%= port %>
socket = <%= socket %>
[mysqld_safe]
socket = <%= socket %>
nice = 0
[mysqld]
user = mysql
pid-file = <%= pidfile %>
socket = <%= socket %>
port = <%= port %>
basedir = <%= basedir %>
datadir = <%= datadir %>
tmpdir = /tmp
skip-external-locking
<% if bind_address %>
bind-address = <%= bind_address %>
<% end %>
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
myisam-recover = BACKUP
query_cache_limit = 1M
query_cache_size = 16M
log_error = <%= log_error %>
expire_logs_days = 10
max_binlog_size = 100M
<% if default_engine != 'UNSET' %>
default-storage-engine = <%= default_engine %>
<% end %>
<% if ssl == true %>
ssl-ca = <%= ssl_ca %>
ssl-cert = <%= ssl_cert %>
ssl-key = <%= ssl_key %>
<% end %>
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
[isamchk]
key_buffer = 16M
!includedir /etc/mysql/conf.d/

6
puppet/mysql/templates/my.cnf.pass.erb Normal file
View File

@ -0,0 +1,6 @@
[client]
user=root
host=localhost
<% unless root_password == 'UNSET' -%>
password=<%= root_password %>
<% end -%>

17
puppet/mysql/templates/my.conf.cnf.erb Normal file
View File

@ -0,0 +1,17 @@
### MANAGED BY PUPPET ###
<% settings.sort.each do |section, content| -%>
[<%= section %>]
<% content.sort.each do |key, values| -%>
<% [values].flatten.sort.each do |value| -%>
<%= value == false ? '#' : '' %><%= key -%><%=
case value
when true, false
''
else
" = #{value}"
end
%>
<% end -%>
<% end -%>
<% end -%>

23
puppet/mysql/templates/mysqlbackup.sh.erb Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
#
# MySQL Backup Script
# Dumps mysql databases to a file for another backup tool to pick up.
#
# MySQL code:
# GRANT SELECT, RELOAD, LOCK TABLES ON *.* TO 'user'@'localhost'
# IDENTIFIED BY 'password';
# FLUSH PRIVILEGES;
#
##### START CONFIG ###################################################
USER=<%= backupuser %>
PASS=<%= backuppassword %>
DIR=<%= backupdir %>
##### STOP CONFIG ####################################################
PATH=/usr/bin:/usr/sbin:/bin:/sbin
find $DIR -mtime +30 -exec rm -f {} \;
mysqldump -u${USER} -p${PASS} --opt --flush-logs --single-transaction \
--all-databases | bzcat -zc > ${DIR}/mysql_backup_`date +%Y%m%d-%H%M%S`.sql.bz2

8
puppet/mysql/tests/backup.pp Normal file
View File

@ -0,0 +1,8 @@
class { 'mysql::server':
config_hash => {'root_password' => 'password'}
}
class { 'mysql::backup':
backupuser => 'myuser',
backuppassword => 'mypassword',
backupdir => '/tmp/backups',
}

1
puppet/mysql/tests/init.pp Normal file
View File

@ -0,0 +1 @@
include mysql

1
puppet/mysql/tests/java.pp Normal file
View File

@ -0,0 +1 @@
class { 'mysql::java':}

12
puppet/mysql/tests/mysql_database.pp Normal file
View File

@ -0,0 +1,12 @@
class { 'mysql::server':
config_hash => {'root_password' => 'password'}
}
database{ ['test1', 'test2', 'test3']:
ensure => present,
charset => 'utf8',
require => Class['mysql::server'],
}
database{ 'test4':
ensure => present,
charset => 'latin1',
}

3
puppet/mysql/tests/mysql_grant.pp Normal file
View File

@ -0,0 +1,3 @@
database_grant{'test1@localhost/redmine':
privileges => [update],
}

23
puppet/mysql/tests/mysql_user.pp Normal file
View File

@ -0,0 +1,23 @@
$mysql_root_pw = 'password'
class { 'mysql::server':
config_hash => {
root_password => 'password',
}
}
database_user{ 'redmine@localhost':
ensure => present,
password_hash => mysql_password('redmine'),
require => Class['mysql::server'],
}
database_user{ 'dan@localhost':
ensure => present,
password_hash => mysql_password('blah')
}
database_user{ 'dan@%':
ensure => present,
password_hash => mysql_password('blah'),
}

1
puppet/mysql/tests/python.pp Normal file
View File

@ -0,0 +1 @@
class { 'mysql::python':}

1
puppet/mysql/tests/ruby.pp Normal file
View File

@ -0,0 +1 @@
include mysql::ruby

3
puppet/mysql/tests/server.pp Normal file
View File

@ -0,0 +1,3 @@
class { 'mysql::server':
config_hash => { 'root_password' => 'password', },
}

4
puppet/mysql/tests/server/account_security.pp Normal file
View File

@ -0,0 +1,4 @@
class { 'mysql::server':
config_hash => { 'root_password' => 'password', },
}
class { 'mysql::server::account_security': }

11
puppet/mysql/tests/server/config.pp Normal file
View File

@ -0,0 +1,11 @@
mysql::server::config { 'testfile':
settings => {
'mysqld' => {
'bind-address' => '0.0.0.0',
'read-only' => true,
},
'client' => {
'port' => '3306'
}
}
}

6
puppet/rabbitmq/.fixtures.yml Normal file
View File

@ -0,0 +1,6 @@
fixtures:
repositories:
"stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git"
"apt": "git://github.com/puppetlabs/puppetlabs-apt.git"
symlinks:
"rabbitmq": "#{source_dir}"

5
puppet/rabbitmq/.gemfile Normal file
View File

@ -0,0 +1,5 @@
source :rubygems
puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 2.7']
gem 'puppet', puppetversion
gem 'puppetlabs_spec_helper', '>= 0.1.0'

16
puppet/rabbitmq/.travis.yml Normal file
View File

@ -0,0 +1,16 @@
language: ruby
rvm:
- 1.8.7
before_script:
after_script:
script: "rake spec"
branches:
only:
- master
env:
- PUPPET_VERSION=2.7.13
- PUPPET_VERSION=2.7.6
- PUPPET_VERSION=2.6.9
notifications:
email: false
gemfile: .gemfile

24
puppet/rabbitmq/CHANGELOG Normal file
View File

@ -0,0 +1,24 @@
* 2012-05-03 2.0.0
- added support for new-style admin users
- added support for rabbitmq 2.7.1
* 2011-06-14 Dan Bode <dan@Puppetlabs.com> 2.0.0rc1
- Massive refactor:
- added native types for user/vhost/user_permissions
- added apt support for vendor packages
- added smoke tests
* 2011-04-08 Jeff McCune <jeff@puppetlabs.com> 1.0.4
- Update module for RabbitMQ 2.4.1 and rabbitmq-plugin-stomp package.
2011-03-24 1.0.3
- Initial release to the forge. Reviewed by Cody. Whitespace is good.
2011-03-22 1.0.2
- Whitespace only fix again... ack '\t' is my friend...
2011-03-22 1.0.1
- Whitespace only fix.
2011-03-22 1.0.0
- Initial Release. Manage the package, file and service.

201
puppet/rabbitmq/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

12
puppet/rabbitmq/Modulefile Normal file
View File

@ -0,0 +1,12 @@
name 'puppetlabs-rabbitmq'
version '2.0.1'
source 'git://github.com/puppetlabs/puppetlabs-rabbitmq.git'
author 'puppetlabs'
license 'Apache'
summary 'RabbitMQ Puppet Module'
description 'This module manages RabbitMQ. Tested on Debian/Ubuntu'
project_page 'http://github.com/puppetlabs/puppetlabs-rabbitmq'
## Add dependencies, if any:
dependency 'puppetlabs/stdlib', '>= 2.0.0'
dependency 'puppetlabs/apt', '>= 0.0.3'

71
puppet/rabbitmq/README.md Normal file
View File

@ -0,0 +1,71 @@
# RabbitMQ Puppet Module
This module manages the RabbitMQ Middleware service.
This module has been tested against 2.7.1 and is known to not support
all features against earlier versions.
### Authors
* Jeff McCune <jeff@puppetlabs.com>
* Dan Bode <dan@puppetlabs.com>
## Classes
This module provides its core functionality through two main classes:
### rabbitmq::repo::apt
Sets up an apt repo source for the vendor rabbitmq packages
class { 'rabbitmq::repo::apt':
pin => 900,
before => Class['rabbitmq::server']
}
### rabbitmq::server
Class for installing rabbitmq-server:
class { 'rabbitmq::server':
port => '5673',
delete_guest_user => true,
}
## Native Types
**NOTE:** Unfortunately, you must specify the provider explicitly for these types
### rabbitmq_user
query all current users: `$ puppet resource rabbitmq_user`
rabbitmq_user { 'dan':
admin => true,
password => 'bar',
provider => 'rabbitmqctl',
}
### rabbitmq_vhost
query all current vhosts: `$ puppet resource rabbitmq_vhost`
rabbitmq_vhost { 'myhost':
ensure => present,
provider => 'rabbitmqctl',
}
### rabbitmq\_user\_permissions
rabbitmq_user_permissions { 'dan@myhost':
configure_permission => '.*',
read_permission => '.*',
write_permission => '.*',
provider => 'rabbitmqctl',
}
### rabbitmq_plugin
query all currently enabled plugins `$ puppet resource rabbitmq_plugin`
rabbitmq_plugin {'rabbitmq_stomp':
ensure => present,
provider => 'rabbitmqplugins',
}

1
puppet/rabbitmq/Rakefile Normal file
View File

@ -0,0 +1 @@
require 'puppetlabs_spec_helper/rake_tasks'

10
puppet/rabbitmq/TODO Normal file
View File

@ -0,0 +1,10 @@
provider TODO -
- password should be a property and not a param
- what if we tried to log in as that user?
- can permissions from list_user_permissions contain whitespace?
- what about defaultfor :true?
- prefetching for performance
- rabbit plugin should require rabbitmq class
- rabbitmq class should be renamed server??
- service name should default to -server
- cannot find stomp package

22
puppet/rabbitmq/files/README.markdown Normal file
View File

@ -0,0 +1,22 @@
Files
=====
Puppet comes with both a client and server for copying files around. The file
serving function is provided as part of the central Puppet daemon,
puppetmasterd, and the client function is used through the source attribute of
file objects. Learn more at
http://projects.puppetlabs.com/projects/puppet/wiki/File_Serving_Configuration
You can use managed files like this:
class myclass {
package { mypackage: ensure => latest }
service { myservice: ensure => running }
file { "/etc/myfile":
source => "puppet://$servername/modules/mymodule/myfile"
}
}
The files are searched for in:
$modulepath/mymodule/files/myfile

BIN
puppet/rabbitmq/files/plugins/amqp_client-2.3.1.ez Normal file
View File

Binary file not shown.

BIN
puppet/rabbitmq/files/plugins/rabbit_stomp-2.3.1.ez Normal file
View File

Binary file not shown.

22
puppet/rabbitmq/lib/puppet/provider/rabbitmq_plugin/default.rb Normal file
View File

@ -0,0 +1,22 @@
Puppet::Type.type(:rabbitmq_plugin).provide(:default) do
def self.instances
[]
end
def create
default_fail
end
def destroy
default_fail
end
def exists?
default_fail
end
def default_fail
fail('This is just the default provider for rabbitmq_plugin, all it does is fail')
end
end

30
puppet/rabbitmq/lib/puppet/provider/rabbitmq_plugin/rabbitmqplugins.rb Normal file
View File

@ -0,0 +1,30 @@
Puppet::Type.type(:rabbitmq_plugin).provide(:rabbitmqplugins) do
commands :rabbitmqplugins => 'rabbitmq-plugins'
defaultfor :feature => :posix
def self.instances
rabbitmqplugins('list', '-E').split(/\n/).map do |line|
if line.split(/\s+/)[1] =~ /^(\S+)$/
new(:name => $1)
else
raise Puppet::Error, "Cannot parse invalid plugins line: #{line}"
end
end
end
def create
rabbitmqplugins('enable', resource[:name])
end
def destroy
rabbitmqplugins('disable', resource[:name])
end
def exists?
out = rabbitmqplugins('list', '-E').split(/\n/).detect do |line|
line.split(/\s+/)[1].match(/^#{resource[:name]}$/)
end
end
end

22
puppet/rabbitmq/lib/puppet/provider/rabbitmq_user/default.rb Normal file
View File

@ -0,0 +1,22 @@
Puppet::Type.type(:rabbitmq_user).provide(:default) do
def self.instances
[]
end
def create
default_fail
end
def destroy
default_fail
end
def exists?
default_fail
end
def default_fail
fail('This is just the default provider for rabbitmq_user, all it does is fail')
end
end

59
puppet/rabbitmq/lib/puppet/provider/rabbitmq_user/rabbitmqctl.rb Normal file
View File

@ -0,0 +1,59 @@
require 'puppet'
Puppet::Type.type(:rabbitmq_user).provide(:rabbitmqctl) do
optional_commands :rabbitmqctl => 'rabbitmqctl'
defaultfor :feature => :posix
def self.instances
rabbitmqctl('list_users').split(/\n/)[1..-2].collect do |line|
if line =~ /^(\S+)(\s+\S+|)$/
new(:name => $1)
else
raise Puppet::Error, "Cannot parse invalid user line: #{line}"
end
end
end
def create
rabbitmqctl('add_user', resource[:name], resource[:password])
if resource[:admin] == :true
make_user_admin()
end
end
def destroy
rabbitmqctl('delete_user', resource[:name])
end
def exists?
out = rabbitmqctl('list_users').split(/\n/)[1..-2].detect do |line|
line.match(/^#{resource[:name]}(\s+\S+|)$/)
end
end
# def password
# def password=()
def admin
match = rabbitmqctl('list_users').split(/\n/)[1..-2].collect do |line|
line.match(/^#{resource[:name]}\s+\[(administrator)?\]/)
end.compact.first
if match
(:true if match[1].to_s == 'administrator') || :false
else
raise Puppet::Error, "Could not match line '#{resource[:name]} (true|false)' from list_users (perhaps you are running on an older version of rabbitmq that does not support admin users?)"
end
end
def admin=(state)
if state == :true
make_user_admin()
else
rabbitmqctl('set_user_tags', resource[:name])
end
end
def make_user_admin
rabbitmqctl('set_user_tags', resource[:name], 'administrator')
end
end

18
puppet/rabbitmq/lib/puppet/provider/rabbitmq_user_permissions/default.rb Normal file
View File

@ -0,0 +1,18 @@
Puppet::Type.type(:rabbitmq_user_permissions).provide(:default) do
def create
default_fail
end
def destroy
default_fail
end
def exists?
default_fail
end
def default_fail
fail('This is just the default provider for rabbitmq_user, all it does is fail')
end
end

102
puppet/rabbitmq/lib/puppet/provider/rabbitmq_user_permissions/rabbitmqctl.rb Normal file
View File

@ -0,0 +1,102 @@
Puppet::Type.type(:rabbitmq_user_permissions).provide(:rabbitmqctl) do
optional_commands :rabbitmqctl => 'rabbitmqctl'
defaultfor :feature=> :posix
#def self.instances
#
#end
# cache users permissions
def self.users(name, vhost)
@users = {} unless @users
unless @users[name]
@users[name] = {}
out = rabbitmqctl('list_user_permissions', name).split(/\n/)[1..-2].each do |line|
if line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/
@users[name][$1] =
{:configure => $2, :read => $3, :write => $4}
else
raise Puppet::Error, "cannot parse line from list_user_permissions:#{line}"
end
end
end
@users[name][vhost]
end
def users(name, vhost)
self.class.users(name, vhost)
end
def should_user
if @should_user
@should_user
else
@should_user = resource[:name].split('@')[0]
end
end
def should_vhost
if @should_vhost
@should_vhost
else
@should_vhost = resource[:name].split('@')[1]
end
end
def create
resource[:configure_permission] ||= "''"
resource[:read_permission] ||= "''"
resource[:write_permission] ||= "''"
rabbitmqctl('set_permissions', '-p', should_vhost, should_user, resource[:configure_permission], resource[:read_permission], resource[:write_permission])
end
def destroy
rabbitmqctl('clear_permissions', '-p', should_vhost, should_user)
end
# I am implementing prefetching in exists b/c I need to be sure
# that the rabbitmq package is installed before I make this call.
def exists?
users(should_user, should_vhost)
end
def configure_permission
users(should_user, should_vhost)[:configure]
end
def configure_permission=(perm)
set_permissions
end
def read_permission
users(should_user, should_vhost)[:read]
end
def read_permission=(perm)
set_permissions
end
def write_permission
users(should_user, should_vhost)[:write]
end
def write_permission=(perm)
set_permissions
end
# implement memoization so that we only call set_permissions once
def set_permissions
unless @permissions_set
@permissions_set = true
resource[:configure_permission] ||= configure_permission
resource[:read_permission] ||= read_permission
resource[:write_permission] ||= write_permission
rabbitmqctl('set_permissions', '-p', should_vhost, should_user,
resource[:configure_permission], resource[:read_permission],
resource[:write_permission]
)
end
end
end

22
puppet/rabbitmq/lib/puppet/provider/rabbitmq_vhost/default.rb Normal file
View File

@ -0,0 +1,22 @@
Puppet::Type.type(:rabbitmq_vhost).provide(:default) do
def self.instances
[]
end
def create
default_fail
end
def destroy
default_fail
end
def exists?
default_fail
end
def default_fail
fail('This is just the default provider for rabbitmq_vhost, all it does is fail')
end
end

30
puppet/rabbitmq/lib/puppet/provider/rabbitmq_vhost/rabbitmqctl.rb Normal file
View File

@ -0,0 +1,30 @@
Puppet::Type.type(:rabbitmq_vhost).provide(:rabbitmqctl) do
optional_commands :rabbitmqctl => 'rabbitmqctl'
defaultfor :feature => :posix
def self.instances
rabbitmqctl('list_vhosts').split(/\n/)[1..-2].map do |line|
if line =~ /^(\S+)$/
new(:name => $1)
else
raise Puppet::Error, "Cannot parse invalid user line: #{line}"
end
end
end
def create
rabbitmqctl('add_vhost', resource[:name])
end
def destroy
rabbitmqctl('delete_vhost', resource[:name])
end
def exists?
out = rabbitmqctl('list_vhosts').split(/\n/)[1..-2].detect do |line|
line.match(/^#{resource[:name]}$/)
end
end
end

19
puppet/rabbitmq/lib/puppet/type/rabbitmq_plugin.rb Normal file
View File

@ -0,0 +1,19 @@
Puppet::Type.newtype(:rabbitmq_plugin) do
desc 'manages rabbitmq plugins'
ensurable do
defaultto(:present)
newvalue(:present) do
provider.create
end
newvalue(:absent) do
provider.destroy
end
end
newparam(:name, :namevar => true) do
'name of the plugin to enable'
newvalues(/^\S+$/)
end
end

40
puppet/rabbitmq/lib/puppet/type/rabbitmq_user.rb Normal file
View File

@ -0,0 +1,40 @@
Puppet::Type.newtype(:rabbitmq_user) do
desc 'Native type for managing rabbitmq users'
ensurable do
defaultto(:present)
newvalue(:present) do
provider.create
end
newvalue(:absent) do
provider.destroy
end
end
newparam(:name, :namevar => true) do
desc 'Name of user'
newvalues(/^\S+$/)
end
# newproperty(:password) do
newparam(:password) do
desc 'User password to be set *on creation*'
end
newproperty(:admin) do
desc 'rather or not user should be an admin'
newvalues(/true|false/)
munge do |value|
# converting to_s incase its a boolean
value.to_s.to_sym
end
defaultto :false
end
validate do
if self[:ensure] == :present and ! self[:password]
raise ArgumentError, 'must set password when creating user' unless self[:password]
end
end
end

57
puppet/rabbitmq/lib/puppet/type/rabbitmq_user_permissions.rb Normal file
View File

@ -0,0 +1,57 @@
Puppet::Type.newtype(:rabbitmq_user_permissions) do
desc 'Type for managing rabbitmq user permissions'
ensurable do
defaultto(:present)
newvalue(:present) do
provider.create
end
newvalue(:absent) do
provider.destroy
end
end
newparam(:name, :namevar => true) do
'combination of user@vhost to grant privileges to'
newvalues(/^\S+@\S+$/)
end
newproperty(:configure_permission) do
desc 'regexp representing configuration permissions'
validate do |value|
resource.validate_permissions(value)
end
end
newproperty(:read_permission) do
desc 'regexp representing read permissions'
validate do |value|
resource.validate_permissions(value)
end
end
newproperty(:write_permission) do
desc 'regexp representing write permissions'
validate do |value|
resource.validate_permissions(value)
end
end
autorequire(:rabbitmq_vhost) do
[self[:name].split('@')[1]]
end
autorequire(:rabbitmq_user) do
[self[:name].split('@')[0]]
end
# I may want to dissalow whitespace
def validate_permissions(value)
begin
Regexp.new(value)
rescue RegexpError
raise ArgumentError, "Invalid regexp #{value}"
end
end
end

19
puppet/rabbitmq/lib/puppet/type/rabbitmq_vhost.rb Normal file
View File

@ -0,0 +1,19 @@
Puppet::Type.newtype(:rabbitmq_vhost) do
desc 'manages rabbitmq vhosts'
ensurable do
defaultto(:present)
newvalue(:present) do
provider.create
end
newvalue(:absent) do
provider.destroy
end
end
newparam(:name, :namevar => true) do
'name of the vhost to add'
newvalues(/^\S+$/)
end
end

28
puppet/rabbitmq/manifests/repo/apt.pp Normal file
View File

@ -0,0 +1,28 @@
# sets up the vmware hosted apt repo
# requires
# puppetlabs-apt
# puppetlabs-stdlib
class rabbitmq::repo::apt(
$pin = undef
) {
Class['rabbitmq::repo::apt'] -> Package<| title == 'rabbitmq-server' |>
apt::source { 'rabbitmq':
location => 'http://www.rabbitmq.com/debian/',
release => 'testing',
repos => 'main',
include_src => false,
key => 'RabbitMQ Release Signing Key <info@rabbitmq.com>',
key_content => template('rabbitmq/rabbit.pub.key'),
pin => $pin,
}
if ! ($pin == undef) {
validate_re($pin, '\d\d\d')
apt::pin { 'rabbitmq':
packages => 'rabbitmq-server',
priority => $pin,
}
}
}

138
puppet/rabbitmq/manifests/server.pp Normal file
View File

@ -0,0 +1,138 @@
# Class: rabbitmq::server
#
# This module manages the installation and config of the rabbitmq server
# it has only been tested on certain version of debian-ish systems
# Parameters:
# [*port*] - port where rabbitmq server is hosted
# [*delete_guest_user*] - rather or not to delete the default user
# [*version*] - version of rabbitmq-server to install
# [*package_name*] - name of rabbitmq package
# [*service_name*] - name of rabbitmq service
# [*service_ensure*] - desired ensure state for service
# [*stomp_port*] - port stomp should be listening on
# [*node_ip_address*] - ip address for rabbitmq to bind to
# [*config*] - contents of config file
# [*env_config*] - contents of env-config file
# Requires:
# stdlib
# Sample Usage:
#
#
#
#
# [Remember: No empty lines between comments and class definition]
class rabbitmq::server(
$port = '5672',
$inet_dist_listen_min = '41055',
$inet_dist_listen_max = '41055',
$delete_guest_user = false,
$package_name = 'rabbitmq-server',
$version = 'UNSET',
$service_name = 'rabbitmq-server',
$service_ensure = 'running',
$config_stomp = false,
$stomp_port = '6163',
$config_cluster = false,
$cluster_disk_nodes = [],
$node_ip_address = 'UNSET',
$config='UNSET',
$env_config='UNSET'
) {
validate_bool($delete_guest_user, $config_stomp)
validate_re($port, '\d+')
validate_re($stomp_port, '\d+')
if $version == 'UNSET' {
$version_real = '2.4.1'
$pkg_ensure_real = 'present'
} else {
$version_real = $version
$pkg_ensure_real = $version
}
if $config == 'UNSET' {
$config_real = template("${module_name}/rabbitmq.config")
} else {
$config_real = $config
}
if $env_config == 'UNSET' {
$env_config_real = template("${module_name}/rabbitmq-env.conf.erb")
} else {
$env_config_real = $env_config
}
$plugin_dir = "/usr/lib/rabbitmq/lib/rabbitmq_server-${version_real}/plugins"
$erlang_cookie_content = 'EOKOWXQREETZSHFNTPEY'
if $::osfamily == 'RedHat' {
package { 'qpid-cpp-server':
ensure => 'purged',
before => Package[$package_name]
}
}
package { $package_name:
ensure => $pkg_ensure_real,
notify => Class['rabbitmq::service'],
}
file { '/etc/rabbitmq':
ensure => directory,
owner => '0',
group => '0',
mode => '0644',
require => Package[$package_name],
}
file { 'rabbitmq.config':
ensure => file,
path => '/etc/rabbitmq/rabbitmq.config',
content => $config_real,
owner => '0',
group => '0',
mode => '0644',
notify => Class['rabbitmq::service'],
require => File['erlang_cookie']
}
file { 'rabbitmq-env.config':
ensure => file,
path => '/etc/rabbitmq/rabbitmq-env.conf',
content => $env_config_real,
owner => '0',
group => '0',
mode => '0644',
notify => Class['rabbitmq::service'],
}
class { 'rabbitmq::service':
service_name => $service_name,
ensure => $service_ensure,
}
exec { 'rabbitmq_stop':
command => '/etc/init.d/rabbitmq-server stop; /bin/rm -rf /var/lib/rabbitmq/mnesia',
require => Package[$package_name],
unless => "/bin/grep -qx ${erlang_cookie_content} /var/lib/rabbitmq/.erlang.cookie"
}
file { 'erlang_cookie':
path =>"/var/lib/rabbitmq/.erlang.cookie",
owner => rabbitmq,
group => rabbitmq,
mode => '0400',
content => $erlang_cookie_content,
replace => true,
#notify => Class['rabbitmq::service'],
require => Exec['rabbitmq_stop'],
}
if $delete_guest_user {
# delete the default guest user
rabbitmq_user{ 'guest':
ensure => absent,
provider => 'rabbitmqctl',
}
}
}

40
puppet/rabbitmq/manifests/service.pp Normal file
View File

@ -0,0 +1,40 @@
# Class: rabbitmq::service
#
# This class manages the rabbitmq server service itself.
#
# Jeff McCune <jeff@puppetlabs.com>
#
#
# Parameters:
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class rabbitmq::service(
$service_name = 'rabbitmq-server',
$ensure='running'
) {
validate_re($ensure, '^(running|stopped)$')
if $ensure == 'running' {
Class['rabbitmq::service'] -> Rabbitmq_user<| |>
Class['rabbitmq::service'] -> Rabbitmq_vhost<| |>
Class['rabbitmq::service'] -> Rabbitmq_user_permissions<| |>
$ensure_real = 'running'
$enable_real = true
} else {
$ensure_real = 'stopped'
$enable_real = false
}
service { $service_name:
ensure => $ensure_real,
enable => $enable_real,
hasstatus => true,
hasrestart => true,
}
}

7
puppet/rabbitmq/spec/README.markdown Normal file
View File

@ -0,0 +1,7 @@
Specs
=====
The Puppet project uses RSpec for testing.
For more information on RSpec, see http://rspec.info/

88
puppet/rabbitmq/spec/classes/rabbitmq_server_spec.rb Normal file
View File

@ -0,0 +1,88 @@
require 'spec_helper'
describe 'rabbitmq::server' do
let :facts do
# Needed for statement in rabbitmq.config template.
{ :puppetversion => '2.7.14' }
end
describe 'package with default params' do
it { should contain_package('rabbitmq-server').with(
'ensure' => 'present'
) }
end
describe 'package with specified ensure' do
let :params do
{ :version => "2.3.0" }
end
it { should contain_package('rabbitmq-server').with(
'ensure' => '2.3.0'
) }
end
describe 'not deleting guest user by default' do
it { should_not contain_rabbitmq_user('guest') }
end
describe 'deleting guest user' do
let :params do
{ :delete_guest_user => true }
end
it { should contain_rabbitmq_user('guest').with(
'ensure' => 'absent',
'provider' => 'rabbitmqctl'
) }
end
describe 'default service include' do
it { should contain_class('rabbitmq::service').with(
'service_name' => 'rabbitmq-server',
'ensure' => 'running'
) }
end
describe 'overriding service paramters' do
let :params do
{ 'service_name' => 'custom-rabbitmq-server',
'service_ensure' => 'stopped'
}
end
it { should contain_class('rabbitmq::service').with(
'service_name' => 'custom-rabbitmq-server',
'ensure' => 'stopped'
) }
end
describe 'specifing node_ip_address' do
let :params do
{ :node_ip_address => '172.0.0.1' }
end
it 'should set RABBITMQ_NODE_IP_ADDRESS to specified value' do
verify_contents(subject, 'rabbitmq-env.config',
['RABBITMQ_NODE_IP_ADDRESS=172.0.0.1'])
end
end
describe 'not configuring stomp by default' do
it 'should not specify stomp parameters in rabbitmq.config' do
verify_contents(subject, 'rabbitmq.config',
['[].'])
end
end
describe 'configuring stomp' do
let :params do
{ :config_stomp => true,
:stomp_port => 5679
}
end
it 'should specify stomp port in rabbitmq.config' do
verify_contents(subject, 'rabbitmq.config',
['[ {rabbitmq_stomp, [{tcp_listeners, [5679]} ]} ].'])
end
end
end

0
puppet/rabbitmq/spec/fixtures/manifests/site.pp vendored Normal file
View File

6
puppet/rabbitmq/spec/spec.opts Normal file
View File

@ -0,0 +1,6 @@
--format
s
--colour
--loadby
mtime
--backtrace

1
puppet/rabbitmq/spec/spec_helper.rb Normal file
View File

@ -0,0 +1 @@
require 'puppetlabs_spec_helper/module_spec_helper'

103
puppet/rabbitmq/spec/unit/puppet/provider/rabbitmq_user/rabbitmqctl_spec.rb Normal file
View File

@ -0,0 +1,103 @@
require 'puppet'
require 'mocha'
RSpec.configure do |config|
config.mock_with :mocha
end
provider_class = Puppet::Type.type(:rabbitmq_user).provider(:rabbitmqctl)
describe provider_class do
before :each do
@resource = Puppet::Type::Rabbitmq_user.new(
{:name => 'foo', :password => 'bar'}
)
@provider = provider_class.new(@resource)
end
it 'should match user names' do
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
foo
...done.
EOT
@provider.exists?.should == 'foo'
end
it 'should match user names with 2.4.1 syntax' do
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
foo bar
...done.
EOT
@provider.exists?.should == 'foo bar'
end
it 'should not match if no users on system' do
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
...done.
EOT
@provider.exists?.should be_nil
end
it 'should not match if no matching users on system' do
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
fooey
...done.
EOT
@provider.exists?.should be_nil
end
it 'should match user names from list' do
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
one
two three
foo
bar
...done.
EOT
@provider.exists?.should == 'foo'
end
it 'should create user and set password' do
@resource[:password] = 'bar'
@provider.expects(:rabbitmqctl).with('add_user', 'foo', 'bar')
@provider.create
end
it 'shoud create user, set password and set to admin' do
@resource[:password] = 'bar'
@resource[:admin] = 'true'
@provider.expects(:rabbitmqctl).with('add_user', 'foo', 'bar')
@provider.expects(:rabbitmqctl).with('set_user_tags', 'foo', 'administrator')
@provider.create
end
it 'should call rabbitmqctl to delete' do
@provider.expects(:rabbitmqctl).with('delete_user', 'foo')
@provider.destroy
end
it 'should be able to retrieve admin value' do
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
foo [administrator]
...done.
EOT
@provider.admin.should == :true
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
one [administrator]
foo []
...done.
EOT
@provider.admin.should == :false
end
it 'should fail if admin value is invalid' do
@provider.expects(:rabbitmqctl).with('list_users').returns <<-EOT
Listing users ...
foo fail
...done.
EOT
expect { @provider.admin }.should raise_error(Puppet::Error, /Could not match line/)
end
it 'should be able to set admin value' do
@provider.expects(:rabbitmqctl).with('set_user_tags', 'foo', 'administrator')
@provider.admin=:true
end
it 'should be able to unset admin value' do
@provider.expects(:rabbitmqctl).with('set_user_tags', 'foo')
@provider.admin=:false
end
end

100
puppet/rabbitmq/spec/unit/puppet/provider/rabbitmq_user_permissions/rabbitmqctl_spec.rb Normal file
View File

@ -0,0 +1,100 @@
require 'puppet'
require 'mocha'
RSpec.configure do |config|
config.mock_with :mocha
end
describe 'Puppet::Type.type(:rabbitmq_user_permissions).provider(:rabbitmqctl)' do
before :each do
@provider_class = Puppet::Type.type(:rabbitmq_user_permissions).provider(:rabbitmqctl)
@resource = Puppet::Type::Rabbitmq_user_permissions.new(
{:name => 'foo@bar'}
)
@provider = @provider_class.new(@resource)
end
after :each do
@provider_class.instance_variable_set(:@users, nil)
end
it 'should match user permissions from list' do
@provider.class.expects(:rabbitmqctl).with('list_user_permissions', 'foo').returns <<-EOT
Listing users ...
bar 1 2 3
...done.
EOT
@provider.exists?.should == {:configure=>"1", :write=>"3", :read=>"2"}
end
it 'should not match user permissions with more than 3 columns' do
@provider.class.expects(:rabbitmqctl).with('list_user_permissions', 'foo').returns <<-EOT
Listing users ...
bar 1 2 3 4
...done.
EOT
expect { @provider.exists? }.should raise_error(Puppet::Error, /cannot parse line from list_user_permissions/)
end
it 'should not match an empty list' do
@provider.class.expects(:rabbitmqctl).with('list_user_permissions', 'foo').returns <<-EOT
Listing users ...
...done.
EOT
@provider.exists?.should == nil
end
it 'should create default permissions' do
@provider.instance_variable_set(:@should_vhost, "bar")
@provider.instance_variable_set(:@should_user, "foo")
@provider.expects(:rabbitmqctl).with('set_permissions', '-p', 'bar', 'foo', "''", "''", "''")
@provider.create
end
it 'should destroy permissions' do
@provider.instance_variable_set(:@should_vhost, "bar")
@provider.instance_variable_set(:@should_user, "foo")
@provider.expects(:rabbitmqctl).with('clear_permissions', '-p', 'bar', 'foo')
@provider.destroy
end
{:configure_permission => '1', :write_permission => '3', :read_permission => '2'}.each do |k,v|
it "should be able to retrieve #{k}" do
@provider.class.expects(:rabbitmqctl).with('list_user_permissions', 'foo').returns <<-EOT
Listing users ...
bar 1 2 3
...done.
EOT
@provider.send(k).should == v
end
end
{:configure_permission => '1', :write_permission => '3', :read_permission => '2'}.each do |k,v|
it "should be able to retrieve #{k} after exists has been called" do
@provider.class.expects(:rabbitmqctl).with('list_user_permissions', 'foo').returns <<-EOT
Listing users ...
bar 1 2 3
...done.
EOT
@provider.exists?
@provider.send(k).should == v
end
end
{:configure_permission => ['foo', '2', '3'],
:read_permission => ['1', 'foo', '3'],
:write_permission => ['1', '2', 'foo']
}.each do |perm, columns|
it "should be able to sync #{perm}" do
@provider.class.expects(:rabbitmqctl).with('list_user_permissions', 'foo').returns <<-EOT
Listing users ...
bar 1 2 3
...done.
EOT
@provider.resource[perm] = 'foo'
@provider.expects(:rabbitmqctl).with('set_permissions', '-p', 'bar', 'foo', *columns)
@provider.send("#{perm}=".to_sym, 'foo')
end
end
it 'should only call set_permissions once' do
@provider.class.expects(:rabbitmqctl).with('list_user_permissions', 'foo').returns <<-EOT
Listing users ...
bar 1 2 3
...done.
EOT
@provider.resource[:configure_permission] = 'foo'
@provider.resource[:read_permission] = 'foo'
@provider.expects(:rabbitmqctl).with('set_permissions', '-p', 'bar', 'foo', 'foo', 'foo', '3').once
@provider.configure_permission='foo'
@provider.read_permission='foo'
end
end

45
puppet/rabbitmq/spec/unit/puppet/provider/rabbitmq_vhost/rabbitmqctl_spec.rb Normal file
View File

@ -0,0 +1,45 @@
require 'puppet'
require 'mocha'
RSpec.configure do |config|
config.mock_with :mocha
end
provider_class = Puppet::Type.type(:rabbitmq_vhost).provider(:rabbitmqctl)
describe provider_class do
before :each do
@resource = Puppet::Type::Rabbitmq_vhost.new(
{:name => 'foo'}
)
@provider = provider_class.new(@resource)
end
it 'should match vhost names' do
@provider.expects(:rabbitmqctl).with('list_vhosts').returns <<-EOT
Listing vhosts ...
foo
...done.
EOT
@provider.exists?.should == 'foo'
end
it 'should not match if no vhosts on system' do
@provider.expects(:rabbitmqctl).with('list_vhosts').returns <<-EOT
Listing vhosts ...
...done.
EOT
@provider.exists?.should be_nil
end
it 'should not match if no matching vhosts on system' do
@provider.expects(:rabbitmqctl).with('list_vhosts').returns <<-EOT
Listing vhosts ...
fooey
...done.
EOT
@provider.exists?.should be_nil
end
it 'should call rabbitmqctl to create' do
@provider.expects(:rabbitmqctl).with('add_vhost', 'foo')
@provider.create
end
it 'should call rabbitmqctl to create' do
@provider.expects(:rabbitmqctl).with('delete_vhost', 'foo')
@provider.destroy
end
end

45
puppet/rabbitmq/spec/unit/puppet/type/rabbitmq_user_permissions_spec.rb Normal file
View File

@ -0,0 +1,45 @@
require 'puppet'
require 'puppet/type/rabbitmq_user_permissions'
describe Puppet::Type.type(:rabbitmq_user_permissions) do
before :each do
@perms = Puppet::Type.type(:rabbitmq_user_permissions).new(:name => 'foo@bar')
end
it 'should accept a valid hostname name' do
@perms[:name] = 'dan@bar'
@perms[:name].should == 'dan@bar'
end
it 'should require a name' do
expect { Puppet::Type.type(:rabbitmq_user_permissions).new({}) }.should raise_error(Puppet::Error, 'Title or name must be provided')
end
it 'should fail when names dont have a @' do
expect { @perms[:name] = 'bar' }.should raise_error(Puppet::Error, /Valid values match/)
end
[:configure_permission, :read_permission, :write_permission].each do |param|
it 'should not default to anything' do
@perms[param].should == nil
end
it "should accept a valid regex for #{param}" do
@perms[param] = '.*?'
@perms[param].should == '.*?'
end
it "should not accept invalid regex for #{param}" do
expect { @perms[param] = '*' }.should raise_error(Puppet::Error, /Invalid regexp/)
end
end
{:rabbitmq_vhost => 'dan@test', :rabbitmq_user => 'test@dan'}.each do |k,v|
it "should autorequire #{k}" do
if k == :rabbitmq_vhost
vhost = Puppet::Type.type(k).new(:name => "test")
else
vhost = Puppet::Type.type(k).new(:name => "test", :password => 'pass')
end
perm = Puppet::Type.type(:rabbitmq_user_permissions).new(:name => v)
config = Puppet::Resource::Catalog.new :testing do |conf|
[vhost, perm].each { |resource| conf.add_resource resource }
end
rel = perm.autorequire[0]
rel.source.ref.should == vhost.ref
rel.target.ref.should == perm.ref
end
end
end

34
puppet/rabbitmq/spec/unit/puppet/type/rabbitmq_user_spec.rb Normal file
View File

@ -0,0 +1,34 @@
require 'puppet'
require 'puppet/type/rabbitmq_user'
describe Puppet::Type.type(:rabbitmq_user) do
before :each do
@user = Puppet::Type.type(:rabbitmq_user).new(:name => 'foo', :password => 'pass')
end
it 'should accept a user name' do
@user[:name] = 'dan'
@user[:name].should == 'dan'
@user[:admin].should == :false
end
it 'should accept a password' do
@user[:password] = 'foo'
@user[:password].should == 'foo'
end
it 'should require a password' do
expect {Puppet::Type.type(:rabbitmq_user).new(:name => 'foo') }.should raise_error(ArgumentError, /must set password/)
end
it 'should require a name' do
expect { Puppet::Type.type(:rabbitmq_user).new({}) }.should raise_error(Puppet::Error, 'Title or name must be provided')
end
it 'should not allow whitespace in the name' do
expect { @user[:name] = 'b r' }.should raise_error(Puppet::Error, /Valid values match/)
end
[true, false, 'true', 'false'].each do |val|
it "admin property should accept #{val}" do
@user[:admin] = val
@user[:admin].should == val.to_s.to_sym
end
end
it 'should not accept non-boolean values for admin' do
expect { @user[:admin] = 'yes' }.should raise_error(Puppet::Error, /Invalid value/)
end
end

17
puppet/rabbitmq/spec/unit/puppet/type/rabbitmq_vhost_spec.rb Normal file
View File

@ -0,0 +1,17 @@
require 'puppet'
require 'puppet/type/rabbitmq_vhost'
describe Puppet::Type.type(:rabbitmq_vhost) do
before :each do
@vhost = Puppet::Type.type(:rabbitmq_vhost).new(:name => 'foo')
end
it 'should accept a vhost name' do
@vhost[:name] = 'dan'
@vhost[:name].should == 'dan'
end
it 'should require a name' do
expect { Puppet::Type.type(:rabbitmq_vhost).new({}) }.should raise_error(Puppet::Error, 'Title or name must be provided')
end
it 'should not allow whitespace in the name' do
expect { @vhost[:name] = 'b r' }.should raise_error(Puppet::Error, /Valid values match/)
end
end

23
puppet/rabbitmq/templates/README.markdown Normal file
View File

@ -0,0 +1,23 @@
Templates
=========
Puppet supports templates and templating via ERB, which is part of the Ruby
standard library and is used for many other projects including Ruby on Rails.
Templates allow you to manage the content of template files, for example
configuration files that cannot yet be managed as a Puppet type. Learn more at
http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Templating
You can use templates like this:
class myclass {
package { mypackage: ensure => latest }
service { myservice: ensure => running }
file { "/etc/myfile":
content => template("mymodule/myfile.erb")
}
}
The templates are searched for in:
$templatedir/mymodule/myfile.erb
$modulepath/mymodule/templates/myfile.erb

30
puppet/rabbitmq/templates/rabbit.pub.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
mQGiBEaOQ/IRBACs/n609zN+OzlK9qDkFWwYKfPG+BlgqBj5MSy0XE2K8cE3bWSV
2WftTe/TGEfW0hknXt1PyBla0cnO9Up1xCn142vo8bvUug8WjrxLQBBiAf11FAOR
dt9roGe4IWw/Lakgb88re09ZYKmOL9H7MEpvMqtjdWjFSq4zeeGa8rGEswCgnQLb
ZD/MNlUNQwQVCs+vVRdgpzcD+QELSc2EeYl4tef0NiUaZQt+mjFTs3DjQNDTjXao
ETVAqECx4kavcshx5tSE5JbbQPIMiUgh0h9J3z3uZsBVnx6P82aW/QTw+jLhsQry
/i3Z/+pS66mk6EWhAAYF/SPVqM/06BZh0ZvUmeG9WGGJXD9CUN1Wfi2mt42L2zhT
xg3uBACoIs5/GORi0H2i+blLiFSxTroXw+TdxiP+mfjdPho0oXJQTljXBgG70VfX
XW9sWsYtekqXBsmwMcbCZTjZGul/8jAUlUoYfthRw9KpP9N8Q7wB8Flx9jEv0M0H
tV1KTrLuXNZvEAB1sECMa7RRrV1yO4wyYDsOXiZNTL6rYugOU7QwUmFiYml0TVEg
UmVsZWFzZSBTaWduaW5nIEtleSA8aW5mb0ByYWJiaXRtcS5jb20+iGAEExECACAF
AkaOQ/ICGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRD3uM6mBW6OVkymAJ0R
6MwiZNRuTAttgYf1Xe7dK7HpzACfZioV/LqnDh7XvcTJEl+r4GB19by5Ag0ERo5D
+xAIAKu1ZxtAZjwlNLb0L5uwrEP7nTbRTNUYoEtE8+CNDSLLlmRIvBriKYNGicnz
Ebq2kDnAoyH38ACIMNayrkqc6I4l3BD2sv7zPZCd4qAbyFCu6gnewTANTWkVuH60
R65QQ8pM8sM+VZAMSoMkDSP4u248xOzFyGgVYuuWuR/sIRcaA02FW9TGvZQ7fNoF
rf6UbKSYkjpY767IW8q0b68vKzSLw0GQvH+dsvhaj80hjKJ06+IZ9Gdi/b4+AIT2
YWyWmrHo2QhnUmsarNdtusesQGQtiYgZw95PJJkzR0AttuPPfPNGLYZtVJenvOCC
jsK5uUL3/eEQ3UWGs+BKEyA/qLMAAwUH/2kIFCdgCw2DnL87TO+vruhGjsM7NjXf
57F4ojTdblFd6AerjRhMgICdzCF9WkFROdBSyQ/GajoNU81kbHZglxmKyKkVwWEb
G7pmSIc/sk5Z7OP/zrg4h8ZGzvMbRy0XLf86lQhbDE3AcHMeJCcShIWAHAbygnYW
j0KRhZiyqxqx4mrZQDZEWI7S1G9YNvgu1GS9EEKEpmxDEOME9nJZLi9o7mTeD1QV
TyOzWHkpQ42QcgrFuG7RMxDaQK6bdinNTl8aPmMoPamGzotSt4aMoVMiNxjatnlH
pqQ5UJlqbB5FGLnwJ0773WzgRdxIwSIxkFhL/Mq4agf4an8151kqcZCISQQYEQIA
CQUCRo5D+wIbDAAKCRD3uM6mBW6OVhLmAKCYY152B/10n7aUNKejs92NsNAnPACf
ZwbDOKBXGfkCPuRx5j/AGneASNU=
=Ry+c
-----END PGP PUBLIC KEY BLOCK-----

Some files were not shown because too many files have changed in this diff Show More