-
Notifications
You must be signed in to change notification settings - Fork 0
/
init.pp
166 lines (157 loc) · 6.09 KB
/
init.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#
# == Class: mysql
#
# Class for installing and configuring MySQL and MariaDB servers. Currently only
# very basic configurations are covered by mysql::config in order to prevent the
# amount of class parameters from exploding. If more specific or exotic
# configurations are required, it's probably best to create a new interface
# class based on this one, and add the extensions to it. Alternatively the other
# parts of this module (install, service, monit, etc.) can be reused, and a more
# static mysql config class and my.cnf template created.
#
# It seems that different operating systems (Debian, Ubuntu, CentOS, FreeBSD)
# have taken very different approaches to managing mysql configurations. The
# approach I've chosen is the Debian one, where configuration file fragments can
# be added to configure the mysql server piece by piece. This also allows manual
# and puppet-managed configurations to live side-by-side without really serious
# issues like Puppet overwriting an entire manually-managed my.cnf accidentally.
# Of course there is the possibility of conflicting configurations, which may
# produce unexpected runtime configurations.
#
# Currently only Debian and Ubuntu are supported as far as mysql configuration
# is concerned. However, the framework for extending configuration support to
# other operating systems is in place.
#
# == Parameters
#
# [*manage*]
# Whether to manage MySQL/MariaDB using Puppet. Valid values are true
# (default) and false.
# [*manage_config*]
# Whether to manage the configuration of MySQL/MariaDB server. Valid values
# are true (default) and false.
# [*manage_packetfilter*]
# Manage packet filtering rules. Valid values are true (default) and false.
# [*manage_monit*]
# Manage monit rules. Valid values are true (default) and false.
# [*use_mariadb_repo*]
# Use MariaDB's official software repositories. Valid values 'yes', 'stable',
# 'testing', and 'no'. Values 'yes' and 'stable' install stable releases from
# MariaDB repos. Value 'testing' uses testing releases and 'no' (the default)
# uses whatever is available in the operating system's own repositories. This
# parameter is only supported on Debian-based operating systems.
# [*proxy_url*]
# The proxy URL used for fetching the MariaDB software repository public keys.
# For example "http://proxy.domain.com:8888". Not needed if the node has
# direct Internet connectivity, or if you're installing MariaDB from your
# operating system repositories. Defaults to 'none' (do not use a proxy).
# [*bind_address*]
# The address mysql server binds to. Use '0.0.0.0' to bind to all IPv4
# interfaces, '::' to bind to all IPv4 and IPv6 interfaces and an IPv4 or IPv6
# address to bind to that particular address. Alternatively use a hostname
# instead of an IP-address. Leave undef(ined) to not manage the bind address
# using Puppet (default). For further details, see
#
# <https://dev.mysql.com/doc/refman/5.5/en/server-options.html>
#
# [*sql_mode*]
# The SQL mode to use. By default this is not managed (set to undef). To
# disable strict modes set this to an empty string (''). Full documentation is
# available here:
#
# <https://dev.mysql.com/doc/refman/5.5/en/sql-mode.html>
#
# [*manage_root_my_cnf*]
# Manage /root/.my.cnf using Puppet. Valid values are true (default) and
# false.
# [*root_password*]
# The MySQL root user's password. This affects /root/.my.cnf and, on Debian,
# the actual root password set during _initial_ mysql/mariadb-server install.
# Leave this empty to not manage the root password using Puppet.
# [*allow_addresses_ipv4*]
# A list of IPv4 address/network from which to allow connections. Currently
# only affects packet filtering rules. Use special value ['any'] to allow
# access from any IPv4 address. Defaults to ['127.0.0.1'].
# [*allow_addresses_ipv6*]
# IPv6 address/network from which to allow connections. Currently only affects
# packet filtering rules. Use special value ['any'] to allow access from any
# IPv4 address. Defaults to ['::1'].
# [*email*]
# Email address for notifications from monit. Defaults to top-scope variable
# $::servermonitor.
# [*grants*]
# A hash of mysql::grant resources to realize.
# [*databases*]
# A hash of mysql::database resources to realize.
#
# == Examples
#
# include mysql
#
# == Authors
#
# Samuli Seppänen <samuli.seppanen@gmail.com>
#
# Samuli Seppänen <samuli@openvpn.net>
#
# Mikko Vilpponen <vilpponen@protecomp.fi>
#
# == License
#
# BSD-license. See file LICENSE for details.
#
class mysql
(
Boolean $manage = true,
Boolean $manage_config = true,
Boolean $manage_packetfilter = true,
Boolean $manage_monit = true,
$use_mariadb_repo = 'no',
$proxy_url = 'none',
$bind_address = undef,
$sql_mode = undef,
$manage_root_my_cnf = true,
$root_password = undef,
$allow_addresses_ipv4 = ['127.0.0.1'],
$allow_addresses_ipv6 = ['::1'],
$email = $::servermonitor,
Hash $grants = {},
Hash $databases = {}
)
{
if $manage {
class { '::mysql::prequisites':
root_password => $root_password,
}
class { '::mysql::mariadbrepo':
use_mariadb_repo => $use_mariadb_repo,
proxy_url => $proxy_url,
}
class { '::mysql::install':
use_mariadb_repo => $use_mariadb_repo,
}
if $manage_config {
class { '::mysql::config':
bind_address => $bind_address,
sql_mode => $sql_mode,
manage_root_my_cnf => $manage_root_my_cnf,
root_password => $root_password,
}
}
# Realize the defined GRANTs and databases
create_resources('mysql::grant', $grants)
create_resources('mysql::database', $databases)
include ::mysql::service
if $manage_packetfilter {
class { '::mysql::packetfilter':
allow_addresses_ipv4 => $allow_addresses_ipv4,
allow_addresses_ipv6 => $allow_addresses_ipv6,
}
}
if $manage_monit {
class { '::mysql::monit':
monitor_email => $email,
}
}
}
}