{%- set os=grains['os'] -%} mysql-pkg: pkg.installed: - name: mariadb mysql-python: pkg.installed: [] initialize_mysql: cmd.run: - name: mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql - unless: 'test -e /var/lib/mysql/mysql' mysql-service: service.running: - name: mysqld - enable: true #This currently displays root password in output of salt-call upon failure, should probably create several mysql_query.run states instead set_root: mysql_query.run: - database: mysql - query: "UPDATE mysql.user SET Password=PASSWORD('{%- include 'secure/passwords/root_db_password.txt' -%}') WHERE User='root';FLUSH PRIVILEGES;" - onchanges: - cmd: initialize_mysql secure_mysql: mysql_query.run: - database: mysql - query: "DELETE FROM mysql.user WHERE User='';DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');DROP DATABASE IF EXISTS test;DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';FLUSH PRIVILEGES;" - connection_user: root - connection_pass: "{%- include 'secure/passwords/root_db_password.txt' -%}" #create salt db user user_salt: mysql_user.present: - name: salt - host: "localhost" - password: "{%- include 'secure/passwords/salt_db_password.txt' -%}" - connection_user: root - connection_pass: "{%- include 'secure/passwords/root_db_password.txt' -%}" grant_salt: mysql_grants.present: - grant: all privileges - database: "*.*" - user: salt - host: "localhost" - grant_option: true - revoke_first: true - connection_user: root - connection_pass: "{%- include 'secure/passwords/root_db_password.txt' -%}" {##ensure that database pillar exists##} {%- if pillar['database'] is defined -%} {%- if pillar['database']['users'] is defined -%} {%- for user in pillar['database']['users'] %} user_{{user}}: mysql_user.present: - name: {{user}} {%- if pillar['database']['users'][user]['host'] is defined %} - host: "{{pillar['database']['users'][user]['host']}}" {%- else %} - host: "%" {%- endif %} - password: "{%- include 'secure/passwords/'+user+'_db_password.txt' -%}" - connection_user: salt - connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}" {%- endfor %} {%- endif %} {% if pillar['database']['databases'] is defined -%} {%- for db in pillar['database']['databases'] %} db_{{db}}: mysql_database.present: - name: {{db}} - connection_user: salt - connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}" {%- for user in pillar['database']['databases'][db] %} {{db}}_grant_{{user}}: mysql_grants.present: - grant: {{pillar['database']['databases'][db][user]['grant']}} - database: "{{db}}.*" - user: {{user}} - host: {{pillar['database']['databases'][db][user]['host']}} - revoke_first: true - connection_user: salt - connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}" {%- endfor %} {%- endfor %} {%- endif %} {%- endif %} #set up dbdumb user_dumpdb: mysql_user.present: - name: dumpdb - host: "localhost" - password: "{%- include 'secure/passwords/dumpdb_password.txt' -%}" - connection_user: salt - connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}" grant_dumpdb: mysql_grants.present: - grant: select, lock tables, show view, event, trigger - database: "*.*" - user: dumpdb - host: "localhost" - revoke_first: true - connection_user: salt - connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}" "/root/scripts/dumpdb.sh": file.managed: - source: salt://roles/maintain/mysql/dumpdb.sh - user: root - group: root - mode: 600 - makedirs: true - template: jinja /usr/lib/systemd/system/dumpdb.service: file.managed: - source: salt://roles/maintain/mysql/dumpdb.service - user: root - group: root - mode: 644 /usr/lib/systemd/system/dumpdb.timer: file.managed: - source: salt://roles/maintain/mysql/dumpdb.timer - user: root - group: root - mode: 644 dumpdb.timer: service.running: - enable: true dumpdb-reload: module.run: - name: service.systemctl_reload - onchanges: - file: /usr/lib/systemd/system/*