{%- set os=grains['os'] -%}
mysql-pkg:
pkg.installed:
- name: mariadb
mysql-python:
pkg.installed: []
initialize_mysql:
cmd.run:
- name: mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
- unless: 'test -e /var/lib/mysql/mysql'
mysql-service:
service.running:
- name: mysqld
- enable: true
#This currently displays root password in output of salt-call upon failure, should probably create several mysql_query.run states instead
set_root:
mysql_query.run:
- database: mysql
- query: "UPDATE mysql.user SET Password=PASSWORD('{%- include 'secure/passwords/root_db_password.txt' -%}') WHERE User='root';"
- query: "UPDATE mysql.user SET Password=PASSWORD('{%- include 'secure/passwords/root_db_password.txt' -%}') WHERE User='root';FLUSH PRIVILEGES;"
- onchanges:
- cmd: initialize_mysql
secure_mysql:
mysql_query.run:
- database: mysql
- query: "DELETE FROM mysql.user WHERE User='';DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');DROP DATABASE IF EXISTS test;DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';FLUSH PRIVILEGES;"
- connection_user: root
- connection_pass: "{%- include 'secure/passwords/root_db_password.txt' -%}"
#create salt db user
user_salt:
mysql_user.present:
- name: salt
- host: "localhost"
- password: "{%- include 'secure/passwords/salt_db_password.txt' -%}"
- connection_user: root
- connection_pass: "{%- include 'secure/passwords/root_db_password.txt' -%}"
grant_salt:
mysql_grants.present:
- grant: all privileges
- database: "*.*"
- user: salt
- host: "localhost"
- grant_option: true
- revoke_first: true
- connection_user: root
- connection_pass: "{%- include 'secure/passwords/root_db_password.txt' -%}"
{##ensure that database pillar exists##}
{%- if pillar['database'] is defined -%}
{%- if pillar['database']['users'] is defined -%}
{%- for user in pillar['database']['users'] %}
user_{{user}}:
mysql_user.present:
- name: {{user}}
{%- if pillar['database']['users'][user]['host'] is defined %}
- host: "{{pillar['database']['users'][user]['host']}}"
{%- else %}
- host: "%"
{%- endif %}
- password: "{%- include 'secure/passwords/'+user+'_db_password.txt' -%}"
- connection_user: salt
- connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}"
{%- endfor %}
{%- endif %}
{% if pillar['database']['databases'] is defined -%}
{%- for db in pillar['database']['databases'] %}
db_{{db}}:
mysql_database.present:
- name: {{db}}
- connection_user: salt
- connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}"
{%- for user in pillar['database']['databases'][db] %}
{{db}}_grant_{{user}}:
mysql_grants.present:
- grant: {{pillar['database']['databases'][db][user]['grant']}}
- database: "{{db}}.*"
- user: {{user}}
- host: {{pillar['database']['databases'][db][user]['host']}}
- revoke_first: true
- connection_user: salt
- connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}"
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- endif %}
#set up dbdumb
user_dumpdb:
mysql_user.present:
- name: dumpdb
- host: "localhost"
- password: "{%- include 'secure/passwords/dumpdb_password.txt' -%}"
- connection_user: salt
- connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}"
grant_dumpdb:
mysql_grants.present:
- grant: select, lock tables, show view, event, trigger
- database: "*.*"
- user: dumpdb
- host: "localhost"
- revoke_first: true
- connection_user: salt
- connection_pass: "{%- include 'secure/passwords/salt_db_password.txt' -%}"
"/root/scripts/dumpdb.sh":
file.managed:
- source: salt://roles/maintain/mysql/dumpdb.sh
- user: root
- group: root
- mode: 600
- makedirs: true
- template: jinja
/usr/lib/systemd/system/dumpdb.service:
file.managed:
- source: salt://roles/maintain/mysql/dumpdb.service
- user: root
- group: root
- mode: 644
/usr/lib/systemd/system/dumpdb.timer:
file.managed:
- source: salt://roles/maintain/mysql/dumpdb.timer
- user: root
- group: root
- mode: 644
dumpdb.timer:
service.running:
- enable: true
dumpdb-reload:
module.run:
- name: service.systemctl_reload
- onchanges:
- file: /usr/lib/systemd/system/*