kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Downgrade mysql cookbook for now

Browse Source 
It doesn't play well with our current dev server setup
This commit is contained in:
Greg Karékinian
2017-06-16 22:43:51 +02:00
parent e39792ea36
commit bdfb3a1afb
398 changed files with 12716 additions and 10889 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cookbooks/database/.foodcritic Normal file
View File

@@ -0,0 +1 @@
~FC023

46
cookbooks/database/.gitignore vendored
View File

@@ -1,46 +0,0 @@
*.gem
.zero-knife.rb
*.rbc
.bundle
.config
coverage
InstalledFiles
lib/bundler/man
pkg
rdoc
spec/reports
test/tmp
test/version_tmp
tmp
Gemfile.lock
_Store
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
*.tmp
*.bk
*.bkup
.ruby-version
.ruby-gemset
.rvmrc
# YARD artifacts
.yardoc
_yardoc
doc/
.idea
.ruby-version
#chef stuff
Berksfile.lock
.kitchen
.kitchen.local.yml
vendor/
.coverage/
#vagrant stuff
.vagrant/
.vagrant.d/

182
cookbooks/database/.kitchen.cloud.yml
View File

@@ -1,182 +0,0 @@
#<% require 'kitchen-sync' %>
---
driver_config:
digitalocean_client_id: <%= ENV['DIGITAL_OCEAN_CLIENT_ID'] %>
google_client_email: <%= ENV['GOOGLE_CLIENT_EMAIL'] %>
google_key_location: <%= ENV['GOOGLE_KEY_LOCATION'] %>
google_project: <%= ENV['GOOGLE_PROJECT'] %>
joyent_username: <%= ENV['SDC_CLI_ACCOUNT'] %>
joyent_keyfile: <%= ENV['SDC_CLI_IDENTITY'] %>
joyent_keyname: <%= ENV['SDC_CLI_KEY_ID'] %>
joyent_url: <%= ENV['SDC_CLI_URL'] %>
aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %>
aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %>
aws_ssh_key_id: <%= ENV['AWS_KEYPAIR_NAME'] %>
flavor_id: <%= ENV['EC2_FLAVOR_ID'] %>
availability_zone: <%= ENV['AWS_AVAILABILITY_ZONE'] %>
provisioner:
name: chef_zero
# require_chef_omnibus: 11.16.8
# require_chef_omnibus: 12.0.3
require_chef_omnibus: latest
platforms:
- name: centos-5.8
driver_plugin: digital_ocean
driver_config:
size: 2gb
image: centos-5-8-x64
region: <%= ENV['DIGITAL_OCEAN_REGION'] %>
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
- name: centos-6.5
driver_plugin: digital_ocean
driver_config:
size: 2gb
image: centos-6-5-x64
region: <%= ENV['DIGITAL_OCEAN_REGION'] %>
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
- name: centos-7.0
driver_plugin: digital_ocean
driver_config:
size: 2gb
image: centos-7-0-x64
region: <%= ENV['DIGITAL_OCEAN_REGION'] %>
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
- name: amazon-2014.09
driver_plugin: ec2
driver_config:
image_id: ami-9a6ed3f2
username: ec2-user
ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>
- name: fedora-20
driver_plugin: digital_ocean
driver_config:
size: 2gb
image: fedora-20-x64
region: <%= ENV['DIGITAL_OCEAN_REGION'] %>
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
- name: suse-11.3
driver_plugin: ec2
driver_config:
image_id: ami-e8084981
username: root
ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>
- name: debian-7.0
driver_plugin: gce
driver_config:
image_name: debian-7-wheezy-v20131120
zone: <%= ENV['GCE_ZONE'] %>
area: <%= ENV['GCE_AREA'] %>
network: <%= ENV['GCE_NETWORK'] %>
username: <%= ENV['GCE_USERNAME'] %>
public_key_path: <%= ENV['GCE_PUBLIC_KEY_PATH'] %>
ssh_key: <%= ENV['GCE_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
- name: ubuntu-10.04
driver_plugin: digital_ocean
driver_config:
size: 2gb
image: ubuntu-10-04-x64
region: <%= ENV['DIGITAL_OCEAN_REGION'] %>
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
- name: ubuntu-12.04
driver_plugin: digital_ocean
driver_config:
size: 2gb
image: ubuntu-12-04-x64
region: <%= ENV['DIGITAL_OCEAN_REGION'] %>
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
- name: ubuntu-14.04
driver_plugin: digital_ocean
driver_config:
size: 2gb
image: ubuntu-14-04-x64
region: <%= ENV['DIGITAL_OCEAN_REGION'] %>
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
suites:
#
# database-test
#
- name: myclient50
run_list:
- recipe[mysql_database_test]
attributes:
mysql:
version: '5.0'
includes: [
'centos-5.8'
]
- name: myclient51
run_list:
- recipe[mysql_database_test]
attributes:
mysql:
version: '5.1'
includes: [
'centos-6.5',
'ubuntu-10.04'
]
- name: myclient55
run_list:
- recipe[mysql_database_test]
attributes:
mysql:
version: '5.5'
includes: [
'centos-6.5',
'debian-7.0',
'ubuntu-12.04',
'ubuntu-14.04'
]
- name: myclient56
run_list:
- recipe[mysql_database_test]
attributes:
mysql:
version: '5.6'
includes: [
'centos-5.8',
'centos-6.5',
'centos-7.0',
'ubuntu-14.04'
]
- name: myclient57
run_list:
- recipe[mysql_database_test]
attributes:
mysql:
version: '5.7'
includes: [
'centos-5.8',
'centos-6.5',
'centos-7.0'
]

33
cookbooks/database/.kitchen.yml
View File

@@ -1,33 +0,0 @@
---
driver:
name: vagrant
provisioner:
name: chef_zero
platforms:
- name: centos-5.11
- name: centos-6.7
- name: centos-7.1
- name: debian-7.8
run_list:
- recipe[apt]
- name: debian-8.1
run_list:
- recipe[apt]
- name: fedora-21
- name: ubuntu-12.04
run_list:
- recipe[apt]
- name: ubuntu-14.04
run_list:
- recipe[apt]
suites:
#
# database-test
#
- name: default
run_list:
- recipe[mysql_database_test]
- recipe[postgresql_database_test]

35
cookbooks/database/.rubocop.yml
View File

@@ -1,35 +0,0 @@
AllCops:
Exclude:
- vendor/**/*
- 'Guardfile'
AlignParameters:
Enabled: false
Encoding:
Enabled: false
ClassLength:
Enabled: false
MethodLength:
Enabled: false
LineLength:
Enabled: false
Documentation:
Enabled: false
PerceivedComplexity:
Enabled: false
CyclomaticComplexity:
Enabled: false
Style/FileName:
Enabled: false
Metrics/AbcSize:
Enabled: false

12
cookbooks/database/.travis.yml
View File

@@ -1,12 +0,0 @@
sudo: false
cache: bundler
language: ruby
bundler_args: --without kitchen_common kitchen_vagrant
rvm:
- 2.0
- 2.1
- 2.2
script:
- bundle exec foodcritic -f any .
- bundle exec rubocop
- bundle exec rspec --color --format progress

12
cookbooks/database/Berksfile
View File

@@ -1,12 +0,0 @@
source 'https://supermarket.chef.io'
metadata
group :integration do
cookbook 'apt'
cookbook 'selinux'
cookbook 'mysql2_chef_gem'
end
cookbook 'mysql_database_test', path: 'test/fixtures/cookbooks/mysql_database_test'
cookbook 'postgresql_database_test', path: 'test/fixtures/cookbooks/postgresql_database_test'

244
cookbooks/database/CHANGELOG.md
View File

@@ -1,8 +1,70 @@
Database cookbook README
========================
# Database cookbook CHANGELOG
This file is used to list changes made in each version of the database cookbook.
## 6.1.1 (2016-11-01)
- Fix incorrectly named matchers
## 6.1.0 (2016-11-01)
- Add require_x509 option for mysql grants
- Define custom matcher helpers for notification testing, fixes #200
- Add support for PostgreSQL extended grants
- Use multipackage to speed up the installs
- Remove arch from the metadata
- Improve specs
- Remove yum/apt in the Berksfile
- Add opensuse and opensuseleap to the metadata
## 6.0.0 (2016-09-22)
- Update maintainers wording and format [skip-ci]
- Support reading of options from my.cnf for MySQL
- Fix hashed_password for CREATE USER
- Generalize MysqlPassword to HashedPassword and add it to PostreSQL
- Fix again undefined method `empty?' for Mysql2::Result
- Exclude the Rubocop rule that breaks the cookbook
- Require Chef 12.1 or later
## v5.1.2 (2016-04-21)
- Fix for Unknown column 'mysql_native_password' error
- Fix 'already initialized constant' warnings while testing
## v5.1.1 (2016-04-07)
- Fixed password resource not functioning on Postgresql
- Removed unused templates leftover from the DB -> EBS backup recipes
- Add better logging when the providers are used and the gems are not present
## v5.1.0 (2016-04-06)
- Added a new resource for Sqlite DBs. See the readme for details
- Updated :create and :grant action in the mysql_database_user provider to update the user password if it changes
- Added the ability to pass options to the sql_server connection
- Added a mysql_hashed_password method to the mysql_database_user's password property to allow passing hashed passwords to the resource. See the readme for an example
## v5.0.1 (2016-03-29)
- Resolve error in the user provider under MySQL due to a Rubocop fix
## v5.0.0 (2016-03-23)
- Removed Chef 10 compatibility checks
- Resolved the following error in the sql_server_user provider: undefined local variable or method `sql_role`
- Added a timeout attribute to the database provider on sql_server, which defaults to 120 seconds
- Fixed the :revoke action for the database_user provider on mysql
- Removed duplicate documentation from the readme
- Updated the mysql_user provider to compare passwords so passwords can be updated
- Updated documentation for the connection hash in the database provider
- Removed duplicate amazon supports property from the metadata
- Removed documentation for ebs recipes that are no longer part of this cookbook
- Updated testing deps and removed the large number of Guard deps
- Fixed intgration tests to be in the correct location so they run as expected
- Added .foodcritic file to ignore FC023
- Removed the cloud testing Kitchen file and Gem dependencies
- Added integration testing with Kitchen Docker in Travis CI
## v4.0.9 (2015-09-07)
v4.0.9 (2015-09-07)
-------------------
- Fix bad attribute name with postgresql_database in the readme
- Add `flags` attribute to the mysql provider
- Add `database` attribute to the mysql provider
@@ -20,147 +82,141 @@ v4.0.9 (2015-09-07)
- Add a chefignore file
- Update list of ignored files in the gitignore
v4.0.8 (2015-08-03)
-------------------
- #139 - Use a more reliable method of determining whether the
Postgres server accepts the REPLICATION attribute on user creation.
## v4.0.8 (2015-08-03)
v4.0.7 (2015-07-27)
-------------------
- #161 - Fixes multiple issues causing the MySQL database user creation to not be idempotent
- 139 - Use a more reliable method of determining whether the
- Postgres server accepts the REPLICATION attribute on user creation.
v4.0.6 (2015-04-29)
-------------------
- #126 - Use sql_query property instead of sql in the mysql provider for :query action
## v4.0.7 (2015-07-27)
v4.0.5 (2015-04-08)
-------------------
- #137/#138 - Removing log message containing password information
- 161 - Fixes multiple issues causing the MySQL database user creation to not be idempotent
## v4.0.6 (2015-04-29)
- 126 - Use sql_query property instead of sql in the mysql provider for :query action
## v4.0.5 (2015-04-08)
- 137/#138 - Removing log message containing password information
## v4.0.4 (2015-04-07)
v4.0.4 (2015-04-07)
-------------------
- Using unescaped db name in field value
v4.0.3 (2015-02-22)
-------------------
## v4.0.3 (2015-02-22)
- Unbreak postgresql_database_resource on older versions of PostgreSQL
v4.0.2 (2015-02-09)
-------------------
## v4.0.2 (2015-02-09)
- Removing leftover mysql recipe that installs the mysql2_chef_gem.
v4.0.1 (2015-02-05)
-------------------
## v4.0.1 (2015-02-05)
- Fixing merge conflicts with master on 4.0.0 attempted release
v4.0.0 (2015-02-05)
-------------------
## v4.0.0 (2015-02-05)
- Decoupled mysql2_chef_gem cookbook.
Users must now install it themselves before utilizing mysql_database
or mysql_database_user resources.
- Users must now install it themselves before utilizing mysql_database
- or mysql_database_user resources.
- Fixing various MilClass errors in mysql providers
- Restoring missing :query action for mysql
- Restoring grant_option support for mysql
- Adding revoke action for mysql
v3.1.0 (2015-01-30)
-------------------
## v3.1.0 (2015-01-30)
- Add support for postgresql_database_user privileges
- Add postgresql_database_test cookbook to test/fixtures
v3.0.3 (2015-01-20)
-------------------
## v3.0.3 (2015-01-20)
- Bugfix: bugfix: lack of node['mysql']['version'] causing NilClass error
v3.0.2 (2015-01-16)
-------------------
## v3.0.2 (2015-01-16)
- Fix bug to allow grants on databases with special characters
v3.0.1 (2015-01-16)
-------------------
## v3.0.1 (2015-01-16)
- Enabling ssl for provider_mysql_database_user
v3.0.0 (2015-01-15)
-------------------
## v3.0.0 (2015-01-15)
- Removing out of scope recipes
- porting to mysql2_chef_gem
- adding test-kitchen suites for mysql
v2.3.1 (2014-12-13)
-------------------
## v2.3.1 (2014-12-13)
- Locking mysql and mysql-chef_gem dependencies down in metadata.rb
v2.3.0 (2014-08-13)
-------------------
## v2.3.0 (2014-08-13)
- [#62] Allow requiring SSL
## v2.2.0 (2014-05-07)
v2.2.0 (2014-05-07)
-------------------
- [COOK-4626] Add windows users for SQL Server
- [COOK-4627] Assigning sys_roles in SQL Server
## v2.1.10 (2014-05-07)
v2.1.10 (2014-05-07)
--------------------
- [COOK-4614] - Update README to reflect gem installation via mysql-chef_gem
## v2.1.8 (2014-04-23)
v2.1.8 (2014-04-23)
-------------------
- [COOK-4583] - Add ChefSpec matchers
## v2.1.6 (2014-04-10)
v2.1.6 (2014-04-10)
-------------------
- [COOK-4538] Bump supported Chef version
## v2.1.4 (2014-04-09)
v2.1.4 (2014-04-09)
-------------------
[COOK-4529] Query action ignores MySQL errors
## v2.1.2 (2014-04-01)
v2.1.2 (2014-04-01)
-------------------
- Depending on mysql-chef_gem cookbook
## v2.1.0 (2014-03-31)
v2.1.0 (2014-03-31)
-------------------
- Updating mysql cookbook dependency
- Enforcing rubocops
## v2.0.0 (2014-02-25)
v2.0.0 (2014-02-25)
-------------------
[COOK-3441] database_user password argument should not be required
## v1.6.0
v1.6.0
------
### New Feature
- **[COOK-4009](https://tickets.chef.io/browse/COOK-4009)** - Add PostgreSQL SCHEMA management capability
### Improvement
- **[COOK-3862](https://tickets.chef.io/browse/COOK-3862)** - Improve database cookbook documentation
## v1.5.2
v1.5.2
------
### Improvement
- **[COOK-3716](https://tickets.chef.io/browse/COOK-3716)** - Add ALTER SQL Server user roles
## v1.5.0
v1.5.0
------
### Improvement
- **[COOK-3546](https://tickets.chef.io/browse/COOK-3546)** - Add connection parameters `:socket`
- **[COOK-1709](https://tickets.chef.io/browse/COOK-1709)** - Add 'grant_option' parameter
v1.4.0
-------
## v1.4.0
### Bug
- [COOK-2074]: Regex in exists? check in `sql_server_database` resource should match for start and end of line
- [COOK-2561]: `mysql_database_user` can't set global grants
@@ -168,68 +224,68 @@ v1.4.0
- [COOK-2075]: Support the collation attribute in the `database_sql_server` provider
v1.3.12
-------
## v1.3.12
- [COOK-850] - `postgresql_database_user` doesn't have example
v1.3.10
-------
## v1.3.10
- [COOK-2117] - undefined variable `grant_statement` in mysql user provider
v1.3.8
------
## v1.3.8
- [COOK-1896] - Escape command
- [COOK-2047] - Chef::Provider::Database::MysqlUser action :grant improperly quotes `username`@`host` string
- [COOK-2060] - Mysql::Error: Table '*.*' doesn't exist when privileges include SELECT and database/table attributes are nil
- [COOK-2060] - Mysql::Error: Table '_._' doesn't exist when privileges include SELECT and database/table attributes are nil
- [COOK-2062] - Remove backticks from database name when using wildcard
v1.3.6
------
## v1.3.6
- [COOK-1688] - fix typo in readme and add amazon linux to supported platforms
v1.3.4
------
## v1.3.4
- [COOK-1561] - depend on mysql 1.3.0+ explicitly
- depend on postgresql 1.0.0 explicitly
v1.3.2
------
## v1.3.2
- Update the version for release (oops)
v1.3.0
------
## v1.3.0
- [COOK-932] - Add mysql recipe to conveniently include mysql::ruby
- [COOK-1228] - database resource should be able to execute scripts on disk
- [COOK-1291] - make the snapshot retention policy less confusing
- [COOK-1401] - Allow to specify the collation of new databases
- [COOK-1534] - Add postgresql recipe to conveniently include postgresql::ruby
v1.2.0
------
## v1.2.0
- [COOK-970] - workaround for disk [re]naming on ubuntu 11.04+
- [COOK-1085] - check RUBY_VERSION and act accordingly for role
- [COOK-749] - localhost should be a string in snapshot recipe
v1.1.4
------
## v1.1.4
- [COOK-1062] - Databases: Postgres exists should close connection
v1.1.2
------
## v1.1.2
- [COOK-975] - Change arg='DEFAULT' to arg=nil, :default => 'DEFAULT'
- [COOK-964] - Add parentheses around connection hash in example
v1.1.0
------
## v1.1.0
- [COOK-716] - providers for PostgreSQL
v1.0.0
------
## v1.0.0
- [COOK-683] - added `database` and `database_user` resources
- [COOK-684] - MySQL providers
- [COOK-685] - SQL Server providers
- refactored - `database::master` and `database::snapshot` recipes to leverage new resources
v0.99.1
-------
## v0.99.1
- Use Chef 0.10's `node.chef_environment` instead of `node['app_environment']`.

41
cookbooks/database/Gemfile
View File

@@ -1,41 +0,0 @@
source 'https://rubygems.org'
group :lint do
gem 'foodcritic', '~> 4.0'
gem 'rubocop', '~> 0.33'
gem 'rainbow', '< 2.0'
end
group :unit do
gem 'berkshelf', '~> 3.2'
gem 'chefspec', '~> 4.3'
end
group :kitchen_common do
gem 'test-kitchen', '~> 1.4'
end
group :kitchen_vagrant do
gem 'kitchen-vagrant', '~> 0.18'
end
group :kitchen_cloud do
gem 'kitchen-digitalocean'
gem 'kitchen-ec2'
gem 'kitchen-joyent'
gem 'kitchen-gce'
end
group :development do
gem 'ruby_gntp'
gem 'growl'
gem 'rb-fsevent'
gem 'guard', '~> 2.4'
gem 'guard-kitchen'
gem 'guard-foodcritic'
gem 'guard-rspec'
gem 'guard-rubocop'
gem 'rake'
gem 'fauxhai'
gem 'pry-nav'
end

24
cookbooks/database/Guardfile
View File

@@ -1,24 +0,0 @@
# More info at https://github.com/guard/guard#readme
guard 'foodcritic', :cookbook_paths => '.', :cli => '-t ~FC023 -t ~FC005', :all_on_start => false do
watch(/attributes\/.+\.rb$/)
watch(/providers\/.+\.rb$/)
watch(/recipes\/.+\.rb$/)
watch(/resources\/.+\.rb$/)
watch('metadata.rb')
end
guard 'rubocop' do
watch(/attributes\/.+\.rb$/)
watch(/providers\/.+\.rb$/)
watch(/recipes\/.+\.rb$/)
watch(/resources\/.+\.rb$/)
watch('metadata.rb')
end
guard :rspec, :cmd => 'chef exec /opt/chefdk/embedded/bin/rspec', :all_on_start => false, :notification => false do
watch(/^libraries\/(.+)\.rb$/)
watch(/^spec\/(.+)_spec\.rb$/)
watch(/^(recipes)\/(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" }
watch('spec/spec_helper.rb') { 'spec' }
end

201
cookbooks/database/LICENSE
View File

@@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2008-2015 Chef Software Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

10
cookbooks/database/MAINTAINERS.md
View File

@@ -1,19 +1,15 @@
<!-- This is a generated file. Please do not edit directly -->
# Maintainers
This file lists how this cookbook project is maintained. When making changes to the system, this
file tells you who needs to review your patch - you need a simple majority of maintainers
for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need
to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD)
for details on the process and how to become a maintainer or the project lead.
This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead.
# Project Maintainer
* [Tim Smith](https://github.com/tas50)
# Maintainers
* [Jennifer Davis](https://github.com/sigje)
* [Sean OMeara](https://github.com/someara)
* [Tim Smith](https://github.com/tas50)
* [Thom May](https://github.com/thommay)

46
cookbooks/database/MAINTAINERS.toml
View File

@@ -1,46 +0,0 @@
#
# This file is structured to be consumed by both humans and computers.
# It is a TOML document containing Markdown
#
[Preamble]
title = "Maintainers"
text = """
This file lists how this cookbook project is maintained. When making changes to the system, this
file tells you who needs to review your patch - you need a simple majority of maintainers
for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need
to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD)
for details on the process and how to become a maintainer or the project lead.
"""
[Org]
[Org.Components]
[Org.Components.Core]
title = "Project Maintainer"
lieutenant = 'tas50'
maintainers = [
'sigje',
'someara',
'tas50',
'thommay'
]
[people]
[people.sigje]
name = "Jennifer Davis"
github = "sigje"
[people.someara]
name = "Sean OMeara"
github = "someara"
[people.tas50]
name = "Tim Smith"
github = "tas50"
[people.thommay]
name = "Thom May"
github = "thommay"

422
cookbooks/database/README.md
View File

@@ -1,93 +1,78 @@
Database Cookbook
=================
[![Build Status](https://travis-ci.org/opscode-cookbooks/database.svg?branch=master)](http://travis-ci.org/opscode-cookbooks/database)
[![Cookbook Version](https://img.shields.io/cookbook/v/database.svg)](https://supermarket.chef.io/cookbooks/database)
# Database Cookbook
The main highlight of this cookbook is the `database` and
`database_user` resources for managing databases and database users in
a RDBMS. Providers for MySQL, PostgreSQL and SQL Server are also
provided, see usage documentation below.
[![Build Status](https://travis-ci.org/chef-cookbooks/database.svg?branch=master)](http://travis-ci.org/chef-cookbooks/database) [![Cookbook Version](http://img.shields.io/cookbook/v/database.svg)](https://supermarket.chef.io/cookbooks/database)
The main highlight of this cookbook is the `database` and `database_user` resources for managing databases and database users in a RDBMS. Providers for MySQL, PostgreSQL and SQL Server are also provided, see usage documentation below.
## Requirements
Requirements
------------
### Platforms
- Debian / Ubuntu derivatives
- RHEL derivatives
- Fedora
### Chef
- Chef 11+
- Chef 12.1+
### Cookbooks
The following Chef Software cookbooks are dependencies:
* postgresql
- postgresql
Resources/Providers
-------------------
These resources aim to expose an abstraction layer for interacting
with different RDBMS in a general way. Currently the cookbook ships
with providers for MySQL, PostgreSQL and SQL Server. Please see
specific usage in the __Example__ sections below. The providers use
specific Ruby gems installed under Chef's Ruby environment to execute
commands and carry out actions. These gems will need to be installed
before the providers can operate correctly. Specific notes for each
RDBS flavor:
## Resources/Providers
- MySQL: leverages the `mysql2` gem, which can be installed with the
`mysql2_chef_gem` resource prior to use (available on the
Supermarket). You must depend on the `mysql2_chef_gem` cookbook,
then use a `mysql2_chef_gem` resource to install it. The resource
allows the user to select MySQL client library versions, as well as
optionally select MariaDB libraries.
- PostgreSQL: leverages the `pg` gem which is installed as part of the
`postgresql::ruby` recipe. You must declare `include_recipe
"database::postgresql"` to include this.
These resources aim to expose an abstraction layer for interacting with different RDBMS in a general way. Currently the cookbook ships with providers for MySQL, PostgreSQL and SQL Server. Please see specific usage in the **Example** sections below. The providers use specific Ruby gems installed under Chef's Ruby environment to execute commands and carry out actions. These gems will need to be installed before the providers can operate correctly. Specific notes for each RDBS flavor:
- SQL Server: leverages the `tiny_tds` gem which is installed as part
of the `sql_server::client` recipe.
- MySQL: leverages the `mysql2` gem, which can be installed with the `mysql2_chef_gem` resource prior to use (available on the Supermarket). You must depend on the `mysql2_chef_gem` cookbook, then use a `mysql2_chef_gem` resource to install it. The resource allows the user to select MySQL client library versions, as well as optionally select MariaDB libraries.
- PostgreSQL: leverages the `pg` gem which is installed as part of the `postgresql::ruby` recipe. You must declare `include_recipe "database::postgresql"` to include this.
- SQL Server: leverages the `tiny_tds` gem which is installed as part of the `sql_server::client` recipe.
- SQLite: leverages the `sqlite3` gem which is installed as part of the `database::sqlite` recipe. You must declare `include_recipe "database::sqlite"` to include this.
### database
Manage databases in a RDBMS. Use the proper shortcut resource
depending on your RDBMS: `mysql_database`, `postgresql_database` or
`sql_server_database`.
Manage databases in a RDBMS. Use the proper shortcut resource depending on your RDBMS: `mysql_database`, `postgresql_database`, `sql_server_database` or `sqlite_database`.
#### Actions
- :create: create a named database
- :drop: drop a named database
- :query: execute an arbitrary query against a named database
- `:create`: create a named database
- `:drop`: drop a named database
- `:query`: execute an arbitrary query against a named database
#### Attribute Parameters
- database_name: name attribute. Name of the database to interact with
- connection: hash of connection info. valid keys include `:host`,
`:port`, `:username`, and `:password` (only for MySQL DB*)
- connection: hash of connection info. valid keys include `:host`, `:port`, `:username`, and `:password`
- sql: string of sql or a block that executes to a string of sql,
which will be executed against the database. used by `:query` action
only
- only for MySQL DB*:
\* The database cookbook uses the `mysql2` gem.
- `:flags` (see `Mysql2::Client@@default_query_options[:connect_flags]`)
- `:default_file`, `:default_group` (see <https://github.com/brianmario/mysql2#reading-a-mysql-config-file>)
> "The value of host may be either a host name or an IP address. If
host is NULL or the string "127.0.0.1", a connection to the local
host is assumed. For Windows, the client connects using a
shared-memory connection, if the server has shared-memory
connections enabled. Otherwise, TCP/IP is used. For a host value of
"." on Windows, the client connects using a named pipe, if the
server has named-pipe connections enabled. If named-pipe connections
are not enabled, an error occurs."
- only for PostgreSQL: `:database` (overwrites parameter `database_name`)
If you specify a `:socket` key and are using the mysql_service
resource to set up the MySQL service, you'll need to specify the path
in the form `/var/run/mysql-<instance name>/mysqld.sock`.
- not used for SQLlite
- sql: string of sql or a block that executes to a string of sql, which will be executed against the database. used by `:query` action only
- The database cookbook uses the `mysql2` gem.
> "The value of host may be either a host name or an IP address. If host is NULL or the string "127.0.0.1", a connection to the local host is assumed. For Windows, the client connects using a shared-memory connection, if the server has shared-memory connections enabled. Otherwise, TCP/IP is used. For a host value of "." on Windows, the client connects using a named pipe, if the server has named-pipe connections enabled. If named-pipe connections are not enabled, an error occurs."
If you specify a `:socket` key and are using the mysql_service resource to set up the MySQL service, you'll need to specify the path in the form `/var/run/mysql-<instance name>/mysqld.sock`.
#### Providers
- `Chef::Provider::Database::Mysql`: shortcut resource `mysql_database`
- `Chef::Provider::Database::Postgresql`: shortcut resource `postgresql_database`
- `Chef::Provider::Database::SqlServer`: shortcut resource `sql_server_database`
- `Chef::Provider::Database::Sqlite`: shortcut resource `sqlite_database`
#### Examples
```ruby
# Create a mysql database
mysql_database 'wordpress-cust01' do
@@ -99,6 +84,7 @@ mysql_database 'wordpress-cust01' do
action :create
end
```
```ruby
# Create a mysql database on a named mysql instance
mysql_database 'oracle_rools' do
@@ -109,8 +95,9 @@ mysql_database 'oracle_rools' do
:password => node['mysql']['server_root_password']
)
action :create
end
end
```
```ruby
# Create a sql server database
sql_server_database 'mr_softie' do
@@ -118,7 +105,8 @@ sql_server_database 'mr_softie' do
:host => '127.0.0.1',
:port => node['sql_server']['port'],
:username => 'sa',
:password => node['sql_server']['server_sa_password']
:password => node['sql_server']['server_sa_password'],
:options => { 'ANSI_NULLS' => 'ON', 'QUOTED_IDENTIFIER' => 'OFF' }
)
action :create
end
@@ -248,139 +236,46 @@ postgresql_database 'vacuum databases' do
end
```
```ruby
# Create, Insert, Query a SQLite database
# Note that inserting anything in to the database will create it automaticly.
sqlite_database 'mr_softie' do
database_name '/path/to/database.db3'
sql "sql command"
action :query
end
# Delete the database, will remove the file
sqlite_database 'mr_softie' do
database_name '/path/to/database.db3'
action :drop
end
```
### database_user
Manage users and user privileges in a RDBMS. Use the proper shortcut resource depending on your RDBMS: `mysql_database_user`, `postgresql_database_user`, or `sql_server_database_user`.
#### Actions
- :create: create a user
- :drop: drop a user
- :grant: manipulate user privileges on database objects
- `:create`: create a user
- `:drop`: drop a user
- `:grant`: manipulate user privileges on database objects
#### Attribute Parameters
- username: name attribute. Name of the database user
- password: password for the user account
- database_name: Name of the database to interact with
- connection: hash of connection info. valid keys include :host,
:port, :username, :password
- privileges: array of database privileges to grant user. used by the
:grant action. default is :all
- host: host where user connections are allowed from. used by MySQL
provider only. default is '127.0.0.1'
- table: table to grant privileges on. used by :grant action and MySQL
provider only. default is '*' (all tables)
- connection: hash of connection info. valid keys include :host, :port, :username, :password
- privileges: array of database privileges to grant user. used by the :grant action. default is :all
- host: host where user connections are allowed from. used by MySQL provider only. default is '127.0.0.1'
- table: table to grant privileges on. used by :grant action and MySQL provider only. default is '*' (all tables)
- require_ssl: true or false to force SSL connections to be used for user
### Providers
- **Chef::Provider::Database::MysqlUser**: shortcut resource
`mysql_database_user`
- **Chef::Provider::Database::PostgresqlUser**: shortcut
resource `postgresql_database_user`
- **Chef::Provider::Database::SqlServerUser**: shortcut resource
`sql_server_database_user`
### Examples
# create connection info as an external ruby hash
mysql_connection_info = {:host => "127.0.0.1",
:username => 'root',
:password => node['mysql']['server_root_password']}
postgresql_connection_info = {:host => "127.0.0.1",
:port => node['postgresql']['config']['port'],
:username => 'postgres',
:password => node['postgresql']['password']['postgres']}
sql_server_connection_info = {:host => "127.0.0.1",
:port => node['sql_server']['port'],
:username => 'sa',
:password => node['sql_server']['server_sa_password']}
# create a mysql user but grant no privileges
mysql_database_user 'disenfranchised' do
connection mysql_connection_info
password 'super_secret'
action :create
end
# do the same but pass the provider to the database resource
database_user 'disenfranchised' do
connection mysql_connection_info
password 'super_secret'
provider Chef::Provider::Database::MysqlUser
action :create
end
# create a postgresql user but grant no privileges
postgresql_database_user 'disenfranchised' do
connection postgresql_connection_info
password 'super_secret'
action :create
end
# do the same but pass the provider to the database resource
database_user 'disenfranchised' do
connection postgresql_connection_info
password 'super_secret'
provider Chef::Provider::Database::PostgresqlUser
action :create
end
# create a sql server user but grant no privileges
sql_server_database_user 'disenfranchised' do
connection sql_server_connection_info
password 'super_secret'
action :create
end
# drop a mysql user
mysql_database_user "foo_user" do
connection mysql_connection_info
action :drop
end
# bulk drop sql server users
%w{ disenfranchised foo_user }.each do |user|
sql_server_database_user user do
connection sql_server_connection_info
action :drop
end
end
# grant select,update,insert privileges to all tables in foo db from all hosts, requiring connections over SSL
mysql_database_user 'foo_user' do
connection mysql_connection_info
password 'super_secret'
database_name 'foo'
host '%'
privileges [:select,:update,:insert]
require_ssl true
action :grant
end
# grant all privileges on all databases/tables from 127.0.0.1
mysql_database_user 'super_user' do
connection mysql_connection_info
password 'super_secret'
action :grant
end
# grant all privileges on all tables in foo db
postgresql_database_user 'foo_user' do
connection postgresql_connection_info
database_name 'foo'
privileges [:all]
action :grant
end
# grant select,update,insert privileges to all tables in foo db
sql_server_database_user 'foo_user' do
connection sql_server_connection_info
password 'super_secret'
database_name 'foo'
privileges [:select,:update,:insert]
action :grant
end
- require_x509: true or false to force SSL with client certificate verification
#### Providers
- `Chef::Provider::Database::MysqlUser`: shortcut resource `mysql_database_user`
- `Chef::Provider::Database::PostgresqlUser`: shortcut resource `postgresql_database_user`
- `Chef::Provider::Database::SqlServerUser`: shortcut resource`sql_server_database_user`
@@ -409,8 +304,6 @@ sql_server_connection_info = {
:password => node['sql_server']['server_sa_password']
}
# Create a mysql user but grant no privileges
mysql_database_user 'disenfranchised' do
connection mysql_connection_info
@@ -418,8 +311,6 @@ mysql_database_user 'disenfranchised' do
action :create
end
# Do the same but pass the provider to the database resource
database_user 'disenfranchised' do
connection mysql_connection_info
@@ -428,8 +319,6 @@ database_user 'disenfranchised' do
action :create
end
# Create a postgresql user but grant no privileges
postgresql_database_user 'disenfranchised' do
connection postgresql_connection_info
@@ -437,7 +326,13 @@ postgresql_database_user 'disenfranchised' do
action :create
end
# The same as above but utilizing hashed password string instead of
# plain text one
postgresql_database_user 'disenfranchised' do
connection postgresql_connection_info
password hashed_password('md5eacdbf8d9847a76978bd515fae200a2a')
action :grant
end
# Do the same but pass the provider to the database resource
database_user 'disenfranchised' do
@@ -447,8 +342,6 @@ database_user 'disenfranchised' do
action :create
end
# Create a sql server user but grant no privileges
sql_server_database_user 'disenfranchised' do
connection sql_server_connection_info
@@ -456,16 +349,12 @@ sql_server_database_user 'disenfranchised' do
action :create
end
# Drop a mysql user
mysql_database_user 'foo_user' do
connection mysql_connection_info
action :drop
end
# Bulk drop sql server users
%w(disenfranchised foo_user).each do |user|
sql_server_database_user user do
@@ -474,8 +363,6 @@ end
end
end
# Grant SELECT, UPDATE, and INSERT privileges to all tables in foo db from all hosts
mysql_database_user 'foo_user' do
connection mysql_connection_info
@@ -486,7 +373,16 @@ mysql_database_user 'foo_user' do
action :grant
end
# The same as above but utilizing hashed password string instead of
# plain text one
mysql_database_user 'foo_user' do
connection mysql_connection_info
password hashed_password('*664E8D709A6EBADFC68361EBE82CF77F10211E52')
database_name 'foo'
host '%'
privileges [:select,:update,:insert]
action :grant
end
# Grant all privileges on all databases/tables from 127.0.0.1
mysql_database_user 'super_user' do
@@ -495,14 +391,16 @@ mysql_database_user 'super_user' do
action :grant
end
# Grant all privileges on all tables in foo db
# grant all privileges on all tables, sequences and functions in public schema of foo db
postgresql_database_user 'foo_user' do
connection postgresql_connection_info
database_name 'foo'
schema_name 'public'
tables [:all]
sequences [:all]
functions [:all]
privileges [:all]
action :grant
action [:grant, :grant_schema, :grant_table, :grant_sequence, :grant_function]
end
# grant select,update,insert privileges to all tables in foo db
@@ -515,129 +413,13 @@ sql_server_database_user 'foo_user' do
end
```
## License & Authors
Recipes
-------
### ebs_volume
*Note*: This recipe does not currently work on RHEL platforms due to the xfs cookbook not supporting RHEL yet.
**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))
Loads the aws information from the data bag. Searches the applications data bag for the database master or slave role and checks that role is applied to the node. Loads the EBS information and the master information from data bags. Uses the aws cookbook LWRP, `aws_ebs_volume` to manage the volume.
**Copyright:** 2009-2016, Chef Software, Inc.
On a master node:
- if we have an ebs volume already as stored in a data bag, attach it
- if we don't have the ebs information then create a new one and attach it
- store the volume information in a data bag via a ruby block
On a slave node:
- use the master volume information to generate a snapshot
- create the new volume from the snapshot and attach it
Also on a master node, generate some configuration for running a snapshot via `chef-solo` from cron.
On a new filesystem volume, create as XFS, then mount it in `/mnt`, and also bind-mount it to the mysql data directory (default `/var/lib/mysql`).
### master
This recipe no longer loads AWS specific information, and the database position for replication is no longer stored in a databag because the client might not have permission to write to the databag item. This may be handled in a different way at a future date.
Searches the apps databag for applications, and for each one it will check that the specified database master role is set in both the databag and applied to the node's run list. Then, retrieves the passwords for `root`, `repl` and `debian` users and saves them to the node attributes. If the passwords are not found in the databag, it prints a message that they'll be generated by the mysql cookbook.
Then it adds the application databag database settings to a hash, to use later.
Then it will iterate over the databases and create them with the `mysql_database` resource while adding privileges for application specific database users using the `mysql_database_user` resource.
### slave
_TODO_: Retrieve the master status from a data bag, then start replication using a ruby block. The replication status needs to be handled in some other way for now since the master recipe above doesn't actually set it in the databag anymore.
### snapshot
Run via Chef Solo. Retrieves the db snapshot configuration from the specified JSON file. Uses the `mysql_database` resource to lock and unlock tables, and does a filesystem freeze and EBS snapshot.
Deprecated Recipes
------------------
The following recipe is considered deprecated. It is kept for reference purposes.
### ebs_backup
Older style of doing mysql snapshot and replication using Adam Jacob's [ec2_mysql](http://github.com/adamhjk/ec2_mysql) script and library.
Data Bags
---------
This cookbook uses the apps data bag item for the specified application; see the `application` cookbook's README.md. It also creates data bag items in a bag named 'aws' for storing volume information. In order to interact with EC2, it expects aws to have a main item:
```javascript
{
"id": "main",
"ec2_private_key": "private key as a string",
"ec2_cert": "certificate as a string",
"aws_account_id": "",
"aws_secret_access_key": "",
"aws_access_key_id": ""
}
```
Note: with the Open Source Chef Server, the server using the database recipes must be an admin client or it will not be able to create data bag items. You can modify whether the client is admin by editing it with knife.
knife client edit <client_name>
{
...
"admin": true
...
}
This is not required if the Chef Server is Chef Software Hosted Chef, instead use the ACL feature to modify access for the node to be able to update the data bag.
Usage
-----
Aside from the application data bag (see the README in the application cookbook), create a role for the database master. Use a `role.rb` in your chef-repo, or create the role directly with knife.
```javascript
{
"name": "my_app_database_master",
"chef_type": "role",
"json_class": "Chef::Role",
"default_attributes": {},
"description": "",
"run_list": [
"recipe[mysql::server]",
"recipe[database::master]"
],
"override_attributes": {}
}
```
Create a `production` environment. This is also used in the `application` cookbook.
```javascript
{
"name": "production",
"description": "",
"cookbook_versions": {},
"json_class": "Chef::Environment",
"chef_type": "environment",
"default_attributes": {},
"override_attributes": {}
}
```
The cookbook `my_app_database` is recommended to set up any
application specific database resources such as configuration
templates, trending monitors, etc. It is not required, but you would
need to create it separately in `site-cookbooks`. Add it to the
`my_app_database_master` role.
License & Authors
-----------------
- Author:: Adam Jacob (<adam@chef.io>)
- Author:: Joshua Timberman (<joshua@chef.io>)
- Author:: AJ Christensen (<aj@chef.io>)
- Author:: Seth Chisamore (<schisamo@chef.io>)
- Author:: Lamont Granquist (<lamont@chef.io>)
- Author:: Sean OMeara (<sean@chef.io>)
```text
Copyright 2009-2015, Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

61
cookbooks/database/Rakefile
View File

@@ -1,61 +0,0 @@
require 'rspec/core/rake_task'
require 'rubocop/rake_task'
require 'foodcritic'
require 'kitchen'
require_relative 'tasks/maintainers'
# Style tests. Rubocop and Foodcritic
namespace :style do
desc 'Run Ruby style checks'
RuboCop::RakeTask.new(:ruby)
desc 'Run Chef style checks'
FoodCritic::Rake::LintTask.new(:chef) do |t|
t.options = {
fail_tags: ['any'],
tags: ['~FC005']
}
end
end
desc 'Run all style checks'
task style: ['style:chef', 'style:ruby']
# Rspec and ChefSpec
desc 'Run ChefSpec examples'
RSpec::Core::RakeTask.new(:spec)
# Integration tests. Kitchen.ci
namespace :integration do
desc 'Run Test Kitchen with Vagrant'
task :vagrant do
Kitchen.logger = Kitchen.default_file_logger
Kitchen::Config.new.instances.each do |instance|
instance.test(:always)
end
end
desc 'Run Test Kitchen with cloud plugins'
task :cloud do
run_kitchen = true
if ENV['TRAVIS'] == 'true' && ENV['TRAVIS_PULL_REQUEST'] != 'false'
run_kitchen = false
end
if run_kitchen
Kitchen.logger = Kitchen.default_file_logger
@loader = Kitchen::Loader::YAML.new(project_config: './.kitchen.cloud.yml')
config = Kitchen::Config.new(loader: @loader)
config.instances.each do |instance|
instance.test(:always)
end
end
end
end
desc 'Run all tests on Travis'
task travis: ['style', 'spec', 'integration:cloud']
# Default
task default: ['style', 'spec', 'integration:vagrant']

2
cookbooks/database/TESTING.md
View File

@@ -1,2 +0,0 @@
Please refer to
https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD

100
cookbooks/database/chefignore
View File

@@ -1,100 +0,0 @@
# Put files/directories that should be ignored in this file when uploading
# or sharing to the community site.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Cookbooks #
#############
CONTRIBUTING
CHANGELOG*
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile
# Travis #
##########
.travis.yml
test/
spec/
examples/

50
cookbooks/database/libraries/hashed_password.rb Normal file
View File

@@ -0,0 +1,50 @@
#
# Author:: Maksim Horbul (<max@gorbul.net>)
# Cookbook Name:: database
# Library:: hashed_password
#
# Copyright:: 2016 Eligible, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require File.join(File.dirname(__FILE__), 'resource_mysql_database_user')
require File.join(File.dirname(__FILE__), 'resource_postgresql_database_user')
class HashedPassword
# Initializes an object of the MysqlPassword type
# @param [String] hashed_password mysql native hashed password
# @return [MysqlPassword]
def initialize(hashed_password)
@hashed_password = hashed_password
end
# String representation of the object
# @return [String] hashed password string
def to_s
@hashed_password
end
module Helpers
# helper method wrappers the string into a MysqlPassword object
# @param [String] hashed_password mysql native hashed password
# @return [MysqlPassword] object
def hashed_password(hashed_password)
HashedPassword.new hashed_password
end
# For backward compatibility, because method was renamed
alias_method :mysql_hashed_password, :hashed_password
end
end
::Chef::Resource::MysqlDatabaseUser.send(:include, HashedPassword::Helpers)
::Chef::Resource::PostgresqlDatabaseUser.send(:include, HashedPassword::Helpers)

41
cookbooks/database/libraries/matchers.rb
View File

@@ -3,7 +3,7 @@
# Cookbook Name:: database
# Library:: matchers
#
# Copyright 2014, Chef Software, Inc.
# Copyright:: 2014-2016 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,6 +21,8 @@
if defined?(ChefSpec)
# database
#
ChefSpec.define_matcher :database
def create_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:database, :create, resource_name)
end
@@ -35,6 +37,8 @@ if defined?(ChefSpec)
# database user
#
ChefSpec.define_matcher :database_user
def create_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:database_user, :create, resource_name)
end
@@ -49,6 +53,8 @@ if defined?(ChefSpec)
# mysql database
#
ChefSpec.define_matcher :mysql_database
def create_mysql_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_database, :create, resource_name)
end
@@ -63,6 +69,8 @@ if defined?(ChefSpec)
# mysql database user
#
ChefSpec.define_matcher :mysql_database_user
def create_mysql_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_database_user, :create, resource_name)
end
@@ -77,6 +85,8 @@ if defined?(ChefSpec)
# postgresql database
#
ChefSpec.define_matcher :postgresql_database
def create_postgresql_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:postgresql_database, :create, resource_name)
end
@@ -91,6 +101,8 @@ if defined?(ChefSpec)
# postgresql database schema
#
ChefSpec.define_matcher :postgresql_database_schema
def create_postgresql_database_schema(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:postgresql_database_schema, :create, resource_name)
end
@@ -101,6 +113,8 @@ if defined?(ChefSpec)
# postgresql database user
#
ChefSpec.define_matcher :postgresql_database_user
def create_postgresql_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:postgresql_database_user, :create, resource_name)
end
@@ -119,20 +133,24 @@ if defined?(ChefSpec)
# sql server database
#
ChefSpec.define_matcher :sql_server_database
def create_sql_server_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database, :create, resource_name)
end
def drop_database(resource_name)
def drop_sql_server_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database, :drop, resource_name)
end
def query_database(resource_name)
def query_sql_server_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database, :query, resource_name)
end
# sql server database user
#
ChefSpec.define_matcher :sql_server_database_user
def create_sql_server_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database_user, :create, resource_name)
end
@@ -148,4 +166,21 @@ if defined?(ChefSpec)
def alter_roles_sql_server_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database_user, :alter_roles, resource_name)
end
# sqlite server database
#
ChefSpec.define_matcher :sqlite_database
def create_sqlite_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sqlite_database, :create, resource_name)
end
def query_sqlite_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sqlite_database, :query, resource_name)
end
def drop_sqlite_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sqlite_database, :drop, resource_name)
end
end

18
cookbooks/database/libraries/provider_database_mysql.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Sean OMeara (<sean@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Author:: Sean OMeara (<sean@sean.io>)
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ class Chef
class Provider
class Database
class Mysql < Chef::Provider::LWRPBase
use_inline_resources if defined?(use_inline_resources)
use_inline_resources
def whyrun_supported?
true
@@ -107,7 +107,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -125,7 +127,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -144,13 +148,15 @@ class Chef
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group],
flags: new_resource.connection[:flags],
database: new_resource.database_name
)
end
def close_query_client
@query_client.close
@query_client.close if @query_client
rescue Mysql2::Error
@query_client = nil
end

272
cookbooks/database/libraries/provider_database_mysql_user.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Sean OMeara (<sean@chef.io>)
# Copyright:: 2011-2015 Chef Software, Inc.
# Author:: Sean OMeara (<sean@sean.io>)
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,7 +23,7 @@ class Chef
class Provider
class Database
class MysqlUser < Chef::Provider::Database::Mysql
use_inline_resources if defined?(use_inline_resources)
use_inline_resources
def whyrun_supported?
true
@@ -38,6 +38,8 @@ class Chef
test_sql_results.each do |r|
user_present = true if r['User'] == new_resource.username
end
password_up_to_date = !user_present || test_user_password
ensure
close_test_client
end
@@ -47,13 +49,22 @@ class Chef
converge_by "Creating user '#{new_resource.username}'@'#{new_resource.host}'" do
begin
repair_sql = "CREATE USER '#{new_resource.username}'@'#{new_resource.host}'"
repair_sql += " IDENTIFIED BY '#{new_resource.password}'" if new_resource.password
if new_resource.password
repair_sql += ' IDENTIFIED BY '
repair_sql += if new_resource.password.is_a?(HashedPassword)
" PASSWORD '#{new_resource.password}'"
else
" '#{new_resource.password}'"
end
end
repair_client.query(repair_sql)
ensure
close_repair_client
end
end
end
update_user_password unless password_up_to_date
end
action :drop do
@@ -89,12 +100,113 @@ class Chef
action :grant do
# gratuitous function
def ishash?
return true if (/(\A\*[0-9A-F]{40}\z)/i).match(new_resource.password)
return true if /(\A\*[0-9A-F]{40}\z)/i =~ new_resource.password
end
db_name = new_resource.database_name ? "`#{new_resource.database_name}`" : '*'
tbl_name = new_resource.table ? new_resource.table : '*'
test_table = new_resource.database_name ? 'mysql.db' : 'mysql.user'
test_table = new_resource.database_name ? 'mysql.db' : 'mysql.user'
# Test
incorrect_privs = nil
begin
test_sql = "SELECT * from #{test_table}"
test_sql += " WHERE User='#{new_resource.username}'"
test_sql += " AND Host='#{new_resource.host}'"
test_sql += " AND Db='#{new_resource.database_name}'" if new_resource.database_name
test_sql_results = test_client.query test_sql
incorrect_privs = true if test_sql_results.size == 0
# These should all be 'Y'
test_sql_results.each do |r|
desired_privs.each do |p|
key = p.to_s.capitalize.tr(' ', '_').gsub('Replication_', 'Repl_').gsub('Create_temporary_tables', 'Create_tmp_table').gsub('Show_databases', 'Show_db')
key = "#{key}_priv"
incorrect_privs = true if r[key] != 'Y'
end
end
password_up_to_date = incorrect_privs || test_user_password
ensure
close_test_client
end
# Repair
if incorrect_privs
converge_by "Granting privs for '#{new_resource.username}'@'#{new_resource.host}'" do
begin
repair_sql = "GRANT #{new_resource.privileges.join(',')}"
repair_sql += " ON #{db_name}.#{tbl_name}"
repair_sql += " TO '#{new_resource.username}'@'#{new_resource.host}' IDENTIFIED BY"
repair_sql += if new_resource.password.is_a?(HashedPassword)
" PASSWORD '#{new_resource.password}'"
else
" '#{new_resource.password}'"
end
repair_sql += ' REQUIRE SSL' if new_resource.require_ssl
repair_sql += ' REQUIRE X509' if new_resource.require_x509
repair_sql += ' WITH GRANT OPTION' if new_resource.grant_option
Chef::Log.info("#{@new_resource}: granting with sql [#{repair_sql}]")
repair_client.query(repair_sql)
repair_client.query('FLUSH PRIVILEGES')
ensure
close_repair_client
end
end
else
# The grants are correct, but perhaps the password needs updating?
update_user_password unless password_up_to_date
end
end
action :revoke do
db_name = new_resource.database_name ? "`#{new_resource.database_name}`" : '*'
tbl_name = new_resource.table ? new_resource.table : '*'
test_table = new_resource.database_name ? 'mysql.db' : 'mysql.user'
privs_to_revoke = []
begin
test_sql = "SELECT * from #{test_table}"
test_sql += " WHERE User='#{new_resource.username}'"
test_sql += " AND Host='#{new_resource.host}'"
test_sql += " AND Db='#{new_resource.database_name}'" if new_resource.database_name
test_sql_results = test_client.query test_sql
# These should all be 'N'
test_sql_results.each do |r|
desired_privs.each do |p|
key = p.to_s.capitalize.tr(' ', '_').gsub('Replication_', 'Repl_').gsub('Create_temporary_tables', 'Create_tmp_table').gsub('Show_databases', 'Show_db')
key = "#{key}_priv"
privs_to_revoke << revokify_key(p) if r[key] != 'N'
end
end
ensure
close_test_client
end
# Repair
unless privs_to_revoke.empty?
converge_by "Granting privs for '#{new_resource.username}'@'#{new_resource.host}'" do
begin
revoke_statement = "REVOKE #{privs_to_revoke.join(',')}"
revoke_statement += " ON #{db_name}.#{tbl_name}"
revoke_statement += " FROM `#{@new_resource.username}`@`#{@new_resource.host}` "
Chef::Log.info("#{@new_resource}: revoking access with statement [#{revoke_statement}]")
repair_client.query(revoke_statement)
repair_client.query('FLUSH PRIVILEGES')
@new_resource.updated_by_last_action(true)
ensure
close_repair_client
end
end
end
end
private
def desired_privs
possible_global_privs = [
:select,
:insert,
@@ -145,76 +257,17 @@ class Chef
:trigger
]
if new_resource.privileges == [:all] && new_resource.database_name
desired_privs = possible_db_privs
elsif new_resource.privileges == [:all]
desired_privs = possible_global_privs
else
desired_privs = new_resource.privileges
end
# Test
incorrect_privs = nil
begin
test_sql = "SELECT * from #{test_table}"
test_sql += " WHERE User='#{new_resource.username}'"
test_sql += " AND Host='#{new_resource.host}'"
test_sql += " AND Db='#{new_resource.database_name}'" if new_resource.database_name
test_sql_results = test_client.query test_sql
incorrect_privs = true if test_sql_results.size == 0
# These should all by 'Y'
test_sql_results.each do |r|
desired_privs.each do |p|
key = "#{p.capitalize}"
.gsub(' ', '_')
.gsub('Replication_', 'Repl_')
key = "#{key}_priv"
incorrect_privs = true if r[key] != 'Y'
end
end
ensure
close_test_client
end
# Repair
if incorrect_privs
converge_by "Granting privs for '#{new_resource.username}'@'#{new_resource.host}'" do
begin
repair_sql = "GRANT #{new_resource.privileges.join(',')}"
repair_sql += " ON #{db_name}.#{tbl_name}"
repair_sql += " TO '#{new_resource.username}'@'#{new_resource.host}' IDENTIFIED BY"
repair_sql += " '#{new_resource.password}'"
repair_sql += ' REQUIRE SSL' if new_resource.require_ssl
repair_sql += ' WITH GRANT OPTION' if new_resource.grant_option
repair_client.query(repair_sql)
repair_client.query('FLUSH PRIVILEGES')
ensure
close_repair_client
end
end
end
# convert :all to the individual db or global privs
desired_privs = if new_resource.privileges == [:all] && new_resource.database_name
possible_db_privs
elsif new_resource.privileges == [:all]
possible_global_privs
else
new_resource.privileges
end
desired_privs
end
def action_revoke
db_name = new_resource.database_name ? "`#{new_resource.database_name}`" : '*'
tbl_name = new_resource.table ? new_resource.table : '*'
revoke_statement = "REVOKE #{@new_resource.privileges.join(', ')}"
revoke_statement += " ON #{db_name}.#{tbl_name}"
revoke_statement += " FROM `#{@new_resource.username}`@`#{@new_resource.host}` "
Chef::Log.info("#{@new_resource}: revoking access with statement [#{revoke_statement}]")
db.query(revoke_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
private
def test_client
require 'mysql2'
@test_client ||=
@@ -223,7 +276,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -241,7 +296,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -250,6 +307,69 @@ class Chef
rescue Mysql2::Error
@repair_client = nil
end
def revokify_key(key)
return '' if key.nil?
# Some keys need to be translated as outlined by the table found here:
# https://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html
result = key.to_s.downcase.tr('_', ' ').gsub('repl ', 'replication ').gsub('create tmp table', 'create temporary tables').gsub('show db', 'show databases')
result = result.gsub(/ priv$/, '')
result
end
def test_user_password
if database_has_password_column(test_client)
test_sql = 'SELECT User,Host,Password FROM mysql.user ' \
"WHERE User='#{new_resource.username}' AND Host='#{new_resource.host}' "
test_sql += if new_resource.password.is_a? HashedPassword
"AND Password='#{new_resource.password}'"
else
"AND Password=PASSWORD('#{new_resource.password}')"
end
else
test_sql = 'SELECT User,Host,authentication_string FROM mysql.user ' \
"WHERE User='#{new_resource.username}' AND Host='#{new_resource.host}' " \
"AND plugin='mysql_native_password' "
test_sql += if new_resource.password.is_a? HashedPassword
"AND authentication_string='#{new_resource.password}'"
else
"AND authentication_string=PASSWORD('#{new_resource.password}')"
end
end
test_client.query(test_sql).size > 0
end
def update_user_password
converge_by "Updating password of user '#{new_resource.username}'@'#{new_resource.host}'" do
begin
if database_has_password_column(repair_client)
repair_sql = "SET PASSWORD FOR '#{new_resource.username}'@'#{new_resource.host}' = "
repair_sql += if new_resource.password.is_a? HashedPassword
"'#{new_resource.password}'"
else
" PASSWORD('#{new_resource.password}')"
end
else
# "ALTER USER is now the preferred statement for assigning passwords."
# http://dev.mysql.com/doc/refman/5.7/en/set-password.html
repair_sql = "ALTER USER '#{new_resource.username}'@'#{new_resource.host}' "
repair_sql += if new_resource.password.is_a? HashedPassword
"IDENTIFIED WITH mysql_native_password AS '#{new_resource.password}'"
else
"IDENTIFIED BY '#{new_resource.password}'"
end
end
repair_client.query(repair_sql)
ensure
close_repair_client
end
end
end
def database_has_password_column(client)
client.query('SHOW COLUMNS FROM mysql.user WHERE Field="Password"').size > 0
end
end
end
end

17
cookbooks/database/libraries/provider_database_postgresql.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,7 +23,7 @@ class Chef
class Provider
class Database
class Postgresql < Chef::Provider::LWRPBase
use_inline_resources if defined?(use_inline_resources)
use_inline_resources
def whyrun_supported?
true
@@ -31,7 +31,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'pg'
begin
require 'pg'
rescue LoadError
Chef::Log.fatal('Could not load the required pg gem. Make sure to include the database::postgresql or postgresql::ruby recipes in your runlist')
raise
end
@current_resource = Chef::Resource::Database.new(@new_resource.name)
@current_resource.database_name(@new_resource.database_name)
@current_resource
@@ -134,7 +139,11 @@ class Chef
end
def close
@db.close rescue nil
begin
@db.close
rescue
nil
end
@db = nil
end
end

9
cookbooks/database/libraries/provider_database_postgresql_schema.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2013 Chef Software, Inc.
# Copyright:: 2013-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,7 +26,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'pg'
begin
require 'pg'
rescue LoadError
Chef::Log.fatal('Could not load the required pg gem. Make sure to include the database::postgresql or postgresql::ruby recipes in your runlist')
raise
end
@current_resource = Chef::Resource::PostgresqlDatabaseSchema.new(@new_resource.name)
@current_resource.schema_name(@new_resource.schema_name)
@current_resource

75
cookbooks/database/libraries/provider_database_postgresql_user.rb
View File

@@ -2,7 +2,7 @@
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,7 +28,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'pg'
begin
require 'pg'
rescue LoadError
Chef::Log.fatal('Could not load the required pg gem. Make sure to include the database::postgresql or postgresql::ruby recipes in your runlist')
raise
end
@current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name)
@current_resource.username(@new_resource.name)
@current_resource
@@ -39,14 +44,23 @@ class Chef
begin
options = ''
options += " PASSWORD '#{@new_resource.password}'" if @new_resource.password
options += " #{@new_resource.createdb ? 'CREATEDB' : 'NOCREATEDB'}"
options += " #{@new_resource.createrole ? 'CREATEROLE' : 'NOCREATEROLE'}"
options += " #{@new_resource.login ? 'LOGIN' : 'NOLOGIN'}"
options += " #{@new_resource.replication ? 'REPLICATION' : 'NOREPLICATION'}" if version_greater_than?(90_100)
options += " #{@new_resource.superuser ? 'SUPERUSER' : 'NOSUPERUSER'}"
# Options from Postgresql specific resource
options += " #{@new_resource.createdb ? 'CREATEDB' : 'NOCREATEDB'}" if @new_resource.respond_to?(:createdb)
options += " #{@new_resource.createrole ? 'CREATEROLE' : 'NOCREATEROLE'}" if @new_resource.respond_to?(:createrole)
options += " #{@new_resource.login ? 'LOGIN' : 'NOLOGIN'}" if @new_resource.respond_to?(:login)
options += " #{@new_resource.replication ? 'REPLICATION' : 'NOREPLICATION'}" if @new_resource.respond_to?(:replication) && version_greater_than?(90_100)
options += " #{@new_resource.superuser ? 'SUPERUSER' : 'NOSUPERUSER'}" if @new_resource.respond_to?(:superuser)
# Options from a non Postgresql specific resource
options += " #{Chef::Resource::PostgresqlDatabaseUser::CREATE_DB_DEFAULT ? 'CREATEDB' : 'NOCREATEDB'}" unless @new_resource.respond_to?(:createdb)
options += " #{Chef::Resource::PostgresqlDatabaseUser::CREATE_ROLE_DEFAULT ? 'CREATEROLE' : 'NOCREATEROLE'}" unless @new_resource.respond_to?(:createrole)
options += " #{Chef::Resource::PostgresqlDatabaseUser::LOGIN_DEFAULT ? 'LOGIN' : 'NOLOGIN'}" unless @new_resource.respond_to?(:login)
options += " #{Chef::Resource::PostgresqlDatabaseUser::REPLICATION_DEFAULT ? 'REPLICATION' : 'NOREPLICATION'}" unless @new_resource.respond_to?(:replication) || !version_greater_than?(90_100)
options += " #{Chef::Resource::PostgresqlDatabaseUser::SUPERUSER_DEFAULT ? 'SUPERUSER' : 'NOSUPERUSER'}" unless @new_resource.respond_to?(:superuser)
statement = "CREATE USER \"#{@new_resource.username}\""
statement += " WITH #{options}" if options.length > 0
statement += " WITH #{options}" unless options.empty?
db('template1').query(statement)
@new_resource.updated_by_last_action(true)
@@ -85,6 +99,51 @@ class Chef
close
end
def action_grant_table
grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON "
grant_statement << if @new_resource.tables.include?(:all)
"ALL TABLES IN SCHEMA \"#{@new_resource.schema_name}\""
else
"TABLE #{@new_resource.tables.join(', ')}"
end
grant_statement << " TO \"#{@new_resource.username}\""
Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]")
db(@new_resource.database_name).query(grant_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
def action_grant_sequence
grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON "
grant_statement << if @new_resource.sequences.include?(:all)
"ALL SEQUENCES IN SCHEMA \"#{@new_resource.schema_name}\""
else
"SEQUENCE #{@new_resource.sequences.join(', ')}"
end
grant_statement << " TO \"#{@new_resource.username}\""
Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]")
db(@new_resource.database_name).query(grant_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
def action_grant_function
grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON "
grant_statement << if @new_resource.functions.include?(:all)
"ALL FUNCTIONS IN SCHEMA \"#{@new_resource.schema_name}\""
else
"FUNCTION #{@new_resource.functions.join(', ')}"
end
grant_statement << " TO \"#{@new_resource.username}\""
Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]")
db(@new_resource.database_name).query(grant_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
private
def exists?

27
cookbooks/database/libraries/provider_database_sql_server.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,7 +26,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'tiny_tds'
begin
require 'tiny_tds'
rescue LoadError
Chef::Log.fatal('Could not load the required tiny_tds gem. Make sure to install this in your wrapper cookbook')
raise
end
@current_resource = Chef::Resource::Database.new(@new_resource.name)
@current_resource.database_name(@new_resource.database_name)
@current_resource
@@ -92,17 +97,29 @@ class Chef
def db
@db ||= begin
::TinyTds::Client.new(
connection = ::TinyTds::Client.new(
host: @new_resource.connection[:host],
username: @new_resource.connection[:username],
password: @new_resource.connection[:password],
port: @new_resource.connection[:port] || 1433
port: @new_resource.connection[:port] || 1433,
timeout: @new_resource.connection[:timeout] || 120,
options: @new_resource.connection[:options] || {}
)
if new_resource.connection.include?(:options)
@new_resource.connection[:options].each do |key, value|
connection.execute("SET #{key} #{value}").do
end
end
connection
end
end
def close
@db.close rescue nil
begin
@db.close
rescue
nil
end
@db = nil
end
end

31
cookbooks/database/libraries/provider_database_sql_server_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,7 +26,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'tiny_tds'
begin
require 'tiny_tds'
rescue LoadError
Chef::Log.fatal('Could not load the required tiny_tds gem. Make sure to install this in your wrapper cookbook')
raise
end
@current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name)
@current_resource.username(@new_resource.name)
@current_resource
@@ -106,22 +111,12 @@ class Chef
Chef::Log.info("SQL Server Version: #{server_version.inspect}")
db.execute('USE [master]').do
@new_resource.sql_sys_roles.each do |sql_sys_role, role_action|
case role_action
when 'ADD'
if server_version < '11.00.0000.00'
alter_statement = "EXEC sp_addsrvrolemember '#{@new_resource.username}', '#{sql_sys_role}'"
else
alter_statement = "ALTER SERVER ROLE #{sql_role} #{role_action} MEMBER [#{@new_resource.username}]"
end
Chef::Log.info("#{@new_resource} granting server role membership with statement [#{alter_statement}]")
when 'DROP'
if server_version < '11.00.0000.00'
alter_statement = "EXEC sp_dropsrvrolemember '#{@new_resource.username}', '#{sql_sys_role}'"
else
alter_statement = "ALTER SERVER ROLE #{sql_role} #{role_action} MEMBER [#{@new_resource.username}]"
end
Chef::Log.info("#{@new_resource} revoking server role membership with statement [#{alter_statement}]")
end
alter_statement = if server_version < '11.00.0000.00'
"EXEC sp_#{role_action.downcase}srvrolemember '#{@new_resource.username}', '#{sql_sys_role}'"
else
"ALTER SERVER ROLE #{sql_sys_role} #{role_action} MEMBER [#{@new_resource.username}]"
end
Chef::Log.info("#{@new_resource} granting server role membership with statement [#{alter_statement}]")
db.execute(alter_statement).do
end
@new_resource.updated_by_last_action(true)

96
cookbooks/database/libraries/provider_database_sqlite.rb Normal file
View File

@@ -0,0 +1,96 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/provider'
class Chef
class Provider
class Database
class Sqlite < Chef::Provider
include Chef::Mixin::ShellOut
def load_current_resource
Gem.clear_paths
begin
require 'sqlite3'
rescue LoadError
Chef::Log.fatal('Could not load the required sqlite3 gem. Make sure to include the database::sqlite recipe on your runlist')
raise
end
@current_resource = Chef::Resource::Database.new(@new_resource.name)
@current_resource.database_name(@new_resource.database_name)
@current_resource
end
def action_create
unless exists?
::File.open(@new_resource.database_name, 'w') {}
@new_resource.updated_by_last_action(true)
end
end
def action_query
if exists?
begin
if @new_resource.sql_query.is_a?(Array)
@new_resource.sql_query.each do |sql|
Chef::Log.debug("#{@new_resource}: Performing queries [#{sql}]")
db.execute(sql)
end
else
Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]")
db.execute(@new_resource.sql_query)
end
@new_resource.updated_by_last_action(true)
ensure
close
end
end
end
def action_drop
if exists?
begin
Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}")
::File.unlink(@new_resource.database_name)
@new_resource.updated_by_last_action(true)
ensure
close
end
end
end
private
def exists?
::File.exist?(@new_resource.database_name)
end
def db
@db ||= begin
::SQLite3::Database.new(@new_resource.database_name)
end
end
def close
@db = nil
end
end
end
end
end

2
cookbooks/database/libraries/resource_database.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

11
cookbooks/database/libraries/resource_database_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,6 +32,7 @@ class Chef
@privileges = [:all]
@grant_option = false
@require_ssl = false
@require_x509 = false
@allowed_actions.push(:create, :drop, :grant, :revoke)
@action = :create
@@ -61,6 +62,14 @@ class Chef
)
end
def require_x509(arg = nil)
set_or_return(
:require_x509,
arg,
kind_of: [TrueClass, FalseClass]
)
end
def password(arg = nil)
set_or_return(
:password,

4
cookbooks/database/libraries/resource_mysql_database.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Sean OMeara (<sean@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Author:: Sean OMeara (<sean@sean.io>)
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

10
cookbooks/database/libraries/resource_mysql_database_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -27,6 +27,14 @@ class Chef
@resource_name = :mysql_database_user
@provider = Chef::Provider::Database::MysqlUser
end
def password(arg = nil)
set_or_return(
:password,
arg,
kind_of: [String, HashedPassword]
)
end
end
end
end

2
cookbooks/database/libraries/resource_postgresql_database.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

2
cookbooks/database/libraries/resource_postgresql_database_schema.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2013 Chef Software, Inc.
# Copyright:: 2013-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

55
cookbooks/database/libraries/resource_postgresql_database_user.rb
View File

@@ -2,7 +2,7 @@
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,17 +24,26 @@ require File.join(File.dirname(__FILE__), 'provider_database_postgresql_user')
class Chef
class Resource
class PostgresqlDatabaseUser < Chef::Resource::DatabaseUser
CREATE_DB_DEFAULT = false unless defined?(CREATE_DB_DEFAULT)
CREATE_ROLE_DEFAULT = false unless defined?(CREATE_ROLE_DEFAULT)
LOGIN_DEFAULT = true unless defined?(LOGIN_DEFAULT)
REPLICATION_DEFAULT = false unless defined?(REPLICATION_DEFAULT)
SUPERUSER_DEFAULT = false unless defined?(SUPERUSER_DEFAULT)
def initialize(name, run_context = nil)
super
@resource_name = :postgresql_database_user
@provider = Chef::Provider::Database::PostgresqlUser
@createdb = false
@createrole = false
@login = true
@replication = false
@superuser = false
@createdb = CREATE_DB_DEFAULT
@createrole = CREATE_ROLE_DEFAULT
@login = LOGIN_DEFAULT
@replication = REPLICATION_DEFAULT
@superuser = SUPERUSER_DEFAULT
@schema_name = nil
@allowed_actions.push(:create, :drop, :grant, :grant_schema)
@tables = [:all]
@sequences = [:all]
@functions = [:all]
@allowed_actions.push(:create, :drop, :grant, :grant_schema, :grant_table, :grant_sequence, :grant_function)
end
def createdb(arg = nil)
@@ -61,6 +70,14 @@ class Chef
)
end
def password(arg = nil)
set_or_return(
:password,
arg,
kind_of: [String, HashedPassword]
)
end
def replication(arg = nil)
set_or_return(
:replication,
@@ -84,6 +101,30 @@ class Chef
equal_to: [true, false]
)
end
def tables(arg = nil)
set_or_return(
:tables,
arg,
kind_of: Array, default: [:all]
)
end
def sequences(arg = nil)
set_or_return(
:sequences,
arg,
kind_of: Array, default: [:all]
)
end
def functions(arg = nil)
set_or_return(
:functions,
arg,
kind_of: Array, default: [:all]
)
end
end
end
end

2
cookbooks/database/libraries/resource_sql_server_database.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

2
cookbooks/database/libraries/resource_sql_server_database_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

40
cookbooks/database/libraries/resource_sqlite_database.rb Normal file
View File

@@ -0,0 +1,40 @@
#
# Author:: Ronald Doorn (<rdoorn@schubergphilis.com>)
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require File.join(File.dirname(__FILE__), 'resource_database')
require File.join(File.dirname(__FILE__), 'provider_database_sqlite')
class Chef
class Resource
class SqliteDatabase < Chef::Resource::Database
def initialize(name, run_context = nil)
super
@resource_name = :sqlite_database
@provider = Chef::Provider::Database::Sqlite
end
def sql(arg = nil, &block)
arg ||= block
set_or_return(
:sql,
arg,
kind_of: [String, Proc, Array]
)
end
end
end
end

50
cookbooks/database/metadata.json
View File

File diff suppressed because one or more lines are too long

21
cookbooks/database/metadata.rb
View File

@@ -1,21 +0,0 @@
name 'database'
maintainer 'Chef Software, Inc.'
maintainer_email 'cookbooks@chef.io'
license 'Apache 2.0'
description 'provides LWRPs for common database tasks'
version '4.0.9'
supports 'debian'
supports 'ubuntu'
supports 'centos'
supports 'suse'
supports 'fedora'
supports 'redhat'
supports 'scientific'
supports 'oracle'
supports 'amazon'
depends 'postgresql', '>= 1.0.0'
source_url 'https://github.com/opscode-cookbooks/database' if respond_to?(:source_url)
issues_url 'https://github.com/opscode-cookbooks/database/issues' if respond_to?(:issues_url)

2
cookbooks/database/recipes/postgresql.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Jesse Howarth (<him@jessehowarth.com>)
#
# Copyright:: Copyright (c) 2012, Chef Software, Inc. (<legal@chef.io>)
# Copyright:: 2012-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

32
cookbooks/database/recipes/sqlite.rb Normal file
View File

@@ -0,0 +1,32 @@
#
# Author:: Ronald Doorn (<rdoorn@schubergphilie.com>)
#
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Install required packages
case node['platform_family']
when 'rhel', 'fedora'
packages = ['gcc', 'make', 'sqlite-devel', 'sqlite']
when 'debian', 'ubuntu'
packages = ['gcc', 'make', 'libsqlite3-dev', 'sqlite3']
end
package packages
# Install required gem (will be compiled)
chef_gem 'sqlite3' do
compile_time false
end

4
cookbooks/database/templates/default/app_grants.sql.erb
View File

@@ -1,4 +1,6 @@
# Generated by Chef. Local modifications will be overwritten.
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
<% @db_info.each do |env,db| -%>
# Privileges for databases in <%= env %>
GRANT ALL ON <%= db['database'] %>.* TO '<%= db['username'] %>'@'localhost' IDENTIFIED BY '<%= db['password'] %>';

3
cookbooks/database/templates/default/aws_config.erb
View File

@@ -1,3 +0,0 @@
AWS_ACCESS_KEY_ID=<%= @access_key %>
AWS_SECRET_ACCESS_KEY=<%= @secret_key %>
BUCKET_BASE_NAME=db-backups

8
cookbooks/database/templates/default/ebs-db-backup.sh.erb
View File

@@ -1,8 +0,0 @@
#!/bin/bash
#
# Back up a MySQL database via EBS snapshot
. /mnt/aws-config/config
/opt/ec2_mysql/bin/ec2_mysql -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY -p '<%= @mysql_root_passwd %>' -k 5 master
echo "done"

10
cookbooks/database/templates/default/ebs-db-restore.sh.erb
View File

@@ -1,10 +0,0 @@
#!/bin/bash
#
# Restore a MySQL database from EBS
mkdir -p /mnt/restore
. /mnt/aws-config/config
/opt/ec2_mysql/bin/ec2_mysql -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY -p '<%= @mysql_root_password %>' -v '<%= @ebs_vol_id %>' -m /mnt/restore -d <%= @mysql_device %> -r <%= @mysql_device %> -l debug -n slave
echo "done"

27
cookbooks/database/templates/default/s3cfg.erb
View File

@@ -1,27 +0,0 @@
[default]
access_key = <%= @aws['aws_access_key_id'] %>
acl_public = False
bucket_location = US
debug_syncmatch = False
default_mime_type = binary/octet-stream
delete_removed = False
dry_run = False
encrypt = False
force = False
gpg_command = /usr/bin/gpg
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_passphrase =
guess_mime_type = False
host_base = s3.amazonaws.com
host_bucket = %(bucket)s.s3.amazonaws.com
human_readable_sizes = False
preserve_attrs = True
proxy_host =
proxy_port = 0
recv_chunk = 4096
secret_key = <%= @aws['aws_secret_access_key'] %>
send_chunk = 4096
simpledb_host = sdb.amazonaws.com
use_https = True
verbosity = WARNING