thijso
2012-Jul-19 15:23 UTC
[Puppet Users] Problems granting privileges with puppetlabs/mysql
First off, I''m not sure if I should be asking questions about
puppetlabs
modules here, if not, I apologise...
I''m trying to at least setup my mysql replication user through the
mysql
module, but I seem to be unable to divine the correct way to do this.
I''ve
tried a number of different variations, but my user doesn''t get the
repl_slave_priv on my user table... This is the relevant part of my
manifest:
-----------------
database_user { "repl_slave@%":
password_hash => mysql_password('' ... ''),
}
database_grant { "repl_slave@%/*.*":
privileges => [''repl_slave_priv''],
}
----------------
The puppet run doesn''t raise an error, it says:
notice:
/Stage[main]/Db::Repl_user/Database_grant[repl_slave@%/*.*]/privileges:
privileges changed '''' to ''repl_slave_priv''
But it does so at each puppet run, so clearly it''s actually NOT
changing
privileges to ''repl_slave_priv''. This seems like a pretty big
bug to me. If
it fails, it should tell me it fails, not pretend it worked. Also, when I
check on the actual user table I indeed see no repl_slave_priv granted to
this user...
I''ve also tried ''replication slave'' (which is what
you do in a GRANT x
incantation) and ''repl_slave''. A little more documentation for
the module
would be a great help here...
Thanks for any pointers,
Thijs
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/v7NNyzpAPJ0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Walter Heck
2012-Jul-21 14:34 UTC
Re: [Puppet Users] Problems granting privileges with puppetlabs/mysql
A quick look into mysql/lib/puppet/provider/database_grant/mysql.rb teaches me this module grants permissions only on db and user level. Repl_slave is only available at global level. Imho this module is doing it wrong by messing with the mysql table. Instead, it should generate proper GRANT statements and execute those to update permissions. cheers, Walter On Thu, Jul 19, 2012 at 11:23 PM, thijso <thijso@gmail.com> wrote:> First off, I''m not sure if I should be asking questions about puppetlabs > modules here, if not, I apologise... > > I''m trying to at least setup my mysql replication user through the mysql > module, but I seem to be unable to divine the correct way to do this. I''ve > tried a number of different variations, but my user doesn''t get the > repl_slave_priv on my user table... This is the relevant part of my > manifest: > > ----------------- > database_user { "repl_slave@%": > password_hash => mysql_password('' ... ''), > } > > database_grant { "repl_slave@%/*.*": > privileges => [''repl_slave_priv''], > } > ---------------- > > The puppet run doesn''t raise an error, it says: > > notice: /Stage[main]/Db::Repl_user/Database_grant[repl_slave@%/*.*]/privileges: > privileges changed '''' to ''repl_slave_priv'' > > But it does so at each puppet run, so clearly it''s actually NOT changing > privileges to ''repl_slave_priv''. This seems like a pretty big bug to me. If > it fails, it should tell me it fails, not pretend it worked. Also, when I > check on the actual user table I indeed see no repl_slave_priv granted to > this user... > > I''ve also tried ''replication slave'' (which is what you do in a GRANT x > incantation) and ''repl_slave''. A little more documentation for the module > would be a great help here... > > Thanks for any pointers, > Thijs > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/v7NNyzpAPJ0J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- Walter Heck -- Check out my startup: Puppet training and consulting @ http://www.olindata.com Follow @olindata on Twitter and/or ''Like'' our Facebook page at http://www.facebook.com/olindata -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
thijso
2012-Jul-23 08:35 UTC
Re: [Puppet Users] Problems granting privileges with puppetlabs/mysql
On Saturday, 21 July 2012 16:34:20 UTC+2, Walter Heck wrote:> > A quick look into mysql/lib/puppet/provider/database_grant/mysql.rb > teaches me this module grants permissions only on db and user level. > Repl_slave is only available at global level.Aha. Thanks for pointing this out.> Imho this module is doing it wrong by messing with the mysql table. > Instead, it should generate proper GRANT statements and execute those to > update permissions.Yeah, that''s what I thought, too.> cheers, > > Walter > > On Thu, Jul 19, 2012 at 11:23 PM, thijso <thijso@gmail.com> wrote: > >> First off, I''m not sure if I should be asking questions about puppetlabs >> modules here, if not, I apologise... >> >> I''m trying to at least setup my mysql replication user through the mysql >> module, but I seem to be unable to divine the correct way to do this. I''ve >> tried a number of different variations, but my user doesn''t get the >> repl_slave_priv on my user table... This is the relevant part of my >> manifest: >> >> ----------------- >> database_user { "repl_slave@%": >> password_hash => mysql_password('' ... ''), >> } >> >> database_grant { "repl_slave@%/*.*": >> privileges => [''repl_slave_priv''], >> } >> ---------------- >> >> The puppet run doesn''t raise an error, it says: >> >> notice: >> /Stage[main]/Db::Repl_user/Database_grant[repl_slave@%/*.*]/privileges: >> privileges changed '''' to ''repl_slave_priv'' >> >> But it does so at each puppet run, so clearly it''s actually NOT changing >> privileges to ''repl_slave_priv''. This seems like a pretty big bug to me. If >> it fails, it should tell me it fails, not pretend it worked. Also, when I >> check on the actual user table I indeed see no repl_slave_priv granted to >> this user... >> >> I''ve also tried ''replication slave'' (which is what you do in a GRANT x >> incantation) and ''repl_slave''. A little more documentation for the module >> would be a great help here... >> >> Thanks for any pointers, >> Thijs >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/v7NNyzpAPJ0J. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > Walter Heck > > -- > Check out my startup: Puppet training and consulting @ > http://www.olindata.com > Follow @olindata on Twitter and/or ''Like'' our Facebook page at > http://www.facebook.com/olindata >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7v-GNnzBhDAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nicholas Andre
2012-Aug-07 19:26 UTC
Re: [Puppet Users] Problems granting privileges with puppetlabs/mysql
I''ve posted on the puppetlabs bug database<http://projects.puppetlabs.com/issues/15808>about this. Is there any solution for managing mysql grants through puppet? Am I doing anything wrong or is this module just fatally flawed? On Monday, July 23, 2012 4:35:37 AM UTC-4, thijso wrote:> > > > On Saturday, 21 July 2012 16:34:20 UTC+2, Walter Heck wrote: >> >> A quick look into mysql/lib/puppet/provider/database_grant/mysql.rb >> teaches me this module grants permissions only on db and user level. >> Repl_slave is only available at global level. > > > Aha. Thanks for pointing this out. > > >> Imho this module is doing it wrong by messing with the mysql table. >> Instead, it should generate proper GRANT statements and execute those to >> update permissions. > > > Yeah, that''s what I thought, too. > > > >> cheers, >> >> Walter >> >> On Thu, Jul 19, 2012 at 11:23 PM, thijso <thijso@gmail.com> wrote: >> >>> First off, I''m not sure if I should be asking questions about puppetlabs >>> modules here, if not, I apologise... >>> >>> I''m trying to at least setup my mysql replication user through the mysql >>> module, but I seem to be unable to divine the correct way to do this. I''ve >>> tried a number of different variations, but my user doesn''t get the >>> repl_slave_priv on my user table... This is the relevant part of my >>> manifest: >>> >>> ----------------- >>> database_user { "repl_slave@%": >>> password_hash => mysql_password('' ... ''), >>> } >>> >>> database_grant { "repl_slave@%/*.*": >>> privileges => [''repl_slave_priv''], >>> } >>> ---------------- >>> >>> The puppet run doesn''t raise an error, it says: >>> >>> notice: >>> /Stage[main]/Db::Repl_user/Database_grant[repl_slave@%/*.*]/privileges: >>> privileges changed '''' to ''repl_slave_priv'' >>> >>> But it does so at each puppet run, so clearly it''s actually NOT changing >>> privileges to ''repl_slave_priv''. This seems like a pretty big bug to me. If >>> it fails, it should tell me it fails, not pretend it worked. Also, when I >>> check on the actual user table I indeed see no repl_slave_priv granted to >>> this user... >>> >>> I''ve also tried ''replication slave'' (which is what you do in a GRANT x >>> incantation) and ''repl_slave''. A little more documentation for the module >>> would be a great help here... >>> >>> Thanks for any pointers, >>> Thijs >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/puppet-users/-/v7NNyzpAPJ0J. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscribe@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >> >> >> >> -- >> Walter Heck >> >> -- >> Check out my startup: Puppet training and consulting @ >> http://www.olindata.com >> Follow @olindata on Twitter and/or ''Like'' our Facebook page at >> http://www.facebook.com/olindata >> >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/5S7HTGTIrUgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.