summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/modules/mysql_user219
-rw-r--r--roles/bacula-dir/tasks/main.yml2
-rw-r--r--roles/common-SQL/files/etc/mysql/my.cnf1
-rw-r--r--roles/common-SQL/tasks/main.yml14
-rw-r--r--roles/common/files/etc/logcheck/ignore.d.server/common-local2
-rw-r--r--roles/lists/tasks/sympa.yml6
6 files changed, 20 insertions, 24 deletions
diff --git a/lib/modules/mysql_user2 b/lib/modules/mysql_user2
index d10e3e0..4188e8c 100644
--- a/lib/modules/mysql_user2
+++ b/lib/modules/mysql_user2
@@ -151,17 +151,18 @@ def user_exists(cursor, user, host):
count = cursor.fetchone()
return count[0] > 0
-def load_plugin(cursor, plugin):
- cursor.execute("SELECT count(*) FROM information_schema.plugins WHERE name = %s", plugin)
+def load_plugin(cursor, plugin, soname):
+ cursor.execute("SELECT count(*) FROM information_schema.plugins WHERE plugin_name = %s", plugin)
count = cursor.fetchone()
if count[0] == 0:
- so = "%s.so" % plugin
- cursor.execute("INSTALL PLUGIN %s SONAME %s", (plugin, so))
+ if soname is None:
+ module.fail_json(msg="missing plugin 'soname' parameter")
+ cursor.execute("INSTALL PLUGIN %s SONAME %s", (plugin, soname))
-def user_add(cursor, user, host, password, new_priv, auth_plugin):
+def user_add(cursor, user, host, password, new_priv, auth_plugin, soname):
if password is None:
# Automatically loaded on first first use.
- load_plugin(cursor, auth_plugin)
+ load_plugin(cursor, auth_plugin, soname)
cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s", (user,host,auth_plugin))
else:
cursor.execute("CREATE USER %s@%s IDENTIFIED BY %s", (user,host,password))
@@ -422,7 +423,8 @@ def main():
priv=dict(default=None),
append_privs=dict(type="bool", default="no"),
check_implicit_admin=dict(default=False),
- auth_plugin=dict(default=None)
+ auth_plugin=dict(default=None),
+ soname=dict(default=None)
)
)
user = module.params["user"]
@@ -433,6 +435,7 @@ def main():
check_implicit_admin = module.params['check_implicit_admin']
append_privs = module.boolean(module.params["append_privs"])
auth_plugin = module.params['auth_plugin']
+ soname = module.params['soname']
if not mysqldb_found:
module.fail_json(msg="the python mysqldb module is required")
@@ -478,7 +481,7 @@ def main():
else:
if (password is None and auth_plugin is None) or (password is not None and auth_plugin is not None):
module.fail_json(msg="password xor auth_plugin is required when adding a user")
- changed = user_add(cursor, user, host, password, priv, auth_plugin)
+ changed = user_add(cursor, user, host, password, priv, auth_plugin, soname)
elif state == "absent":
if user_exists(cursor, user, host):
changed = user_delete(cursor, user, host)
diff --git a/roles/bacula-dir/tasks/main.yml b/roles/bacula-dir/tasks/main.yml
index 5a23dc5..4cacc6e 100644
--- a/roles/bacula-dir/tasks/main.yml
+++ b/roles/bacula-dir/tasks/main.yml
@@ -5,7 +5,7 @@
- bacula-director-mysql
- name: Create a 'bacula' SQL user
- mysql_user2: name=bacula password= auth_plugin=auth_socket
+ mysql_user2: name=bacula password= auth_plugin=unix_socket
state=present
notify:
- Restart bacula-director
diff --git a/roles/common-SQL/files/etc/mysql/my.cnf b/roles/common-SQL/files/etc/mysql/my.cnf
index 6caeb64..e1dff58 100644
--- a/roles/common-SQL/files/etc/mysql/my.cnf
+++ b/roles/common-SQL/files/etc/mysql/my.cnf
@@ -35,7 +35,6 @@ nice = 0
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
-plugin-load = auth_socket=auth_socket.so
port = 3306
basedir = /usr
datadir = /var/lib/mysql
diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml
index 9064a68..73b6878 100644
--- a/roles/common-SQL/tasks/main.yml
+++ b/roles/common-SQL/tasks/main.yml
@@ -1,14 +1,8 @@
-# XXX If #742046 gets fixed, we should preseed mysql-server to use
-# auth_socket as auth_plugin once the fix enters stable.
-- name: Install MySQL
+- name: Install MariaDB
apt: pkg={{ item }}
with_items:
- # XXX: In non-interactive mode apt-get doesn't put a password on
- # MySQL's root user; we fix that on the next task, but an intruder
- # could exploit the race condition and for instance create dummy
- # users.
- - mysql-common
- - mysql-server
+ - mariadb-common
+ - mariadb-server
- python-mysqldb
# for the 'mysql_' munin plugin
- libcache-cache-perl
@@ -28,7 +22,7 @@
# XXX Dirty fix for #742046
- name: Force root to use UNIX permissions
- mysql_user2: name=root password= auth_plugin=auth_socket
+ mysql_user2: name=root password= auth_plugin=unix_socket soname=auth_socket.so
state=present
- name: Disallow anonymous and TCP/IP root login
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/common-local b/roles/common/files/etc/logcheck/ignore.d.server/common-local
index c2a8d7f..c798120 100644
--- a/roles/common/files/etc/logcheck/ignore.d.server/common-local
+++ b/roles/common/files/etc/logcheck/ignore.d.server/common-local
@@ -33,7 +33,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+ *\] Peer [.[:digit:]]+:[[:digit:]]+/[[:digit:]]+ unexpectedly shrunk window [[:digit:]]+:[[:digit:]]+ \(repaired\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[.[:digit:]]+" x-pid="[[:digit:]]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd-?([[:digit:]]+): action '[^']+' (resumed \(module '[.[:alnum:]-]+:[.[:alnum:]-]+'\)|suspended, next retry is \w{3} \w{3} [ :[:digit:]]{16}) \[try http://www\.rsyslog\.com/e/\1 \]$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-([_a-z]+|<stdin>): Invoked with
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-([_a-z0-9]+|<stdin>): Invoked with
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (sympa\((command|distribute)\)|wwsympa|archived|bounced|bulk|task_manager)\[[[:digit:]]+\]: (info|notice)\s
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wwsympa\[[[:digit:]]+\]: err .* main::check_action_parameters\(\) user not logged in$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rrdcached\[[[:digit:]]+\]: (flushing old values|rotating journals|started new journal /\S+$|removing old journal /\S+$)
diff --git a/roles/lists/tasks/sympa.yml b/roles/lists/tasks/sympa.yml
index 4aaa2c9..0496c55 100644
--- a/roles/lists/tasks/sympa.yml
+++ b/roles/lists/tasks/sympa.yml
@@ -1,6 +1,6 @@
- apt: pkg={{ item }} install_recommends=no
with_items:
- - mysql-server
+ - mariadb-server
- sympa
- libnet-dns-perl
- libnet-dns-sec-perl
@@ -8,8 +8,8 @@
- libcrypt-smime-perl
- libcrypt-openssl-x509-perl
-- name: Make the 'sympa' MySQL user use auth_socket
- mysql_user2: name=sympa password= auth_plugin=auth_socket
+- name: Make the 'sympa' MySQL user use unix_socket
+ mysql_user2: name=sympa password= auth_plugin=unix_socket
state=present
# XXX We want to change the retun-path for sendpasswd notices from