From d8d07afe49e69114f8deb807031bec71a327d3ae Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 29 Jul 2017 13:45:26 +0200
Subject: Use MariaDB as default MySQL flavor.

---
 lib/modules/mysql_user2                               | 19 +++++++++++--------
 roles/bacula-dir/tasks/main.yml                       |  2 +-
 roles/common-SQL/files/etc/mysql/my.cnf               |  1 -
 roles/common-SQL/tasks/main.yml                       | 14 ++++----------
 .../files/etc/logcheck/ignore.d.server/common-local   |  2 +-
 roles/lists/tasks/sympa.yml                           |  6 +++---
 6 files changed, 20 insertions(+), 24 deletions(-)

diff --git a/lib/modules/mysql_user2 b/lib/modules/mysql_user2
index d10e3e0..4188e8c 100644
--- a/lib/modules/mysql_user2
+++ b/lib/modules/mysql_user2
@@ -151,17 +151,18 @@ def user_exists(cursor, user, host):
     count = cursor.fetchone()
     return count[0] > 0
 
-def load_plugin(cursor, plugin):
-    cursor.execute("SELECT count(*) FROM information_schema.plugins WHERE name = %s", plugin)
+def load_plugin(cursor, plugin, soname):
+    cursor.execute("SELECT count(*) FROM information_schema.plugins WHERE plugin_name = %s", plugin)
     count = cursor.fetchone()
     if count[0] == 0:
-        so = "%s.so" % plugin
-        cursor.execute("INSTALL PLUGIN %s SONAME %s", (plugin, so))
+        if soname is None:
+            module.fail_json(msg="missing plugin 'soname' parameter")
+        cursor.execute("INSTALL PLUGIN %s SONAME %s", (plugin, soname))
 
-def user_add(cursor, user, host, password, new_priv, auth_plugin):
+def user_add(cursor, user, host, password, new_priv, auth_plugin, soname):
     if password is None:
         # Automatically loaded on first first use.
-        load_plugin(cursor, auth_plugin)
+        load_plugin(cursor, auth_plugin, soname)
         cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s", (user,host,auth_plugin))
     else:
         cursor.execute("CREATE USER %s@%s IDENTIFIED BY %s", (user,host,password))
@@ -422,7 +423,8 @@ def main():
             priv=dict(default=None),
             append_privs=dict(type="bool", default="no"),
             check_implicit_admin=dict(default=False),
-            auth_plugin=dict(default=None)
+            auth_plugin=dict(default=None),
+            soname=dict(default=None)
         )
     )
     user = module.params["user"]
@@ -433,6 +435,7 @@ def main():
     check_implicit_admin = module.params['check_implicit_admin']
     append_privs = module.boolean(module.params["append_privs"])
     auth_plugin = module.params['auth_plugin']
+    soname = module.params['soname']
 
     if not mysqldb_found:
         module.fail_json(msg="the python mysqldb module is required")
@@ -478,7 +481,7 @@ def main():
         else:
             if (password is None and auth_plugin is None) or (password is not None and auth_plugin is not None):
                 module.fail_json(msg="password xor auth_plugin is required when adding a user")
-            changed = user_add(cursor, user, host, password, priv, auth_plugin)
+            changed = user_add(cursor, user, host, password, priv, auth_plugin, soname)
     elif state == "absent":
         if user_exists(cursor, user, host):
             changed = user_delete(cursor, user, host)
diff --git a/roles/bacula-dir/tasks/main.yml b/roles/bacula-dir/tasks/main.yml
index 5a23dc5..4cacc6e 100644
--- a/roles/bacula-dir/tasks/main.yml
+++ b/roles/bacula-dir/tasks/main.yml
@@ -5,7 +5,7 @@
     - bacula-director-mysql
 
 - name: Create a 'bacula' SQL user
-  mysql_user2: name=bacula password= auth_plugin=auth_socket
+  mysql_user2: name=bacula password= auth_plugin=unix_socket
                state=present
   notify:
     - Restart bacula-director
diff --git a/roles/common-SQL/files/etc/mysql/my.cnf b/roles/common-SQL/files/etc/mysql/my.cnf
index 6caeb64..e1dff58 100644
--- a/roles/common-SQL/files/etc/mysql/my.cnf
+++ b/roles/common-SQL/files/etc/mysql/my.cnf
@@ -35,7 +35,6 @@ nice		= 0
 user		= mysql
 pid-file	= /var/run/mysqld/mysqld.pid
 socket		= /var/run/mysqld/mysqld.sock
-plugin-load = auth_socket=auth_socket.so
 port		= 3306
 basedir		= /usr
 datadir		= /var/lib/mysql
diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml
index 9064a68..73b6878 100644
--- a/roles/common-SQL/tasks/main.yml
+++ b/roles/common-SQL/tasks/main.yml
@@ -1,14 +1,8 @@
-# XXX If #742046 gets fixed, we should preseed mysql-server to use
-# auth_socket as auth_plugin once the fix enters stable.
-- name: Install MySQL
+- name: Install MariaDB
   apt: pkg={{ item }}
   with_items:
-    # XXX: In non-interactive mode apt-get doesn't put a password on
-    # MySQL's root user; we fix that on the next task, but an intruder
-    # could exploit the race condition and for instance create dummy
-    # users.
-    - mysql-common
-    - mysql-server
+    - mariadb-common
+    - mariadb-server
     - python-mysqldb
     # for the 'mysql_' munin plugin
     - libcache-cache-perl
@@ -28,7 +22,7 @@
 
 # XXX Dirty fix for #742046
 - name: Force root to use UNIX permissions
-  mysql_user2: name=root password= auth_plugin=auth_socket
+  mysql_user2: name=root password= auth_plugin=unix_socket soname=auth_socket.so
                state=present
 
 - name: Disallow anonymous and TCP/IP root login
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/common-local b/roles/common/files/etc/logcheck/ignore.d.server/common-local
index c2a8d7f..c798120 100644
--- a/roles/common/files/etc/logcheck/ignore.d.server/common-local
+++ b/roles/common/files/etc/logcheck/ignore.d.server/common-local
@@ -33,7 +33,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+ *\] Peer [.[:digit:]]+:[[:digit:]]+/[[:digit:]]+ unexpectedly shrunk window [[:digit:]]+:[[:digit:]]+ \(repaired\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[.[:digit:]]+" x-pid="[[:digit:]]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd-?([[:digit:]]+): action '[^']+' (resumed \(module '[.[:alnum:]-]+:[.[:alnum:]-]+'\)|suspended, next retry is \w{3} \w{3} [ :[:digit:]]{16}) \[try http://www\.rsyslog\.com/e/\1 \]$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-([_a-z]+|<stdin>): Invoked with
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-([_a-z0-9]+|<stdin>): Invoked with
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (sympa\((command|distribute)\)|wwsympa|archived|bounced|bulk|task_manager)\[[[:digit:]]+\]: (info|notice)\s
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wwsympa\[[[:digit:]]+\]: err .* main::check_action_parameters\(\) user not logged in$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rrdcached\[[[:digit:]]+\]: (flushing old values|rotating journals|started new journal /\S+$|removing old journal /\S+$)
diff --git a/roles/lists/tasks/sympa.yml b/roles/lists/tasks/sympa.yml
index 4aaa2c9..0496c55 100644
--- a/roles/lists/tasks/sympa.yml
+++ b/roles/lists/tasks/sympa.yml
@@ -1,6 +1,6 @@
 - apt: pkg={{ item }} install_recommends=no
   with_items:
-    - mysql-server
+    - mariadb-server
     - sympa
     - libnet-dns-perl
     - libnet-dns-sec-perl
@@ -8,8 +8,8 @@
     - libcrypt-smime-perl
     - libcrypt-openssl-x509-perl
 
-- name: Make the 'sympa' MySQL user use auth_socket
-  mysql_user2: name=sympa password= auth_plugin=auth_socket
+- name: Make the 'sympa' MySQL user use unix_socket
+  mysql_user2: name=sympa password= auth_plugin=unix_socket
                state=present
 
 # XXX We want to change the retun-path for sendpasswd notices from
-- 
cgit v1.2.3