Problems granting privileges with puppetlabs/mysql

[thijso]

First off, I'm not sure if I should be asking questions about puppetlabs modules here, if not, I apologise...

I'm trying to at least setup my mysql replication user through the mysql module, but I seem to be unable to divine the correct way to do this. I've tried a number of different variations, but my user doesn't get the repl_slave_priv on my user table... This is the relevant part of my manifest:

-----------------
database_user { "repl_slave@%":
    password_hash => mysql_password(' ... '),
}

database_grant { "repl_slave@%/*.*":
    privileges => ['repl_slave_priv'],
}
----------------

The puppet run doesn't raise an error, it says:

notice: /Stage[main]/Db::Repl_user/Database_grant[repl_slave@%/*.*]/privileges: privileges changed '' to 'repl_slave_priv'

But it does so at each puppet run, so clearly it's actually NOT changing privileges to 'repl_slave_priv'. This seems like a pretty big bug to me. If it fails, it should tell me it fails, not pretend it worked. Also, when I check on the actual user table I indeed see no repl_slave_priv granted to this user...

I've also tried 'replication slave' (which is what you do in a GRANT x incantation) and 'repl_slave'. A little more documentation for the module would be a great help here...

Thanks for any pointers,
Thijs

[Walter Heck]

A quick look into mysql/lib/puppet/provider/database_grant/mysql.rb teaches me this module grants permissions only on db and user level. Repl_slave is only available at global level. Imho this module is doing it wrong by messing with the mysql table. Instead, it should generate proper GRANT statements and execute those to update permissions.

cheers,

Walter

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/v7NNyzpAPJ0J.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

--
Walter Heck

--
Check out my startup: Puppet training and consulting @ http://www.olindata.com
Follow @olindata on Twitter and/or 'Like' our Facebook page at http://www.facebook.com/olindata

[thijso]

On Saturday, 21 July 2012 16:34:20 UTC+2, Walter Heck wrote:

A quick look into mysql/lib/puppet/provider/database_grant/mysql.rb teaches me this module grants permissions only on db and user level. Repl_slave is only available at global level.

Aha. Thanks for pointing this out.
 

Imho this module is doing it wrong by messing with the mysql table. Instead, it should generate proper GRANT statements and execute those to update permissions.

Yeah, that's what I thought, too.
 

 

cheers,

Walter

On Thu, Jul 19, 2012 at 11:23 PM, thijso <thi...@gmail.com> wrote:

First off, I'm not sure if I should be asking questions about puppetlabs modules here, if not, I apologise...

I'm trying to at least setup my mysql replication user through the mysql module, but I seem to be unable to divine the correct way to do this. I've tried a number of different variations, but my user doesn't get the repl_slave_priv on my user table... This is the relevant part of my manifest:

-----------------
database_user { "repl_slave@%":
    password_hash => mysql_password(' ... '),
}

database_grant { "repl_slave@%/*.*":
    privileges => ['repl_slave_priv'],
}
----------------

The puppet run doesn't raise an error, it says:

notice: /Stage[main]/Db::Repl_user/Database_grant[repl_slave@%/*.*]/privileges: privileges changed '' to 'repl_slave_priv'

But it does so at each puppet run, so clearly it's actually NOT changing privileges to 'repl_slave_priv'. This seems like a pretty big bug to me. If it fails, it should tell me it fails, not pretend it worked. Also, when I check on the actual user table I indeed see no repl_slave_priv granted to this user...

I've also tried 'replication slave' (which is what you do in a GRANT x incantation) and 'repl_slave'. A little more documentation for the module would be a great help here...

Thanks for any pointers,
Thijs

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/v7NNyzpAPJ0J.
To post to this group, send email to puppet...@googlegroups.com.

To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.