From 6638cda6fb29b1a4afcb99c3f9f8dc057bbed7ad Mon Sep 17 00:00:00 2001 From: Jonas Forsberg Date: Sat, 25 Sep 2021 16:04:59 +0200 Subject: [PATCH] . --- salt/modules/_states/mysql.py | 66 ++++++++++++++++++++++++++++ salt/pillars/rmt.sls | 8 ++++ salt/states/rmt/files/rmt.conf.jinja | 32 ++++++++++++++ salt/states/rmt/init.sls | 32 +++++++++++++- 4 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 salt/states/rmt/files/rmt.conf.jinja diff --git a/salt/modules/_states/mysql.py b/salt/modules/_states/mysql.py index 5d63df8..e468891 100644 --- a/salt/modules/_states/mysql.py +++ b/salt/modules/_states/mysql.py @@ -69,3 +69,69 @@ def user(name, host, password): ret["changes"].update({"Created user": f"{name}@{host}"}) ret["result"]=True return ret + +def database(name, users=[]): + """ + Creates database + + name + name of the database + users + list of user dict + name: username@localhost + grant: [ALL] + + or + name: user2@% + grant: [CREATE, DELETE, DROP] + """ + ret = { + "name": name, + "changes": {}, + "result": False, + "comment": "" + } + #check if db exists + result = __salt__["mysql.execute"]("root", __pillar__['mysql']['root_password'],f'USE {name};') + if not result["result"]: + result = __salt__["mysql.execute"]("root", __pillar__['mysql']['root_password'],f'CREATE DATABASE {name};') + if not result["result"]: + ret["comment"] = result["err"] + return ret + ret["changes"].update({"Database created": name}) + + for user in users: + result = __salt__["mysql.execute"]("root", __pillar__['mysql']['root_password'],f'SHOW GRANTS FOR {user};') + if not result["result"]: + ret["comment"] = result["err"] + return ret + have_grants = False + for row in result["out"].decode("utf-8").split("\n"): + if f" `{name}`.* " in row: + have_grants = True + break + if not have_grants: + result = __salt__["mysql.execute"]("root", __pillar__['mysql']['root_password'],f'GRANT ALL PRIVILEGES ON {name}.* to {user};') + if not result["result"]: + ret["comment"] = result["err"] + return ret + ret["changes"].update({user: "grantad ALL privileges"}) + + if len(ret["changes"]): + ret["comment"] = "Changed" + else: + ret["comment"] = "Database is in desired state" + + ret["result"] = True + return ret + + + + + + ret["comment"] = "Database exists" + ret["result"] = True + return ret + + + diff --git a/salt/pillars/rmt.sls b/salt/pillars/rmt.sls index 00ef999..5b0be44 100644 --- a/salt/pillars/rmt.sls +++ b/salt/pillars/rmt.sls @@ -1,2 +1,10 @@ rmt: ca_passphrase: linux + db_password: linux + scc: + username: + password: + stopped_services: + - rmt-server-mirror.timer + - rmt-server-sync.timer + - rmt-server-systems-scc-sync.timer diff --git a/salt/states/rmt/files/rmt.conf.jinja b/salt/states/rmt/files/rmt.conf.jinja new file mode 100644 index 0000000..4433640 --- /dev/null +++ b/salt/states/rmt/files/rmt.conf.jinja @@ -0,0 +1,32 @@ +--- +database: + host: localhost + database: rmt + username: rmt + password: {{ pillar['rmt']['db_password'] }} + adapter: mysql2 + encoding: utf8 + timeout: 5000 + pool: 5 +scc: + username: {{ pillar['rmt']['scc']['username'] }} + password: {{ pillar['rmt']['scc']['password'] }} + sync_systems: true +mirroring: + mirror_src: false + verify_rpm_checksums: false + dedup_method: hardlink +http_client: + verbose: false + proxy: + proxy_auth: + proxy_user: + proxy_password: + low_speed_limit: 512 + low_speed_time: 120 +log_level: + rails: info +web_server: + min_threads: 5 + max_threads: 5 + workers: 2 diff --git a/salt/states/rmt/init.sls b/salt/states/rmt/init.sls index a2a7062..6315147 100644 --- a/salt/states/rmt/init.sls +++ b/salt/states/rmt/init.sls @@ -9,4 +9,34 @@ Create rmt MariaDB user: mysql.user: - name: rmt - host: localhost - - password: {{ pillar['rmt']['mysql_password'] }} + - password: {{ pillar['rmt']['db_password'] }} + +Create rmt database: + mysql.database: + - name: rmt + - users: + - "'rmt'@'localhost'" + +Create rmt.conf: + file.managed: + - name: /etc/rmt.conf + - source: salt://rmt/files/rmt.conf.jinja + - template: jinja + - user: _rmt + - group: root + - mode: "0640" + +Start rmt-server: + service.running: + - name: rmt-server + - enable: True + - watch: + - file: Create rmt.conf + +{% for service in pillar['rmt']['stopped_services'] -%} +Stopp {{ service }}: + service.dead: + - name: {{ service }} + - enable: False +{% endfor %} +