Skip to content

Commit

Permalink
Merge pull request #1478 from jan-win1993/mysql-8-xtrabackup-privilege
Browse files Browse the repository at this point in the history
MySQL 8.0: Grant required privileges to xtrabackup user
  • Loading branch information
LukasAud authored Oct 24, 2022
2 parents 870e44c + f4e690b commit 36383ed
Show file tree
Hide file tree
Showing 4 changed files with 118 additions and 15 deletions.
5 changes: 3 additions & 2 deletions lib/facter/mysqld_version.rb
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
# frozen_string_literal: true

Facter.add('mysqld_version') do
confine { Facter::Core::Execution.which('mysqld') }
confine { Facter::Core::Execution.which('mysqld') || Facter::Core::Execution.which('/usr/libexec/mysqld') }
setcode do
Facter::Core::Execution.execute('mysqld --no-defaults -V 2>/dev/null')
# Add /usr/libexec to PATH to find mysqld command
Facter::Core::Execution.execute('env PATH=$PATH:/usr/libexec mysqld --no-defaults -V 2>/dev/null')
end
end
59 changes: 48 additions & 11 deletions manifests/backup/xtrabackup.pp
Original file line number Diff line number Diff line change
Expand Up @@ -49,26 +49,63 @@
password_hash => mysql::password($backuppassword),
require => Class['mysql::server::root_password'],
}

if ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '11') >= 0) or
($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '22.04') >= 0) {
mysql_grant { "${backupuser}@localhost/*.*":
# Percona XtraBackup needs additional grants/privileges to work with MySQL 8
if versioncmp($facts['mysql_version'], '8') >= 0 and !(/(?i:mariadb)/ in $facts['mysqld_version']) {
if ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '11') >= 0) or
($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '22.04') >= 0) {
mysql_grant { "${backupuser}@localhost/*.*":
ensure => $ensure,
user => "${backupuser}@localhost",
table => '*.*',
privileges => ['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES', 'BACKUP_ADMIN'],
require => Mysql_user["${backupuser}@localhost"],
}
}
else {
mysql_grant { "${backupuser}@localhost/*.*":
ensure => $ensure,
user => "${backupuser}@localhost",
table => '*.*',
privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT', 'BACKUP_ADMIN'],
require => Mysql_user["${backupuser}@localhost"],
}
}
mysql_grant { "${backupuser}@localhost/performance_schema.keyring_component_status":
ensure => $ensure,
user => "${backupuser}@localhost",
table => '*.*',
privileges => ['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES'],
table => 'performance_schema.keyring_component_status',
privileges => ['SELECT'],
require => Mysql_user["${backupuser}@localhost"],
}
}
else {
mysql_grant { "${backupuser}@localhost/*.*":
mysql_grant { "${backupuser}@localhost/performance_schema.log_status":
ensure => $ensure,
user => "${backupuser}@localhost",
table => '*.*',
privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT'],
table => 'performance_schema.log_status',
privileges => ['SELECT'],
require => Mysql_user["${backupuser}@localhost"],
}
}
else {
if $facts['os']['family'] == 'debian' and $facts['os']['release']['major'] == '11' or
($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '22.04') >= 0) {
mysql_grant { "${backupuser}@localhost/*.*":
ensure => $ensure,
user => "${backupuser}@localhost",
table => '*.*',
privileges => ['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES'],
require => Mysql_user["${backupuser}@localhost"],
}
}
else {
mysql_grant { "${backupuser}@localhost/*.*":
ensure => $ensure,
user => "${backupuser}@localhost",
table => '*.*',
privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT'],
require => Mysql_user["${backupuser}@localhost"],
}
}
}
}

if $install_cron {
Expand Down
67 changes: 66 additions & 1 deletion spec/classes/mysql_backup_xtrabackup_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ class { 'mysql::server': }
EOF
end
let(:facts) do
facts.merge(root_home: '/root')
facts.merge(root_home: '/root',
mysql_version: '5.7',
mysld_version: 'mysqld Ver 5.7.38 for Linux on x86_64 (MySQL Community Server - (GPL)')
end

let(:default_params) do
Expand Down Expand Up @@ -115,6 +117,69 @@ class { 'mysql::server': }
)
.that_requires('Mysql_user[backupuser@localhost]')
end

context 'with MySQL version 5.7' do
let(:facts) do
facts.merge(mysql_version: '5.7')
end

it {
is_expected.not_to contain_mysql_grant('backupuser@localhost/performance_schema.keyring_component_status')
is_expected.not_to contain_mysql_grant('backupuser@localhost/performance_schema.log_status')
is_expected.not_to contain_mysql_grant('backupuser@localhost/*.*')
.with(
ensure: 'present',
user: 'backupuser@localhost',
table: '*.*',
privileges:
['BACKUP_ADMIN'],
)
.that_requires('Mysql_user[backupuser@localhost]')
}
end

context 'with MySQL version 8.0' do
let(:facts) do
facts.merge(mysql_version: '8.0',
mysld_version: 'mysqld Ver 8.0.28 for Linux on x86_64 (MySQL Community Server - GPL)')
end

it {
is_expected.to contain_mysql_grant('backupuser@localhost/*.*')
.with(
ensure: 'present',
user: 'backupuser@localhost',
table: '*.*',
privileges:
if (facts[:operatingsystem] == 'Debian' && Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '11') >= 0) ||
(facts[:operatingsystem] == 'Ubuntu' && Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '22') >= 0)
['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES', 'BACKUP_ADMIN']
else
['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT', 'BACKUP_ADMIN']
end,
)
.that_requires('Mysql_user[backupuser@localhost]')
is_expected.to contain_mysql_grant('backupuser@localhost/performance_schema.keyring_component_status')
.with(
ensure: 'present',
user: 'backupuser@localhost',
table: 'performance_schema.keyring_component_status',
privileges:
['SELECT'],
)
.that_requires('Mysql_user[backupuser@localhost]')

is_expected.to contain_mysql_grant('backupuser@localhost/performance_schema.log_status')
.with(
ensure: 'present',
user: 'backupuser@localhost',
table: 'performance_schema.log_status',
privileges:
['SELECT'],
)
.that_requires('Mysql_user[backupuser@localhost]')
}
end
end

context 'with additional cron args' do
Expand Down
2 changes: 1 addition & 1 deletion spec/unit/facter/mysqld_version_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
context 'with value' do
before :each do
allow(Facter::Core::Execution).to receive(:which).with('mysqld').and_return('/usr/sbin/mysqld')
allow(Facter::Core::Execution).to receive(:execute).with('mysqld --no-defaults -V 2>/dev/null')
allow(Facter::Core::Execution).to receive(:execute).with('env PATH=$PATH:/usr/libexec mysqld --no-defaults -V 2>/dev/null')
.and_return('mysqld Ver 5.5.49-37.9 for Linux on x86_64 (Percona Server (GPL), Release 37.9, Revision efa0073)')
end
it {
Expand Down

0 comments on commit 36383ed

Please sign in to comment.