diff --git a/manifests/backup/mysqldump.pp b/manifests/backup/mysqldump.pp
index c41c5a14d..2fba423c5 100644
--- a/manifests/backup/mysqldump.pp
+++ b/manifests/backup/mysqldump.pp
@@ -88,6 +88,30 @@
     require  => File['mysqlbackup.sh'],
   }
 
+  $parameters = {
+    'backupuser'=> $backupuser,
+    'backuppassword_unsensitive'=> $backuppassword_unsensitive,
+    'maxallowedpacket'=> $maxallowedpacket,
+    'backupdir'=> $backupdir,
+    'backuprotate'=> $backuprotate,
+    'prescript'=> $prescript,
+    'ignore_events'=> $ignore_events,
+    'backupdatabases'=> $backupdatabases,
+    'include_triggers'=> $include_triggers,
+    'optional_args'=> $optional_args,
+    'execpath'=> $execpath,
+    'delete_before_dump'=> $delete_before_dump,
+    'excludedatabases'=> $excludedatabases,
+    'backupmethod'=> $backupmethod,
+    'backupcompress'=> $backupcompress,
+    'compression_command'=> $compression_command,
+    'compression_extension'=> $compression_extension,
+    'backup_success_file_path'=> $backup_success_file_path,
+    'postscript'=> $postscript,
+    'file_per_database'=> $file_per_database,
+    'include_routines' => $include_routines,
+  }
+
   # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado
   file { 'mysqlbackup.sh':
     ensure  => $ensure,
@@ -95,7 +119,7 @@
     mode    => '0700',
     owner   => 'root',
     group   => $mysql::params::root_group,
-    content => template('mysql/mysqlbackup.sh.erb'),
+    content => epp('mysql/mysqlbackup.sh.epp',$parameters),
   }
 
   if $mysqlbackupdir_target {
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index 8b6717a83..9a77f2d22 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -61,10 +61,16 @@
     default: {}
   }
 
+  $parameters={
+    'options' => $options,
+    'includedir' => $includedir,
+  }
+
+
   if $mysql::server::manage_config_file {
     file { 'mysql-config-file':
       path                    => $mysql::server::config_file,
-      content                 => template('mysql/my.cnf.erb'),
+      content                 => epp('mysql/my.cnf.epp', $parameters),
       mode                    => $mysql::server::config_file_mode,
       owner                   => $mysql::server::mycnf_owner,
       group                   => $mysql::server::mycnf_group,
diff --git a/manifests/server/root_password.pp b/manifests/server/root_password.pp
index a182f6787..91b047626 100644
--- a/manifests/server/root_password.pp
+++ b/manifests/server/root_password.pp
@@ -37,10 +37,16 @@
     }
   }
 
+  $parameters = {
+    'root_password_set' => $root_password_set,
+    'root_password' => $root_password,
+    'options' => $options,
+  }
+
   if $mysql::server::create_root_my_cnf and $root_password_set {
     # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado
     file { "${facts['root_home']}/.my.cnf":
-      content => template('mysql/my.cnf.pass.erb'),
+      content => epp('mysql/my.cnf.pass.epp',$parameters),
       owner   => 'root',
       mode    => '0600',
     }
diff --git a/templates/my.cnf.epp b/templates/my.cnf.epp
new file mode 100644
index 000000000..7371164c3
--- /dev/null
+++ b/templates/my.cnf.epp
@@ -0,0 +1,25 @@
+### MANAGED BY PUPPET ###
+
+<% sort($options.map |$key, $value| { [$key, $value] }).map |$v| { -%>
+<% if type($v[1]) =~ Type[Hash] { -%>
+[<%= $v[0] %>]
+<%sort($v[1].map |$key, $value| { [$key, $value] }).map |$vi| { -%>
+<%- if ($vi[0] == 'ssl-disable') or ($vi[0] =~ /^ssl/ and $v[1]['ssl-disable'] == true) or ($vi[0] =~ /^ssl-/ and $v[1]['ssl'] == false) { -%>
+<%- next -%>
+<%- } elsif $vi[1] == true or $vi[1] == '' { -%>
+<%= $vi[0] -%>
+<%- } elsif type($vi[1]) =~ Type[Array] { -%>
+<%- $vi[1].each |$vii| { -%>
+<%-$base = $vi[0]-%>
+<%= $base %> = <%= $vii %>
+<%- } -%>
+<%- } elsif !($vi[1] ==nil or $vi[1]=='' or $vi[1]==undef) { -%>
+<%-$base = $vi[0]-%>
+<%= $base %> = <%= $vi[1] -%>
+<% } %>
+<% } %>
+<% } %>
+<% } %>
+<% if $includedir and $includedir != '' { -%>
+!includedir <%= $includedir %>
+<% } -%>
diff --git a/templates/my.cnf.pass.epp b/templates/my.cnf.pass.epp
new file mode 100644
index 000000000..1c59732ac
--- /dev/null
+++ b/templates/my.cnf.pass.epp
@@ -0,0 +1,9 @@
+<%['mysql', 'client', 'mysqldump', 'mysqladmin', 'mysqlcheck'].each |$section| { %>
+[<%= $section -%>]
+user=root
+host=localhost
+<% if $root_password_set { -%>
+password='<%= $root_password %>'
+<% } -%>
+socket=<%= $options['client']['socket'] %>
+<% } %>
diff --git a/templates/mysqlbackup.sh.epp b/templates/mysqlbackup.sh.epp
new file mode 100644
index 000000000..b4fbd3451
--- /dev/null
+++ b/templates/mysqlbackup.sh.epp
@@ -0,0 +1,121 @@
+<%- if $kernel == 'Linux' { -%>
+#!/bin/bash
+<%- } else { -%>
+#!/bin/sh
+<%- } -%>
+#
+# MySQL Backup Script
+#  Dumps mysql databases to a file for another backup tool to pick up.
+#
+# MySQL code:
+# GRANT SELECT, RELOAD, LOCK TABLES ON *.* TO 'user'@'localhost'
+# IDENTIFIED BY 'password';
+# FLUSH PRIVILEGES;
+#
+##### START CONFIG ###################################################
+
+USER=<%= $backupuser %>
+PASS='<%= $backuppassword_unsensitive %>'
+MAX_ALLOWED_PACKET=<%= $maxallowedpacket %>
+DIR=<%= $backupdir %>
+ROTATE=<%= [ Integer($backuprotate) - 1, 0 ].max %> #need to check
+
+# Create temporary mysql cnf file.
+TMPFILE='mktemp /tmp/backup.XXXXXX' or exit 1
+echo -e "[client]\npassword=$PASS\nuser=$USER\nmax_allowed_packet=$MAX_ALLOWED_PACKET" > $TMPFILE
+
+<% if $prescript { -%>
+<%- [$prescript].flatten().filter |$value| {$value}.each |$script| { %>
+<%= $script %>
+<%- } -%>
+<% } -%>
+
+# Ensure backup directory exist.
+mkdir -p $DIR
+
+PREFIX=mysql_backup_
+<% if $ignore_events { %>
+ADDITIONAL_OPTIONS="--ignore-table=mysql.event"
+<% } else { %>
+ADDITIONAL_OPTIONS="--events"
+<% } %>
+
+<%# Only include routines or triggers if we're doing a file per database -%>
+<%# backup. This happens if we named databases, or if we explicitly set -%>
+<%# file per database mode -%>
+<% if !$backupdatabases.empty or $file_per_database { -%>
+<% if $include_triggers { -%>
+ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --triggers"
+<% } else { -%>
+ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --skip-triggers"
+<% } -%>
+<% if $include_routines { -%>
+ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --routines"
+<% } else { -%>
+ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS --skip-routines"
+<% } -%>
+<% } -%>
+
+<%- if $optional_args and type($optional_args) =~ Type(Array) { -%>
+<% $optional_args.each |$arg| { -%>
+ADDITIONAL_OPTIONS="$ADDITIONAL_OPTIONS <%= $arg %>"
+<%- } -%>
+<%- } -%>
+##### STOP CONFIG ####################################################
+PATH=<%= $execpath %>
+
+<%- if $kernel == 'Linux' { -%>
+set -o pipefail
+<%- } -%>
+
+
+
+cleanup()
+{
+	find "${DIR}/" -maxdepth 1 -type f -name "${PREFIX}*.sql*" -mtime +${ROTATE} -print0 | xargs -0 -r rm -f
+}
+
+<% if $delete_before_dump { -%>
+cleanup
+
+<% } -%>
+<% if $backupdatabases.empty { -%>
+<% if $file_per_database { -%>
+<% if $excludedatabases.empty { -%>
+mysql --defaults-extra-file=$TMPFILE -s -r -N -e 'SHOW DATABASES' | while read dbname
+<%} else {-%>
+mysql --defaults-extra-file=$TMPFILE -s -r -N -e 'SHOW DATABASES' | grep -v '^\(<%= $excludedatabases.join('|') %>\)$' | while read dbname
+<% } -%>
+do
+  <%= $backupmethod -%> --defaults-extra-file=$TMPFILE --opt --flush-logs --single-transaction \
+    ${ADDITIONAL_OPTIONS} \
+    ${dbname} <% if $backupcompress { %>| <%= $compression_command %> <% } %>> ${DIR}/${PREFIX}${dbname}_`date +%Y%m%d-%H%M%S`.sql<% if $backupcompress { %><%= $compression_extension %><% }  %>
+done
+<% } else { -%>
+<%= $backupmethod -%> --defaults-extra-file=$TMPFILE --opt --flush-logs --single-transaction \
+ ${ADDITIONAL_OPTIONS} \
+ --all-databases <% if $backupcompress { %>| <%= $compression_command %> <% } %>> ${DIR}/${PREFIX}`date +%Y%m%d-%H%M%S`.sql<% if $backupcompress { %><%= $compression_extension %><% }  %>
+<% } -%>
+<% } else { -%>
+<% $backupdatabases.each |$db| { -%>
+<%= $backupmethod -%> --defaults-extra-file=$TMPFILE --opt --flush-logs --single-transaction \
+    ${ADDITIONAL_OPTIONS} \
+ <%= $db %><% if $backupcompress { %>| <%= $compression_command %> <% } %>> ${DIR}/${PREFIX}<%= $db %>_`date +%Y%m%d-%H%M%S`.sql<% if $backupcompress { %><%= $compression_extension %><% }  %>
+<% } -%>
+<% } -%>
+
+<% unless $delete_before_dump { -%>
+if [ $? -eq 0 ] ; then
+    cleanup
+    touch <%= $backup_success_file_path %>
+fi
+<% } -%>
+
+<% if $postscript { -%>
+  <%- [$postscript].flatten().filter |$value| { $value }.each |$script| { %>
+<%= $script %>
+  <%- } -%>
+<% } -%>
+
+# Remove temporary file
+rm -f $TMPFILE