johnccfm/linux.roles.db.common.config.sls Secret

## linux.roles.db.common.config.sls
{% set env = pillar['environment'] %}
{% set cat = pillar['category'] %}

/etc/mysql/my.cnf:
  file.managed:
    - source: salt://linux/roles/db/configs/{{ cat }}/{{ env }}/my.cnf
    - template: jinja
    - watch_in:
      - service: mysql

{% if 'db-master' in salt['pillar.get']('roles', []) %}
/etc/mysql/conf.d/master.cnf:
  file.managed:
    - source: salt://linux/roles/db/configs/{{ cat }}/{{ env }}/master.cnf
    - template: jinja
    - watch_in:
      - service: mysql
{% endif %}

{% if 'db-slave' in salt['pillar.get']('roles', []) %}
/etc/mysql/conf.d/slave.cnf:
  file.managed:
    - source: salt://linux/roles/db/configs/{{ cat }}/{{ env }}/slave.cnf
    - template: jinja
    - watch_in:
      - service: mysql
{% endif %}

## linux.roles.db.common.directories.sls
mysql:
  group.present:
    - system: True
  user.present:
    - fullname: MySQL Server
    - shell: /bin/false
    - gid: mysql
    - system: True
    - home: /var/lib/mysql
    - require:
      - group: mysql

{% for dir in ['mysql', 'binlog', 'relay'] %}
/data/{{ dir }}:
  file.directory:
    - user: mysql
    - group: mysql
    - dir_mode: 755
    - file_mode: 644
    - recurse:
      - user
      - group
      - mode
    - require:
      - user: mysql
{% endfor %}

## linux.roles.db.common.mariadb-server.sls
include:
  - .directories
  - .config
  - linux.shared.limits.extended_file_limits

mariadb:
  pkgrepo.managed:
    - humanname: MariaDB Repository
    - name: deb http://lon1.mirrors.digitalocean.com/mariadb/repo/10.0/{{ grains['os']|lower }} {{ grains['oscodename'] }} main
    - file: /etc/apt/sources.list.d/mariadb.list
    - keyid: cbcb082a1bb943db
    - keyserver: keyserver.ubuntu.com
    - clean_file: true
    - require_in:
      - pkg: mysql-server

mysql-server:
  pkg:
    - name: mariadb-server
    - latest
    - require:
      - sls: linux.roles.db.common.config
      - sls: linux.shared.limits.extended_file_limits
      - sls: linux.roles.db.common.directories

mysql-service:
  service:
    - name: mysql
    - running
    - require:
      - pkg: mysql-server

# This package is required to allow
# salt to manage MySQL databases and users

python-mysqldb:
  pkg:
    - latest
  require:
    - pkg: mysql-server

## linux.roles.db.common.xtrabackup.sls
percona:
  pkgrepo.managed:
    - humanname: Percona Repository
    - name: deb http://repo.percona.com/apt {{ grains['oscodename'] }} main
    - file: /etc/apt/sources.list.d/percona.list
    - keyid: 1C4CBDCDCD2EFD2A
    - keyserver: keys.gnupg.net
    - clean_file: true
    - require_in:
      - pkg: percona-toolkit
      - pkg: xtrabackup

percona-toolkit:
  pkg:
    - latest
    - require:
      - pkg: mysql-server

xtrabackup:
  pkg:
    - latest
    - require:
      - pkg: mysql-server

## linux.roles.db.premium.master.sls
include:
  - .shared

## linux.roles.db.premium.shared.sls
include:
  - linux.roles.db.shared
  - .users

## linux.roles.db.premium.users.sls
mysql_root:
  mysql_user.present:
    - name: root
    - host: localhost
    - password_hash: "*ABCDBEF1234567890"
  {% if not(grains.mysql_root_password_set | default( false )) %}
    - connection_user: root
    - connection_pass: ''
  grains.present:
    - name: mysql_root_password_set
    - value: True
    - require:
      - mysql_user: mysql_root
  {% endif %}

repl:
  mysql_user.present:
    - host: '%'
    - password_hash: "*ABCDBEF1234567890"
    - require:
      - mysql_user: root
  mysql_grants.present:
    - grant: replication slave,replication client
    - database: '*.*'
    - host: '%'
    - require:
      - mysql_user: repl

maint:
  mysql_user.present:
    - host: 'localhost'
    - password_hash: "*ABCDBEF1234567890"
    - require:
      - mysql_user: mysql_root
  mysql_grants.present:
    - grant: insert,reload,super,replication client
    - database: '*.*'
    - host: localhost
    - require:
      - mysql_user: maint

developer:
  mysql_user.present:
    - host: '%'
    - password_hash: "*ABCDBEF1234567890"
    - require:
      - mysql_user: mysql_root
  mysql_grants.present:
    - grant: usage
    - host: '%'
    - database: '*.*'
    - require:
      - mysql_user: developer

## linux.roles.db.shared.sls
include:
  - linux.shared.nas.db_backup
  - .common.mariadb-server
  - .common.xtrabackup
	{% set env = pillar['environment'] %}
	{% set cat = pillar['category'] %}

	/etc/mysql/my.cnf:
	file.managed:
	- source: salt://linux/roles/db/configs/{{ cat }}/{{ env }}/my.cnf
	- template: jinja
	- watch_in:
	- service: mysql

	{% if 'db-master' in salt['pillar.get']('roles', []) %}
	/etc/mysql/conf.d/master.cnf:
	file.managed:
	- source: salt://linux/roles/db/configs/{{ cat }}/{{ env }}/master.cnf
	- template: jinja
	- watch_in:
	- service: mysql
	{% endif %}

	{% if 'db-slave' in salt['pillar.get']('roles', []) %}
	/etc/mysql/conf.d/slave.cnf:
	file.managed:
	- source: salt://linux/roles/db/configs/{{ cat }}/{{ env }}/slave.cnf
	- template: jinja
	- watch_in:
	- service: mysql
	{% endif %}
	mysql:
	group.present:
	- system: True
	user.present:
	- fullname: MySQL Server
	- shell: /bin/false
	- gid: mysql
	- system: True
	- home: /var/lib/mysql
	- require:
	- group: mysql

	{% for dir in ['mysql', 'binlog', 'relay'] %}
	/data/{{ dir }}:
	file.directory:
	- user: mysql
	- group: mysql
	- dir_mode: 755
	- file_mode: 644
	- recurse:
	- user
	- group
	- mode
	- require:
	- user: mysql
	{% endfor %}
	include:
	- .directories
	- .config
	- linux.shared.limits.extended_file_limits

	mariadb:
	pkgrepo.managed:
	- humanname: MariaDB Repository
	- name: deb http://lon1.mirrors.digitalocean.com/mariadb/repo/10.0/{{ grains['os']\|lower }} {{ grains['oscodename'] }} main
	- file: /etc/apt/sources.list.d/mariadb.list
	- keyid: cbcb082a1bb943db
	- keyserver: keyserver.ubuntu.com
	- clean_file: true
	- require_in:
	- pkg: mysql-server

	mysql-server:
	pkg:
	- name: mariadb-server
	- latest
	- require:
	- sls: linux.roles.db.common.config
	- sls: linux.shared.limits.extended_file_limits
	- sls: linux.roles.db.common.directories

	mysql-service:
	service:
	- name: mysql
	- running
	- require:
	- pkg: mysql-server

	# This package is required to allow
	# salt to manage MySQL databases and users

	python-mysqldb:
	pkg:
	- latest
	require:
	- pkg: mysql-server
	percona:
	pkgrepo.managed:
	- humanname: Percona Repository
	- name: deb http://repo.percona.com/apt {{ grains['oscodename'] }} main
	- file: /etc/apt/sources.list.d/percona.list
	- keyid: 1C4CBDCDCD2EFD2A
	- keyserver: keys.gnupg.net
	- clean_file: true
	- require_in:
	- pkg: percona-toolkit
	- pkg: xtrabackup

	percona-toolkit:
	pkg:
	- latest
	- require:
	- pkg: mysql-server

	xtrabackup:
	pkg:
	- latest
	- require:
	- pkg: mysql-server
	mysql_root:
	mysql_user.present:
	- name: root
	- host: localhost
	- password_hash: "*ABCDBEF1234567890"
	{% if not(grains.mysql_root_password_set \| default( false )) %}
	- connection_user: root
	- connection_pass: ''
	grains.present:
	- name: mysql_root_password_set
	- value: True
	- require:
	- mysql_user: mysql_root
	{% endif %}

	repl:
	mysql_user.present:
	- host: '%'
	- password_hash: "*ABCDBEF1234567890"
	- require:
	- mysql_user: root
	mysql_grants.present:
	- grant: replication slave,replication client
	- database: '.'
	- host: '%'
	- require:
	- mysql_user: repl

	maint:
	mysql_user.present:
	- host: 'localhost'
	- password_hash: "*ABCDBEF1234567890"
	- require:
	- mysql_user: mysql_root
	mysql_grants.present:
	- grant: insert,reload,super,replication client
	- database: '.'
	- host: localhost
	- require:
	- mysql_user: maint

	developer:
	mysql_user.present:
	- host: '%'
	- password_hash: "*ABCDBEF1234567890"
	- require:
	- mysql_user: mysql_root
	mysql_grants.present:
	- grant: usage
	- host: '%'
	- database: '.'
	- require:
	- mysql_user: developer
	include:
	- linux.shared.nas.db_backup
	- .common.mariadb-server
	- .common.xtrabackup