Overriding grants for MySQL cookbook?


#1

How do I override grants.sql for the mysql cookbook?

The recipe looks like it’s designed to have me declare my own template resource. But when I do, I have problems with execution timing. Here are some alternatives I’ve tried:

A: I declare my own template by that name and leave the default :create action. But the grants run before the server is up.
B: I set a :nothing action on my own template declaration. But the grants never run.
C: I don’t declare my own template and hope Chef finds my [cookbook]/templates/default/grants.sql.erb to override mysql’s. But mysql’s gets used instead.

I can work around by adding an execute resource below, but I feel like I’m missing something, or that this is harder/hackier than it should be:

execute “touch /etc/mysql/grants.sql.create” do
not_if "test -f /etc/mysql/grants.sql.create"
notifies :create, resources(“template[/etc/mysql/grants.sql]”), :immediately
end

My custom grants.sql creates a single database user and schema and grants that user access to (a prefix pattern of) that schema. Is there a better way to accomplish that?

Thanks,
Marcel M. Cary


#2

Hi Marcel,

On Thursday, May 19, 2011 at 4:09 PM, Marcel Cary wrote:

How do I override grants.sql for the mysql cookbook?

The recipe looks like it’s designed to have me declare my own template resource. But when I do, I have problems with execution timing. Here are some alternatives I’ve tried:

A: I declare my own template by that name and leave the default :create action. But the grants run before the server is up.
B: I set a :nothing action on my own template declaration. But the grants never run.
C: I don’t declare my own template and hope Chef finds my [cookbook]/templates/default/grants.sql.erb to override mysql’s. But mysql’s gets used instead.

I can work around by adding an execute resource below, but I feel like I’m missing something, or that this is harder/hackier than it should be:

execute “touch /etc/mysql/grants.sql.create” do
not_if "test -f /etc/mysql/grants.sql.create"
notifies :create, resources(“template[/etc/mysql/grants.sql]”), :immediately
end

My custom grants.sql creates a single database user and schema and grants that user access to (a prefix pattern of) that schema. Is there a better way to accomplish that?

The best way to go is to drop off a separate application specific grants.sql, and leave the grants.sql in the mysql cookbook as handling just the default root, debian maintenance user, etc. Something like this in your application’s cookbook:

template “/etc/mysql/app_grants.sql” do
source "app_grants.sql.erb"
owner "root"
group "root"
mode "0600"
action :create
end

execute “mysql-install-application-privileges” do
command "/usr/bin/mysql -u root #{node[‘mysql’][‘server_root_password’].empty? ? ‘’ : ‘-p’ }#{node[‘mysql’][‘server_root_password’]} < #{grants_path}"
action :nothing
subscribes :run, resources(:template => “/etc/mysql/app_grants.sql”), :immediately
end


Opscode, Inc.
Joshua Timberman, Director of Training and Services
IRC, Skype, Twitter, Github: jtimberman