Welcome to MysqlRoles’s documentation!¶
Run from Command line¶
Note
command line tools expect ~/.my.cnf to exist and have access to any host you wish to update
Initialize Central Database¶
Use:
python -m MysqlRoles init rbac
to initialize a server named rbac to use MysqlRoles.
Note
The argument is optional, and defaults to 127.0.0.1
Initialize Central Database¶
Use:
python -m MysqlRoles update rbac db-1
to update a server named db-1 to match the central server named rbac.
Note
The second argument is optional, and defaults to 127.0.0.1
Seed Central Database¶
Use:
python -m MysqlRoles seed rbac
to seed the sample values given into a host named rbac.
Warning
Do not use this command in any production environment.
Note
The argument is optional, and defaults to 127.0.0.1
Helper Tools¶
Ansible Playbook¶
I’ve created a basic playbook to use MysqlRoles:
# run_updates_msr.yml
---
- hosts: rbac_central
sudo: yes
tasks:
- name: ensure a stable MysqlRoles is installed
pip:
name: MysqlRoles
version: 1.0.0
- name: initalize the central db
command: python -m MysqlRoles init inventory_hostname_short
- hosts: rbac_db_servers
sudo: yes
tasks:
- name: ensure a stable MysqlRoles is installed
pip:
name: MysqlRoles
version: 1.0.0
- name: run the update
command: python -m MysqlRoles update arg1 inventory_hostname_short
args:
central: sys-p1
This file is located at usage_helpers/run_updates_msr.yml
Chef¶
An example of a chef cookbook which would implement this is:
centralhost = "rbac"
easy_install_package 'MysqlRoles' do
action :install
version :1.0.0
end
# only on your central host
execute 'run_init' do
command "python -m MysqlRoles init #{centralhost}"
end
# on every host you want to manage
execute 'run_updates' do
command "python -m MysqlRoles update #{centralhost} node['hostname']"
end
This file is located at usage_helpers/run_updates_msr.rb
Web UI¶
On the wishlist, but no progress so far.
MysqlRoles package¶
MysqlRoles.RoleManage module¶
-
class
MysqlRoles.RoleManage.
RoleManage
(server, client='127.0.0.1')¶ Bases:
object
RoleManage.
Functions to, from a source of truth, check a DB and make the mysql user table match. This class should only manage the client.
- Input:
- client: Address of server to make match the source of truth server: Address of source of Truth server (default: 127.0.0.1)
-
get_privs
(user, schema='')¶ Get the privs of the user on the specified host.
Returns a list of “Y” or “N” for each permission. Should return an empty list if no results. Does not manage schema-specific permissions.
-
get_schemas
(user)¶ Get a list of schemas that a particular user has special access for.
Returns a list of these schemas.
-
get_users
()¶ Get a list of users managed by this service.
Returns a list of usernames managed by the service.
-
permission_order
= ['Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload', 'Shutdown', 'Process', 'File', 'Grant Option', 'References', 'Index', 'Alter', 'Super', 'CREATE TEMPORARY TABLES', 'Lock tables', 'Execute', 'Replication slave', 'Replication client', 'Create view', 'Show view', 'Create routine', 'Alter routine', 'Create user', 'Event', 'Trigger', 'Create tablespace']¶
-
remove_user
(name)¶ Remove a user from a database.
Returns nothing.
-
report_user_diff
(usr_list)¶ Reports the client’s user status.
Reports users added to che client, as well as users not found on the central server.
-
static
sanitize
(input, allowable_list=[], default="''")¶ Sanitize inputs to avoid issues with pymysql.
Takes in an input to sanitize. Optionally takes in an list of allowable values and a default. The default is returned if the input is not in the list. Returns a sanizized result.
-
schema_privs
(user)¶ Set schema-level permissions for users.
-
update_users
(remove=False)¶ Make the user inserts to add to the client, and add them.
-
user_change
(name, new_user=False, schema='')¶ Create and/or updates a user.
-
user_check
()¶ Run a check against the host for consistency.
Reports a list of differences. The first element of the list is a list of users on the server but not client. The second slement of the list is a list of users on the client but not the server. The third element of the list is a list of users present on both the server and the client.
MysqlRoles.RoleServ module¶
-
class
MysqlRoles.RoleServ.
RoleServ
(server='127.0.0.1')¶ Bases:
object
- RoleServ: Server tools for MysqlRoles.
Functions for intializing the mysql source of truth server and functions associated with using it. This class should only manage the server.
- Input:
- serv: Address of source of Truth server (default: 127.0.0.1)
-
add_access
(name, usergroup, hostgroup, permission, schema='')¶ Give a user group access to a host group.
Supports schema-level access, which defaults to empty. Empty Schema parameter means all schemas. Nonempty schema is treated like “grant (privs) on (schema) to (user)”
Raises a RuntimeError if the the access grant exists by name. Raises a RuntimeError if the user access grant would be duplicated. Raises a ValueError if the host group does not exist. Raises a ValueError if the user group does not exist. Raises a ValueError if the permission type does not exist. Returns nothing.
-
add_host
(address, name='', comments='')¶ Add a host to the server if it does not yet exist.
Raises a RuntimeError if the host already exists. Returns nothing.
-
add_host_group
(name, description='')¶ Add a host group to the server if it does not yet exist.
Raises a RuntimeError if the host group already exists. Returns nothing.
-
add_host_group_membership
(hostname, groupname)¶ Add a host to a host group.
Raises a RuntimeError if the host is already a member of the group. Raises a ValueError if the host does not exist. Raises a ValueError if the group does not exist. Returns nothing.
-
add_permission
(name, grant, value='Y')¶ Add a permission to a named permission group. Takes in the name of the permission to modify, which grant to perform. Optionally takes in a value, so that it can be used to revoke. grant should be a permission column name for user. Run for each permission desired to change
Raises a ValueError if the permission type does not exist. Does not check for duplicates. Returns nothing.
-
add_user
(name, fromhost='%', plugin='mysql_native_password', auth_str='*7ACE763ED393514FE0C162B93996ECD195FFC4F5')¶ Add a user to the server if it does not yet exist.
Raises a RuntimeError if the user already exists. Returns nothing.
-
add_user_group
(name, description='')¶ Add a user group to the server if it does not yet exist.
Raises a RuntimeError if the user group already exists. Returns nothing.
-
add_user_group_membership
(username, groupname)¶ Add a user to a user group.
Raises a RuntimeError if the user is already a member of the group. Raises a ValueError if the user does not exist. Raises a ValueError if the group does not exist. Returns nothing.
-
create_permission
(name, allgrant=False)¶ Create a permission type if it does not exist yet.
Raises a RuntimeError if the permission already exists Does not check for duplicates. Returns nothing.
-
create_tables
()¶ Create tables using the table_create.sql file in the create folder.
Returns nothing.
-
static
sanitize
(input, allowable_list=[], default="''")¶ Sanitize inputs to avoid issues with pymysql.
Takes in an input to sanitize. Optionally takes in an list of allowable values and a default. The default is returned if the input is not in the list. Returns a sanizized result.
-
test_seed_tables
()¶ Seed table for testing, using the seed.sql file in the create folder.
Returns nothing.
MysqlRoles.Run module¶
-
class
MysqlRoles.Run.
Run
¶ Bases:
object
-
static
net_test
(host)¶ Determine if a host is accessible before doing anything.
Returns the host name back if the host is up and is able to connect with mysql. To fix this issue, try: - Update your my.cnf with credentials - Start a mysql instance on the host
-
static
parse
(args)¶ Parse arguments given to CLI into commands to run.
-
static