There is no need to read the text file and search for password inside,
we have properly formatted credentials file /etc/mysql/sipwise_extra.cnf
which is fully supported by MySQL/MariaDB client library and Perl DBI.
Also we have plans to remove /etc/mysql/sipwise.cnf to prevent it usage
(to prevent password leakage through Linux process list).
Change-Id: I62006ae01d9097642a3dae063781a621f5050842
Previously it had the following behavior:
Select all records with 'Host LIKE' filtering so if requested host was '%'
this select returned all the record for this user.
Then user was delete with 'DELETE ... Host LIKE' statement so if
requested host was '%' it deleted all the records.
With using 'DROP USER' statement the same behavior can be achieved with
the same selecting but drop user not with requested host but with actual
one from select statement.
Change-Id: I72f1dd1962e139939be700794e0eb025fe1615b2
There are a lot of flushing privileges so in order not to flood the
console move it to debug level.
Change-Id: I98e3247881393d7892799cc23c2a4e5dc865185a
Replace unsafe 'DELETE FROM mysql.user' with recommended 'DROP USER'
statement to avoid problems with DROP/CREATE USER due to missing
'FLUSH PRIVILEGES' like:
Error: Cannot create grant temp user: Operation CREATE USER failed
for 'ngcp-sync-db'@'localhost' at /usr/sbin/ngcp-sync-grants line 322.
Execute 'FLUSH PRIVILEGES' before creating and after dropping of temp user
'ngcp-sync-db'.
Change-Id: I49c29b6c39353d4a47f086851a915af1469ebcdd
* users with special chars, like debian-sys-maint
require revoke/grant to be escaped as 'user'@'host'
* [default.user.host] "parent" is printed in the log if
without debug but only when there is something to change
Change-Id: I63065b5df37eea9136c6e61d15c329b978ba62dd
The latter does not support YAML 1.1, nor many parts of the
specification. Use the more compliant implementation, in addition to try
to converge to a single one, so that we do not get serialization delta
surprises.
Change-Id: Ie51f1c79859d40ef0877fc0ab75f86ee72e14ea4
* all possible grant variations should be supported now
* changes detection algorithm should support all possible
user_options now
Change-Id: Id715219948374c60fff54408037d4506c872af35
* MariaDB + dbd::mysql: dbh->select* returns
"fetch() without execute()" on non-table based sql
statements such as "SHOW GRANTS FOR ..." when there are
no rows to return. Such false error is avoided as
execute() is performed automatically by DBI on "non-prepare()"
methods.
Change-Id: Iac1c1c0473f39ed9f377abb5dea1cbcfbc67868a
* ngcp-sync-grants now works with the extra suffix
"with grant option"
* ngcp-sync-constants also syncs user "user" sipwise from
/etc/mysql/sipwise.cnf
Change-Id: I6159257e3c9d34cb674e003e910535807c4e841b
* when in the "copy" mode and all *.localhost grants need
to be copied for some users there may be no such
key (e.g. replicator has only sp1 and sp2). Therefore,
if in the "copy" mode and there is no host for a user
- skip the user and continue instead of dropping with an error
* normalise_grant_str(): added support for more grant elements,
added a check to die if there are unsorted elements left
* recreate use before hosts processing to avoid situations when
the user is repeatedly removed
Change-Id: I706dfcbf52279abc5260b01f658ce554d53a604e
On Carrier:
local mysql is 127.0.0.1:3308
pair mysql is localhost:3306
On CE/PRO:
local mysql is localhost:3306
pair mysql is localhost:3306
ngcp-sync-grants/-constants should use pair mysql to upload grants/passwords.
local mysql is comming from db01:3306 using ngcp-sync-db.
Change-Id: I293bda36c64184acfde89a96703f1691279feba6
* generated password is represented with "!" prefix in mysql.user,
instead of the default "*" where internally it is still the valid one.
that allows to overcome the behavior when a non valid password
is assigned to a user "show grants" returns as if no grants assigned
to him causing ngcp-sync-grants recreate the user every time.
Change-Id: Id0acf626677177e4b17d17b50c78baea5a7f9955
- ngcp-sync-grants is responsible for ngcp mysql
grants sync from a template
- it is executed by the 'commit' trigger before ngcp-sync-constants
Change-Id: I082256e57b1394a3f056ad1ca56a5443bfb5a745
Alexander Lutay
Mykola Malkov
Kirill Solomko
Guillem Jover