diff --git a/lib/facter/mysqld_version.rb b/lib/facter/mysqld_version.rb index e6ad49c10..249b71fd9 100644 --- a/lib/facter/mysqld_version.rb +++ b/lib/facter/mysqld_version.rb @@ -1,8 +1,9 @@ # frozen_string_literal: true Facter.add('mysqld_version') do - confine { Facter::Core::Execution.which('mysqld') } + confine { Facter::Core::Execution.which('mysqld') || Facter::Core::Execution.which('/usr/libexec/mysqld') } setcode do - Facter::Core::Execution.execute('mysqld --no-defaults -V 2>/dev/null') + # Add /usr/libexec to PATH to find mysqld command + Facter::Core::Execution.execute('env PATH=$PATH:/usr/libexec mysqld --no-defaults -V 2>/dev/null') end end diff --git a/manifests/backup/xtrabackup.pp b/manifests/backup/xtrabackup.pp index 0c8b20886..cf600d800 100644 --- a/manifests/backup/xtrabackup.pp +++ b/manifests/backup/xtrabackup.pp @@ -49,26 +49,63 @@ password_hash => mysql::password($backuppassword), require => Class['mysql::server::root_password'], } - - if ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '11') >= 0) or - ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '22.04') >= 0) { - mysql_grant { "${backupuser}@localhost/*.*": + # Percona XtraBackup needs additional grants/privileges to work with MySQL 8 + if versioncmp($facts['mysql_version'], '8') >= 0 and !(/(?i:mariadb)/ in $facts['mysqld_version']) { + if ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '11') >= 0) or + ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '22.04') >= 0) { + mysql_grant { "${backupuser}@localhost/*.*": + ensure => $ensure, + user => "${backupuser}@localhost", + table => '*.*', + privileges => ['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES', 'BACKUP_ADMIN'], + require => Mysql_user["${backupuser}@localhost"], + } + } + else { + mysql_grant { "${backupuser}@localhost/*.*": + ensure => $ensure, + user => "${backupuser}@localhost", + table => '*.*', + privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT', 'BACKUP_ADMIN'], + require => Mysql_user["${backupuser}@localhost"], + } + } + mysql_grant { "${backupuser}@localhost/performance_schema.keyring_component_status": ensure => $ensure, user => "${backupuser}@localhost", - table => '*.*', - privileges => ['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES'], + table => 'performance_schema.keyring_component_status', + privileges => ['SELECT'], require => Mysql_user["${backupuser}@localhost"], } - } - else { - mysql_grant { "${backupuser}@localhost/*.*": + mysql_grant { "${backupuser}@localhost/performance_schema.log_status": ensure => $ensure, user => "${backupuser}@localhost", - table => '*.*', - privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT'], + table => 'performance_schema.log_status', + privileges => ['SELECT'], require => Mysql_user["${backupuser}@localhost"], } } + else { + if $facts['os']['family'] == 'debian' and $facts['os']['release']['major'] == '11' or + ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '22.04') >= 0) { + mysql_grant { "${backupuser}@localhost/*.*": + ensure => $ensure, + user => "${backupuser}@localhost", + table => '*.*', + privileges => ['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES'], + require => Mysql_user["${backupuser}@localhost"], + } + } + else { + mysql_grant { "${backupuser}@localhost/*.*": + ensure => $ensure, + user => "${backupuser}@localhost", + table => '*.*', + privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT'], + require => Mysql_user["${backupuser}@localhost"], + } + } + } } if $install_cron { diff --git a/spec/classes/mysql_backup_xtrabackup_spec.rb b/spec/classes/mysql_backup_xtrabackup_spec.rb index 4eef6b083..64dfe1e76 100644 --- a/spec/classes/mysql_backup_xtrabackup_spec.rb +++ b/spec/classes/mysql_backup_xtrabackup_spec.rb @@ -11,7 +11,9 @@ class { 'mysql::server': } EOF end let(:facts) do - facts.merge(root_home: '/root') + facts.merge(root_home: '/root', + mysql_version: '5.7', + mysld_version: 'mysqld Ver 5.7.38 for Linux on x86_64 (MySQL Community Server - (GPL)') end let(:default_params) do @@ -115,6 +117,69 @@ class { 'mysql::server': } ) .that_requires('Mysql_user[backupuser@localhost]') end + + context 'with MySQL version 5.7' do + let(:facts) do + facts.merge(mysql_version: '5.7') + end + + it { + is_expected.not_to contain_mysql_grant('backupuser@localhost/performance_schema.keyring_component_status') + is_expected.not_to contain_mysql_grant('backupuser@localhost/performance_schema.log_status') + is_expected.not_to contain_mysql_grant('backupuser@localhost/*.*') + .with( + ensure: 'present', + user: 'backupuser@localhost', + table: '*.*', + privileges: + ['BACKUP_ADMIN'], + ) + .that_requires('Mysql_user[backupuser@localhost]') + } + end + + context 'with MySQL version 8.0' do + let(:facts) do + facts.merge(mysql_version: '8.0', + mysld_version: 'mysqld Ver 8.0.28 for Linux on x86_64 (MySQL Community Server - GPL)') + end + + it { + is_expected.to contain_mysql_grant('backupuser@localhost/*.*') + .with( + ensure: 'present', + user: 'backupuser@localhost', + table: '*.*', + privileges: + if (facts[:operatingsystem] == 'Debian' && Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '11') >= 0) || + (facts[:operatingsystem] == 'Ubuntu' && Puppet::Util::Package.versioncmp(facts[:operatingsystemmajrelease], '22') >= 0) + ['BINLOG MONITOR', 'RELOAD', 'PROCESS', 'LOCK TABLES', 'BACKUP_ADMIN'] + else + ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT', 'BACKUP_ADMIN'] + end, + ) + .that_requires('Mysql_user[backupuser@localhost]') + is_expected.to contain_mysql_grant('backupuser@localhost/performance_schema.keyring_component_status') + .with( + ensure: 'present', + user: 'backupuser@localhost', + table: 'performance_schema.keyring_component_status', + privileges: + ['SELECT'], + ) + .that_requires('Mysql_user[backupuser@localhost]') + + is_expected.to contain_mysql_grant('backupuser@localhost/performance_schema.log_status') + .with( + ensure: 'present', + user: 'backupuser@localhost', + table: 'performance_schema.log_status', + privileges: + ['SELECT'], + ) + .that_requires('Mysql_user[backupuser@localhost]') + } + end end context 'with additional cron args' do diff --git a/spec/unit/facter/mysqld_version_spec.rb b/spec/unit/facter/mysqld_version_spec.rb index c5770a6c1..7b1067483 100644 --- a/spec/unit/facter/mysqld_version_spec.rb +++ b/spec/unit/facter/mysqld_version_spec.rb @@ -11,7 +11,7 @@ context 'with value' do before :each do allow(Facter::Core::Execution).to receive(:which).with('mysqld').and_return('/usr/sbin/mysqld') - allow(Facter::Core::Execution).to receive(:execute).with('mysqld --no-defaults -V 2>/dev/null') + allow(Facter::Core::Execution).to receive(:execute).with('env PATH=$PATH:/usr/libexec mysqld --no-defaults -V 2>/dev/null') .and_return('mysqld Ver 5.5.49-37.9 for Linux on x86_64 (Percona Server (GPL), Release 37.9, Revision efa0073)') end it {