openstack/charm-nova-cloud-controller
Code Issues Proposed changes
charm-nova-cloud-controller/charmhelpers/contrib/hardening/defaults/mysql.yaml
Alex Kavanagh 9c12812735 Switch the charm to support py3 
Some major changes:
* the charm has been rebased (from a Python perspective) to be rooted in
  the charm directory.  This is a single root.
* Imports have been changed so that the don't add lots of imports to the
  namespace of the module doing the import.
* The code that used to run at module import time has been made lazy
  such that it only has to run if the relevant functions are called.
  This includes restart_on_change parameters, the harden function and
  the parameters to the guard_map.  Appropriate changes will be
  submitted to charm-helpers.
* Several tests had to be re-written as (incorrect) mocking meant that
  text fixtures didn't actually match what the code was doing.  Thus,
  the tests were meaningless.
* This has had a net positive impact on the unit tests wrt to importing
  modules and mocking.

Change-Id: Id07d9d1caaa9b29453a63c2e49ba831071e9457f
2018-10-18 15:43:03 +01:00

39 lines
1.6 KiB
YAML
Raw Blame History

# NOTE: this file contains the default configuration for the 'mysql' hardening
# code. If you want to override any settings you must add them to a file
# called hardening.yaml in the root directory of your charm using the
# name 'mysql' as the root key followed by any of the following with new
# values.
hardening:
mysql-conf: /etc/mysql/my.cnf
hardening-conf: /etc/mysql/conf.d/hardening.cnf
security:
# @see http://www.symantec.com/connect/articles/securing-mysql-step-step
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_chroot
chroot: None
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create
safe-user-create: 1
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-auth
secure-auth: 1
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_symbolic-links
skip-symbolic-links: 1
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database
skip-show-database: True
# @see http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile
local-infile: 0
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_allow-suspicious-udfs
allow-suspicious-udfs: 0
# @see https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_automatic_sp_privileges
automatic-sp-privileges: 0
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-file-priv
secure-file-priv: /tmp
View Git Blame Copy Permalink