diff --git a/db/Provision/Service/db.php b/db/Provision/Service/db.php index bce81db..82000ac 100644 --- a/db/Provision/Service/db.php +++ b/db/Provision/Service/db.php @@ -15,12 +15,14 @@ class Provision_Service_db extends Provision_Service { static function option_documentation() { return array( 'master_db' => 'server with db: Master database connection info, {type}://{user}:{password}@{host}', + 'db_grant_all_hosts' => 'Grant access to site database users from any web host. If set to TRUE, any host will be allowed to connect to MySQL site databases on this server using the generated username and password. If set to FALSE, web hosts will be granted access by their detected IP address.', ); } function init_server() { parent::init_server(); $this->server->setProperty('master_db'); + $this->server->setProperty('db_grant_all_hosts', FALSE); $this->server->setProperty('utf8mb4_is_supported', FALSE); $this->creds = array_map('urldecode', parse_url($this->server->master_db)); @@ -103,6 +105,7 @@ class Provision_Service_db extends Provision_Service { if (!$this->grant($db_name, $db_user, $db_passwd, $db_grant_host)) { drush_set_error('PROVISION_CREATE_DB_FAILED', dt("Could not create database user @user", array('@user' => $db_user))); } + drush_log(dt("Granted privileges to %user@%client on %database", array('%user' => $db_user, '%client' => $db_grant_host, '%database' => $db_name)), 'success'); } $this->create_database($db_name); @@ -240,10 +243,16 @@ class Provision_Service_db extends Provision_Service { /** * Return a list of hosts, as seen by the db server, which should be granted - * access to the site database. + * access to the site database. If server property 'db_grant_all_hosts' is + * TRUE, use the MySQL wildcard '%' instead of */ function grant_host_list() { - return array_unique(array_map(array($this, 'grant_host'), $this->context->service('http')->grant_server_list())); + if ($this->server->db_grant_all_hosts) { + return array('%'); + } + else { + return array_unique(array_map(array($this, 'grant_host'), $this->context->service('http')->grant_server_list())); + } } /** diff --git a/install.hostmaster.inc b/install.hostmaster.inc index 89b7e79..0ecd395 100644 --- a/install.hostmaster.inc +++ b/install.hostmaster.inc @@ -174,6 +174,7 @@ function drush_provision_hostmaster_install($site = NULL) { $aegir_db_pass = drush_get_option('aegir_db_pass'); $aegir_db_port = drush_get_option('aegir_db_port'); $aegir_db_host = drush_get_option('aegir_db_host'); + $aegir_db_grant_all_hosts = drush_get_option('aegir_db_grant_all_hosts'); $server = '@server_master'; $master_context = array( @@ -202,6 +203,7 @@ function drush_provision_hostmaster_install($site = NULL) { 'context_type' => 'server', 'db_service_type' => 'mysql', 'master_db' => $master_db, + 'db_grant_all_hosts' => $aegir_db_grant_all_hosts, 'db_port' => $aegir_db_port, ); drush_invoke_process('@none', "provision-save", array($dbserver), $dbserver_context); diff --git a/provision.drush.inc b/provision.drush.inc index f417a8e..a2e2700 100644 --- a/provision.drush.inc +++ b/provision.drush.inc @@ -319,6 +319,7 @@ function provision_drush_command() { 'aegir_db_user' => dt('Database user to connect as (default: %user)', array('%user' => 'root')), 'aegir_db_pass' => dt('Database password to use'), 'aegir_db_port' => dt('Database port to use (default: %port)', array('%port' => '3306')), + 'aegir_db_grant_all_hosts' => dt('Allow connection from arbitrary web hosts. (Default: false)'), 'client_email' => dt('Email of the first client to create in the frontend'), 'client_name' => dt('Name of the first client to create in the frontend (default: %user)', array('%user' => 'admin')), 'makefile' => dt('The makefile used to create the hostmaster platform (default: %makefile)', array('%makefile' => dirname(__FILE__). '/aegir.make')),