Manage MySQL users & grants with Chef
Chef manages users and privileges through the community-maintained
sous-chefs mysql cookbook, which exposes a
mysql_user resource. It can manage much more than users, so read the docs for every action and option.
Create a user
mysql_user 'disenfranchised' do password 'super_secret' action :create end
Drop a user
mysql_user 'foo_user' do action :drop end
Grant SELECT, UPDATE and INSERT to a user
mysql_user 'foo_user' do password 'super_secret' database_name 'foo' host '%' privileges [:select, :update, :insert] action :grant end
Grant all privileges to a user
mysql_user 'foo_user' do password 'super_secret' database_name 'foo' host '%' privileges [:all] action :grant end
Why Chef for MySQL users & grants?
Chef is a configuration-management tool that lets you declare the desired state of your systems and then
automatically converges them to it. It manages physical machines, VMs and cloud instances alike. Because the
mysql_user resource is idempotent, re-running a recipe enforces the declared users and grants rather
than duplicating them — and every change lives in version control where it can be reviewed like any other code.
Keep passwords out of plain recipes by storing them in encrypted data bags or Chef Vault.