Comments (7)
I'll add, it also doesn't sit well with me that the securing of the passwords only happens the first run.
Possible Solution: what about reading in the password from .my.cnf and using that as the password to be set if it exists? Otherwise use the one passed in from the playbook.
This kind of bakes in a "fix" where a person changes the root password and updated the .my.cnf that all the root passwords are also updated the next time ansible is run.
from ansible-role-mysql.
Per the mysql documentation, on *nix based installations there is also a 'root'@'host_name' user. I don't see this user's password being updated in the secure-installation.yml.
Last time I worked on that part of the setup, I remember manually inspecting the accounts, and didn't see any other root user accounts that needed updating (at least on Ubuntu or CentOS). But if there are other accounts, they should definitely be updated.
We should verify that there are other user records that need updating (if so, this is a more serious bug!), and then I also like the idea of making the root user password setting able to happen beyond the first run of the playbook; it would even help with things like Drupal VM.
from ansible-role-mysql.
I had actually just tested this on a centos vagrant box before creating this issue.
mysql> select Host,User from mysql.user;
+--------------------------+------+
| Host | User |
+--------------------------+------+
| 127.0.0.1 | root |
| ::1 | root |
| localhost | |
| localhost | root |
| vagrantdev.example.com | |
| vagrantdev.example.com | root |
+--------------------------+------+
6 rows in set (0.00 sec)
from ansible-role-mysql.
Hmm, right you are—it looks like there's an additional root
account set up for the hostname. (Honestly, MySQL—especially on Debian—is one of the most annoying packages to configure, since it preconfigures a ton of junk out of the box!).
from ansible-role-mysql.
Working on this now...
from ansible-role-mysql.
One method I tried to get all the current root MySQL user accounts in a list to pass to the 'update password' command was:
- name: Get a list of hosts for the MySQL root account.
command: mysql -e 'SELECT Host from mysql.user WHERE User = "root";'
register: mysql_root_hosts
changed_when: false
Then you can access mysql_root_hosts.stdout_lines[1:]
to remove the first 'Host' entry. However, doing this pops the current hostname into an arbitrary order (e.g. if you have a hostname of ansible
, it might appear at the top of the list, but if you have zebra
, it's at the bottom). This causes the password change to fail, since localhost
must be at the end.
I was trying contortions with pop
and remove
and other Python/Jinja-based filtering to try to pull out localhost
from the list then run it last, but I couldn't.
I think, for now, the change I'm going to commit for this issue should work for 99% of the use cases I've seen—plus it should now allow users to change the MySQL root password (which couldn't be done before), which is a nice bonus!
from ansible-role-mysql.
@solomongifford - Could you open a separate issue for the case where running a playbook over a local connection causes {{ ansible_hostname }}
to break?
from ansible-role-mysql.
Related Issues (20)
- Change mysql_bind_address: '0.0.0.0' to mysql_bind_address: '127.0.0.1' in defaults HOT 2
- Add additional innodb tunables to configuration HOT 4
- Missing community.mysql HOT 2
- ERROR! 'include_tasks' is not a valid attribute for a Play HOT 4
- MySQL fails to start when `mysql_datadir` is set to anything other than MySQL's default HOT 13
- Make apt update_cache optional or ignore errors HOT 2
- mysql_extra_config for my.cnf HOT 2
- force mariadb installation on ubuntu 22.04 not working HOT 1
- mysql_bind_address does not override all conf files
- FAILED! => {"changed": false, "msg": "Could not find the requested service mysql: host"} HOT 5
- secure-installation fails on RHEL8 at remove test database. HOT 3
- includedir is set only if mysql_config_include_files is set HOT 2
- error "couldn't resolve module/action 'mysql_user'" when i used in awx HOT 4
- add innodb settings HOT 2
- Warning "Option column_case_sensitive is not provided" during MySQL user setup HOT 2
- 'sudo mysql' allows access w/o password authentication after fresh install HOT 1
- root password with $ or %
- Mysql role failing with empty hostname error HOT 1
- Update logrotate in Ubuntu for mysql.err
- Check master replication fails when running the cluster the first time
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-mysql.