-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add plugin as parameter for mysql_user, to allow use of auth_socket plugin #27179
Comments
Would be nice to get this feature as this would also be useful for people trying to add IAM authentication to RDS databases on AWS. |
Is there a workaround to this? I don't know how to change root password because of this o_0 |
@BarbzYHOOL There is. First, do you really need to set a root password? You can use MySQL as root without a password using If you really want to set up a root user with a password using Ansible, you can:
|
@oscherler I can't use the "mysql_user" module if I don't set any password (on a clean install, I didn't run a security script afterwards)
Also I wonder if the auth_socket thing will allow me to connect to mysql from another local machine (virtual machine), as root. |
In fact, I can't even create any user with ansible because of this on mysql 5.7. I just can't connect to mysql because it can only connects through root and I don't connect to my server with the root account (who does that?). I also tried to add "become: yes" to the role but it didn't do anything |
@BarbzYHOOL I’m writing a dev.to post about how to do it. Should be ready tomorrow. |
@BarbzYHOOL you need to set |
I install mysql, then i run a task with mysql_user module and it can't connect: msg: 'unable to connect to database, check login_user and login_password are correct or /root/.my.cnf has the credentials. Exception message: (1698, u"Access denied for user ''root''@''localhost''") If i don't set any user, it uses by default root. I can't set any password since root has no password
So basically I'm stuck there. However if I run the shell module I can run mysql as root (but not with mysql modules... makes no sense to me) and execute queries There is a solution, use debconf to set the root password during install though but I'm surprised to have to do this annoying thing |
Ok, thank you for the update, it's clearer now. |
This seems related geerlingguy/ansible-role-mysql#60 (comment) Btw your PR speaks about MariaDB, note that I use percona-server-server-5.7 I have never built ansible from scratch, never tried any PR here, not sure how to proceed (the docs look huge about this). You mean the actual plugin uses the "password" column instead of "authentication_string" ?? |
The PR is related to MySQL and MariaDB, and probably also to Percona-server. To try the module, just pull it in a |
The client trying unix-socket if you specify 'localhost' instead of '::1' or '127.0.0.1' as host is a peculiarity of MySQL not an issue with ansible itself. But maybe because this isn't a well known fact a hint in documentation (eg. an example) would be nice to have. |
@wouteroostervld The problem is that you cannot set a password for |
Well it does support auth_plugins in the way that you could change from auth_socket to auth_native_password by setting a password for a user. (It did ) |
ah-sh*t-here-we-go-again.gif: updating ansible checkout, firing up spacemacs and installing MySQL5.7 (in a docker possibly). (If true this is a regression. It worked. Maybe it still works but misses an example in documentation. It's tricky first you need to connect without password and the next time with. So after you set rootpw you should create ~/root/my.cnf immediately. Something like:
With as template:
) |
It seems like the root password use case has been solved, but it doesn't address the original issue reported. It would certainly be helpful to be able to specify an auth plugin for a user as a parameter. For example, creating a user in AWS RDS w/ IAM authentication the query is: |
I don't believe this is the case, at least not with stable version of ansible. Yes, password changes but |
- Use unix socket and root system user when setting mysql root user password See ansible/ansible#44267 and ansible/ansible#27179
It seems that this feature was implemented in #65789. Not able to test, since it's in 2.10, which is not released yet. |
@pgrenaud we'll be waiting for your feedback right after release, thanks! |
@oscherler Yeah, I get that. In my case, I'm working with MySQL 5.7 and now trying to update to MySQL 8.0. I do not work with MariaDB, so I can't tell. To be frank, it's been so long since I've created this issue that I don't remember why I needed the plugin parameter. 😅 |
For me it was because I wanted to set a password for root, to reproduce a set-up we had on our previous internal development server, and the default on Ubuntu had become to have root using the auth_socket plugin. In retrospect, it would have been so much easier to just use another user and change the name in the config files of the 200+ web sites we were developing as needed. 🤣 |
Thinking about it, I think it was to do the opposite of your use case. I wanted a way to set the auth_socket plugin for other users, in order to completely eliminate the need to manage database password. Man, I already eager to try that! 🤩 |
Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.
For further information, please see: |
ISSUE TYPE
Feature Idea
COMPONENT NAME
mysql_user
ANSIBLE VERSION
CONFIGURATION
Default configuration
OS / ENVIRONMENT
N/A
SUMMARY
From the MySQL 5.7 what's new page:
On a fresh installation of MySQL 5.7 the
root
user for hostlocalhost
is now configured with a plugin value ofauth_socket
. This prevents users other then root to connect as root using themysql
client utility:While as root this works:
Currently, this cannot be done with Ansible.
References:
STEPS TO REPRODUCE
It would be nice to introduce a new parameter to this module which accepts all possible plugin values (defaulting to
mysql_native_password
) , e.g.:EXPECTED RESULTS
N/A
ACTUAL RESULTS
N/A
CHALLENGES
NOTES
I changed a few details:
The text was updated successfully, but these errors were encountered: