为什么 ansible 无法连接到 MySql?
Why can ansible not connect to MySql?
我想用这些配置部署 MySql 数据库服务器。
这是我要部署的剧本 MySql :
- name: "Inclure le fichier : install_utilitaires_mysql.yaml"
include: install_utilitaires_mysql.yaml
when: ansible_os_family == "Debian"
- name: "Telechargement d'un package .deb pour ajouter le repo mysql"
get_url:
url: https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
dest: /tmp
when: ansible_os_family == "Debian"
- name: "Installation du package .deb"
apt:
deb: /tmp/mysql-apt-config_0.8.15-1_all.deb
when: ansible_os_family == "Debian"
- name: "Mise a jour des sources list : apt update"
apt:
update_cache: yes
when: ansible_os_family == "Debian"
- name: "Installation de MySql"
apt:
name: mysql-server
state: latest
when: ansible_os_family == "Debian"
- name: "Demarrer le service MySql"
service:
name: mysql
state: started
enabled: yes
when: ansible_os_family == "Debian"
- name: "Voir la variable mysql_username"
debug:
msg: "{{ mysql_username }}"
when: ansible_os_family == "Debian"
- name: "Création du user : {{ mysql_username }}"
mysql_user:
name: "{{ mysql_username }}"
password: "{{ mysql_password }}"
priv: '*.*:ALL'
state: present
when: ansible_os_family == "Debian"
但是当我用 ansible-playbook -i hosts playbook.yaml --vault-password-file password 命令执行这个剧本时,我会得到这个错误:
TASK [Création du user : {{ mysql_username }}] ********************************************************************************************************************************************************************
skipping: [192.168.1.41]
[WARNING]: Module did not set no_log for update_password
fatal: [192.168.1.37]: FAILED! => {"changed": false, "msg": "unable to connect to database, check login_user and login_password are correct or /root/.my.cnf has the credentials. Exception message: (1698, u\"Access denied for user 'root'@'localhost'\")"}
为什么 ansible 无法连接到 MySQL 而 mysql -u root 工作正常?
我找到了这个解决方案,但我不明白它是如何工作的:
- name: Example using login_unix_socket to connect to server
mysql_user:
name: root
password: root
login_unix_socket: /var/run/mysqld/mysqld.sock
when: ansible_os_family == "Debian"
首先深思
我找到了这段代码
---
- name: "Inclure le fichier : install_utilitaires_mysql.yaml"
include: install_utilitaires_mysql.yaml
when: ansible_os_family == "Debian"
- name: "Telechargement d'un package .deb pour ajouter le repo mysql"
get_url:
url: https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
dest: /tmp
when: ansible_os_family == "Debian"
- name: "Installation du package .deb"
apt:
deb: /tmp/mysql-apt-config_0.8.15-1_all.deb
when: ansible_os_family == "Debian"
- name: "Mise a jour des sources list : apt update"
apt:
update_cache: yes
when: ansible_os_family == "Debian"
- name: "Installation de MySql"
apt:
name: mysql-server
state: latest
when: ansible_os_family == "Debian"
- name: "Demarrer le service MySql"
service:
name: mysql
state: started
enabled: yes
when: ansible_os_family == "Debian"
- name: "Envoi du template .my.cnf dans ~"
template:
src: root_cnf.j2
dest: ~/.my.cnf
owner: root
mode: 0600
when: ansible_os_family == "Debian"
- name: "Redemarrer le service MySql"
service:
name: mysql
state: restarted
enabled: yes
when: ansible_os_family == "Debian"
- name: "Création du user : {{ mysql_username }}"
mysql_user:
login_user: root
login_password: root
name: "{{ mysql_username }}"
password: "{{ mysql_password }}"
priv: '*.*:ALL'
state: present
when: ansible_os_family == "Debian"
但是当我执行这个 ansible-playbook -i hosts playbook.yaml --vault-password-file password 命令时我得到这个错误:
TASK [Création du user : {{ mysql_username }}] ********************************************************************************************************************************************************************
skipping: [192.168.43.102]
[WARNING]: Module did not set no_log for update_password
fatal: [192.168.43.182]: FAILED! => {"changed": false, "msg": "unable to connect to database, check login_user and login_password are correct or /********/.my.cnf has the credentials. Exception message: (1698, u\"Access denied for user '********'@'localhost'\")"}
问题:为什么 运行 我的剧本会导致这个错误?
知道root_cnf.j2jinja2文件中有这个配置:
[client]
user=root
password=root
如您所写,您需要使用 login_unix_socket: /var/run/mysqld/mysqld.sock(必要时替换套接字的路径),因为 password-less 登录只能使用套接字,不能使用网络。
见this post on dba.stackexchange.com。
它基本上是一项安全功能,所以您不会不小心暴露对 Internet 上的数据库的 password-less 访问权限。
你想做的是第一位
- name: Set password for root user
mysql_user:
name: "root"
password: "{{ mysql_password }}"
priv: '*.*:ALL,GRANT'
host: 'localhost'
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
这将为 root 设置密码。之后将启用 root 通过网络登录。
之后,您想做这样的事情:
- name: Save root password in .my.cnf
template:
src: root_cnf.j2
dest: /root/.my.cnf
owner: root
mode: '0600'
模板是这样的:
[client]
user=root
password={{ mysql_root_password }}
这会将您的密码放入 /root/.my.cnf,这样您就可以在机器上使用 mysql 而无需提供凭据(ansible 会自动获取)。
然后你可以用这个添加用户:
- name: "Create mysql user {{ mysql_username }}"
mysql_user:
name: "{{ mysql_username }}"
password: "{{ mysql_password }}"
priv: '*.*:ALL'
我想这就是你想要的。
我想用这些配置部署 MySql 数据库服务器。
这是我要部署的剧本 MySql :
- name: "Inclure le fichier : install_utilitaires_mysql.yaml"
include: install_utilitaires_mysql.yaml
when: ansible_os_family == "Debian"
- name: "Telechargement d'un package .deb pour ajouter le repo mysql"
get_url:
url: https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
dest: /tmp
when: ansible_os_family == "Debian"
- name: "Installation du package .deb"
apt:
deb: /tmp/mysql-apt-config_0.8.15-1_all.deb
when: ansible_os_family == "Debian"
- name: "Mise a jour des sources list : apt update"
apt:
update_cache: yes
when: ansible_os_family == "Debian"
- name: "Installation de MySql"
apt:
name: mysql-server
state: latest
when: ansible_os_family == "Debian"
- name: "Demarrer le service MySql"
service:
name: mysql
state: started
enabled: yes
when: ansible_os_family == "Debian"
- name: "Voir la variable mysql_username"
debug:
msg: "{{ mysql_username }}"
when: ansible_os_family == "Debian"
- name: "Création du user : {{ mysql_username }}"
mysql_user:
name: "{{ mysql_username }}"
password: "{{ mysql_password }}"
priv: '*.*:ALL'
state: present
when: ansible_os_family == "Debian"
但是当我用 ansible-playbook -i hosts playbook.yaml --vault-password-file password 命令执行这个剧本时,我会得到这个错误:
TASK [Création du user : {{ mysql_username }}] ********************************************************************************************************************************************************************
skipping: [192.168.1.41]
[WARNING]: Module did not set no_log for update_password
fatal: [192.168.1.37]: FAILED! => {"changed": false, "msg": "unable to connect to database, check login_user and login_password are correct or /root/.my.cnf has the credentials. Exception message: (1698, u\"Access denied for user 'root'@'localhost'\")"}
为什么 ansible 无法连接到 MySQL 而 mysql -u root 工作正常?
我找到了这个解决方案,但我不明白它是如何工作的:
- name: Example using login_unix_socket to connect to server
mysql_user:
name: root
password: root
login_unix_socket: /var/run/mysqld/mysqld.sock
when: ansible_os_family == "Debian"
首先深思
我找到了这段代码
---
- name: "Inclure le fichier : install_utilitaires_mysql.yaml"
include: install_utilitaires_mysql.yaml
when: ansible_os_family == "Debian"
- name: "Telechargement d'un package .deb pour ajouter le repo mysql"
get_url:
url: https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
dest: /tmp
when: ansible_os_family == "Debian"
- name: "Installation du package .deb"
apt:
deb: /tmp/mysql-apt-config_0.8.15-1_all.deb
when: ansible_os_family == "Debian"
- name: "Mise a jour des sources list : apt update"
apt:
update_cache: yes
when: ansible_os_family == "Debian"
- name: "Installation de MySql"
apt:
name: mysql-server
state: latest
when: ansible_os_family == "Debian"
- name: "Demarrer le service MySql"
service:
name: mysql
state: started
enabled: yes
when: ansible_os_family == "Debian"
- name: "Envoi du template .my.cnf dans ~"
template:
src: root_cnf.j2
dest: ~/.my.cnf
owner: root
mode: 0600
when: ansible_os_family == "Debian"
- name: "Redemarrer le service MySql"
service:
name: mysql
state: restarted
enabled: yes
when: ansible_os_family == "Debian"
- name: "Création du user : {{ mysql_username }}"
mysql_user:
login_user: root
login_password: root
name: "{{ mysql_username }}"
password: "{{ mysql_password }}"
priv: '*.*:ALL'
state: present
when: ansible_os_family == "Debian"
但是当我执行这个 ansible-playbook -i hosts playbook.yaml --vault-password-file password 命令时我得到这个错误:
TASK [Création du user : {{ mysql_username }}] ********************************************************************************************************************************************************************
skipping: [192.168.43.102]
[WARNING]: Module did not set no_log for update_password
fatal: [192.168.43.182]: FAILED! => {"changed": false, "msg": "unable to connect to database, check login_user and login_password are correct or /********/.my.cnf has the credentials. Exception message: (1698, u\"Access denied for user '********'@'localhost'\")"}
问题:为什么 运行 我的剧本会导致这个错误?
知道root_cnf.j2jinja2文件中有这个配置:
[client]
user=root
password=root
如您所写,您需要使用 login_unix_socket: /var/run/mysqld/mysqld.sock(必要时替换套接字的路径),因为 password-less 登录只能使用套接字,不能使用网络。
见this post on dba.stackexchange.com。
它基本上是一项安全功能,所以您不会不小心暴露对 Internet 上的数据库的 password-less 访问权限。
你想做的是第一位
- name: Set password for root user
mysql_user:
name: "root"
password: "{{ mysql_password }}"
priv: '*.*:ALL,GRANT'
host: 'localhost'
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
这将为 root 设置密码。之后将启用 root 通过网络登录。
之后,您想做这样的事情:
- name: Save root password in .my.cnf
template:
src: root_cnf.j2
dest: /root/.my.cnf
owner: root
mode: '0600'
模板是这样的:
[client]
user=root
password={{ mysql_root_password }}
这会将您的密码放入 /root/.my.cnf,这样您就可以在机器上使用 mysql 而无需提供凭据(ansible 会自动获取)。
然后你可以用这个添加用户:
- name: "Create mysql user {{ mysql_username }}"
mysql_user:
name: "{{ mysql_username }}"
password: "{{ mysql_password }}"
priv: '*.*:ALL'
我想这就是你想要的。