Ansible Install MySql 5.7 - 设置根用户密码
Ansible Install MySql 5.7 - Set Root User Password
我最近将我的 vagrant 从 ubuntu/trusty-64 升级到 bento/ubuntu-16.04。 MySQL 更新为 5.7。我已经对我的剧本进行了多次更新,但在设置 root 用户的密码时我总是卡住。
过去(5.7 之前)以下内容就足够了:
- name: MySQL | Set the root password.
mysql_user:
name=root
host=localhost
password={{ mysql_root_password }}
become: true
在我的剧本中,这是通过尝试删除匿名用户来测试的。
- name: MySQL | Delete anonymous MySQL server user for {{ server_hostname }}
mysql_user:
name=""
host="{{ server_hostname }}"
state="absent"
login_user=root
login_password={{ mysql_root_password }}
但是,现在我的剧本在这一步失败了,返回:
"Access denied for user 'root'@'localhost'"
TASK [mysql : MySQL | Delete anonymous MySQL server user for vagrant] **********
task path: /Users/jonrobinson/vagrant/survey/playbooks/roles/mysql/tasks/mysql.yml:51
fatal: [vagrant]: FAILED! => {"changed": false, "failed": true, "msg": "unable to connect to database, check login_user and login_password are correct or /home/vagrant/.my.cnf has the credentials. Exception message: (1698, \"Access denied for user 'root'@'localhost'\")"}
我尝试了几种方法:
- 将 root 用户的密码设置为空白
mysql_root_password=""
- 正在尝试删除 root 用户,然后使用 Ansible 重新创建它。我得到同样的错误可能是因为它试图在 root 用户下操作。
- 正在 mysql 中手动更新 root 密码。 - 这似乎也不起作用(无法识别密码),除非我删除根用户并使用所有权限重新创建它。只是更新 root 用户密码似乎没有任何变化。
我的完整 MySQL YAML:
---
- name: MySQL | install mysql packages
apt: pkg={{ item }} state=installed
become: true
with_items:
- mysql-client
- mysql-common
- mysql-server
- python-mysqldb
- name: MySQL | create MySQL configuration file
template:
src=my.cnf.j2
dest=/etc/mysql/my.cnf
backup=yes
owner=root
group=root
mode=0644
become: true
- name: MySQL | create MySQLD configuration file
template:
src=mysqld.cnf.j2
dest=/etc/mysql/conf.d/mysqld.cnf
backup=yes
owner=root
group=root
mode=0644
become: true
- name: MySQL | restart mysql
service: name=mysql state=restarted
become: true
- name: MySQL | Set the root password.
mysql_user:
name=root
host=localhost
password={{ mysql_root_password }}
become: true
- name: MySQL | Config for easy access as root user
template: src=mysql_root.my.cnf.j2 dest=/root/.my.cnf
become: true
- name: MySQL | Config for easy access as root user
template: src=mysql_root.my.cnf.j2 dest={{ home_dir }}/.my.cnf
when: "'{{ user }}' != 'root'"
- name: MySQL | Delete anonymous MySQL server user for {{ server_hostname }}
mysql_user: name="" host="{{ server_hostname }}" state="absent" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Delete anonymous MySQL server user for localhost
mysql_user: name="" state="absent" host=localhost login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for IPV6 localhost (::1)
mysql_user: name="root" password="{{ mysql_root_password }}" host="::1" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for IPV4 localhost (127.0.0.1)
mysql_user: name="root" password="{{ mysql_root_password }}" host="127.0.0.1" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for localhost domain (localhost)
mysql_user: name="root" password="{{ mysql_root_password }}" host="localhost" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for {{ server_hostname }} domain
mysql_user: name="root" password="{{ mysql_root_password }}" host="{{ server_hostname }}" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Remove the MySQL test database
mysql_db: db=test state=absent login_user=root login_password={{ mysql_root_password }}
- name: MySQL | create application database user
mysql_user: name={{ dbuser }} password={{ dbpass }} priv=*.*:ALL host='%' state=present login_password={{ mysql_root_password }} login_user=root
- name: MySQL | restart mysql
service: name=mysql state=restarted
become: true
据我了解,在 MySQL 中,需要为 localhost、服务器的主机名和 127.0.0.1 更改根密码,并且还需要完全权限。这些方面的一些东西可能会有所帮助(注意:我只在 MariaDB 上测试过这个,而不是 MySQL):
tasks:
- name: Set a new root password
mysql_user: check_implicit_admin=yes
login_user=root
login_password={{ mysql_root_password }}
user=root
password={{ NEW_mysql_root_password }}
host={{ item }}
priv='*.*:ALL,GRANT'
with_items:
- localhost
- 127.0.0.1
- {{ server_hostname }}
notify:
- restart_mariadb
handlers:
- name: restart_mariadb
service: name=mariadb
state=restarted
我想通了。问题的要点与 mysql 5.7 在未提供密码时对 root 用户使用 auth_socket 有关。请参阅以下内容:“That plugin doesn’t care and doesn’t need a password. It just checks if the user is connecting using a UNIX socket and then compares the username.”
在这种情况下,您无法使用以下方式更新密码:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('test');
而必须使用:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password='test';
解决方案 1:但是,从版本 2.0.2 开始,Ansible 没有考虑到这一点。我可以通过在安装 MySql 之前设置密码来解决这个问题
- name: Specify MySQL root password before installing
debconf: name='mysql-server' question='mysql-server/root_password' value='{{mysql_root_password | quote}}' vtype='password'
become: true
- name: Confirm MySQL root password before installing
debconf: name='mysql-server' question='mysql-server/root_password_again' value='{{mysql_root_password | quote}}' vtype='password'
become: true
- name: MySQL | install mysql packages
apt: pkg={{ item }} state=installed
become: true
with_items:
- mysql-client
- mysql-common
- mysql-server
- python-mysqldb
...
However, this has also since been addressed by Ansible
解决方案 2:最简单的解决方案是将 Ansible 升级到 2.2.1
我最近将我的 vagrant 从 ubuntu/trusty-64 升级到 bento/ubuntu-16.04。 MySQL 更新为 5.7。我已经对我的剧本进行了多次更新,但在设置 root 用户的密码时我总是卡住。
过去(5.7 之前)以下内容就足够了:
- name: MySQL | Set the root password.
mysql_user:
name=root
host=localhost
password={{ mysql_root_password }}
become: true
在我的剧本中,这是通过尝试删除匿名用户来测试的。
- name: MySQL | Delete anonymous MySQL server user for {{ server_hostname }}
mysql_user:
name=""
host="{{ server_hostname }}"
state="absent"
login_user=root
login_password={{ mysql_root_password }}
但是,现在我的剧本在这一步失败了,返回:
"Access denied for user 'root'@'localhost'"
TASK [mysql : MySQL | Delete anonymous MySQL server user for vagrant] **********
task path: /Users/jonrobinson/vagrant/survey/playbooks/roles/mysql/tasks/mysql.yml:51
fatal: [vagrant]: FAILED! => {"changed": false, "failed": true, "msg": "unable to connect to database, check login_user and login_password are correct or /home/vagrant/.my.cnf has the credentials. Exception message: (1698, \"Access denied for user 'root'@'localhost'\")"}
我尝试了几种方法:
- 将 root 用户的密码设置为空白
mysql_root_password="" - 正在尝试删除 root 用户,然后使用 Ansible 重新创建它。我得到同样的错误可能是因为它试图在 root 用户下操作。
- 正在 mysql 中手动更新 root 密码。 - 这似乎也不起作用(无法识别密码),除非我删除根用户并使用所有权限重新创建它。只是更新 root 用户密码似乎没有任何变化。
我的完整 MySQL YAML:
---
- name: MySQL | install mysql packages
apt: pkg={{ item }} state=installed
become: true
with_items:
- mysql-client
- mysql-common
- mysql-server
- python-mysqldb
- name: MySQL | create MySQL configuration file
template:
src=my.cnf.j2
dest=/etc/mysql/my.cnf
backup=yes
owner=root
group=root
mode=0644
become: true
- name: MySQL | create MySQLD configuration file
template:
src=mysqld.cnf.j2
dest=/etc/mysql/conf.d/mysqld.cnf
backup=yes
owner=root
group=root
mode=0644
become: true
- name: MySQL | restart mysql
service: name=mysql state=restarted
become: true
- name: MySQL | Set the root password.
mysql_user:
name=root
host=localhost
password={{ mysql_root_password }}
become: true
- name: MySQL | Config for easy access as root user
template: src=mysql_root.my.cnf.j2 dest=/root/.my.cnf
become: true
- name: MySQL | Config for easy access as root user
template: src=mysql_root.my.cnf.j2 dest={{ home_dir }}/.my.cnf
when: "'{{ user }}' != 'root'"
- name: MySQL | Delete anonymous MySQL server user for {{ server_hostname }}
mysql_user: name="" host="{{ server_hostname }}" state="absent" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Delete anonymous MySQL server user for localhost
mysql_user: name="" state="absent" host=localhost login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for IPV6 localhost (::1)
mysql_user: name="root" password="{{ mysql_root_password }}" host="::1" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for IPV4 localhost (127.0.0.1)
mysql_user: name="root" password="{{ mysql_root_password }}" host="127.0.0.1" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for localhost domain (localhost)
mysql_user: name="root" password="{{ mysql_root_password }}" host="localhost" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Secure the MySQL root user for {{ server_hostname }} domain
mysql_user: name="root" password="{{ mysql_root_password }}" host="{{ server_hostname }}" login_user=root login_password={{ mysql_root_password }}
- name: MySQL | Remove the MySQL test database
mysql_db: db=test state=absent login_user=root login_password={{ mysql_root_password }}
- name: MySQL | create application database user
mysql_user: name={{ dbuser }} password={{ dbpass }} priv=*.*:ALL host='%' state=present login_password={{ mysql_root_password }} login_user=root
- name: MySQL | restart mysql
service: name=mysql state=restarted
become: true
据我了解,在 MySQL 中,需要为 localhost、服务器的主机名和 127.0.0.1 更改根密码,并且还需要完全权限。这些方面的一些东西可能会有所帮助(注意:我只在 MariaDB 上测试过这个,而不是 MySQL):
tasks:
- name: Set a new root password
mysql_user: check_implicit_admin=yes
login_user=root
login_password={{ mysql_root_password }}
user=root
password={{ NEW_mysql_root_password }}
host={{ item }}
priv='*.*:ALL,GRANT'
with_items:
- localhost
- 127.0.0.1
- {{ server_hostname }}
notify:
- restart_mariadb
handlers:
- name: restart_mariadb
service: name=mariadb
state=restarted
我想通了。问题的要点与 mysql 5.7 在未提供密码时对 root 用户使用 auth_socket 有关。请参阅以下内容:“That plugin doesn’t care and doesn’t need a password. It just checks if the user is connecting using a UNIX socket and then compares the username.”
在这种情况下,您无法使用以下方式更新密码:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('test');
而必须使用:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password='test';
解决方案 1:但是,从版本 2.0.2 开始,Ansible 没有考虑到这一点。我可以通过在安装 MySql 之前设置密码来解决这个问题
- name: Specify MySQL root password before installing
debconf: name='mysql-server' question='mysql-server/root_password' value='{{mysql_root_password | quote}}' vtype='password'
become: true
- name: Confirm MySQL root password before installing
debconf: name='mysql-server' question='mysql-server/root_password_again' value='{{mysql_root_password | quote}}' vtype='password'
become: true
- name: MySQL | install mysql packages
apt: pkg={{ item }} state=installed
become: true
with_items:
- mysql-client
- mysql-common
- mysql-server
- python-mysqldb
...
However, this has also since been addressed by Ansible
解决方案 2:最简单的解决方案是将 Ansible 升级到 2.2.1