Mysql 授予任意主机root权限
Mysql Grant root permission for any host
我正在尝试在 ec2 实例上使用 salt-stack 安装 MySQL。我想为 root 用户添加授权。任何主机都应该可以使用密码访问它。
这是我的状态文件:
mysql-server:
pkg:
- installed
- pkgs:
- mysql-server
- python-mysqldb
service:
- running
- name: mysql
- enable: True
- require:
- pkg: mysql-server
- watch:
- file: /etc/mysql/my.cnf
mysql_user:
- present
- name: root
- password: {{ pillar['mysql']['server']['root_password'] }}
- require:
- service: mysql
/srv/.my.cnf:
file:
- managed
- source: salt://files/mysql/app-my.cnf
- user: app
- group: app
- mode: 0600
- template: jinja
- require:
- user: app
/root/.my.cnf:
file:
- managed
- source: salt://files/mysql/root-my.cnf
- user: root
- group: root
- mode: 0600
- template: jinja
{{pillar.default_database.name}}:
mysql_database.present
mysql-app-user:
mysql_user.present:
- name: app
- host: '%'
- password: {{ pillar['mysql']['server']['root_password'] }}
- connection_user: root
- connection_pass: {{ pillar['mysql']['server']['root_password'] }}
- connection_charset: utf8
- saltenv:
- LC_ALL: "en_US.utf8"
- require:
- service: mysql
mysql-app-local-user:
mysql_user.present:
- name: app
- host: localhost
- password: {{ pillar['mysql']['server']['root_password'] }}
- connection_user: root
- connection_pass: {{ pillar['mysql']['server']['root_password'] }}
- connection_charset: utf8
- saltenv:
- LC_ALL: "en_US.utf8"
- require:
- service: mysql
mysql_root_remote_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: root
mysql_app_remote_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: app
mysql_app_local_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: app
- host: localhost
这部分允许访问任何主机但没有密码。
mysql_root_remote_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: root
这有效,但它允许从任何主机无密码访问 root。我不知道我在这里做错了什么。如何通过 salt-stack 安装使用密码从任何主机访问 root?
我是这样解决的,我只需要为 %(任何主机)添加另一个 root-mysql_user.present,如下所示。
mysql-root-user-remote:
mysql_user.present:
- name: root
- host: '%'
- password: {{ pillar['mysql']['server']['root_password'] }}
- connection_user: root
- connection_pass: {{ pillar['mysql']['server']['root_password'] }}
- connection_charset: utf8
- saltenv:
- LC_ALL: "en_US.utf8"
- require:
- service: mysql
所以有两个 mysql_user.present 声明 root 用户,一个用于本地主机,另一个用于任何主机。在这 mysql_grant.present 工作之后。
我正在尝试在 ec2 实例上使用 salt-stack 安装 MySQL。我想为 root 用户添加授权。任何主机都应该可以使用密码访问它。
这是我的状态文件:
mysql-server:
pkg:
- installed
- pkgs:
- mysql-server
- python-mysqldb
service:
- running
- name: mysql
- enable: True
- require:
- pkg: mysql-server
- watch:
- file: /etc/mysql/my.cnf
mysql_user:
- present
- name: root
- password: {{ pillar['mysql']['server']['root_password'] }}
- require:
- service: mysql
/srv/.my.cnf:
file:
- managed
- source: salt://files/mysql/app-my.cnf
- user: app
- group: app
- mode: 0600
- template: jinja
- require:
- user: app
/root/.my.cnf:
file:
- managed
- source: salt://files/mysql/root-my.cnf
- user: root
- group: root
- mode: 0600
- template: jinja
{{pillar.default_database.name}}:
mysql_database.present
mysql-app-user:
mysql_user.present:
- name: app
- host: '%'
- password: {{ pillar['mysql']['server']['root_password'] }}
- connection_user: root
- connection_pass: {{ pillar['mysql']['server']['root_password'] }}
- connection_charset: utf8
- saltenv:
- LC_ALL: "en_US.utf8"
- require:
- service: mysql
mysql-app-local-user:
mysql_user.present:
- name: app
- host: localhost
- password: {{ pillar['mysql']['server']['root_password'] }}
- connection_user: root
- connection_pass: {{ pillar['mysql']['server']['root_password'] }}
- connection_charset: utf8
- saltenv:
- LC_ALL: "en_US.utf8"
- require:
- service: mysql
mysql_root_remote_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: root
mysql_app_remote_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: app
mysql_app_local_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: app
- host: localhost
这部分允许访问任何主机但没有密码。
mysql_root_remote_grant:
mysql_grants.present:
- grant: all privileges
- database: '*.*'
- user: root
这有效,但它允许从任何主机无密码访问 root。我不知道我在这里做错了什么。如何通过 salt-stack 安装使用密码从任何主机访问 root?
我是这样解决的,我只需要为 %(任何主机)添加另一个 root-mysql_user.present,如下所示。
mysql-root-user-remote:
mysql_user.present:
- name: root
- host: '%'
- password: {{ pillar['mysql']['server']['root_password'] }}
- connection_user: root
- connection_pass: {{ pillar['mysql']['server']['root_password'] }}
- connection_charset: utf8
- saltenv:
- LC_ALL: "en_US.utf8"
- require:
- service: mysql
所以有两个 mysql_user.present 声明 root 用户,一个用于本地主机,另一个用于任何主机。在这 mysql_grant.present 工作之后。