Community.mysql sets password as literal string instead of hash

We are trying to create users with a pre-created hashed password.

Ansible playbook logs this:

changed: [db29-acc] => (item=[{'name': 'ACC-clustercheck_user', 'password': '*96491C5DA6D86E34E644E89BC8B09A5B8C6D5D28', 'encrypted': True, 'priv': '*.*:PROCESS', 'state': 'present', 'append_privs': False}, 'localhost'])

As you can see: ‘encrypted’: True, so community.mysql is configured to set the password HASH. Alas it does not. I sets the password to “*96491C5DA6D86E34E644E89BC8B09A5B8C6D5D28” as text password, like this:

[root@db29-acc mysql]#  mysql -uACC-clustercheck_user -p*96491C5DA6D86E34E644E89BC8B09A5B8C6D5D28
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 40913
Server version: 10.11.6-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> \s
--------------
mysql  Ver 15.1 Distrib 10.11.6-MariaDB, for Linux (x86_64) using  EditLine wrapper

Connection id:		40913
Current database:	
Current user:		ACC-clustercheck_user@localhost
SSL:			Not in use
Current pager:		stdout
Using outfile:		''
Using delimiter:	;
Server:			MariaDB
Server version:		10.11.6-MariaDB MariaDB Server
Protocol version:	10
Connection:		Localhost via UNIX socket
Server characterset:	latin1
Db     characterset:	latin1
Client characterset:	utf8mb3
Conn.  characterset:	utf8mb3
UNIX socket:		/var/lib/mysql/mysql.sock
Uptime:			5 hours 5 min 7 sec

Threads: 10  Questions: 129853  Slow queries: 0  Opens: 62  Open tables: 52  Queries per second avg: 7.093
--------------

and using the actual password (that was used to create the hash on this very machine) does NOT work.

Hash was created like this:

MariaDB [(none)]> SELECT PASSWORD('acc_mysqlchk_user_pass');
+-------------------------------------------+
| PASSWORD('acc_mysqlchk_user_pass')        |
+-------------------------------------------+
| *96491C5DA6D86E34E644E89BC8B09A5B8C6D5D28 |
+-------------------------------------------+

As we are rather new to ansible / community.mysql, we wonder if we are doing it wrong, or if there is a problem with community.mysql.

Feedback would be appreciated. More info available, if it would help.

This is recent ansible, btw:
ansible [core 2.17.6]
community.mysql 3.10.3
MariaDB 10.11.6
Alma 9.4

I can’t see any errors in what you are doing, perhaps @Andersson007 can help?

Hi Chris, thanks for second-looking at what we’re doing (and conforming that we’re not doing something obvious wrong)

It certainly is… but in your output this is the value of a key of an item in a loop. How is this item key passed to the mysql_user module as a parameter? Can you show us the original task that produced the output? It could be a stupid thing like a typo somewhere.

I see there have been a few changes to the module made in the last several releases.
However, 3.10.3 has been release more than a quarter ago and if this stuff had been broken, there would’ve already been a flood of related bug reports. Maybe your case is a corner one, so:

• Could you try to downgrade to 3.9.0 with ansible-galaxy collection install community.mysql:==3.9.0, run the same task and check if the result is the same as with 3.10.3? If yes, I guess something is wrong with the task itself.
• As @bvitnik said, it’d be nice to see the whole task
• And could you also show the hash that ended up in the DB if possible?

Thanks

Hi Andersson007

Just to say: Appreciate your reply. Will get you the requested data and info, thing are just a bit buzy here now, will update later today or tomorrow.

Hi Andersson007, chris and bvitnik,
A follow up. Many apologies! I discovered now that the actual task to create the users does in fact NOT reference the variable {{ item.0.encrypted }}, but hardcoded always uses encryped: false.
Apologies again for having wasted your time. Appreciate very much the swift reponse I received!
Have a nice day to all!

@kkplein Glad you were able to get it sorted. All of us have been confused by similar things before.

I see this is your first forum post, first of many I hope. Welcome!

The experience has been very welcoming.