Incomprehensible error message

HobsonI · January 18, 2024, 4:47am

Hi All,

I am attempting to use Ansible to create a MySQL backup user. It should be able to read and lock tables for everything. The step in the playbook is this.

- name: create user - GRANT SELECT, PROCESS, LOCK TABLES ON *.* TO `backup`@`localhost`
   community.mysql.mysql_user:
     user: backup
     host: localhost
     login_password: <redacted>
     priv: '*.*:SELECT, PROCESS, LOCK TABLES'

The error message is:
fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid privileges string: Invalid privileges specified: frozenset({' PROCESS, LOCK TABLES'})"}

I can see nothing wrong with the priv line. Can someone spot it?

Regards

Ian

skratbag · January 18, 2024, 5:36am

Hi Ian,

There was a similar issue back in 2015/16, see https://github.com/ansible/ansible/issues/29611 and also https://stackoverflow.com/questions/28908155/ansible-mysql-user-priv-invalid-privileges-string-invalid-privileges-specifi amongst quite a few others. They all referenced spaces being in the privilege string.

Are you able to try that without the spaces between privileges?

Cheers
David

Andy_Smith · January 18, 2024, 3:12pm

Hi Ian,

  community.mysql.mysql_user:
    user: backup
    host: localhost
    login_password: <redacted>
    priv: '*.*:SELECT, PROCESS, LOCK TABLES'

The error message is:
fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid
privileges string: Invalid privileges specified: frozenset({' PROCESS, LOCK
TABLES'})"}

I can see nothing wrong with the priv line. Can someone spot it?

I've found the format of the mysql privileges to be extremely picky.
Aside from having to get the syntax correct, also look out for it
seeing privileges in a different order, so applying them again at
every run.

I found that whole-table privileges required no space between, while
column-based privs need spaces between. Example:

priv:
  "somedb.sometable": "SELECT,INSERT,UPDATE,DELETE"
  "somedb.othertable": "SELECT (ID, ACOL, BCOL),\
                       INSERT"

If you run ansible with two or three -v you'll see the MySQL
commands it executes so you can check what it's doing.

Thanks,
Andy

Topic		Replies	Views
Incomprehensible error message Ansible Project	5	0	January 18, 2024
mysql_user module and LOCK TABLES Ansible Project	5	1	April 15, 2014
mysql_db unexpected result with priv="database.table:SELECT(collum,collum,collum)" Ansible Project	1	0	August 12, 2013
Ansible random generated passwords Get Help playbook	8	391	May 9, 2024
Fixing mysql_user privs using columns - #1120 Ansible Developer	1	1	May 6, 2015

Incomprehensible error message

Related topics