Initial mysql root user setup

When you install a myql server package you typically end up with a root user without a password.

As a way of dealing with this in a indempotent way I was thinking of extending the mysql_user module to add a boolean option, say fix_unpassworded_root_user, which if set:-
   - throws an error if login_user is not root or login_password
     is not set
   - throws an error if user or password parameters are set - this only
     does one thing
   - attempts to authenticate with the given login_user/login_password
     returns ok (unchanged) if works
   - attempts to authenticate with root/empty password and returns
     failed if that does not work
   - sets the root password to the supplied login_password, returns
     ok (changed) if works

I think it may be possible to do this with a hacked around pair of mysql_user calls (the first ignoring failure, the second being there to check the root password is correctly set), but I think extending the module for this special case may make things clearer at the cost of additional internal complexity...

Or do others disagree?

  Nigel.

When you install a myql server package you typically end up with a root user
without a password.

As a way of dealing with this in a indempotent way I was thinking of
extending the mysql_user module to add a boolean option, say
fix_unpassworded_root_user, which if set:-
  - throws an error if login_user is not root or login_password
    is not set
  - throws an error if user or password parameters are set - this only
    does one thing
  - attempts to authenticate with the given login_user/login_password
    returns ok (unchanged) if works
  - attempts to authenticate with root/empty password and returns
    failed if that does not work
  - sets the root password to the supplied login_password, returns
    ok (changed) if works'

This seems to be a confusing option to me.

Hi Nigel,

To deal with MySQL root user in an idempotent way, I use the following:

  • name: MySQL | Set the root password.
    action: mysql_user user=root password=$mysql_root_password host=localhost

  • name: MySQL | Drop the credentials file so that this playbook can run again.
    action: template src=templates/root-my-cnf.j2 dest=/root/.my.cnf

The first time this playbook is run, the login_user and login_password are root/(empty), so task #1 succeeds. The second task drops the credentials in the root user’s home directory.

On subsequent runs of the playbook, Ansible will discover the credentials file containing the login_user and login_password in task #1, and authenticate successfully as root, and the run through will be idempotent.

I have added a pull request to put this in the documentation, as it is perhaps a little non-obvious.

https://github.com/ansible/ansible/pull/2235/files

  • Mark

It may be a good idea for future development to provide a ‘credentials_file’ argument to the mysql_* modules, containing the path to the credentials file, but since the MySQL client itself uses ~/.my.cnf natively, that’s what we went for in creating the module.