mysql_db unexpected result with priv="database.table:SELECT(collum,collum,collum)"

jean-philippe_zolesi · August 9, 2013, 2:30pm

Hi,

First of all, sorry for my bad english !

Secondly, for people which are interested to what I’m trying to do. And why it’s seem important to me to have ansible to do what I expect read the end of message.

Here is the problem :

[ tasks ]

name: create users

mysql_user: name={{ item.name }} password={{ item.password }} state=present priv={{ item.priv }}
login_user=root login_password=$mysql_root_password login_unix_socket=/var/run/mysqld/mysqld.sock
with_items: $nss_config

[ config ]

nss_config:

{ name: ‘nss-root’ , password: ‘rootpass’ , priv: ‘.:USAGE/auth.*:SELECT’ }
{ name: ‘nss-user’, password: ‘userpass’, priv: ‘.:USAGE/auth.grouplist:SELECT/auth.groups:SELECT/auth.users:SELECT(username,uid,gid,gecos,homedir,shell)’ }

First launch (and odd):

TASK: [create users] **********************************************************
ok: [test] => (item={‘password’: ‘rootpass’, ‘name’: ‘nss-root’, ‘priv’: ‘.:USAGE/auth.:SELECT’})
changed: [test] => (item={‘password’: ‘userpass’, ‘name’: ‘nss-user’, ‘priv’: '.*:USAGE/auth.grouplist:SELECT/auth.groups:SELECT/auth.users:SELECT(username,uid,gid,gecos,homedir,shell)’})

Second launch (and even) :

TASK: [create users] **********************************************************
ok: [test] => (item={‘password’: ‘rootpass’, ‘name’: ‘nss-root’, ‘priv’: ‘.:USAGE/auth.*:SELECT’})
fatal: [test] => failed to parse: Traceback (most recent call last):
File “/root/.ansible/tmp/ansible-1376057719.04-198846840431411/mysql_user”, line 1339, in
main()
File “/root/.ansible/tmp/ansible-1376057719.04-198846840431411/mysql_user”, line 398, in main
changed = user_mod(cursor, user, host, password, priv)
File “/root/.ansible/tmp/ansible-1376057719.04-198846840431411/mysql_user”, line 183, in user_mod
privileges_revoke(cursor, user,host,db_table)
File “/root/.ansible/tmp/ansible-1376057719.04-198846840431411/mysql_user”, line 256, in privileges_revoke
raise e
_mysql_exceptions.OperationalError: (1147, “There is no such grant defined for user ‘nss-user’ on host ‘localhost’ on table ‘users’”)

Why I want to do this :

Implement the installation and configuration of http://libnss-mysql.sourceforge.net/configuration.shtml#nsswitch with ansible

If I let nss-user have SELECT on user table, so people can steal password. Only nss-root can read password.

Thanks !

Holblin

jean-philippe_zolesi · August 12, 2013, 9:45am

Little up.

I didn’t find solution yet …

Topic		Replies	Views
Ansible random generated passwords Get Help playbook	8	383	May 9, 2024
mysql_user module error "failed to parse" Ansible Project	3	0	March 25, 2014
Problems running mysql_user Ansible Project	2	0	January 12, 2015
Mysql Module Ansible Project	4	0	January 16, 2014
Fixing mysql_user privs using columns - #1120 Ansible Developer	1	0	May 6, 2015

mysql_db unexpected result with priv="database.table:SELECT(collum,collum,collum)"

Related topics