Ansible: MySQL module fails to add privileges to user; throws errors.
Versions:
- Ansible: 1.3.2
- Python: 2.7
- OS: Debian 7 (ansible host), Centos6.4 (client), Debian Unstable (client)
- MySQL: mysql-5.5.30, amariadb-5.5.33a-MariaDB
Install method:
I installed Ansible the following way:
TARGET="/tmp/ansible01" sudo apt-get install python-setuptools sudo easy_install virtualenv cd $TARGET && virtualenv ansible source $TARGET/ansible/bin/activate pip install ansible
Description:
Using this playbook (copy/paste from documentation) the mysql query on the client is able to actually create the user. But it fails to apply the privileges.
- name: Setting Galera User Password
mysql_user: login_user={{ mysql_user }} login_password={{ mysql_password }} name={{ galera_user }} password={{ galera_password }} state=present priv=*.*:ALL
Error thrown:
REMOTE_MODULE mysql_user login_user=root login_password=curious name=elvis password=spring state=present priv=*.*:ALL fatal: [c6-4] => failed to parse: Traceback (most recent call last): File "/root/.ansible/tmp/ansible-1380442867.96-101659379289717/mysql_user", line 1348, in main() File "/root/.ansible/tmp/ansible-1380442867.96-101659379289717/mysql_user", line 405, in main changed = user_mod(cursor, user, host, password, priv) File "/root/.ansible/tmp/ansible-1380442867.96-101659379289717/mysql_user", line 188, in user_mod privileges_revoke(cursor, user,host,db_table,grant_option) File "/root/.ansible/tmp/ansible-1380442867.96-101659379289717/mysql_user", line 263, in privileges_revoke cursor.execute(query) File "/usr/lib64/python2.6/site-packages/MySQLdb/cursors.py", line 173, in execute self.errorhandler(self, exc, value) File "/usr/lib64/python2.6/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler raise errorclass, errorvalue _mysql_exceptions.OperationalError: (1045, "Access denied for user 'root'@'localhost' (using password: YES)") FATAL: all hosts have already failed -- aborting
Note that the user actually does get created:
[root@c6-4 ~]# mysql mysql -e "select Host,User from user;" | grep elvis | localhost | elvis |
mverwijs
All 3 comments
This seems to be a MySQL module authentication question (probably a need to set my.cnf, etc), please stop by the mailing list if you would like some help.
mpdehaan
on 30 Sep 2013
Lesson learned: Don't copy/paste from docs without thinking.
For future generations:
I used this task to change the password of mysql user 'root':
- name- name: Setting MySQL Root Password
mysql_user: name=root password={{ mysql_password}} priv=*.*:ALL state=present
It appears that this clobbered the GRANT permissions of 'root', hence failing the next bit of granting privs to a newly created user....
mverwijs
on 30 Sep 2013
Fuck, I the same happened to me . docs should be changed here ASAP.
Now I have to fix a lot of systems manually :(
Took me forever to figure out why some calls on existing users or removing users work fine but creating new ones is impossible with the same correct credentials....
this should be reopened until the docs are fixed and there should be a prevention mechanism in the mysql_user module or at least a warning !!!
this can potentionally break a lot of systems and finding or fixing it is cumbersome.
If someone would really want to remove grant through priv=*.*:ALL there should be another option to force this even for the root user (with a big warning in the docs that this might leave you without any users with Grant privileges) or it should fail if it finds no user with grant privileges left...
The manual fix is to restart mysql with the option:
--skip-grant-tables
And Execute the following commands in mysql command (NOTE: GRANT ... ALL ..does not work since that grant tables are skipped duh):
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
boscowitch
on 21 Apr 2017
Related issues
Pallokala
·
3Comments
greggilbert
·
3Comments
jiwong
·
3Comments
aioue
·
3Comments
hyperfocus1338
·
3Comments