Ansible mysql_user 模块不接受加密密码
Ansible mysql_user module not accepting encrypted password
在编写剧本以设置 MySQL 和管理员时,我 运行 在添加加密根密码时遇到了问题。
当使用纯文本密码且不包括 encrypted=yes 时,一切似乎都有效。
我想在我的剧本中包含一个加密密码 [SELECT password('test')]。
正如您从下面的代码中看到的那样,我在密码字段和我的 ~/.my.cnf 文件中添加了加密密码,并在游戏中添加了 encrypted=yes。
但是在 运行 剧本之后我得到了错误。请帮助我找出我在哪里犯了错误,或者指出适当的文档或修复。我搜索了 StackExchange 网络并查看了 Ansible 及其 mysql_user 模块的官方文档,但没有成功。
系统:Debian 8.1
错误信息:
msg: unsupported parameter for module: encrypted
剧本代码:
---
- hosts: Databases
remote_user: admin
sudo: yes
tasks:
#Get current hostname
- name: Getting current hostname.
raw: "hostname"
register: current_hostname
# Update all installed packages to the latest version
- name: Update all installed packages to the latest version.
apt: upgrade=dist update_cache=yes
# Installing software
- name: Installing HTTP Server.
apt: name=apache2 state=latest
- name: Installing MySQL Server.
apt: name={{ item }} state=latest
with_items:
- mysql-server
- python-mysqldb
- name: Start the MySQL service
service:
name: mysql
state: started
enabled: true
- name: update mysql root password for all root accounts
mysql_user:
name=root
host={{ item }}
password="*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29"
encrypted=yes
login_user=root
login_password=""
check_implicit_admin=yes
priv="*.*:ALL,GRANT"
with_items:
- "{{ current_hostname.stdout }}"
- 127.0.0.1
- ::1
- localhost
- name: Copy the root credentials as .my.cnf file
template: src=files/home/admin/my.cnf dest=~/.my.cnf mode=0600
- name: Installing php5
apt: name={{ item }} state=latest
with_items:
- php5
- php5-mysql
# Config adminer
- name: Making new adminer folder
file: path=/usr/share/adminer state=directory
- name: Downloading latest version of adminer
command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'
- name: Making symbolic link. latest.php --> adminer.php
file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link
- name: Writing alias to apache2 adminer.conf
raw: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'
- name: Enabling adminer.conf in apache2
command: 'a2enconf adminer.conf'
- name: Restarting Apache2
command: '/etc/init.d/apache2 restart'
我的 ~/.my.conf 文件看起来像这样
[client]
user=root
password=*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
----------------原题到此结束-----------------
在下方@ydaetskcoR 和评论部分用户的帮助下,我发现问题出在 ansible 1.7(Debian 8.1 中的默认设置)没有加密模块。我能够使用命令模块解决这个问题。
我的工作代码:
---
- hosts: Database
remote_user: admin
sudo: yes
tasks:
#Get current hostname
- name: Getting current hostname.
command: hostname
register: current_hostname
# Update all installed packages to the latest version
- name: Update all installed packages to the latest version.
apt: upgrade=dist update_cache=yes
# Installing software
- name: Installing HTTP Server.
apt: name=apache2 state=latest
- name: Installing MySQL Server.
apt: name={{ item }} state=latest
with_items:
- mysql-server
- python-mysqldb
- name: Start the MySQL service
service:
name: mysql
state: started
enabled: true
- name: Check if root pass is blank
shell: mysql -u root -e ";"
register: blank_root_pass
failed_when: false
- name: update mysql root password for all root accounts
shell: mysql -u root -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"
with_items:
- "{{ current_hostname.stdout }}"
- 127.0.0.1
- ::1
- localhost
when: 'blank_root_pass.stderr==""'
- name: Installing php5
apt: name={{ item }} state=latest
with_items:
- php5
- php5-mysql
# Config adminer
- name: Making new adminer folder
file: path=/usr/share/adminer state=directory
- name: Downloading latest version of adminer
command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'
- name: Making symbolic link. latest.php --> adminer.php
file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link
- name: Writing alias to apache2 adminer.conf
shell: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'
- name: Enabling adminer.conf in apache2
command: 'a2enconf adminer.conf'
- name: Restarting Apache2
command: '/etc/init.d/apache2 restart'
如果您看到任何危险或不合适的地方,请发表评论。请停止编辑我的反馈请求。
因为 udondan mentioned, the encrypted option to mysql_user 是在 Ansible 2.0 中添加的。
显然,如果您升级到 Ansible 2.0,那么您现在就可以使用它了。
或者,您必须直接通过 shell 模块添加用户。
- name: check if root pass is blank
shell: mysql -uroot -e ";"
register: blank_root_pass
failed_when: false
changed_when: false
########################################################
- name: update mysql root password for all root accounts
shell: mysql -uroot -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"
with_items:
- "{{ current_hostname.stdout }}"
- 127.0.0.1
- ::1
- localhost
#Error 1045 returned when unable to login with user/pass combo
when: 'ERROR 1045' in blank_root_pass.stderr
我还添加了一个初步检查,即 root 密码实际上是空白的,并将其用作第二个任务的条件。当您以 root 用户身份登录并更改密码时,第二个任务将在第二个 运行 没有此检查的情况下失败。
在编写剧本以设置 MySQL 和管理员时,我 运行 在添加加密根密码时遇到了问题。
当使用纯文本密码且不包括 encrypted=yes 时,一切似乎都有效。
我想在我的剧本中包含一个加密密码 [SELECT password('test')]。
正如您从下面的代码中看到的那样,我在密码字段和我的 ~/.my.cnf 文件中添加了加密密码,并在游戏中添加了 encrypted=yes。
但是在 运行 剧本之后我得到了错误。请帮助我找出我在哪里犯了错误,或者指出适当的文档或修复。我搜索了 StackExchange 网络并查看了 Ansible 及其 mysql_user 模块的官方文档,但没有成功。
系统:Debian 8.1
错误信息:
msg: unsupported parameter for module: encrypted
剧本代码:
---
- hosts: Databases
remote_user: admin
sudo: yes
tasks:
#Get current hostname
- name: Getting current hostname.
raw: "hostname"
register: current_hostname
# Update all installed packages to the latest version
- name: Update all installed packages to the latest version.
apt: upgrade=dist update_cache=yes
# Installing software
- name: Installing HTTP Server.
apt: name=apache2 state=latest
- name: Installing MySQL Server.
apt: name={{ item }} state=latest
with_items:
- mysql-server
- python-mysqldb
- name: Start the MySQL service
service:
name: mysql
state: started
enabled: true
- name: update mysql root password for all root accounts
mysql_user:
name=root
host={{ item }}
password="*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29"
encrypted=yes
login_user=root
login_password=""
check_implicit_admin=yes
priv="*.*:ALL,GRANT"
with_items:
- "{{ current_hostname.stdout }}"
- 127.0.0.1
- ::1
- localhost
- name: Copy the root credentials as .my.cnf file
template: src=files/home/admin/my.cnf dest=~/.my.cnf mode=0600
- name: Installing php5
apt: name={{ item }} state=latest
with_items:
- php5
- php5-mysql
# Config adminer
- name: Making new adminer folder
file: path=/usr/share/adminer state=directory
- name: Downloading latest version of adminer
command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'
- name: Making symbolic link. latest.php --> adminer.php
file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link
- name: Writing alias to apache2 adminer.conf
raw: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'
- name: Enabling adminer.conf in apache2
command: 'a2enconf adminer.conf'
- name: Restarting Apache2
command: '/etc/init.d/apache2 restart'
我的 ~/.my.conf 文件看起来像这样
[client]
user=root
password=*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
----------------原题到此结束-----------------
在下方@ydaetskcoR 和评论部分用户的帮助下,我发现问题出在 ansible 1.7(Debian 8.1 中的默认设置)没有加密模块。我能够使用命令模块解决这个问题。
我的工作代码:
---
- hosts: Database
remote_user: admin
sudo: yes
tasks:
#Get current hostname
- name: Getting current hostname.
command: hostname
register: current_hostname
# Update all installed packages to the latest version
- name: Update all installed packages to the latest version.
apt: upgrade=dist update_cache=yes
# Installing software
- name: Installing HTTP Server.
apt: name=apache2 state=latest
- name: Installing MySQL Server.
apt: name={{ item }} state=latest
with_items:
- mysql-server
- python-mysqldb
- name: Start the MySQL service
service:
name: mysql
state: started
enabled: true
- name: Check if root pass is blank
shell: mysql -u root -e ";"
register: blank_root_pass
failed_when: false
- name: update mysql root password for all root accounts
shell: mysql -u root -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"
with_items:
- "{{ current_hostname.stdout }}"
- 127.0.0.1
- ::1
- localhost
when: 'blank_root_pass.stderr==""'
- name: Installing php5
apt: name={{ item }} state=latest
with_items:
- php5
- php5-mysql
# Config adminer
- name: Making new adminer folder
file: path=/usr/share/adminer state=directory
- name: Downloading latest version of adminer
command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'
- name: Making symbolic link. latest.php --> adminer.php
file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link
- name: Writing alias to apache2 adminer.conf
shell: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'
- name: Enabling adminer.conf in apache2
command: 'a2enconf adminer.conf'
- name: Restarting Apache2
command: '/etc/init.d/apache2 restart'
如果您看到任何危险或不合适的地方,请发表评论。请停止编辑我的反馈请求。
因为 udondan mentioned, the encrypted option to mysql_user 是在 Ansible 2.0 中添加的。
显然,如果您升级到 Ansible 2.0,那么您现在就可以使用它了。
或者,您必须直接通过 shell 模块添加用户。
- name: check if root pass is blank
shell: mysql -uroot -e ";"
register: blank_root_pass
failed_when: false
changed_when: false
########################################################
- name: update mysql root password for all root accounts
shell: mysql -uroot -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"
with_items:
- "{{ current_hostname.stdout }}"
- 127.0.0.1
- ::1
- localhost
#Error 1045 returned when unable to login with user/pass combo
when: 'ERROR 1045' in blank_root_pass.stderr
我还添加了一个初步检查,即 root 密码实际上是空白的,并将其用作第二个任务的条件。当您以 root 用户身份登录并更改密码时,第二个任务将在第二个 运行 没有此检查的情况下失败。