Ansible安装程序mysql根密码_Ansible

Ansible安装程序mysql根密码

ansible

Ansible安装程序mysql根密码,ansible,Ansible,你们有没有人想到为mysql构建一个yml来更新根密码并授予特权？我已经创建了我的playbook，并在新安装上按预期工作，没有任何问题。但是当我再次执行vagrant设置时，它现在无法设置根密码，并且我得到了一个错误。下面是我的代码 mysql.yml --- - name: Install the MySQL packages apt: name={{ item }} state=installed update_cache=yes with_items: - mysql-s

你们有没有人想到为mysql构建一个yml来更新根密码并授予特权？我已经创建了我的playbook，并在新安装上按预期工作，没有任何问题。但是当我再次执行vagrant设置时，它现在无法设置根密码，并且我得到了一个错误。下面是我的代码

mysql.yml

---
- name: Install the MySQL packages
  apt: name={{ item }} state=installed update_cache=yes
  with_items:
    - mysql-server
    - mysql-client
    - python-mysqldb
    - libmysqlclient-dev

- name: drop database {{ dbname }}
  mysql_db:
    name: "{{ dbname }}"
    login_user: "{{ dbuser }}"
    login_password: "{{ dbpass }}"
    state: absent
  delegate_to: "{{ dbhost }}"
  run_once: true

- name: create database {{ dbname }}
  mysql_db:
    name: "{{ dbname }}"
    login_user: "{{ dbuser }}"
    login_password: "{{ dbpass }}"
    state: present
  delegate_to: "{{ dbhost }}"
  run_once: true

- name: ensure mysql is running and starts on boot
  service: name=mysql state=started enabled=true

- name: copy .my.cnf file with root password credentials
  template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600

- name: update mysql root password for all root accounts "{{ dbpass }}"
  mysql_user: name={{ dbuser }} host={{ item }} password="{{ dbpass }}" priv="{{ dbname }}.*:ALL,GRANT"
  with_items:
    - localhost
    - 127.0.0.1

- name: grant privilege on "{{ dbname }}" to "{{ dbuser }}"
  mysql_user:
    name: "{{ item.user }}"
    host: "{{ item.host }}"
    password: "{{ dbpass }}"
    login_user: "{{ dbuser }}"
    login_password: "{{ dbpass }}"
    priv: "{{ dbname }}.*:ALL"
    state: present
  with_items:
    - { user: "{{ dbuser }}" , host: localhost }
    - { user: "{{ dbuser }}" , host: 127.0.0.1 }
  delegate_to: "{{ dbhost }}"
  run_once: true

- name: ensure anonymous users are not in the database
  mysql_user: name='' host={{ item }} state=absent
  with_items:
    - 127.0.0.1
    - localhost

- name: remove the test database
  mysql_db: name=test state=absent

my.cnf.j2

[client]
user=root
password={{ dbpass }}

默认值/main.yml

---
dbhost: localhost
dbname: mydb
dbuser: root
dbpass: root

如果它是新安装的，我可以把一切都做得很好，但是第二次运行时会出现下面的错误

似乎在您尝试在下一个任务中更改

.my.cnf

密码之前，您已使用新密码更新了
.my.cnf

更新密码时，您可能需要使用
host\u all
选项，因为
with\u items
会多次运行模块，并且可能会出现相同的错误：更改第一项的密码，而无法连接第二项。
已经找到了正确答案。因此，我将添加我的答案，作为那些与我有同样问题的人的参考
===========================================================================

--- # Install the needed package of mysql - name: Install MySQL packages apt: pkg={{ item }} state=installed with_items: - bundler - mysql-server - mysql-client - libmysqlclient-dev - python-mysqldb - build-essential # Update the root password immediately. This should come first as ordering # is very important - name: Update mysql root password for all root accounts "{{ dbpass }}" mysql_user: name=root password="{{ dbpass }}" priv="*.*:ALL,GRANT" # After we update the root password we are going to use this everytime # we do an update or create something on mysql # we will create a copy in /root/.my.cnf as this will be use to check # the login or root credential. Meaning this should contain the latest # password of the root (right after we update the root password) - name: copy .my.cnf file with root password credentials template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600 notify: Restart the MySQL service # Remove the unnecessary db for now - name: Remove the test database mysql_db: name=test state=absent # Make sure no anonymous user in the db - name: ensure anonymous users are not in the database mysql_user: name='' host={{ item }} state=absent with_items: - 127.0.0.1 - localhost # Delete the user if its existing so that we can create the user again - name: Delete deploy DB user mysql_user: name={{ dbuser }} password={{ dbpass }} state=absent notify: Restart the MySQL service # Create our own user aside from the root password # here our root password and new user created will have the same password - name: Add deploy DB user mysql_user: name={{ dbuser }} password={{ dbpass }} priv=*.*:ALL,GRANT state=present notify: Restart the MySQL service # Delete databases. This should not be included in production. # this is only on local so its fine. - name: Drop databases mysql_db: name: "{{ item }}" login_user: "{{ dbuser }}" login_password: "{{ dbpass }}" state: absent with_items: - db1 - db2 - "{{ dbname }}" run_once: true # Recreate the databases - name: Create databases mysql_db: name: "{{ item }}" login_user: "{{ dbuser }}" login_password: "{{ dbpass }}" state: present with_items: - db1 - db2 - "{{ dbname }}" run_once: true # Grant the privilege for the newly created user - name: grant privilege on "{{ dbname }}" to "{{ dbuser }}" mysql_user: name: "{{ item.user }}" host: "{{ item.host }}" password: "{{ dbpass }}" priv: "*.*:ALL" state: present with_items: - { user: "{{ dbuser }}" , host: localhost } - { user: "{{ dbuser }}" , host: 127.0.0.1 }

我为此挣扎了一段时间。最终帮助我的是

意识到在我的ubuntu版本（18.04）上，mysql运行在套接字上
/var/run/mysqld/mysqld.sock

终于读到了书上的小字。它准确地描述了如何修复此问题
MySQL服务器安装时默认登录用户为“root”，没有密码。要将此用户作为幂等元剧本的一部分加以保护，必须至少创建两个任务：第一个任务必须更改根用户的密码，而不提供任何登录用户/登录密码详细信息。第二个必须删除包含新根凭据的~/.my.cnf文件。然后，通过从文件中读取新凭据，playbook的后续运行将成功
结合这两件事，这终于对我起了作用：

vars/main.yml

tasks/main.yml
模板全系统
my.cnf
超级用户
.my.cnf

在更新实际根帐户之前，您首先更新.my.cnf可能是对的。这与我的回答有什么不同，顺序很重要？@KonstantinSuvorov实际上没有区别。我刚刚为此添加了完整的yml文件。如果有人对文件的实际结构感到好奇，如果你想补充别人的答案，你可以直接编辑它。堆栈溢出设计为wiki。每个人都可以编辑其他人的帖子和答案。
--- mysql_port: 3306 mysql_socket: /var/run/mysqld/mysqld.sock mysql_superuser: root mysql_superuser_home: "{% if mysql_superuser == 'root' %}/root{% else %}/home/{{ mysql_superuser }}{% endif %}" mysql_superuser_password: youllNeverGuessMyPasswordMuahaha

--- - name: Install mysql apt: name: ['mysql-server', 'mysql-client', 'python2.7-mysqldb'] state: present update_cache: yes # Allows python to create and manipulate mysql config - name: Ensure pymysql is present pip: name: pymysql state: present - name: Update mysql password for superuser `{{ mysql_superuser }}` mysql_user: # Update the superuser to have all grants and a password name: "{{ mysql_superuser }}" host: localhost password: "{{ mysql_superuser_password }}" priv: "*.*:ALL,GRANT" # Login *as root* to perform this change, even though you might # be altering the root user itself login_user: root login_password: "" login_port: "{{ mysql_port }}" login_host: localhost login_unix_socket: "{{ mysql_socket }}" # As a good measure,have ansible check whether an implicit login # is possible first check_implicit_admin: yes - name: Create system-wide mysql configuration file template: src: system_wide_mysql.cnf.j2 dest: /etc/my.cnf - name: Create mysql configuration file for `{{ mysql_superuser }}` template: src: superuser_mysql.cnf.j2 dest: "{{ mysql_superuser_home }}/.my.cnf" notify: - Restart Mysql

[mysqld] datadir=/var/lib/mysql socket={{ mysql_socket }} user=mysql # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 port={{ mysql_port }} [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid

[client] user={{ mysql_superuser }} password={{ mysql_superuser_password }}