Hi Carlos,
>
> > MariaDB [mysql]> select User,Host,Password from user;
> > +------+---------------------+----------+
> >
> > | User | Host | Password |
> >
> > +------+---------------------+----------+
> >
> > | root | localhost | |
> >
> > | root | mariadb.example.com (http://mariadb.example.com) | |
> >
> > | root | 127.0.0.1 | |
> >
> > | root | ::1 | |
> >
> > | | localhost | |
> >
> > | | mariadb.example.com (http://mariadb.example.com) | |
> >
> > +------+---------------------+----------+
> >
> > 6 rows in set (0.00 sec)
> >
>
>
> Which is expected in a default unattended install: root password is blank and
> there are a couple of anonymous credentials. Note, however, that there are
> credentials for the host FQDN, so I'm inclined to use ansible_fqdn in the
> following.
>
> Now comes the part of the playbook that's giving me problems, when setting up
> the credentials:
>
> > - name: Privileged credentials
> > mysql_user:
> >
> > name: root
> >
> > host: "{{ item }}"
> >
> > password: "{{ mariadb.password }}"
> >
> > with_items:
> >
> > - "{{ ansible_fqdn }}"
> >
> > - 127.0.0.1
> >
> > - ::1
> >
> > - localhost
> >
> >
> > - name: Privileged credentials console access
> > template:
> >
> > src: root/my.cnf.j2
> >
> > dest: /root/.my.cnf
> >
> > owner: root
> >
> > group: root
> >
> > mode: 0600
> >
>
>
> (Obviously, mariadb.password, above, is a variable which is also used on the
> .my.cnf template.) The above was taken from several sources online; I only
> changed the use of ansible_host to ansible_fqdn. Running the playbook will
> fail in that task:
>
> > failed: [mariadb.example.com (http://mariadb.example.com)] =>
> > (item=mariadb.example.com (http://mariadb.example.com)) =>
> > {"failed": true, "item": "mariadb.example.com
> > (http://mariadb.example.com)"}
> > msg: (1133, "Can't find any matching row in the user table")
> >
> > changed: [mariadb.example.com (http://mariadb.example.com)] =>
> > (item=127.0.0.1)
> >
> > changed: [mariadb.example.com (http://mariadb.example.com)] => (item=::1)
> >
> > changed: [mariadb.example.com (http://mariadb.example.com)] =>
> > (item=localhost)
> >
>
>
>
>
This one works for me. All four occurrences of root are being updated with the
new password. Looks like {{ ansible_fqdn }} does not contain the host string
from your
mysql.user table. Have you checked the output of running ansible -m setup <host>
for the ansible_fqdn variable to verify its content?
I had another problem with this, the mysql_user module isn’t idempotent itself.
It
would fail badly in the second run, as your database is now password secured and
it could not login. You should wrap your two tasks like this:
- name: root user lock
stat: path=/root/.my.cnf
register: mysql_root_my_cnf
- name: Privileged credentials
[skipped lines]
when: not mysql_root_my_cnf.stat.exists
This way your root user will receive a password only once, until the .my.cnf
file
was written from your second task.
Regards,
Marcus
--
May you always grok in fullness
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/D4FE92B30B5A423BAC8CD6BDB4B6B084%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
