我正在尝试设置一个简单的Ansible脚本来设置MariaDB安装。 但是由于某种原因,我可以更改root用户的密码,以root身份login,新密码在下次运行的时候罚款,创build一个数据库好,但是如果我尝试在任何其他用户上使用mysql_user ,它总是失败。
剧本:
--- - hosts: all become: true remote_user: centos vars: rootpwd: Password1 replipwd: Password2 dbname: tests tasks: - name: Installing packages yum: name={{item}} state=latest with_items: - mariadb - mariadb-server - mariadb-devel - name: Installing Python module pip: name=MySQL-python - name: Server configuration lineinfile: dest=/etc/my.cnf line={{ item }} mode=0644 create=yes with_items: - bind-address=0.0.0.0 - log-bin - server_d={{ ansible_all_ipv4_addresses[0].split('.')[3] }} - log-basename=log{{ ansible_all_ipv4_addresses[0].split('.')[3] }} - name: Restarting services service: state=restarted name=mariadb enabled=yes - name: Securing root account mysql_user: name=root password={{ rootpwd }} priv=*.*:ALL state=present - name: Client configuration lineinfile: dest=/root/.my.cnf line={{ item }} mode=0600 create=yes with_items: - "[client]" - user=root - password={{ rootpwd }} - name: Making database mysql_db: name={{ dbname }} state=present - name: Making replication user mysql_user: name=replicate password={{ replipwd }} priv="*.*:REPLICATION SLAVE" state=present host="%"
跑:
... TASK [Restarting services] ***************************************************** task path: /home/centos/.ansible/centos-mariadb.playbook:25 changed: [172.30.1.21] => {"changed": true, "enabled": true, "name": "mariadb", "state": "started"} changed: [172.30.1.38] => {"changed": true, "enabled": true, "name": "mariadb", "state": "started"} TASK [Securing root account] *************************************************** task path: /home/centos/.ansible/centos-mariadb.playbook:27 ok: [172.30.1.38] => {"changed": false, "user": "root"} ok: [172.30.1.21] => {"changed": false, "user": "root"} TASK [Client configuration] **************************************************** task path: /home/centos/.ansible/centos-mariadb.playbook:30 ok: [172.30.1.21] => (item=[client]) => {"backup": "", "changed": false, "item": "[client]", "msg": ""} ok: [172.30.1.38] => (item=[client]) => {"backup": "", "changed": false, "item": "[client]", "msg": ""} ok: [172.30.1.21] => (item=user=root) => {"backup": "", "changed": false, "item": "user=root", "msg": ""} ok: [172.30.1.38] => (item=user=root) => {"backup": "", "changed": false, "item": "user=root", "msg": ""} ok: [172.30.1.21] => (item=password=Password1) => {"backup": "", "changed": false, "item": "password=Password1", "msg": ""} ok: [172.30.1.38] => (item=password=Password1) => {"backup": "", "changed": false, "item": "password=Password1", "msg": ""} TASK [Making database] ********************************************************* task path: /home/centos/.ansible/centos-mariadb.playbook:36 ok: [172.30.1.21] => {"changed": false, "db": "tests"} ok: [172.30.1.38] => {"changed": false, "db": "tests"} TASK [Making replication user] ************************************************* task path: /home/centos/.ansible/centos-mariadb.playbook:38 fatal: [172.30.1.21]: FAILED! => {"changed": false, "failed": true, "msg": "(1045, \"Access denied for user 'root'@'localhost' (using password: YES)\")"} fatal: [172.30.1.38]: FAILED! => {"changed": false, "failed": true, "msg": "(1045, \"Access denied for user 'root'@'localhost' (using password: YES)\")"} NO MORE HOSTS LEFT *************************************************************
从shell手动连接工作正常:
$ sudo mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 6 Server version: 5.5.50-MariaDB MariaDB Server
失去了很多小时后,我终于修好了。 原来这行有三个bug:
- name: Securing root account mysql_user: name=root password={{ rootpwd }} priv=*.*:ALL state=present host=localhost
首先,你会认为priv会给所有的访问权限,但是实际上删除了GRANT访问权限,所以你不能再创build新的用户。 此外,你会认为这限制了只能访问本地主机,但实际上创build了一个新的root用户访问本地主机。 最后,你会认为你正在改变root的密码,但是你只是把它设置为你刚从localhost创build的那个用户。 还有4个用户使用空密码。
这是我最终必须做的事情:
- name: Securing root account mysql_user: name=root password={{ rootpwd }} state=present host=localhost - name: Remove anonymous users raw: mysql -e "DELETE FROM mysql.user WHERE user='';" - name: Set root permission raw: mysql -e "DELETE FROM mysql.user WHERE user='root' AND host!='localhost';"