首页 文章

Ansible mysql_user模块不接受加密密码

提问于
浏览
1

在编写Playbook来设置MySQL和adminer时,我遇到了添加加密root密码的问题 .

当使用纯文本密码而不包括 encrypted=yes 时,一切似乎都有效 .

我想在我的剧本中加入加密密码 [SELECT password('test')] .

正如您从下面的代码中看到的那样,我在密码字段和我的 ~/.my.cnf 文件中添加了加密密码,并在游戏中添加了 encrypted=yes .

但是在运行剧本后我得到了错误 . 请帮我弄清楚我在哪里犯了错误或指出了相应的文档或修复 . 我搜索了StackExchange网络并查看了Ansible的官方文档及其mysql_user模块,但没有运气 .

系统:Debian 8.1

错误信息:

msg: unsupported parameter for module: encrypted

剧本代码:

---
- hosts: Databases
  remote_user: admin
  sudo: yes
  tasks:

    #Get current hostname
    - name: Getting current hostname.
      raw: "hostname"
      register: current_hostname

    # Update all installed packages to the latest version
    - name: Update all installed packages to the latest version.
      apt:  upgrade=dist update_cache=yes

    # Installing software
    - name: Installing HTTP Server.
      apt: name=apache2 state=latest

    - name: Installing MySQL Server.
      apt: name={{ item }} state=latest
      with_items:
        - mysql-server
        - python-mysqldb

    - name: Start the MySQL service
      service:
        name: mysql
        state: started
        enabled: true

    - name: update mysql root password for all root accounts
      mysql_user:
        name=root
        host={{ item }}
        password="*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29"
        encrypted=yes
        login_user=root
        login_password=""
        check_implicit_admin=yes
        priv="*.*:ALL,GRANT"
      with_items:
        - "{{ current_hostname.stdout }}"
        - 127.0.0.1
        - ::1
        - localhost

    - name: Copy the root credentials as .my.cnf file
      template: src=files/home/admin/my.cnf dest=~/.my.cnf mode=0600

    - name: Installing php5
      apt: name={{ item }} state=latest
      with_items:
        - php5
        - php5-mysql

    # Config adminer
    - name: Making new adminer folder
      file: path=/usr/share/adminer state=directory

    - name: Downloading latest version of adminer
      command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'

    - name: Making symbolic link. latest.php --> adminer.php
      file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link

    - name: Writing alias to apache2 adminer.conf
      raw: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'

    - name: Enabling adminer.conf in apache2
      command: 'a2enconf adminer.conf'

    - name: Restarting Apache2
      command: '/etc/init.d/apache2 restart'

我的 ~/.my.conf 文件看起来像这样

[client]
user=root
password=*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29

-----------------原始问题在这里结束-----------------

在下面的@ydaetskcoR和评论部分的用户的帮助下,我能够发现问题出在ansible 1.7(默认在Debian 8.1中)没有加密模块 . 我能够使用命令模块解决这个问题 .

我的工作代码:

---
- hosts: Database
  remote_user: admin
  sudo: yes
  tasks:

    #Get current hostname
    - name: Getting current hostname.
      command: hostname
      register: current_hostname

    # Update all installed packages to the latest version
    - name: Update all installed packages to the latest version.
      apt:  upgrade=dist update_cache=yes

    # Installing software
    - name: Installing HTTP Server.
      apt: name=apache2 state=latest

    - name: Installing MySQL Server.
      apt: name={{ item }} state=latest
      with_items:
        - mysql-server
        - python-mysqldb

    - name: Start the MySQL service
      service:
        name: mysql
        state: started
        enabled: true

    - name: Check if root pass is blank
      shell: mysql -u root -e ";"
      register: blank_root_pass
      failed_when: false
    - name: update mysql root password for all root accounts
      shell: mysql -u root -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"
      with_items:
        - "{{ current_hostname.stdout }}"
        - 127.0.0.1
        - ::1
        - localhost
      when: 'blank_root_pass.stderr==""'

    - name: Installing php5
      apt: name={{ item }} state=latest
      with_items:
        - php5
        - php5-mysql

    # Config adminer
    - name: Making new adminer folder
      file: path=/usr/share/adminer state=directory

    - name: Downloading latest version of adminer
      command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'

    - name: Making symbolic link. latest.php --> adminer.php
      file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link

    - name: Writing alias to apache2 adminer.conf
      shell: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'

    - name: Enabling adminer.conf in apache2
      command: 'a2enconf adminer.conf'

    - name: Restarting Apache2
      command: '/etc/init.d/apache2 restart'

如果您发现任何危险或不合适的地方,请发表评论 . 请停止编辑我的电话以获得反馈 .

php mysql ansible ansible-playbook

1 回答

  • 2

    正如udondan所述,mysql_user的加密选项已添加到Ansible 2.0中 .

    显然,如果您升级到Ansible 2.0,那么您可以像现在一样使用它 .

    或者,您必须通过shell模块直接添加用户 .

    - name: check if root pass is blank

  shell: mysql -uroot -e ";"

  register: blank_root_pass

  failed_when: false

  changed_when: false

########################################################

- name: update mysql root password for all root accounts

  shell: mysql -uroot -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"

  with_items:
    - "{{ current_hostname.stdout }}"
    - 127.0.0.1
    - ::1
    - localhost

  #Error 1045 returned when unable to login with user/pass combo
  when: 'ERROR 1045' in blank_root_pass.stderr

    我还添加了一个初步检查,根密码实际上是空白的,并将其用作第二个任务的条件 . 当您以root身份登录并更改密码时,如果没有此检查,第二个任务将在第二次运行时失败 .

    回复于

相关问题