search

bertvv / ansible-role-mariadb

Install MariaDB on RHEL/CentOS 7 or Fedora.
https://galaxy.ansible.com/bertvv/mariadb/
Other
144 stars 108 forks source link

Update the "Check if root password is set" task logic #33

Closed nhenderson closed 4 years ago

nhenderson commented 4 years ago

This is a fix for the following problem:

The Set MariaDB root password for the first time (root@localhost) task fails when a username and password is set for the [mysqladmin] section in the custom.cnf file.

See issue 32

bertvv commented 4 years ago

Thanks for the addition!

chrisdeeming commented 3 years ago

Just want to highlight that this change caused a regression. Please see #46 for info. I've patched this change out to get things working normally but this likely needs to be revisited @bertvv @nhenderson.

angwe commented 3 years ago 
# This command will exit non-zero when the root password was set previously
- name: Check if root password is unset
  shell: >
    mysql -u root
    -p'{{ mariadb_root_password }}'
    -h localhost
    -S {{ mariadb_socket }}
    -e "quit"
  changed_when: false
  ignore_errors: true
  register: root_pwd_check
  tags: mariadb

# Repeat runs with the same password can continue idempotently, otherwise fail.
- name: Check if the specified root password is already set
  shell: >
    mysqladmin -u root -p{{ mariadb_root_password }} status
  changed_when: false
  no_log: true
  when: root_pwd_check.rc != 0
  tags: mariadb

This will ALWAYS fail when the password is currently unset, as both tasks try to use a password.

The password doesn't get set until a task at the end of the root-passwords task list.

I see what the task is trying to do - make sure that the user is not trying to change the root password with the role - but it also stops the role from working correctly.

angwe commented 3 years ago 
# This command will exit non-zero when the root password was set previously or if it is still blank
- name: Check if root password is set already
  shell: >
    mysql -u root
    -p'{{ mariadb_root_password }}'
    -h localhost
    -S {{ mariadb_socket }}
    -e "quit"
  changed_when: false
  ignore_errors: true
  register: root_pwd_check
  tags: mariadb

# This command will exit non-zero if the root password was set but not if is still blank
- name: Check if root password is blank
  shell: >
    mysql -u root
    -h localhost
    -S {{ mariadb_socket }}
    -e "quit"
  changed_when: false
  ignore_errors: true
  when: root_pwd_check.rc != 0
  register: root_pwd_blank
  tags: mariadb

# Repeat runs with the same password can continue idempotently, otherwise fail.
- name: Check if the specified root password is already set
  shell: >
    mysqladmin -u root -p{{ mariadb_root_password }} status
  changed_when: false
  no_log: true
  when:
    - root_pwd_check.rc != 0
    - root_pwd_blank.rc != 0
  tags: mariadb

- name: Check for previously set unix_socket in plugin column
  command: >
    mysql -N -s -p'{{ mariadb_root_password }}' -S {{ mariadb_socket }} -u root -e
    "SELECT plugin from mysql.user WHERE user = 'root'"
  register: plugin_root_result
  changed_when: plugin_root_result.stdout is search('unix_socket')
  when: root_pwd_check.rc == 0
  tags: mariadb

That seems to have solved my problem and still allowed the logic to be as expected.