When setting up MySQL using the mysql_service block, there is an option called initial_root_password. When setting that to some specific string, I expect to be able to use that string to log into the server later.
In reality, I cannot use the password because the authentication is handled via Socket by default, ever since MySQL 5.7 I believe.
:pancakes: Cookbook version
11.0.5
:woman_cook: Chef-Infra Version
17.10.3
:tophat: Platform details
Ubuntu 20.04 LTS
Steps To Reproduce
In a custom Chef cookbook, use this library and configure as follows:
mysql_service 'default' do
version '8.0'
charset 'utf8mb4'
bind_address '127.0.0.1'
initial_root_password 'super_strong_password'
socket '/var/run/mysqld/mysqld.sock'
action [:create, :start]
end
:police_car: Expected behavior
After Chef finishes, I can log in via mysql -u root -p and then entering the super_strong_password I defined above.
In reality, MySQL just reports Access denied for user 'root'@'localhost'
:heavy_plus_sign: Additional context
When forcing access to the console through sudo mysql, one can see that the server is actually configured to use the auth_socket plugin:
As far as setting the default password is concerned, I think it happens here. But this invocation has no effect if auth_socket is used, and MySQL reports a warning along the lines of SET PASSWORD has no significance for user 'root'@'localhost' as authentication plugin does not support it.
I am aware of https://github.com/sous-chefs/mysql/issues/539 but that issue never reached any actual conclusion. I'm curious to know why the revert that I mentioned above happened and if (and why) this is intended behaviour.
:ghost: Brief Description
When setting up MySQL using the
mysql_serviceblock, there is an option calledinitial_root_password. When setting that to some specific string, I expect to be able to use that string to log into the server later.In reality, I cannot use the password because the authentication is handled via Socket by default, ever since MySQL 5.7 I believe.
:pancakes: Cookbook version
11.0.5
:woman_cook: Chef-Infra Version
17.10.3
:tophat: Platform details
Ubuntu 20.04 LTS
Steps To Reproduce
In a custom Chef cookbook, use this library and configure as follows:
:police_car: Expected behavior
After Chef finishes, I can log in via
mysql -u root -pand then entering thesuper_strong_passwordI defined above.In reality, MySQL just reports
Access denied for user 'root'@'localhost':heavy_plus_sign: Additional context
When forcing access to the console through
sudo mysql, one can see that the server is actually configured to use theauth_socketplugin:As far as setting the default password is concerned, I think it happens here. But this invocation has no effect if
auth_socketis used, and MySQL reports a warning along the lines ofSET PASSWORD has no significance for user 'root'@'localhost' as authentication plugin does not support it.To make the password access work, the plugin must be changed upon setting the password. The
IDENTIFIED WITHchange was once properly introduced in https://github.com/sous-chefs/mysql/commit/9a66e575a16bfd448ed51f3970ad4eacc78e4413, but then got reverted immediately in https://github.com/sous-chefs/mysql/commit/fe39425e99f7fde2e11c82ac4c19ed05921f9e63 for unknown reasons.I am aware of https://github.com/sous-chefs/mysql/issues/539 but that issue never reached any actual conclusion. I'm curious to know why the revert that I mentioned above happened and if (and why) this is intended behaviour.