How to set root password using salt states

Question

I want to set strong password for mysql root user. But there is a egg-hen problem. I have empty server. I salt it. The root password is empty (by default after install).

If I use

root: 
  mysql_user.present:
  - name: root
  - password: $ecur3h4x0r
  - host: %

Then I would not be able to call any other mysql states because they would need the password. But the next time I do highstate this call would not work, because the state tries to connect with empty password.

Answer 1

I'd like to note 2 things that worked for me in master / minion version '2019.2.0' under ubuntu 18.04:

• One will be able to set the password of the user 'root' the first time with:

   mysql_user.present:
     - name: root
     - host: localhost
     - password: pillar['mysql']['mysqlrootpassword']
     - connection_charset: utf8
     - saltenv:
       - LC_ALL: "en_US.utf8"

After that, the command will always succeed with User root@localhost is already present with the desired password regardless of the value of the root password.

• MySql user root is only permitted to login if you use sudo or as root user

Answer 2

Just in case someone stumbles upon this question while starting to manage mysql with saltstack.

Here is how it works in the current salt version (salt 2015.5.0 (Lithium)). Notice that the mysql_user.present-state is smart enough to try it without a password at first. In subsequent runs the state will use the root password to connect and realize that the password for root is in the right state.

root:
  mysql_user.present:
    - host: localhost
    - password: s3cure_root_password

another_user:
  mysql_user.present:
    - host: localhost
    - password: anoth3r_user_password
    - connection_user: root
    - connection_pass: s3cure_root_password

Answer 3

Yeah, we're going to add a 'default_user' and 'default_pass' setting so you can handle this situation. It should be in 0.17.0