CODEWITHSUNDEEP
phpmysqlansible
T. Thomas
T. Thomas

Reputation: 680

Ansible mysql_user module not accepting encrypted password

While writing a playbook to setup MySQL and adminer I'm running into a problem adding the encrypted root password.

When using a plain text password and not including encrypted=yes everything seems to work.

I'd like to include an encrypted password [SELECT password('test')] in my playbook.

As you can see from the code below I've added the encrypted password in the password field and to my ~/.my.cnf file and added encrypted=yes to the play.

But after running the playbook I get the error. Please help me figure out where I'm making the mistake or point me to the appropriate documentation or fix. I've searched the StackExchange network and looked at the official documentation for Ansible and for its mysql_user module with no luck.

System: Debian 8.1

Error Message:

msg: unsupported parameter for module: encrypted

Playbook Code:

---
- hosts: Databases
  remote_user: admin
  sudo: yes
  tasks:

    #Get current hostname
    - name: Getting current hostname.
      raw: "hostname"
      register: current_hostname

    # Update all installed packages to the latest version
    - name: Update all installed packages to the latest version.
      apt:  upgrade=dist update_cache=yes

    # Installing software
    - name: Installing HTTP Server.
      apt: name=apache2 state=latest

    - name: Installing MySQL Server.
      apt: name={{ item }} state=latest
      with_items:
        - mysql-server
        - python-mysqldb

    - name: Start the MySQL service
      service:
        name: mysql
        state: started
        enabled: true

    - name: update mysql root password for all root accounts
      mysql_user:
        name=root
        host={{ item }}
        password="*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29"
        encrypted=yes
        login_user=root
        login_password=""
        check_implicit_admin=yes
        priv="*.*:ALL,GRANT"
      with_items:
        - "{{ current_hostname.stdout }}"
        - 127.0.0.1
        - ::1
        - localhost

    - name: Copy the root credentials as .my.cnf file
      template: src=files/home/admin/my.cnf dest=~/.my.cnf mode=0600

    - name: Installing php5
      apt: name={{ item }} state=latest
      with_items:
        - php5
        - php5-mysql

    # Config adminer
    - name: Making new adminer folder
      file: path=/usr/share/adminer state=directory

    - name: Downloading latest version of adminer
      command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'

    - name: Making symbolic link. latest.php --> adminer.php
      file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link

    - name: Writing alias to apache2 adminer.conf
      raw: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'

    - name: Enabling adminer.conf in apache2
      command: 'a2enconf adminer.conf'

    - name: Restarting Apache2
      command: '/etc/init.d/apache2 restart'

My ~/.my.conf file looks like this

[client]
user=root
password=*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29

-----------------Original Questions ends here-----------------

With the help of @ydaetskcoR below and users in the comment section I was able to figure out that the problem was with ansible 1.7 (default in Debian 8.1) not having the encrypted module. I was able to work around this using the command module.

my working code:

---
- hosts: Database
  remote_user: admin
  sudo: yes
  tasks:

    #Get current hostname
    - name: Getting current hostname.
      command: hostname
      register: current_hostname

    # Update all installed packages to the latest version
    - name: Update all installed packages to the latest version.
      apt:  upgrade=dist update_cache=yes

    # Installing software
    - name: Installing HTTP Server.
      apt: name=apache2 state=latest

    - name: Installing MySQL Server.
      apt: name={{ item }} state=latest
      with_items:
        - mysql-server
        - python-mysqldb

    - name: Start the MySQL service
      service:
        name: mysql
        state: started
        enabled: true

    - name: Check if root pass is blank
      shell: mysql -u root -e ";"
      register: blank_root_pass
      failed_when: false
    - name: update mysql root password for all root accounts
      shell: mysql -u root -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"
      with_items:
        - "{{ current_hostname.stdout }}"
        - 127.0.0.1
        - ::1
        - localhost
      when: 'blank_root_pass.stderr==""'

    - name: Installing php5
      apt: name={{ item }} state=latest
      with_items:
        - php5
        - php5-mysql

    # Config adminer
    - name: Making new adminer folder
      file: path=/usr/share/adminer state=directory

    - name: Downloading latest version of adminer
      command: 'wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php'

    - name: Making symbolic link. latest.php --> adminer.php
      file: path=/usr/share/adminer/adminer.php src=/usr/share/adminer/latest.php state=link

    - name: Writing alias to apache2 adminer.conf
      shell: 'echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf'

    - name: Enabling adminer.conf in apache2
      command: 'a2enconf adminer.conf'

    - name: Restarting Apache2
      command: '/etc/init.d/apache2 restart'

If you see anything dangerous or out of place, please leave a comment. Please stop editing my call for feedback out.

Upvotes: 1

Views: 2053

Answers (1)

ydaetskcoR
ydaetskcoR

Reputation: 56877

As udondan mentioned, the encrypted option to mysql_user was added in Ansible 2.0.

Obviously if you upgrade to Ansible 2.0 then you can use it as you are right now.

Alternatively you would have to add the user directly via the shell module.

- name: check if root pass is blank

  shell: mysql -uroot -e ";"

  register: blank_root_pass

  failed_when: false

  changed_when: false

########################################################

- name: update mysql root password for all root accounts

  shell: mysql -uroot -e "SET PASSWORD FOR 'root'@'{{ item }}' = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';"

  with_items:
    - "{{ current_hostname.stdout }}"
    - 127.0.0.1
    - ::1
    - localhost

  #Error 1045 returned when unable to login with user/pass combo
  when: 'ERROR 1045' in blank_root_pass.stderr

I've also added a preliminary check to that root password is in fact blank and used this as a condition for the second task. As you are logging in as root and changing the password the second task will fail on a second run without this check.

Upvotes: 2

Related Questions