6

I want to set strong password for mysql root user. But there is a egg-hen problem. I have empty server. I salt it. The root password is empty (by default after install).

If I use

root: 
  mysql_user.present:
  - name: root
  - password: $ecur3h4x0r
  - host: %

Then I would not be able to call any other mysql states because they would need the password. But the next time I do highstate this call would not work, because the state tries to connect with empty password.

Tomáš Fejfar
  • 11,129
  • 8
  • 54
  • 82

3 Answers3

4

Yeah, we're going to add a 'default_user' and 'default_pass' setting so you can handle this situation. It should be in 0.17.0

Utah_Dave
  • 4,531
  • 24
  • 23
  • Any luck on this? We're at 0.17.4 and I don't see any sign in the documentation or a cursory Google search. – thaddeusmt Jan 24 '14 at 19:04
  • I haven't tested this solution myself yet, but it looks like this pull req added this functionality: https://github.com/saltstack/salt/pull/9722 Also see "connection_user" and "connection_pass" here: http://docs.saltstack.com/ref/states/all/salt.states.mysql_user.html#module-salt.states.mysql_user – Utah_Dave Mar 04 '14 at 17:35
2

Just in case someone stumbles upon this question while starting to manage mysql with saltstack.

Here is how it works in the current salt version (salt 2015.5.0 (Lithium)). Notice that the mysql_user.present-state is smart enough to try it without a password at first. In subsequent runs the state will use the root password to connect and realize that the password for root is in the right state.

root:
  mysql_user.present:
    - host: localhost
    - password: s3cure_root_password

another_user:
  mysql_user.present:
    - host: localhost
    - password: anoth3r_user_password
    - connection_user: root
    - connection_pass: s3cure_root_password
Christian Seitzer
  • 31
  • 1
  • 2
  • Thanks. Much time has passed, and we have both mysql-formula and state.mysql. It'd be great if someone with adequate knowledge could update this on which to prefer (or why) to avoid everyone having to go through both. – jma Feb 09 '18 at 18:25
0

I'd like to note 2 things that worked for me in master / minion version '2019.2.0' under ubuntu 18.04:

  • One will be able to set the password of the user 'root' the first time with:
   mysql_user.present:
     - name: root
     - host: localhost
     - password: pillar['mysql']['mysqlrootpassword']
     - connection_charset: utf8
     - saltenv:
       - LC_ALL: "en_US.utf8"

After that, the command will always succeed with User root@localhost is already present with the desired password regardless of the value of the root password.

  • MySql user root is only permitted to login if you use sudo or as root user
Fabian
  • 308
  • 2
  • 11