[英]How to automate mysql_secure_installation in Chef
Chef mysql recipe- in-order to setup a permanent password for root user in mysql, I did find a process which uses "bash" resource in recipe for running a bash script which automates all the steps which pop-up in the process. 厨师mysql配方-为了在mysql中为root用户设置永久密码,我的确找到了一个在配方中使用“ bash”资源运行bash脚本的过程,该脚本可自动执行该过程中弹出的所有步骤。 But after running the convergence it errors out
但是在运行收敛之后会出错
"ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)".
“错误1045(28000):拒绝用户'root'@'localhost'的访问(使用密码:是)”。
I understand it is because initially the temporary password is generated in mysqld.log files and I need to provide this temp passwd for running the mysql_secure_installation. 我了解这是因为最初在mysqld.log文件中生成了临时密码,并且我需要提供此临时密码来运行mysql_secure_installation。 But I couldn't find a way to include a step in the script where it can bring this temp passwd from the logs and use it in the script.
但是我找不到在脚本中包含步骤的方法,该步骤可以从日志中获取此临时密码并在脚本中使用它。 Below is the script I'm currently running in the recipe.
以下是我当前在配方中运行的脚本。
root_password = node.set['mysql_user']['root']['password']
bash "mysql_secure_installation" do
code <<-EOH
mysql -u root -e "DELETE FROM mysql.user WHERE User='';"
mysql -u root -e "DROP DATABASE test;"
mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';"
mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -u root -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('#{root_password}');" -D mysql
mysql -u root -p#{root_password} -e "SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('#{root_password}');" -D mysql
mysql -u root -p#{root_password} -e "SET PASSWORD FOR 'root'@'::1' = PASSWORD('#{root_password}');" -D mysql
mysql -u root -p#{root_password} -e "FLUSH PRIVILEGES;"
EOH
end
First of all, your script will only work on the first convergence. 首先,您的脚本仅适用于首次收敛。
Second, your bash
resource will only return the error of the last command ( FLUSH PRIVILEGES ). 其次,您的
bash
资源将仅返回上一个命令的错误( FLUSH PRIVILEGES )。 The other command errors will be ignored by the resource and the chef execution will continue. 资源将忽略其他命令错误,并且厨师执行将继续。 You need to use
set -e
or add a &&
between mysql commands to avoid this. 您需要使用
set -e
或在mysql命令之间添加&&
来避免这种情况。
Anyway, I very much recommend you to try to use the official mysql
cookbook for your task. 无论如何,我非常建议您尝试使用官方的
mysql
食谱完成任务。 It will make it simpler. 这将使其更简单。 You can use something like the following to install and set the root password:
您可以使用类似以下的内容来安装和设置root密码:
mysql_service 'default' do
port '3306'
initial_root_password root_password
action [:create, :start]
end
Keep in mind that this cookbook already takes many of your security measures out of the box: 请记住,本食谱已开箱即用地采取了许多安全措施 :
UPDATE mysql.user SET #{password_column_name}=PASSWORD('#{root_password}')#{password_expired} WHERE user = 'root';
DELETE FROM mysql.user WHERE USER LIKE '';
DELETE FROM mysql.user WHERE user = 'root' and host NOT IN ('127.0.0.1', 'localhost');
FLUSH PRIVILEGES;
DELETE FROM mysql.db WHERE db LIKE 'test%';
DROP DATABASE IF EXISTS test ;
After that, you can also run your own SQL scripts using database
and mysql2_chef_gem
cookbooks if you want: 之后,如果需要,您还可以使用
database
和mysql2_chef_gem
食谱来运行自己的SQL脚本:
# Required by `database` cookbook MySQL resources:
mysql2_chef_gem 'default'
connection_info = {
:host => '127.0.0.1',
:username => 'root',
:password => root_password
}
mysql_database 'mysql_secure_installation' do
connection connection_info
database_name 'mysql'
sql <<-EOH
-- MY MYSQL SCRIPT HERE;
EOH
action :query
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.