Incomprehensible error message
116 views
Skip to first unread message
Ian Hobson
Jan 17, 2024, 11:48:07 PM1/17/24
to ansible...@googlegroups.com
Hi All,
I am attempting to use Ansible to create a MySQL backup user. It should
be able to read and lock tables for everything. The step in the playbook
is this.
- name: create user - GRANT SELECT, PROCESS, LOCK TABLES ON *.* TO
`backup`@`localhost`
community.mysql.mysql_user:
user: backup
host: localhost
login_password: <redacted>
priv: '*.*:SELECT, PROCESS, LOCK TABLES'
The error message is:
fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid
privileges string: Invalid privileges specified: frozenset({' PROCESS,
LOCK TABLES'})"}
I can see nothing wrong with the priv line. Can someone spot it?
Regards
Ian
--
Ian Hobson
Tel (+66) 626 544 695
I am attempting to use Ansible to create a MySQL backup user. It should
be able to read and lock tables for everything. The step in the playbook
is this.
- name: create user - GRANT SELECT, PROCESS, LOCK TABLES ON *.* TO
`backup`@`localhost`
community.mysql.mysql_user:
user: backup
host: localhost
login_password: <redacted>
priv: '*.*:SELECT, PROCESS, LOCK TABLES'
The error message is:
fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid
privileges string: Invalid privileges specified: frozenset({' PROCESS,
LOCK TABLES'})"}
I can see nothing wrong with the priv line. Can someone spot it?
Regards
Ian
--
Ian Hobson
Tel (+66) 626 544 695
David Logan
Jan 18, 2024, 12:36:26 AM1/18/24
to ansible...@googlegroups.com
Hi Ian,
There was a similar issue back in 2015/16, see https://github.com/ansible/ansible/issues/29611 and also https://stackoverflow.com/questions/28908155/ansible-mysql-user-priv-invalid-privileges-string-invalid-privileges-specifi amongst quite a few others. They all referenced spaces being in the privilege string.
Are you able to try that without the spaces between privileges?
Cheers
David
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/16f33419-6d92-4097-a0ea-aa52532e29e8%40gmail.com.
--
if in trouble, or in doubt
run in circles, scream and shout
run in circles, scream and shout
Ian Hobson
Jan 18, 2024, 12:38:24 AM1/18/24
to ansible...@googlegroups.com
Found the problem.
The comma separated list of privileges, cannot have spaces after the
commas.
This is unusually user-hostile!
Regards
Ian
On 18/01/2024 11:47, Ian Hobson wrote:
> Hi All,
>
> I am attempting to use Ansible to create a MySQL backup user. It should
> be able to read and lock tables for everything. The step in the playbook
> is this.
>
> - name: create user - GRANT SELECT, PROCESS, LOCK TABLES ON *.* TO
> `backup`@`localhost`
> community.mysql.mysql_user:
> user: backup
> host: localhost
> login_password: <redacted>
> priv: '*.*:SELECT, PROCESS, LOCK TABLES'
>
> The error message is:
> fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid
> privileges string: Invalid privileges specified: frozenset({' PROCESS,
> LOCK TABLES'})"}
>
> I can see nothing wrong with the priv line. Can someone suggest someth
The comma separated list of privileges, cannot have spaces after the
commas.
This is unusually user-hostile!
Regards
Ian
On 18/01/2024 11:47, Ian Hobson wrote:
> Hi All,
>
> I am attempting to use Ansible to create a MySQL backup user. It should
> be able to read and lock tables for everything. The step in the playbook
> is this.
>
> - name: create user - GRANT SELECT, PROCESS, LOCK TABLES ON *.* TO
> `backup`@`localhost`
> community.mysql.mysql_user:
> user: backup
> host: localhost
> login_password: <redacted>
> priv: '*.*:SELECT, PROCESS, LOCK TABLES'
>
> The error message is:
> fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid
> privileges string: Invalid privileges specified: frozenset({' PROCESS,
> LOCK TABLES'})"}
>
Vladimir Botka
Jan 18, 2024, 2:31:17 AM1/18/24
to ansible...@googlegroups.com, Ian Hobson
On Thu, 18 Jan 2024 12:38:09 +0700
Ian Hobson <hobs...@gmail.com> wrote:
> The comma separated list of privileges, cannot have spaces after the
> commas.
>
> This is unusually user-hostile!
This was fixed two years ago
Ian Hobson <hobs...@gmail.com> wrote:
> The comma separated list of privileges, cannot have spaces after the
> commas.
>
> This is unusually user-hostile!
https://github.com/ansible-collections/community.mysql/blob/main/plugins/module_utils/user.py#L522
See also:
https://github.com/ansible-collections/community.mysql/pull/189
https://github.com/ansible-collections/community.mysql/pull/243
--
Vladimir Botka
Rowe, Walter P. (Fed)
Jan 18, 2024, 7:22:58 AM1/18/24
to ansible...@googlegroups.com
This raises a good observation. It is easy to keep ansible updated. It is not so evident how one can keep their collections updated.
How do others keep their collections current?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20240118083057.28a18ab8%40gmail.com.
Dick Visser
Jan 18, 2024, 7:58:05 AM1/18/24
to ansible...@googlegroups.com
On Thu, 18 Jan 2024 at 13:22, 'Rowe, Walter P. (Fed)' via Ansible Project <ansible...@googlegroups.com> wrote:
This raises a good observation. It is easy to keep ansible updated. It is not so evident how one can keep their collections updated.
How do others keep their collections current?
We tend to use the ansible version as the starting point, and use just the collection versions from that...
Or do you mean something else?
Dick
Andy Smith
Jan 18, 2024, 10:12:28 AM1/18/24
to ansible...@googlegroups.com
Hi Ian,
On Thu, Jan 18, 2024 at 11:47:46AM +0700, Ian Hobson wrote:
> community.mysql.mysql_user:
> user: backup
> host: localhost
> login_password: <redacted>
> priv: '*.*:SELECT, PROCESS, LOCK TABLES'
>
> The error message is:
> fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid
> privileges string: Invalid privileges specified: frozenset({' PROCESS, LOCK
> TABLES'})"}
>
> I can see nothing wrong with the priv line. Can someone spot it?
I've found the format of the mysql privileges to be extremely picky.
Aside from having to get the syntax correct, also look out for it
seeing privileges in a different order, so applying them again at
every run.
I found that whole-table privileges required no space between, while
column-based privs need spaces between. Example:
priv:
"somedb.sometable": "SELECT,INSERT,UPDATE,DELETE"
"somedb.othertable": "SELECT (ID, ACOL, BCOL),\
INSERT"
If you run ansible with two or three -v you'll see the MySQL
commands it executes so you can check what it's doing.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
On Thu, Jan 18, 2024 at 11:47:46AM +0700, Ian Hobson wrote:
> community.mysql.mysql_user:
> user: backup
> host: localhost
> login_password: <redacted>
> priv: '*.*:SELECT, PROCESS, LOCK TABLES'
>
> The error message is:
> fatal: [ubuntu2004.hcs]: FAILED! => {"changed": false, "msg": "invalid
> privileges string: Invalid privileges specified: frozenset({' PROCESS, LOCK
> TABLES'})"}
>
> I can see nothing wrong with the priv line. Can someone spot it?
Aside from having to get the syntax correct, also look out for it
seeing privileges in a different order, so applying them again at
every run.
I found that whole-table privileges required no space between, while
column-based privs need spaces between. Example:
priv:
"somedb.sometable": "SELECT,INSERT,UPDATE,DELETE"
"somedb.othertable": "SELECT (ID, ACOL, BCOL),\
INSERT"
If you run ansible with two or three -v you'll see the MySQL
commands it executes so you can check what it's doing.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Rowe, Walter P. (Fed)
Jan 18, 2024, 1:12:06 PM1/18/24
to ansible...@googlegroups.com
If you install a collection via ansible-galaxy how do you keep it updated? Is there a galaxy command to refresh all your existing collections and plugins?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLY8qfRXMQO4RcXsf0oYS5TNOtg72mZ%2Br12q5SGiUat7JA%40mail.gmail.com.
Dick Visser
Jan 18, 2024, 2:20:10 PM1/18/24
to ansible...@googlegroups.com
On Thu, 18 Jan 2024 at 19:12, 'Rowe, Walter P. (Fed)' via Ansible Project <ansible...@googlegroups.com> wrote:
If you install a collection via ansible-galaxy how do you keep it updated? Is there a galaxy command to refresh all your existing collections and plugins?
I don't know but I also don't immediately see a good use case for that. We've settled on pip installing ansible-core, plus a curated subset of the collections, with the versions that come with ansible. We don't upgrade collections, just bump to another ansible version (and hence ansible-core and whatever version of collections that comes with).
If you just want to have the latest versions of collections, then I don't know how to do that, but I haven't looked into that either.
Dick
Reply all
Reply to author
Forward
0 new messages