default password after installation on centos7
617 views
Skip to first unread message
herrmann...@googlemail.com
Jul 8, 2015, 6:24:51 AM7/8/15
to codersh...@googlegroups.com
Hi,
I am trying to get galera working on centOS 7
I followed the steps for yum here:
http://galeracluster.com/documentation-webpages/installmysql.html
baseURL was set to
Installation finished without asking for root password or any other information. after completion of the setup I can start
But if I try to connect to the data base using
there I get the error
So what is the initial password of root in a new galera installation?
best regards
Stephan
I am trying to get galera working on centOS 7
I followed the steps for yum here:
http://galeracluster.com/documentation-webpages/installmysql.html
baseURL was set to
Installation finished without asking for root password or any other information. after completion of the setup I can start
service mysql startBut if I try to connect to the data base using
mysql -u rootthere I get the error
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)So what is the initial password of root in a new galera installation?
best regards
Stephan
herrmann...@googlemail.com
Jul 8, 2015, 9:07:26 AM7/8/15
to codersh...@googlegroups.com
So what is the initial password of root in a new galera installation?
nevermind.
thats what I did:
sudo service mysql start --skip-grant-tables
run mysql client without credentials
mysql
within mysql client
FLUSH PRIVILEGES;
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPass');
exit
restart server normally
sudo service mysql start
and you have a new password. But it stays strange why this is necessary in the first place.
Stefan
Dec 5, 2016, 2:24:00 PM12/5/16
to codership
More than 1 year later this bug is still there. Really, really annoying. I just spent hours to troubleshoot this because usually you first do SET ... and then FLUSH PRIVILEGES when running with --skip.... But here you have to do the opposite: First run FLUSH PRIVILEGES, then SET... otherwise the thing will complain that its running in --skip-whatever-mode. Please, dear Galera RPM packagers, fix this and remove your MySQL root password from the binary installation.
Jörg Brühe
Dec 6, 2016, 6:08:39 AM12/6/16
to codersh...@googlegroups.com
Hi Stefan, all!
On 05.12.2016 20:21, Stefan wrote:
> More than 1 year later this bug is still there. Really, really annoying.
> I just spent hours to troubleshoot this because usually you first do SET
> ... and then FLUSH PRIVILEGES when running with --skip.... But here you
> have to do the opposite: First run FLUSH PRIVILEGES, then SET...
> otherwise the thing will complain that its running in
> --skip-whatever-mode. Please, dear Galera RPM packagers, fix this and
> remove your MySQL root password from the binary installation.
TTBOMK, there is no MySQL root password in a mysql-wsrep installation.
When we only consider packages built by Oracle or Codership, you have to
differ between two cases:
1) MySQL from 5.7, or 5.6 in a RPM package;
2) MySQl before 5.6, or 5.6 in non-RPM.
(I cannot comment on packages from other builders.)
Case 2 should be simple: There is no root password handling.
Case 1 is more complicated: In order to have security by default, Oracle
changed the code (5.6 RPM: the install script, 5.7: the server) so that
a random root password will be set on installation (5.6 RPM) / on first
server start (5.7).
All this applies to new installations only, not to upgrades.
In Oracle's 5.6 RPMs, this random password was then written to a file in
root's home directory; in 5.7, it is written to the error log.
In both 5.6 and 5.7, this password is immediately declared as "expired",
and the consequence is that the MySQL server will only accept a password
change as the next statement, nothing else.
All this can be handled without using "--skip-grant-tables":
1) Grep the random root password from the appropriate file.
2) Use it to connect as root.
3) As your first statement, call
ALTER USER user() IDENTIFIED BY 'your-individual-password';
4) From now on (and already in this session), work normally.
Complication is increased by the "password validation plugin" in 5.7. By
default, the password must contain at least one lowercase letter, one
uppercase, one digit, and one special character, and must be at least
eight characters long. Other passwords will be rejected, and such "alter
user" commands will fail.
So Oracle strengthens the "security by default", and I expect this to
continue.
AIUI, Codership does not deviate from Oracle unless absolutely
necessary, so the Codership binaries based on MySQL 5.7 (and the
Codership RPMs based on 5.6) follow the same policies.
As a consequence, this part of the installation and setup does not
differ between a stand-alone server from an Oracle package and a Galera
Cluster node from a Codership package.
HTH,
Jörg
--
Joerg Bruehe, Senior MySQL Support Engineer, joerg....@fromdual.com
FromDual GmbH, Rebenweg 6, CH - 8610 Uster; phone +41 44 500 58 26
Geschäftsführer: Oliver Sennhauser
Handelsregister-Eintrag: CH-020.4.044.539-3
On 05.12.2016 20:21, Stefan wrote:
> More than 1 year later this bug is still there. Really, really annoying.
> I just spent hours to troubleshoot this because usually you first do SET
> ... and then FLUSH PRIVILEGES when running with --skip.... But here you
> have to do the opposite: First run FLUSH PRIVILEGES, then SET...
> otherwise the thing will complain that its running in
> --skip-whatever-mode. Please, dear Galera RPM packagers, fix this and
> remove your MySQL root password from the binary installation.
When we only consider packages built by Oracle or Codership, you have to
differ between two cases:
1) MySQL from 5.7, or 5.6 in a RPM package;
2) MySQl before 5.6, or 5.6 in non-RPM.
(I cannot comment on packages from other builders.)
Case 2 should be simple: There is no root password handling.
Case 1 is more complicated: In order to have security by default, Oracle
changed the code (5.6 RPM: the install script, 5.7: the server) so that
a random root password will be set on installation (5.6 RPM) / on first
server start (5.7).
All this applies to new installations only, not to upgrades.
In Oracle's 5.6 RPMs, this random password was then written to a file in
root's home directory; in 5.7, it is written to the error log.
In both 5.6 and 5.7, this password is immediately declared as "expired",
and the consequence is that the MySQL server will only accept a password
change as the next statement, nothing else.
All this can be handled without using "--skip-grant-tables":
1) Grep the random root password from the appropriate file.
2) Use it to connect as root.
3) As your first statement, call
ALTER USER user() IDENTIFIED BY 'your-individual-password';
4) From now on (and already in this session), work normally.
Complication is increased by the "password validation plugin" in 5.7. By
default, the password must contain at least one lowercase letter, one
uppercase, one digit, and one special character, and must be at least
eight characters long. Other passwords will be rejected, and such "alter
user" commands will fail.
So Oracle strengthens the "security by default", and I expect this to
continue.
AIUI, Codership does not deviate from Oracle unless absolutely
necessary, so the Codership binaries based on MySQL 5.7 (and the
Codership RPMs based on 5.6) follow the same policies.
As a consequence, this part of the installation and setup does not
differ between a stand-alone server from an Oracle package and a Galera
Cluster node from a Codership package.
HTH,
Jörg
--
Joerg Bruehe, Senior MySQL Support Engineer, joerg....@fromdual.com
FromDual GmbH, Rebenweg 6, CH - 8610 Uster; phone +41 44 500 58 26
Geschäftsführer: Oliver Sennhauser
Handelsregister-Eintrag: CH-020.4.044.539-3
Stefan
Dec 6, 2016, 7:23:20 AM12/6/16
to codership
Jörg,
you are absolutely right. I apologize for yelling. I spoke too quickly. Indeed, the root password gets set and saved in a text file in /root. I missed that when installing via yum.
Maybe, just maybe, a note could get added here: http://galeracluster.com/documentation-webpages/startingcluster.html - Just before the document asks you to execute the first SQL query (SHOW STATUS LIKE 'wsrep_cluster_size';). To save other dummies like me some pain.
Thank you!
On Tuesday, December 6, 2016 at 12:08:39 PM UTC+1, Jörg Brühe wrote:
you are absolutely right. I apologize for yelling. I spoke too quickly. Indeed, the root password gets set and saved in a text file in /root. I missed that when installing via yum.
Maybe, just maybe, a note could get added here: http://galeracluster.com/documentation-webpages/startingcluster.html - Just before the document asks you to execute the first SQL query (SHOW STATUS LIKE 'wsrep_cluster_size';). To save other dummies like me some pain.
Thank you!
On Tuesday, December 6, 2016 at 12:08:39 PM UTC+1, Jörg Brühe wrote:
Hi Stefan, all!
...
Reply all
Reply to author
Forward
0 new messages