Error when using mysql_db to assign privileges in MySQL on RDS.

[Daniel McQuillen]

Hi all,

I've been working with Ansible as I try to set up a specific configuration for Open EdX (the open source MOOC) to work with MySQL hosted by Amazon's RDS service.

At one point in the Open EdX ansible plays, it tries to create an "admin" user and assign "CREATE USER" privileges to it

mysql_user:
  name: "admin"
  password: "some password for admin user"
  priv: "*.*:CREATE USER"
  login_host: "some RDS Mysql host url"
  login_user: "some root user"
  login_password: "some root password"

However, when this play runs, Ansible fails with the following message:

failed: [localhost] => {"failed": true}

msg: (1045, "Access denied for user 'root'@'%' (using password: YES)")

FATAL: all hosts have already failed -- aborting

I then read that when using Ansible with RDS, you can't use the *.* selection mechanism, but rather have to use %.* ... and I've used that successfully in another part of the Ansible script to assign ALL privileges.

But when I update this play to have  priv: "%.*:CREATE USER" I then get the error

failed: [localhost] => {"failed": true}

msg: (1221, 'Incorrect usage of DB GRANT and GLOBAL PRIVILEGES')

FATAL: all hosts have already failed -- aborting

Any thoughts on assigning CREATE USER privileges to a user in RDS via Ansible?

Thanks.

Daniel

[Johannes Kastl]

On 25.05.16 02:23 Daniel McQuillen wrote:

> However, when this play runs, Ansible fails with the following message:
>
> failed: [localhost] => {"failed": true}
>
> msg: (1045, "Access denied for user 'root'@'%' (using password: YES)")

This looks like your user root does not have the needed privileges to
grant privileges to other users.

Does this step work, if you do it manually?

Johannes