Mysql Idempotency Failure

[Chinmaya Patanaik]

Hi,

I am trying to incorporate mysql secure installation using Ansible playbook. I followed the below links.

1. http://stackoverflow.com/questions/16444306/ansible-idempotent-mysql-installation-playbook

2. https://groups.google.com/forum/#!topic/ansible-project/-jSfGwpk5J8

Target Server - Amazon Linux AMI(YUM based distro)

My Playbook looks like this.

---

- name: Install mysql using yum
  action: yum pkg={{item}} state=latest
  with_items:
      - MySQL-python
      - mysql
      - mysql-server
    
- name: Start the mysql server
  service: name=mysqld state=running enabled=yes

- name: copy .my.cnf file with root password credentials
  template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600

# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
- name: update mysql root password for all root accounts
  mysql_user: name=root host={{ item }} password={{ mysql_root_password }}
  with_items:
      - '{{ ansible_hostname }}'
      - 127.0.0.1
      - ::1
      - localhost

- name: delete anonymous MySQL server user for $server_hostname
  action: mysql_user user="" host="$server_hostname" state="absent"

- name: delete anonymous MySQL server user for localhost
  action: mysql_user user="" state="absent"

- name: remove the MySQL test database
  action: mysql_db db=test state=absent

My cnf file is -

$cat roles/database/templates/.my.cnf.j2
[client]
user=root
password={{ mysql_root_password }}



and My variable file is -

$cat roles/database/vars/main.yml
user: root
mysql_root_password: *******


But when I run the playbook, I am getting the following error.

msg: unable to connect to database, check login_user and login_password are correct or ~/.my.cnf has the credentials

I am doing exactly the same as mentioned in the above 2 links. I even tried to perform the conf file copy task before root password change task. But I am still unable to run it successfully.


I would really appreciate any kind of help.

Thanks,
Chinmaya

[Michael DeHaan]

Minor pet peeve - That's not an idempotency failure, you have trouble logging into a MySQL database.

I will stick voodoo pins into those that made use of that word so commonly confused :)   Not your vault of course.

I do notice you are using horribly dated Ansible syntax with

"host="$server_hostname""

Variables look like {{ server_hostname }} not $server_hostname

This may be your problem.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cf9ca391-f2b2-4c6f-b342-01df409912e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael DeHaan]

s/vault/fault/

(Freudian slip?)

[Chinmaya Patanaik]

Thanks. I didn't notice "host="$server_hostname"" thing as the play ended before that task. The task which failed is "name: update mysql root password for all root accounts".

I am struggling with this all day. Any help is appreciated.

[Matt Coddington]

i would guess it's an ordering thing.  the play prior to the failed one you are templating your .my.cnf.  if that template is also using {{ mysql_root_password }} then you have locked yourself out of mysql by updating your .my.cnf with the new password prior to changing it.  put the correct current password in your .my.cnf, then move that template to _after_ where you call mysql_user to update your password.

matt

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b6d8b44e-010e-4e49-83c4-ae9e8ecf4321%40googlegroups.com.