Create ~/.my.cnf with root user/password
50-mysql-users and 60-mysql-secure depend on ~/.my.cnf existing with the correct root password. This needs to be created as part of the install so that os-refresh-config will work post install. On a re-image this may not exist so try with no password or with /mnt/state/root/metadata.my.cnf Change-Id: If984c45b5745997a2ec63d9c90d4cf4c105964d2
This commit is contained in:
parent
8f988996ea
commit
ae805fdf30
|
@ -0,0 +1,5 @@
|
|||
[client]
|
||||
user = root
|
||||
{{#mysql.root-password}}
|
||||
password = {{.}}
|
||||
{{/mysql.root-password}}
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
set -eu
|
||||
|
||||
chmod 600 /mnt/state/etc/mysql/debian.cnf /mnt/state/etc/mysql/dbusers.json /mnt/state/etc/mysql/static-dbusers.json
|
||||
chmod 600 /mnt/state/etc/mysql/debian.cnf /mnt/state/etc/mysql/dbusers.json /mnt/state/etc/mysql/static-dbusers.json /mnt/state/root/metadata.my.cnf
|
||||
|
|
|
@ -29,8 +29,15 @@ from base64 import b64encode
|
|||
logging.basicConfig()
|
||||
logger = logging.getLogger('mysql-users')
|
||||
|
||||
# Root should have a my.cnf setup
|
||||
conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
|
||||
# Try to connect with no password, ~/.my.cnf and /mnt/state/root/metadata.my.cnf
|
||||
# in that order. This should cover os-refresh-config post install and re-image
|
||||
try:
|
||||
conn = MySQLdb.Connect()
|
||||
except Exception, e:
|
||||
try:
|
||||
conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
|
||||
except Exception, e:
|
||||
conn = MySQLdb.Connect(read_default_file='/mnt/state/root/metadata.my.cnf')
|
||||
cursor = conn.cursor()
|
||||
rows = cursor.execute("SELECT DISTINCT User FROM mysql.user WHERE user != ''")
|
||||
existing = set([x[0] for x in cursor.fetchmany(size=rows)])
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
import json
|
||||
import logging
|
||||
import os
|
||||
import shutil
|
||||
|
||||
import MySQLdb
|
||||
|
||||
|
@ -41,8 +42,15 @@ def load_userfile(path, users):
|
|||
|
||||
|
||||
def secure_installation(rootuser):
|
||||
# If root password is set assumes ~/.my.cnf is configured correctly
|
||||
conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
|
||||
# Try to connect with no password, ~/.my.cnf and /mnt/state/root/metadata.my.cnf
|
||||
# in that order. This should cover os-refresh-config post install and re-image
|
||||
try:
|
||||
conn = MySQLdb.Connect()
|
||||
except Exception, e:
|
||||
try:
|
||||
conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
|
||||
except Exception, e:
|
||||
conn = MySQLdb.Connect(read_default_file='/mnt/state/root/metadata.my.cnf')
|
||||
with conn:
|
||||
# Remove Anonymous Users
|
||||
cursor = conn.cursor()
|
||||
|
@ -63,6 +71,8 @@ def secure_installation(rootuser):
|
|||
"%s) WHERE User=%s")
|
||||
cursor.execute(cmd, (rootpwd, "root"))
|
||||
cursor.execute("FLUSH PRIVILEGES")
|
||||
# As Above also sets root password .my.cnf with new password
|
||||
shutil.copy2('/mnt/state/root/metadata.my.cnf',os.path.expanduser('~/.my.cnf'))
|
||||
cursor.close()
|
||||
|
||||
users = {}
|
||||
|
|
Loading…
Reference in New Issue