Create ~/.my.cnf with root user/password

50-mysql-users and 60-mysql-secure depend on ~/.my.cnf existing with the correct root password. This needs to be created as part of the install so that os-refresh-config will work post install. On a re-image this may not exist so try with no password or with /mnt/state/root/metadata.my.cnf Change-Id: If984c45b5745997a2ec63d9c90d4cf4c105964d2
2014-04-22 10:15:12 +01:00 · 2014-04-22 10:15:12 +01:00 · ae805fdf30
parent 8f988996ea
commit ae805fdf30
4 changed files with 27 additions and 5 deletions
--- a/elements/mysql-common/os-config-applier/mnt/state/root/metadata.my.cnf
+++ b/elements/mysql-common/os-config-applier/mnt/state/root/metadata.my.cnf
@ -0,0 +1,5 @@
+[client]
+user = root
+{{#mysql.root-password}}
+password = {{.}}
+{{/mysql.root-password}}
--- a/elements/mysql-common/os-refresh-config/post-configure.d/10-mysql-permissions
+++ b/elements/mysql-common/os-refresh-config/post-configure.d/10-mysql-permissions
@ -1,4 +1,4 @@
 #!/bin/bash
 set -eu

-chmod 600 /mnt/state/etc/mysql/debian.cnf /mnt/state/etc/mysql/dbusers.json /mnt/state/etc/mysql/static-dbusers.json
+chmod 600 /mnt/state/etc/mysql/debian.cnf /mnt/state/etc/mysql/dbusers.json /mnt/state/etc/mysql/static-dbusers.json /mnt/state/root/metadata.my.cnf
--- a/elements/mysql-common/os-refresh-config/post-configure.d/50-mysql-users
+++ b/elements/mysql-common/os-refresh-config/post-configure.d/50-mysql-users
@ -29,8 +29,15 @@ from base64 import b64encode
 logging.basicConfig()
 logger = logging.getLogger('mysql-users')

-# Root should have a my.cnf setup
-conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
+# Try to connect with no password, ~/.my.cnf and /mnt/state/root/metadata.my.cnf
+# in that order. This should cover os-refresh-config post install and re-image
+try:
+    conn = MySQLdb.Connect()
+except Exception, e:
+    try:
+        conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
+    except Exception, e:
+        conn = MySQLdb.Connect(read_default_file='/mnt/state/root/metadata.my.cnf')
 cursor = conn.cursor()
 rows = cursor.execute("SELECT DISTINCT User FROM mysql.user WHERE user != ''")
 existing = set([x[0] for x in cursor.fetchmany(size=rows)])
--- a/elements/mysql-common/os-refresh-config/post-configure.d/60-mysql-secure
+++ b/elements/mysql-common/os-refresh-config/post-configure.d/60-mysql-secure
@ -20,6 +20,7 @@
 import json
 import logging
 import os
+import shutil

 import MySQLdb

@ -41,8 +42,15 @@ def load_userfile(path, users):


 def secure_installation(rootuser):
-    # If root password is set assumes ~/.my.cnf is configured correctly
-    conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
+    # Try to connect with no password, ~/.my.cnf and /mnt/state/root/metadata.my.cnf
+    # in that order. This should cover os-refresh-config post install and re-image
+    try:
+        conn = MySQLdb.Connect()
+    except Exception, e:
+        try:
+            conn = MySQLdb.Connect(read_default_file=os.path.expanduser('~/.my.cnf'))
+        except Exception, e:
+            conn = MySQLdb.Connect(read_default_file='/mnt/state/root/metadata.my.cnf')
    with conn:
        # Remove Anonymous Users
        cursor = conn.cursor()
@ -63,6 +71,8 @@ def secure_installation(rootuser):
                   "%s) WHERE User=%s")
            cursor.execute(cmd, (rootpwd, "root"))
            cursor.execute("FLUSH PRIVILEGES")
+            # As Above also sets root password .my.cnf with new password
+            shutil.copy2('/mnt/state/root/metadata.my.cnf',os.path.expanduser('~/.my.cnf'))
        cursor.close()

 users = {}