Issue #223: Generate a random default root password #465
Conversation
Instead of hardcoding an insecure default password for the `root` mysql user, generate a random one as discussed in issue geerlingguy#223 .
…prevent regeneration.
| mysql_root_cnf_path: "{{ mysql_root_home }}/.my.cnf" | ||
|
|
||
| - name: Copy .my.cnf file with root password credentials. | ||
| template: |
There was a problem hiding this comment.
In terms of backwards compatibility, could this break that for existing installs?
There was a problem hiding this comment.
What I think you're mostly concerned about here, and rightly so, is if there's a password already there (for example, the old default one). I tested that by changing it (and leaving the rest of the file alone). Both <5.7 and 5.7+ were skipped so we're all good there. force: no is the default so I think we're good. If the file's already there, it won't touch it. It'll just use what's there for running operations, which will just work.
|
I can't figure out how to turn this comment in to a new "conversation" or start my own review (as I'm more familiar with GitLab) so please convert if you can... That test result is failing for MySQL < 5.7. I'm less concerned about that because support for that ended in February. Is there a way we could skip that one (for the time being, at least), and see how it works for 5.7+? I'm actually testing this myself on v8, and not having any problems (Ubuntu 20.04). |
…root password more descriptive.
… to set it in the DB.
…s not available/appropriate.
…ally removing "is true".
|
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark pull requests as stale. |
|
@geerlingguy I believe that this is ready to be merged. Or do you have any additional concerns? |
|
This issue is no longer marked for closure. |
|
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark pull requests as stale. |
|
👋 |
|
This issue is no longer marked for closure. |
|
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark pull requests as stale. |
|
👋 |
|
This issue is no longer marked for closure. |
|
Stale bot stay away! |
Instead of hard-coding an insecure default password for the
rootMySQL user, generate a random one as discussed in issue #223.This is more complicated than simply adding a random password to the defaults file because that'll change every time the variable is read. Instead, I generate a random password and place it into
/root/.my.cnf(or wherever) unless there already is one, fetch it from there, and then use it to set the actualrootpassword in the DB. But this only happens if the configuration file has changed. Otherwise, they'd be out of sync.