Page MenuHomePhabricator

Fix default .my.cnf/grants for vagrant user on Stretch
Closed, ResolvedPublic

Description

mysql gives ERROR 1698 (28000): Access denied for user 'root'@'localhost' while on jessie that just worked out of the box. Works with sudo but would be nice to keep the old syntax.

Event Timeline

bd808 created this task.Dec 3 2017, 6:09 AM
bd808 added a comment.Dec 21 2017, 5:14 AM
$ sudo mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show grants\G
*************************** 1. row ***************************
Grants for root@localhost: GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION
*************************** 2. row ***************************
Grants for root@localhost: GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
2 rows in set (0.00 sec)

The default grants setup by the package are using unix socket auth. This keeps the Exec['set_mysql_password'] we have in ::mysql from firing. The easiest fix may be to add a set of ALL PRIVILEGES grants for the vagrant user. It would also be possible to switch the root user auth back to password based.

Change 399565 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[mediawiki/vagrant@stretch-migration] mariadb: setup unix_socket auth for vagrant user

https://gerrit.wikimedia.org/r/399565

bd808 claimed this task.Dec 21 2017, 6:58 AM

Change 399565 merged by jenkins-bot:
[mediawiki/vagrant@stretch-migration] mariadb: setup unix_socket auth for vagrant user

https://gerrit.wikimedia.org/r/399565

Gilles closed this task as Resolved.Dec 21 2017, 8:47 AM
hashar reopened this task as Open.Dec 24 2017, 10:51 PM
hashar added a subscriber: hashar.

https://gerrit.wikimedia.org/r/399565 causes a dependency cycle when compiling the catalog with rspec-puppet and enabling the role:centralauth (in addition to the classes defined in hiera classes):

dependency cycles found: (Exec[create database centralauth ] 
=>Mysql::Sql[create database centralauth ]
=>Mysql::Db[centralauth]
=>Mysql::User[vagrant]
=>Mysql::Sql[create user vagrant]
=>Exec[create user vagrant]
=>Mysql::Sql[create user vagrant]
=>Mysql::User[vagrant]
=>Class[Mysql]
=>Class[Role::Mediawiki]
=>Class[Role::Mediawiki]
=>Class[Role::Centralauth]
=>Mysql::Db[centralauth]
=>Mysql::Sql[create database centralauth ]
=>Exec[create database centralauth ])

But maybe vagrant provision + enable role centralauth actually works fine?

Change 400125 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[mediawiki/vagrant@stretch-migration] mysql: break Mysql::User['vagrant'] dependency cycle

https://gerrit.wikimedia.org/r/400125

Change 400125 merged by jenkins-bot:
[mediawiki/vagrant@stretch-migration] mysql: break Mysql::User['vagrant'] dependency cycle

https://gerrit.wikimedia.org/r/400125

bd808 closed this task as Resolved.Dec 25 2017, 3:47 AM