Bootstrap FreeKB - Ansible - mysql_user module
Ansible - mysql_user module

Updated:   |  Ansible articles

If you are not familiar with modules, check out Ansible - Getting Started with Modules.

The mysql_user module requires the Python and PyMySQL packages to be installed on the managed nodes. The dnf module (Red Hat 8 distributions) can be used to install Python and PyMySQL.

- dnf:
  name: [ 'python', 'python3-PyMySQL' ]
  state: latest

 

In this example, The mysql_db module is used to create 'john.doe'@'localhost' account with ALL grants.

- name: user root will create john.doe user account
  mysql_user:
    login_user: root
    login_password: 'itsasecret'
    login_port: 3306
    login_host: localhost
    login_unix_socket: /var/lib/mysql/mysql.sock
    name: john.doe
    host: localhost
    password: "{{ '%s' | format(password) | password_hash('sha512') }}"
    state: present
    priv: '*.*:ALL,GRANT'

 

Notice that "root" is the login_user. This means that root will need to be a mysql user with the grant priviledge on localhost. This can be confirmed using the select mysql users command.

~]# mysql -e "select User,Password,Host,Grant_priv from mysql.user where User = 'root' \G"
*************************** 1. row ***************************
      User: root
  Password: *964A30F03EBE2D0D8EADC172640E4389BC9AF7FF
      Host: localhost
Grant_priv: Y
*************************** 2. row ***************************
      User: root
  Password: *964A30F03EBE2D0D8EADC172640E4389BC9AF7FF
      Host: 127.0.0.1
Grant_priv: Y
*************************** 3. row ***************************
      User: root
  Password: *964A30F03EBE2D0D8EADC172640E4389BC9AF7FF
      Host: ::1
Grant_priv: Y

 

The select password command can be used to verify the users password matches the hashed password.

~]# mysql -e "select password('itsasecret')"
+-------------------------------------------+
| password('itsasecret')                    |
+-------------------------------------------+
| *964A30F03EBE2D0D8EADC172640E4389BC9AF7FF |
+-------------------------------------------+

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 1929c6 in the box below so that we can be sure you are a human.