Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mariadb socket access must be enabled before highstate - salt 3K still tries empty password #56170

Closed
jeffdyke opened this issue Feb 14, 2020 · 0 comments · Fixed by #56174
Closed

mariadb socket access must be enabled before highstate - salt 3K still tries empty password #56170

jeffdyke opened this issue Feb 14, 2020 · 0 comments · Fixed by #56174
Assignees
@garethgreenaway
Labels
Bug broken, incorrect, or confusing behavior P3 Priority 3 severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around v3000.1 vulnerable version
Milestone
Approved

Comments

@jeffdyke
Copy link

Description of Issue

In mariadb 10.4, the empty root password was removed, so the default is socket only as root or the mariadb owner (mysql). When running a highstate this will fail if you try to write the config file during a running minion, and if you try a local reload, i've run into either race conditions or a bad idea :).

I have added this to my custom bootstrap script, directly after salt is installed and i patch mysql.py per my comments here - #56124, then i restart salt, sleep and run the highstate (i do this through terraform and custom code)

# This is required for mariadb 10.4+ as root only has socket access, no more empty passwords"
  cat <<db > /etc/salt/minion.d/database-access.conf
mysql.host: 'localhost'- 
mysql.user: 'root'
mysql.unix_socket: '/var/run/mysqld/mysqld.sock'
mysql.db: 'mysql'
mysql.charset: 'utf8'
db

Setup

Basic setup, as this is a change to behaviour of the database engine not salt.

Steps to Reproduce Issue

Using state files:

  • file.managed (database-acccess.conf)
    • This sets what i'm putting on disc, so no changes
  • pkg.installed (mariadb 10.4+)
  • Run a highstate, which contains your user and grant states

It will fail b/c root is still trying to login with mysql -u root.

Versions Report

Salt Version:
           Salt: 3000
 
Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 2.6.1
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
         Jinja2: 2.10
        libgit2: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 3.6.9 (default, Nov  7 2019, 10:44:02)
   python-gnupg: 0.4.1
         PyYAML: 3.12
          PyZMQ: 16.0.2
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.2.5
 
System Versions:
           dist: Ubuntu 18.04 bionic
         locale: UTF-8
        machine: x86_64
        release: 4.15.0-1058-aws
         system: Linux
        version: Ubuntu 18.04 bionic

I have been installing the pure python mysql via pip for years, which is why there is not one installed, but this has never mattered.

No major, or even minor differences between this minion and the master.
@garethgreenaway garethgreenaway self-assigned this Feb 18, 2020
@garethgreenaway garethgreenaway added this to the Approved milestone Feb 20, 2020
@garethgreenaway garethgreenaway added Bug broken, incorrect, or confusing behavior severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around P3 Priority 3 labels Feb 20, 2020
@garethgreenaway garethgreenaway mentioned this issue Feb 20, 2020
Merged
@sagetherage sagetherage linked a pull request Feb 21, 2020 that will close this issue
[master] MySQL module fixes #56174
Merged
@sagetherage sagetherage added the v3000.1 vulnerable version label Feb 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@garethgreenaway garethgreenaway

Labels
Bug broken, incorrect, or confusing behavior P3 Priority 3 severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around v3000.1 vulnerable version
Projects
None yet
Milestone
Approved
Development

Successfully merging a pull request may close this issue.

[master] MySQL module fixes garethgreenaway/salt
3 participants
@garethgreenaway @jeffdyke @sagetherage