MySQL Cookbook Ignores Root Password Setting On First Converge


#1

Hello all,

I’m currently building a Chef setup and have hit a consistent issue with the MySQL cookbook. Given the popularity of this cookbook, I’m happy to believe that I’m just doing something wrong.

The problem is it’s ignoring the passwords in my wrapper cookbook the first time that the cookbook is applied, and instead, uses the default values. The second time that the cookbook runs it does try to apply the correct passwords, but fails, because the MySQL installation requires the root password that was set on the first run.

The test nodes are fresh Ubuntu 14.04 LTS VMs - I’m building and destroying the nodes each time to ensure that they are clean. I’ve tried using the block format for configuring the MySQL resource, and with hard-coded values instead of Chef Vault, but get the same behaviour in both cases. There’s no open issue in JIRA or GitHub to suggest that this is a known issue.

My wrapper cookbook is here:

Thanks in advance,

Stuart


Stuart Ellis
stuart@stuartellis.eu


#2

I suggest you replace the following in recipes/server.rb:

root_account = ChefVault::Item.load(“mysql_accounts”,
“root”)node.set[‘mysql’][‘server_root_password’] =
root_account[‘password’]

With the following in attributes/default.rb:

root_account = ChefVault::Item.load(“mysql_accounts”,
“root”)default[‘mysql’][‘server_root_password’] =
root_account[‘password’]

It’s very likely that your node.set call happens after mysql cookbook tries
to determine root password, which is why you’re not seeing the behavior you
want.

On Sat, Jun 21, 2014 at 2:51 AM, Stuart Ellis stuart@stuartellis.eu wrote:

Hello all,

I’m currently building a Chef setup and have hit a consistent issue with
the MySQL cookbook. Given the popularity of this cookbook, I’m happy to
believe that I’m just doing something wrong.

The problem is it’s ignoring the passwords in my wrapper cookbook the
first time that the cookbook is applied, and instead, uses the default
values. The second time that the cookbook runs it does try to apply the
correct passwords, but fails, because the MySQL installation requires the
root password that was set on the first run.

The test nodes are fresh Ubuntu 14.04 LTS VMs - I’m building and
destroying the nodes each time to ensure that they are clean. I’ve tried
using the block format for configuring the MySQL resource, and with
hard-coded values instead of Chef Vault, but get the same behaviour in both
cases. There’s no open issue in JIRA or GitHub to suggest that this is a
known issue.

My wrapper cookbook is here:

https://bitbucket.org/stuartellis/se-mysql

Thanks in advance,

Stuart


Stuart Ellis
stuart@stuartellis.eu


Best regards, Dmitriy V.


#3

I tried, but can’t seem to reproduce this.

The latest commit on the mysql cookbook sets a nondefault password on the
test cookbooks, and adds a wrapper cookbook.

Serverspec is passing with flying colors:

Maybe it has something to do with chef-vault?

PS: It’s not going to have anything to do with node.set vs node.default.
The password is being passed into the mysql_service resource as a parameter.

-s

On Sun, Jun 22, 2014 at 4:56 PM, DV vindimy@gmail.com wrote:

I suggest you replace the following in recipes/server.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)node.set[‘mysql’][‘server_root_password’] = root_account[‘password’]

With the following in attributes/default.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)default[‘mysql’][‘server_root_password’] = root_account[‘password’]

It’s very likely that your node.set call happens after mysql cookbook
tries to determine root password, which is why you’re not seeing the
behavior you want.

On Sat, Jun 21, 2014 at 2:51 AM, Stuart Ellis stuart@stuartellis.eu
wrote:

Hello all,

I’m currently building a Chef setup and have hit a consistent issue with
the MySQL cookbook. Given the popularity of this cookbook, I’m happy to
believe that I’m just doing something wrong.

The problem is it’s ignoring the passwords in my wrapper cookbook the
first time that the cookbook is applied, and instead, uses the default
values. The second time that the cookbook runs it does try to apply the
correct passwords, but fails, because the MySQL installation requires the
root password that was set on the first run.

The test nodes are fresh Ubuntu 14.04 LTS VMs - I’m building and
destroying the nodes each time to ensure that they are clean. I’ve tried
using the block format for configuring the MySQL resource, and with
hard-coded values instead of Chef Vault, but get the same behaviour in both
cases. There’s no open issue in JIRA or GitHub to suggest that this is a
known issue.

My wrapper cookbook is here:

https://bitbucket.org/stuartellis/se-mysql

Thanks in advance,

Stuart


Stuart Ellis
stuart@stuartellis.eu


Best regards, Dmitriy V.


#4

Thanks to you both.

I’ve amended the dependency in the wrapper cookbook and hard-coded the passwords. It now does not attempt to reset the passwords on the second run, but still does not set the passwords correctly. I’ve updated the repository with the current code that I’m trying:

Kind regards,

Stuart

On 23 Jun 2014, at 17:49, Sean OMeara someara@opscode.com wrote:

I tried, but can’t seem to reproduce this.

The latest commit on the mysql cookbook sets a nondefault password on the test cookbooks, and adds a wrapper cookbook.

https://github.com/opscode-cookbooks/mysql/commit/a5f470a542f4ad92ccaef831eb92d537877c1b3a

Serverspec is passing with flying colors:

https://gist.github.com/someara/5410caf221bf1af25b1a

Maybe it has something to do with chef-vault?

PS: It’s not going to have anything to do with node.set vs node.default. The password is being passed into the mysql_service resource as a parameter.

-s

On Sun, Jun 22, 2014 at 4:56 PM, DV vindimy@gmail.com wrote:
I suggest you replace the following in recipes/server.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)
node.set[‘mysql’][‘server_root_password’] = root_account[‘password’]

With the following in attributes/default.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)
default[‘mysql’][‘server_root_password’] = root_account[‘password’]

It’s very likely that your node.set call happens after mysql cookbook tries to determine root password, which is why you’re not seeing the behavior you want.

On Sat, Jun 21, 2014 at 2:51 AM, Stuart Ellis stuart@stuartellis.eu wrote:
Hello all,

I’m currently building a Chef setup and have hit a consistent issue with the MySQL cookbook. Given the popularity of this cookbook, I’m happy to believe that I’m just doing something wrong.

The problem is it’s ignoring the passwords in my wrapper cookbook the first time that the cookbook is applied, and instead, uses the default values. The second time that the cookbook runs it does try to apply the correct passwords, but fails, because the MySQL installation requires the root password that was set on the first run.

The test nodes are fresh Ubuntu 14.04 LTS VMs - I’m building and destroying the nodes each time to ensure that they are clean. I’ve tried using the block format for configuring the MySQL resource, and with hard-coded values instead of Chef Vault, but get the same behaviour in both cases. There’s no open issue in JIRA or GitHub to suggest that this is a known issue.

My wrapper cookbook is here:

https://bitbucket.org/stuartellis/se-mysql

Thanks in advance,

Stuart


Stuart Ellis
stuart@stuartellis.eu


Best regards, Dmitriy V.


Stuart Ellis
stuart@stuartellis.eu


#5

You probably don’t want the ‘=’ signs on lines 13 and 14 =)

https://bitbucket.org/stuartellis/se-mysql/src/e46ab89df21923ac07f3ced3e5180c5d15d08bf1/recipes/server.rb?at=master#cl-13

-s

On Mon, Jun 23, 2014 at 5:23 PM, Stuart Ellis stuart@stuartellis.eu wrote:

Thanks to you both.

I’ve amended the dependency in the wrapper cookbook and hard-coded the
passwords. It now does not attempt to reset the passwords on the second
run, but still does not set the passwords correctly. I’ve updated the
repository with the current code that I’m trying:

https://bitbucket.org/stuartellis/se-mysql

Kind regards,

Stuart

On 23 Jun 2014, at 17:49, Sean OMeara someara@opscode.com wrote:

I tried, but can’t seem to reproduce this.

The latest commit on the mysql cookbook sets a nondefault password on
the test cookbooks, and adds a wrapper cookbook.

https://github.com/opscode-cookbooks/mysql/commit/a5f470a542f4ad92ccaef831eb92d537877c1b3a

Serverspec is passing with flying colors:

https://gist.github.com/someara/5410caf221bf1af25b1a

Maybe it has something to do with chef-vault?

PS: It’s not going to have anything to do with node.set vs node.default.
The password is being passed into the mysql_service resource as a parameter.

-s

On Sun, Jun 22, 2014 at 4:56 PM, DV vindimy@gmail.com wrote:
I suggest you replace the following in recipes/server.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)
node.set[‘mysql’][‘server_root_password’] = root_account[‘password’]

With the following in attributes/default.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)
default[‘mysql’][‘server_root_password’] = root_account[‘password’]

It’s very likely that your node.set call happens after mysql cookbook
tries to determine root password, which is why you’re not seeing the
behavior you want.

On Sat, Jun 21, 2014 at 2:51 AM, Stuart Ellis stuart@stuartellis.eu
wrote:
Hello all,

I’m currently building a Chef setup and have hit a consistent issue with
the MySQL cookbook. Given the popularity of this cookbook, I’m happy to
believe that I’m just doing something wrong.

The problem is it’s ignoring the passwords in my wrapper cookbook the
first time that the cookbook is applied, and instead, uses the default
values. The second time that the cookbook runs it does try to apply the
correct passwords, but fails, because the MySQL installation requires the
root password that was set on the first run.

The test nodes are fresh Ubuntu 14.04 LTS VMs - I’m building and
destroying the nodes each time to ensure that they are clean. I’ve tried
using the block format for configuring the MySQL resource, and with
hard-coded values instead of Chef Vault, but get the same behaviour in both
cases. There’s no open issue in JIRA or GitHub to suggest that this is a
known issue.

My wrapper cookbook is here:

https://bitbucket.org/stuartellis/se-mysql

Thanks in advance,

Stuart


Stuart Ellis
stuart@stuartellis.eu


Best regards, Dmitriy V.


Stuart Ellis
stuart@stuartellis.eu


#6

This is just to confirm that now that I’ve fixed this and another error in my wrapper cookbook, everything is working correctly.

Thanks again,

Stuart

On 23 Jun 2014, at 22:39, Sean OMeara someara@opscode.com wrote:

You probably don’t want the ‘=’ signs on lines 13 and 14 =)

https://bitbucket.org/stuartellis/se-mysql/src/e46ab89df21923ac07f3ced3e5180c5d15d08bf1/recipes/server.rb?at=master#cl-13

-s

On Mon, Jun 23, 2014 at 5:23 PM, Stuart Ellis stuart@stuartellis.eu wrote:
Thanks to you both.

I’ve amended the dependency in the wrapper cookbook and hard-coded the passwords. It now does not attempt to reset the passwords on the second run, but still does not set the passwords correctly. I’ve updated the repository with the current code that I’m trying:

https://bitbucket.org/stuartellis/se-mysql

Kind regards,

Stuart

On 23 Jun 2014, at 17:49, Sean OMeara someara@opscode.com wrote:

I tried, but can’t seem to reproduce this.

The latest commit on the mysql cookbook sets a nondefault password on the test cookbooks, and adds a wrapper cookbook.

https://github.com/opscode-cookbooks/mysql/commit/a5f470a542f4ad92ccaef831eb92d537877c1b3a

Serverspec is passing with flying colors:

https://gist.github.com/someara/5410caf221bf1af25b1a

Maybe it has something to do with chef-vault?

PS: It’s not going to have anything to do with node.set vs node.default. The password is being passed into the mysql_service resource as a parameter.

-s

On Sun, Jun 22, 2014 at 4:56 PM, DV vindimy@gmail.com wrote:
I suggest you replace the following in recipes/server.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)
node.set[‘mysql’][‘server_root_password’] = root_account[‘password’]

With the following in attributes/default.rb:

root_account = ChefVault::Item.load(“mysql_accounts”, “root”)
default[‘mysql’][‘server_root_password’] = root_account[‘password’]

It’s very likely that your node.set call happens after mysql cookbook tries to determine root password, which is why you’re not seeing the behavior you want.

On Sat, Jun 21, 2014 at 2:51 AM, Stuart Ellis stuart@stuartellis.eu wrote:
Hello all,

I’m currently building a Chef setup and have hit a consistent issue with the MySQL cookbook. Given the popularity of this cookbook, I’m happy to believe that I’m just doing something wrong.

The problem is it’s ignoring the passwords in my wrapper cookbook the first time that the cookbook is applied, and instead, uses the default values. The second time that the cookbook runs it does try to apply the correct passwords, but fails, because the MySQL installation requires the root password that was set on the first run.

The test nodes are fresh Ubuntu 14.04 LTS VMs - I’m building and destroying the nodes each time to ensure that they are clean. I’ve tried using the block format for configuring the MySQL resource, and with hard-coded values instead of Chef Vault, but get the same behaviour in both cases. There’s no open issue in JIRA or GitHub to suggest that this is a known issue.

My wrapper cookbook is here:

https://bitbucket.org/stuartellis/se-mysql

Thanks in advance,

Stuart


Stuart Ellis
stuart@stuartellis.eu


Best regards, Dmitriy V.


Stuart Ellis
stuart@stuartellis.eu


Stuart Ellis
stuart@stuartellis.eu