initial_root_password has no effect on modern MySQL versions
gregorbg opened this issue Β· comments
π» Brief Description
When setting up MySQL using the mysql_service
block, there is an option called initial_root_password
. When setting that to some specific string, I expect to be able to use that string to log into the server later.
In reality, I cannot use the password because the authentication is handled via Socket by default, ever since MySQL 5.7 I believe.
π₯ Cookbook version
11.0.5
π©βπ³ Chef-Infra Version
17.10.3
π© Platform details
Ubuntu 20.04 LTS
Steps To Reproduce
In a custom Chef cookbook, use this library and configure as follows:
mysql_service 'default' do
version '8.0'
charset 'utf8mb4'
bind_address '127.0.0.1'
initial_root_password 'super_strong_password'
socket '/var/run/mysqld/mysqld.sock'
action [:create, :start]
end
π Expected behavior
After Chef finishes, I can log in via mysql -u root -p
and then entering the super_strong_password
I defined above.
In reality, MySQL just reports Access denied for user 'root'@'localhost'
β Additional context
When forcing access to the console through sudo mysql
, one can see that the server is actually configured to use the auth_socket
plugin:
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
+------------------+------------------------------------------------------------------------+-----------------------+-----------+
| user | authentication_string | plugin | host |
+------------------+------------------------------------------------------------------------+-----------------------+-----------+
| mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| mysql.session | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| mysql.sys | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| root | | auth_socket | localhost |
+------------------+------------------------------------------------------------------------+-----------------------+-----------+
As far as setting the default password is concerned, I think it happens here. But this invocation has no effect if auth_socket
is used, and MySQL reports a warning along the lines of SET PASSWORD has no significance for user 'root'@'localhost' as authentication plugin does not support it.
To make the password access work, the plugin must be changed upon setting the password. The IDENTIFIED WITH
change was once properly introduced in 9a66e57, but then got reverted immediately in fe39425 for unknown reasons.
I am aware of #539 but that issue never reached any actual conclusion. I'm curious to know why the revert that I mentioned above happened and if (and why) this is intended behaviour.