MySQL cookbook on Chef doesnt run twice

1
votes

I'm currently trying out chef - more precisely - to setup a simple lamp with it. My cookbook should contain apache2, mysql and php at sometime. Right now I'm stuck with mysql.

The cookbook I'm using: https://supermarket.getchef.com/cookbooks/mysql. My configuration is almost the same as on the cookbook guide page.

databag_secret = Chef::EncryptedDataBagItem.load_secret("/etc/chef/encrypted_data_bag_secret")
secrets_mysql = Chef::EncryptedDataBagItem.load("secrets", "mysql", databag_secret)

include_recipe "mysql::client"
include_recipe "mysql::server"

mysql_service 'default' do
  allow_remote_root false
  remove_anonymous_users true
  remove_test_database true
  #server_root_password secrets_mysql['mysql_root_pass']
  server_debian_password 'vagrantsuxx'
  action :create
end

Retrieving my secret from the data bag works just fine and the first run of my cookbook always passes. Whenever I try to run it a second time it get the following error:

[2014-07-22T14:32:01+00:00] ERROR: Running exception handlers
Running handlers complete

[2014-07-22T14:32:01+00:00] ERROR: Exception handlers complete
[2014-07-22T14:32:01+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
Chef Client failed. 5 resources updated in 6.99007798 seconds
[2014-07-22T14:32:01+00:00] ERROR: mysql_service[default] (mysql::server line 20) had an error: Mixlib::ShellOut::ShellCommandFailed: execute[install-grants] (/var/chef/cache/cookbooks/mysql/libraries/provider_mysql_service_ubuntu.rb line 91) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /usr/bin/mysql -u root -pilikerandompasswords < /etc/mysql_grants.sql ----
STDOUT:
STDERR: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
---- End output of /usr/bin/mysql -u root -pilikerandompasswords < /etc/mysql_grants.sql ----
Ran /usr/bin/mysql -u root -pilikerandompasswords < /etc/mysql_grants.sql returned 1
[2014-07-22T14:32:01+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

I wonder why that is. The passwords on /etc/mysql_grants.sql are somehow getting reset. Anyone else experienced this? What am I missing?

1
vagrantchef-infrachef-recipe
Is there anywhere in your cookbook that sets the password in /etc/mysql_grants.sql? Is there any more detail in chef-stacktrace.out?Patrick M
As stated before - the little thing you see there is my whole config. I have not touched any other file besides some data bag JSONs. So my cookbook annot modify the password in mysql_grants.sql.Freddy
I have to admit I'm not that familiar with the mysql_grants.sql file. Does MySQL really store permissions in a plain file like that? So you check the contents of the file after each run and it's different after each run?Patrick M
The stacktrace.out file is linked right here: pastebin.com/2NUsuLCbFreddy
Thanks for linking that, it's always good to rule out hidden problems. After the 2nd run, can you authenticate with MySQL manually? Or have the permissions been completely wiped/changed?Patrick M

1 Answers

0
votes

Are you using the password?

I can't see it in that configuration

secrets_mysql seems to be getting read in then I can't see it being operated on. It doesn't seem to be used in the base cookbook either so I'm not 100% convinced the password is getting into the provider to be loaded. I see it's commented out in your provider call there

The following shows how the password string is built up in the debian helper before it's used by the service provider

  def pass_string
    if new_resource.parsed_server_root_password.empty?
      pass_string = ''
    else
      pass_string = '-p' + Shellwords.escape(new_resource.parsed_server_root_password)
    end

    pass_string = '-p' + ::File.open('/etc/.mysql_root').read.chomp if ::File.exist?('/etc/.mysql_root')
    pass_string
  end

This is it then being used

        cmd << "#{pass_string} < /etc/mysql_grants.sql"

So the resource value is defined as follows

    def parsed_server_root_password
  return server_root_password if server_root_password
end

And that has a default of ilikerandompasswords.

What happens when you uncomments the line using the databag value?