mysql_user overwrite the user password to the same thing #543
Comments
|
Files identified in the description: If these files are inaccurate, please update the |
ansibullbot
added
affects_2.10
bug
|
@camaer thanks for reporting this. Three questions:
I'm trying to figure out maybe it's not because of passing passwords |
Andersson007
added
the
needs_info
|
Hey @Andersson007,
Let me know if there is any other test I can run. |
ansibullbot
removed
the
needs_info
|
@camaer thanks for the info! |
|
1. First run: 2. Second run: After subsequent runs changed False as expected. Needs to be fixed |
|
Glad you were able to reproduce it ! Thanks for your work ! Closing the issue. |
|
@camaer , merged thanks! |
|
Just wanted to note that I've found the same issue on both Ubuntu 20.04 and Debian 10's built-in versions of MySQL with Python 3.x: geerlingguy/ansible-role-drupal#77 I'm assuming this updated version of the |
|
Alternatively, could the PR that fixes this issue be backported into Ansible 2.9.x? It's an LTS release and this bug will start hitting more and more people as they upgrade servers to Debian 10/Ubuntu 20.04. |
|
@geerlingguy ansible/ansible#70833 done, thanks for the suggestion! |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Aug 24, 2020
v2.9.12 ======= Minor Changes ------------- - ansible-test - the ACME test container was updated, it now supports external account creation and has a basic OCSP responder (ansible/ansible#71097, https://github.com/ansible/acme-test-container/releases/tag/2.0.0). - debconf - add a note about no_log=True since module might expose sensitive information to logs (ansible/ansible#32386). Security Fixes -------------- - **security issue** - copy - Redact the value of the no_log 'content' parameter in the result's invocation.module_args in check mode. Previously when used with check mode and with '-vvv', the module would not censor the content if a change would be made to the destination path. (CVE-2020-14332) - **security issue** atomic_move - change default permissions when creating temporary files so they are not world readable (ansible/ansible#67794) (CVE-2020-1736) - Fix warning for default permission change when no mode is specified. Follow up to ansible/ansible#67794. (CVE-2020-1736) - Sanitize no_log values from any response keys that might be returned from the uri module (CVE-2020-14330). - reset logging level to INFO due to CVE-2019-14846. Bugfixes -------- - Address compat with rpmfluff-0.6 for integration tests - Ensure password passed in by -k is used on delegated hosts that do not have ansible_password set - Template connection variables before using them (ansible/ansible#70598). - Terminal plugins - add "\e[m" to the list of ANSI sequences stripped from device output - add magic/connection vars updates from delegated host info. - ansible-galaxy collection install - fix fallback mechanism if the AH server did not have the collection requested - ansible/ansible#70940 - ansible-test - Add ``pytest < 6.0.0`` constraint for managed installations on Python 3.x to avoid issues with relative imports. - ansible-test - Change detection now properly resolves relative imports instead of treating them as absolute imports. - api - time.clock is removed in Python 3.8, add backward compatible code (ansible/ansible#70649). - avoid clobbering existing facts inside loop when task also returns ansible_facts. - basic - use PollSelector implementation when DefaultSelector fails (ansible/ansible#70238). - cron - encode and decode crontab files in UTF-8 explicitly to allow non-ascii chars in cron filepath and job (ansible/ansible#69492) - ensure delegated vars can resolve hostvars object and access vars from hostvars[inventory_hostname]. - facts - account for Slackware OS with ``+`` in the name (ansible/ansible#38760) - facts - fix incorrect UTC timestamp in ``iso8601_micro`` and ``iso8601`` - fix issue with inventory_hostname and delegated host vars mixing on connection settings. - hashi_vault - Handle equal sign in key=value (ansible/ansible#55658). - ipa_hostgroup - fix an issue with load-balanced ipa and cookie handling with Python 3 - (ansible/ansible#71110). - lineinfile - fix not subscriptable error in exception handling around file creation - linux network facts - get the correct value for broadcast address (ansible/ansible#64384) - mysql_user - fix overriding password to the same (ansible-collections/community.general#543). - net_put - Fixed UnboundLocalError when there is no change This is a backport from U(ansible-collections/ansible.netcommon#6) - nxos_user - do not fail when a custom role is used (ansible-collections/cisco.nxos#130) - ovirt_vm - fix cd_iso search - playbooks - detect and propagate failures in ``always`` blocks after ``rescue`` (ansible/ansible#70000) - profile_tasks - typecast result before slicing it (ansible/ansible#59059). - reboot - Add support for the runit init system, used on Void Linux, that does not support the normal Linux syntax. - redfish_info, redfish_config, redfish_command - Fix Redfish response payload decode on Python 3.5 (ansible/ansible#65889) - shell - fix quoting of mkdir command in creation of remote_tmp in order to allow spaces and other special characters (ansible/ansible#69577). - templating - fix error message for ``x in y`` when y is undefined (ansible/ansible#70984) - unarchive - check ``fut_gid`` against ``run_gid`` in addition to supplemental groups (ansible/ansible#49284) - user - don't create home directory and missing parents when create_home == false (ansible/ansible#70600). - yum - fix yum list crashing if repoquery (used internally) prints errors in stdout (ansible/ansible#56800)
|
i have the same issue with |
|
@aceqbaceq hi, thanks for the feedback! |
|
i have the same issue with:
|
|
@pospelov-v thanks for the feedback! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SUMMARY
When using the module mysql_user to create a user the first run results in the user being created. The username and credential are working correctly. The issue is if we run the same step another time, the password seems to be updated but to the same value which return a 'Changed' in the playbook
ISSUE TYPE
COMPONENT NAME
mysql_user
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Ubuntu 20.04
STEPS TO REPRODUCE
Use mysql_user to create a new user. Run the step 1 time to create said user. Run it a second time. It will result in a changed even if nothing really changed
EXPECTED RESULTS
The second run should return 'OK'. This is confusing because we might think the password has been changed to something else if we don't have verbose on.
ACTUAL RESULTS
First run:
Credentials are working correctly.
Second run:
The second run seems to be updating the password but to the same value as in the first run. You can confirm this since the previous credentials should still work. Shouldn't it return OK instead ?
Subsequent runs are fine and return OK
The text was updated successfully, but these errors were encountered: