General discussion about Chef

[chef] I continue to understand why database create doesn't work (opscode database coobook) ...


Chronological Thread 
  • From: Vladimir Skubriev < >
  • To:
  • Subject: [chef] I continue to understand why database create doesn't work (opscode database coobook) ...
  • Date: Wed, 23 Oct 2013 17:02:56 +0400
I use the following code in my own cookbook redmine:

http://pastebin.com/VUHDCZnh

And use each time I use a new container with ubuntu 12.04 lts and new node in chef

A whole clear environment )

If I uncomment this

node.set['mysql']['server_root_password']= ""
node.set['mysql']['server_repl_password']= ""
node.set['mysql']['server_debian_password']= ""

Then recipe will break on error:

FATAL: Mysql::Error: mysql_database[redmine] (credmine::database line 49) had an error: Mysql::Error: Access denied for user 'root'@'localhost' (using password: YES)

in this code


# Using database cookbook ::: to create redmine database
mysql_database node.run_state['redmine-mysql-name'] do
  connection mysql_connection_info
  action :create
end


Why this error occurs ?

I use this code to clear password from chef node attributes, because this is no good.

And why this occurs clear attributes code in the end of recipe?

How I can use a databags with mysql cookbook secure ?


Some code of _loaddatabags.rb

# ------------------------------------------------------------------------------
databag = node['databag_redmine_mysql_root']['name']
item = node['databag_redmine_mysql_root']['item']
secretfile = Chef::EncryptedDataBagItem.load_secret("#{node['chef']['privatekeysdir']}/#{databag}/#{item}")
retriveditem = Chef::EncryptedDataBagItem.load(databag,item, secretfile)
#node.run_state['redmine_mysql_root_password'] = retriveditem['password']

## We must override mysql server_root_password, server_repl_password, server_debian_password for mysql cookbook
## If we setup node attibute then this attribute are in the server chef after chef run
## It is not secure !
## We need to ensure that this node attribute will clear at the end of recipe
# ------- Setup mysql service users passwords used in cookbook for succesful installation of MYSQL
node.set['mysql']['server_root_password'] = retriveditem['password']
node.set['mysql']['server_repl_password'] = retriveditem['password']
node.set['mysql']['server_debian_password'] = retriveditem['password']
# ------- Need to delete this attributes in the end of recipes.
 


Excusme for bad english. I has no time. I spend much time to find this reason (

-- 
Best regards,

CVision Lab System Administrator
Vladmir Skubriev

Archive powered by MHonArc 2.6.16.

§