orchestra team mailing list archive
-
orchestra team
-
Mailing list archive
-
Message #00010
Use of debconf for preseeding mysql password
Hi All-
I've recently been working on an Openstack puppet module that requires a
secondary module for setting up a mysql server/database/users/etc [1].
I was running into some issues with this module that I was able to work
around [2] by using the orchestra-debconf module to pre-seed the root
passwd much in the same way its done in the current orchestra-mysql module.
Revisiting the original issue today, I was looking at the mysql-server
packages and noticed a fix in the changelog that resolved debian bug
#513262 [3] Basically: "Best practice for password prompting with
debconf is to call db_reset to clear the password out of the database as
soon as possible after you use it."
I believe the plan is to merge the puppetlabs and orchestra mysql
modules at some point in the future. If this happens soon, would it be
acceptable to rely on the functionality provided by the puppetlabs
module for setting the mysql root password instead of debconf? Theirs
relies on the root password stored in my.cnf which is probably no safer,
but that is one purpose of that file and it wouldn't reverting a
previously fixed bug.
Grep'ing thru the orchestra modules, the mysql modules are the only ones
that makes use of debconf for this purpose but it might be a good idea
to avoid using debconf database as a passwd store in future modules.
Thoughts?
Adam
[1] https://github.com/puppetlabs/puppetlabs-mysql
[2]
https://github.com/gandelman-a/puppetlabs-mysql/commit/1cd2c7bbf2c45411f7ac3ff235b2275e864c1d26
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513262
Follow ups