orchestra team mailing list archive
Mailing list archive
Re: Use of debconf for preseeding mysql password
On Tue, Jun 14, 2011 at 8:50 PM, Adam Gandelman
> I've recently been working on an Openstack puppet module that requires a
> secondary module for setting up a mysql server/database/users/etc . I
> was running into some issues with this module that I was able to work around
>  by using the orchestra-debconf module to pre-seed the root passwd much
> in the same way its done in the current orchestra-mysql module.
> Revisiting the original issue today, I was looking at the mysql-server
> packages and noticed a fix in the changelog that resolved debian bug #513262
>  Basically: "Best practice for password prompting with debconf is to
> call db_reset to clear the password out of the database as soon as possible
> after you use it."
> I believe the plan is to merge the puppetlabs and orchestra mysql modules at
> some point in the future. If this happens soon, would it be acceptable to
> rely on the functionality provided by the puppetlabs module for setting the
> mysql root password instead of debconf? Theirs relies on the root password
> stored in my.cnf which is probably no safer, but that is one purpose of that
> file and it wouldn't reverting a previously fixed bug.
> Grep'ing thru the orchestra modules, the mysql modules are the only ones
> that makes use of debconf for this purpose but it might be a good idea to
> avoid using debconf database as a passwd store in future modules.
Have a look at how the cobbler package does the mysql password
handling. I fixed it recently in this way, per advice from the Ubuntu
See if that helps?
Manager, Systems Integration