Попытка установить Cloudera Enterprise 5.16.x на Rhel 7.6. Я пытаюсь следовать следующему руководству из https://www.cloudera.com/documentation/enterprise/5-16-x/topics/install_cm_mariadb.html. Я написал доступную книгу для вышеуказанных команд. Всякий раз, когда я пытаюсь предоставить привилегии пользователю.
GRANT ALL ON <database>.* TO '<user>'@'%' IDENTIFIED BY '<password>';
Я получаю следующую ошибку, если пытаюсь использовать ansbile.
Traceback (most recent call last):
File "/tmp/ansible_mysql_db_payload_agOLmm/__main__.py", line 373, in main
changed = db_create(cursor, db, encoding, collation)
File "/tmp/ansible_mysql_db_payload_agOLmm/__main__.py", line 240, in db_create
cursor.execute(query, query_params)
File "/usr/lib64/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
self.errorhandler(self, exc, value)
File "/usr/lib64/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
OperationalError: (1044, "Access denied for user 'root'@'localhost' to database 'oozie'")
failed: [cloudera-node1.cisco.com] (item=oozie) => {
"ansible_loop_var": "item",
"changed": false,
"invocation": {
"module_args": {
"ca_cert": null,
"client_cert": null,
"client_key": null,
"collation": "",
"config_file": "/root/.my.cnf",
"connect_timeout": 30,
"encoding": "utf8",
"ignore_tables": [],
"login_host": "localhost",
"login_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"login_port": 3306,
"login_unix_socket": null,
"login_user": "root",
"name": "oozie",
"quick": true,
"single_transaction": false,
"state": "present",
"target": null
}
},
"item": "oozie",
"msg": "error creating database: (1044, \"Access denied for user 'root'@'localhost' to database 'oozie'\")"
}
Вот пример доступного playbook main.yml в ролях / management / task / main.yml
Пример main.yml
- name: install mariadb-server
yum:
name: "{{ packages }}"
vars:
packages:
- mariadb-server
tags: mariadb
- name: stop the mariadb service
service:
name: mariadb
state: stopped
enabled: yes
tags: mariadb
- name: Take backup of the ib_lofile0 and ib_logfile1
command: "{{ item }}"
register: command_output
ignore_errors: true
with_items:
- mv /var/lib/mysql/ib_logfile0 /root/ib_logfile0.bkp
- mv /var/lib/mysql/ib_logfile1 /root/ib_logfile1.bkp
tags: mariadb
- name: Copy my.conf to /etc/my.conf
template:
src: "{{role_path}}/templates/my.cnf"
dest: /etc/my.cnf
owner: root
group: root
mode: '0644'
backup: yes
tags: mariadb
- name: start the mariadb.service
command: "{{ item }}"
with_items:
- systemctl enable mariadb.service
tags: mariadb
- name: start the mariadb service
service:
name: mariadb
state: started
enabled: yes
tags: mariadb
- name: Adds Python MySQL support on RedHat/CentOS
yum: name=MySQL-python state=present
when: ansible_os_family == 'RedHat'
tags: mysql
- name: Set the root password
mysql_user:
login_user: root
login_password: "{{ mysql_root_password }}"
user: root
password: "{{ mysql_root_password }}"
host: localhost
check_implicit_admin: yes
tags: mysql
- name: Removes all anonymous user accounts
mysql_user:
login_user: root
login_password: "{{ mysql_root_password }}"
name: ''
host_all: yes
state: absent
tags: mysql
- name: Secure the root user for IPV6 localhost (::1), localhost (127.0.0.1), localhost domain and server hostname domain
mysql_user:
login_user: root
login_password: "{{ mysql_root_password }}"
name: root
password: "{{ mysql_root_password }}"
host: "{{ item }}"
with_items:
- "::1"
- "127.0.0.1"
- "localhost"
- "{{ ansible_fqdn }}"
tags: mysql
- name: Removes the test database
mysql_db:
login_user: root
login_password: "{{ mysql_root_password }}"
db: test
state: absent
tags: mysql
- name: Flushes the user priveleges
mysql_user:
login_user: root
login_password: "{{ mysql_root_password }}"
name: root
password: "{{ mysql_root_password }}"
priv: "*.*:ALL"
state: present
check_implicit_admin: yes
tags: mysql
- name: Create a list of databases with encoding as utf-8
mysql_db:
login_user: root
login_password: "{{ mysql_root_password }}"
name: '{{ item }}'
state: present
encoding: utf8
with_items:
- "amon"
- "scm"
- "rman"
- "metastore"
- "nav"
- "hue"
- "navms"
- "sentry"
- "oozie"
tags: mysql_db_create
- name: Dump all the database
mysql_db:
login_user: root
login_password: "{{ mysql_root_password }}"
name: all
state: dump
encoding: utf8
target: "{{ temp_folder }}/clouderadb.sql"
tags: mysql_db_create
- name: Set mysql user privileges
mysql_user:
login_user: root
login_password: "{{ mysql_root_password }}"
name: root
password: "{{ mysql_root_password }}"
priv: "{{ item }}"
state: present
update_password: on_create
with_items:
- 'amon.*:ALL'
- "scm.*:ALL"
- "rman.*:ALL"
- "metastore.*:ALL"
- "nav.*:ALL"
- "hue.*:ALL"
- "navms.*:ALL"
- "sentry.*:ALL"
- "oozie.*:ALL"
tags: mysql_db_create
Когда я подключаюсь к базе данных mysql из cli. Я вижу, что только база данных amon имеет доступ к привилегиям root.
MariaDB [(none)]> SHOW GRANTS for 'root'@'localhost';
+-------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*B3AB897994763B468137496DD4FD8507F755DB55' |
| GRANT ALL PRIVILEGES ON `amon`.* TO 'root'@'localhost' |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+-------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| amon |
| hue |
| metastore |
| mysql |
| nav |
| navms |
| oozie |
| performance_schema |
| rman |
| scm |
| sentry |
+--------------------+
12 rows in set (0.00 sec)
MariaDB [(none)]> SELECT User,Host FROM mysql.user;
+------+--------------------------+
| User | Host |
+------+--------------------------+
| root | % |
| root | 127.0.0.1 |
| root | ::1 |
| root | cloudera-node1.cisco.com |
| root | localhost |
+------+--------------------------+
5 rows in set (0.00 sec)