Error in "root password is present" step

[saurabhnanda]

Expected behavior
Don't expect this step to fail.

Actual behavior

TASK [dev-sec.mysql-hardening : root password is present] *************************************************************************************************************
[WARNING]: Module did not set no_log for update_password
failed: [wordpress] (item=::1) => {"ansible_loop_var": "item", "changed": false, "item": "::1", "msg": "unable to connect to database, check login_user and login_password are correct or /root/.my.cnf has the credentials. Exception message: (1045, \"Access denied for user 'root'@'localhost' (using password: NO)\")"}
failed: [wordpress] (item=127.0.0.1) => {"ansible_loop_var": "item", "changed": false, "item": "127.0.0.1", "msg": "unable to connect to database, check login_user and login_password are correct or /root/.my.cnf has the credentials. Exception message: (1045, \"Access denied for user 'root'@'localhost' (using password: NO)\")"}
failed: [wordpress] (item=localhost) => {"ansible_loop_var": "item", "changed": false, "item": "localhost", "msg": "unable to connect to database, check login_user and login_password are correct or /root/.my.cnf has the credentials. Exception message: (1045, \"Access denied for user 'root'@'localhost' (using password: NO)\")"}

OS / Environment

• Mac OSX deploying to Ubuntu 18.04

Ansible Version

ansible 2.9.10
  config file = None
  configured module search path = ['/Users/saurabhnanda/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.9.10/libexec/lib/python3.8/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.8.3 (default, Jul 13 2020, 10:05:03) [Clang 7.0.2 (clang-700.1.81)]

Role Version
Seems to be 2.2.1

[rndmh3ro]

Hey @saurabhnanda,

did you set the mysql_root_password variable?

[stianlik]

I'm having the same issue in Debian buster. It looks like the default root user is restricted to a local socket connection and will not be permitted to login through the network interface (default = localhost). As a workaround, I set the root user password before loading the hardening role using the snippet below.

- name: workaround for dev-sec.mysql-hardening
  block:
    - name: reset root user for mariadb by connecting to socket
      mysql_user:
        name: root
        password: "{{ mysql_root_password }}"
        login_unix_socket: /var/run/mysqld/mysqld.sock
    - name: install .my.cnf with credentials
      copy:
        content: |
          [client]
          user=root
          password='{{ mysql_root_password | mandatory }}'
        dest: "{{ ansible_env.HOME}}/.my.cnf"
        mode: 0400

A better solution will be to update the role with support for socket connections.

[rndmh3ro]

A better solution will be to update the role with support for socket connections.

They're supported now.