Expired password #373

Closed
marabesi opened this Issue Dec 2, 2016 · 12 comments

Projects

None yet

4 participants

@marabesi
marabesi commented Dec 2, 2016

Please note that the Homestead issue tracker is reserved for bug reports and
enhancements. We are not always able to debug Vagrant, Virtualbox, VMWare, or Operating System issues but will do our best to help. Thank you!

Vagrant version

Vagrant 1.8.4

Provider & Provider version

Virtualbox 4.3.38r106717

Host operating system

Linux elementary OS 0.3.2 Freya (64-bit) - Built on Ubuntu 14.04

Homestead.yaml

---
ip: "192.168.10.10"
memory: 2048
cpus: 1
provider: virtualbox
version: "0.3.3"
authorize: ~/.ssh/id_rsa.pub
keys:
    - ~/.ssh/id_rsa
folders:
    - map: ~/Code/TrueRev
      to: /home/vagrant/Code/TrueRev
sites:
    - map: truerev.dev
      to: /home/vagrant/Code/TrueRev/public        
databases:
    - homestead
    - truerev_testing
# blackfire:
#     - id: foo
#       token: bar
#       client-id: foo
#       client-token: bar
# ports:
#     - send: 50000
#       to: 5000
#     - send: 7777
#       to: 777
#       protocol: udp

Vagrant up output

https://gist.github.com/marabesi/7ea2a575b6e0c06b59f3384f10bab3b1

Expected behavior

Vagrant should have migrated the files into the database successfully.

Actual behavior

The vagrant up command fails with the following

==> default:   SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.  
==> default:                                                                                                                                   
==> default:                                                                                                                                   
==> default:   [PDOException]                                                                                                                  
==> default:   SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.  

Steps to reproduce

  1. git clone https://github.com/laravel/homestead.git ~/homestead
  2. add the follwoing line to your ~/.homestead/Homestead.yaml
version: "0.3.3"
  1. cd ~/homestead && vagrant up

References

@svpernova09
Collaborator

You're using really far out of date versions.

Your Virtualbox version is way out of date. Please upgrade to 5.1.x and also make sure you update Homestead to 3.1.

If you have to use an old version for a project that's understandable, but you should try to upgrade to stay up to date.

A solution to your problem is putting the commands to reset the mysql password in your after.sh shell script. That should fix the issue every time you provision that version of the environment.

@svpernova09 svpernova09 closed this Dec 2, 2016
@marabesi
marabesi commented Dec 3, 2016

Hello @svpernova09 ok no problem thanks for your time.

Just a quick correction in your solution, is not possible to add the mysql command into after.sh. This is because homestead executes previous sql statements that rises the error.

Also I know that this issue is not caused by virtualbox version, this issue is in the MySQL.

Anyway, thanks !

@andrewhood125
Contributor

@marabesi when did you first notice this issue? I have a hunch it's based off of when the vm was built https://github.com/laravel/settler that is. If that' the case and you wanted to stick with the 0.3.x series of settler. It would require at the very minimum of a new release of that series. Which is very unlikely to happen since the latest is 0.6.1. Settler would be the right place to set a password that doesn't expire. Are you unable to upgrade to the lastest? I'll try and recreate this. I wonder if the bug still exists with the most up-to-date vm boxes they just haven't hit the default password expiry. I've read that it's 6 months somewhere but I've seen conflicting information.

https://atlas.hashicorp.com/laravel/boxes/homestead
https://github.com/laravel/settler
https://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html

@marabesi
marabesi commented Dec 5, 2016

Hello @andrewhood125 I just noticed this issue because I was trying to create a shell script to automate the homestead + vagrant setup.

The issue is really simple, when I use the 0.3.3 box I can't execute any mysql commands till I update the password.

@w0rd-driven

The later boxes don't have this problem because MySQL 5.7.10 relaxed the default_password_lifetime setting back to 0 from 360. The date of the passwords for homestead and root were set on 11/13/2015, 360 days after that, or 11/7/2016, both of those passwords expired. The key to noticing this is in the note section of https://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html, specifically From MySQL 5.7.4 to 5.7.10, the default default_password_lifetime value is 360

The fix of setting the password is only a bandaid as 360 days from provisioning the password will expire again.

While Homestead v3+ allows you to set the version like this, the provisioning scripts run service php7-fpm restart which won't work on this box as it's PHP 5.6. If your intention is to support 5.6 it's better to use Homestead v2 and as such, apply the more permanent fix there.

It would look something like the following:

#!/usr/bin/env bash

cat > ~/.my.cnf << EOF
[client]
user = homestead
password = secret
host = localhost
EOF

DB=$1;

block="[mysqld]
default_password_lifetime = 0"
echo "$block" > "/etc/mysql/conf.d/password_expiration.cnf"

service mysql restart

mysql -e "CREATE DATABASE IF NOT EXISTS \`$DB\` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_unicode_ci";

Note: This will not work for any other version the box because the mysql config directory changed in higher versions of MySQL 5.7 as well. It should no longer be needed honestly, or at least until the MySQL gods wish to inflict this scourge upon us again.

@andrewhood125
Contributor

@w0rd-driven thanks for the research here. MySQL 5.7.10 relaxed the default_password_lifetime setting back to 0 from 360.

So it sounds like we need an answer here if Homestead is going to support PHP 5.6 and for how long we will do that. @taylorotwell, @svpernova09 ?

@svpernova09
Collaborator

IMHO we should support Homestead (as best we can) to support the same versions of PHP that the framework itself requires. Which would mean to support Laravel 5.1 we'd have to support PHP >= 5.5.9

@w0rd-driven

I don't think I mentioned it, but the later versions of settler and subsequently boxes > 0.3.3 have the default_password_lifetime explicitly set to 0 as covered by laravel/settler#60. http://mysqlserverteam.com/an-update-on-default_password_lifetime/ talks about the option possibly being revisited in the future so it's good that it's already handled.

Fortunately, it seems this issue is only specific to 0.3.3.

I submitted this PR to settler and the work involved was extensive to say the least, just to try to upgrade MySQL beyond v5.7.10. The box I created from this patch is primarily functional but I don't have projects that would put Postgres, HHVM, Redis, or any of the other services through their paces. The easier fix is to just patch Homestead as I couldn't guarantee the changes in ppas or system packages didn't radically destabilize the system.

@andrewhood125
Contributor
andrewhood125 commented Dec 6, 2016 edited

So if someone took 0.3.3 and:

"default_password_lifetime = 0" >> /etc/mysql/my.cnf
mysql --connect-expired-password -e "SET PASSWORD = PASSWORD('secret');";

or something close to that.

Repackaged it as 0.3.4 it would fix the problem right?

@svpernova09 seems totally fair. So that would put this in the "needs to be fixed" bucket. Can we reopen?

@svpernova09 svpernova09 reopened this Dec 7, 2016
@svpernova09 svpernova09 self-assigned this Dec 7, 2016
@svpernova09
Collaborator

Where you have Homestead installed open scripts/homestead.rb and look for a line that is similar to config.vm.box = settings["box"] ||= "laravel/homestead" and change that line to config.vm.box = settings["box"] ||= "Svpernova09/homestead-legacy"

If there is a line similar to config.vm.box_version = settings["version"] ||= ">= X.X.X" where X.X.X is a version, comment that line out by putting a # in front of it.

Run vagrant up and the box will download. Let me know if that solves your problem. If that does work please let me know what version of Homestead you're using.

@w0rd-driven

You wouldn't need to call mysql --connect-expired-password -e "SET PASSWORD = PASSWORD('secret');"; at all, unless you wanted to reset the password time.

Setting default_password_lifetime is enough to solve the problem the next time MySQL is started.

@svpernova09
Collaborator

@w0rd-driven See my previous comment and let me know if that solves your problem.

@svpernova09 svpernova09 closed this Dec 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment