Root user from another VM (local network) on Mysql 5.7 while using plugin auth_socket












0















I have one virtual machine for my website, and one for my databases (mysql 5.7). The VMs are on debian 9



I would like to connect to mysql from my website VM.



I install everything using ansible so it does not create a root password and that means it uses the plugin auth_socket by default. That also means I can't connect from my website VM with the root user of that VM. I can only connect to the root account if I'm on my databases VM and on the root system user (unless you know how to change this).



So I don't know exactly what to do, but I have found two solutions:
- attribute a password to root and change the plugin to use passwords like here https://www.percona.com/blog/2016/03/16/change-user-password-in-mysql-5-7-with-plugin-auth_socket/
- create a new user called "root2" and give it full privileges on my local network only



What other solution do I have? which one seems optimal?






mysql ansible mariadb







share|improve this question





























    0















    I have one virtual machine for my website, and one for my databases (mysql 5.7). The VMs are on debian 9



    I would like to connect to mysql from my website VM.



    I install everything using ansible so it does not create a root password and that means it uses the plugin auth_socket by default. That also means I can't connect from my website VM with the root user of that VM. I can only connect to the root account if I'm on my databases VM and on the root system user (unless you know how to change this).



    So I don't know exactly what to do, but I have found two solutions:
    - attribute a password to root and change the plugin to use passwords like here https://www.percona.com/blog/2016/03/16/change-user-password-in-mysql-5-7-with-plugin-auth_socket/
    - create a new user called "root2" and give it full privileges on my local network only



    What other solution do I have? which one seems optimal?






    mysql ansible mariadb







    share|improve this question



























      0












      0








      0








      I have one virtual machine for my website, and one for my databases (mysql 5.7). The VMs are on debian 9



      I would like to connect to mysql from my website VM.



      I install everything using ansible so it does not create a root password and that means it uses the plugin auth_socket by default. That also means I can't connect from my website VM with the root user of that VM. I can only connect to the root account if I'm on my databases VM and on the root system user (unless you know how to change this).



      So I don't know exactly what to do, but I have found two solutions:
      - attribute a password to root and change the plugin to use passwords like here https://www.percona.com/blog/2016/03/16/change-user-password-in-mysql-5-7-with-plugin-auth_socket/
      - create a new user called "root2" and give it full privileges on my local network only



      What other solution do I have? which one seems optimal?






      mysql ansible mariadb







      share|improve this question
















      I have one virtual machine for my website, and one for my databases (mysql 5.7). The VMs are on debian 9



      I would like to connect to mysql from my website VM.



      I install everything using ansible so it does not create a root password and that means it uses the plugin auth_socket by default. That also means I can't connect from my website VM with the root user of that VM. I can only connect to the root account if I'm on my databases VM and on the root system user (unless you know how to change this).



      So I don't know exactly what to do, but I have found two solutions:
      - attribute a password to root and change the plugin to use passwords like here https://www.percona.com/blog/2016/03/16/change-user-password-in-mysql-5-7-with-plugin-auth_socket/
      - create a new user called "root2" and give it full privileges on my local network only



      What other solution do I have? which one seems optimal?






      mysql ansible mariadb




      mysql ansible mariadb






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Feb 18 at 22:36







      pedrotester

















      asked Feb 18 at 16:42









      pedrotesterpedrotester

      11




      11






















          1 Answer
          1






          active

          oldest

          votes


















          0














          You can't use an auth socket from another machine, you need to create a mysql user with password and connect over tcp/ip.



          Don't use root, that's such a bad idea. I would suggest an Option 3:



          Create a new user(normally each app would have its own user and database) and give it as few rights, to as few objects as possible (the principle of least privilege). Using root would give your webserver rights to create or drop databases, users, set runtime config etc. All of which is unnessesary and dangerous.



          Ansible provides mysql_user which can create database users: https://docs.ansible.com/ansible/latest/modules/mysql_user_module.html



          Then update your connection string on the webserver and make sure tcp/ip port 3306 is accessible on the database server. Ideally only your dev ip and the webserver should be allowed (again with the least privilege approach. See http://en.wikipedia.org/wiki/Principle_of_least_privilege).






          share|improve this answer
























          • Thank you for confirmation about auth_socket. Now my issue is a bit more complex, it's because I need to run my ansible role directly on my webserver VM and not on my databases VM, and then create mysql users. But for this I would need either root access or a user that can create users and grant privileges. So I guess your advice is to create this user during mysql installation, and then use this user to create the other users from the webserver VM. Do you confirm?

            – pedrotester
            Feb 18 at 19:43











          • In fact, I can't create any user because Ansible does not connect as root for this task (even when I tried to force it to "become" root, I don't know why). So I have no idea how I can change any of this. Impossible to connect to mysql root user to do anything with ansible

            – pedrotester
            Feb 18 at 22:36











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1407092%2froot-user-from-another-vm-local-network-on-mysql-5-7-while-using-plugin-auth-s%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          You can't use an auth socket from another machine, you need to create a mysql user with password and connect over tcp/ip.



          Don't use root, that's such a bad idea. I would suggest an Option 3:



          Create a new user(normally each app would have its own user and database) and give it as few rights, to as few objects as possible (the principle of least privilege). Using root would give your webserver rights to create or drop databases, users, set runtime config etc. All of which is unnessesary and dangerous.



          Ansible provides mysql_user which can create database users: https://docs.ansible.com/ansible/latest/modules/mysql_user_module.html



          Then update your connection string on the webserver and make sure tcp/ip port 3306 is accessible on the database server. Ideally only your dev ip and the webserver should be allowed (again with the least privilege approach. See http://en.wikipedia.org/wiki/Principle_of_least_privilege).






          share|improve this answer
























          • Thank you for confirmation about auth_socket. Now my issue is a bit more complex, it's because I need to run my ansible role directly on my webserver VM and not on my databases VM, and then create mysql users. But for this I would need either root access or a user that can create users and grant privileges. So I guess your advice is to create this user during mysql installation, and then use this user to create the other users from the webserver VM. Do you confirm?

            – pedrotester
            Feb 18 at 19:43











          • In fact, I can't create any user because Ansible does not connect as root for this task (even when I tried to force it to "become" root, I don't know why). So I have no idea how I can change any of this. Impossible to connect to mysql root user to do anything with ansible

            – pedrotester
            Feb 18 at 22:36
















          0














          You can't use an auth socket from another machine, you need to create a mysql user with password and connect over tcp/ip.



          Don't use root, that's such a bad idea. I would suggest an Option 3:



          Create a new user(normally each app would have its own user and database) and give it as few rights, to as few objects as possible (the principle of least privilege). Using root would give your webserver rights to create or drop databases, users, set runtime config etc. All of which is unnessesary and dangerous.



          Ansible provides mysql_user which can create database users: https://docs.ansible.com/ansible/latest/modules/mysql_user_module.html



          Then update your connection string on the webserver and make sure tcp/ip port 3306 is accessible on the database server. Ideally only your dev ip and the webserver should be allowed (again with the least privilege approach. See http://en.wikipedia.org/wiki/Principle_of_least_privilege).






          share|improve this answer
























          • Thank you for confirmation about auth_socket. Now my issue is a bit more complex, it's because I need to run my ansible role directly on my webserver VM and not on my databases VM, and then create mysql users. But for this I would need either root access or a user that can create users and grant privileges. So I guess your advice is to create this user during mysql installation, and then use this user to create the other users from the webserver VM. Do you confirm?

            – pedrotester
            Feb 18 at 19:43











          • In fact, I can't create any user because Ansible does not connect as root for this task (even when I tried to force it to "become" root, I don't know why). So I have no idea how I can change any of this. Impossible to connect to mysql root user to do anything with ansible

            – pedrotester
            Feb 18 at 22:36














          0












          0








          0







          You can't use an auth socket from another machine, you need to create a mysql user with password and connect over tcp/ip.



          Don't use root, that's such a bad idea. I would suggest an Option 3:



          Create a new user(normally each app would have its own user and database) and give it as few rights, to as few objects as possible (the principle of least privilege). Using root would give your webserver rights to create or drop databases, users, set runtime config etc. All of which is unnessesary and dangerous.



          Ansible provides mysql_user which can create database users: https://docs.ansible.com/ansible/latest/modules/mysql_user_module.html



          Then update your connection string on the webserver and make sure tcp/ip port 3306 is accessible on the database server. Ideally only your dev ip and the webserver should be allowed (again with the least privilege approach. See http://en.wikipedia.org/wiki/Principle_of_least_privilege).






          share|improve this answer













          You can't use an auth socket from another machine, you need to create a mysql user with password and connect over tcp/ip.



          Don't use root, that's such a bad idea. I would suggest an Option 3:



          Create a new user(normally each app would have its own user and database) and give it as few rights, to as few objects as possible (the principle of least privilege). Using root would give your webserver rights to create or drop databases, users, set runtime config etc. All of which is unnessesary and dangerous.



          Ansible provides mysql_user which can create database users: https://docs.ansible.com/ansible/latest/modules/mysql_user_module.html



          Then update your connection string on the webserver and make sure tcp/ip port 3306 is accessible on the database server. Ideally only your dev ip and the webserver should be allowed (again with the least privilege approach. See http://en.wikipedia.org/wiki/Principle_of_least_privilege).







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Feb 18 at 19:16









          MisterSmithMisterSmith

          2945




          2945













          • Thank you for confirmation about auth_socket. Now my issue is a bit more complex, it's because I need to run my ansible role directly on my webserver VM and not on my databases VM, and then create mysql users. But for this I would need either root access or a user that can create users and grant privileges. So I guess your advice is to create this user during mysql installation, and then use this user to create the other users from the webserver VM. Do you confirm?

            – pedrotester
            Feb 18 at 19:43











          • In fact, I can't create any user because Ansible does not connect as root for this task (even when I tried to force it to "become" root, I don't know why). So I have no idea how I can change any of this. Impossible to connect to mysql root user to do anything with ansible

            – pedrotester
            Feb 18 at 22:36



















          • Thank you for confirmation about auth_socket. Now my issue is a bit more complex, it's because I need to run my ansible role directly on my webserver VM and not on my databases VM, and then create mysql users. But for this I would need either root access or a user that can create users and grant privileges. So I guess your advice is to create this user during mysql installation, and then use this user to create the other users from the webserver VM. Do you confirm?

            – pedrotester
            Feb 18 at 19:43











          • In fact, I can't create any user because Ansible does not connect as root for this task (even when I tried to force it to "become" root, I don't know why). So I have no idea how I can change any of this. Impossible to connect to mysql root user to do anything with ansible

            – pedrotester
            Feb 18 at 22:36

















          Thank you for confirmation about auth_socket. Now my issue is a bit more complex, it's because I need to run my ansible role directly on my webserver VM and not on my databases VM, and then create mysql users. But for this I would need either root access or a user that can create users and grant privileges. So I guess your advice is to create this user during mysql installation, and then use this user to create the other users from the webserver VM. Do you confirm?

          – pedrotester
          Feb 18 at 19:43





          Thank you for confirmation about auth_socket. Now my issue is a bit more complex, it's because I need to run my ansible role directly on my webserver VM and not on my databases VM, and then create mysql users. But for this I would need either root access or a user that can create users and grant privileges. So I guess your advice is to create this user during mysql installation, and then use this user to create the other users from the webserver VM. Do you confirm?

          – pedrotester
          Feb 18 at 19:43













          In fact, I can't create any user because Ansible does not connect as root for this task (even when I tried to force it to "become" root, I don't know why). So I have no idea how I can change any of this. Impossible to connect to mysql root user to do anything with ansible

          – pedrotester
          Feb 18 at 22:36





          In fact, I can't create any user because Ansible does not connect as root for this task (even when I tried to force it to "become" root, I don't know why). So I have no idea how I can change any of this. Impossible to connect to mysql root user to do anything with ansible

          – pedrotester
          Feb 18 at 22:36


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1407092%2froot-user-from-another-vm-local-network-on-mysql-5-7-while-using-plugin-auth-s%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          How do I know what Microsoft account the skydrive app is syncing to?

          Image
          up vote 4 down vote favorite 1 Some time ago, I set up skydrive for my wife on her mac. But now she wants to access the files online, I cannot remember what Microsoft account I setup and linked her skydive app to and nor can I see anything in the skydrive app settings to tell me either? How can I see the name of the Microsoft account the skydive app is currently linked to? I would like to know this for skydrive app for Mac and PC onedrive share | improve this question asked Feb 25 '13 at 4:52 Gary Barrett 260 2 5 12
          Read more

          When does type information flow backwards in C++?

          Image
          up vote 62 down vote favorite 19 I just watched Stephan T. Lavavej talk at CppCon 2018 on "Class Template Argument Deduction", where at some point he incidentally says: In C++ type information almost never flows backwards ... I had to say "almost" because there's one or two cases, possibly more but very few . Despite trying to figure out which cases he might be referring to, I couldn't come up with anything. Hence the question: In which cases the C++17 standard mandates that type information propagate backwards? c++ language-lawyer c++17 share | improve this question edited 7 hours ago scohe0
          Read more

          Grease: Live!

          Image
          A tradução deste artigo está abaixo da qualidade média aceitável. É possível que tenha sido feita por um tradutor automático ou por alguém que não conhece bem o português ou a língua original do texto. Caso queira colaborar com a Wikipédia, tente encontrar a página original e melhore este verbete conforme o guia de tradução. Grease: Live! Grease: Live!  (PRT/BRA)  Estados Unidos 2016 •   cor •   130 min. min   Direção Thomas Kail Alex Rudzinski Produção Marc Platt Adam Siegel Roteiro Allan Carr Robert Cary Warren Casey Jim Jacobs Jonathan Tolins Bronte Woodard Baseado em Grease (musical) Grease (filme) Elenco Julianne Hough Aaron Tveit Vanessa Hudgens Carlos Pena Jr. Keke Palmer Carly Rae Jepsen Kether Donohue Jordan Fisher David Del Rio Andrew Call Gênero Musical Música Tom Kitt Figurino William Ivey Long Companhia(s) produtora(s) Warner Bros. Studios Distribuição Fox Lançamento 31 de Janei
          Read more