Create MySQL hashed password for Puppet password_hash setting

‹ Switching from GoDaddy.com to Namecheap.com | There Is a Bird On Your Head! ›

To generate a password_hash for a MySQL user in the puppetlabs-mysql Puppet Forge module, run the mysql command line program and run the query SELECT PASSWORD('opensaysme'); where opensaysme is the password you want to use for the MySQL user. For example:

mysql> SELECT PASSWORD('opensaysme');
+-------------------------------------------+
| PASSWORD('opensaysme')                    |
+-------------------------------------------+
| *6B45C7E73B8364862214A895AE7E1AB62B58BE72 |
+-------------------------------------------+

You can then add this to the users parameter in your puppet manifest file to create a MySQL user without embedding a plaintext password in the manifest.

For example, in a simple Vagrant or cheap hosting setup where the webserver and the database are on the same computer, a puppet manifest using puppetlabs-mysql to manage a single MySQL user user_name with password opensaysme and access to a single MySQL database database_name might look like this:

class { '::mysql::server':
   databases => {
      'database_name' => {
         ensure  => 'present',
         charset => 'utf8',
      },
   },

   users => {
      'user_name@localhost' => {
         ensure => 'present',
         password_hash => '*6B45C7E73B8364862214A895AE7E1AB62B58BE72',
      },
   },

   grants => {
      'user_name@localhost/database_name.*' => {
         ensure => 'present',
         privileges => ['ALL'],
         table => 'database_name.*',
         user => 'user_name@localhost',
      },
   },
}

 

Comments

Excellent post! Thank you - I spent an hour struggling with this until I found your site.

Subscribe to All Posts - Wesley Tanaka