Page MenuHomekolab.org

setup-kolab should support mysql unix_socket authentication
Open, WishlistPublic

Description

When running setup-kolab you only have 2 options: new OR existing

  • new: will reset the mysql root server password and changes the method to native_password
  • existing: asks for a root given password

MariaDB 10.4+ (Debian Stretch and Buster) comes with unix_socket authentication enabled per default. Aka ... there's no default root password. If you select "new" it will automatically changes root@localhost from unix_socket to native_password which breaks other maintenance scripts.

It would be great if setup-kolab could/would support unix_socket authentication for creating kolab and roundcube user/database.

Possible solutions:

  1. add a 3rd option (new, existing, unix_socket). unix_socket would be similar to existing but without password. While this sounds nice in the first place, other setup parts (roundcube, syncrotron) don't know about it and will ask for rootpw
  1. When asking for the rootpw we could say: the string unix_socket triggers the unix_socket authentication instead of pw authentication.

I personally think that solution 2 is viable. We could support the new unix_socket auth plugin and don't have to change too many arguments or setup logic only for the one-time setup.

Details

Ticket Type
Task

Event Timeline

dhoffend updated the task description. (Show Details)
dhoffend added a project: PyKolab.
dhoffend added a subscriber: PyKolab Developers.

Example:

--- setup_mysql.py.bak  2019-11-19 00:37:07.398064712 +0100
+++ setup_mysql.py      2019-11-19 00:46:13.000342080 +0100
@@ -143,6 +143,9 @@
                 _("""
                     Please supply the root password for MySQL, so we can set
                     up user accounts for other components that use MySQL.
+
+                    Use password 'unix_socket' if you're using MariaDBs
+                    unix_socket authentication plugin.
                 """)
             )

@@ -222,13 +225,33 @@
         p1.stdout.close()
         p2.communicate()

-    data = """
+    socket_path = None
+    socket_paths = [
+        "/var/lib/mysql/mysql.sock",
+        "/var/run/mysqld/mysqld.sock",
+        "/var/run/mysql/mysql.sock"
+    ]
+    for sp in socket_paths:
+        if os.path.exists(sp):
+            socket_path = sp
+
+    if mysql_root_password == "unix_socket" and socket_path is not None:
+        data = """
+[mysql]
+user=root
+password=
+host=localhost
+socket=%s
+""" % (mysql_root_password, socket_path)
+    else:
+        data = """
 [mysql]
 user=root
 password='%s'
 host=%s
 """ % (mysql_root_password, conf.mysqlhost)

+
     fp = open('/tmp/kolab-setup-my.cnf', 'w')
     os.chmod('/tmp/kolab-setup-my.cnf', 600)
     fp.write(data)

Please comment: If that's okay, I would start writing the patch.

This is especially useful for fully automated setup runs like

setup-kolab \
[...]
--mysqlserver=existing \
--mysqlrootpw=unix_socket
[...]

I know using the pw variable is not as clean as introducing x new variables ... but it might be okay for a one-time setup routine if documented probably.

Otherwise we would need to introduce a new command line parameter "mysqlsocketpath" which we can set for socket communication and authentication ... well ... that can still be done later