tags:

views:

83

answers:

1

The script below works great when logged in as root and run from the command line, but when run at first boot using /etc/rc.local in Ubuntu 10.04, it fails about 25% of the time- the system root, mysql root and some mysql user passwords are set correctly, but one will fail with console log reporting standard mysql login error: "ERROR 1045 (28000): Access denied for user 'root' @ 'localhost' (using password: YES)"

Is there something about running python scripts from init jobs that I should account for, such as an environment variable?

#!/usr/bin/env python 
# Randomizes and outputs to files the system root and mysql user passwords 
files = ['/home/ubuntu/passwords','/opt/data1/alfresco/extensions/ 
extension/alfresco-global.properties','/opt/data/etc/mysql/ 
debian.cnf','/home/ubuntu/duncil'] 
userpasswords = {'root':'ROOTPASSWORD'} 
mysqlpasswords = 
{'root':'MYSQLPASSWORD','alfresco':'alfrescoPASSWORD','debian-sys- 
maint':'debian-sys-maintPASSWORD'} 
otherpasswords = ['OTHERPASSWORD'] 
log = '/var/log/firstrun' 
import random, string 
import crypt 
import re 
from subprocess import PIPE, Popen 
def getsalt(chars = string.letters + string.digits): 
    # generate a random 2-character 'salt' 
    return random.choice(chars) + random.choice(chars) 
def getpwd(chars = string.letters + string.digits, len = 12): 
    retval = ""; 
    for i in range(0, len): 
    # generate 12 character alphanumeric password 
        retval += random.choice(chars) 
    return retval 
def replace_pass(filename): 
    handle = open(filename, 'r') 
    hbuf = handle.read() 
    handle.close() 
    for placeholder, password in pdict.iteritems(): 
        hbuf = re.sub(placeholder, password, hbuf) 
    try: 
        # Output file 
        handle = open(filename, 'w') 
        handle.write(hbuf) 
        handle.close() 
    except: 
        pass 
        #logh.write('failed to update ' + filename  + "\n") 
        #logh.write('maybe you don\'t have permision to write to it?\n') 
logh = open(log, "a") 
logh.write("Starting...\n") 
# Generate passwords 
pdict = {} 
for user, placeholder in userpasswords.iteritems(): 
    syspass = getpwd() 
    Popen(['usermod', '--password', crypt.crypt(syspass, getsalt()), user]) 
    logh.write(placeholder + ": User " + user + " --> " + syspass + "\n") 
    pdict[placeholder] = syspass 
# Whats the MySQL Root password placeholder? 
mplace = mysqlpasswords['root'] 
for user, placeholder in mysqlpasswords.iteritems(): 
    mpass = getpwd() 
    if (("root" in mysqlpasswords) and (mysqlpasswords['root'] in pdict)): 
        mrootpass = pdict[mysqlpasswords['root']] 
    else: 
        mrootpass = "" 
    Popen(['mysql', '-uroot', "--password=" + mrootpass, "-e", "UPDATE user SET Password = PASSWORD('" + mpass + "') WHERE User = '" + user + "';FLUSH PRIVILEGES;","mysql"]) 
    logh.write(placeholder + ": MySQL " + user + " --> " + mpass + "\n") 
    pdict[placeholder] = mpass 
for placeholder in otherpasswords: 
    opass = getpwd() 
    logh.write(placeholder + ": " + opass + "\n") 
    pdict[placeholder] = opass 
# Update passwords 
for file in files: 
    logh.write("Replacing placeholders in " + file + "\n") 
    replace_pass(file) 
logh.write("Finished\n") 
logh.close 
+2  A: 

Doesn't Popen execute asynchronously?

It seems that during boot, the load is high and you are getting a race condition between setting the root password and using it to set the next password (next command).

Try

p = Popen(['mysql', '-uroot', "--password=" + mrootpass, "-e", "UPDATE user SET Password = PASSWORD('" + mpass + "') WHERE User = '" + user + "';FLUSH PRIVILEGES;","mysql"])
p.wait()

and see if that does it.

Emilio Silva
Thanks Emilio- your suggestion didn't work but got me looking for other ways to give create space for mysql overhead and adding: "import time" and a "sleep(3)" after the password set section did the trick.
Cloud Controller