commit 0a40648b3884c374e314105c33c2a20c85ab2f7f
author Miguel Lavalle <mlavalle@redhat.com> Wed Dec 07 16:51:28 2022 -0600
committer Miguel Lavalle <mlavalle@redhat.com> Wed Dec 07 17:05:35 2022 -0600
tree a5e1b73e9c3ebf7717a51dd4f84553bd107ba11e
parent fd502fe0527fee0b891135e499e6a745975412da

Fix the db user for mariadb in ubuntu 22.04

In Ubuntu 22.04, mariadb version 10.6 is installed. Per [0] and [1]
authentication management was changed in version 10.4. This change
adapts the way the db user is created to the new rules in versions
10.4 and later.

[0] https://mariadb.com/kb/en/authentication-from-mariadb-104/
[1] https://mariadb.org/authentication-in-mariadb-10-4/

Closes-Bug: #1999090
Change-Id: I77a699a9e191eb83628ad5d361282e66744b6e4a

lib/databases/mysql

diff --git a/lib/databases/mysql b/lib/databases/mysql
index b292da2..fbad44e 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -100,8 +100,13 @@
 
     # Set the root password - only works the first time. For Ubuntu, we already
     # did that with debconf before installing the package, but we still try,
-    # because the package might have been installed already.
-    sudo mysqladmin -u root password $DATABASE_PASSWORD || true
+    # because the package might have been installed already. We don't do this
+    # for Ubuntu 22.04 (jammy) because the authorization model change in
+    # version 10.4 of mariadb. See
+    # https://mariadb.org/authentication-in-mariadb-10-4/
+    if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then
+        sudo mysqladmin -u root password $DATABASE_PASSWORD || true
+    fi
 
     # In case of Mariadb, giving hostname in arguments causes permission
     # problems as it expects connection through socket
@@ -115,13 +120,21 @@
     # as root so it works only as sudo. To restore old "mysql like" behaviour,
     # we need to change auth plugin for root user
     if is_ubuntu && [[ "$DISTRO" != "bullseye" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then
-        sudo mysql $cmd_args -e "UPDATE mysql.user SET plugin='' WHERE user='$DATABASE_USER' AND host='localhost';"
-        sudo mysql $cmd_args -e "FLUSH PRIVILEGES;"
+        if [[ "$DISTRO" == "jammy" ]]; then
+            # For Ubuntu 22.04 (jammy) we follow the model outlined in
+            # https://mariadb.org/authentication-in-mariadb-10-4/
+            sudo mysql -e "ALTER USER $DATABASE_USER@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('$DATABASE_PASSWORD');"
+        else
+            sudo mysql $cmd_args -e "UPDATE mysql.user SET plugin='' WHERE user='$DATABASE_USER' AND host='localhost';"
+            sudo mysql $cmd_args -e "FLUSH PRIVILEGES;"
+        fi
     fi
-    # Create DB user if it does not already exist
-    sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
-    # Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
-    sudo mysql $cmd_args -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';"
+    if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then
+        # Create DB user if it does not already exist
+        sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
+        # Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
+        sudo mysql $cmd_args -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';"
+    fi
 
     # Now update ``my.cnf`` for some local needs and restart the mysql service