Over the weekend I began preparing a multi-tier application blueprint in vRealize Automation for an upcoming talk at the UK North-West VMUG. Rather than re-invent the wheel (and more importantly because I’m lazy), I decided to re-use a blueprint from the VMware {code} site. The one I’d chosen used MySQL, which for a quick and dirty live demo is ideal.
However this blueprint was a couple of years old, and deploying it on top of CentOS 7 required a few tweaks.
Repository
The fist issue I encountered was that using Yum to install MySQL on a default CentOS 7 build will actually install MariaDB. To avoid this, you need to download a Yum repository config file from the official MySQL site:
yum install -y wget wget https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
Install the repo:
rpm -ivh mysql57-community-release-el7-9.noarch.rpm
Now use that to install the MySQL client and server
yum install -y mysql-server mysql-client
Once installed, enable and start the service:
systemctl enable mysqld systemctl start mysqld
Improved security
After installing the package it’s a good idea to change the default package. However from a scripting point of view that is tricky, as when it installs MySQL generates a temporary root password and writes it to /var/log/mysqld.log. We can use grep to retrieve this password and then write it out to a variable using:
tmp_pwd=$(grep -oP 'root@localhost: \K.*' /var/log/mysqld.log)
Now we have the root password we can change it using:
/usr/bin/mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$dbpassword';" --user=$dbuser --password=$tmp_pwd --connect-expired-password
Obviously we need to define our dbuser and dbpassword variables beforehand. These will be defined on the blueprint, or even better, pulled from an external source like Hashicorp Vault or CyberArk.
Wrapping up
If you’re interested in using the blueprint, I will upload it to the VMware {code} site in a few days and post the link here.