Over the weekend I began preparing a multi-tier application blueprint in vRealize Automation for an upcoming talk at the UK North-West VMUG. Rather than re-invent the wheel (and more importantly because I’m lazy), I decided to re-use a blueprint from the VMware {code} site. The one I’d chosen used MySQL, which for a quick and dirty live demo is ideal. 

However this blueprint was a couple of years old, and deploying it on top of CentOS 7 required a few tweaks.

Repository

The fist issue I encountered was that using Yum to install MySQL on a default CentOS 7 build will actually install MariaDB. To avoid this, you need to download a Yum repository config file from the official MySQL site:

yum install -y wget
wget https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm

Install the repo:

rpm -ivh mysql57-community-release-el7-9.noarch.rpm

Now use that to install the MySQL client and server

yum install -y mysql-server mysql-client

Once installed, enable and start the service:

systemctl enable mysqld
systemctl start mysqld

Improved security

After installing the package it’s a good idea to change the default package. However from a scripting point of view that is tricky, as when it installs MySQL generates a temporary root password and writes it to /var/log/mysqld.log. We can use grep to retrieve this password and then write it out to a variable using:

tmp_pwd=$(grep -oP 'root@localhost: \K.*' /var/log/mysqld.log)

Now we have the root password we can change it using:

/usr/bin/mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$dbpassword';" --user=$dbuser --password=$tmp_pwd --connect-expired-password

Obviously we need to define our dbuser and dbpassword variables beforehand. These will be defined on the blueprint, or even better, pulled from an external source like Hashicorp Vault or CyberArk.

Wrapping up

If you’re interested in using the blueprint, I will upload it to the VMware {code} site in a few days and post the link here.