NethServer Version: 7.4
I’m running Neth 7.4 on a VPS. I have a backup installation at home on a bare metal server that I use as a hotsync target. Both of them are also configured using the Data backup system to back up to my FreeNAS box (because I believe in belt and suspenders when it comes to my data).
This morning, I noticed that the backup server was showing an error in the backup status. Digging into the logs, I found this:
Mar 3 02:01:16 neth-backup esmith::event: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Looked like a MySQL error, so I tried running it from the command line. Sure enough, same error.
I looked at
/root/.my.cnf, and there was a long password there. I looked at
/var/lib/nethserver/secrets/mysql, and there was a much shorter password there. I ran
mysql -u root -p and entered the shorter password, and it let me in.
So simple enough, right? Just run
expand-template /root/.my.cnf, and it will be regenerated with the correct password. So I did, and it was, and I can get into MySQL again. But…
The long password that was in
/root/.my.cnf is the same as the password in
/root/.my.cnf on the VPS, and also the same as the password in
/var/lib/nethserver/secrets/mysql on that box. I’m suspecting that hotsync syncs the contents of /root/, not accounting for the fact that this file is templated. And that means that every time the hotsync runs (i.e., every 15 minutes), this file is going to get overwritten with the wrong password.
Edit: And that’s exactly what happened. 15 minutes later,
/root/.my.cnf on the backup server is showing the same long password as it is on the main server. I guess the easy answer is to change the mysql root password on the backup server to match the main server, and put the correct value in
/var/lib/nethserver/secrets/mysql on that box. But is that the best way ahead? It seems like the .my.cnf file shouldn’t be copied over in the sync action.