Update mysql install to allow setting the default authentication plugin.

patrickcarlohickman · Feb 2, 2024 · 81ae875 · 81ae875
1 parent 63ba796
commit 81ae875
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 8 deletions.
diff --git a/setup/.env.example b/setup/.env.example
@@ -30,6 +30,9 @@ MYSQL_VERSION="8.0"
 MYSQL_ROOT_PASSWORD=
 MYSQL_USER_NAME=
 MYSQL_USER_PASSWORD=
+# Optional - if specified, set the default_authentication_plugin server variable
+# Can be one of (for 8.0): mysql_native_password, sha256_password, caching_sha2_password (default)
+# MYSQL_AUTH_PLUGIN="mysql_native_password"
 
 # install-ngrok.sh
 NGROK_DIRECTORY="/opt/ngrok"

diff --git a/setup/installers/install-mysql.sh b/setup/installers/install-mysql.sh
@@ -7,6 +7,7 @@ ensure_not_installed "MySQL"
 ensure_variable_set "WSL_USER"
 
 readonly WSL_USER
+readonly MYSQL_AUTH_PLUGIN
 readonly MYSQL_VERSION="${MYSQL_VERSION:-8.0}"
 readonly MYSQL_PACKAGE="mysql-server-${MYSQL_VERSION}"
 readonly MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD:-root}"
@@ -31,6 +32,16 @@ log_info "Setting up mysql user home directory."
 # Set the home directory for the mysql user to prevent startup warnings.
 usermod -d /var/lib/mysql/ mysql
 
+# Set the default authentication plugin if specified.
+if [[ -n "${MYSQL_AUTH_PLUGIN}" ]]; then
+  log_info "Setting up mysql default authentication plugin."
+
+  cat << EOF > "/etc/mysql/mysql.conf.d/auth.cnf"
+[mysqld]
+default_authentication_plugin=${MYSQL_AUTH_PLUGIN}
+EOF
+fi
+
 log_info "Starting MySQL server."
 
 # Make sure it is started
@@ -57,6 +68,13 @@ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql mysql
 
 log_info "Securing MySQL install and initializing users."
 
+# Identify the user with the authentication plugin if specified.
+if [[ -n "${MYSQL_AUTH_PLUGIN}" ]]; then
+  readonly MYSQL_USER_IDENTIFY_WITH="WITH ${MYSQL_AUTH_PLUGIN}"
+else
+  readonly MYSQL_USER_IDENTIFY_WITH=""
+fi
+
 # Run initial queries to secure the install and to create the initial user
 mysql << EOF
 DELETE FROM mysql.user WHERE user = '';
@@ -65,7 +83,7 @@ DROP DATABASE IF EXISTS test;
 DELETE FROM mysql.db WHERE db = 'test' OR db = 'test\\_%';
 FLUSH PRIVILEGES;
 
-CREATE USER '${MYSQL_USER_NAME}'@'%' IDENTIFIED BY '${MYSQL_USER_PASSWORD}';
+CREATE USER '${MYSQL_USER_NAME}'@'%' IDENTIFIED ${MYSQL_USER_IDENTIFY_WITH} BY '${MYSQL_USER_PASSWORD}';
 FLUSH PRIVILEGES;
 EOF
 

diff --git a/todo.txt b/todo.txt
@@ -84,12 +84,5 @@ port=3307
 
 [client]
 port=3307
-
-# use native passwords in mysql 8.0
-cat /etc/mysql/mysql.conf.d/auth.cnf
-[mysqld]
-default_authentication_plugin=mysql_native_password
-
-CREATE USER '${MYSQL_USER_NAME}'@'%' IDENTIFIED WITH mysql_native_password BY '${MYSQL_USER_PASSWORD}';
 =====================================
 =====================================