Python script for MySQL Passwords Unreliable on first boot (rc.local)

Mon Sep 13 00:53:04 EDT 2010

The script below works great when logged in as root and run from the
command line, but when run at first boot using /etc/rc.local in Ubuntu
10.04, it fails about 25% of the time- the system root, mysql root and
some mysql user passwords are set correctly, but one will fail with
console log reporting standard mysql login error: "ERROR 1045 (28000):
Access denied for user 'root' @ 'localhost' (using password: YES)"

Is there something about running python scripts from init jobs that I
should account for, such as an environment variable?

#!/usr/bin/env python

# Udates system & MySQL root passwords on first boot
files = ['/home/ubuntu/passwords','/opt/data1/alfresco/extensions/
extension/alfresco-global.properties','/opt/data/etc/mysql/
debian.cnf','/home/ubuntu/duncil']
userpasswords = {'root':'ROOTPASSWORD'}
mysqlpasswords =
{'root':'MYSQLPASSWORD','alfresco':'alfrescoPASSWORD','debian-sys-
maint':'debian-sys-maintPASSWORD'}
otherpasswords = ['OTHERPASSWORD']
log = '/var/log/firstrun'

import random, string
import crypt
import re
from subprocess import PIPE, Popen

def getsalt(chars = string.letters + string.digits):
    # generate a random 2-character 'salt'
    return random.choice(chars) + random.choice(chars)

def getpwd(chars = string.letters + string.digits, len = 12):
    retval = "";
    for i in range(0, len):
    # generate 12 character alphanumeric password
        retval += random.choice(chars)

    return retval

def replace_pass(filename):
    handle = open(filename, 'r')
    hbuf = handle.read()
    handle.close()
    for placeholder, password in pdict.iteritems():
        hbuf = re.sub(placeholder, password, hbuf)

    try:
        # Output file
        handle = open(filename, 'w')
        handle.write(hbuf)
        handle.close()
    except:
        pass
        #logh.write('failed to update ' + filename  + "\n")
        #logh.write('maybe you don\'t have permision to write to it?
\n')

logh = open(log, "a")
logh.write("Starting...\n")
# Generate passwords
pdict = {}
for user, placeholder in userpasswords.iteritems():
    syspass = getpwd()
    Popen(['usermod', '--password', crypt.crypt(syspass, getsalt()),
user])
    logh.write(placeholder + ": User " + user + " --> " + syspass +
"\n")
    pdict[placeholder] = syspass

# What's the MySQL Root password placeholder?
mplace = mysqlpasswords['root']
for user, placeholder in mysqlpasswords.iteritems():
    mpass = getpwd()
    if (("root" in mysqlpasswords) and (mysqlpasswords['root'] in
pdict)):
        mrootpass = pdict[mysqlpasswords['root']]
    else:
        mrootpass = ""

    Popen(['mysql', '-uroot', "--password=" + mrootpass, "-e", "UPDATE
user SET Password = PASSWORD('" + mpass + "') WHERE User = '" + user +
"';FLUSH PRIVILEGES;","mysql"])
    logh.write(placeholder + ": MySQL " + user + " --> " + mpass +
"\n")
    pdict[placeholder] = mpass

for placeholder in otherpasswords:
    opass = getpwd()
    logh.write(placeholder + ": " + opass + "\n")
    pdict[placeholder] = opass

# Update passwords
for file in files:
    logh.write("Replacing placeholders in " + file + "\n")
    replace_pass(file)

logh.write("Finished\n")
logh.close