Last modified: 2013-11-14 19:29:00 UTC
I got a shiny new project and I looked in the mysql configuration: local-railways@tools-dev:~$ less replica.my.cnf [client] user='p50380g50831' password='' That's weird, no password! multichill@tools-dev:/data/project$ getent group | tail local-searchsbl:*:50854:seth local-svgedit:*:50855:bawolff local-citeimage:*:50856:jeremyb,dominic local-asaifmbot:*:50857:asaifm local-krdbot:*:50858:krd local-calling-card:*:50859:lfaraone local-manishearth:*:50860:manishearth local-hexacore:*:50861:hexacore local-acc-utilities:*:50863:stwalkerster,deltaquad local-templator:*:50864:magnus mysql -h tools-db -u p50380g50863 -p create database p50380g50863__projects_should_have_passwords_p; mysql -h tools-db -u p50380g50833 -p create database p50380g50833__jeremy_where_is_your_password_p; mysql -h tools-db -u p50380g50841 -p create database p50380g50841__deployed_without_password_that_is_p; Tada! MariaDB [(none)]> show databases; +---------------------------------------------------+ | Database | +---------------------------------------------------+ | information_schema | | p50380g40022_wikidata_p | | p50380g50450__checkwiki_p | | p50380g50518__heritage_p | | p50380g50736__copyvios_p | | p50380g50816__pop_temp | | p50380g50833__jeremy_where_is_your_password_p | | p50380g50841__deployed_without_password_that_is_p | | p50380g50863__projects_should_have_passwords_p | +---------------------------------------------------+ 9 rows in set (0.01 sec)
Verified. For some reason, a fraction of projects are created with empty passwords. Looking into it.
Bug located and extinguished. pwgen was not listed as a dependency as it should have, and the credential generation system uses it. Accounts with empty credentials are currently being regenerated with proper ones and a failsafe has been put in place to disallow empty passwords.
All done; no accounts are left with empty passwords.