WL#6962: Deployment: random passwords generated for unattended installs

Affects: Server-5.7   —   Status: In-Documentation

When the server deploys the installation process must collect a password from
the user. If this isn't possible because the process is running unattended a
random password must be generated.

The problem then arise to how this password can be given to the appropriate
person. The easiest solution is to store it in a specified file under the same
context as the installation process is running and mark all the affected
accounts with PASSWORD EXPIRE so it isn't possible to hijack the account later
by snatching the password.

Other alternatives are to email the password to the DBA who needs it but this
requires more of the surrounding infrastructure to work flawlessly.
Functional Requirement:

F1: Random password should be generated by default whenever mysql_install_db is
executed. Such passwords must be expired.

F2: Provide an option to skip generation of random password. This will allow
users to create an installation where root's password is empty.

F3: Scope : RPMs
According to http://dev.mysql.com/doc/refman/5.6/en/linux-installation-rpm.html 

As of MySQL 5.6.8, new RPM install operations (not upgrades) invoke
mysql_install_db with the --random-passwords option that provides for more
secure MySQL installation. Invoking mysql_install_db with --random-passwords
causes it to assign a random password to the MySQL root accounts, set the
“password expired” flag for those accounts, and remove the anonymous-user MySQL
accounts. It will be necessary after installation to start the server, connect
as root using the password written to the $HOME/.mysql_secret file, and assign a
new root password. Until this is done, root cannot do anything else. This must
be done for each root account you intend to use.
1. Introduce new option in mysql_install_db : --skip-random-passwords
Specifying this option would mean:
a. Root accounts will have empty password.
c. test db will be created and mysql.db table will have corresponding entries.

2. --skip-random-passwords is not enabled by default. This means, invoking
mysql_install_db would mean that
a. Random passwords are generated for root accounts and will be placed in
~/.mysql_secret file
c. test db will be dropped and mysql.db table will not contain any entries. 

3. --random-password is not a valid option anymore.

4. Anonymous user accounts will not be created.

5. .mysql_secret will have information about password. This file is created in
home directory of the user installing MySQL. Default permission is 0600. This
file will later be used by mysql_secure_installation.