--- - name: Get MySQL version. command: 'mysql --version' register: mysql_cli_version changed_when: false - name: Disallow root login remotely command: 'mysql -NBe "{{ item }}"' with_items: - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1') changed_when: false - name: Get list of hosts for the root user. command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC' register: mysql_root_hosts changed_when: false always_run: true # Note: We do not use mysql_user for this operation, as it doesn't always update # the root password correctly. See: https://goo.gl/MSOejW # Set root password for MySQL >= 5.7.x. - name: Update MySQL root password for localhost root account (5.7.x). shell: > mysql -u root -NBe 'ALTER USER "{{ mysql_root_username }}"@"{{ item }}" IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}";' with_items: "{{ mysql_root_hosts.stdout_lines }}" when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' in mysql_cli_version.stdout) # Set root password for MySQL < 5.7.x. - name: Update MySQL root password for localhost root account (< 5.7.x). shell: > mysql -u root -NBe 'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");' with_items: "{{ mysql_root_hosts.stdout_lines }}" when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' not in mysql_cli_version.stdout) # Has to be after the root password assignment, for idempotency. - name: Copy .my.cnf file with root password credentials. template: src: "user-my.cnf.j2" dest: "{{ mysql_user_home }}/.my.cnf" owner: root group: root mode: 0600 - name: Get list of hosts for the anonymous user. command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""' register: mysql_anonymous_hosts changed_when: false always_run: true - name: Remove anonymous MySQL users. mysql_user: name: "" host: "{{ item }}" state: absent with_items: "{{ mysql_anonymous_hosts.stdout_lines }}" - name: Remove MySQL test database. mysql_db: "name='test' state=absent"