aljaz/ansible-role-mysql
1
0
Fork 0
mirror of https://github.com/aljazceru/ansible-role-mysql.git synced 2025-12-18 20:24:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
ansible-role-mysql/tasks/secure-installation.yml

61 lines
2.2 KiB
YAML
Raw Permalink Blame History

---
- name: Get MySQL version.
command: 'mysql --version'
register: mysql_cli_version
changed_when: false
- name: Disallow root login remotely
command: 'mysql -NBe "{{ item }}"'
with_items:
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
changed_when: false
- name: Get list of hosts for the root user.
command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC'
register: mysql_root_hosts
changed_when: false
always_run: true
# Note: We do not use mysql_user for this operation, as it doesn't always update
# the root password correctly. See: https://goo.gl/MSOejW
# Set root password for MySQL >= 5.7.x.
- name: Update MySQL root password for localhost root account (5.7.x).
shell: >
mysql -u root -NBe
'ALTER USER "{{ mysql_root_username }}"@"{{ item }}" IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}";'
with_items: "{{ mysql_root_hosts.stdout_lines }}"
when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' in mysql_cli_version.stdout)
# Set root password for MySQL < 5.7.x.
- name: Update MySQL root password for localhost root account (< 5.7.x).
shell: >
mysql -u root -NBe
'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");'
with_items: "{{ mysql_root_hosts.stdout_lines }}"
when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' not in mysql_cli_version.stdout)
# Has to be after the root password assignment, for idempotency.
- name: Copy .my.cnf file with root password credentials.
template:
src: "user-my.cnf.j2"
dest: "{{ mysql_user_home }}/.my.cnf"
owner: root
group: root
mode: 0600
- name: Get list of hosts for the anonymous user.
command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""'
register: mysql_anonymous_hosts
changed_when: false
always_run: true
- name: Remove anonymous MySQL users.
mysql_user:
name: ""
host: "{{ item }}"
state: absent
with_items: "{{ mysql_anonymous_hosts.stdout_lines }}"
- name: Remove MySQL test database.
mysql_db: "name='test' state=absent"
Reference in New Issue View Git Blame Copy Permalink