blob: 6aa1900fea88193b8bdba87125d5a09ca88314a4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
---
- name: install Packages
apt:
name:
- mariadb-client
- mariadb-server
- python3-pymysql
become: yes
- name: Config File
template:
src: 50-server.cnf.j2
dest: /etc/mysql/mariadb.conf.d/50-server.cnf
become: yes
notify:
- Restart MariaDB
- name: Check for changed cert
command: /bin/true
when:
- '{{ cert_changed | default(False) }}'
notify:
- Restart MariaDB
- name: Flush handlers
meta: flush_handlers
- name: Securing the installation
community.mysql.mysql_query:
query:
- "DELETE FROM mysql.user WHERE User=''"
- "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
- "DROP DATABASE IF EXISTS test"
- "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
- "FLUSH PRIVILEGES"
login_unix_socket: /var/run/mysqld/mysqld.sock
become: yes
- name: Create Databases
community.mysql.mysql_db:
name: '{{ item }}'
state: present
encoding: utf8
login_unix_socket: /var/run/mysqld/mysqld.sock
loop: '{{ dbs }}'
become: yes
- name: Create Users
community.mysql.mysql_user:
name: '{{ item.key }}'
password: '{{ vault_db_users_pw[ ansible_facts.fqdn ][ item.key ] }}'
login_unix_socket: /var/run/mysqld/mysqld.sock
args: '{{ item.value }}'
with_dict: '{{ db_users }}'
become: yes
# Not great, but the only way to do custom nested loops
- name: get to prune users
community.mysql.mysql_query:
query:
- "SELECT User,Host FROM mysql.user WHERE User='{{ item.key }}' AND Host!='{{ item.value.host }}'"
login_unix_socket: /var/run/mysqld/mysqld.sock
with_dict: '{{ db_users }}'
register: sql_prune_users
become: yes
- name: Prune users
include_tasks: prune_users.yml
with_subelements:
- '{{ sql_prune_users.results }}'
- query_result
|