MySQL: adapt users on distribution
For Jessie, there is a "debian-sys-maint", that we're using to create "mysqladmin" for root, then delete "root". For Stretch, the is a "root" without assword, so we create both "mysqladmin" for root and "debian-sys-maint" for Debian scripts, then delete "root".
This commit is contained in:
parent
00a8947da1
commit
927dbfa889
|
@ -2,7 +2,11 @@
|
|||
|
||||
- include: packages.yml
|
||||
|
||||
- include: users.yml
|
||||
- include: users_stretch.yml
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
- include: users_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: config.yml
|
||||
|
||||
|
|
|
@ -46,14 +46,8 @@
|
|||
- name: remove root user
|
||||
mysql_user:
|
||||
name: root
|
||||
#host_all: yes
|
||||
host: "{{ item }}"
|
||||
config_file: "/etc/mysql/debian.cnf"
|
||||
host_all: yes
|
||||
config_file: "/root/.my.cnf"
|
||||
state: absent
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "127.0.0.1"
|
||||
- "::1"
|
||||
- "{{ ansible_hostname }}"
|
||||
tags:
|
||||
- mysql
|
|
@ -0,0 +1,90 @@
|
|||
---
|
||||
|
||||
# dependency for mysql_user and mysql_db
|
||||
|
||||
- name: python-mysqldb is installed (Ansible dependency)
|
||||
apt:
|
||||
name: python-mysqldb
|
||||
state: present
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: create a password for mysqladmin
|
||||
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
|
||||
register: mysql_admin_password
|
||||
changed_when: False
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: there is a mysqladmin user
|
||||
mysql_user:
|
||||
name: mysqladmin
|
||||
password: '{{ mysql_admin_password.stdout }}'
|
||||
priv: "*.*:ALL,GRANT"
|
||||
update_password: on_create
|
||||
state: present
|
||||
config_file: "/etc/mysql/debian.cnf"
|
||||
register: create_mysqladmin_user
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: mysqladmin is the default user
|
||||
ini_file:
|
||||
dest: /root/.my.cnf
|
||||
mode: "0600"
|
||||
section: client
|
||||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
create: yes
|
||||
with_items:
|
||||
- { option: 'user', value: 'mysqladmin' }
|
||||
- { option: password, value: '{{ mysql_admin_password.stdout }}' }
|
||||
when: create_mysqladmin_user.changed
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
|
||||
- name: create a password for debian-sys-maint
|
||||
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
|
||||
register: mysql_debian_password
|
||||
changed_when: False
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: there is a debian-sys-maint user
|
||||
mysql_user:
|
||||
name: debian-sys-maint
|
||||
password: '{{ mysql_debian_password.stdout }}'
|
||||
priv: "*.*:ALL,GRANT"
|
||||
update_password: on_create
|
||||
state: present
|
||||
config_file: "/root/.my.cnf"
|
||||
register: create_debian_user
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: store debian-sys-maint user credentials
|
||||
ini_file:
|
||||
dest: /etc/mysql/debian.cnf
|
||||
mode: "0600"
|
||||
section: "{{ item[0] }}"
|
||||
option: '{{ item[1].option }}'
|
||||
value: '{{ item[1].value }}'
|
||||
create: yes
|
||||
with_nested:
|
||||
- [ "client", "mysql_upgrade" ]
|
||||
- [ { option: 'user', value: 'debian-sys-maint' },
|
||||
{ option: password, value: '{{ mysql_debian_password.stdout }}' }
|
||||
]
|
||||
when: create_debian_user.changed
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: remove root user
|
||||
mysql_user:
|
||||
name: root
|
||||
host_all: yes
|
||||
config_file: "/root/.my.cnf"
|
||||
state: absent
|
||||
tags:
|
||||
- mysql
|
|
@ -1,7 +1,24 @@
|
|||
---
|
||||
|
||||
- name: Ensure /usr/share/scripts exists
|
||||
file:
|
||||
dest: /usr/share/scripts
|
||||
mode: "0700"
|
||||
state: directory
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
# mytop
|
||||
|
||||
# mytop is installed with MariaB
|
||||
# the package has been removed of Stretch repositories
|
||||
- name: Is mytop available ?
|
||||
command: which mytop
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
register: which_mytop
|
||||
|
||||
- name: Install mytop
|
||||
apt:
|
||||
name: mytop
|
||||
|
@ -10,6 +27,7 @@
|
|||
- packages
|
||||
- mytop
|
||||
- mysql
|
||||
when: which_mytop.rc != 0
|
||||
|
||||
- name: Read debian-sys-maint password
|
||||
shell: cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3
|
||||
|
@ -91,14 +109,6 @@
|
|||
- include: remount_usr_rw.yml
|
||||
when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr")
|
||||
|
||||
- name: Ensure /usr/share/scripts exists
|
||||
file:
|
||||
dest: /usr/share/scripts
|
||||
mode: "0700"
|
||||
state: directory
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: Install my-add.sh
|
||||
copy:
|
||||
src: my-add.sh
|
||||
|
|
Loading…
Reference in New Issue