--- # dependency for mysql_user and mysql_db - name: python-mysqldb is installed (Ansible dependency) apt: name: python-mysqldb state: present tags: - mysql - name: create a password for mysqladmin command: "apg -n 1 -m 16 -M lcN" register: mysql_admin_password changed_when: False tags: - mysql - name: there is a mysqladmin user mysql_user: name: mysqladmin password: '{{ mysql_admin_password.stdout }}' priv: "*.*:ALL,GRANT" update_password: on_create state: present config_file: "/etc/mysql/debian.cnf" check_implicit_admin: True register: create_mysqladmin_user tags: - mysql - name: mysqladmin is the default user ini_file: dest: /root/.my.cnf mode: "0600" section: client option: '{{ item.option }}' value: '{{ item.value }}' create: yes loop: - { option: 'user', value: 'mysqladmin' } - { option: 'password', value: '{{ mysql_admin_password.stdout }}' } when: create_mysqladmin_user is changed tags: - mysql - name: create a password for debian-sys-maint command: "apg -n 1 -m 16 -M lcN" register: mysql_debian_password changed_when: False tags: - mysql - name: there is a debian-sys-maint user mysql_user: name: debian-sys-maint password: '{{ mysql_debian_password.stdout }}' priv: "*.*:ALL,GRANT" update_password: on_create state: present config_file: "/root/.my.cnf" register: create_debian_user tags: - mysql - name: store debian-sys-maint user credentials ini_file: dest: /etc/mysql/debian.cnf mode: "0600" section: "{{ item[0] }}" option: '{{ item[1].option }}' value: '{{ item[1].value }}' create: yes with_nested: - [ "client", "mysql_upgrade" ] - [ { option: 'user', value: 'debian-sys-maint' }, { option: 'password', value: '{{ mysql_debian_password.stdout }}' } ] when: create_debian_user is changed tags: - mysql - name: remove root user mysql_user: name: root host_all: yes config_file: "/root/.my.cnf" state: absent tags: - mysql