ansible-roles/mysql/tasks/users_buster.yml

84 lines
2.0 KiB
YAML

---
- name: create a password for mysqladmin
command: "apg -n 1 -m 16 -M lcN"
register: mysql_admin_password
changed_when: False
check_mode: False
tags:
- mysql
- name: there is a mysqladmin user
mysql_user:
name: mysqladmin
password: '{{ mysql_admin_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/etc/mysql/debian.cnf"
register: create_mysqladmin_user
tags:
- mysql
- name: mysqladmin is the default user
ini_file:
dest: /root/.my.cnf
mode: "0600"
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed
tags:
- mysql
- name: create a password for debian-sys-maint
command: "apg -n 1 -m 16 -M lcN"
register: mysql_debian_password
changed_when: False
check_mode: False
tags:
- mysql
- name: there is a debian-sys-maint user
mysql_user:
name: debian-sys-maint
password: '{{ mysql_debian_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/root/.my.cnf"
register: create_debian_user
tags:
- mysql
- name: store debian-sys-maint user credentials
ini_file:
dest: /etc/mysql/debian.cnf
mode: "0600"
section: "{{ item[0] }}"
option: '{{ item[1].option }}'
value: '{{ item[1].value }}'
create: yes
loop: "{{ _sections | product(_credentials) | list }}"
vars:
_sections: [ 'client', 'mysql_upgrade' ]
_credentials:
- { option: 'user', value: 'debian-sys-maint' }
- { option: 'password', value: '{{ mysql_debian_password.stdout }}' }
when: create_debian_user is changed
tags:
- mysql
- name: root user is absent
mysql_user:
name: root
host_all: yes
config_file: "/root/.my.cnf"
state: absent
tags:
- mysql