ansible-roles/mysql-oracle/tasks/users.yml

91 lines
2.0 KiB
YAML

---
# dependency for mysql_user and mysql_db
- name: python-mysqldb is installed (Ansible dependency)
apt:
name: python-mysqldb
state: present
tags:
- mysql
- name: create a password for mysqladmin
command: "apg -n 1 -m 16 -M lcN"
register: mysql_admin_password
changed_when: False
tags:
- mysql
- name: there is a mysqladmin user
mysql_user:
name: mysqladmin
password: '{{ mysql_admin_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/etc/mysql/debian.cnf"
check_implicit_admin: True
register: create_mysqladmin_user
tags:
- mysql
- name: mysqladmin is the default user
ini_file:
dest: /root/.my.cnf
mode: "0600"
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed
tags:
- mysql
- name: create a password for debian-sys-maint
command: "apg -n 1 -m 16 -M lcN"
register: mysql_debian_password
changed_when: False
tags:
- mysql
- name: there is a debian-sys-maint user
mysql_user:
name: debian-sys-maint
password: '{{ mysql_debian_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/root/.my.cnf"
register: create_debian_user
tags:
- mysql
- name: store debian-sys-maint user credentials
ini_file:
dest: /etc/mysql/debian.cnf
mode: "0600"
section: "{{ item[0] }}"
option: '{{ item[1].option }}'
value: '{{ item[1].value }}'
create: yes
with_nested:
- [ "client", "mysql_upgrade" ]
- [ { option: 'user', value: 'debian-sys-maint' },
{ option: 'password', value: '{{ mysql_debian_password.stdout }}' }
]
when: create_debian_user is changed
tags:
- mysql
- name: remove root user
mysql_user:
name: root
host_all: yes
config_file: "/root/.my.cnf"
state: absent
tags:
- mysql