ansible-roles/mysql/tasks/users.yml

---

# dependency for mysql_user and mysql_db

- name: python-mysqldb is installed (Ansible dependency)
  apt:
    name: python-mysqldb
    state: installed
  tags:
    - mysql

- name: create a password for mysqladmin
  shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
  register: mysql_admin_password
  changed_when: False
  tags:
    - mysql

- name: there is a mysqladmin user
  mysql_user:
    name: mysqladmin
    password: '{{ mysql_admin_password.stdout }}'
    priv: "*.*:ALL,GRANT"
    update_password: on_create
    state: present
  register: create_mysqladmin_user
  tags:
    - mysql

# Ansible 2.2 allows to create with ini_file
# before: we have to create the file beforehand

- name: touch /root/.my.cnf
  file:
    path: /root/.my.cnf
    state: touch
  changed_when: False
  when: create_mysqladmin_user.changed
  tags:
  - mysql

- name: mysqladmin is the default user
  ini_file:
    dest: /root/.my.cnf
    mode: "600"
    section: client
    option: '{{ item.option }}'
    value: '{{ item.value }}'
  with_items:
    - { option: 'user', value: 'mysqladmin' }
    - { option: password, value: '{{ mysql_admin_password.stdout }}' }
  when: create_mysqladmin_user.changed
  tags:
    - mysql

- name: remove root user
  mysql_user:
    name: root
    #host_all: yes
    host: "{{ item }}"
    config_file: /root/.my.cnf
    state: absent
  with_items:
    - "localhost"
    - "127.0.0.1"
    - "::1"
    - "{{ ansible_hostname }}"
  tags:
    - mysql