ansible-roles/mysql-oracle/tasks/users.yml

106 lines
2.5 KiB
YAML

---
- name: Python2 dependencies for Ansible are installed
ansible.builtin.apt:
name:
- python-mysqldb
- python-pymysql
state: present
tags:
- mysql
when: ansible_python_version is version('3', '<')
- name: Python3 dependencies for Ansible are installed
ansible.builtin.apt:
name:
- python3-mysqldb
- python3-pymysql
state: present
tags:
- mysql
when: ansible_python_version is version('3', '>=')
- name: create a password for mysqladmin
ansible.builtin.command:
cmd: "apg -n 1 -m 16 -M lcN"
register: mysql_admin_password
changed_when: False
tags:
- mysql
- name: there is a mysqladmin user
community.mysql.mysql_user:
name: mysqladmin
password: '{{ mysql_admin_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/etc/mysql/debian.cnf"
check_implicit_admin: True
register: create_mysqladmin_user
tags:
- mysql
- name: mysqladmin is the default user
community.general.ini_file:
dest: /root/.my.cnf
mode: "0600"
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed
tags:
- mysql
- name: create a password for debian-sys-maint
ansible.builtin.command:
cmd: "apg -n 1 -m 16 -M lcN"
register: mysql_debian_password
changed_when: False
tags:
- mysql
- name: there is a debian-sys-maint user
community.mysql.mysql_user:
name: debian-sys-maint
password: '{{ mysql_debian_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/root/.my.cnf"
register: create_debian_user
tags:
- mysql
- name: store debian-sys-maint user credentials
community.general.ini_file:
dest: /etc/mysql/debian.cnf
mode: "0600"
section: "{{ item[0] }}"
option: '{{ item[1].option }}'
value: '{{ item[1].value }}'
create: yes
loop: "{{ _sections | product(_credentials) | list }}"
vars:
_sections: [ 'client', 'mysql_upgrade' ]
_credentials:
- { option: 'user', value: 'debian-sys-maint' }
- { option: 'password', value: '{{ mysql_debian_password.stdout }}' }
when: create_debian_user is changed
tags:
- mysql
- name: remove root user
community.mysql.mysql_user:
name: root
host_all: yes
config_file: "/root/.my.cnf"
state: absent
tags:
- mysql