탐색 도움말
로그인
pbarriat
/
Brevet
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 2054f5a5c0
브랜치 태그
Brevet
/
dev
/
provisioning
/
ansible
/
roles
/
mariadb
/
tasks
/
config
/
secure-installation.yml

secure-installation.yml 2.3 KB
히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. ---
    2. 

  2. #- name: Ensure default user is present.
    3. 

  3. #  mysql_user:
    4. 

  4. #    name: "{{ mysql_user_name }}"
    5. 

  5. #    host: 'localhost'
    6. 

  6. #    password: "{{ mysql_user_password }}"
    7. 

  7. #    priv: '*.*:ALL,GRANT'
    8. 

  8. #    state: present
    9. 

  9. #  when: mysql_user_name != mysql_root_username
    10. 

  10. #
    11. 

  11. ## Has to be after the password assignment, for idempotency.
    12. 

  12. #- name: Copy user-my.cnf file with password credentials.
    13. 

  13. #  template:
    14. 

  14. #    src: "user-my.cnf.j2"
    15. 

  15. #    dest: "/root/.my.cnf"
    16. 

  16. #    owner: "{{ mysql_user_name }}"
    17. 

  17. #    mode: 0600
    18. 

  18. #  when: mysql_user_name != mysql_root_username
    19. 

  19. 

  20. - name: Disallow root login remotely
    21. 

  21.   command: 'mysql -NBe "{{ item }}" -S {{ mariadb_socket }}'
    22. 

  22.   with_items:
    23. 

  23.     - DELETE FROM mysql.user WHERE User='{{ mysql_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
    24. 

  24.   changed_when: false
    25. 

  25. 

  26. - name: Get list of hosts for the root user.
    27. 

  27.   command: 'mysql -NBe "{{ item }}" -S {{ mariadb_socket }}'
    28. 

  28.   with_items:
    29. 

  29.     - SELECT Host FROM mysql.user WHERE User='{{ mysql_root_username }}' ORDER BY (Host='localhost') ASC
    30. 

  30.   register: mysql_root_hosts
    31. 

  31.   changed_when: false
    32. 

  32.   check_mode: false
    33. 

  33. 

  34. # Set root password for MySQL
    35. 

  35. - name: Update MySQL root password for localhost root account
    36. 

  36.   shell: >
    37. 

  37.     mysql -NBe
    38. 

  38.     'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}"); FLUSH PRIVILEGES;'
    39. 

  39.   with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
    40. 

  40. 

  41. # Has to be after the root password assignment, for idempotency.
    42. 

  42. - name: Copy .my.cnf file with root password credentials.
    43. 

  43.   template:
    44. 

  44.     src: "root-my.cnf.j2"
    45. 

  45.     dest: "/root/.my.cnf"
    46. 

  46.     owner: root
    47. 

  47.     group: root
    48. 

  48.     mode: 0600
    49. 

  49. 

  50. - name: Get list of hosts for the anonymous user.
    51. 

  51.   command: 'mysql -NBe "{{ item }}" -S {{ mariadb_socket }}'
    52. 

  52.   with_items:
    53. 

  53.     - SELECT Host FROM mysql.user WHERE User = ''
    54. 

  54.   register: mysql_anonymous_hosts
    55. 

  55.   changed_when: false
    56. 

  56.   check_mode: false
    57. 

  57. 

  58. - name: Remove anonymous MySQL users.
    59. 

  59.   mysql_user:
    60. 

  60.     name: ""
    61. 

  61.     host: "{{ item }}"
    62. 

  62.     state: absent
    63. 

  63.   with_items: "{{ mysql_anonymous_hosts.stdout_lines|default([]) }}"
    64. 

  64. 

  65. - name: Remove mysql users.
    66. 

  66.   mysql_user:
    67. 

  67.     name: "{{ item }}"
    68. 

  68.     login_unix_socket: "{{ mariadb_socket }}"
    69. 

  69.     state: absent
    70. 

  70.   with_items:
    71. 

  71.     - mysql
    72. 

  72. 

  73. - name: Remove MySQL test database.
    74. 

  74.   mysql_db: 
    75. 

  75.     name: test
    76. 

  76.     state: absent
    77. 

  77.     login_unix_socket: "{{ mariadb_socket }}"
    78.