- hosts: localhost
  tasks:
    - name: Test if mysql has been secured
      stat:
        path: /var/lib/mysql/.secured
      register: MYSQL_SECURED_RESULT
    - name: Set the root password
      mysql_user: login_user=root login_password="" user=root password="{{mysql_root_password}}" host="{{item}}"
      with_items:
        - 127.0.0.1
        - ::1
        - localhost
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Delete anonymous MySQL user
      mysql_user: login_user=root login_password="{{mysql_root_password}}" name="" host="{{item}}" state=absent
      with_items:
        - localhost
        - "{{ansible_nodename}}"
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Delete Hostname based MySQL user
      mysql_user: login_user=root login_password="{{mysql_root_password}}" user=root host="{{ansible_nodename}}" state=absent
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Remove MySQL test database
      mysql_db: login_user=root login_password="{{mysql_root_password}}" name=test state=absent
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Create .secured lock file
      file:
        state: touch
        path: /var/lib/mysql/.secured
        owner: root
        group: root
        mode: '0600'
        attr: "+i"
      when: not MYSQL_SECURED_RESULT.stat.exists