- hosts: localhost
  tasks:
    - name: Test if mysql has been secured
      stat:
        path: /var/lib/mysql/.secured
      register: MYSQL_SECURED_RESULT
    - name: Set the root password
      mysql_user: user=root password="{{mysql_root_password}}" host="{{item}}"
      with_items:
        - 127.0.0.1
        - ::1
        - localhost
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Set root my.cnf
      template:
        src: files/my.cnf.j2
        dest: /root/.my.cnf
        owner: root
        group: root
        mode: '0644'
      vars:
        MYSQL_ROOT_PASSWORD: "{{mysql_root_password}}"
      no_log: true
    - name: Delete anonymous MySQL user
      mysql_user: name="" host="{{item}}" state=absent
      with_items:
        - localhost
        - "{{ansible_nodename}}"
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Delete Hostname based MySQL user
      mysql_user: user=root host="{{ansible_nodename}}" state=absent
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Remove MySQL test database
      mysql_db: name=test state=absent
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: Create .secured lock file
      file:
        state: touch
        path: /var/lib/mysql/.secured
        owner: root
        group: root
      when: not MYSQL_SECURED_RESULT.stat.exists