- hosts: localhost
  tasks:
    - name: Test if mysql has been secured
      shell: |
        test -f /var/lib/mysql/.secured
      register: MYSQL_SECURED
      ignore_errors: true
    - name: mysql_secure_installation
      mysql_secure_installation:
        login_password: ''
        new_password: "{{mysql_root_password}}"
        user: root
        login_host: localhost
        hosts: ['localhost', '127.0.0.1', '::1']
        change_root_password: true
        remove_anonymous_user: true
        disallow_root_login_remotely: true
        remove_test_db: true
      when: not MYSQL_SECURED
    - name: Create .secured lock file
      file:
        state: file
        path: /var/lib/mysql/.secured
        owner: root
        group: root
        mode: '0600'
        attr: "+i"
      when: not MYSQL_SECURED