- hosts: localhost
  tasks:
    - name: "mysql/secure : Test if mysql has been secured"
      stat:
        path: /var/lib/mysql/.secured
      register: MYSQL_SECURED_RESULT
    - name: "mysql/secure : Set the root password"
      mysql_user: user=root password="{{mysql_root_password}}" host="{{item}}"
      with_items:
        - 127.0.0.1
        - ::1
        - localhost
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: "mysql/secure : Set root my.cnf"
      template:
        src: files/my.cnf.j2
        dest: /root/.my.cnf
        owner: root
        group: root
        mode: "0644"
      vars:
        MYSQL_ROOT_PASSWORD: "{{mysql_root_password}}"
      no_log: true
    - name: "mysql/secure : Delete anonymous MySQL user"
      mysql_user: name="" host="{{item}}" state=absent
      with_items:
        - localhost
        - "{{ansible_nodename}}"
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: "mysql/secure : Delete Hostname based MySQL user"
      mysql_user: user=root host="{{ansible_nodename}}" state=absent
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: "mysql/secure : Remove MySQL test database"
      mysql_db: name=test state=absent
      no_log: true
      when: not MYSQL_SECURED_RESULT.stat.exists
    - name: "mysql/secure : Create .secured lock file"
      file:
        state: touch
        path: /var/lib/mysql/.secured
        owner: root
        group: root
      when: not MYSQL_SECURED_RESULT.stat.exists