46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
- hosts: localhost
|
|
tasks:
|
|
- name: "mysql/secure : Test if mysql has been secured"
|
|
stat:
|
|
path: /var/lib/mysql/.secured
|
|
register: MYSQL_SECURED_RESULT
|
|
- name: "mysql/secure : Set the root password"
|
|
mysql_user: user=root password="{{mysql_root_password}}" host="{{item}}"
|
|
with_items:
|
|
- 127.0.0.1
|
|
- ::1
|
|
- localhost
|
|
no_log: true
|
|
when: not MYSQL_SECURED_RESULT.stat.exists
|
|
- name: "mysql/secure : Set root my.cnf"
|
|
template:
|
|
src: files/my.cnf.j2
|
|
dest: /root/.my.cnf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
vars:
|
|
MYSQL_ROOT_PASSWORD: "{{mysql_root_password}}"
|
|
no_log: true
|
|
- name: "mysql/secure : Delete anonymous MySQL user"
|
|
mysql_user: name="" host="{{item}}" state=absent
|
|
with_items:
|
|
- localhost
|
|
- "{{ansible_nodename}}"
|
|
no_log: true
|
|
when: not MYSQL_SECURED_RESULT.stat.exists
|
|
- name: "mysql/secure : Delete Hostname based MySQL user"
|
|
mysql_user: user=root host="{{ansible_nodename}}" state=absent
|
|
no_log: true
|
|
when: not MYSQL_SECURED_RESULT.stat.exists
|
|
- name: "mysql/secure : Remove MySQL test database"
|
|
mysql_db: name=test state=absent
|
|
no_log: true
|
|
when: not MYSQL_SECURED_RESULT.stat.exists
|
|
- name: "mysql/secure : Create .secured lock file"
|
|
file:
|
|
state: touch
|
|
path: /var/lib/mysql/.secured
|
|
owner: root
|
|
group: root
|
|
when: not MYSQL_SECURED_RESULT.stat.exists
|