blob: a26f5f4a808abf3f6ad6d26a5ebe647e3bf0fd23 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# XXX If #742046 gets fixed, we should preseed mysql-server to use
# auth_socket as auth_plugin once the fix enters stable.
- name: Install MySQL
apt: pkg={{ item }}
with_items:
# XXX: In non-interactive mode apt-get doesn't put a password on
# MySQL's root user; we fix that on the next task, but an intruder
# could exploit the race condition and for instance create dummy
# users.
- mysql-common
- mysql-server
- python-mysqldb
- name: Copy MySQL's configuration
copy: src=etc/mysql/my.cnf
dest=/etc/mysql/my.cnf
owner=root group=root
mode=0644
register: r
notify:
- Restart MySQL
# We need to restart now and load the relevant authplugin before we
# connect to the database.
- meta: flush_handlers
# XXX Dirty fix for #742046
- name: Force root to use UNIX permissions
mysql_user: name=root auth_plugin=auth_socket
state=present
- name: Disallow anonymous and TCP/IP root login
mysql_user: name={{ item.name|default('') }} host={{ item.host }}
state=absent
with_items:
- { host: '{{ inventory_hostname_short }}' }
- { host: 'localhost' }
- { host: '127.0.0.1'}
- { host: '::1'}
- { name: root, host: '{{ inventory_hostname_short }}' }
- { name: root, host: '127.0.0.1'}
- { name: root, host: '::1'}
- name: Start MySQL
service: name=mysql state=started
|