Load relevant MySQL authplugins.

Also, turn off all TCP/IP listener ports.

1 files changed, 13 insertions, 0 deletions

diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml
index e32c863..553e269 100644
--- a/roles/common-SQL/tasks/main.yml
+++ b/roles/common-SQL/tasks/main.yml
@@ -1,29 +1,42 @@
 - name: Install MySQL
   apt: pkg={{ item }}
   with_items:
     # XXX: In non-interactive mode apt-get doesn't put a password on
     # MySQL's root user; we fix that on the next task, but an intruder
     # could exploit the race condition and for instance create dummy
     # users.
     - mysql-common
     - mysql-server
     - python-mysqldb
 
+- name: Copy MySQL's configuration
+  copy: src=etc/mysql/my.cnf
+        dest=/etc/mysql/my.cnf
+        owner=root group=root
+        mode=0644
+  register: r
+  notify:
+    - Restart MySQL
+
+# We need to restart now and load the relevant authplugin before we
+# connect to the database.
+- meta: flush_handlers
+
 - name: Force root to use UNIX permissions
   mysql_user: name=root auth_plugin=auth_socket
               state=present
 
 - name: Disallow anonymous and TCP/IP root login
   mysql_user: name={{ item.name|default('') }} host={{ item.host }}
               state=absent
   with_items:
     - {             host: '{{ inventory_hostname_short }}' }
     - {             host: 'localhost' }
     - {             host: '127.0.0.1'}
     - {             host: '::1'}
     - { name: root, host: '{{ inventory_hostname_short }}' }
     - { name: root, host: '127.0.0.1'}
     - { name: root, host: '::1'}
 
 - name: Start MySQL
   service: name=mysql state=started