diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2013-11-27 01:26:36 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:50:57 +0200 |
commit | 3d8b0ac104dee68b47d9a4d2ef622e7f1acdd7a4 (patch) | |
tree | 3de7324399fdc31ee6f946ffddc613d7742fa3d0 /roles/common-SQL/tasks | |
parent | a03f59d589e65366fb0194534cb6aa2a36176bc4 (diff) |
Reorganization.
Diffstat (limited to 'roles/common-SQL/tasks')
-rw-r--r-- | roles/common-SQL/tasks/main.yml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml new file mode 100644 index 0000000..e32c863 --- /dev/null +++ b/roles/common-SQL/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Install MySQL + apt: pkg={{ item }} + with_items: + # XXX: In non-interactive mode apt-get doesn't put a password on + # MySQL's root user; we fix that on the next task, but an intruder + # could exploit the race condition and for instance create dummy + # users. + - mysql-common + - mysql-server + - python-mysqldb + +- name: Force root to use UNIX permissions + mysql_user: name=root auth_plugin=auth_socket + state=present + +- name: Disallow anonymous and TCP/IP root login + mysql_user: name={{ item.name|default('') }} host={{ item.host }} + state=absent + with_items: + - { host: '{{ inventory_hostname_short }}' } + - { host: 'localhost' } + - { host: '127.0.0.1'} + - { host: '::1'} + - { name: root, host: '{{ inventory_hostname_short }}' } + - { name: root, host: '127.0.0.1'} + - { name: root, host: '::1'} + +- name: Start MySQL + service: name=mysql state=started |