summaryrefslogtreecommitdiffstats
path: root/roles/common-SQL/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-11-27 01:26:36 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:57 +0200
commit3d8b0ac104dee68b47d9a4d2ef622e7f1acdd7a4 (patch)
tree3de7324399fdc31ee6f946ffddc613d7742fa3d0 /roles/common-SQL/tasks
parenta03f59d589e65366fb0194534cb6aa2a36176bc4 (diff)
Reorganization.
Diffstat (limited to 'roles/common-SQL/tasks')
-rw-r--r--roles/common-SQL/tasks/main.yml29
1 files changed, 29 insertions, 0 deletions
diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml
new file mode 100644
index 0000000..e32c863
--- /dev/null
+++ b/roles/common-SQL/tasks/main.yml
@@ -0,0 +1,29 @@
+- name: Install MySQL
+ apt: pkg={{ item }}
+ with_items:
+ # XXX: In non-interactive mode apt-get doesn't put a password on
+ # MySQL's root user; we fix that on the next task, but an intruder
+ # could exploit the race condition and for instance create dummy
+ # users.
+ - mysql-common
+ - mysql-server
+ - python-mysqldb
+
+- name: Force root to use UNIX permissions
+ mysql_user: name=root auth_plugin=auth_socket
+ state=present
+
+- name: Disallow anonymous and TCP/IP root login
+ mysql_user: name={{ item.name|default('') }} host={{ item.host }}
+ state=absent
+ with_items:
+ - { host: '{{ inventory_hostname_short }}' }
+ - { host: 'localhost' }
+ - { host: '127.0.0.1'}
+ - { host: '::1'}
+ - { name: root, host: '{{ inventory_hostname_short }}' }
+ - { name: root, host: '127.0.0.1'}
+ - { name: root, host: '::1'}
+
+- name: Start MySQL
+ service: name=mysql state=started