diff options
| -rw-r--r-- | roles/common-LDAP/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/common-SQL/tasks/main.yml | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml index 711954c..3ef02e8 100644 --- a/roles/common-LDAP/tasks/main.yml +++ b/roles/common-LDAP/tasks/main.yml @@ -1,20 +1,22 @@ +# XXX If #742056 gets fixed, we should preseed slapd to use peercreds as +# RootDN once the fix enters stable. - name: Install OpenLDAP apt: pkg={{ item }} with_items: - slapd - ldap-utils - ldapvi - db-util - python-ldap - name: Configure slapd template: src=etc/default/slapd.j2 dest=/etc/default/slapd owner=root group=root mode=0644 register: r1 notify: - Restart slapd # Upon install slapd create and populate a database under /var/lib/ldap. # We clear it up and create a children directory to get finer-grain diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml index 553e269..a26f5f4 100644 --- a/roles/common-SQL/tasks/main.yml +++ b/roles/common-SQL/tasks/main.yml @@ -1,42 +1,45 @@ +# XXX If #742046 gets fixed, we should preseed mysql-server to use +# auth_socket as auth_plugin once the fix enters stable. - name: Install MySQL apt: pkg={{ item }} with_items: # XXX: In non-interactive mode apt-get doesn't put a password on # MySQL's root user; we fix that on the next task, but an intruder # could exploit the race condition and for instance create dummy # users. - mysql-common - mysql-server - python-mysqldb - name: Copy MySQL's configuration copy: src=etc/mysql/my.cnf dest=/etc/mysql/my.cnf owner=root group=root mode=0644 register: r notify: - Restart MySQL # We need to restart now and load the relevant authplugin before we # connect to the database. - meta: flush_handlers +# XXX Dirty fix for #742046 - name: Force root to use UNIX permissions mysql_user: name=root auth_plugin=auth_socket state=present - name: Disallow anonymous and TCP/IP root login mysql_user: name={{ item.name|default('') }} host={{ item.host }} state=absent with_items: - { host: '{{ inventory_hostname_short }}' } - { host: 'localhost' } - { host: '127.0.0.1'} - { host: '::1'} - { name: root, host: '{{ inventory_hostname_short }}' } - { name: root, host: '127.0.0.1'} - { name: root, host: '::1'} - name: Start MySQL service: name=mysql state=started |