summaryrefslogtreecommitdiffstats
path: root/roles/common-SQL/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common-SQL/tasks/main.yml')
-rw-r--r--roles/common-SQL/tasks/main.yml13
1 files changed, 13 insertions, 0 deletions
diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml
index e32c863..553e269 100644
--- a/roles/common-SQL/tasks/main.yml
+++ b/roles/common-SQL/tasks/main.yml
@@ -1,29 +1,42 @@
- name: Install MySQL
apt: pkg={{ item }}
with_items:
# XXX: In non-interactive mode apt-get doesn't put a password on
# MySQL's root user; we fix that on the next task, but an intruder
# could exploit the race condition and for instance create dummy
# users.
- mysql-common
- mysql-server
- python-mysqldb
+- name: Copy MySQL's configuration
+ copy: src=etc/mysql/my.cnf
+ dest=/etc/mysql/my.cnf
+ owner=root group=root
+ mode=0644
+ register: r
+ notify:
+ - Restart MySQL
+
+# We need to restart now and load the relevant authplugin before we
+# connect to the database.
+- meta: flush_handlers
+
- name: Force root to use UNIX permissions
mysql_user: name=root auth_plugin=auth_socket
state=present
- name: Disallow anonymous and TCP/IP root login
mysql_user: name={{ item.name|default('') }} host={{ item.host }}
state=absent
with_items:
- { host: '{{ inventory_hostname_short }}' }
- { host: 'localhost' }
- { host: '127.0.0.1'}
- { host: '::1'}
- { name: root, host: '{{ inventory_hostname_short }}' }
- { name: root, host: '127.0.0.1'}
- { name: root, host: '::1'}
- name: Start MySQL
service: name=mysql state=started
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-19 09:49:37 +0000