diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/bacula-dir/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/common-SQL/files/etc/mysql/my.cnf | 1 | ||||
| -rw-r--r-- | roles/common-SQL/tasks/main.yml | 14 | ||||
| -rw-r--r-- | roles/common/files/etc/logcheck/ignore.d.server/common-local | 2 | ||||
| -rw-r--r-- | roles/lists/tasks/sympa.yml | 6 |
5 files changed, 9 insertions, 16 deletions
diff --git a/roles/bacula-dir/tasks/main.yml b/roles/bacula-dir/tasks/main.yml index 5a23dc5..4cacc6e 100644 --- a/roles/bacula-dir/tasks/main.yml +++ b/roles/bacula-dir/tasks/main.yml @@ -5,7 +5,7 @@ - bacula-director-mysql - name: Create a 'bacula' SQL user - mysql_user2: name=bacula password= auth_plugin=auth_socket + mysql_user2: name=bacula password= auth_plugin=unix_socket state=present notify: - Restart bacula-director diff --git a/roles/common-SQL/files/etc/mysql/my.cnf b/roles/common-SQL/files/etc/mysql/my.cnf index 6caeb64..e1dff58 100644 --- a/roles/common-SQL/files/etc/mysql/my.cnf +++ b/roles/common-SQL/files/etc/mysql/my.cnf @@ -35,7 +35,6 @@ nice = 0 user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock -plugin-load = auth_socket=auth_socket.so port = 3306 basedir = /usr datadir = /var/lib/mysql diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml index 9064a68..73b6878 100644 --- a/roles/common-SQL/tasks/main.yml +++ b/roles/common-SQL/tasks/main.yml @@ -1,14 +1,8 @@ -# XXX If #742046 gets fixed, we should preseed mysql-server to use -# auth_socket as auth_plugin once the fix enters stable. -- name: Install MySQL +- name: Install MariaDB apt: pkg={{ item }} with_items: - # XXX: In non-interactive mode apt-get doesn't put a password on - # MySQL's root user; we fix that on the next task, but an intruder - # could exploit the race condition and for instance create dummy - # users. - - mysql-common - - mysql-server + - mariadb-common + - mariadb-server - python-mysqldb # for the 'mysql_' munin plugin - libcache-cache-perl @@ -28,7 +22,7 @@ # XXX Dirty fix for #742046 - name: Force root to use UNIX permissions - mysql_user2: name=root password= auth_plugin=auth_socket + mysql_user2: name=root password= auth_plugin=unix_socket soname=auth_socket.so state=present - name: Disallow anonymous and TCP/IP root login diff --git a/roles/common/files/etc/logcheck/ignore.d.server/common-local b/roles/common/files/etc/logcheck/ignore.d.server/common-local index c2a8d7f..c798120 100644 --- a/roles/common/files/etc/logcheck/ignore.d.server/common-local +++ b/roles/common/files/etc/logcheck/ignore.d.server/common-local @@ -33,7 +33,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+ *\] Peer [.[:digit:]]+:[[:digit:]]+/[[:digit:]]+ unexpectedly shrunk window [[:digit:]]+:[[:digit:]]+ \(repaired\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[.[:digit:]]+" x-pid="[[:digit:]]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd-?([[:digit:]]+): action '[^']+' (resumed \(module '[.[:alnum:]-]+:[.[:alnum:]-]+'\)|suspended, next retry is \w{3} \w{3} [ :[:digit:]]{16}) \[try http://www\.rsyslog\.com/e/\1 \]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-([_a-z]+|<stdin>): Invoked with +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-([_a-z0-9]+|<stdin>): Invoked with ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (sympa\((command|distribute)\)|wwsympa|archived|bounced|bulk|task_manager)\[[[:digit:]]+\]: (info|notice)\s ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wwsympa\[[[:digit:]]+\]: err .* main::check_action_parameters\(\) user not logged in$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rrdcached\[[[:digit:]]+\]: (flushing old values|rotating journals|started new journal /\S+$|removing old journal /\S+$) diff --git a/roles/lists/tasks/sympa.yml b/roles/lists/tasks/sympa.yml index 4aaa2c9..0496c55 100644 --- a/roles/lists/tasks/sympa.yml +++ b/roles/lists/tasks/sympa.yml @@ -1,6 +1,6 @@ - apt: pkg={{ item }} install_recommends=no with_items: - - mysql-server + - mariadb-server - sympa - libnet-dns-perl - libnet-dns-sec-perl @@ -8,8 +8,8 @@ - libcrypt-smime-perl - libcrypt-openssl-x509-perl -- name: Make the 'sympa' MySQL user use auth_socket - mysql_user2: name=sympa password= auth_plugin=auth_socket +- name: Make the 'sympa' MySQL user use unix_socket + mysql_user2: name=sympa password= auth_plugin=unix_socket state=present # XXX We want to change the retun-path for sendpasswd notices from |