# XXX If #742046 gets fixed, we should preseed mysql-server to use # auth_socket as auth_plugin once the fix enters stable. - name: Install MySQL apt: pkg={{ item }} with_items: # XXX: In non-interactive mode apt-get doesn't put a password on # MySQL's root user; we fix that on the next task, but an intruder # could exploit the race condition and for instance create dummy # users. - mysql-common - mysql-server - python-mysqldb - name: Copy MySQL's configuration copy: src=etc/mysql/my.cnf dest=/etc/mysql/my.cnf owner=root group=root mode=0644 register: r notify: - Restart MySQL # We need to restart now and load the relevant authplugin before we # connect to the database. - meta: flush_handlers # XXX Dirty fix for #742046 - name: Force root to use UNIX permissions mysql_user: name=root auth_plugin=auth_socket state=present - name: Disallow anonymous and TCP/IP root login mysql_user: name={{ item.name|default('') }} host={{ item.host }} state=absent with_items: - { host: '{{ inventory_hostname_short }}' } - { host: 'localhost' } - { host: '127.0.0.1'} - { host: '::1'} - { name: root, host: '{{ inventory_hostname_short }}' } - { name: root, host: '127.0.0.1'} - { name: root, host: '::1'} - name: Start MySQL service: name=mysql state=started