summaryrefslogtreecommitdiffstats
path: root/roles/common-SQL/tasks/main.yml
blob: b5c67737a3d8279ad65cb5cd27446795c1b40168 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# XXX If #742046 gets fixed, we should preseed mysql-server to use
# auth_socket as auth_plugin once the fix enters stable.
- name: Install MySQL
  apt: pkg={{ item }}
  with_items:
    # XXX: In non-interactive mode apt-get doesn't put a password on
    # MySQL's root user; we fix that on the next task, but an intruder
    # could exploit the race condition and for instance create dummy
    # users.
    - mysql-common
    - mysql-server
    - python-mysqldb

- name: Copy MySQL's configuration
  copy: src=etc/mysql/my.cnf
        dest=/etc/mysql/my.cnf
        owner=root group=root
        mode=0644
  register: r
  notify:
    - Restart MySQL

# We need to restart now and load the relevant authplugin before we
# connect to the database.
- meta: flush_handlers

# XXX Dirty fix for #742046
- name: Force root to use UNIX permissions
  mysql_user: name=root password= auth_plugin=auth_socket
              state=present

- name: Disallow anonymous and TCP/IP root login
  mysql_user: name={{ item.name|default('') }} host={{ item.host }}
              state=absent
  with_items:
    - {             host: '{{ inventory_hostname_short }}' }
    - {             host: 'localhost' }
    - {             host: '127.0.0.1'}
    - {             host: '::1'}
    - { name: root, host: '{{ inventory_hostname_short }}' }
    - { name: root, host: '127.0.0.1'}
    - { name: root, host: '::1'}

- name: Start MySQL
  service: name=mysql state=started