roles/common-SQL/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

# XXX If #742046 gets fixed, we should preseed mysql-server to use
# auth_socket as auth_plugin once the fix enters stable.
- name: Install MySQL
  apt: pkg={{ item }}
  with_items:
    # XXX: In non-interactive mode apt-get doesn't put a password on
    # MySQL's root user; we fix that on the next task, but an intruder
    # could exploit the race condition and for instance create dummy
    # users.
    - mysql-common
    - mysql-server
    - python-mysqldb
    # for the 'mysql_' munin plugin
    - libcache-cache-perl

- name: Copy MySQL's configuration
  copy: src=etc/mysql/my.cnf
        dest=/etc/mysql/my.cnf
        owner=root group=root
        mode=0644
  register: r
  notify:
    - Restart MySQL

# We need to restart now and load the relevant authplugin before we
# connect to the database.
- meta: flush_handlers

# XXX Dirty fix for #742046
- name: Force root to use UNIX permissions
  mysql_user2: name=root password= auth_plugin=auth_socket
               state=present

- name: Disallow anonymous and TCP/IP root login
  mysql_user2: name={{ item.name|default('') }} host={{ item.host }}
               state=absent
  with_items:
    - {             host: '{{ inventory_hostname_short }}' }
    - {             host: 'localhost' }
    - {             host: '127.0.0.1'}
    - {             host: '::1'}
    - { name: root, host: '{{ inventory_hostname_short }}' }
    - { name: root, host: '127.0.0.1'}
    - { name: root, host: '::1'}

- name: Start MySQL
  service: name=mysql state=started


- name: Install 'mysql_' Munin wildcard plugin
  file: src=/usr/share/munin/plugins/mysql_
        dest=/etc/munin/plugins/mysql_{{ item }}
        owner=root group=root
        state=link force=yes
  with_items:
    # sudo /usr/share/munin/plugins/mysql_ suggest
    - bin_relay_log
    - commands
    - connections
    - files_tables
    - innodb_bpool
    - innodb_bpool_act
    - innodb_io
    - innodb_log
    - innodb_rows
    - innodb_semaphores
    - innodb_tnx
    - myisam_indexes
    - qcache
    - qcache_mem
    - select_types
    - slow
    - sorts
    - table_locks
    - tmp_tables
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node