86 lines
2.1 KiB
YAML
86 lines
2.1 KiB
YAML
---
|
|
- name: Install MySQLdb Python Package
|
|
apt:
|
|
pkg:
|
|
- python3-mysqldb
|
|
state: present
|
|
|
|
- name: Add MariaDB Configuration File
|
|
template:
|
|
src: mariadb.cnf
|
|
dest: /etc/mysql/conf.d/settings.cnf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Get All Users
|
|
mysql_query:
|
|
login_user: root
|
|
login_password: "{{ mariadb_root_password }}"
|
|
login_db: mysql
|
|
query:
|
|
- "select user from mysql.user where user != 'root' or user!= 'debian-sys-maint' and host = 'localhost';"
|
|
register: user
|
|
|
|
- name: Create List of Users
|
|
set_fact:
|
|
users: "{{ users|default([]) + [item] | reject('search','root') | reject('search','mariadb.sys') | reject('search','mysql') | reject('search','debian-sys-maint') }}"
|
|
with_items:
|
|
- "{{ user.query_result[0]|map(attribute='User') }}"
|
|
|
|
- name: Allow Users to Access from any Host
|
|
mysql_query:
|
|
login_user: root
|
|
login_password: "{{ mariadb_root_password }}"
|
|
query:
|
|
- RENAME USER `{{ item }}`@'localhost' TO `{{ item }}`@'%';
|
|
ignore_errors: true
|
|
with_items: '{{users}}'
|
|
|
|
- name: Allow Remote root Login
|
|
mysql_user:
|
|
login_user: root
|
|
login_password: "{{ mariadb_root_password }}"
|
|
check_implicit_admin: yes
|
|
name: root
|
|
host: "{{ item }}"
|
|
priv: "*.*:ALL,GRANT"
|
|
password: "{{ mariadb_root_password }}"
|
|
state: present
|
|
with_items:
|
|
- localhost
|
|
- 127.0.0.1
|
|
- ::1
|
|
- "{{ private_ip }}"
|
|
- "%"
|
|
|
|
- name: Bind MariaDB to Private IP Address
|
|
lineinfile:
|
|
dest: /etc/mysql/conf.d/settings.cnf
|
|
regexp: "^bind-address"
|
|
line: "bind-address = {{ private_ip }}"
|
|
insertafter: '\[mysqld\]'
|
|
state: present
|
|
|
|
- name: Restart MariaDB Service
|
|
service:
|
|
name: mysql
|
|
state: restarted
|
|
|
|
- name: Add Jingrow User to MySQL Group
|
|
user:
|
|
name: jingrow
|
|
groups:
|
|
- mysql
|
|
append: true
|
|
|
|
- name: Create Monitor User
|
|
mysql_user:
|
|
login_user: root
|
|
login_password: "{{ mariadb_root_password }}"
|
|
check_implicit_admin: yes
|
|
name: monitor
|
|
host: "%"
|
|
priv: "sys.*:SELECT"
|
|
password: "monitor"
|
|
state: present |