add a secure mysql setup to the ansible role
This commit is contained in:
parent
3d349653c3
commit
8576939ae7
|
@ -8,5 +8,7 @@
|
||||||
regexp='(<[dD]irectory /var/www/>[^<]*)AllowOverride None'
|
regexp='(<[dD]irectory /var/www/>[^<]*)AllowOverride None'
|
||||||
replace='\1AllowOverride All'
|
replace='\1AllowOverride All'
|
||||||
|
|
||||||
|
- include: mariadb.yml
|
||||||
|
|
||||||
- name: Restart apache service
|
- name: Restart apache service
|
||||||
service: name=apache2 state=restarted
|
service: name=apache2 state=restarted
|
||||||
|
|
|
@ -0,0 +1,77 @@
|
||||||
|
---
|
||||||
|
- name: "[mySQL] - Service is installed."
|
||||||
|
package: "name=mariadb-server state=present"
|
||||||
|
register: db_install
|
||||||
|
|
||||||
|
- name: "[mySQL] - the python module mysqldb is present"
|
||||||
|
# needed by mysql_* ansible modules
|
||||||
|
package: name=python-mysqldb state=present
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: "[mySQL] - generate mysql root Password:"
|
||||||
|
set_fact: mysql_root_pwd="{{ lookup( '/mysql_root.pwd' ) }}"
|
||||||
|
when: mysql_root_pwd is not defined
|
||||||
|
|
||||||
|
- name: "[mySQL] - Update mysql root password"
|
||||||
|
mysql_user:
|
||||||
|
name: root
|
||||||
|
host: "{{ item }}"
|
||||||
|
password: "{{ mysql_root_pwd }}"
|
||||||
|
login_user: root
|
||||||
|
login_password: ""
|
||||||
|
check_implicit_admin: yes
|
||||||
|
priv: "*.*:ALL,GRANT"
|
||||||
|
with_items:
|
||||||
|
- 127.0.0.1
|
||||||
|
- ::1
|
||||||
|
- localhost
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: "[mySQL] - Delete the anonymous user."
|
||||||
|
mysql_user:
|
||||||
|
user: ""
|
||||||
|
state: "absent"
|
||||||
|
login_password: "{{ mysql_root_pwd }}"
|
||||||
|
login_user: root
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: "[mySQL] - Removes the MySQL test database"
|
||||||
|
mysql_db:
|
||||||
|
name: test
|
||||||
|
state: absent
|
||||||
|
login_password: "{{ mysql_root_pwd }}"
|
||||||
|
login_user: root
|
||||||
|
ignore_errors: yes
|
||||||
|
when: db_install.changed
|
||||||
|
|
||||||
|
- name: "[mySQL] - Check credentials"
|
||||||
|
stat: "path=/root/.my.cnf"
|
||||||
|
register: mycred
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: "[mySQL] - Make the file .my.cnf"
|
||||||
|
file: path=/root/.my.cnf state=touch mode="0640"
|
||||||
|
|
||||||
|
- name: "[mySQL] - Add content to .my.cnf"
|
||||||
|
blockinfile:
|
||||||
|
dest: /root/.my.cnf
|
||||||
|
block: |
|
||||||
|
[client]
|
||||||
|
user=root
|
||||||
|
password="{{ mysql_root_pwd }}"
|
||||||
|
when: mycred.stat.exists is defined and not mycred.stat.exists
|
||||||
|
|
||||||
|
- name: "[mySQL] - Generate database user Password."
|
||||||
|
set_fact: db_pwd="{{ lookup( '/db_admin.pwd' ) }}"
|
||||||
|
when: db_pwd is not defined
|
||||||
|
|
||||||
|
- name: "[mySQL] - Add Database {{ db_name }}."
|
||||||
|
mysql_db: name={{ db_name }} state=present
|
||||||
|
|
||||||
|
- name: "[mySQL] - Configure the database user."
|
||||||
|
mysql_user:
|
||||||
|
name: "{{ db_admin }}"
|
||||||
|
password: "{{ db_pwd }}"
|
||||||
|
priv: "{{ db_name }}.*:ALL"
|
||||||
|
state: present
|
||||||
|
|
|
@ -2,8 +2,12 @@
|
||||||
apt_packages:
|
apt_packages:
|
||||||
- apache2
|
- apache2
|
||||||
- python3-django
|
- python3-django
|
||||||
- mariadb-server
|
|
||||||
- libapache2-mod-wsgi-py3
|
- libapache2-mod-wsgi-py3
|
||||||
|
|
||||||
open_tcp_ports:
|
open_tcp_ports:
|
||||||
- 80
|
- 80
|
||||||
|
|
||||||
|
db_name: "webshopdb"
|
||||||
|
db_admin: "webshop"
|
||||||
|
db_pwd: "2YKtY53F3HDDzPyExAaSh3jdVNh6VN"
|
||||||
|
mysql_root_pwd: "4Dto2NaEpdoFg67eHXzpHWazG4MG3i"
|
||||||
|
|
Loading…
Reference in New Issue