Take a look at this Ansible Module, it provides an easy and idempotent way for mysql_secure_installation in AnsibleĮxample - with a fresh MySQL Installation - name: test mysql_secure_installationĮxample - Change an existing root password - name: test mysql_secure_installationįor usage: All you have to do is create a dir called library in your playbooks or role's dir and copy the mysql_secure_installation. If none are present, the module will attempt to read the credentials from ~/.my.cnf, and finally fall back to using the MySQL default login of ‘root’ with no password. ansible-mysql_user_module, notesīoth login_password and login_user are required when you are passing credentials. Subsequent runs of the playbook will then succeed by reading the new credentials from the file. The second must drop a ~/.my.cnf file containing the new root credentials. my.cnf save below client userroot password asdfghjkl then only type MySQL and you will be able to connect to the server. 2: Create a file in root home as below cd vi. To secure this user as part of an idempotent playbook, you must create at least two tasks: the first must change the root user’s password, without providing any login_user/login_password details. mysql login-pathmysql1 You will immediately be taken to the MySQL prompt on the MySQL server on. Relevant notes from ansible-mysql_user_module-documentation: my.cnf already exists, this will cause an mysql-root-password update. Reset your MySQL password on Windows PC without requiring the old password. On the present system(s), ~/.my.cnf is kind of storage for current local mysql-credentials. The big advantage of this approach is having only one variable "mysql_root_password", which is always the correct one from a playbook's point-of-view. Task nr.2 will create ~/.my.cnf, oroverwrite existing old credentials ~/.my.cnf with new ones. Do not ever give anyone (except the mysql root user) access to the user table in the mysql database This is critical. On a present system, credentials from ~/.my.cnf are used to login and set password to mysql_root_password. Task nr.1 will create mysql-root-user with given credentials. On a new system, ~/.my.cnf is not present. Afterwards, you have a task, which creates a ~/.my.cnf with the correct credentials (nr.2). The trick is to have a task "Set root password"(nr.1), which will set the password. You can misuse ~/.my.cnf for being able to change the mysql-root-password. It looks like this playbook uses the root password in both the roles/mariadb/tasks/main.yml playbook and also roles/wordpress-setup/tasks/database.yml so you might want to run the whole server.yml playbook to make sure this is set up properly. So your group_vars/production should now contain: mysql_old_root_password: productionpw Default root user has no password, should secure it. Login_password=""Īnd then update the relevant inventory files to add this new variable. MySQL 101 MySQL users are different set of user than Unix or Windows OS user. The problem you have is that Ansible is trying to use the same root password to login as you want to change it to: - name: Set root user password
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |