有没有办法如何使用Ansible mysql_user模块(或使用任何其他模块)授予MySQL管理权限?我想设置SUPER,RELOAD并SHOW DATABASES特权用户与其他一些特定的数据库PRIVS一起.
以下基本设置对我很有用:
- name: Set user privileges
mysql_user:
user={{ mysql_user }}
password={{ mysql_password }}
state=present
priv={{ item }}
with_items:
- 'somedatabase.*:ALL'
- 'someotherdatabase.*:ALL'
...结果是:
TASK: [db | Set user privileges]
**********************************************
ok: [dbuser] => (item=somedatabase.*:ALL)
ok: [dbuser] => (item=someotherdatabase.*:ALL)
以下设置一直说"已更改",并且权限不是人们所期望的:
- name: Set user privileges
mysql_user:
user={{ mysql_user }}
password={{ mysql_password }}
state=present
priv={{ item }}
with_items:
- '*.*:SUPER,RELOAD,SHOW\ DATABASES'
- 'somedatabase.*:ALL'
- 'someotherdatabase.*:ALL'
(重复)运行:
TASK: [db | Set user privileges]
**********************************************
changed: [dbuser] => (item=*.*:SUPER,RELOAD,SHOW\ DATABASES)
changed: [dbuser] => (item=somedatabase.*:ALL)
ok: [dbuser] => (item=someotherdatabase.*:ALL)
结果是:
mysql> show grants for 'dbuser'@'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for dbuser@localhost |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'dbuser'@'localhost' IDENTIFIED BY PASSWORD '*2046D2DDAE359F311435E8B4D3776EFE13FB584C' |
| GRANT ALL PRIVILEGES ON `somedatabase`.* TO 'dbuser'@'localhost' |
| GRANT ALL PRIVILEGES ON `someotherdatabase`.* TO 'dbuser'@'localhost' |
+---------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
有谁知道如何:
SUPER,RELOAD和SHOW DATABASE管理.特权?Ika*_*ský 14
毕竟找到了优雅的解决方案!首先,应该将某些权限定义为列表:
$ cat group_vars/dbservers
mysql_privileges:
- 'somedatabase.*:ALL'
- 'someotherdatabase.*:ALL'
- '*.*:SUPER,RELOAD,SHOW\ DATABASES'
然后mysql_user插件不需要附加权限,只需使用文档中提到的权限字符串,格式如下:mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL.
唯一的技巧是如何将列表转换为字符串:
- name: Set user privileges
mysql_user:
user={{ mysql_user }}
password={{ mysql_password }}
state=present
priv={{ mysql_privileges|join('/') }}
任务的可重复运行不再说改变了:
TASK: [db | Set user privileges]
**********************************************
ok: [dbuser]
发现当切换我能够授予管理员权限的权限时.特权:
- name: Set user privileges
mysql_user:
user={{ mysql_user }}
password={{ mysql_password }}
state=present
append_privs=yes
priv={{ item }}
with_items:
- 'somedatabase.*:ALL'
- 'someotherdatabase.*:ALL'
- '*.*:SUPER,RELOAD,SHOW\ DATABASES'
权限按预期设置:
mysql> show grants for 'dbuser'@'localhost';
+---------------------------------------------------------------------------------------------------------------------------------------+
| Grants for dbuser@localhost |
+---------------------------------------------------------------------------------------------------------------------------------------+
| GRANT RELOAD, SHOW DATABASES, SUPER ON *.* TO 'dbuser'@'localhost' IDENTIFIED BY PASSWORD '*2046D2DDAE359F311435E8B4D3776EFE13FB584C' |
| GRANT ALL PRIVILEGES ON `somedatabase`.* TO 'dbuser'@'localhost' |
| GRANT ALL PRIVILEGES ON `someotherdatabase`.* TO 'dbuser'@'localhost' |
+---------------------------------------------------------------------------------------------------------------------------------------+
虽然任务仍然不是幂等的.每次跑步都给了我:
TASK: [db | Set user privileges]
**********************************************
changed: [dbuser] => (item=somedatabase.*:ALL)
ok: [dbuser] => (item=someotherdatabase.*:ALL)
changed: [dbuser] => (item=*.*:SUPER,RELOAD,SHOW\ DATABASES)
不需要使用列表技巧,您可以设置多个权限,并用斜杠分隔:
- name: Set user privileges
mysql_user:
user: {{ mysql_user }}
password: {{ mysql_password }}
state: present
priv: 'somedatabase.*:ALL/someotherdatabase.*:ALL/*.*:SUPER,RELOAD,SHOW DATABASES'
或更短:
- name: Set user privileges
mysql_user: user={{ mysql_user }}
password={{ mysql_password }}
state=present
priv='somedatabase.*:ALL/someotherdatabase.*:ALL/*.*:SUPER,RELOAD,SHOW DATABASES'
| 归档时间: |
|
| 查看次数: |
12370 次 |
| 最近记录: |