ansible答案mysql_secure_installation

Question

我无法实现如何编写任务,即回答mysql_secure_installation脚本问题.

我只有

shell: mysql_secure_installation  <<< '1111' executable=/bin/bash

并没有关于如何继续回答的想法.解决这个问题的最佳方法是什么？提前致谢!

Answer 1

我认为你最好的选择是编写一个将重现mysql_secure_installation脚本的剧本(或者更好,改变你的mysql角色).有几个原因 :

• 每次你运行你的剧本时,剧本总会返回'改变',这不是你想要的
• 编写任务更灵活:您可以根据设置添加,删除,更改和调整您想要执行的操作
• 你可以在这个过程中学习

基本上,mysql_secure_installation这样做:

1. 设置root密码
2. 删除匿名用户
3. 删除根远程访问
4. 删除测试数据库

假设你已经设置了mysql_root_password,并添加了python-mysqldb,如下所示:

    - name: Adds Python MySQL support on Debian/Ubuntu
      apt: pkg="python-mysqldb" state=present
      when: ansible_os_family == 'Debian'

    - name: Adds Python MySQL support on RedHat/CentOS
      yum: name=MySQL-python state=present
      when: ansible_os_family == 'RedHat'

这可以这样完成:

• 设置root密码

  - name: Sets the root password 
    mysql_user: user=root password="{{ mysql_root_password }}" host=localhost
  

• 删除匿名用户

  - name: Deletes anonymous MySQL server user for ansible_fqdn
    mysql_user: user="" host="{{ ansible_fqdn }}" state="absent"
  
  - name: Deletes anonymous MySQL server user for localhost
    mysql_user: user="" state="absent"
  

• 删除root远程访问

  - name: Secures the MySQL root user for IPV6 localhost (::1)
    mysql_user: user="root" password="{{ mysql_root_password }}" host="::1"
  
  - name: Secures the MySQL root user for IPV4 localhost (127.0.0.1)
    mysql_user: user="root" password="{{ mysql_root_password }}" host="127.0.0.1"
  
  - name: Secures the MySQL root user for localhost domain (localhost)
    mysql_user: user="root" password="{{ mysql_root_password }}" host="localhost"
  
  - name: Secures the MySQL root user for server_hostname domain
    mysql_user: user="root" password="{{ mysql_root_password }}" host="{{ ansible_fqdn }}"
  

• 删除测试数据库

  - name: Removes the MySQL test database
    mysql_db: db=test state=absent
  

这应该做到这一点.请注意,我快速浏览了一下mysql_secure_installation我的系统.我可能跳过了某些内容,或者其他版本中可能还有其他步骤.YMMV!

Answer 2

这对我有用：

- name: Adds Python MySQL support on Debian/Ubuntu
  apt: pkg="python-mysqldb" state=present
  when: ansible_os_family == 'Debian'

- name: Adds Python MySQL support on RedHat/CentOS
  yum: name=MySQL-python state=present
  when: ansible_os_family == 'RedHat'

- name: Set the root password 
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}"

- name: Secure the root user for IPV6 localhost (::1)
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="::1"

- name: Secure the root user for IPV4 localhost (127.0.0.1)
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="127.0.0.1"

- name: Secure the root user for localhost domain
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="localhost"

- name: Secure the root user for server_hostname domain
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="{{ ansible_fqdn }}"

- name: Deletes anonymous server user
  mysql_user: login_user=root login_password="{{ root_password }}" user="" host_all=yes state=absent

- name: Removes the test database
  mysql_db: login_user=root login_password="{{ root_password }}" db=test state=absent