ansible答案mysql_secure_installation

use*_*893 11 bash ansible

我无法实现如何编写任务,即回答mysql_secure_installation脚本问题.

我只有

shell: mysql_secure_installation  <<< '1111' executable=/bin/bash
Run Code Online (Sandbox Code Playgroud)

并没有关于如何继续回答的想法.解决这个问题的最佳方法是什么?提前致谢!

leu*_*cos 30

我认为你最好的选择是编写一个将重现mysql_secure_installation脚本的剧本(或者更好,改变你的mysql角色).有几个原因 :

  • 每次你运行你的剧本时,剧本总会返回'改变',这不是你想要的
  • 编写任务更灵活:您可以根据设置添加,删除,更改和调整您想要执行的操作
  • 你可以在这个过程中学习

基本上,mysql_secure_installation这样做:

  1. 设置root密码
  2. 删除匿名用户
  3. 删除根远程访问
  4. 删除测试数据库

假设你已经设置了mysql_root_password,并添加了python-mysqldb,如下所示:

    - name: Adds Python MySQL support on Debian/Ubuntu
      apt: pkg="python-mysqldb" state=present
      when: ansible_os_family == 'Debian'

    - name: Adds Python MySQL support on RedHat/CentOS
      yum: name=MySQL-python state=present
      when: ansible_os_family == 'RedHat'
Run Code Online (Sandbox Code Playgroud)

这可以这样完成:

  • 设置root密码

    - name: Sets the root password 
      mysql_user: user=root password="{{ mysql_root_password }}" host=localhost
    
    Run Code Online (Sandbox Code Playgroud)
  • 删除匿名用户

    - name: Deletes anonymous MySQL server user for ansible_fqdn
      mysql_user: user="" host="{{ ansible_fqdn }}" state="absent"
    
    - name: Deletes anonymous MySQL server user for localhost
      mysql_user: user="" state="absent"
    
    Run Code Online (Sandbox Code Playgroud)
  • 删除root远程访问

    - name: Secures the MySQL root user for IPV6 localhost (::1)
      mysql_user: user="root" password="{{ mysql_root_password }}" host="::1"
    
    - name: Secures the MySQL root user for IPV4 localhost (127.0.0.1)
      mysql_user: user="root" password="{{ mysql_root_password }}" host="127.0.0.1"
    
    - name: Secures the MySQL root user for localhost domain (localhost)
      mysql_user: user="root" password="{{ mysql_root_password }}" host="localhost"
    
    - name: Secures the MySQL root user for server_hostname domain
      mysql_user: user="root" password="{{ mysql_root_password }}" host="{{ ansible_fqdn }}"
    
    Run Code Online (Sandbox Code Playgroud)
  • 删除测试数据库

    - name: Removes the MySQL test database
      mysql_db: db=test state=absent
    
    Run Code Online (Sandbox Code Playgroud)

这应该做到这一点.请注意,我快速浏览了一下mysql_secure_installation我的系统.我可能跳过了某些内容,或者其他版本中可能还有其他步骤.YMMV!

  • 如果没有"state = absent",删除root远程访问的那些命令实际上不会确保您具有root远程访问权限吗? (3认同)

Rod*_*yas 5

这对我有用:

- name: Adds Python MySQL support on Debian/Ubuntu
  apt: pkg="python-mysqldb" state=present
  when: ansible_os_family == 'Debian'

- name: Adds Python MySQL support on RedHat/CentOS
  yum: name=MySQL-python state=present
  when: ansible_os_family == 'RedHat'

- name: Set the root password 
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}"

- name: Secure the root user for IPV6 localhost (::1)
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="::1"

- name: Secure the root user for IPV4 localhost (127.0.0.1)
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="127.0.0.1"

- name: Secure the root user for localhost domain
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="localhost"

- name: Secure the root user for server_hostname domain
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="{{ ansible_fqdn }}"

- name: Deletes anonymous server user
  mysql_user: login_user=root login_password="{{ root_password }}" user="" host_all=yes state=absent

- name: Removes the test database
  mysql_db: login_user=root login_password="{{ root_password }}" db=test state=absent
Run Code Online (Sandbox Code Playgroud)