mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 03:32:12 +00:00
Merge pull request #2990 from georgejhunt/pmychanges
Pmychanges [phpMyAdmin]
This commit is contained in:
A Holt
GitHub
commit
6773f9b18f
8 changed files with 79 additions and 28 deletions
25
roles/phpmyadmin/README.md
Normal file
25
roles/phpmyadmin/README.md
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
## Authentication for Phpmyadmin via MySQL
|
||||
#### Overview
|
||||
Phpmyadmin is a php interface to MySQL tables. It permits a browser client to inspect and modify a MySQL database across a network. It permits a Graphical User interface to achieve almost the same level of control as can be achieed via ssh and the commandline tool "mysql". But for most users, who do not use the text based commandline interface regularly, phpmyadmin is much easier to learn and remember.
|
||||
|
||||
#### Access to MySQL tables all descends from "root".
|
||||
1. When MySQL is installed, it is prepared to create it's own set of users and passwords that is distinct from the usernames and passwords that is maintained by the operating system. Initially the only user permitted to add or change users is a user named "root" who is already signed on (and therefore knows the linux root password). The normal path for person setting up a MySQL database is to use the "mysql" command line tool to create new users and assign passwords.
|
||||
|
||||
1. Phpmyadmin, because it is a browser based HTML php applications, is limited in what it can do, and what it can access, until the "root" user creates users and access privileges, as mentioned above. (HTML servers always run with very low privileges).
|
||||
|
||||
#### Installing Phpmyadmin
|
||||
1. First, a user will need to set phpmyadmin_install: True and phpmyadmin_enabled: True in /etc/iiab/local_vars.yml.
|
||||
2. Then run
|
||||
```
|
||||
cd /opt/iiab/iiab
|
||||
./runrole phpmyadmin
|
||||
```
|
||||
#### Testing Phpmyadmin
|
||||
|
||||
1. It is possible to quickly test your phpmyadmin installation.
|
||||
3. There is a small table already created in your MySQL databaase by the Admin Console called iiab_feedbck.
|
||||
4. A small script creates a user "Admin" with a password "changeme" that has acccess only to this table which can be run:
|
||||
```
|
||||
sudo mysql < /opt/iiab/iiab/roles/phpmyadmin/templates/mkuser
|
||||
```
|
||||
5. Test by browsig to http://box.lan/phpyadmin and entering the credentials username: Admin password: changeme
|
||||
|
|
@ -7,3 +7,4 @@
|
|||
phpmyadmin_version: 5.1.1
|
||||
phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages"
|
||||
phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"
|
||||
phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"
|
||||
|
|
|
|||
|
|
@ -1,9 +1,13 @@
|
|||
# - name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
|
||||
# command: a2ensite phpmyadmin.conf
|
||||
# when: phpmyadmin_enabled
|
||||
# #when: apache_installed is defined and phpmyadmin_enabled
|
||||
- name: Enable phpMyAdmin via nginx, if phpmyadmin_enabled
|
||||
template:
|
||||
src: phpmyadmin.conf.j2
|
||||
dest: "{{ nginx_conf_dir }}/phpmyadmin.conf"
|
||||
when: phpmyadmin_enabled
|
||||
#when: apache_installed is defined and phpmyadmin_enabled
|
||||
|
||||
# - name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
|
||||
# command: a2dissite phpmyadmin.conf
|
||||
# when: not phpmyadmin_enabled
|
||||
# #when: apache_installed is defined and not phpmyadmin_enabled
|
||||
- name: Disable phpMyAdmin via nginx, if not phpmyadmin_enabled
|
||||
file:
|
||||
path: "{{ nginx_conf_dir }}/phpmyadmin.conf"
|
||||
state: absent
|
||||
when: not phpmyadmin_enabled
|
||||
#when: apache_installed is defined and not phpmyadmin_enabled
|
||||
|
|
|
|||
|
|
@ -1,11 +1,14 @@
|
|||
# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
|
||||
# set_fact:
|
||||
# apache_install: True
|
||||
# apache_enabled: True
|
||||
#
|
||||
# - name: APACHE - run 'httpd' role
|
||||
# include_role:
|
||||
# name: httpd
|
||||
- name: Download {{ phpmyadmin_dl_url }} to {{ downloads_dir }}
|
||||
get_url:
|
||||
url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip
|
||||
dest: "{{ downloads_dir }}" # /opt/iiab/downloads
|
||||
timeout: "{{ download_timeout }}" # 200
|
||||
when: internet_available
|
||||
|
||||
- name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist?
|
||||
stat:
|
||||
path: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}" # e.g. /opt/iiab/downloads/phpMyAdmin-5.0.4-all-languages.zip
|
||||
register: phpmyadmin_dl
|
||||
|
||||
|
||||
- name: Unarchive {{ phpmyadmin_dl_url }} (7+ MB) to /opt (60+ MB)
|
||||
|
|
@ -32,12 +35,16 @@
|
|||
owner: "{{ apache_user }}"
|
||||
group: "{{ apache_user }}"
|
||||
|
||||
# - name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template
|
||||
# template:
|
||||
# src: phpmyadmin.j2
|
||||
# dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
|
||||
# #when: apache_installed is defined
|
||||
# Above 3 stanzas set link/tree/contents ownership to {{ apache_user }}:root
|
||||
# OOPS: CHOWN BELOW CHANGED LINK ALONE (TREE/CONTENTS REMAINED root:root)
|
||||
|
||||
# - name: Change the owner of the PHP tree to Apache
|
||||
# shell: "chown -R {{ apache_user }} /opt/phpmyadmin"
|
||||
# #file:
|
||||
# # path: "/opt/{{ phpmyadmin_name_zip }}"
|
||||
# # owner: "{{ apache_user }}"
|
||||
# # recurse: yes
|
||||
# # state: directory
|
||||
|
||||
# RECORD phpMyAdmin AS INSTALLED
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ $i++;
|
|||
$cfg['Servers'][$i]['verbose'] = 'School Server Mysql Database';
|
||||
$cfg['Servers'][$i]['host'] = 'localhost';
|
||||
$cfg['Servers'][$i]['port'] = '';
|
||||
$cfg['Servers'][$i]['socket'] = '';
|
||||
$cfg['Servers'][$i]['socket'] = '/var/run/mysqld/mysqld.sock';
|
||||
$cfg['Servers'][$i]['connect_type'] = 'tcp';
|
||||
$cfg['Servers'][$i]['auth_type'] = 'cookie';
|
||||
$cfg['Servers'][$i]['user'] = 'root';
|
||||
|
|
@ -26,4 +26,5 @@ $cfg['DefaultLang'] = 'en';
|
|||
$cfg['ServerDefault'] = 1;
|
||||
$cfg['UploadDir'] = '';
|
||||
$cfg['SaveDir'] = '';
|
||||
?>
|
||||
?>
|
||||
|
||||
|
|
|
|||
3
roles/phpmyadmin/templates/mkuser
Normal file
3
roles/phpmyadmin/templates/mkuser
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
CREATE USER 'Admin'@'localhost' IDENTIFIED BY 'changeme';
|
||||
GRANT SELECT ON *.* TO 'Admin'@'localhost';
|
||||
FLUSH PRIVILEGES;
|
||||
15
roles/phpmyadmin/templates/phpmyadmin.conf.j2
Normal file
15
roles/phpmyadmin/templates/phpmyadmin.conf.j2
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
location ~ ^/phpmyadmin/(.*)\.php{
|
||||
alias /opt/phpmyadmin/$1.php;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
fastcgi_pass php;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
location /phpmyadmin{
|
||||
root /opt;
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Alias /phpmyadmin /opt/phpmyadmin
|
||||
<Directory /opt/phpmyadmin>
|
||||
AllowOverride all
|
||||
require all granted
|
||||
</Directory>
|
||||
Loading…
Reference in a new issue