1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Merge pull request #2488 from jvonau/mariaDB

MariaDB [rework security, eliminate {{ mysql_root_password }}]
This commit is contained in:
A Holt 2020-08-24 14:17:09 -04:00 committed by GitHub
commit 800f3d30ec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 35 additions and 57 deletions

View file

@ -10,8 +10,8 @@
password: "{{ dbpassword }}"
priv: "{{ dbname }}.*:ALL"
with_items:
- 127.0.0.1
- ::1
# - 127.0.0.1
# - ::1
- localhost
- name: Create /tmp/elggdb.sql from template, to load database

View file

@ -1,9 +0,0 @@
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
# mysql_install: True
# mysql_enabled: True
## mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
# mysql_root_password: fixmysql
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

View file

@ -113,42 +113,31 @@
owner: root
mode: '0600'
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
# unfortunately it still doesn't work
- name: Update MySQL root password for localhost root accounts
mysql_user:
name: root
host: localhost
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
#- name: Remove the MySQL 'test' database
# mysql_db:
# db: test
# state: absent
- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1)
mysql_user:
name: root
host: "{{ item }}"
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
with_items:
#- "{{ iiab_hostname }}.{{ iiab_domain }}"
- 127.0.0.1
- ::1
#- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
# mysql_user:
# user: ""
# host: "{{ ansible_hostname }}"
# state: absent
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
mysql_user:
user: ""
host: "{{ ansible_hostname }}"
state: absent
#- name: Delete anonymous MySQL server user for localhost
# mysql_user:
# user: ""
# state: absent
- name: Delete anonymous MySQL server user for localhost
mysql_user:
user: ""
state: absent
- name: Remove the MySQL 'test' database
mysql_db:
db: test
state: absent
#- name: Create MySQL root password for root accounts on (127.0.0.1, ::1)
# mysql_user:
# name: root
# host: "{{ item }}"
# password: "{{ mysql_root_password }}"
# priv: "*.*:ALL,GRANT"
# with_items:
# - 127.0.0.1
# - ::1
# RECORD MySQL AS INSTALLED

View file

@ -1,4 +1,4 @@
[client]
user=root
password={{ mysql_root_password }}
socket=/run/mysqld/mysqld.sock
user = root
password =
socket = /run/mysqld/mysqld.sock

View file

@ -9,8 +9,8 @@
password: "{{ nextcloud_dbpassword }}"
priv: "{{ nextcloud_dbname }}.*:ALL,GRANT"
with_items:
- 127.0.0.1
- ::1
# - 127.0.0.1
# - ::1
- localhost

View file

@ -49,9 +49,9 @@
name: "{{ asterisk_db_user }}"
password: "{{ asterisk_db_password }}"
priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
login_host: "{{ asterisk_db_host }}"
login_user: "root"
login_password: "{{ mysql_root_password }}"
# login_host: "{{ asterisk_db_host }}"
# login_user: "root"
# login_password: "{{ mysql_root_password }}"
host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}"
state: present
@ -60,9 +60,9 @@
name: "{{ asterisk_db_dbname }}"
encoding: utf8
collation: utf8_general_ci
login_host: "{{ asterisk_db_host }}"
login_user: "root"
login_password: "{{ mysql_root_password }}"
# login_host: "{{ asterisk_db_host }}"
# login_user: "root"
# login_password: "{{ mysql_root_password }}"
state: present
- name: FreePBX - Add cdr mysql db

View file

@ -243,8 +243,6 @@ admin_console_enabled: True
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
mysql_install: True
mysql_enabled: True
# mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
mysql_root_password: fixmysql
# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this
# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md