mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Merge pull request #2488 from jvonau/mariaDB
MariaDB [rework security, eliminate {{ mysql_root_password }}]
This commit is contained in:
commit
800f3d30ec
7 changed files with 35 additions and 57 deletions
|
@ -10,8 +10,8 @@
|
|||
password: "{{ dbpassword }}"
|
||||
priv: "{{ dbname }}.*:ALL"
|
||||
with_items:
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
# - 127.0.0.1
|
||||
# - ::1
|
||||
- localhost
|
||||
|
||||
- name: Create /tmp/elggdb.sql from template, to load database
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
|
||||
# mysql_install: True
|
||||
# mysql_enabled: True
|
||||
|
||||
## mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
|
||||
# mysql_root_password: fixmysql
|
||||
|
||||
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
|
||||
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
|
@ -113,42 +113,31 @@
|
|||
owner: root
|
||||
mode: '0600'
|
||||
|
||||
# 'localhost' needs to be the last item for idempotency, see
|
||||
# http://ansible.cc/docs/modules.html#mysql-user
|
||||
# unfortunately it still doesn't work
|
||||
- name: Update MySQL root password for localhost root accounts
|
||||
mysql_user:
|
||||
name: root
|
||||
host: localhost
|
||||
password: "{{ mysql_root_password }}"
|
||||
priv: "*.*:ALL,GRANT"
|
||||
#- name: Remove the MySQL 'test' database
|
||||
# mysql_db:
|
||||
# db: test
|
||||
# state: absent
|
||||
|
||||
- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1)
|
||||
mysql_user:
|
||||
name: root
|
||||
host: "{{ item }}"
|
||||
password: "{{ mysql_root_password }}"
|
||||
priv: "*.*:ALL,GRANT"
|
||||
with_items:
|
||||
#- "{{ iiab_hostname }}.{{ iiab_domain }}"
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
#- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
|
||||
# mysql_user:
|
||||
# user: ""
|
||||
# host: "{{ ansible_hostname }}"
|
||||
# state: absent
|
||||
|
||||
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
|
||||
mysql_user:
|
||||
user: ""
|
||||
host: "{{ ansible_hostname }}"
|
||||
state: absent
|
||||
#- name: Delete anonymous MySQL server user for localhost
|
||||
# mysql_user:
|
||||
# user: ""
|
||||
# state: absent
|
||||
|
||||
- name: Delete anonymous MySQL server user for localhost
|
||||
mysql_user:
|
||||
user: ""
|
||||
state: absent
|
||||
|
||||
- name: Remove the MySQL 'test' database
|
||||
mysql_db:
|
||||
db: test
|
||||
state: absent
|
||||
#- name: Create MySQL root password for root accounts on (127.0.0.1, ::1)
|
||||
# mysql_user:
|
||||
# name: root
|
||||
# host: "{{ item }}"
|
||||
# password: "{{ mysql_root_password }}"
|
||||
# priv: "*.*:ALL,GRANT"
|
||||
# with_items:
|
||||
# - 127.0.0.1
|
||||
# - ::1
|
||||
|
||||
|
||||
# RECORD MySQL AS INSTALLED
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
[client]
|
||||
user=root
|
||||
password={{ mysql_root_password }}
|
||||
socket=/run/mysqld/mysqld.sock
|
||||
user = root
|
||||
password =
|
||||
socket = /run/mysqld/mysqld.sock
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
password: "{{ nextcloud_dbpassword }}"
|
||||
priv: "{{ nextcloud_dbname }}.*:ALL,GRANT"
|
||||
with_items:
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
# - 127.0.0.1
|
||||
# - ::1
|
||||
- localhost
|
||||
|
||||
|
||||
|
|
|
@ -49,9 +49,9 @@
|
|||
name: "{{ asterisk_db_user }}"
|
||||
password: "{{ asterisk_db_password }}"
|
||||
priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
|
||||
login_host: "{{ asterisk_db_host }}"
|
||||
login_user: "root"
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
# login_host: "{{ asterisk_db_host }}"
|
||||
# login_user: "root"
|
||||
# login_password: "{{ mysql_root_password }}"
|
||||
host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}"
|
||||
state: present
|
||||
|
||||
|
@ -60,9 +60,9 @@
|
|||
name: "{{ asterisk_db_dbname }}"
|
||||
encoding: utf8
|
||||
collation: utf8_general_ci
|
||||
login_host: "{{ asterisk_db_host }}"
|
||||
login_user: "root"
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
# login_host: "{{ asterisk_db_host }}"
|
||||
# login_user: "root"
|
||||
# login_password: "{{ mysql_root_password }}"
|
||||
state: present
|
||||
|
||||
- name: FreePBX - Add cdr mysql db
|
||||
|
|
|
@ -243,8 +243,6 @@ admin_console_enabled: True
|
|||
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
|
||||
mysql_install: True
|
||||
mysql_enabled: True
|
||||
# mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
|
||||
mysql_root_password: fixmysql
|
||||
|
||||
# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this
|
||||
# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue