From dc41fb4bf77eea3934ac8f9deabb6f0ecd5e3b02 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Aug 2020 03:48:33 -0500 Subject: [PATCH 1/7] should be able to alter with stock creds --- roles/mysql/tasks/install.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 23baf1f4a..b692ca797 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -106,6 +106,22 @@ daemon_reload: yes state: restarted +- name: Remove the MySQL 'test' database + mysql_db: + db: test + state: absent + +- name: Delete anonymous MySQL server user for {{ ansible_hostname }} + mysql_user: + user: "" + host: "{{ ansible_hostname }}" + state: absent + +- name: Delete anonymous MySQL server user for localhost + mysql_user: + user: "" + state: absent + - name: Install /root/.my.cnf file from template, with root password credentials template: src: my.cnf.j2 @@ -134,22 +150,6 @@ - 127.0.0.1 - ::1 -- name: Delete anonymous MySQL server user for {{ ansible_hostname }} - mysql_user: - user: "" - host: "{{ ansible_hostname }}" - state: absent - -- name: Delete anonymous MySQL server user for localhost - mysql_user: - user: "" - state: absent - -- name: Remove the MySQL 'test' database - mysql_db: - db: test - state: absent - # RECORD MySQL AS INSTALLED From 4019a5e689b5cec53cad154bf976e0b10613dac6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Aug 2020 12:25:11 -0500 Subject: [PATCH 2/7] keep root websockets using password --- roles/mysql/tasks/install.yml | 27 ++++++++------------------- roles/mysql/templates/my.cnf.j2 | 6 +++--- 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index b692ca797..49250e70b 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -106,6 +106,13 @@ daemon_reload: yes state: restarted +- name: Install /root/.my.cnf file from template, with root password credentials + template: + src: my.cnf.j2 + dest: /root/.my.cnf + owner: root + mode: '0600' + - name: Remove the MySQL 'test' database mysql_db: db: test @@ -122,31 +129,13 @@ user: "" state: absent -- name: Install /root/.my.cnf file from template, with root password credentials - template: - src: my.cnf.j2 - dest: /root/.my.cnf - owner: root - mode: '0600' - -# 'localhost' needs to be the last item for idempotency, see -# http://ansible.cc/docs/modules.html#mysql-user -# unfortunately it still doesn't work -- name: Update MySQL root password for localhost root accounts - mysql_user: - name: root - host: localhost - password: "{{ mysql_root_password }}" - priv: "*.*:ALL,GRANT" - -- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) +- name: Create MySQL root password for root accounts on (127.0.0.1, ::1) mysql_user: name: root host: "{{ item }}" password: "{{ mysql_root_password }}" priv: "*.*:ALL,GRANT" with_items: - #- "{{ iiab_hostname }}.{{ iiab_domain }}" - 127.0.0.1 - ::1 diff --git a/roles/mysql/templates/my.cnf.j2 b/roles/mysql/templates/my.cnf.j2 index cb1e80ef4..b77876bec 100644 --- a/roles/mysql/templates/my.cnf.j2 +++ b/roles/mysql/templates/my.cnf.j2 @@ -1,4 +1,4 @@ [client] -user=root -password={{ mysql_root_password }} -socket=/run/mysqld/mysqld.sock +user = root +password = +socket = /run/mysqld/mysqld.sock From 03ad881fd1d051a0787d6d6a5c39a2efc473e0fa Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Aug 2020 21:57:48 -0500 Subject: [PATCH 3/7] not needed - no longer present --- roles/mysql/tasks/install.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 49250e70b..5b015cbdd 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -113,21 +113,21 @@ owner: root mode: '0600' -- name: Remove the MySQL 'test' database - mysql_db: - db: test - state: absent +#- name: Remove the MySQL 'test' database +# mysql_db: +# db: test +# state: absent -- name: Delete anonymous MySQL server user for {{ ansible_hostname }} - mysql_user: - user: "" - host: "{{ ansible_hostname }}" - state: absent +#- name: Delete anonymous MySQL server user for {{ ansible_hostname }} +# mysql_user: +# user: "" +# host: "{{ ansible_hostname }}" +# state: absent -- name: Delete anonymous MySQL server user for localhost - mysql_user: - user: "" - state: absent +#- name: Delete anonymous MySQL server user for localhost +# mysql_user: +# user: "" +# state: absent - name: Create MySQL root password for root accounts on (127.0.0.1, ::1) mysql_user: From 0c49b1eedf25acad2e85168c6fea1751d3888562 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Aug 2020 22:02:46 -0500 Subject: [PATCH 4/7] disable root websockets --- roles/mysql/tasks/install.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5b015cbdd..3ab4f370e 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -129,15 +129,15 @@ # user: "" # state: absent -- name: Create MySQL root password for root accounts on (127.0.0.1, ::1) - mysql_user: - name: root - host: "{{ item }}" - password: "{{ mysql_root_password }}" - priv: "*.*:ALL,GRANT" - with_items: - - 127.0.0.1 - - ::1 +#- name: Create MySQL root password for root accounts on (127.0.0.1, ::1) +# mysql_user: +# name: root +# host: "{{ item }}" +# password: "{{ mysql_root_password }}" +# priv: "*.*:ALL,GRANT" +# with_items: +# - 127.0.0.1 +# - ::1 # RECORD MySQL AS INSTALLED From 76436d1fae9b25a80ba2dec1cbdd7f7773a81709 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Aug 2020 22:20:24 -0500 Subject: [PATCH 5/7] pbx - adjust mysql_user --- roles/pbx/tasks/freepbx.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index e4838ea87..4ba0c6b9e 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -49,9 +49,9 @@ name: "{{ asterisk_db_user }}" password: "{{ asterisk_db_password }}" priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL" - login_host: "{{ asterisk_db_host }}" - login_user: "root" - login_password: "{{ mysql_root_password }}" +# login_host: "{{ asterisk_db_host }}" +# login_user: "root" +# login_password: "{{ mysql_root_password }}" host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}" state: present @@ -60,9 +60,9 @@ name: "{{ asterisk_db_dbname }}" encoding: utf8 collation: utf8_general_ci - login_host: "{{ asterisk_db_host }}" - login_user: "root" - login_password: "{{ mysql_root_password }}" +# login_host: "{{ asterisk_db_host }}" +# login_user: "root" +# login_password: "{{ mysql_root_password }}" state: present - name: FreePBX - Add cdr mysql db From 33ebf3f8c3ee6d52f44acfcef34cc20428b598a4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Aug 2020 22:25:36 -0500 Subject: [PATCH 6/7] remove mysql_root_password variable --- roles/mysql/defaults/main.yml | 9 --------- vars/default_vars.yml | 2 -- 2 files changed, 11 deletions(-) delete mode 100644 roles/mysql/defaults/main.yml diff --git a/roles/mysql/defaults/main.yml b/roles/mysql/defaults/main.yml deleted file mode 100644 index 593d62931..000000000 --- a/roles/mysql/defaults/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml -# mysql_install: True -# mysql_enabled: True - -## mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0 -# mysql_root_password: fixmysql - -# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml -# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 700f5c2f1..d731c05e9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -243,8 +243,6 @@ admin_console_enabled: True # MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml mysql_install: True mysql_enabled: True -# mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0 -mysql_root_password: fixmysql # 2019-01-13: IIAB's use of NGINX is still evolving -- please review this # evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md From 59c8ce764e9d79f7f0bd5b561dd634e1abc349b8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Aug 2020 22:21:24 -0500 Subject: [PATCH 7/7] Try localhost only for NC & Elgg --- roles/elgg/tasks/setup.yml | 4 ++-- roles/nextcloud/tasks/setup.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elgg/tasks/setup.yml b/roles/elgg/tasks/setup.yml index d38811fca..f28086fd5 100644 --- a/roles/elgg/tasks/setup.yml +++ b/roles/elgg/tasks/setup.yml @@ -10,8 +10,8 @@ password: "{{ dbpassword }}" priv: "{{ dbname }}.*:ALL" with_items: - - 127.0.0.1 - - ::1 +# - 127.0.0.1 +# - ::1 - localhost - name: Create /tmp/elggdb.sql from template, to load database diff --git a/roles/nextcloud/tasks/setup.yml b/roles/nextcloud/tasks/setup.yml index b7dd2408e..73b52e0cc 100644 --- a/roles/nextcloud/tasks/setup.yml +++ b/roles/nextcloud/tasks/setup.yml @@ -9,8 +9,8 @@ password: "{{ nextcloud_dbpassword }}" priv: "{{ nextcloud_dbname }}.*:ALL,GRANT" with_items: - - 127.0.0.1 - - ::1 +# - 127.0.0.1 +# - ::1 - localhost