external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2488 from jvonau/mariaDB

Browse source 
MariaDB [rework security, eliminate {{ mysql_root_password }}]
This commit is contained in:
A Holt 2020-08-24 14:17:09 -04:00 committed by GitHub
commit 800f3d30ec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 35 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/elgg/tasks/setup.yml
View file

@ -10,8 +10,8 @@
password: "{{ dbpassword }}" password: "{{ dbpassword }}"
priv: "{{ dbname }}.*:ALL" priv: "{{ dbname }}.*:ALL"
with_items: with_items:
- 127.0.0.1 # - 127.0.0.1
- ::1 # - ::1
- localhost - localhost
- name: Create /tmp/elggdb.sql from template, to load database - name: Create /tmp/elggdb.sql from template, to load database

9
roles/mysql/defaults/main.yml
View file

@ -1,9 +0,0 @@
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
# mysql_install: True
# mysql_enabled: True
## mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
# mysql_root_password: fixmysql
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

55
roles/mysql/tasks/install.yml
View file

@ -113,42 +113,31 @@
owner: root owner: root
mode: '0600' mode: '0600'
# 'localhost' needs to be the last item for idempotency, see #- name: Remove the MySQL 'test' database
# http://ansible.cc/docs/modules.html#mysql-user # mysql_db:
# unfortunately it still doesn't work # db: test
- name: Update MySQL root password for localhost root accounts # state: absent
mysql_user:
name: root
host: localhost
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) #- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
mysql_user: # mysql_user:
name: root # user: ""
host: "{{ item }}" # host: "{{ ansible_hostname }}"
password: "{{ mysql_root_password }}" # state: absent
priv: "*.*:ALL,GRANT"
with_items:
#- "{{ iiab_hostname }}.{{ iiab_domain }}"
- 127.0.0.1
- ::1
- name: Delete anonymous MySQL server user for {{ ansible_hostname }} #- name: Delete anonymous MySQL server user for localhost
mysql_user: # mysql_user:
user: "" # user: ""
host: "{{ ansible_hostname }}" # state: absent
state: absent
- name: Delete anonymous MySQL server user for localhost #- name: Create MySQL root password for root accounts on (127.0.0.1, ::1)
mysql_user: # mysql_user:
user: "" # name: root
state: absent # host: "{{ item }}"
# password: "{{ mysql_root_password }}"
- name: Remove the MySQL 'test' database # priv: "*.*:ALL,GRANT"
mysql_db: # with_items:
db: test # - 127.0.0.1
state: absent # - ::1
# RECORD MySQL AS INSTALLED # RECORD MySQL AS INSTALLED

6
roles/mysql/templates/my.cnf.j2
View file

@ -1,4 +1,4 @@
[client] [client]
user=root user = root
password={{ mysql_root_password }} password =
socket=/run/mysqld/mysqld.sock socket = /run/mysqld/mysqld.sock

4
roles/nextcloud/tasks/setup.yml
View file

@ -9,8 +9,8 @@
password: "{{ nextcloud_dbpassword }}" password: "{{ nextcloud_dbpassword }}"
priv: "{{ nextcloud_dbname }}.*:ALL,GRANT" priv: "{{ nextcloud_dbname }}.*:ALL,GRANT"
with_items: with_items:
- 127.0.0.1 # - 127.0.0.1
- ::1 # - ::1
- localhost - localhost

12
roles/pbx/tasks/freepbx.yml
View file

@ -49,9 +49,9 @@
name: "{{ asterisk_db_user }}" name: "{{ asterisk_db_user }}"
password: "{{ asterisk_db_password }}" password: "{{ asterisk_db_password }}"
priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL" priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
login_host: "{{ asterisk_db_host }}" # login_host: "{{ asterisk_db_host }}"
login_user: "root" # login_user: "root"
login_password: "{{ mysql_root_password }}" # login_password: "{{ mysql_root_password }}"
host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}" host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}"
state: present state: present
@ -60,9 +60,9 @@
name: "{{ asterisk_db_dbname }}" name: "{{ asterisk_db_dbname }}"
encoding: utf8 encoding: utf8
collation: utf8_general_ci collation: utf8_general_ci
login_host: "{{ asterisk_db_host }}" # login_host: "{{ asterisk_db_host }}"
login_user: "root" # login_user: "root"
login_password: "{{ mysql_root_password }}" # login_password: "{{ mysql_root_password }}"
state: present state: present
- name: FreePBX - Add cdr mysql db - name: FreePBX - Add cdr mysql db

2
vars/default_vars.yml
View file

@ -243,8 +243,6 @@ admin_console_enabled: True
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml # MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
mysql_install: True mysql_install: True
mysql_enabled: True mysql_enabled: True
# mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
mysql_root_password: fixmysql
# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this # 2019-01-13: IIAB's use of NGINX is still evolving -- please review this
# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md # evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md