openstack-ansible-galera_se.../tasks/galera_secure_mysql.yml
Markos Chandras 34d3b00255 Add support for the openSUSE Leap distributions
Add support for the openSUSE Leap distributions. For openSUSE we use the
packages provided by the Open Build Service repository which contains the
Galera clustering support. These packages are different compared to the
CentOS7 and Ubuntu ones so the way the cluster is being bootstrapped is
also different. The systemd service file can't be used for that, so we
need to modify the MariaDB configuration file on the boostrap node to
initiate the cluster. Moreover, files are installed in different places
so we need to modify the distribution files and templates to take that
into consideration as well.

Change-Id: I1ac31fbc06152da7f93e57911d4a952f0dd83849
2017-06-19 20:57:29 +01:00

44 lines
2.5 KiB
YAML

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#NOTE(cloudnull): This is an idempotent shell task is it will only run once
# provided the "/etc/mysql/rhel_configured" exists. This tasks automates the
# MySQL secure setup which is done automatically in Ubuntu deployments.
- name: "Update root user, connections, and grant options"
shell: |
service mysql start || true
# Reset the root password, at this time there is no password set
mysqladmin --no-defaults --port=3306 --socket=/var/run/mysqld/mysqld.sock --host=127.0.0.1 --user=root password "{{ galera_root_password }}"
# Setup the root user for MySQL
mysql -u root -h localhost -e "UPDATE mysql.user SET Password=PASSWORD('$rootpass') WHERE User='root';"
mysql -u root -h localhost -e "DELETE FROM mysql.user WHERE user='';"
mysql -u root -h localhost -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('%', 'localhost', '127.0.0.1', '::1');"
mysql -u root -h localhost -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'localhost' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'127.0.0.1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'::1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'%' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "FLUSH PRIVILEGES;"
# Create a marker file to ensure this script is not run again
touch "{{ mysql_securely_configured }}"
service mysql stop
args:
creates: "{{ mysql_securely_configured }}"
tags:
- galera_server-config
- galera-rhel-config
- galera-suse-config
- skip_ansible_lint