Ansible安装程序mysql根密码
你们有没有人想到为mysql构建一个yml来更新根密码并授予特权?我已经创建了我的playbook,并在新安装上按预期工作,没有任何问题。但是当我再次执行vagrant设置时,它现在无法设置根密码,并且我得到了一个错误。下面是我的代码 mysql.ymlAnsible安装程序mysql根密码,ansible,Ansible,你们有没有人想到为mysql构建一个yml来更新根密码并授予特权?我已经创建了我的playbook,并在新安装上按预期工作,没有任何问题。但是当我再次执行vagrant设置时,它现在无法设置根密码,并且我得到了一个错误。下面是我的代码 mysql.yml --- - name: Install the MySQL packages apt: name={{ item }} state=installed update_cache=yes with_items: - mysql-s
---
- name: Install the MySQL packages
apt: name={{ item }} state=installed update_cache=yes
with_items:
- mysql-server
- mysql-client
- python-mysqldb
- libmysqlclient-dev
- name: drop database {{ dbname }}
mysql_db:
name: "{{ dbname }}"
login_user: "{{ dbuser }}"
login_password: "{{ dbpass }}"
state: absent
delegate_to: "{{ dbhost }}"
run_once: true
- name: create database {{ dbname }}
mysql_db:
name: "{{ dbname }}"
login_user: "{{ dbuser }}"
login_password: "{{ dbpass }}"
state: present
delegate_to: "{{ dbhost }}"
run_once: true
- name: ensure mysql is running and starts on boot
service: name=mysql state=started enabled=true
- name: copy .my.cnf file with root password credentials
template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
- name: update mysql root password for all root accounts "{{ dbpass }}"
mysql_user: name={{ dbuser }} host={{ item }} password="{{ dbpass }}" priv="{{ dbname }}.*:ALL,GRANT"
with_items:
- localhost
- 127.0.0.1
- name: grant privilege on "{{ dbname }}" to "{{ dbuser }}"
mysql_user:
name: "{{ item.user }}"
host: "{{ item.host }}"
password: "{{ dbpass }}"
login_user: "{{ dbuser }}"
login_password: "{{ dbpass }}"
priv: "{{ dbname }}.*:ALL"
state: present
with_items:
- { user: "{{ dbuser }}" , host: localhost }
- { user: "{{ dbuser }}" , host: 127.0.0.1 }
delegate_to: "{{ dbhost }}"
run_once: true
- name: ensure anonymous users are not in the database
mysql_user: name='' host={{ item }} state=absent
with_items:
- 127.0.0.1
- localhost
- name: remove the test database
mysql_db: name=test state=absent
my.cnf.j2
[client]
user=root
password={{ dbpass }}
默认值/main.yml
---
dbhost: localhost
dbname: mydb
dbuser: root
dbpass: root
如果它是新安装的,我可以把一切都做得很好,但是第二次运行时会出现下面的错误
似乎在您尝试在下一个任务中更改
.my.cnf
密码之前,您已使用新密码更新了.my.cnf
更新密码时,您可能需要使用
host\u all
选项,因为with\u items
会多次运行模块,并且可能会出现相同的错误:更改第一项的密码,而无法连接第二项。已经找到了正确答案。因此,我将添加我的答案,作为那些与我有同样问题的人的参考
===========================================================================
---
# Install the needed package of mysql
- name: Install MySQL packages
apt: pkg={{ item }} state=installed
with_items:
- bundler
- mysql-server
- mysql-client
- libmysqlclient-dev
- python-mysqldb
- build-essential
# Update the root password immediately. This should come first as ordering
# is very important
- name: Update mysql root password for all root accounts "{{ dbpass }}"
mysql_user: name=root password="{{ dbpass }}" priv="*.*:ALL,GRANT"
# After we update the root password we are going to use this everytime
# we do an update or create something on mysql
# we will create a copy in /root/.my.cnf as this will be use to check
# the login or root credential. Meaning this should contain the latest
# password of the root (right after we update the root password)
- name: copy .my.cnf file with root password credentials
template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
notify: Restart the MySQL service
# Remove the unnecessary db for now
- name: Remove the test database
mysql_db: name=test state=absent
# Make sure no anonymous user in the db
- name: ensure anonymous users are not in the database
mysql_user: name='' host={{ item }} state=absent
with_items:
- 127.0.0.1
- localhost
# Delete the user if its existing so that we can create the user again
- name: Delete deploy DB user
mysql_user: name={{ dbuser }} password={{ dbpass }} state=absent
notify: Restart the MySQL service
# Create our own user aside from the root password
# here our root password and new user created will have the same password
- name: Add deploy DB user
mysql_user: name={{ dbuser }} password={{ dbpass }} priv=*.*:ALL,GRANT state=present
notify: Restart the MySQL service
# Delete databases. This should not be included in production.
# this is only on local so its fine.
- name: Drop databases
mysql_db:
name: "{{ item }}"
login_user: "{{ dbuser }}"
login_password: "{{ dbpass }}"
state: absent
with_items:
- db1
- db2
- "{{ dbname }}"
run_once: true
# Recreate the databases
- name: Create databases
mysql_db:
name: "{{ item }}"
login_user: "{{ dbuser }}"
login_password: "{{ dbpass }}"
state: present
with_items:
- db1
- db2
- "{{ dbname }}"
run_once: true
# Grant the privilege for the newly created user
- name: grant privilege on "{{ dbname }}" to "{{ dbuser }}"
mysql_user:
name: "{{ item.user }}"
host: "{{ item.host }}"
password: "{{ dbpass }}"
priv: "*.*:ALL"
state: present
with_items:
- { user: "{{ dbuser }}" , host: localhost }
- { user: "{{ dbuser }}" , host: 127.0.0.1 }
我为此挣扎了一段时间。最终帮助我的是
/var/run/mysqld/mysqld.sock
vars/main.yml
tasks/main.yml
模板
全系统my.cnf
超级用户.my.cnf
在更新实际根帐户之前,您首先更新.my.cnf可能是对的。这与我的回答有什么不同,顺序很重要?@KonstantinSuvorov实际上没有区别。我刚刚为此添加了完整的yml文件。如果有人对文件的实际结构感到好奇,如果你想补充别人的答案,你可以直接编辑它。堆栈溢出设计为wiki。每个人都可以编辑其他人的帖子和答案。
---
mysql_port: 3306
mysql_socket: /var/run/mysqld/mysqld.sock
mysql_superuser: root
mysql_superuser_home: "{% if mysql_superuser == 'root' %}/root{% else %}/home/{{ mysql_superuser }}{% endif %}"
mysql_superuser_password: youllNeverGuessMyPasswordMuahaha
---
- name: Install mysql
apt:
name: ['mysql-server', 'mysql-client', 'python2.7-mysqldb']
state: present
update_cache: yes
# Allows python to create and manipulate mysql config
- name: Ensure pymysql is present
pip:
name: pymysql
state: present
- name: Update mysql password for superuser `{{ mysql_superuser }}`
mysql_user:
# Update the superuser to have all grants and a password
name: "{{ mysql_superuser }}"
host: localhost
password: "{{ mysql_superuser_password }}"
priv: "*.*:ALL,GRANT"
# Login *as root* to perform this change, even though you might
# be altering the root user itself
login_user: root
login_password: ""
login_port: "{{ mysql_port }}"
login_host: localhost
login_unix_socket: "{{ mysql_socket }}"
# As a good measure,have ansible check whether an implicit login
# is possible first
check_implicit_admin: yes
- name: Create system-wide mysql configuration file
template:
src: system_wide_mysql.cnf.j2
dest: /etc/my.cnf
- name: Create mysql configuration file for `{{ mysql_superuser }}`
template:
src: superuser_mysql.cnf.j2
dest: "{{ mysql_superuser_home }}/.my.cnf"
notify:
- Restart Mysql
[mysqld]
datadir=/var/lib/mysql
socket={{ mysql_socket }}
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
port={{ mysql_port }}
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[client]
user={{ mysql_superuser }}
password={{ mysql_superuser_password }}