Adds mysql_store_root_password variable

scollazo · scollazo · commit bcf155185ae1 · 2025-02-04T12:28:27.000+01:00
When set to false, the root password won't be stored in the .my.cnf
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -13,6 +13,7 @@ mysql_version: "{{ mysql_version_major|int }}.{{ mysql_version_minor|int }}"
 
 # Basic settings
 mysql_root_password: "pass"
+mysql_store_root_password: "True"
 mysql_port: "3306"
 mysql_bind_address: "127.0.0.1"
 mysql_language: "/usr/share/mysql/"
diff --git a/tasks/databases.yml b/tasks/databases.yml
@@ -5,10 +5,15 @@
     collation: "{{ item.collation | default('utf8_general_ci') }}"
     encoding: "{{ item.encoding | default('utf8') }}"
     state: "present"
+    login_user: "root"
+    login_password: "{{ mysql_root_password }}"
     login_unix_socket: "{% if ansible_os_family in ['RedHat','Rocky'] %}/var/lib/mysql/mysql.sock{% else %}/var/run/mysqld/mysqld.sock{% endif %}"
   with_items: "{{ mysql_databases }}"
 
 - name: "Load timezone database into MySQL"
   shell: "mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql mysql"
+  environment:
+    MYSQL_USER: root
+    MYSQL_PWD: "{{ mysql_root_password }}"
   when:
     - "mysql_timezone_info|bool"
diff --git a/tasks/secure.yml b/tasks/secure.yml
@@ -36,7 +36,7 @@
   mysql_user:
     name: root
     host: "{{ item }}"
-    password: "{{ mysql_root_password }}"
+    login_password: "{{ mysql_root_password }}"
     check_implicit_admin: yes
     state: present
     login_unix_socket: "{% if ansible_os_family in ['RedHat', 'Rocky'] %}/var/lib/mysql/mysql.sock{% else %}/var/run/mysqld/mysqld.sock{% endif %}"
@@ -55,17 +55,22 @@
     group: root
     mode: 0600
 
+
 - name: "Ensure anonymous users are not in the database"
   mysql_user:
     name: ''
     host: "{{ item }}"
     state: absent
+    login_user: "root"
+    login_password: "{{ mysql_root_password }}"
     login_unix_socket: "{% if ansible_os_family in ['RedHat', 'Rocky'] %}/var/lib/mysql/mysql.sock{% else %}/var/run/mysqld/mysqld.sock{% endif %}"
   with_items:
     - "{{ ansible_hostname }}"
     - "localhost"
 
 - name: "Remove the test database"
   mysql_db:
+    login_user: "root"
+    login_password: "{{ mysql_root_password }}"
     name: test
     state: absent
diff --git a/tasks/users.yml b/tasks/users.yml
@@ -7,6 +7,8 @@
     priv: "{{ item.priv | default('*.*:ALL') }}"
     state: "present"
     host: "{{ item.host | default('localhost') }}"
+    login_user: "root"
+    login_password: "{{ mysql_root_password }}"
     login_unix_socket: "{% if ansible_os_family in ['RedHat', 'Rocky'] %}/var/lib/mysql/mysql.sock{% else %}/var/run/mysqld/mysqld.sock{% endif %}"
   with_items: "{{ mysql_users }}"
   no_log: "true"
diff --git a/templates/root-my-cnf.j2 b/templates/root-my-cnf.j2
@@ -1,3 +1,5 @@
 [client]
 user=root
+{% if mysql_store_root_password is true %}
 password="{{ mysql_root_password }}"
+{% endif %}
