From 074b9de092f5522a1502c13b212d3e170edec059 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 1 Oct 2015 22:35:39 -0500 Subject: [PATCH] Issue #60: Restore idempotence. --- defaults/main.yml | 3 +++ tasks/configure.yml | 1 + tasks/secure-installation.yml | 13 +++---------- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index c966bcb..5dcd9d5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,9 @@ mysql_user_home: /root mysql_root_username: root mysql_root_password: root +# Set this to true to forcibly update the root password. +mysql_root_password_update: false + mysql_enabled_on_startup: yes # update my.cnf. each time role is run? yes | no diff --git a/tasks/configure.yml b/tasks/configure.yml index 01206a5..a913f3a 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -24,3 +24,4 @@ - name: Ensure MySQL is started and enabled on boot. service: "name={{ mysql_daemon }} state=started enabled={{ mysql_enabled_on_startup }}" + register: mysql_service_configuration diff --git a/tasks/secure-installation.yml b/tasks/secure-installation.yml index 571253d..2825522 100644 --- a/tasks/secure-installation.yml +++ b/tasks/secure-installation.yml @@ -4,21 +4,14 @@ register: mysql_root_hosts changed_when: false -# TODO: This is currently not idempotent. +# Note: We do not use mysql_user for this operation, as it doesn't always update +# the root password correctly. See: https://goo.gl/MSOejW - name: Update MySQL root password for localhost root account. shell: > mysql -u root -NBe 'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");' with_items: mysql_root_hosts.stdout_lines - -# The below task doesn't work in some instances for some users, at least with -# certain versions of Ansible. -# - name: Update MySQL root password for localhost root account. -# mysql_user: -# name: "{{ mysql_root_username }}" -# host: "{{ item }}" -# password: "{{ mysql_root_password }}" -# with_items: mysql_root_hosts.stdout_lines + when: mysql_service_configuration.changed or mysql_root_password_update # Has to be after the root password assignment, for idempotency. - name: Copy .my.cnf file with root password credentials.