ansible-collection-hardening/molecule/mysql_hardening/converge.yml

---
- name: Wrapper playbook for kitchen testing "ansible-mysql-hardening"
  hosts: all
  become: true
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
  tasks:
    - name: Determine required MySQL Python libraries (Ubuntu Focal Fossa ++)
      ansible.builtin.set_fact:
        mysql_python_package_debian: python3-pymysql
      when:
        - mysql_python_package_debian is not defined
        - ansible_distribution == "Ubuntu"
        - ansible_distribution_major_version|int > 19

    - name: Determine required MySQL Python libraries.
      ansible.builtin.set_fact:
        mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter | default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
      when:
        - mysql_python_package_debian is not defined
        - ansible_distribution != "Ubuntu"
        - ansible_distribution_major_version|int < 20

    - name: Use Python 3 on Suse
      ansible.builtin.set_fact:
        ansible_python_interpreter: /usr/bin/python3
      when:
        - ansible_os_family == 'Suse'

    - name: Include mysql_hardening role
      ansible.builtin.include_role:
        name: devsec.hardening.mysql_hardening
  vars:
    overwrite_global_mycnf: false
    mysql_root_password: iloverandompasswordsbutthiswilldo
    mysql_user_password: iloverandompasswordsbutthiswilldo
    mysql_config_file: /etc/mysql/mariadb.cnf
    mysql_root_password_update: true
move to collections 2020-11-07 20:19:43 +00:00			`---`
fix lint findings Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> 2023-12-06 10:18:56 +00:00			`- name: Wrapper playbook for kitchen testing "ansible-mysql-hardening"`
move to collections 2020-11-07 20:19:43 +00:00			`hosts: all`
			`become: true`
add support for using a proxy to test with molecule Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> 2021-03-19 14:45:06 +00:00			`environment:`
			`http_proxy: "{{ lookup('env', 'http_proxy') \| default(omit) }}"`
			`https_proxy: "{{ lookup('env', 'https_proxy') \| default(omit) }}"`
			`no_proxy: "{{ lookup('env', 'no_proxy') \| default(omit) }}"`
move to collections 2020-11-07 20:19:43 +00:00			`tasks:`
			`- name: Determine required MySQL Python libraries (Ubuntu Focal Fossa ++)`
fix lint findings Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> 2023-12-06 10:18:56 +00:00			`ansible.builtin.set_fact:`
use ansible-lint to autofix problems Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> 2023-12-06 13:37:09 +00:00			`mysql_python_package_debian: python3-pymysql`
move to collections 2020-11-07 20:19:43 +00:00			`when:`
			`- mysql_python_package_debian is not defined`
			`- ansible_distribution == "Ubuntu"`
			`- ansible_distribution_major_version\|int > 19`

			`- name: Determine required MySQL Python libraries.`
fix lint findings Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> 2023-12-06 10:18:56 +00:00			`ansible.builtin.set_fact:`
use ansible-lint to autofix problems Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> 2023-12-06 13:37:09 +00:00			`mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter \| default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"`
move to collections 2020-11-07 20:19:43 +00:00			`when:`
			`- mysql_python_package_debian is not defined`
			`- ansible_distribution != "Ubuntu"`
			`- ansible_distribution_major_version\|int < 20`
Add OpenSUSE support (#605) * Add variables for mariadb on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * enable pipeline Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * add a note about the reuirement of the jmespath library. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Use python3 on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * use right ansible variable Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Suse requires python-rpm Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * try zypper Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * python-xml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try at fixing the install Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try now with rpm. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml... Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * typo Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * do the test for Suse on the shell and not in ansible Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash * try the removes keyword of builtin.shell Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix ansible syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix zypper syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * ensure pymysql is present Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * set ansible python interpreter in converge-step, too Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * move install task to prepare Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> 2022-11-29 14:09:27 +00:00
			`- name: Use Python 3 on Suse`
fix lint findings Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> 2023-12-06 10:18:56 +00:00			`ansible.builtin.set_fact:`
Add OpenSUSE support (#605) * Add variables for mariadb on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * enable pipeline Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * add a note about the reuirement of the jmespath library. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Use python3 on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * use right ansible variable Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Suse requires python-rpm Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * try zypper Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * python-xml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try at fixing the install Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try now with rpm. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml... Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * typo Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * do the test for Suse on the shell and not in ansible Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash * try the removes keyword of builtin.shell Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix ansible syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix zypper syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * ensure pymysql is present Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * set ansible python interpreter in converge-step, too Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * move install task to prepare Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> 2022-11-29 14:09:27 +00:00			`ansible_python_interpreter: /usr/bin/python3`
			`when:`
			`- ansible_os_family == 'Suse'`

fix lint findings Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> 2023-12-06 10:18:56 +00:00			`- name: Include mysql_hardening role`
			`ansible.builtin.include_role:`
			`name: devsec.hardening.mysql_hardening`
move to collections 2020-11-07 20:19:43 +00:00			`vars:`
			`overwrite_global_mycnf: false`
			`mysql_root_password: iloverandompasswordsbutthiswilldo`
			`mysql_user_password: iloverandompasswordsbutthiswilldo`
			`mysql_config_file: /etc/mysql/mariadb.cnf`
			`mysql_root_password_update: true`