Add OpenSUSE support (#605)

* Add variables for mariadb on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * enable pipeline Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * add a note about the reuirement of the jmespath library. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Use python3 on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * use right ansible variable Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Suse requires python-rpm Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * try zypper Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * python-xml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try at fixing the install Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try now with rpm. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml... Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * typo Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * do the test for Suse on the shell and not in ansible Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash * try the removes keyword of builtin.shell Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix ansible syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix zypper syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * ensure pymysql is present Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * set ansible python interpreter in converge-step, too Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * move install task to prepare Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>
2024-11-10 09:14:18 +00:00 · 2022-11-29 15:09:27 +01:00 · 2022-11-29 15:09:27 +01:00 · e66c2eb6bb
commit e66c2eb6bb
parent 61e92aaaf6
5 changed files with 28 additions and 7 deletions
--- a/.github/workflows/mysql_hardening.yml
+++ b/.github/workflows/mysql_hardening.yml
@ -37,7 +37,7 @@ jobs:
          - debian11
          # - amazon  # geerlingguy.mysql does not support fedora
          # - arch  # needs to be fixed
-          # - opensuse_tumbleweed  # needs to be fixed
+          - opensuse_tumbleweed  # needs to be fixed
          # - fedora  # geerlingguy.mysql does not support fedora
    steps:
      - name: Checkout repo
--- a/molecule/mysql_hardening/converge.yml
+++ b/molecule/mysql_hardening/converge.yml
@ -24,6 +24,13 @@
        - mysql_python_package_debian is not defined
        - ansible_distribution != "Ubuntu"
        - ansible_distribution_major_version|int < 20
+
+    - name: Use Python 3 on Suse
+      set_fact:
+        ansible_python_interpreter: /usr/bin/python3
+      when:
+        - ansible_os_family == 'Suse'
+
    - include_role:
        name: mysql_hardening
  vars:
--- a/molecule/mysql_hardening/prepare.yml
+++ b/molecule/mysql_hardening/prepare.yml
@ -15,6 +15,12 @@
        - ansible_distribution == 'Debian'
        - ansible_distribution_major_version|int >= 11

+    - name: Use Python 3 on Suse
+      set_fact:
+        ansible_python_interpreter: /usr/bin/python3
+      when:
+        - ansible_os_family == 'Suse'
+
    - name: Use Python 2 on Debian 10
      set_fact:
        ansible_python_interpreter: /usr/bin/python
@ -29,11 +35,9 @@
        update_cache: true
      when: ansible_os_family == 'Debian'

-    - name: install required tools on SuSE
-      community.general.zypper:
-        name: "python-xml"
-        state: present
-      when: ansible_facts.os_family == 'Suse'
+    - name: Install required python packages on Suse
+      ansible.builtin.shell: zypper -n install python-xml python3-rpm python3-PyMySQL
+      when: ansible_os_family == 'Suse'

    - name: create missing directory
      file:
@ -56,7 +60,6 @@
        - ansible_distribution != "Ubuntu"
        - ansible_distribution_major_version|int < 20

-
    - include_role:
        name: dev-sec.mysql

--- a/roles/mysql_hardening/README.md
+++ b/roles/mysql_hardening/README.md
@ -16,6 +16,7 @@ It configures:

 - Ansible 2.9.0
 - An existing MySQL installation
+- python-jmespath on the ansible host

 ### Example playbook

--- a/roles/mysql_hardening/vars/Suse.yml
+++ b/roles/mysql_hardening/vars/Suse.yml
@ -0,0 +1,10 @@
+---
+mysql_daemon: mariadb
+mysql_hardening_mysql_conf_file: '/etc/my.cnf'
+mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
+
+mysql_cnf_owner: 'root'  # owner of /etc/my.cnf.d/*.cnf files
+mysql_cnf_group: 'mysql'  # owner of /etc/my.cnf.d/*.cnf files
+
+mysql_hardening_group: 'mysql'
+login_unix_socket: '/run/mysql/mysql.sock'