mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 09:14:18 +00:00
69ab9e47ad
* Update Ubuntu compatability Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * reload systemd when disabling ssh socket Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * manage systemd files Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * Create privsep directory for Debian Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * Use working Ubuntu 24.04 image for vm tests Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * Remove deprecated Debian 10 Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> --------- Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
74 lines
2.7 KiB
YAML
74 lines
2.7 KiB
YAML
---
|
|
- name: Wrapper playbook for kitchen testing "ansible-mysql-hardening"
|
|
hosts: all
|
|
become: true
|
|
environment:
|
|
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
|
|
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
|
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
|
|
vars:
|
|
overwrite_global_mycnf: false
|
|
mysql_root_password: iloverandompasswordsbutthiswilldo
|
|
mysql_user_password: iloverandompasswordsbutthiswilldo
|
|
mysql_config_file: /etc/mysql/mariadb.cnf
|
|
mysql_root_password_update: true
|
|
tasks:
|
|
- name: Use Python 3 on Debian 11
|
|
ansible.builtin.set_fact:
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
when:
|
|
- ansible_distribution == 'Debian'
|
|
- ansible_distribution_major_version|int >= 11
|
|
|
|
- name: Use Python 3 on Suse
|
|
ansible.builtin.set_fact:
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
when:
|
|
- ansible_os_family == 'Suse'
|
|
|
|
- name: Run the equivalent of "apt-get update && apt-get upgrade"
|
|
ansible.builtin.apt:
|
|
upgrade: safe
|
|
update_cache: true
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Install required python packages on Suse
|
|
ansible.builtin.command: zypper -n install python-xml python3-rpm python3-PyMySQL
|
|
changed_when: false
|
|
when: ansible_os_family == 'Suse'
|
|
|
|
- name: Create missing directory
|
|
ansible.builtin.file:
|
|
path: /etc/mysql
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Determine required MySQL Python libraries (Ubuntu Focal Fossa ++)
|
|
ansible.builtin.set_fact:
|
|
mysql_python_package_debian: python3-pymysql
|
|
when:
|
|
- mysql_python_package_debian is not defined
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version|int > 19
|
|
|
|
- name: Determine required MySQL Python libraries.
|
|
ansible.builtin.set_fact:
|
|
mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter | default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
|
|
when:
|
|
- mysql_python_package_debian is not defined
|
|
- ansible_distribution != "Ubuntu"
|
|
- ansible_distribution_major_version|int < 20
|
|
|
|
- name: Install required MySQL Python libraries on RHEL
|
|
ansible.builtin.dnf:
|
|
name: "{% if 'python3' in ansible_python_interpreter | default('') %}python36-PyMySQL{% else %}python2-PyMySQL{% endif %}"
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- ansible_distribution_major_version == "7"
|
|
|
|
- name: Install mysql with a generic Ansible role
|
|
ansible.builtin.include_role:
|
|
name: dev-sec.mysql
|
|
|
|
- name: Include MySQL user prepare tasks
|
|
ansible.builtin.include_tasks: prepare_tasks/mysql_users.yml
|