mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-14 02:47:06 +00:00
e66c2eb6bb
* Add variables for mariadb on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * enable pipeline Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * add a note about the reuirement of the jmespath library. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Use python3 on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * use right ansible variable Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Suse requires python-rpm Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * try zypper Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * python-xml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try at fixing the install Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try now with rpm. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml... Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * typo Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * do the test for Suse on the shell and not in ansible Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash * try the removes keyword of builtin.shell Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix ansible syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix zypper syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * ensure pymysql is present Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * set ansible python interpreter in converge-step, too Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * move install task to prepare Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>
41 lines
1.5 KiB
YAML
41 lines
1.5 KiB
YAML
---
|
|
- name: wrapper playbook for kitchen testing "ansible-mysql-hardening"
|
|
hosts: all
|
|
become: true
|
|
collections:
|
|
- devsec.hardening
|
|
environment:
|
|
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
|
|
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
|
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
|
|
tasks:
|
|
- name: Determine required MySQL Python libraries (Ubuntu Focal Fossa ++)
|
|
set_fact:
|
|
mysql_python_package_debian: "python3-pymysql"
|
|
when:
|
|
- mysql_python_package_debian is not defined
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version|int > 19
|
|
|
|
- name: Determine required MySQL Python libraries.
|
|
set_fact:
|
|
mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter|default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
|
|
when:
|
|
- mysql_python_package_debian is not defined
|
|
- ansible_distribution != "Ubuntu"
|
|
- ansible_distribution_major_version|int < 20
|
|
|
|
- name: Use Python 3 on Suse
|
|
set_fact:
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
when:
|
|
- ansible_os_family == 'Suse'
|
|
|
|
- include_role:
|
|
name: mysql_hardening
|
|
vars:
|
|
overwrite_global_mycnf: false
|
|
mysql_root_password: iloverandompasswordsbutthiswilldo
|
|
mysql_user_password: iloverandompasswordsbutthiswilldo
|
|
mysql_config_file: /etc/mysql/mariadb.cnf
|
|
mysql_root_password_update: true
|