From fff73af28171ee3f1f12a07fcf48ce8ad6080c5d Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 23 Oct 2020 03:59:00 +0200
Subject: clean up mysql role

---
 dan/host_vars/ele-media.yml                     |  33 +++++++++++-------------
 inventory/host_vars/ele-media.yml               |   2 --
 roles/apt-repo/percona/files/repo.gpg           | Bin 0 -> 3299 bytes
 roles/apt-repo/percona/tasks/main.yml           |  19 ++++++++++++++
 roles/elevate/media/tasks/main.yml              |   1 -
 roles/elevate/media/tasks/nextcloud.yml         |   4 +--
 roles/mysql/files/percona.gpg                   | Bin 3299 -> 0 bytes
 roles/mysql/tasks/main.yml                      |  23 +++++++++++++----
 roles/mysql/tasks/mysql-secure-installation.yml |  22 ----------------
 roles/mysql/tasks/percona.yml                   |  19 --------------
 10 files changed, 54 insertions(+), 69 deletions(-)
 create mode 100644 roles/apt-repo/percona/files/repo.gpg
 create mode 100644 roles/apt-repo/percona/tasks/main.yml
 delete mode 100644 roles/mysql/files/percona.gpg
 delete mode 100644 roles/mysql/tasks/mysql-secure-installation.yml
 delete mode 100644 roles/mysql/tasks/percona.yml

diff --git a/dan/host_vars/ele-media.yml b/dan/host_vars/ele-media.yml
index 5c61100d..8b9bb0dd 100644
--- a/dan/host_vars/ele-media.yml
+++ b/dan/host_vars/ele-media.yml
@@ -1,19 +1,16 @@
 $ANSIBLE_VAULT;1.2;AES256;dan
-39313765623035396238623563663539616537386636613062353731633166646233613863663931
-3938373832343534633735633332653961313635356232380a343534353962613833366266613634
-62306232326661363131393138316661613963633433646639383031316432663165616432666331
-3161636138326132380a343263643739396636303132396665636338343064633731363538383330
-36613839636163343531316432356663656331623731626262363336366635316663663037383362
-32353666336538613061656434613830323561613936393039373265373865393035643837393362
-35393335616265643061626665633233313435393833366164373833313965643465663562333635
-30396132633462616263646239346338386164626662353931343333643762323632636363343235
-32333065373931646162653837343132313766393336336435643430393661373634386538393865
-39313862303733316236306432346233393963346633353734316233663366636239363739386365
-61363532653334386230626333313464393263396230373132333139613239623132343630336663
-36396234613435346233663466666339393062326465303866303063373033353536643262633233
-30616465383539326162646662303335373038663632303037636363626363323735333134313732
-64353435323066383331376533306534363334643230616366326230613331336437323738373231
-63313265343136323936666130306436376131303838623936356639623739643965323334356234
-36613838363265333764353461613734376234316330356465316632376536666138653962646139
-62393462383138393837303761633861613161343831333333303463376137383130653730323438
-3036646664336262633533386531323439663230316365653337
+32666336666261353264306537656433373562396134393932663137303030396466633361353861
+3865393038316564383631353363303735633739343739380a353939653930386233663536393366
+61613736323036636636653263393736303533323237643664383765333866383031363639323331
+6539383233623834330a346437303365303431316566333935633063613436396332316234663765
+34396364363137363166653338353730626338653532353238636263663762376134653736396230
+32643136653334656638306133376266393230326437666437613461336364346465656530323764
+37643266336239333630396661383966353039633931666561313866343565616330316163316634
+62393831346664663763643163373334633965366136653338366361623766646137313265396639
+36373238616164383138623562636462366434666230663537313230633132623462363339616561
+38613038343661383836303064383566333164393332346630366264653635636663313732623833
+39303232313638336633323339616235383161666436666164303135373933613332393837313032
+63646461396639386664336365346339313465653465653965663662336430383635333939656136
+31613563396130333439343136626334376361326636616364663030643963393266663638366561
+66633161316664666466376530363765363033343432643934326366306438656463396139303165
+396230643864396338616330393436313034
diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml
index b61ef79e..54a4e827 100644
--- a/inventory/host_vars/ele-media.yml
+++ b/inventory/host_vars/ele-media.yml
@@ -26,8 +26,6 @@ admin_users_host:
 
 nginx_pkg_variant: nginx
 
-mysql_root_password: "{{ vault_mysql_root_password }}"
-
 
 docker_daemon_config:
   bridge: "none"
diff --git a/roles/apt-repo/percona/files/repo.gpg b/roles/apt-repo/percona/files/repo.gpg
new file mode 100644
index 00000000..56220c91
Binary files /dev/null and b/roles/apt-repo/percona/files/repo.gpg differ
diff --git a/roles/apt-repo/percona/tasks/main.yml b/roles/apt-repo/percona/tasks/main.yml
new file mode 100644
index 00000000..8357b693
--- /dev/null
+++ b/roles/apt-repo/percona/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: add repository key
+  copy:
+    src: repo.gpg
+    dest: /etc/apt/trusted.gpg.d/percona.gpg
+  register: apt_repo_percona_key
+
+- name: add repository entry
+  copy:
+    content: |
+      deb http://repo.percona.com/apt {{ ansible_distribution_release }} main
+    dest: /etc/apt/sources.list.d/percona.list
+  register: apt_repo_percona_sources
+
+- name: update apt cache
+  when: apt_repo_percona_key is changed or
+        apt_repo_percona_sources is changed
+  apt:
+    update_cache: yes
diff --git a/roles/elevate/media/tasks/main.yml b/roles/elevate/media/tasks/main.yml
index 13ffa766..21cdd26f 100644
--- a/roles/elevate/media/tasks/main.yml
+++ b/roles/elevate/media/tasks/main.yml
@@ -35,4 +35,3 @@
     src: dstat.sh.j2
     dest: /usr/local/bin/dstat.sh
     mode: 0755
-
diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml
index 4dcedf31..e9be69d2 100644
--- a/roles/elevate/media/tasks/nextcloud.yml
+++ b/roles/elevate/media/tasks/nextcloud.yml
@@ -45,7 +45,7 @@
 - name: create nextcloud database
   mysql_db:
     login_user: root
-    login_password: "{{ mysql_root_password }}"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
     db: "{{ nextcloud_db.db }}"
     encoding: utf8mb4
     collation: utf8mb4_general_ci
@@ -54,7 +54,7 @@
 - name: create nextcloud database user
   mysql_user:
     login_user: root
-    login_password: "{{ mysql_root_password }}"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
     name: "{{ nextcloud_db.user }}"
     password: "{{ nextcloud_db.password }}"
     priv: "{{ nextcloud_db.db }}.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES"
diff --git a/roles/mysql/files/percona.gpg b/roles/mysql/files/percona.gpg
deleted file mode 100644
index 56220c91..00000000
Binary files a/roles/mysql/files/percona.gpg and /dev/null differ
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
index 3f142f6b..3bb125d4 100644
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -1,15 +1,28 @@
 ---
 - name: prepare package provider
   when: mysql_pkg_provider != 'distro'
-  include_tasks: "{{ mysql_pkg_provider }}.yml"
+  include_role:
+    name: "apt-repo/{{ mysql_pkg_provider }}"
 
 - name: install mysql packages
   apt:
     name:
-      - "{{ mysql_pkg_name }}"
-      - "{{ python_basename }}-pymysql"
+    - "{{ mysql_pkg_name }}"
+    - "{{ python_basename }}-pymysql"
     state: present
     force: yes
 
-- name: remove insecure defaults
-  import_tasks: mysql-secure-installation.yml
+- name: delete anonymous MySQL server user
+  mysql_user:
+    login_user: root
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    user: ""
+    state: absent
+  no_log: true
+
+- name: remove the MySQL test database
+  mysql_db:
+    login_user: root
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    db: test
+    state: absent
diff --git a/roles/mysql/tasks/mysql-secure-installation.yml b/roles/mysql/tasks/mysql-secure-installation.yml
deleted file mode 100644
index 28674cfd..00000000
--- a/roles/mysql/tasks/mysql-secure-installation.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- name: set mysql root password
-  mysql_user:
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-    user: root
-    password: "{{ mysql_root_password }}"
-    host: localhost
-
-- name: delete anonymous MySQL server user
-  mysql_user:
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-    user: ""
-    state: absent
-
-- name: remove the MySQL test database
-  mysql_db:
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-    db: test
-    state: absent
diff --git a/roles/mysql/tasks/percona.yml b/roles/mysql/tasks/percona.yml
deleted file mode 100644
index 72b4b9d9..00000000
--- a/roles/mysql/tasks/percona.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: add repository key
-  copy:
-    src: percona.gpg
-    dest: /etc/apt/trusted.gpg.d/mysql.gpg
-  register: apt_repo_percona_key
-
-- name: add repository entry
-  copy:
-    content: |
-      deb http://repo.percona.com/apt {{ ansible_distribution_release }} main
-    dest: /etc/apt/sources.list.d/mysql.list
-  register: apt_repo_percona_sources
-
-- name: update apt cache
-  when: apt_repo_percona_key is changed or
-        apt_repo_percona_sources is changed
-  apt:
-    update_cache: yes
-- 
cgit v1.2.3