当前位置:theitroad>bash mysql_secure_installation 的可靠答案

bash mysql_secure_installation 的可靠答案

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/25136498/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-18 11:02:11  来源:igfitidea点击:

ansible answers to mysql_secure_installation

bashansible

提问by user3909893

I can't realize how to write a task, that answers mysql_secure_installation script questions.

我不知道如何编写一个任务来回答 mysql_secure_installation 脚本问题。

I only have

我只有

shell: mysql_secure_installation  <<< '1111' executable=/bin/bash

and no ideas on how to continue answering. What would be the best way to solve this? Thanks in advance!

并且没有关于如何继续回答的想法。解决这个问题的最佳方法是什么?提前致谢!

回答by leucos

I think you best bet is to write a playbook (or better, change your mysql role) that will reproduce mysql_secure_installationscript. There are several reasons for this :

我认为你最好的办法是写一个剧本(或者更好的是,改变你的 mysql 角色)来重现mysql_secure_installation脚本。有几个原因 :

  • the script will always return 'changed', everytime you run your playbook, which is not something you want
  • writing tasks is more flexible : you can add, remove, change and adapt what you want to do according to your setup
  • you can learn in the process
  • 每次运行剧本时,脚本将始终返回“已更改”,这不是您想要的
  • 写作任务更灵活:您可以根据自己的设置添加、删除、更改和调整您想做的事情
  • 你可以在这个过程中学习

Basically, mysql_secure_installationdoes this :

基本上,mysql_secure_installation这样做:

  1. sets the root password
  2. removes anonymous users
  3. removes root remote access
  4. removes the test database
  1. 设置root密码
  2. 删除匿名用户
  3. 删除根远程访问
  4. 删除测试数据库

Assuming you have set up mysql_root_password, and added python-mysqldb like so :

假设您已经设置mysql_root_password并添加了 python-mysqldb,如下所示:

    - name: Adds Python MySQL support on Debian/Ubuntu
      apt: pkg="python-mysqldb" state=present
      when: ansible_os_family == 'Debian'

    - name: Adds Python MySQL support on RedHat/CentOS
      yum: name=MySQL-python state=present
      when: ansible_os_family == 'RedHat'

this can be accomplished like this :

这可以像这样完成:

  • Setting the root password

    - name: Sets the root password 
  mysql_user: user=root password="{{ mysql_root_password }}" host=localhost

  • Removing anonymous users

    - name: Deletes anonymous MySQL server user for ansible_fqdn
  mysql_user: user="" host="{{ ansible_fqdn }}" state="absent"

- name: Deletes anonymous MySQL server user for localhost
  mysql_user: user="" state="absent"

  • Removing root remote access

    - name: Secures the MySQL root user for IPV6 localhost (::1)
  mysql_user: user="root" password="{{ mysql_root_password }}" host="::1"

- name: Secures the MySQL root user for IPV4 localhost (127.0.0.1)
  mysql_user: user="root" password="{{ mysql_root_password }}" host="127.0.0.1"

- name: Secures the MySQL root user for localhost domain (localhost)
  mysql_user: user="root" password="{{ mysql_root_password }}" host="localhost"

- name: Secures the MySQL root user for server_hostname domain
  mysql_user: user="root" password="{{ mysql_root_password }}" host="{{ ansible_fqdn }}"

  • Removing the test database

    - name: Removes the MySQL test database
  mysql_db: db=test state=absent

  • 设置root密码

    - name: Sets the root password 
  mysql_user: user=root password="{{ mysql_root_password }}" host=localhost

  • 删除匿名用户

    - name: Deletes anonymous MySQL server user for ansible_fqdn
  mysql_user: user="" host="{{ ansible_fqdn }}" state="absent"

- name: Deletes anonymous MySQL server user for localhost
  mysql_user: user="" state="absent"

  • 删除根远程访问

    - name: Secures the MySQL root user for IPV6 localhost (::1)
  mysql_user: user="root" password="{{ mysql_root_password }}" host="::1"

- name: Secures the MySQL root user for IPV4 localhost (127.0.0.1)
  mysql_user: user="root" password="{{ mysql_root_password }}" host="127.0.0.1"

- name: Secures the MySQL root user for localhost domain (localhost)
  mysql_user: user="root" password="{{ mysql_root_password }}" host="localhost"

- name: Secures the MySQL root user for server_hostname domain
  mysql_user: user="root" password="{{ mysql_root_password }}" host="{{ ansible_fqdn }}"

  • 删除测试数据库

    - name: Removes the MySQL test database
  mysql_db: db=test state=absent

This should do it. Note that I took a quick glance à the mysql_secure_installationon my system. I might have skipped something or there might be other steps included in other versions. YMMV !

这应该做。请注意,我快速浏览了一下mysql_secure_installation我的系统。我可能跳过了某些内容,或者其他版本中可能包含其他步骤。天啊!

回答by Rodrigo Villalba Zayas

This is what worked for me:

这对我有用:

- name: Adds Python MySQL support on Debian/Ubuntu
  apt: pkg="python-mysqldb" state=present
  when: ansible_os_family == 'Debian'

- name: Adds Python MySQL support on RedHat/CentOS
  yum: name=MySQL-python state=present
  when: ansible_os_family == 'RedHat'

- name: Set the root password 
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}"

- name: Secure the root user for IPV6 localhost (::1)
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="::1"

- name: Secure the root user for IPV4 localhost (127.0.0.1)
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="127.0.0.1"

- name: Secure the root user for localhost domain
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="localhost"

- name: Secure the root user for server_hostname domain
  mysql_user: login_user=root login_password="{{ root_password }}" user=root password="{{ root_password }}" host="{{ ansible_fqdn }}"

- name: Deletes anonymous server user
  mysql_user: login_user=root login_password="{{ root_password }}" user="" host_all=yes state=absent

- name: Removes the test database
  mysql_db: login_user=root login_password="{{ root_password }}" db=test state=absent

回答by Eslam.Gomaa

Take a look at this Ansible Module, it provides an easy and idempotent way for mysql_secure_installationin Ansible

看看这个Ansible模块,它提供了一个简单的和幂等方式mysql_secure_installation在Ansible

Example - with a fresh MySQL Installation

示例 - 使用全新的 MySQL 安装

- name: test mysql_secure_installation
  mysql_secure_installation:
    login_password: ''
    new_password: password22
    user: root
    login_host: localhost
    hosts: ['localhost', '127.0.0.1', '::1']
    change_root_password: true
    remove_anonymous_user: true
    disallow_root_login_remotely: true
    remove_test_db: true
  register: mysql_secure

# To see detailed output
- debug:
    var: mysql_secure

Example - Change an existing root password

示例 - 更改现有的 root 密码

- name: test mysql_secure_installation
  mysql_secure_installation:
    login_password: password22
    new_password: password23
    user: root
    login_host: localhost
    hosts: ['localhost', '127.0.0.1', '::1']

For usage: All you have to do is create a dir called libraryin your playbooks or role's dirand copy the mysql_secure_installation.pyto it,

用法:您所要做的就是library在您的目录中创建一个目录playbooks or role's dir并将其复制mysql_secure_installation.py到其中,

you can find a Full example in the following Link

您可以在以下链接中找到完整示例

https://github.com/eslam-gomaa/mysql_secure_installation_Ansible

https://github.com/eslam-gomaa/mysql_secure_installation_Ansible

相关推荐

bash 简单 Python 代码中的 Str 对象错误

bash 简单 Python 代码中的 Str 对象错误

bash 如何在shell脚本中的模式之前提取字符串

bash 如何在shell脚本中的模式之前提取字符串

如何使用 Bash 解析 HTTP 标头?

如何使用 Bash 解析 HTTP 标头?

bash Docker:Cronjob 不工作

bash Docker:Cronjob 不工作

相关推荐
最近更新
标签