mirror of https://github.com/jumpserver/jumpserver
53 lines
2.3 KiB
YAML
53 lines
2.3 KiB
YAML
- hosts: mysql
|
|
gather_facts: no
|
|
vars:
|
|
ansible_python_interpreter: /opt/py3/bin/python
|
|
db_name: "{{ jms_asset.spec_info.db_name }}"
|
|
|
|
tasks:
|
|
- name: Test MySQL connection
|
|
community.mysql.mysql_info:
|
|
login_user: "{{ jms_account.username }}"
|
|
login_password: "{{ jms_account.secret }}"
|
|
login_host: "{{ jms_asset.address }}"
|
|
login_port: "{{ jms_asset.port }}"
|
|
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
|
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
|
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
|
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
|
filter: version
|
|
register: db_info
|
|
|
|
- name: MySQL version
|
|
debug:
|
|
var: db_info.version.full
|
|
|
|
- name: Change MySQL password
|
|
community.mysql.mysql_user:
|
|
login_user: "{{ jms_account.username }}"
|
|
login_password: "{{ jms_account.secret }}"
|
|
login_host: "{{ jms_asset.address }}"
|
|
login_port: "{{ jms_asset.port }}"
|
|
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
|
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
|
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
|
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
|
name: "{{ account.username }}"
|
|
password: "{{ account.secret }}"
|
|
host: "%"
|
|
priv: "{{ account.username + '.*:USAGE' if db_name == '' else db_name + '.*:ALL' }}"
|
|
ignore_errors: true
|
|
when: db_info is succeeded
|
|
|
|
- name: Verify password
|
|
community.mysql.mysql_info:
|
|
login_user: "{{ account.username }}"
|
|
login_password: "{{ account.secret }}"
|
|
login_host: "{{ jms_asset.address }}"
|
|
login_port: "{{ jms_asset.port }}"
|
|
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
|
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
|
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
|
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
|
filter: version
|