05/04/2018 - ANSIBLE, MYSQL, VAGRANT
Aşağıdaki örneğimizde Ansible ve Vagrant kullanarak MySQL root kullanıcısının şifresini değiştireceğiz ve tüm hostlar üzerinde tüm hakların tanımlamasını yapacağız.
.
├── Vagrantfile
└── provisioning
├── host_vars
│ └── mysql
├── hosts.yml
├── roles
│ └── mysql
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ └── main.yml
└── site.yml
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.define :mysql do |vagrant|
vagrant.vm.hostname = "test"
vagrant.vm.network "private_network", ip: "192.168.99.30"
end
config.vm.provider :virtualbox do |virtualbox|
virtualbox.name = "test - 192.168.99.30 - 16.04"
end
config.vm.provision :ansible do |ansible|
ansible.raw_arguments = Shellwords.shellsplit(ENV["ANSIBLE_ARGS"]) if ENV["ANSIBLE_ARGS"]
ansible.verbose = "-vvv"
ansible.inventory_path = "provisioning/hosts.yml"
ansible.playbook = "provisioning/site.yml"
end
end
all:
hosts:
mysql:
ansible_host: 192.168.99.30
ansible_python_interpreter: /usr/bin/python3
---
# This playbook sets up whole stack.
- name: Configurations to "mysql" host
hosts: mysql
remote_user: root
become: yes
roles:
- mysql
---
# Variables listed here are applicable to "mysql" roles
mysql:
user: root
old_password: root
new_password: 123123
hosts:
- "{{ ansible_hostname }}"
- "127.0.0.1"
- "::1"
- "localhost"
privileges: "*.*:ALL,GRANT"
---
# This playbook contains common handlers that can be called in tasks.
# sudo service mysql restart (whether running or not)
- name: Restart MySQL
service:
name: mysql
state: restarted
enabled: yes
---
# This playbook contains mysql actions that will be run on "mysql" hosts.
# sudo apt-get install *
- name: Install MySQL and packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- mysql-server=5.7.*
- python3-mysqldb
tags:
- mysql
# Remove all anonymous users for all hosts
- name: Remove all anonymous user accounts
mysql_user:
name: ""
host_all: yes
state: absent
tags:
- mysql
# Update "root" user password and grant all permissions for all hosts
- name: Update "root" user password and grant all permissions for all hosts
mysql_user:
login_user: "{{ mysql.user }}"
login_password: "{{ mysql.old_password }}"
host: "{{ item }}"
check_implicit_admin: yes
name: "{{ mysql.user }}"
password: "{{ mysql.new_password }}"
priv: "*.*:ALL,GRANT"
state: present
with_items:
- "{{ mysql.hosts }}"
tags:
- mysql
# Restart MySQL
- name: Restart MySQL
command: /bin/true
notify:
- Restart MySQL
tags:
- mysql
$ vagrant up
PLAY [Configurations to "mysql" host] ************************************************
TASK [Gathering Facts] ***************************************************************
ok: [mysql]
TASK [mysql : Install MySQL and packages] ********************************************
changed: [mysql] => (item=[u'mysql-server=5.7.*', u'python3-mysqldb'])
TASK [mysql : Remove all anonymous user accounts] ************************************
ok: [mysql]
TASK [mysql : Update "root" user password and grant all permissions for all hosts] ***
changed: [mysql] => (item=test)
changed: [mysql] => (item=127.0.0.1)
changed: [mysql] => (item=::1)
changed: [mysql] => (item=localhost)
TASK [mysql : Restart MySQL] *********************************************************
changed: [mysql]
RUNNING HANDLER [mysql : Restart MySQL] **********************************************
changed: [mysql]
PLAY RECAP ***************************************************************************
mysql : ok=6 changed=4 unreachable=0 failed=0
ubuntu@test:~$ mysql -u root -p
Enter password: # Type 123123 here
mysql> USE mysql;
Database changed
mysql> SELECT user, host FROM user;
+------------------+-----------+
| user | host |
+------------------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| root | localhost |
| root | test |
+------------------+-----------+
4 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR 'root'@'127.0.0.1';
+---------------------------------------------------------------------+
| Grants for root@127.0.0.1 |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'127.0.0.1' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> SHOW GRANTS FOR 'root'@'::1';
+---------------------------------------------------------------+
| Grants for root@::1 |
+---------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'::1' WITH GRANT OPTION |
+---------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> SHOW GRANTS FOR 'root'@'localhost';
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR 'root'@'test';
+----------------------------------------------------------------+
| Grants for root@test |
+----------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'test' WITH GRANT OPTION |
+----------------------------------------------------------------+
1 row in set (0.00 sec)