Commit ad1bfe04 authored by Chris Croome's avatar Chris Croome

Only allow random password generation

parent 339266cb
Pipeline #11527 passed with stage
in 16 seconds
......@@ -101,19 +101,19 @@ Note that the `mariadb_password` variable will only contain the password for the
* Check that the mariadb_username and mariadb_database are lowercase and contain no punctuation or white space
* Add additional optional `mariadb_` variables for values in `templates/50-server.cnf.j2`
* <strike>Consider adding the ability to create multiple database users and databases, reading these from YAML dicts, for example:</strike> This has been implemented in the [users role](https://git.coop/webarch/users)
* Consider adding the ability to create multiple database users and databases, reading these from YAML dicts, for example:
```yml
vars:
maria_databases:
- wordpress
- civicrm
- matomo
mariadb_users:
wordpress:
privs:
- wordpress.*:ALL
- civicrm.*:ALL
matomo:
privs:
- matomo.*:ALL
mariadb_databases_present:
- wordpress_prod
- wordpress_stage
mariadb_databases_absent:
- drupal_prod
- drupal_stage
mariadb_users_present:
- name: wordpress
priv:
- 'wordpress_prod.*:ALL'
- 'wordpress_stage.*:ALL'
```
......@@ -133,7 +133,7 @@
- name: "mariadb_password loaded from {{ mariadb_mycnf }} since the file exists and the password was not set"
command: "my_print_defaults --defaults-file='{{ mariadb_mycnf }}' client"
register: mariadb_my_print_defaults_command
# no_log: true
no_log: true
- name: Set a fact for mariadb_password
set_fact:
......@@ -142,11 +142,10 @@
loop: "{{ mariadb_my_print_defaults_command.stdout_lines }}"
loop_control:
loop_var: line
# no_log: true
no_log: true
when:
- ( mariadb_mycnf_present is defined ) and ( mariadb_mycnf_present == True )
- ( mariadb_password is not defined ) or ( mariadb_password | length <= 0 )
tags:
- mariadb
......@@ -165,17 +164,9 @@
when:
- ( mariadb_mycnf_present is defined ) and ( mariadb_mycnf_present == False )
- ( mariadb_password is not defined ) or ( mariadb_password | length <= 0 )
tags:
- mariadb
- name: Check that the mariadb_password is defined and a variable of a sensible length
assert:
that:
- mariadb_password is defined
- mariadb_password is regex("^.{2,24}$")
no_log: true
- name: Fail if any variables are not defined
assert:
that:
......
......@@ -14,12 +14,6 @@
verbosity: 1
when: ( mariadb_database is defined ) and ( mariadb_database | length > 0 )
- name: Debug the mariadb_password variable
debug:
msg: "mariadb_password: {{ mariadb_password }}"
verbosity: 3
when: ( mariadb_password is defined ) and ( mariadb_password | length > 0 )
- name: Debug the mariadb_mycnf variable
debug:
msg: "mariadb_mycnf: {{ mariadb_mycnf }}"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment