Commit d5bf149a authored by Chris Croome's avatar Chris Croome

labels added to all loops

parent 7163fc29
Pipeline #8492 failed with stage
in 18 seconds
---
- name: "Check if the {{ item.key }} site is enabled"
- name: "Check if the {{ user.key }} site is enabled"
stat:
path: "/etc/apache2/sites-enabled/{{ item.key }}.conf"
path: "/etc/apache2/sites-enabled/{{ user.key }}.conf"
register: users_apache_site_enabled
tags:
- users-update
- apache
- name: "Apache {{ item.key }} sites-enabled symlink absent"
command: "a2dissite {{ item.key }}"
- name: "Apache {{ user.key }} sites-enabled symlink absent"
command: "a2dissite {{ user.key }}"
when: users_apache_site_enabled.stat.exists and users_apache_site_enabled.stat.islnk
tags:
- users-update
- apache
- name: "Apache {{ item.key }} sites-available file absent"
- name: "Apache {{ user.key }} sites-available file absent"
file:
path: "/etc/apache2/sites-available/{{ item.key }}.conf"
path: "/etc/apache2/sites-available/{{ user.key }}.conf"
state: absent
tags:
- users-update
- apache
- name: "Certcheck crontab for {{ item.key }} absent"
- name: "Certcheck crontab for {{ user.key }} absent"
cron:
name: "Cert check for {{ item.key }}.{{ ansible_fqdn }}"
job: "ssl-cert-check -qac {{ le_dir }}/{{ item.key }}.{{ ansible_fqdn }}.cert.pem -e 'root@localhost'"
name: "Cert check for {{ user.key }}.{{ ansible_fqdn }}"
job: "ssl-cert-check -qac {{ le_dir }}/{{ user.key }}.{{ ansible_fqdn }}.cert.pem -e 'root@localhost'"
state: absent
tags:
- users-update
- apache
- letsencrypt
- name: "Keys and certs for {{ item.key }}.{{ ansible_fqdn }} absent"
- name: "Keys and certs for {{ user.key }}.{{ ansible_fqdn }} absent"
file:
path: "{{ path }}"
state: absent
loop:
- "/root/.acme.sh/{{ item.key }}.{{ ansible_fqdn }}_ecc"
- "/etc/ssl/le/{{ item.key }}.{{ ansible_fqdn }}.cert.pem"
- "/etc/ssl/le/{{ item.key }}.{{ ansible_fqdn }}.fullchain.pem"
- "/etc/ssl/le/{{ item.key }}.{{ ansible_fqdn }}.key.pem"
- "/etc/ssl/le/{{ item.key }}.{{ ansible_fqdn }}.ca.pem"
- "/root/.acme.sh/{{ user.key }}.{{ ansible_fqdn }}_ecc"
- "/etc/ssl/le/{{ user.key }}.{{ ansible_fqdn }}.cert.pem"
- "/etc/ssl/le/{{ user.key }}.{{ ansible_fqdn }}.fullchain.pem"
- "/etc/ssl/le/{{ user.key }}.{{ ansible_fqdn }}.key.pem"
- "/etc/ssl/le/{{ user.key }}.{{ ansible_fqdn }}.ca.pem"
loop_control:
loop_var: path
tags:
......
This diff is collapsed.
---
- name: "Remove {{ item.key }} from {{ chroot_dir | default('/chroot') }}/etc/passwd"
- name: "Remove {{ user.key }} from {{ chroot_dir | default('/chroot') }}/etc/passwd"
lineinfile:
path: "{{ chroot_dir | default('/chroot') }}/etc/passwd"
regexp: "^{{ item.key }}:"
regexp: "^{{ user.key }}:"
state: absent
tags:
- users-update
- users-chroot
- name: "Remove {{ item.key }} from {{ chroot_dir | default('/chroot') }}/etc/group"
- name: "Remove {{ user.key }} from {{ chroot_dir | default('/chroot') }}/etc/group"
lineinfile:
path: "{{ chroot_dir | default('/chroot') }}/etc/group"
regexp: "^{{ item.key }}:"
regexp: "^{{ user.key }}:"
state: absent
tags:
- users-update
- users-chroot
# /run/chroot
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/chroot is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/chroot >/dev/null && echo PRESENT || echo ABSENT"
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/chroot is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/chroot >/dev/null && echo PRESENT || echo ABSENT"
check_mode: false
register: users_chroot_run_chroot_mount
changed_when: '"PRESENT" in users_chroot_run_chroot_mount.stdout'
......@@ -27,8 +27,8 @@
- users-update
- users-chroot
- name: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/chroot unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/chroot"
- name: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/chroot unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/chroot"
args:
warn: false
ignore_errors: true
......@@ -40,8 +40,8 @@
- users-chroot
# /run/mysql
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/mysqld is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/mysqld >/dev/null && echo PRESENT || echo ABSENT"
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/mysqld is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/mysqld >/dev/null && echo PRESENT || echo ABSENT"
check_mode: false
register: users_chroot_mysqld_mount
changed_when: '"PRESENT" in users_chroot_mysqld_mount.stdout'
......@@ -49,8 +49,8 @@
- users-update
- users-chroot
- name: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/mysqld unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/mysqld"
- name: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/mysqld unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/mysqld"
args:
warn: false
ignore_errors: true
......@@ -62,8 +62,8 @@
- users-chroot
# /users/$USER/home/$USER
- name: "Check if {{ chroot_users_dir | default('/users') }}{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} >/dev/null && echo PRESENT || echo ABSENT"
- name: "Check if {{ chroot_users_dir | default('/users') }}{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} >/dev/null && echo PRESENT || echo ABSENT"
check_mode: false
register: users_chroot_users_home_mount
changed_when: '"PRESENT" in users_chroot_users_home_mount.stdout'
......@@ -71,8 +71,8 @@
- users-update
- users-chroot
- name: "{{ chroot_users_dir | default('/users') }}{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }}"
- name: "{{ chroot_users_dir | default('/users') }}{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }}"
args:
warn: false
ignore_errors: true
......@@ -84,8 +84,8 @@
- users-chroot
# /users/$USER
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ item.key }} is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ item.key }} >/dev/null && echo PRESENT || echo ABSENT"
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ user.key }} is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ user.key }} >/dev/null && echo PRESENT || echo ABSENT"
check_mode: false
register: users_chroot_mount
changed_when: '"PRESENT" in users_chroot_mount.stdout'
......@@ -93,8 +93,8 @@
- users-update
- users-chroot
- name: "{{ chroot_users_dir | default('/users') }}/{{ item.key }} unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}/{{ item.key }}"
- name: "{{ chroot_users_dir | default('/users') }}/{{ user.key }} unmounted"
command: "umount -l {{ chroot_users_dir | default('/users') }}/{{ user.key }}"
args:
warn: false
ignore_errors: true
......@@ -105,17 +105,17 @@
- users-update
- users-chroot
- name: "Directory {{ chroot_users_dir | default('/users') }}/{{ item.key }} absent"
- name: "Directory {{ chroot_users_dir | default('/users') }}/{{ user.key }} absent"
file:
path: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}"
path: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}"
state: absent
tags:
- users-update
- users-chroot
- name: "Directory {{ chroot_dir | default('/chroot') }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} absent"
- name: "Directory {{ chroot_dir | default('/chroot') }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} absent"
file:
path: "{{ chroot_dir | default('/chroot') }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }}"
path: "{{ chroot_dir | default('/chroot') }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }}"
state: absent
tags:
- users-update
......
---
- name: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/chroot absent from /etc/fstab"
- name: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/chroot absent from /etc/fstab"
lineinfile:
path: /etc/fstab
regexp: "{{ mount }}"
state: absent
loop:
- "^/run/chroot {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/chroot ext4 "
- "^/run/mysqld {{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/mysqld ext4 "
- "^{{ item.value.users_home | default(users_basedir + '/' + item.key) }} {{ chroot_users_dir | default('/users') }}/{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} ext4 "
- "^{{ chroot_dir | default('/chroot') }} {{ chroot_users_dir | default('/users') }}/{{ item.key }} ext4 "
- "^/run/chroot {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/chroot ext4 "
- "^/run/mysqld {{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/mysqld ext4 "
- "^{{ user.value.users_home | default(users_basedir + '/' + user.key) }} {{ chroot_users_dir | default('/users') }}/{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} ext4 "
- "^{{ chroot_dir | default('/chroot') }} {{ chroot_users_dir | default('/users') }}/{{ user.key }} ext4 "
loop_control:
loop_var: mount
tags:
......
---
- name: "Read {{ item.key }} entry from /etc/passwd"
command: "grep ^{{ item.key }}: /etc/passwd"
- name: "Read {{ user.key }} entry from /etc/passwd"
command: "grep ^{{ user.key }}: /etc/passwd"
check_mode: false
register: users_etc_passwd
changed_when: false
......@@ -8,7 +8,7 @@
- users-chroot
- users-update
- name: "{{ item.key }} present in {{ chroot_dir | default('/chroot') }}/etc/passwd"
- name: "{{ user.key }} present in {{ chroot_dir | default('/chroot') }}/etc/passwd"
lineinfile:
path: "{{ chroot_dir | default('/chroot') }}/etc/passwd"
line: "{{ users_etc_passwd.stdout }}"
......@@ -17,8 +17,8 @@
- users-chroot
- users-update
- name: "Read {{ item.key }} entry from /etc/group"
command: "grep ^{{ item.key }}: /etc/group"
- name: "Read {{ user.key }} entry from /etc/group"
command: "grep ^{{ user.key }}: /etc/group"
check_mode: false
register: users_etc_group
changed_when: false
......@@ -26,7 +26,7 @@
- users-chroot
- users-update
- name: "{{ item.key }} present in {{ chroot_dir | default('/chroot') }}/etc/group"
- name: "{{ user.key }} present in {{ chroot_dir | default('/chroot') }}/etc/group"
lineinfile:
path: "{{ chroot_dir | default('/chroot') }}/etc/group"
line: "{{ users_etc_group.stdout }}"
......@@ -35,19 +35,19 @@
- users-chroot
- users-update
- name: "Mount point {{ chroot_dir | default('/chroot') }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} present"
- name: "Mount point {{ chroot_dir | default('/chroot') }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} present"
file:
path: "{{ chroot_dir | default('/chroot') }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }}"
path: "{{ chroot_dir | default('/chroot') }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }}"
owner: root
group: "{{ item.value.users_home_group | default(item.key) }}"
group: "{{ user.value.users_home_group | default(user.key) }}"
mode: "0750"
state: directory
tags:
- users-chroot
- users-update
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} >/dev/null && echo PRESENT || echo ABSENT"
- name: "Check if {{ chroot_users_dir | default('/users') }}/{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} is mounted"
shell: "findmnt {{ chroot_users_dir | default('/users') }}/{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} >/dev/null && echo PRESENT || echo ABSENT"
check_mode: false
register: users_chroot_users_home_mount
changed_when: '"ABSENT" in users_chroot_users_home_mount.stdout'
......@@ -55,9 +55,9 @@
- users-update
- users-chroot
- name: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }} present"
- name: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }} present"
file:
path: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}"
path: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}"
owner: root
group: root
mode: "0750"
......@@ -67,7 +67,7 @@
- users-update
- users-chroot
- name: "Chroot directories mounted for {{ item.key }}"
- name: "Chroot directories mounted for {{ user.key }}"
mount:
src: "{{ mnt.src }}"
path: "{{ mnt.path }}"
......@@ -76,19 +76,20 @@
state: mounted
loop:
- src: "{{ chroot_dir | default('/chroot') }}"
path: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}"
path: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}"
opts: ro,nosuid,bind,private
- src: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}"
path: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}{{ item.value.users_home | default(users_basedir + '/' + item.key) }}"
- src: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}"
path: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}{{ user.value.users_home | default(users_basedir + '/' + user.key) }}"
opts: rw,nodev,nosuid,bind,private
- src: /run/mysqld
path: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/mysqld"
path: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/mysqld"
opts: ro,nodev,nosuid,noexec,bind,private
- src: "/run/chroot"
path: "{{ chroot_users_dir | default('/users') }}/{{ item.key }}/run/chroot"
path: "{{ chroot_users_dir | default('/users') }}/{{ user.key }}/run/chroot"
opts: ro,nodev,nosuid,noexec,bind,private
loop_control:
loop_var: mnt
label: "{{ mnt }}"
tags:
- users-chroot
- users-update
......
---
- name: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/bin/README.md absent"
- name: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/bin/README.md absent"
file:
path: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/bin/README.md"
path: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/bin/README.md"
state: absent
tags:
- users-update
- users-cron
- name: "Daily cron jobs for {{ item.key }} absent"
- name: "Daily cron jobs for {{ user.key }} absent"
cron:
name: "Daily cron jobs"
user: root
cron_file: "chroot_cron_daily_{{ item.key }}"
cron_file: "chroot_cron_daily_{{ user.key }}"
state: absent
tags:
- users-update
- users-cron
- name: "Hourly cron jobs for {{ item.key }} absent"
- name: "Hourly cron jobs for {{ user.key }} absent"
cron:
name: "Hourly cron jobs"
user: root
cron_file: "chroot_cron_hourly_{{ item.key }}"
cron_file: "chroot_cron_hourly_{{ user.key }}"
state: absent
hour: "*"
tags:
- users-update
- users-cron
- name: "Cron job files for {{ item.key }} absent"
- name: "Cron job files for {{ user.key }} absent"
file:
path: "/etc/cron.d/{{ file }}"
state: absent
loop:
- "chroot_cron_daily_{{ item.key }}"
- "chroot_cron_hourly_{{ item.key }}"
- "chroot_cron_daily_{{ user.key }}"
- "chroot_cron_hourly_{{ user.key }}"
loop_control:
loop_var: file
tags:
- users-update
- users-cron
- name: "Daily cron jobs for {{ item.key }} absent"
- name: "Daily cron jobs for {{ user.key }} absent"
cron:
name: "Daily cron jobs"
user: "{{ item.key }}"
user: "{{ user.key }}"
state: absent
tags:
- users-update
- users-cron
- name: "Hourly cron jobs for {{ item.key }} absent"
- name: "Hourly cron jobs for {{ user.key }} absent"
cron:
name: "Hourly cron jobs"
user: "{{ item.key }}"
user: "{{ user.key }}"
state: absent
tags:
- users-update
......@@ -61,8 +61,8 @@
- name: "Daily deletion of users TMPDIR files which are older than a week absent"
cron:
name: "Daily deletion of TMPDIR files for {{ item.key }}"
user: "{{ item.key }}"
name: "Daily deletion of TMPDIR files for {{ user.key }}"
user: "{{ user.key }}"
state: absent
tags:
- users-update
......@@ -70,8 +70,8 @@
- name: "Daily MariaDB dump cron job absent"
cron:
name: "Nightly MySQL database backup for {{ item.key }}"
user: "{{ item.key }}"
name: "Nightly MySQL database backup for {{ user.key }}"
user: "{{ user.key }}"
state: absent
tags:
- users-update
......
This diff is collapsed.
---
# Ideally this would check if the command needs to be run before running it
- name: "Users that have membership of {{ item.value.users_group | default(item.key) }} group"
command: "usermod -a -G {{ item.value.users_group | default(item.key) }} {{ users_group_member }}"
loop: "{{ item.value.users_group_members }}"
- name: "Users that have membership of {{ user.value.users_group | default(user.key) }} group"
command: "usermod -a -G {{ user.value.users_group | default(user.key) }} {{ member }}"
loop: "{{ user.value.users_group_members }}"
loop_control:
loop_var: users_group_member
loop_var: member
label: "{{ member }}"
tags:
- users-update
...
---
- debug:
msg: "user={{ users_groups_user }} group={{ item }}"
loop: "{{ users_groups_user.value.users_groups }}"
msg: "user={{ user }} group={{ group }}"
loop: "{{ user.value.users_groups }}"
loop_control:
loop_var: group
label: "{{ group }}"
tags:
- users-update
- name: Add group
group:
name: "{{ item }}"
name: "{{ group }}"
state: present
loop: "{{ users_groups_user.value.users_groups }}"
loop: "{{ user.value.users_groups }}"
loop_var: group
label: "{{ group }}"
tags:
- users-update
...
......@@ -2,7 +2,7 @@
- name: Debug vhost
debug:
msg:
- "item.value.users.home: {{ item.value.users_home | default(users_basedir + '/' + item.key) }}"
- "user.value.users.home: {{ user.value.users_home | default(users_basedir + '/' + user.key) }}"
- "vhost.key: {{ vhost.key }}"
- "vhost.value.users_apache_server_name: {{ vhost.value.users_apache_server_name }}"
verbosity: 1
......@@ -21,17 +21,18 @@
loop: "{{ vhost.value.users_apache_htauth_users }}"
loop_control:
loop_var: htauth
label: "{{ htauth }}"
tags:
- apache
- users-update
- users-htauth
- name: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.htpasswd directory present"
- name: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.htpasswd directory present"
file:
path: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.htpasswd"
path: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.htpasswd"
state: directory
owner: www-data
group: "{{ item.value.users_group | default(item.key) }}"
group: "{{ user.value.users_group | default(user.key) }}"
mode: "0750"
tags:
- apache
......@@ -40,17 +41,18 @@
- name: "HTTP Authentication usernames and passwords for {{ vhost.value.users_apache_server_name }}"
htpasswd:
path: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.htpasswd/{{ vhost.value.users_apache_server_name }}"
path: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.htpasswd/{{ vhost.value.users_apache_server_name }}"
name: "{{ htauth.name }}"
password: "{{ htauth.password }}"
state: "{{ htauth.state | default('present') }}"
owner: www-data
group: "{{ item.value.users_group | default(item.key) }}"
group: "{{ user.value.users_group | default(user.key) }}"
mode: "0640"
when: ( htauth.password is defined and htauth.password != "" ) and ( htauth.state is not defined or htauth.state == "present" )
loop: "{{ vhost.value.users_apache_htauth_users }}"
loop_control:
loop_var: htauth
label: "{{ htauth }}"
tags:
- apache
- users-update
......
This diff is collapsed.
---
- name: "The databases that {{ item.key }} has access to"
command: mysql -B -N -e "SELECT Db FROM mysql.db WHERE User='{{ item.key }}';" mysql
- name: "The databases that {{ user.key }} has access to"
command: mysql -B -N -e "SELECT Db FROM mysql.db WHERE User='{{ user.key }}';" mysql
register: users_mariadb_list
tags:
- users-update
- users-mariadb
- name: "Databases absent for {{ item.key }}"
- name: "Databases absent for {{ user.key }}"
mysql_db:
name: "{{ db }}"
state: absent
......@@ -20,9 +20,9 @@
- users-update
- users-mariadb
- name: "MariaDB user {{ item.key }} absent"
- name: "MariaDB user {{ user.key }} absent"
mysql_user:
name: "{{ item.key }}"
name: "{{ user.key }}"
state: absent
login_user: root
login_unix_socket: /var/run/mysqld/mysqld.sock
......
---
- name: "Stat {{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.my.cnf"
- name: "Stat {{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.my.cnf"
stat:
path: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.my.cnf"
path: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.my.cnf"
register: users_mycnf
tags:
- users-update
......@@ -10,7 +10,7 @@
- block:
- name: "Generate a random password for {{ item.key }} MariaDB account as ~/.my.cnf doesn't exist"
- name: "Generate a random password for {{ user.key }} MariaDB account as ~/.my.cnf doesn't exist"
command: pwgen -n 20 1
no_log: true
register: users_mariadb_password_gen
......@@ -32,8 +32,8 @@
- block:
- name: "MariaDB password read from {{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.my.cnf"
shell: "my_print_defaults --defaults-file='{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.my.cnf' client | grep '^--password' | sed -e 's/--password=//'"
- name: "MariaDB password read from {{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.my.cnf"
shell: "my_print_defaults --defaults-file='{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.my.cnf' client | grep '^--password' | sed -e 's/--password=//'"
no_log: true
changed_when: false
check_mode: false
......@@ -63,12 +63,12 @@
- users-mariadb
- phpmyadmin
- name: "mariadb_password written to {{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.my.cnf"
- name: "mariadb_password written to {{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.my.cnf"
template:
src: templates/my.cnf.j2
dest: "{{ item.value.users_home | default(users_basedir + '/' + item.key) }}/.my.cnf"
owner: "{{ item.key }}"
group: "{{ item.value.users_group | default(item.key) }}"
dest: "{{ user.value.users_home | default(users_basedir + '/' + user.key) }}/.my.cnf"
owner: "{{ user.key }}"
group: "{{ user.value.users_group | default(user.key) }}"
mode: 0400
force: true
no_log: true
......@@ -76,8 +76,8 @@
- users-update
- users-mariadb
- name: "The databases that {{ item.key }} has access to"
command: mysql -B -N -e "SELECT Db FROM mysql.db WHERE User='{{ item.key }}';" mysql
- name: "The databases that {{ user.key }} has access to"
command: mysql -B -N -e "SELECT Db FROM mysql.db WHERE User='{{ user.key }}';" mysql
changed_when: false
check_mode: false
register: users_mariadb_list
......@@ -85,14 +85,14 @@
- users-update
- users-mariadb
- name: "Set a fact for the databases to delete for {{ item.key }}"
- name: "Set a fact for the databases to delete for {{ user.key }}"
set_fact:
users_mariadb_delete_list: "{{ users_mariadb_list.stdout_lines | difference(item.value.users_mariadb_databases) }}"
users_mariadb_delete_list: "{{ users_mariadb_list.stdout_lines | difference(user.value.users_mariadb_databases) }}"
tags:
- users-update
- users-mariadb
- name: "Databases absent for {{ item.key }}"
- name: "Databases absent for {{ user.key }}"
mysql_db:
name: "{{ db }}"
state: absent
......@@ -102,31 +102,33 @@
when: ( users_mariadb_delete_list is defined ) and ( users_mariadb_delete_list != [] )
loop_control:
loop_var: db
label: "{{ db }}"
tags:
- users-update
- users-mariadb
- name: "Databases present for {{ item.key }}"
- name: "Databases present for {{ user.key }}"
mysql_db:
name: "{{ db }}"
state: present
login_user: root
login_unix_socket: /var/run/mysqld/mysqld.sock
loop: "{{ item.value.users_mariadb_databases }}"
loop: "{{ user.value.users_mariadb_databases }}"
loop_control:
loop_var: db
label: "{{ db }}"
tags:
- users-update
- users-mariadb
- name: "Set a variable for mysql_user priv for {{ item.key }}"
- name: "Set a variable for mysql_user priv for {{ user.key }}"
set_fact:
users_mariadb_priv: "{% if item.value.users_mariadb_databases[0] is defined %}{% for db in item.value.users_mariadb_databases %}{{ db }}.*:ALL{% if not loop.last %}/{% endif %}{% endfor %}{% else %}*.*:USAGE{% endif %}"
users_mariadb_priv: "{% if user.value.users_mariadb_databases[0] is defined %}{% for db in user.value.users_mariadb_databases %}{{ db }}.*:ALL{% if not loop.last %}/{% endif %}{% endfor %}{% else %}*.*:USAGE{% endif %}"
tags:
- users-update
- users-mariadb
- name: "Print priv for {{ item.key }}"
- name: "Print priv for {{ user.key }}"
debug:
var: users_mariadb_priv
verbosity: 1
......@@ -134,9 +136,9 @@
- users-update
- users-mariadb
- name: "MariaDB {{ item.key }}