blob: 0febaaf4a6bf15850d9571d9f609d4ac4175e28b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
# MariaDB configuration for Baserock database server.
#
# The relevant .database_password.yml files will need to be available already.
# Create these manually and keep them somewhere safe and secret.
---
- hosts: database-mariadb
gather_facts: False
vars_files:
- root.database_password.yml
- baserock_gerrit.database_password.yml
- baserock_openid_provider.database_password.yml
- baserock_storyboard.database_password.yml
tasks:
- name: creating root database user
mysql_user: |
name=root
password={{ root_password }}
login_host=127.0.0.1
login_user=root
login_password={{ root_password }}
check_implicit_admin=yes
- name: remove the MySQL test database
mysql_db:
name=test state=absent
login_host=127.0.0.1
login_user=root
login_password={{ root_password }}
# Note that UTF-8 encoding and collation is *not* the default. Don't remove
# those lines or you will end up with a horrible disaster of a database.
- name: adding databases
mysql_db: |
name={{ item }}
state=present
login_host=127.0.0.1
login_user=root
login_password={{ root_password }}
collation=utf8_unicode_ci
encoding=utf8
with_items:
- gerrit
- openid_provider
- storyboard
# We could probably restrict the privileges of these users further...
#
# I feel like setting 'host="%"' (i.e. not enforcing that the account can
# only be used by IPs within the cloud's local network, or even a single
# known IP adress) is kind of bad practice, but since the database server
# is not exposed to the internet anyway I don't think it's important right
# now.
- name: adding other database users
mysql_user: |
name="{{ item.name }}"
host="%"
password={{ item.password }}
priv={{ item.priv }}
login_host=127.0.0.1
login_user=root
login_password={{ root_password }}
with_items:
- name: gerrit
password: "{{ baserock_gerrit_password }}"
priv: gerrit.*:ALL
- name: openid
password: "{{ baserock_openid_provider_password }}"
priv: openid_provider.*:ALL
- name: storyboard
password: "{{ baserock_storyboard_password }}"
priv: storyboard.*:ALL
|