Thursday, 15 March 2012

Ansible MySQL User with REQUIRE SSL -



Ansible MySQL User with REQUIRE SSL -

i've begun learning ansible today, , i'm making fast progress , on border of beingness able automate our whole stack. that's nice! :)

i've nail roadblock. we've chosen take little performance nail , encrypt mysql connections using ssl feature. allow our office ip's remotely manage it, , inter-datacenter.

using mysql_user module, can create sure user added, , set password , forth. can't seem find anyway require ssl on user? according quick google, , lack of options in documentation, guess can't mysql_user.

but real question is: do know (preferably clean) work around?

if somehow execute raw queries ansible perfect. specific, need replicate sql in ansible, possible:

grant privileges on *.* ‘ssluser’@’%’ identified ‘pass’ require ssl;

i believe can mysql_user module:

- mysql_user: name=bob password=12345 append_privs=*.*:requiressl

by using "append_privs" you'd adding "require ssl" existing privileges bob.

if want manually can little ugly, can invoke mysql client via command module. assuming have variables defined mysql user & host:

- command: mysql -u {{ myslq_user }} -h {{ mysql_host }} -p{{ mysql_password }} "grant privileges on *.* ‘ssluser’@’%’ identified ‘pass’ require ssl;"

edit: ran tests , got work without problems after ensuring the proper python libraries installed:

- hosts: myhost name: test user: my-user tasks: - local_action: mysql_user user=foo host='%' password=bar state=present append_privs=yes login_host=<my_database_host> login_user=<my_database_root_user> login_password=<my_database_root_password> priv='*.*:requiressl'

the above resulted in:

mysql> show grants 'foo'@'%'; +----------------------------------------------------------------------------------------------------------------+ | grants foo@% | +----------------------------------------------------------------------------------------------------------------+ | grant usage on *.* 'foo'@'%' identified password '*e8d46ce25265e545d225a8a6f1baf642febee5cb' require ssl | +----------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec)

mysql ansible configuration-management ansible-playbook

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)