Feature/disable automatic root password

.flake8

@@ -3,7 +3,7 @@
 # E221 multiple spaces before operator
 # E251 unexpected spaces around keyword / parameter equals
 
-ignore = E221,E251
+# ignore = E221,E251
 
 exclude =
   # No need to traverse our git directory

CHANGELOG

@@ -0,0 +1,25 @@
+# Changelog
+
+This file contains all significant changes to this Ansible Role.
+
+This file adheres to the guidelines of [http://keepachangelog.com/](http://keepachangelog.com/).
+Versioning follows [Semantic Versioning](http://semver.org/).
+"GH-X" refers to the X'th issue/pull request on the Github project.
+
+## 2.6.0 - 2024-09-10
+
+There are quite a few breaking changes in this version, so update your playbooks!
+
+### Breaking changes
+
+- The variables `mariadb_root_home`, `mariadb_root_username`, `mariadb_root_password` and `mariadb_root_password_update` have been removed and replaced by the dictionary `mariadb_system_users`.
+- The setting of the root password can be prevented
+
+### Added
+
+- The filter `system_user` has been added and can separate a user from the dictionary `mariadb_system_users`.
+
+### Modified
+
+- `mariadb_monitoring` must now be explicitly activated
+- `mariadb_mysqltuner` must now be explicitly activated

README.md

@@ -48,6 +48,30 @@ ansible-galaxy collection install --requirements-file collections.yml
 mariadb_datadir: /var/lib/mysql
 ```
 
+### create system users
+
+To create a `.my.cnf` on an instance, `mariadb_system_users` can be used.
+
+If no password is set, the associated task is skipped.
+
+
+| variable   | description |
+| :---       | :-----      |
+| `username` | The user name for administrative access. |
+| `password` | If no password is set, the associated task is skipped. |
+| `home`     | The home directory under which a `.my.cnf` is created. |
+| `update`   | Should the password be updated. |
+| `ignore`   | If the entire process is to be ignored, `ignore` must be set to `true`. |
+
+```yaml
+mariadb_system_users:
+  - username: root
+    password: ""
+    home: /root
+    update: true
+    ignore: true
+```
+
 ### create databases
 
 ```yaml
@@ -57,7 +81,7 @@ mariadb_databases:
     encoding: utf8
 ```
 
-### create users
+### create database users
 
 ```yaml
 mariadb_users:
@@ -179,21 +203,19 @@ mariadb_version: 10.4
 mariadb_debian_repo: "http://mirror.netcologne.de/mariadb/repo"
 
 mariadb_monitoring:
-  enabled: true
+  enabled: false
   system_user: "nobody"
   username: 'monitoring'
   password: '8WOMmRWWYHPR'
 
-mariadb_mysqltuner: true
-
-# The default root user installed by mysql - almost always root
-mariadb_root_home: /root
-mariadb_root_username: root
-mariadb_root_password: root
+mariadb_mysqltuner: false
 
-# Set this to `true` to forcibly update the root password.
-mariadb_root_password_update: true
-mariadb_user_password_update: false
+mariadb_system_users:
+  - username: root
+    password: ""
+    home: /root
+    update: true
+    ignore: true
 
 mariadb_enabled_on_startup: true
 

defaults/main.yml

@@ -7,21 +7,27 @@ mariadb_version: 10.6
 mariadb_debian_repo: https://mirror.netcologne.de/mariadb/repo
 
 mariadb_monitoring:
-  enabled: true
+  enabled: false
   system_user: "nobody"
   username: 'monitoring'
   password: '8WOMmRWWYHPR'
 
 mariadb_mysqltuner: false
 
 # The default root user installed by mysql - almost always root
-mariadb_root_home: /root
-mariadb_root_username: root
-mariadb_root_password: root
-
-# Set this to `true` to forcibly update the root password.
-mariadb_root_password_update: true
-mariadb_user_password_update: false
+# mariadb_root_home: /root
+# mariadb_root_username: root
+# mariadb_root_password: root
+#
+# # Set this to `true` to forcibly update the root password.
+# mariadb_root_password_update: true
+
+mariadb_system_users:
+  - username: root
+    password: ""
+    home: /root
+    update: true
+    ignore: true
 
 mariadb_enabled_on_startup: true
 

filter_plugins/mariadb.py

@@ -6,7 +6,7 @@
 
 import os
 import re
-import json
+# import json
 from ansible.utils.display import Display
 from ansible.module_utils.common._collections_compat import Mapping
 
@@ -25,19 +25,18 @@ def filters(self):
             'support_tls': self.support_tls,
             'tls_directory': self.tls_directory,
             'detect_galera': self.detect_galera,
-            'wsrep_cluster_address': self.wsrep_cluster_address
-
-            # 'galera_node_information': self.galera_node_information,
+            'wsrep_cluster_address': self.wsrep_cluster_address,
+            'system_user': self.system_user,
         }
 
     def support_tls(self, data):
         """
         """
         # display.vv(f"support_tls({data})")
 
-        ssl_ca   = data.get("ssl-ca", None)
+        ssl_ca = data.get("ssl-ca", None)
         ssl_cert = data.get("ssl-cert", None)
-        ssl_key  = data.get("ssl-key", None)
+        ssl_key = data.get("ssl-key", None)
 
         if ssl_ca and ssl_cert and ssl_key:
             return True
@@ -51,9 +50,9 @@ def tls_directory(self, data):
 
         directory = []
 
-        ssl_ca   = data.get("ssl-ca", None)
+        ssl_ca = data.get("ssl-ca", None)
         ssl_cert = data.get("ssl-cert", None)
-        ssl_key  = data.get("ssl-key", None)
+        ssl_key = data.get("ssl-key", None)
 
         if ssl_ca and ssl_cert and ssl_key:
             directory.append(os.path.dirname(ssl_ca))
@@ -70,10 +69,10 @@ def detect_galera(self, data, hostvars):
         """
         display.vv(f"detect_galera({data}, hostvars)")
         result = dict(
-            galera = False,
-            cluster_members = [],
-            cluster_primary_node = "",
-            cluster_replica_nodes = [],
+            galera=False,
+            cluster_members=[],
+            cluster_primary_node="",
+            cluster_replica_nodes=[],
             # primary = False
         )
 
@@ -141,10 +140,10 @@ def detect_galera(self, data, hostvars):
                 replica_nodes = [x for x, v in node_information.items() if v != primary_address]
 
                 result = dict(
-                    galera = True,
-                    cluster_members = cluster_members,
-                    cluster_primary_node = primary_node,
-                    cluster_replica_nodes = replica_nodes,
+                    galera=True,
+                    cluster_members=cluster_members,
+                    cluster_primary_node=primary_node,
+                    cluster_replica_nodes=replica_nodes,
                     # primary = primary
                 )
 
@@ -195,3 +194,15 @@ def _galera_node_information(self, data):
 
         display.vv(f"= {result}")
         return result
+
+    def system_user(self, data, username):
+        """ """
+        display.vv(f"system_user({data}, {username})")
+
+        result = [x for x in data if x.get('username') == username]
+        if len(result) == 1:
+            result = result[0]
+
+        display.vv(f"= {result}")
+
+        return result

library/mariadb_bootstrap.py

@@ -156,7 +156,7 @@ def run(self):
 
 def main():
     module = AnsibleModule(
-        argument_spec = dict(
+        argument_spec=dict(
             datadir=dict(required=False, type='path', default='/var/lib/mysql'),
             basedir=dict(required=False, type='path', default='/usr'),
             user=dict(required=False, type='str', default='mysql'),
@@ -166,7 +166,7 @@ def main():
             skip_name_resolve=dict(required=False, type='bool'),
             skip_test_db=dict(required=False, type='bool'),
         ),
-        supports_check_mode = False,
+        supports_check_mode=False,
     )
 
     helper = MariadbBootstrap(module)

library/mariadb_data_directory.py

@@ -86,9 +86,9 @@ def run(self):
             self.module.log(msg="  Directory not copied. Error: {}".format(e))
 
         return dict(
-            changed = True,
-            failed = False,
-            msg = "directory {} synced to {}".format(self.source, self.destination)
+            changed=True,
+            failed=False,
+            msg="directory {} synced to {}".format(self.source, self.destination)
         )
 
 # ===========================================
@@ -98,11 +98,11 @@ def run(self):
 
 def main():
     module = AnsibleModule(
-        argument_spec = dict(
+        argument_spec=dict(
             source=dict(required=False, type='path', default='/var/lib/mysql'),
             destination=dict(required=True, type='path'),
         ),
-        supports_check_mode = False,
+        supports_check_mode=False,
     )
 
     helper = MariadbDataDirectories(module)