enhance passwords management and add default options

2025-12-18 15:37:55 +01:00
parent d81541660e
commit 29efd6bedb
5 changed files with 174 additions and 5 deletions
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -12,11 +12,20 @@
    state: started
    enabled: yes

+- name: percona | configure root .my.cnf
+  template:
+    src: root.my.cnf.j2
+    dest: /root/.my.cnf
+    mode: '0600'
+    owner: root
+    group: root
+
 - name: percona | update MySQL root password
  mysql_user:
    name: root
    host: localhost
-    password: "{{ percona_root_password }}"
+    plugin: caching_sha2_password
+    plugin_auth_string: "{{ percona_root_password }}"
+    salt: "{{ percona_caching_sha2_password_salt }}"
    login_unix_socket: /var/run/mysqld/mysqld.sock
-    priv: "*.*:ALL,GRANT"
-  ignore_errors: true  # In case password is already set and socket auth is disabled
+  ignore_errors: true  # In case password is already set and socket auth is disabled
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -1,11 +1,27 @@
 ---
- name: percona | create users
+- name: percona | create legacy users
  mysql_user:
    name: "{{ item.name }}"
    password: "{{ item.password }}"
    host: "{{ item.host | default('%') }}"
    priv: "{{ item.priv | default('*.*:USAGE') }}"
+    plugin: "mysql_native_password"
    state: present
    login_user: root
    login_password: "{{ percona_root_password }}"
  loop: "{{ percona_users }}"
+  when: item.auth_plugin is defined and item.auth_plugin == 'mysql_native_password'
+
+- name: percona | create users
+  mysql_user:
+    name: "{{ item.name }}"
+    host: "{{ item.host | default('%') }}"
+    priv: "{{ item.priv | default('*.*:USAGE') }}"
+    plugin: caching_sha2_password
+    plugin_auth_string: "{{ item.password }}"
+    salt: "{{ percona_caching_sha2_password_salt }}"
+    state: present
+    login_user: root
+    login_password: "{{ percona_root_password }}"
+  loop: "{{ percona_users }}"
+  when: item.auth_plugin is not defined or item.auth_plugin == 'caching_sha2_password'