From 5de72c80327e09c83f7fa27c3c42ef583b63ce1b Mon Sep 17 00:00:00 2001 From: Colan Schwartz Date: Thu, 7 Oct 2021 11:10:19 -0400 Subject: [PATCH 1/2] Issue #223: Generate a random default root password Instead of hardcoding an insecure default password for the `root` mysql user, generate a random one as discussed in issue #223 . --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 318b1694..527f2fd9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,7 +3,7 @@ # or sudo access mysql_user_home: /root mysql_user_name: root -mysql_user_password: root +mysql_user_password: "{{ lookup('password', '/dev/null length=20 chars=ascii_letters') }}" # The default root user installed by mysql - almost always root mysql_root_home: /root From daaea32c1810b48b24ef3cf47225efeafbdc76ef Mon Sep 17 00:00:00 2001 From: Colan Schwartz Date: Thu, 7 Oct 2021 11:27:02 -0400 Subject: [PATCH 2/2] Issue #223: Set the user password as well, not just the root one. --- defaults/main.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 527f2fd9..d84f1e32 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,14 +1,17 @@ --- +# Set a random password. +mysql_password: "{{ lookup('password', '/dev/null length=20 chars=ascii_letters') }}" + # Set this to the user ansible is logging in as - should have root # or sudo access mysql_user_home: /root mysql_user_name: root -mysql_user_password: "{{ lookup('password', '/dev/null length=20 chars=ascii_letters') }}" +mysql_user_password: "{{ mysql_password }}" # The default root user installed by mysql - almost always root mysql_root_home: /root mysql_root_username: root -mysql_root_password: root +mysql_root_password: "{{ mysql_password }}" # Set this to `true` to forcibly update the root password. mysql_root_password_update: false