Merge pull request #570 from kiptix/master

geerlingguy · web-flow · commit 067b8861b0a6 · 2025-03-25T09:20:21.000-05:00
#569 Secure Installation should use variable mysql_daemon
diff --git a/tasks/secure-installation.yml b/tasks/secure-installation.yml
@@ -22,13 +22,14 @@
     and (mysql_install_packages | bool or mysql_user_password_update)
 
 - name: Disallow root login remotely
-  ansible.builtin.command: 'mysql -NBe "{{ item }}"'
+  ansible.builtin.command: '{{ mysql_daemon }} -NBe "{{ item }}"'
   with_items:
     - DELETE FROM mysql.user WHERE User='{{ mysql_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
   changed_when: false
 
 - name: Get list of hosts for the root user.
-  ansible.builtin.command: mysql -NBe
+  ansible.builtin.command: >
+    {{ mysql_daemon }} -NBe
     "SELECT Host
     FROM mysql.user
     WHERE User = '{{ mysql_root_username }}'
@@ -43,7 +44,7 @@
 # Set root password for MySQL >= 8.4 and MariaDB ≥ 10.4
 - name: Update MySQL root authentication via socket for localhost (Linux, MySQL ≥ 8.4)
   ansible.builtin.shell: >
-    mysql -u root -NBe
+    {{ mysql_daemon }} -u root -NBe
     "ALTER USER '{{ mysql_root_username }}'@'{{ item }}'
      IDENTIFIED {{ (mysql_daemon == 'mariadb') | ternary('VIA unix_socket', 'WITH auth_socket') }}; FLUSH PRIVILEGES;"
   no_log: "{{ mysql_hide_passwords }}"
@@ -59,7 +60,7 @@
 # Set root password for 5.7.x. ≤ MySQL < 8.4 and MariaDB ≥ 10.4
 - name: Update MySQL root password for localhost root account (5.7.x ≤ MySQL < 8.4)
   ansible.builtin.shell: >
-    mysql -u root -NBe
+    {{ mysql_daemon }} -u root -NBe
     "ALTER USER '{{ mysql_root_username }}'@'{{ item }}'
      IDENTIFIED {{ (mysql_daemon == 'mariadb') | ternary('VIA', 'WITH') }} mysql_native_password
      BY '{{ mysql_root_password }}'; FLUSH PRIVILEGES;"
@@ -78,7 +79,7 @@
 # Set root password for MySQL < 5.7.x.
 - name: Update MySQL root password for localhost root account (< 5.7.x).
   ansible.builtin.shell: >
-    mysql -NBe
+    {{ mysql_daemon }} -NBe
     'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}"); FLUSH PRIVILEGES;'
   no_log: "{{ mysql_hide_passwords }}"
   with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
@@ -100,7 +101,8 @@
     - mysql_copy_root_user_mycnf
 
 - name: Get list of hosts for the anonymous user.
-  ansible.builtin.command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = ''"
+  ansible.builtin.command: >
+    {{ mysql_daemon }} -NBe "SELECT Host FROM mysql.user WHERE User = ''"
   register: mysql_anonymous_hosts
   changed_when: false
   check_mode: false
