Last Updated: February 25, 2016
·
8.89K
· dnene

Set mysql root password using ansible

This is a variant of the tip provided here http://stackoverflow.com/a/16446163/12754 and earlier at https://coderwall.com/p/yez9yw

My goal was to ensure that no passwords are stored in plain text files anywhere on the server

Solution :

- name: update mysql root password for all root accounts from local servers
  mysql_user: login_user=root login_password={{ current_password }} name=root host=$item password={{ new_password }} priv=*.*:ALL,GRANT
  with_items:
      - $ansible_hostname
      - 127.0.0.1
      - ::1
      - localhost

And in the vars file

current_password=foobar
new_password={{ current_password }}

When not changing the mysql password run ansible playbook on command line as usual.

When changing the mysql password, add the following to the command line. Specifying it on the commandline allows the parameter set on the command line to take precedence over the one defaulted to in the vars file.

$ ansible-playbook ........ --extra-vars "new_password=buzzz"

After running the command change the vars file as follows

current_password=buzzz
new_password={{ current_password }}