Ansible 幂等 MySQL 安装 Playbook

我想在 AWS 上设置一个 MySQL 服务器,使用 Ansible 进行配置管理.我使用的是 Amazon (ami-3275ee5b) 的默认 AMI,它使用 yum 进行包管理.

I want to setup a MySQL server on AWS, using Ansible for the configuration management. I am using the default AMI from Amazon (ami-3275ee5b), which uses yum for package management.

当执行下面的 Playbook 时,一切顺利.但是当我第二次运行它时,任务 Configure the root credentials 失败了,因为 MySQL 的旧密码不再匹配,因为它已在我上次运行此 Playbook 时更新.

When the Playbook below is executed, all goes well. But when I run it for a second time, the task Configure the root credentials fails, because the old password of MySQL doesn't match anymore, since it has been updated the last time I ran this Playbook.

这使得 Playbook 非幂等,我不喜欢.我希望能够根据需要多次运行 Playbook.

This makes the Playbook non-idempotent, which I don't like. I want to be able to run the Playbook as many times as I want.

- hosts: staging_mysql
  user: ec2-user
  sudo: yes

  tasks:
    - name: Install MySQL
      action: yum name=$item
      with_items:
        - MySQL-python
        - mysql
        - mysql-server

    - name: Start the MySQL service
      action: service name=mysqld state=started

    - name: Configure the root credentials
      action: command mysqladmin -u root -p $mysql_root_password

解决这个问题的最佳方法是什么,这意味着使 Playbook 具有幂等性?提前致谢!

What would be the best way to solve this, which means make the Playbook idempotent? Thanks in advance!

推荐答案

用于安全安装 MySQL 的 Ansible 版本.

mysql_secure_installation.yml

- hosts: staging_mysql
  user: ec2-user
  sudo: yes

  tasks:
    - name: Install MySQL
      action: yum name={{ item }}
      with_items:
        - MySQL-python
        - mysql
        - mysql-server

    - name: Start the MySQL service
      action: service name=mysqld state=started

    # 'localhost' needs to be the last item for idempotency, see
    # http://ansible.cc/docs/modules.html#mysql-user
    - name: update mysql root password for all root accounts
      mysql_user: name=root host={{ item }} password={{ mysql_root_password }}
      with_items:
        - "{{ ansible_hostname }}"
        - 127.0.0.1
        - ::1
        - localhost

    - name: copy .my.cnf file with root password credentials
      template: src=templates/root/my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600

    - name: delete anonymous MySQL server user for $server_hostname
      action: mysql_user user="" host="{{ server_hostname }}" state="absent"

    - name: delete anonymous MySQL server user for localhost
      action: mysql_user user="" state="absent"

    - name: remove the MySQL test database
      action: mysql_db db=test state=absent

templates/root/my.cnf.j2

[client]
user=root
password={{ mysql_root_password }}

参考文献

  • Lorin Hochstein 的原始答案
  • https://github.com/gaspaio/ansible-devbox/blob/master/roles/mysql/tasks/server.yml

相关文章