-
Notifications
You must be signed in to change notification settings - Fork 739
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add role argument spec for os, ssh, mysql (#687)
* add role argument spec for os, ssh, mysql Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add role argument spec for os, ssh, mysql Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove variable in variable as it cannot be used in argument spec Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * fix wrong syntax * fix spelling errors Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * cannot use vars before arg-spec validation Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * yamllint the arg-spec Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add back variable Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove redundant setting in tests * fix descriptions in mysql hardening to betterreflect what they do Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove duplicate empty line Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * set correct defaults on to ssl options Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove left-over hidepid argument spec Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove license and author infos, this lives in the collection readme Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * fix styling Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * update some descriptions and sort them in the readme Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * some more linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> --------- Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
- Loading branch information
Showing
14 changed files
with
2,942 additions
and
926 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
--- | ||
argument_specs: | ||
main: | ||
short_description: The main entry point for the mysql hardening role. | ||
version_added: 8.8.0 | ||
options: | ||
mysql_hardening_chroot: | ||
default: '' | ||
type: str | ||
description: '[chroot](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_chroot)' | ||
mysql_hardening_options.safe-user-create: | ||
default: 1 | ||
type: int | ||
description: '[safe-user-create](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create)' | ||
mysql_hardening_options.secure-auth: | ||
default: 1 | ||
type: int | ||
description: '[secure-auth](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-auth)' | ||
mysql_hardening_options.skip-symbolic-links: | ||
default: 1 | ||
type: int | ||
description: '[skip-symbolic-links](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_symbolic-links)' | ||
'mysql_hardening_skip_grant_tables:': | ||
default: false | ||
type: bool | ||
description: '[skip-grant-tables](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-grant-tables)' | ||
mysql_hardening_skip_show_database: | ||
default: 1 | ||
type: int | ||
description: '[skip-show-database](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database)' | ||
mysql_hardening_options.local-infile: | ||
default: 0 | ||
type: int | ||
description: '[local-infile](http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile)' | ||
mysql_hardening_options.allow-suspicious-udfs: | ||
default: 0 | ||
type: int | ||
description: '[allow-suspicious-udfs](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_allow-suspicious-udfs)' | ||
mysql_hardening_chroot.automatic-sp-privileges: | ||
default: 0 | ||
type: int | ||
description: '[automatic_sp_privileges](https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_automatic_sp_privileges)' | ||
mysql_hardening_options.secure-file-priv: | ||
default: /tmp | ||
type: str | ||
description: '[secure-file-priv](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-file-priv)' | ||
mysql_remove_anonymous_users: | ||
default: true | ||
type: bool | ||
description: Set to `false` to keep users without authentication | ||
mysql_remove_test_database: | ||
default: true | ||
type: bool | ||
description: Set to `false` to keep the test database | ||
mysql_hardening_restart_mysql: | ||
default: true | ||
type: bool | ||
description: Restart mysql after running this role | ||
mysql_hardening_enabled: | ||
default: true | ||
type: bool | ||
description: Whether to run the hardening | ||
mysql_daemon_enabled: | ||
default: true | ||
type: bool | ||
description: Whether to enable the MySQL-service so it starts on boot | ||
mysql_root_password: | ||
default: '-----====>SetR00tPa$$wordH3r3!!!<====-----' | ||
type: str | ||
description: The default password. Please change or overwrite it | ||
mysql_user_home: | ||
default: '{{ ansible_env.HOME }}' | ||
type: str | ||
description: The path where the `.my.cnf` will be stored | ||
mysql_remove_remote_root: | ||
default: true | ||
type: bool | ||
description: If `true`, root can only connect from localhost. Set to `false` | ||
to not remove remote root users. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.