有没有办法使用 Ansible mysql_user 模块(或使用任何其他模块)授予 MySQL 管理权限?我想为用户设置 SUPER
、RELOAD
和 SHOW DATABASES
权限以及其他一些特定于数据库的权限。
以下基本设置对我来说效果很好:
- name: Set user privileges
mysql_user:
user={{ mysql_user }}
password={{ mysql_password }}
state=present
priv={{ item }}
with_items:
- 'somedatabase.*:ALL'
- 'someotherdatabase.*:ALL'
...结果:
TASK: [db | Set user privileges]
**********************************************
ok: [dbuser] => (item=somedatabase.*:ALL)
ok: [dbuser] => (item=someotherdatabase.*:ALL)
以下设置一直显示“已更改”并且特权不是人们所期望的:
- name: Set user privileges
mysql_user:
user={{ mysql_user }}
password={{ mysql_password }}
state=present
priv={{ item }}
with_items:
- '*.*:SUPER,RELOAD,SHOW\ DATABASES'
- 'somedatabase.*:ALL'
- 'someotherdatabase.*:ALL'
(重复)运行:
TASK: [db | Set user privileges]
**********************************************
changed: [dbuser] => (item=*.*:SUPER,RELOAD,SHOW\ DATABASES)
changed: [dbuser] => (item=somedatabase.*:ALL)
ok: [dbuser] => (item=someotherdatabase.*:ALL)
结果:
mysql> show grants for 'dbuser'@'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for dbuser@localhost |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'dbuser'@'localhost' IDENTIFIED BY PASSWORD '*2046D2DDAE359F311435E8B4D3776EFE13FB584C' |
| GRANT ALL PRIVILEGES ON `somedatabase`.* TO 'dbuser'@'localhost' |
| GRANT ALL PRIVILEGES ON `someotherdatabase`.* TO 'dbuser'@'localhost' |
+---------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
有谁知道如何:
- 设置
SUPER
、RELOAD
和SHOW DATABASE
管理员。特权? - 使配置幂等?
最佳答案
终于找到了优雅的解决方案!首先,权限应该在某处定义为列表:
$ cat group_vars/dbservers
mysql_privileges:
- 'somedatabase.*:ALL'
- 'someotherdatabase.*:ALL'
- '*.*:SUPER,RELOAD,SHOW\ DATABASES'
然后 mysql_user
插件不需要附加权限,只需使用 documentation 中提到的权限字符串即可采用以下格式:mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL
.
唯一的技巧是如何将列表转换为字符串:
- name: Set user privileges
mysql_user:
user={{ mysql_user }}
password={{ mysql_password }}
state=present
priv={{ mysql_privileges|join('/') }}
任务的可重复运行不再显示已更改:
TASK: [db | Set user privileges]
**********************************************
ok: [dbuser]
关于mysql - 如何使用 ansible 授予 MySQL 服务器管理权限(SUPER,RELOAD ...)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22958443/