updates the create_dbs play to add users

5dfe2e94 · John Jarvis · f1aa6634 · 5dfe2e94
Commit 5dfe2e94 authored Feb 06, 2014 by John Jarvis
Hide whitespace changes
Inline Side-by-side

Showing with 89 additions and 4 deletions

playbooks/edx-east/create_dbs.yml
+89 -4

No files found.
--- a/playbooks/edx-east/create_dbs.yml
+++ b/playbooks/edx-east/create_dbs.yml
@@ -36,19 +36,19 @@
    - name: "edxapp_db_root_pass"
      prompt: "Password for edxapp root mysql user (enter to skip)"
      default: "None"
-      private: yes
+      private: True
    - name: "xqueue_db_root_pass"
      prompt: "Password for xqueue root mysql user (enter to skip)"
      default: "None"
-      private: yes
+      private: True
    - name: "ora_db_root_pass"
      prompt: "Password for ora root mysql user (enter to skip)"
      default: "None"
-      private: yes
+      private: True
    - name: "discern_db_root_pass"
      prompt: "Password for discern root mysql user (enter to skip)"
      default: "None"
-      private: yes
+      private: True


  tasks:
@@ -85,3 +85,88 @@
            db_host: "{{ DISCERN_MYSQL_HOST|default('None') }}"
            db_user: "{{ discern_db_root_user }}"
            db_pass: "{{ discern_db_root_pass }}"
+
+    - name: assign mysql user permissions for db user
+      mysql_user:
+        name: "{{ item.db_user_to_modify }}"
+        priv: "{{ item.db_name }}.*:SELECT,INSERT,UPDATE,DELETE"
+        password: "{{ item.db_user_to_modify_pass }}"
+        login_host: "{{ item.db_host }}"
+        login_user: "{{ item.db_user }}"
+        login_password: "{{ item.db_pass }}"
+        host: '%'
+      when: item.db_user != 'None'
+      with_items:
+        # These defaults are needed, otherwise ansible will throw
+        # variable undefined errors for when they are not defined
+        # in secret vars
+        - db_name: "{{ EDXAPP_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ EDXAPP_MYSQL_HOST|default('None') }}"
+          db_user: "{{ edxapp_db_root_user|default('None') }}"
+          db_pass: "{{ edxapp_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ EDXAPP_MYSQL_USER }}"
+          db_user_to_modify_pass: "{{ EDXAPP_MYSQL_PASSWORD }}"
+        - db_name: "{{ XQUEUE_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ XQUEUE_MYSQL_HOST|default('None') }}"
+          db_user: "{{ xqueue_db_root_user|default('None') }}"
+          db_pass: "{{ xqueue_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ XQUEUE_MYSQL_USER }}"
+          db_user_to_modify_pass: "{{ XQUEUE_MYSQL_PASSWORD }}"
+        - db_name: "{{ ORA_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ ORA_MYSQL_HOST|default('None') }}"
+          db_user: "{{ ora_db_root_user|default('None') }}"
+          db_pass: "{{ ora_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ ORA_MYSQL_USER }}"
+          db_user_to_modify_pass: "{{ ORA_MYSQL_PASSWORD }}"
+        - db_name: "{{ DISCERN_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ DISCERN_MYSQL_HOST|default('None') }}"
+          db_user: "{{ discern_db_root_user|default('None') }}"
+          db_pass: "{{ discern_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ DISCERN_MYSQL_USER|default('None') }}"
+          db_user_to_modify_pass: "{{ DISCERN_MYSQL_PASSWORD|default('None') }}"
+
+
+    # The second call to mysql_user needs to have append_privs set to
+    # yes otherwise it will overwrite the previous run.
+    # This means that both tasks will report changed on every ansible
+    # run
+
+    - name: assign mysql user permissions for db test user
+      mysql_user:
+        append_privs: yes
+        name: "{{ item.db_user_to_modify }}"
+        priv: "{{ COMMON_ENVIRONMENT }}_{{ COMMON_DEPLOYMENT }}_test_{{ item.db_name }}.*:ALL"
+        password: "{{ item.db_user_to_modify_pass }}"
+        login_host: "{{ item.db_host }}"
+        login_user: "{{ item.db_user }}"
+        login_password: "{{ item.db_pass }}"
+        host: '%'
+      when: item.db_user != 'None'
+      with_items:
+        # These defaults are needed, otherwise ansible will throw
+        # variable undefined errors for when they are not defined
+        # in secret vars
+        - db_name: "{{ EDXAPP_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ EDXAPP_MYSQL_HOST|default('None') }}"
+          db_user: "{{ edxapp_db_root_user|default('None') }}"
+          db_pass: "{{ edxapp_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ EDXAPP_MYSQL_USER }}"
+          db_user_to_modify_pass: "{{ EDXAPP_MYSQL_PASSWORD }}"
+        - db_name: "{{ XQUEUE_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ XQUEUE_MYSQL_HOST|default('None') }}"
+          db_user: "{{ xqueue_db_root_user|default('None') }}"
+          db_pass: "{{ xqueue_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ XQUEUE_MYSQL_USER }}"
+          db_user_to_modify_pass: "{{ XQUEUE_MYSQL_PASSWORD }}"
+        - db_name: "{{ ORA_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ ORA_MYSQL_HOST|default('None') }}"
+          db_user: "{{ ora_db_root_user|default('None') }}"
+          db_pass: "{{ ora_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ ORA_MYSQL_USER }}"
+          db_user_to_modify_pass: "{{ ORA_MYSQL_PASSWORD }}"
+        - db_name: "{{ DISCERN_MYSQL_DB_NAME|default('None') }}"
+          db_host: "{{ DISCERN_MYSQL_HOST|default('None') }}"
+          db_user: "{{ discern_db_root_user|default('None') }}"
+          db_pass: "{{ discern_db_root_pass|default('None') }}"
+          db_user_to_modify: "{{ DISCERN_MYSQL_USER|default('None') }}"
+          db_user_to_modify_pass: "{{ DISCERN_MYSQL_PASSWORD|default('None') }}"