From 4a7afbc3f33198340fbb626fbca5fd864024eb89 Mon Sep 17 00:00:00 2001
From: Christoph Haas <christoph.haas@performance-media.de>
Date: Thu, 15 Aug 2019 12:13:27 +0200
Subject: [PATCH] Various

---
 Vagrantfile                                             | 11 +++++------
 ansible/ansible.cfg                                     |  6 ++++++
 ansible/roles/ispmail-database/tasks/main.yml           | 16 +++++++++++++---
 ansible/roles/ispmail-database/templates/my-cnf.j2      |  2 --
 ansible/roles/ispmail-database/templates/root-my-cnf.j2 |  2 ++
 5 files changed, 26 insertions(+), 11 deletions(-)
 delete mode 100644 ansible/roles/ispmail-database/templates/my-cnf.j2
 create mode 100644 ansible/roles/ispmail-database/templates/root-my-cnf.j2

diff --git a/Vagrantfile b/Vagrantfile
index 8e6ee70..f9c3fe9 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -13,7 +13,7 @@ Vagrant.configure(2) do |config|
   # Every Vagrant development environment requires a box. You can search for
   # boxes at https://atlas.hashicorp.com/search.
   #config.vm.box = "jessie64"
-  config.vm.box = "debian/stretch64"
+  config.vm.box = "debian/buster64"
 
   # Disable automatic box update checking. If you disable this, then
   # boxes will only be checked for updates when the user runs
@@ -39,7 +39,7 @@ Vagrant.configure(2) do |config|
   # the path on the guest to mount the folder. And the optional third
   # argument is a set of non-required options.
   # config.vm.synced_folder "../data", "/vagrant_data"
-  config.vm.synced_folder "ansible", "/root"
+  #config.vm.synced_folder "ansible", "/root"
 
   # Provider-specific configuration so you can fine-tune various
   # backing providers for Vagrant. These expose provider-specific options.
@@ -73,11 +73,10 @@ Vagrant.configure(2) do |config|
 
   config.vm.provision "ansible" do |ansible|
     ansible.playbook = "ansible/ispmail.yml"
-    ansible.sudo = true
-    #ansible.become = true
+    ansible.become = true
     #ansible.become_user = 'root'
-    #ansible.compatibility_mode = '2.0'
-    #ansible.verbose = 'vvv'
+    ansible.compatibility_mode = '2.0'
+    ##ansible.verbose = 'vvv'
   end
 
   config.vm.provider "virtualbox" do |vb|
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index 2aa4e9b..41cc51d 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -28,3 +28,9 @@ roles_path = ansible/roles
 [ssh_connection]
 # Speed improvement, but may break sudo with requiretty
 pipelining = True
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_user=root
+become_ask_pass=False
diff --git a/ansible/roles/ispmail-database/tasks/main.yml b/ansible/roles/ispmail-database/tasks/main.yml
index 5450cfa..e5d2c02 100644
--- a/ansible/roles/ispmail-database/tasks/main.yml
+++ b/ansible/roles/ispmail-database/tasks/main.yml
@@ -1,10 +1,20 @@
 ---
 - name: Installing required Python mysqldb module for Ansible to manage databases
   apt: name=python-pymysql
-# - name: Creating my-cnf for root user
-#   template: src=root-my-cnf.j2 dest=/root/.my.cnf mode=0600
+- name: Ensure mysql root password is updated for all root accounts
+  mysql_user:
+    name: root
+    host: localhost
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    password: "{{ ispmail_mysql_root_password }}"
+    priv: '*.*:ALL,GRANT'
+    check_implicit_admin: true
+  #become: yes
+  #notify: Restart MySQL
+- name: Creating my-cnf for root user
+  template: src=root-my-cnf.j2 dest=/root/.my.cnf mode=0600
 - name: creating mailserver MySQL database
-  mysql_db: name=mailserver
+  mysql_db: name=mailserver login_password="{{ ispmail_mysql_root_password }}"
 - name: creating Roundcube MySQL database
   mysql_db: name=roundcube
 - name: copying MySQL database schema to server
diff --git a/ansible/roles/ispmail-database/templates/my-cnf.j2 b/ansible/roles/ispmail-database/templates/my-cnf.j2
deleted file mode 100644
index 0615332..0000000
--- a/ansible/roles/ispmail-database/templates/my-cnf.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-[client]
-password={{ispmail_mysql_root_password}}
diff --git a/ansible/roles/ispmail-database/templates/root-my-cnf.j2 b/ansible/roles/ispmail-database/templates/root-my-cnf.j2
new file mode 100644
index 0000000..0615332
--- /dev/null
+++ b/ansible/roles/ispmail-database/templates/root-my-cnf.j2
@@ -0,0 +1,2 @@
+[client]
+password={{ispmail_mysql_root_password}}