From f863a7a444e1a68ea791881cb64e942d06728b30 Mon Sep 17 00:00:00 2001
From: Christoph Haas <email@christoph-haas.de>
Date: Sun, 1 Dec 2019 17:45:15 +0100
Subject: [PATCH] Database role works

---
 ansible/group_vars/all                        |  5 ++-
 ansible/ispmail.yml                           |  3 +-
 ansible/roles/ispmail-database/files/test.sql |  2 +-
 ansible/roles/ispmail-database/tasks/main.yml | 60 ++++++++++++++-------------
 4 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 100851c..e5e2f95 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -7,7 +7,10 @@ ispmail_populate_test_data: true
 ispmail_fqdn: yoda.workaround.org
 
 # MySQL password for read-only user
-ispmail_mysql_mailserver_password: ChangeMe
+ispmail_mysql_mailserver_password: ChangeMeServer
+
+# MySQL password for read-write user
+ispmail_mysql_mailadmin_password: ChangeMeAdmin
 
 # MySQL password for administrative root user
 ispmail_mysql_root_password: ChangeMeRoot
diff --git a/ansible/ispmail.yml b/ansible/ispmail.yml
index 88a3c17..2903d79 100644
--- a/ansible/ispmail.yml
+++ b/ansible/ispmail.yml
@@ -17,7 +17,8 @@
       tags: packages
     - role: ispmail-certificate
       tags: certificate
-    # - ispmail-database
+    - role: ispmail-database
+      tags: database
     #  - ispmail-postfix
     #  - ispmail-dovecot
     - role: ispmail-webmail-apache-roundcube
diff --git a/ansible/roles/ispmail-database/files/test.sql b/ansible/roles/ispmail-database/files/test.sql
index f997d58..3ddc641 100644
--- a/ansible/roles/ispmail-database/files/test.sql
+++ b/ansible/roles/ispmail-database/files/test.sql
@@ -12,7 +12,7 @@ REPLACE INTO `mailserver`.`virtual_users` (
       `email`
 )
 VALUES (
-      '1', '1', CONCAT('{PLAIN-MD5}', MD5( 'summersun' )) , 'john@example.org'
+      '1', '1', '{BLF-CRYPT}$2y$05$m.GdQNMyUFNG0vPsaXxSB.0ZQqZhe1e9Un841oBcWi6U6HRF2Kmky', 'john@example.org'
 );
 REPLACE INTO `mailserver`.`virtual_aliases` (
       `id`,
diff --git a/ansible/roles/ispmail-database/tasks/main.yml b/ansible/roles/ispmail-database/tasks/main.yml
index 8c81e02..71743f2 100644
--- a/ansible/roles/ispmail-database/tasks/main.yml
+++ b/ansible/roles/ispmail-database/tasks/main.yml
@@ -3,52 +3,53 @@
   #  apt: name=python-mysqldb
   apt: name=python-pymysql
 
-- name: Create .my.cnf
-  template:
-    src: "root-my-cnf.j2"
-    dest: "/root/.my.cnf"
-    owner: root
-    group: root
-    mode: 0600
+# - name: Create .my.cnf
+#   template:
+#     src: "root-my-cnf.j2"
+#     dest: "/root/.my.cnf"
+#     owner: root
+#     group: root
+#     mode: 0600
 
-- name: Set a new root password
-  mysql_user:
-    check_implicit_admin: yes
-    user: root
-    password: "{{ ispmail_mysql_root_password }}"
-    login_unix_socket: /var/run/mysqld/mysqld.sock
-    host: "{{ item }}"
-  with_items:
-    - localhost
-    - 127.0.0.1
+# - name: Set a new root password
+#   mysql_user:
+#     check_implicit_admin: yes
+#     user: root
+#     password: "{{ ispmail_mysql_root_password }}"
+#     login_unix_socket: /var/run/mysqld/mysqld.sock
+#     host: "{{ item }}"
+#   with_items:
+#     - localhost
+#     - 127.0.0.1
 
 - name: creating mailserver MySQL database
-  #become: true
   mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
     name: mailserver
-
-# - name: creating Roundcube MySQL database
-#   mysql_db:
-#     name: roundcube
 - name: copying MySQL database schema to server
   copy:
     src: schema.sql
     dest: /tmp
 - name: setting up SQL schema of mailserver database
   mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
     name: mailserver
     state: import
     target: /tmp/schema.sql
+- name: creating MySQL user mailadmin
+  mysql_user:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: mailadmin
+    password: "{{ispmail_mysql_mailadmin_password}}"
+    priv: mailserver.*:SELECT,INSERT,UPDATE,DELETE
+    host: localhost
 - name: creating MySQL user to read the mailserver database
   mysql_user:
-    name: mailuser
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: mailserver
     password: "{{ispmail_mysql_mailserver_password}}"
-    priv: mailserver.*:SELECT,INSERT,UPDATE,DELETE
-# - name: creating MySQL user for roundcube
-#   mysql_user:
-#     name: roundcube
-#     password: "{{ispmail_mysql_roundcube_password}}"
-#     priv: roundcube.*:ALL
+    priv: mailserver.*:SELECT
+    host: 127.0.0.1
 - name: copying MySQL test data to server
   copy:
     src: test.sql
@@ -56,6 +57,7 @@
   when: ispmail_populate_test_data == true
 - name: populating the database with test data
   mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
     name: mailserver
     state: import
     target: /tmp/test.sql