Aqui está uma peça que uso para proteger a instalação padrão do MySQL de acordo com a documentação do MySQL
- name: MySQL setup
hosts: dbservers
gather_facts: true
tasks:
- name: ensure mysql is running and starts on boot
service: name=mysql state=started enabled=true
# Need to do this for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
- name: update mysql root password for all root accounts
mysql_user: name=root host=localhost password={{ root_db_password }}
- name: copy .my.cnf file with root password credentials
template: src=templates/root/.my.cnf dest=/root/.my.cnf owner=root mode=0600
- name: update mysql root password for all root accounts
mysql_user: name=root host={{ item }} password={{ root_db_password }}
with_items:
- {{ ansible_hostname }}
- 127.0.0.1
- ::1
- name: ensure anonymous users are not in the database
mysql_user: name='' host={{ item }} state=absent
with_items:
- localhost
- {{ inventory_hostname }}
- name: remove the test database
mysql_db: name=test state=absent