Proteja o mysql com ansible

Aqui está uma peça que uso para proteger a instalação padrão do MySQL de acordo com a documentação do MySQL

- name: MySQL setup
hosts
: dbservers
gather_facts
: true
tasks
:
- name: ensure mysql is running and starts on boot
service
: name=mysql state=started enabled=true

# Need to do this for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
- name: update mysql root password for all root accounts
mysql_user
: name=root host=localhost password={{ root_db_password }}

- name: copy .my.cnf file with root password credentials
template: src=templates/root/.my.cnf dest=/root/.my.cnf owner=root mode=0600

- name: update mysql root password for all root accounts
mysql_user
: name=root host={{ item }} password={{ root_db_password }}
with_items
:
- {{ ansible_hostname }}
- 127.0.0.1
- ::1

- name: ensure anonymous users are not in the database
mysql_user
: name='' host={{ item }} state=absent
with_items
:
- localhost
- {{ inventory_hostname }}

- name: remove the test database
mysql_db
: name=test state=absent