Merge branch 'update-to-1604-php7' into develop

provisioning/roles/mysql-server/defaults/main.yml

@@ -1,3 +1,3 @@
 ---
 mysql_host: localhost
-mysql_root_pass: ~
+mysql_root_pass: root

provisioning/roles/mysql-server/tasks/main.yml

@@ -20,48 +20,19 @@
   when: ansible_distribution_version == '16.04'
   tags: mysql-server
 
-- name: MySQL | Test root has blank password
-  shell: mysql -u root --password= --disable-column-names --batch -e 'select 1'
-  register: mysql_has_blank_root_password
-  ignore_errors: true
+- name: MySQL | Test root password
+  shell: mysql -u root --password={{ mysql_root_pass }} --disable-column-names --batch -e 'select 1'
+  register: mysql_root_pass_is_set
+  ignore_errors: True
   tags: mysql-server
 
-- name: MySQL | Remove anonymous users
-  ignore_errors: yes
-  mysql_user: name='' host={{ item }}
-      login_host={{ mysql_host }}
-      login_user=root
-      login_password=
-      state=absent
-  with_items:
-   - localhost
-   - "127.0.0.1"
-   - "%"
-   - "{{ ansible_hostname }}"
-  when: mysql_has_blank_root_password.rc == 0
-  tags: mysql-server
-
-- name: MySQL | Remove test database
-  mysql_db: name=test
-      login_host={{ mysql_host }}
-      login_user=root
-      login_password=
-      state=absent
-  when: mysql_has_blank_root_password.rc == 0
+# See https://askubuntu.com/a/801950
+- name: MySQL | Use password instead of auth_socket for root login
+  become: yes
+  command: mysql -u root --batch -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '{{ mysql_root_pass }}'"
+  when: mysql_root_pass_is_set.rc == 1
   tags: mysql-server
 
-- name: MySQL | Update Root Password
-  mysql_user: name=root
-      host={{ item }}
-      password={{ mysql_root_pass }}
-      login_host={{ mysql_host }}
-      login_user=root
-      login_password=
-  with_items:
-    - "{{ ansible_hostname }}"
-    - "{{ ansible_fqdn }}"
-    - 127.0.0.1
-    - ::1
-    - localhost
-  when: mysql_has_blank_root_password.rc == 0
+- name: MySQL | Secure Installation
+  include: mysql_secure_installation.yml
   tags: mysql-server

provisioning/roles/mysql-server/tasks/mysql_secure_installation.yml

@@ -0,0 +1,31 @@
+---
+# @see https://github.com/PCextreme/ansible-role-mariadb/blob/master/tasks/mysql_secure_installation.yml
+
+- name: Remove anonymous users
+  command: 'mysql -u root --password={{ mysql_root_pass }} -ne "{{ item }}"'
+  with_items:
+    - DELETE FROM mysql.user WHERE User=''
+  changed_when: False
+
+- name: Disallow root login remotely
+  become: yes
+  command: 'mysql -u root --password={{ mysql_root_pass }} -ne "{{ item }}"'
+  with_items:
+    - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
+  changed_when: False
+
+- name: Remove test database and access to it
+  become: yes
+  command: 'mysql -u root --password={{ mysql_root_pass }} -ne "{{ item }}"'
+  with_items:
+    - DROP DATABASE test
+    - DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'
+  changed_when: False
+  ignore_errors: True
+
+- name: Reload privilege tables
+  become: yes
+  command: 'mysql -u root --password={{ mysql_root_pass }} -ne "{{ item }}"'
+  with_items:
+    - FLUSH PRIVILEGES
+  changed_when: False

provisioning/roles/php7/tasks/main.yml

@@ -6,6 +6,7 @@
   with_items:
     - php7.0-cli
     - php7.0-fpm
+    - libapache2-mod-php7.0
     - php-pear
     - php7.0-common
     - php7.0-dev
@@ -24,6 +25,11 @@
   with_items: "{{ php7_modules_enable }}"
   tags: php7
 
+- name: Enable Apache Module
+  become: yes
+  command: /usr/sbin/a2enmod php7.0
+  tags: php7
+
 - name: Update php.ini (cli)
   become: yes
   template: src=php.ini.j2 dest={{ item }} owner=root group=root