ansible / ansible.builtin / v2.3.3.0-1 / module / mysql_user Adds or removes a user from a MySQL database. | "added in version" 0.6 of ansible.builtin" Authors: Jonathan Mainguy (@Jmainguy) preview | supported by communityansible.builtin.mysql_user (v2.3.3.0-1) — module
pip
Install with pip install ansible==2.3.3.0.post1
Adds or removes a user from a MySQL database.
# Removes anonymous user account for localhost - mysql_user: name: '' host: localhost state: absent
# Removes all anonymous user accounts - mysql_user: name: '' host_all: yes state: absent
# Create database user with name 'bob' and password '12345' with all database privileges - mysql_user: name: bob password: 12345 priv: '*.*:ALL' state: present
# Create database user with name 'bob' and previously hashed mysql native password '*EE0D72C1085C46C5278932678FBE2C6A782821B4' with all database privileges - mysql_user: name: bob password: '*EE0D72C1085C46C5278932678FBE2C6A782821B4' encrypted: yes priv: '*.*:ALL' state: present
# Creates database user 'bob' and password '12345' with all database privileges and 'WITH GRANT OPTION' - mysql_user: name: bob password: 12345 priv: '*.*:ALL,GRANT' state: present
# Modify user Bob to require SSL connections. Note that REQUIRESSL is a special privilege that should only apply to *.* by itself. - mysql_user: name: bob append_privs: true priv: '*.*:REQUIRESSL' state: present
# Ensure no user named 'sally'@'localhost' exists, also passing in the auth credentials. - mysql_user: login_user: root login_password: 123456 name: sally state: absent
# Ensure no user named 'sally' exists at all - mysql_user: name: sally host_all: yes state: absent
# Specify grants composed of more than one word - mysql_user: name: replication password: 12345 priv: "*.*:REPLICATION CLIENT" state: present
# Revoke all privileges for user 'bob' and password '12345' - mysql_user: name: bob password: 12345 priv: "*.*:USAGE" state: present
# Example privileges string format # mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL # Example using login_unix_socket to connect to server - mysql_user: name: root password: abc123 login_unix_socket: /var/run/mysqld/mysqld.sock
# Example of skipping binary logging while adding user 'bob' - mysql_user: name: bob password: 12345 priv: "*.*:USAGE" state: present sql_log_bin: no
host: default: localhost description: - the 'host' part of the MySQL username required: false name: description: - name of the user (role) to add or remove required: true priv: default: null description: - 'MySQL privileges string in the format: C(db.table:priv1,priv2).' - 'Multiple privileges can be specified by separating each one using a forward slash: C(db.table:priv/db.table:priv).' - The format is based on MySQL C(GRANT) statement. - Database and table names can be quoted, MySQL-style. - If column privileges are used, the C(priv1,priv2) part must be exactly as returned by a C(SHOW GRANT) statement. If not followed, the module will always report changes. It includes grouping columns by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))). required: false state: choices: - present - absent default: present description: - Whether the user should exist. When C(absent), removes the user. required: false ca_cert: aliases: - ssl_ca description: - The path to a Certificate Authority (CA) certificate. This option, if used, must specify the same certificate as used by the server. type: path host_all: choices: - 'yes' - 'no' default: 'no' description: - override the host option, making ansible apply changes to all hostnames for a given user. This option cannot be used when creating users required: false version_added: '2.1' version_added_collection: ansible.builtin password: default: null description: - set the user's password. required: false encrypted: choices: - 'yes' - 'no' default: 'no' description: - Indicate that the 'password' field is a `mysql_native_password` hash required: false version_added: '2.0' version_added_collection: ansible.builtin client_key: aliases: - ssl_key description: - The path to the client private key. type: path login_host: default: localhost description: - Host running the database. - In some cases for local connections the I(login_unix_socket=/path/to/mysqld/socket), that is usually C(/var/run/mysqld/mysqld.sock), needs to be used instead of I(login_host=localhost). type: str login_port: default: 3306 description: - Port of the MySQL server. Requires I(login_host) be defined as other than localhost if login_port is used. type: int login_user: description: - The username used to authenticate with. type: str client_cert: aliases: - ssl_cert description: - The path to a client public key certificate. type: path config_file: default: ~/.my.cnf description: - Specify a config file from which user and password are to be read. type: path sql_log_bin: choices: - 'yes' - 'no' default: 'yes' description: - Whether binary logging should be enabled or disabled for the connection. required: false version_added: '2.1' version_added_collection: ansible.builtin append_privs: choices: - 'yes' - 'no' default: 'no' description: - Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones. required: false version_added: '1.4' version_added_collection: ansible.builtin check_hostname: description: - Whether to validate the server host name when an SSL connection is required. - Setting this to C(false) disables hostname verification. Use with caution. - Requires pymysql >= 0.7.11. - This optoin has no effect on MySQLdb. type: bool version_added: 1.1.0 version_added_collection: community.mysql login_password: description: - The password used to authenticate with. type: str connect_timeout: default: 30 description: - The connection timeout when connecting to the MySQL server. type: int update_password: choices: - always - on_create default: always description: - C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. required: false version_added: '2.0' version_added_collection: ansible.builtin login_unix_socket: description: - The path to a Unix domain socket for local connections. type: str check_implicit_admin: choices: - 'yes' - 'no' default: 'no' description: - Check if mysql allows login as root/nopassword before trying supplied credentials. required: false version_added: '1.3' version_added_collection: ansible.builtin