add mysql permissions

2025-12-17 02:13:06 -06:00 · 2020-07-14 17:33:53 +10:00
parent 598ef33ef6
commit 0e5da47ef0
3 changed files with 31 additions and 10 deletions
--- a/roles/database_init/tasks/mysql.yml
+++ b/roles/database_init/tasks/mysql.yml
@@ -31,20 +31,18 @@
        login_password: "{{ atl_db_root_password }}"
        login_port: "{{ atl_db_port }}"
        name: "{{ atl_jdbc_db_name }}"
-        encoding: "{{ atl_jdbc_encoding }}"
-        collation: "{{ atl_jdbc_collation }}"
+        encoding: "utf8" # TODO "{{ atl_jdbc_encoding }}"
+        collation: "utf8_bin" # TODO "{{ atl_jdbc_collation }}"
      register: db_created 

  tags:
    - new_only

-# - name: Assert ownership of public schema
-#   postgresql_query:
-#     login_host: "{{ atl_db_host }}"
-#     login_user: "{{ atl_db_root_user }}"
-#     login_password: "{{ atl_db_root_password }}"
-#     db: "{{ atl_jdbc_db_name }}"
-#     query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
+- name: Assert ownership of public schema
+  command: >
+    mysql --user={{ atl_jdbc_user }} --password={{ atl_jdbc_password }} {{ atl_jdbc_db_name }}
+    --host={{ atl_db_host }} --port={{ atl_db_port }} --batch --skip-column-names
+    --execute="GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX on {{ atl_jdbc_db_name }}.* TO '{{ atl_jdbc_user }}'@'{{ atl_db_host }}' IDENTIFIED BY '{{ atl_jdbc_password }}'; flush privileges;"

 # - name: Grant privs to root user on public schema
 #   postgresql_query:
--- a/roles/jira_config/tasks/main.yml
+++ b/roles/jira_config/tasks/main.yml
@@ -100,11 +100,16 @@
    - "{{ atl_product_installation_versioned }}/work"
  changed_when: false  # For Molecule idempotence check

- name: Assert baseurl to same as atl_proxy_name
+- name: Do something with stuff
+  debug: "{{ item }}"
+  with_items: stuff.stdout_lines
+
+- name: Assert baseurl to same as atl_proxy_name (PostgreSQL)
  postgresql_query:
    login_host: "{{ atl_db_host }}"
    login_user: "{{ atl_jdbc_user }}"
    login_password: "{{ atl_jdbc_password }}"
+    port: "{{ atl_db_port }}"
    db: "{{ atl_jdbc_db_name }}"
    query: >
      update propertystring set propertyvalue=%s
@@ -115,6 +120,23 @@
    - atl_proxy_name is defined
    - atl_tomcat_scheme is defined
    - db_created is undefined or not db_created.changed
+    - atl_jdbc_engine_map[atl_db_engine] = 'postgres'
+  tags:
+    - skip_on_stack_update
+  ignore_errors: yes  # For Molecule as it has no db test framework included
+  
+
+  - name: Assert baseurl to same as atl_proxy_name (MySQL)
+    command: >
+      mysql --user={{ atl_jdbc_user }} --password={{ atl_jdbc_password }} {{ atl_jdbc_db_name }}
+      --host={{ atl_db_host }} --port={{ atl_db_port }} --batch --skip-column-names
+      --execute="update propertystring set propertyvalue="{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}{{ atl_tomcat_contextpath }}"
+        where id=(select id from propertyentry where property_key = 'jira.baseurl')"
+  when:
+    - atl_proxy_name is defined
+    - atl_tomcat_scheme is defined
+    - db_created is undefined or not db_created.changed
+    - atl_jdbc_engine_map[atl_db_engine] = 'mysql'
  tags:
    - skip_on_stack_update
  ignore_errors: yes  # For Molecule as it has no db test framework included