From 8de232cb1d058c01809a6eba25f558a20a17e81a Mon Sep 17 00:00:00 2001
From: Lorenzo <lorenzo@thinksuse.lan>
Date: Sun, 20 Nov 2016 18:31:57 +0100
Subject: [PATCH] automate generation of random root mysql password

requires gen_passwd module
---
 roles/seafile.mysql/defaults/main.yml    |  2 +-
 roles/seafile.mysql/tasks/main.yml       | 12 ++++++++++--
 roles/seafile.mysql/templates/.my.cnf.j2 |  2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/roles/seafile.mysql/defaults/main.yml b/roles/seafile.mysql/defaults/main.yml
index 50a27f2..61abcce 100644
--- a/roles/seafile.mysql/defaults/main.yml
+++ b/roles/seafile.mysql/defaults/main.yml
@@ -2,7 +2,7 @@
 
 mysql_port: 3306
 mysql_bind_address: "0.0.0.0"
-mysql_root_db_pass: foobar
+#mysql_root_db_pass: foobar
 
 mysql_db: 
      - name: foo
diff --git a/roles/seafile.mysql/tasks/main.yml b/roles/seafile.mysql/tasks/main.yml
index e298de3..2660773 100644
--- a/roles/seafile.mysql/tasks/main.yml
+++ b/roles/seafile.mysql/tasks/main.yml
@@ -26,8 +26,16 @@
 - name: Start the mysql services Redhat
   service: name={{ mysql_service }} state=started enabled=yes
 
+- name: generate a new random mysql root passwrod
+  gen_passwd: length=16
+  register: random_root_pass
+  when: mysql_root_db_pass is not defined
+
+- debug:
+    var: random_root_pass.passwd
+
 - name: update mysql root password for all root accounts
-  mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass }}
+  mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass | default(random_root_pass.passwd) }}
   with_items:
    - "{{ ansible_hostname }}"
    - 127.0.0.1
@@ -36,7 +44,7 @@
   when: ansible_hostname != 'localhost' 
 
 - name: update mysql root password for all root accounts
-  mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass }}
+  mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass | default(random_root_pass.passwd) }}
   with_items:
    - 127.0.0.1
    - ::1
diff --git a/roles/seafile.mysql/templates/.my.cnf.j2 b/roles/seafile.mysql/templates/.my.cnf.j2
index 2832cdb..cbb3b4b 100644
--- a/roles/seafile.mysql/templates/.my.cnf.j2
+++ b/roles/seafile.mysql/templates/.my.cnf.j2
@@ -1,3 +1,3 @@
 [client]
 user=root
-password={{ mysql_root_db_pass }}
+password={{ mysql_root_db_pass | default(random_root_pass.passwd) }}