diff --git a/roles/mysql_hardening/tasks/mysql_secure_installation.yml b/roles/mysql_hardening/tasks/mysql_secure_installation.yml
index dc1cb32e0..493b274dd 100644
--- a/roles/mysql_hardening/tasks/mysql_secure_installation.yml
+++ b/roles/mysql_hardening/tasks/mysql_secure_installation.yml
@@ -36,17 +36,27 @@
 
 - name: Ensure that root can only login from localhost
   community.mysql.mysql_query:
-    query:
-      - DELETE FROM mysql.user WHERE USER='root' AND HOST NOT IN ('localhost', '127.0.0.1', '::1')
+    query: >
+      DELETE
+      FROM mysql.user
+      WHERE USER='root'
+        AND HOST NOT IN ('localhost',
+                         '127.0.0.1',
+                         '::1');
     login_unix_socket: "{{ login_unix_socket | default(omit) }}"
   when: mysql_remove_remote_root
 
 - name: Get all users that have no authentication_string on MySQL version >= 5.7.6 or Mariadb version >= 10.4.0
   community.mysql.mysql_query:
     query: >
-      SELECT GROUP_CONCAT(QUOTE(USER), '@', QUOTE(HOST) SEPARATOR ', ') AS users FROM mysql.user
-      WHERE (length(authentication_string)=0 OR authentication_string="")
-      AND USER NOT IN ('mysql.sys', 'mysqlxsys', 'mariadb.sys');
+      SELECT GROUP_CONCAT(QUOTE(USER), '@', QUOTE(HOST) SEPARATOR ', ') AS users
+      FROM mysql.user
+      WHERE (length(authentication_string)=0
+             OR authentication_string="")
+        AND USER NOT IN ('mysql.sys',
+                         'mysqlxsys',
+                         'mariadb.sys');
+
     login_unix_socket: "{{ login_unix_socket | default(omit) }}"
   register: mysql_users_wo_passwords_or_auth_string
   when: >
@@ -57,9 +67,15 @@
 - name: Get all users that have no password or authentication_string on MySQL version < 5.7.6 or Mariadb version < 10.4.0
   community.mysql.mysql_query:
     query: >
-      SELECT GROUP_CONCAT(QUOTE(USER), '@', QUOTE(HOST) SEPARATOR ', ') AS users FROM mysql.user
-      WHERE (length(password)=0 OR password="") AND (length(authentication_string)=0
-      OR authentication_string="") AND USER NOT IN ('mysql.sys', 'mysqlxsys', 'mariadb.sys');
+      SELECT GROUP_CONCAT(QUOTE(USER), '@', QUOTE(HOST) SEPARATOR ', ') AS users
+      FROM mysql.user
+      WHERE (length(password)=0
+             OR password="")
+        AND (length(authentication_string)=0
+             OR authentication_string="")
+        AND USER NOT IN ('mysql.sys',
+                         'mysqlxsys',
+                         'mariadb.sys');
     login_unix_socket: "{{ login_unix_socket | default(omit) }}"
   register: mysql_users_wo_passwords
   when: >