[mysql_hardening] Allow setting the mysql_distribution

On some operating systems, the package for MySQL is not `mysql-server`, and so the default check for this will not yield the correct result. This change adds an escape hatch by letting the user set `mysql_distribution`. Additionally, it verifies that it is set to a legal value if the user has set it. Closes dev-sec#472
sdwilsh · Aug 13, 2021 · 23dae2f · 23dae2f
1 parent bfd3f96
commit 23dae2f
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/roles/mysql_hardening/tasks/main.yml b/roles/mysql_hardening/tasks/main.yml
@@ -22,13 +22,20 @@
   with_dict: '{{ os_vars }}'
   tags: always
 
+- ansible.builtin.assert:
+    that: mysql_distribution == 'mysql' or mysql_distribution == 'mariadb'
+    fail_msg: 'mysql_distribution must be set to either mysql or mariadb!'
+  when: mysql_distribution is defined
+
 - name: Gather package facts to check for mysql/mariadb version
   ansible.builtin.package_facts:
     manager: auto
+  when: not mysql_distribution is defined
 
 - name: Check if MySQL or MariaDB is used
   set_fact:
     mysql_distribution: "{{ ansible_facts.packages['mysql-server'] is defined | ternary('mysql', 'mariadb') }}"
+  when: not mysql_distribution is defined
 
 - name: Check which MySQL/MariaDB version is used
   community.mysql.mysql_info: