Merge branch 'rsnapshot-and-no-root-pw' into 'master'

Only setup backup when rsnapshot is configured, don't use password for root auth

See merge request !4

mysql/defaults/main.yml

@@ -6,3 +6,5 @@ mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysq
 mysql_backup_user: "backup"
 # yamllint disable-line rule:line-length
 mysql_backup_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysql-backup create=true length=20') }}"
+
+mysql_rsnapshot: false

mysql/tasks/main.yml

@@ -24,30 +24,15 @@
     state: started
     enabled: true
 
-- name: ensure the mysql root user exists and has the correct password
-  mysql_user:
-    name: root
-    password: "{{ mysql_root_password }}"
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-  register: mysql_root_creation_result
-  no_log: true
-  ignore_errors: true
-
-- name: initialize the mysql root user
-  mysql_user:
-    name: root
-    password: "{{ mysql_root_password }}"
-  no_log: true
-  when: mysql_root_creation_result is failed
-
+- name: setup mysql backups with rsnapshot
+  when: '{{ mysql_rsnapshot }}'
+  block:
     - name: ensure a read-only mysql user for backups exists
       mysql_user:
         name: "{{ mysql_backup_user }}"
         password: "{{ mysql_backup_password }}"
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
         priv: "*.*:SELECT,LOCK TABLES"
+      no_log: true
 
     - name: ensure the backup procedure can access the backup password
       template:

postgres/defaults/main.yml

 ---
 
 postgres_pgdg_repo: false
+postgres_rsnapshot: false

postgres/tasks/main.yml

@@ -36,6 +36,9 @@
     state: started
     enabled: true
 
+- name: configure snapshots
+  when: '{{ postgres_rsnapshot }}'
+  block:
     - name: ensure we have our postgres backup script
       copy:
         src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"