diff --git a/mysql/tasks/main.yml b/mysql/tasks/main.yml
index 6e14ab6c5eaee0a5ef29b9baefb20078181f8e19..4ddde70ea426a6051d9a5035844e1aae4e4b9f64 100644
--- a/mysql/tasks/main.yml
+++ b/mysql/tasks/main.yml
@@ -15,3 +15,31 @@
   tags:
     - service
     - mysql
+
+- name: get or create the mysql root password
+  local_action: pass name="db/{{ ansible_hostname }}-mysql" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
+  register: mysql_root_password
+  tags:
+    - password
+    - mysql
+
+- name: ensure the mysql root user exists and has the correct password
+  mysql_user:
+    name: root
+    password: "{{ mysql_root_password.password }}"
+    login_user: root
+    login_password: "{{ mysql_root_password.password }}"
+  register: mysql_root_creation_result
+  ignore_errors: yes
+  tags:
+    - mysql
+    - config
+
+- name: initialize the mysql root user
+  mysql_user:
+    name: root
+    password: "{{ mysql_root_password.password }}"
+  when: mysql_root_creation_result|failed
+  tags:
+    - mysql
+    - config