Add OpenSUSE support (#605)

* Add variables for mariadb on opensuse

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* enable pipeline

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* add a note about the reuirement of the jmespath library.

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* Use python3 on opensuse

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix my yml.

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* use right ansible variable

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* Suse requires python-rpm

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* try zypper

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* python-xml

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try at fixing the install

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix my yml

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try now with rpm.

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix my yml...

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* typo

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* do the test for Suse on the shell and not in ansible

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* specify to use bash

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* specify to use bash

* try the removes keyword of builtin.shell

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix ansible syntax

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix zypper syntax

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* ensure pymysql is present

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* set ansible python interpreter in converge-step, too

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* move install task to prepare

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

Author: rndmh3ro

.github/workflows/mysql_hardening.yml

@@ -37,7 +37,7 @@ jobs:
           - debian11
           # - amazon  # geerlingguy.mysql does not support fedora
           # - arch  # needs to be fixed
-          # - opensuse_tumbleweed  # needs to be fixed
+          - opensuse_tumbleweed  # needs to be fixed
           # - fedora  # geerlingguy.mysql does not support fedora
     steps:
       - name: Checkout repo

molecule/mysql_hardening/converge.yml

@@ -24,6 +24,13 @@
         - mysql_python_package_debian is not defined
         - ansible_distribution != "Ubuntu"
         - ansible_distribution_major_version|int < 20
+
+    - name: Use Python 3 on Suse
+      set_fact:
+        ansible_python_interpreter: /usr/bin/python3
+      when:
+        - ansible_os_family == 'Suse'
+
     - include_role:
         name: mysql_hardening
   vars:

molecule/mysql_hardening/prepare.yml

@@ -15,6 +15,12 @@
         - ansible_distribution == 'Debian'
         - ansible_distribution_major_version|int >= 11
 
+    - name: Use Python 3 on Suse
+      set_fact:
+        ansible_python_interpreter: /usr/bin/python3
+      when:
+        - ansible_os_family == 'Suse'
+
     - name: Use Python 2 on Debian 10
       set_fact:
         ansible_python_interpreter: /usr/bin/python
@@ -29,11 +35,9 @@
         update_cache: true
       when: ansible_os_family == 'Debian'
 
-    - name: install required tools on SuSE
-      community.general.zypper:
-        name: "python-xml"
-        state: present
-      when: ansible_facts.os_family == 'Suse'
+    - name: Install required python packages on Suse
+      ansible.builtin.shell: zypper -n install python-xml python3-rpm python3-PyMySQL
+      when: ansible_os_family == 'Suse'
 
     - name: create missing directory
       file:
@@ -56,7 +60,6 @@
         - ansible_distribution != "Ubuntu"
         - ansible_distribution_major_version|int < 20
 
-
     - include_role:
         name: dev-sec.mysql
 

roles/mysql_hardening/README.md

@@ -16,6 +16,7 @@ It configures:
 
 - Ansible 2.9.0
 - An existing MySQL installation
+- python-jmespath on the ansible host
 
 ### Example playbook
 

roles/mysql_hardening/vars/Suse.yml

@@ -0,0 +1,10 @@
+---
+mysql_daemon: mariadb
+mysql_hardening_mysql_conf_file: '/etc/my.cnf'
+mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
+
+mysql_cnf_owner: 'root'  # owner of /etc/my.cnf.d/*.cnf files
+mysql_cnf_group: 'mysql'  # owner of /etc/my.cnf.d/*.cnf files
+
+mysql_hardening_group: 'mysql'
+login_unix_socket: '/run/mysql/mysql.sock'