I’ve just gotten started with Ansible. I must say it’s ridiculously simple.

I’ve created a few playbooks and was setting up mysql. The module documentation mentions editing ~/.my.cnf and some links on the net recommend using the file in order to create a idempotent mysql playbook.

However I didn’t want to write the password in a textfile.

Instead as a workaround I created two tasks in the playbook:

This task will fail the first time when the password

is blank

• name: Ensure MySQL Root Password is changed, this task will fail the first time
  mysql_user: name=root password={{ mysqlrootpass }} login_user=root login_password={{ mysqlrootpass }} state=present
  register: mysqlwithpassword
  ignore_errors: True

• name: Set MySQL root password
  mysql_user: name=root password={{ mysqlrootpass }} login_user=root login_password=‘’ state=present
  when: mysqlwithpassword|failed

The first task will always fail on the first run and when it fail the second task will run. Running the Playbook a second time won’t change the system making the playbook idempotent.

Would this be considered bad form in a Ansible sort of way? Do you see any downside to solving the problem in this way?

IMHO, as long as this works for you it is okay.

The way we do it it to register a variable on the installation of mysql and set the root password “when: mysqlInstall|changed”

In case you weren’t aware, there is a pretty full featured mysql role on Ansible Galaxy. That may give you some hints.

https://galaxy.ansible.com/list#/roles/1

• James