Ansible idempotent MySQL installation Playbook

Question

I want to setup a MySQL server on AWS, using Ansible for the configuration management. I am using the default AMI from Amazon (ami-3275ee5b), which uses yum

Answer 1

We have spent a lot of time on this issue. For MySQL 5.7 and above we concluded it is easier to simply ignore the root account, and set permissions on a regular MySQL user.

Reasons

1. Setting the root password is difficult
2. unix_socket auth plugin conflicts with the standard auth plugin
3. Reliably changing the root password after disabling unix_socket plugin is almost impossible
4. Ansible is not well suited to atomically changing the root password in one step
5. Using a normal account broadly works well

If you abandon idempotency, then you can get it to work fine. However, since the ansible value proposition is that idempotency is possible, we find that developers waste time with the wrong assumption.

The mere existence of a hack option like check_implicit_admin starts to hint to us that deterministic MySQL setup is not that easy. If it's actually deterministic, there should be no "check", there should only be "do".