ansible mysql_user 模块可以添加/删除mysql数据库账户,修改数据库密码等功能，我用它来自动安装之后的账户初始化，相比shell之类的是要方便一些，其他人也能看懂

其他mysql 相关

1. mysql_db 用来安装数据库的
2. mysql_replication 配置数据库主从复制关系的
3. mysql_variables 管理数据库变量的

ansible-doc mysql_user

> MYSQL_USER    (/usr/lib/python2.7/site-packages/ansible/modules/database/mysql/mysql_user.py)

        Adds or removes a user from a MySQL database.

OPTIONS (= is mandatory):

- append_privs
        Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones.
        (Choices: yes, no)[Default: no]
        version_added: 1.4

- check_implicit_admin
        Check if mysql allows login as root/nopassword before trying supplied credentials.
        (Choices: yes, no)[Default: no]
        version_added: 1.3

- config_file
        Specify a config file from which user and password are to be read.
        [Default: ~/.my.cnf]
        version_added: 2.0

- connect_timeout
        The connection timeout when connecting to the MySQL server.
        [Default: 30]
        version_added: 2.1

- encrypted
        Indicate that the 'password' field is a `mysql_native_password` hash
        (Choices: yes, no)[Default: no]
        version_added: 2.0

- host
        the 'host' part of the MySQL username
        [Default: localhost]

- host_all
        override the host option, making ansible apply changes to all hostnames for a given user.  This option cannot be used when creating users
        (Choices: yes, no)[Default: no]
        version_added: 2.1

- login_host
        Host running the database.
        [Default: localhost]

- login_password
        The password used to authenticate with.
        [Default: None]

- login_port
        Port of the MySQL server. Requires `login_host' be defined as other then localhost if login_port is used.
        [Default: 3306]

- login_unix_socket
        The path to a Unix domain socket for local connections.
        [Default: None]

- login_user
        The username used to authenticate with.
        [Default: None]

= name
        name of the user (role) to add or remove


- password
        set the user's password.
        [Default: None]

- priv
        MySQL privileges string in the format: `db.table:priv1,priv2'.
        Multiple privileges can be specified by separating each one using a forward slash: `db.table:priv/db.table:priv'.
        The format is based on MySQL `GRANT' statement.
        Database and table names can be quoted, MySQL-style.
        If column privileges are used, the `priv1,priv2' part must be exactly as returned by a `SHOW GRANT' statement. If not followed, the module
        will always report changes. It includes grouping columns by permission (`SELECT(col1,col2') instead of `SELECT(col1',SELECT(col2))).
        [Default: None]

- sql_log_bin
        Whether binary logging should be enabled or disabled for the connection.
        (Choices: yes, no)[Default: yes]
        version_added: 2.1

- ssl_ca
        The path to a Certificate Authority (CA) certificate. This option, if used, must specify the same certificate as used by the server.
        [Default: None]
        version_added: 2.0

- ssl_cert
        The path to a client public key certificate.
        [Default: None]
        version_added: 2.0

- ssl_key
        The path to the client private key.
        [Default: None]
        version_added: 2.0

- state
        Whether the user should exist.  When `absent', removes the user.
        (Choices: present, absent)[Default: present]

- update_password
        `always' will update passwords if they differ.  `on_create' will only set the password for newly created users.
        (Choices: always, on_create)[Default: always]
        version_added: 2.0


NOTES:
      * MySQL server installs with default login_user of 'root' and no password. To secure this user as part of an idempotent playbook, you
        must create at least two tasks: the first must change the root user's password, without providing any login_user/login_password
        details. The second must drop a ~/.my.cnf file containing the new root credentials. Subsequent runs of the playbook will then succeed
        by reading the new credentials from the file.
      * Currently, there is only support for the `mysql_native_password` encrypted password hash module.
      * Requires the MySQLdb Python package on the remote host. For Ubuntu, this is as easy as apt-get install python-mysqldb. (See [apt].)
        For CentOS/Fedora, this is as easy as yum install MySQL-python. (See [yum].)
      * Both `login_password' and `login_user' are required when you are passing credentials. If none are present, the module will attempt to
        read the credentials from `~/.my.cnf', and finally fall back to using the MySQL default login of 'root' with no password.

REQUIREMENTS:  MySQLdb

AUTHOR: Jonathan Mainguy (@Jmainguy)
        METADATA:
          status:
          - preview
          supported_by: community

EXAMPLES:

# Removes anonymous user account for localhost
- mysql_user:
    name: ''
    host: localhost
    state: absent

# Removes all anonymous user accounts
- mysql_user:
    name: ''
    host_all: yes
    state: absent

# Create database user with name 'bob' and password '12345' with all database privileges
- mysql_user:
    name: bob
    password: 12345
    priv: '*.*:ALL'
    state: present

# Create database user with name 'bob' and previously hashed mysql native password '*EE0D72C1085C46C5278932678FBE2C6A782821B4' with all database privileges
- mysql_user:
    name: bob
    password: '*EE0D72C1085C46C5278932678FBE2C6A782821B4'
    encrypted: yes
    priv: '*.*:ALL'
    state: present

# Creates database user 'bob' and password '12345' with all database privileges and 'WITH GRANT OPTION'
- mysql_user:
    name: bob
    password: 12345
    priv: '*.*:ALL,GRANT'
    state: present

# Modify user Bob to require SSL connections. Note that REQUIRESSL is a special privilege that should only apply to *.* by itself.
- mysql_user:
    name: bob
    append_privs: true
    priv: '*.*:REQUIRESSL'
    state: present

# Ensure no user named 'sally'@'localhost' exists, also passing in the auth credentials.
- mysql_user:
    login_user: root
    login_password: 123456
    name: sally
    state: absent

# Ensure no user named 'sally' exists at all
- mysql_user:
    name: sally
    host_all: yes
    state: absent

# Specify grants composed of more than one word
- mysql_user:
    name: replication
    password: 12345
    priv: "*.*:REPLICATION CLIENT"
    state: present

# Revoke all privileges for user 'bob' and password '12345'
- mysql_user:
    name: bob
    password: 12345
    priv: "*.*:USAGE"
    state: present

# Example privileges string format
# mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL

# Example using login_unix_socket to connect to server
- mysql_user:
    name: root
    password: abc123
    login_unix_socket: /var/run/mysqld/mysqld.sock

# Example of skipping binary logging while adding user 'bob'
- mysql_user:
    name: bob
    password: 12345
    priv: "*.*:USAGE"
    state: present
    sql_log_bin: no

# Example .my.cnf file for setting the root password
# [client]
# user=root
# password=n<_665{vS43y