From ebf4a4c2ac34d94ffe00076f8a9e6fc2204e1bc6 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Tue, 29 Dec 2020 11:19:01 +0200
Subject: [PATCH] roles/mariadb: Disable name lookups

Add skip-name-resolve=1 to disable lookups of hostnames to IPs. We
need to make sure all accounts are using IPs like 127.0.0.1 instead
of "localhost" now.
---
 roles/mariadb/tasks/main.yml      | 2 +-
 roles/mariadb/templates/my.cnf.j2 | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 05a31a9..e29e105 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -51,7 +51,7 @@
   tags: mariadb
 
 - name: Create MariaDB user(s)
-  mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL state=present
+  mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present
   loop: "{{ mariadb_databases }}"
   when: mariadb_databases is defined
   tags: mariadb
diff --git a/roles/mariadb/templates/my.cnf.j2 b/roles/mariadb/templates/my.cnf.j2
index eff6a3e..8e0f1dd 100644
--- a/roles/mariadb/templates/my.cnf.j2
+++ b/roles/mariadb/templates/my.cnf.j2
@@ -47,6 +47,10 @@ skip-external-locking
 # Instead of skip-networking the default is now to listen only on
 # localhost which is more compatible and is not less secure.
 bind-address		= 127.0.0.1
+
+# don't resolve connection IPs to hostnames (make sure user accounts are using
+# IPs instead of "localhost")
+skip-name-resolve=1
 #
 # * Fine Tuning
 #