From b535a484a35ee94c1af7c363013ba6509297f31c Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Mon, 30 Aug 2021 19:27:00 +0000
Subject: [PATCH] mariadb: Allow mysql user to read host private key

---
 roles/mariadb/tasks/main.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 2a2e768..2522a78 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -45,6 +45,13 @@
     owner: root
     group: mysql
 
+- name: allow mysql user to read private key
+  user:
+    name: mysql
+    groups: hostkey
+    append: yes
+  notify: restart mariadb
+
 - name: create tls configuration
   template:
     dest: /etc/my.cnf.d/tls.cnf