From a3d1388e9cc2c2eee90e7e6739074bc5da26b2a1 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 3 Aug 2021 16:00:05 +0200 Subject: [PATCH] Update to 2021-08-03 16:00 --- roles/composer/tasks/cleanup.yml | 6 ++++ roles/elasticsearch/templates/elasticsearch.yml.j2 | 3 ++ roles/includes/vars/RedHat-7.yml | 2 +- roles/includes/vars/RedHat-8.yml | 2 +- .../lemonldap_ng/templates/llng-fastcgi-server.j2 | 2 +- roles/letsencrypt/templates/config.j2 | 5 ++++ roles/mysql_server/defaults/main.yml | 3 ++ roles/mysql_server/handlers/main.yml | 4 +-- roles/mysql_server/meta/main.yml | 1 + roles/mysql_server/tasks/main.yml | 32 ++++++++++++++-------- roles/mysql_server/templates/my.cnf.j2 | 5 ++++ roles/mysql_server/vars/RedHat-7.yml | 5 ++-- roles/mysql_server/vars/RedHat-8.yml | 4 +-- 13 files changed, 54 insertions(+), 20 deletions(-) diff --git a/roles/composer/tasks/cleanup.yml b/roles/composer/tasks/cleanup.yml index 333fe2a..6fdbdc1 100644 --- a/roles/composer/tasks/cleanup.yml +++ b/roles/composer/tasks/cleanup.yml @@ -1,5 +1,11 @@ --- +- name: Check if composer exists in /usr/local/bin + stat: path=/usr/local/bin/composer + register: composer_local + tags: web + - name: Remove manually installed composer file: path=/usr/local/bin/composer state=absent + when: composer_local.stat.exists and not composer_local.stat.islnk tags: web diff --git a/roles/elasticsearch/templates/elasticsearch.yml.j2 b/roles/elasticsearch/templates/elasticsearch.yml.j2 index ceec23f..8d13173 100644 --- a/roles/elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elasticsearch/templates/elasticsearch.yml.j2 @@ -6,3 +6,6 @@ path.data: {{ es_data_dir }} path.logs: /var/log/elasticsearch path.repo: [ {{ es_backup_dir }} ] action.auto_create_index: false +{% if es_major_version is defined and es_major_version is version('7','>=') %} +discovery.type: single-node +{% endif %} diff --git a/roles/includes/vars/RedHat-7.yml b/roles/includes/vars/RedHat-7.yml index d5da2e0..2c53f73 100644 --- a/roles/includes/vars/RedHat-7.yml +++ b/roles/includes/vars/RedHat-7.yml @@ -2,4 +2,4 @@ webapps_mysql_packages: - MySQL-python - - mariadb + - "{{ (mysql_engine is defined and mysql_engine == 'mysql') | ternary('mysql','mariadb') }}" diff --git a/roles/includes/vars/RedHat-8.yml b/roles/includes/vars/RedHat-8.yml index 5407189..c6e8415 100644 --- a/roles/includes/vars/RedHat-8.yml +++ b/roles/includes/vars/RedHat-8.yml @@ -2,5 +2,5 @@ webapps_mysql_packages: - python3-mysql - - mariadb + - "{{ (mysql_engine is defined and mysql_engine == 'mysql') | ternary('mysql','mariadb') }}" diff --git a/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 b/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 index bc24046..de47cd6 100644 --- a/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 +++ b/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 @@ -4,6 +4,6 @@ NPROC={{ llng_fcgi_workers }} SOCKET=/run/llng-fastcgi-server/llng-fastcgi.sock PID=/run/llng-fastcgi-server/llng-fastcgi-server.pid PERL_LWP_ENV_PROXY={{ llng_reload_use_proxy | ternary('1','0') }} -PM_MAX_REQUESTS=500 +PM_MAX_REQUESTS=5000 PM_SIZECHECK_NUM_REQUESTS=100 PM_MAX_SIZE=800000 diff --git a/roles/letsencrypt/templates/config.j2 b/roles/letsencrypt/templates/config.j2 index 6276ade..4808683 100644 --- a/roles/letsencrypt/templates/config.j2 +++ b/roles/letsencrypt/templates/config.j2 @@ -21,3 +21,8 @@ CHALLENGETYPE=dns-01 export DNS_PROVIDER="{{ letsencrypt_dns_provider }}" export LEXICON_{{ letsencrypt_dns_provider | upper }}_TOKEN="{{ letsencrypt_dns_auth_token }}" {% endif %} +{% if system_proxy is defined and system_proxy != '' %} +{% for proto in ['http','https','HTTP','HTTPS'] %} +export {{ proto }}_proxy={{ system_proxy }} +{% endfor %} +{% endif %} diff --git a/roles/mysql_server/defaults/main.yml b/roles/mysql_server/defaults/main.yml index 007c885..4659455 100644 --- a/roles/mysql_server/defaults/main.yml +++ b/roles/mysql_server/defaults/main.yml @@ -13,6 +13,9 @@ mysql_open_files_limit: 8192 mysql_max_allowed_packet: 32M mysql_max_connections: 300 +# Engine can be either mariadb or mysql +mysql_engine: mariadb + mysql_sql_mode: [] # - ERROR_FOR_DIVISION_BY_ZERO # - NO_AUTO_CREATE_USER diff --git a/roles/mysql_server/handlers/main.yml b/roles/mysql_server/handlers/main.yml index eba00b7..7abb871 100644 --- a/roles/mysql_server/handlers/main.yml +++ b/roles/mysql_server/handlers/main.yml @@ -1,8 +1,8 @@ --- - include: ../common/handlers/main.yml -- name: restart mariadb - service: name=mariadb state=restarted enabled=yes +- name: restart mysql + service: name={{ mysql_service_name }} state=restarted enabled=yes - name: mysql_upgrade command: mysql_upgrade diff --git a/roles/mysql_server/meta/main.yml b/roles/mysql_server/meta/main.yml index 5804a9c..4259835 100644 --- a/roles/mysql_server/meta/main.yml +++ b/roles/mysql_server/meta/main.yml @@ -2,4 +2,5 @@ dependencies: - role: repo_mariadb + when: mysql_engine == 'mariadb' - role: mkdir diff --git a/roles/mysql_server/tasks/main.yml b/roles/mysql_server/tasks/main.yml index 0fd6859..2fafe57 100644 --- a/roles/mysql_server/tasks/main.yml +++ b/roles/mysql_server/tasks/main.yml @@ -1,20 +1,28 @@ --- +- name: set service name + set_fact: mysql_service_name={{ (mysql_engine == 'mysql') | ternary('mysqld','mariadb') }} + tags: mysql + +- name: Remove mariadb repo + file: path=/etc/yum.repos.d/mariadb.repo state=absent + when: mysql_engine == 'mysql' + tags: mysql + - include_vars: "{{ item }}" with_first_found: - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml - vars/{{ ansible_distribution }}.yml - vars/{{ ansible_os_family }}.yml - - vars/defaults.yml tags: mysql -- name: Install MariaDB server and client +- name: Install server and client packages package: name={{ mysql_server_packages }} tags: mysql - name: Deploy backup scripts - template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mariadb mode=755 + template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mysql mode=755 loop: - pre - post @@ -25,16 +33,18 @@ loop: - pre.d/mariadb_create_dumps.sh - post.d/mariadb_delete_dumps.sh + - pre.d/mariadb + - post.d/mariadb tags: mysql - name: Create system override directory - file: path=/etc/systemd/system/mariadb.service.d/ state=directory + file: path=/etc/systemd/system/{{ mysql_service_name }}.service.d/ state=directory tags: mysql - name: Modify the service unit - template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/mariadb.service.d/limits.conf + template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/{{ mysql_service_name }}.service.d/limits.conf register: mysql_unit - notify: restart mariadb + notify: restart mysql tags: mysql - name: Reload systemd @@ -44,11 +54,11 @@ - name: Deploy my.cnf template: src=my.cnf.j2 dest=/etc/my.cnf - notify: restart mariadb + notify: restart mysql tags: mysql -- name: Start and enable MariaDB - service: name=mariadb state=started enabled=True +- name: Start and enable the server + service: name={{ mysql_service_name }} state=started enabled=True tags: mysql - name: Check if we need to create a password for the root user @@ -62,7 +72,7 @@ when: not my_no_cnf.stat.exists tags: mysql -- name: Set MariaDB root password +- name: Set root password command: mysqladmin password "{{ my_root_pass.stdout }}" when: - not my_no_cnf.stat.exists @@ -84,7 +94,7 @@ mysql_db: name=test state=absent tags: mysql -- name: Handle MariaDB port +- name: Handle service port iptables_raw: name: mysql_port state: "{{ (mysql_src_ip is defined and mysql_src_ip | length > 0) | ternary('present','absent') }}" diff --git a/roles/mysql_server/templates/my.cnf.j2 b/roles/mysql_server/templates/my.cnf.j2 index 3cd9fb7..98e0393 100644 --- a/roles/mysql_server/templates/my.cnf.j2 +++ b/roles/mysql_server/templates/my.cnf.j2 @@ -36,7 +36,12 @@ open_files_limit={{ mysql_open_files_limit | default('8192') }} max_connections={{ mysql_max_connections | default('300') }} [mysqld_safe] +{% if mysql_engine == 'mysql' %} +log-error=/var/log/mysql/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid +{% else %} log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid +{% endif %} !includedir /etc/my.cnf.d diff --git a/roles/mysql_server/vars/RedHat-7.yml b/roles/mysql_server/vars/RedHat-7.yml index afd4daf..7bfe0f0 100644 --- a/roles/mysql_server/vars/RedHat-7.yml +++ b/roles/mysql_server/vars/RedHat-7.yml @@ -1,6 +1,7 @@ --- mysql_server_packages: - - mariadb-server - - mariadb + - "{{ (mysql_engine == 'mysql') | ternary('mysql-server','mariadb-server') }}" + - "{{ (mysql_engine == 'mysql') | ternary('mysql','mariadb') }}" - MySQL-python + diff --git a/roles/mysql_server/vars/RedHat-8.yml b/roles/mysql_server/vars/RedHat-8.yml index cd5756c..c07acd7 100644 --- a/roles/mysql_server/vars/RedHat-8.yml +++ b/roles/mysql_server/vars/RedHat-8.yml @@ -1,6 +1,6 @@ --- mysql_server_packages: - - mariadb-server - - mariadb + - "{{ (mysql_engine == 'mysql') | ternary('mysql-server','mariadb-server') }}" + - "{{ (mysql_engine == 'mysql') | ternary('mysql','mariadb') }}" - python3-mysql