From c643fd3a45445dd13576a04172033054fe02ca38 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 25 May 2020 17:00:05 +0200 Subject: [PATCH] Update to 2020-05-25 17:00 --- roles/mysql_server/meta/main.yml | 1 + roles/mysql_server/tasks/main.yml | 24 ++++++++++++++++++------ roles/seafile/meta/main.yml | 2 ++ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/roles/mysql_server/meta/main.yml b/roles/mysql_server/meta/main.yml index 817423a..5804a9c 100644 --- a/roles/mysql_server/meta/main.yml +++ b/roles/mysql_server/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: repo_mariadb + - role: mkdir diff --git a/roles/mysql_server/tasks/main.yml b/roles/mysql_server/tasks/main.yml index eae830a..78f95c2 100644 --- a/roles/mysql_server/tasks/main.yml +++ b/roles/mysql_server/tasks/main.yml @@ -8,12 +8,7 @@ - MySQL-python notify: - restart mariadb - -- name: Create pre and post backup hook dir - file: path={{ item }} state=directory mode=750 - with_items: - - /etc/backup/pre.d - - /etc/backup/post.d + tags: mysql - name: Deploy backup scripts template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.hook }}.d/{{ item.script }} mode=755 @@ -24,49 +19,60 @@ - name: Create system override directory file: path=/etc/systemd/system/mariadb.service.d/ state=directory + tags: mysql - name: Modify the service unit template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/mariadb.service.d/limits.conf register: mysql_unit notify: restart mariadb + tags: mysql - name: Reload systemd systemd: daemon_reload=True when: mysql_unit.changed + tags: mysql - name: Deploy my.cnf template: src=my.cnf.j2 dest=/etc/my.cnf notify: restart mariadb + tags: mysql - name: Start and enable MariaDB service: name=mariadb state=started enabled=True + tags: mysql - name: Check if we need to create a password for the root user stat: path=/root/.my.cnf register: my_no_cnf + tags: mysql - name: Generate a random password for user root command: openssl rand -base64 45 register: my_root_pass when: not my_no_cnf.stat.exists + tags: mysql - name: Set MariaDB root password command: mysqladmin password "{{ my_root_pass.stdout }}" when: - not my_no_cnf.stat.exists - my_root_pass.stdout is defined + tags: mysql - name: Deploy /root/.my.cnf template: src=root_my.cnf.j2 dest=/root/.my.cnf when: - not my_no_cnf.stat.exists - my_root_pass.stdout is defined + tags: mysql - name: Remove anonymous user mysql_user: name='' host_all=yes state=absent + tags: mysql - name: Remove the test database mysql_db: name=test state=absent + tags: mysql - name: Handle MariaDB port iptables_raw: @@ -74,13 +80,16 @@ state: "{{ (mysql_src_ip is defined and mysql_src_ip | length > 0) | ternary('present','absent') }}" rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mysql_port | default('3306') }} -s {{ mysql_src_ip | join(',') }} -j ACCEPT" when: iptables_manage | default(True) + tags: mysql - name: Create database admin mysql_user: name=sqladmin password={{ mysql_admin_pass }} host="%" priv="*.*:ALL,GRANT" state=present + tags: mysql - name: Create databases mysql_db: name={{ item }} state=present with_items: "{{ mysql_databases | default([]) }}" + tags: mysql - name: Create mysql users mysql_user: name={{ item.name }} password={{ item.password }} priv={{ item.privileges }} host={{ item.host | default('localhost') }} state=present @@ -89,12 +98,15 @@ - item.name is defined - item.password is defined - item.privileges is defined + tags: mysql - name: Remove databases mysql_db: name={{ item }} state=absent with_items: "{{ mysql_databases_to_remove }}" + tags: mysql - name: Remove users mysql_user: name={{ item.name }} host={{ item.host | default(omit) }} state=absent with_items: "{{ mysql_users_to_remove }}" + tags: mysql ... diff --git a/roles/seafile/meta/main.yml b/roles/seafile/meta/main.yml index 9e1b9f4..a964bea 100644 --- a/roles/seafile/meta/main.yml +++ b/roles/seafile/meta/main.yml @@ -5,3 +5,5 @@ dependencies: when: seafile_memcached_server is search('^(127\.0\.0\.1|localhost)') - role: clamav when: seafile_license is defined and seafile_scan_av == True + - role: mysql_server + when: seafile_db_server in ['127.0.0.1', 'localhost']