Update to 2020-05-25 17:00

master
Daniel Berteaud 5 years ago
parent fd03ac3330
commit c643fd3a45
  1. 1
      roles/mysql_server/meta/main.yml
  2. 24
      roles/mysql_server/tasks/main.yml
  3. 2
      roles/seafile/meta/main.yml

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: repo_mariadb - role: repo_mariadb
- role: mkdir

@ -8,12 +8,7 @@
- MySQL-python - MySQL-python
notify: notify:
- restart mariadb - restart mariadb
tags: mysql
- name: Create pre and post backup hook dir
file: path={{ item }} state=directory mode=750
with_items:
- /etc/backup/pre.d
- /etc/backup/post.d
- name: Deploy backup scripts - name: Deploy backup scripts
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.hook }}.d/{{ item.script }} mode=755 template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.hook }}.d/{{ item.script }} mode=755
@ -24,49 +19,60 @@
- name: Create system override directory - name: Create system override directory
file: path=/etc/systemd/system/mariadb.service.d/ state=directory file: path=/etc/systemd/system/mariadb.service.d/ state=directory
tags: mysql
- name: Modify the service unit - name: Modify the service unit
template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/mariadb.service.d/limits.conf template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/mariadb.service.d/limits.conf
register: mysql_unit register: mysql_unit
notify: restart mariadb notify: restart mariadb
tags: mysql
- name: Reload systemd - name: Reload systemd
systemd: daemon_reload=True systemd: daemon_reload=True
when: mysql_unit.changed when: mysql_unit.changed
tags: mysql
- name: Deploy my.cnf - name: Deploy my.cnf
template: src=my.cnf.j2 dest=/etc/my.cnf template: src=my.cnf.j2 dest=/etc/my.cnf
notify: restart mariadb notify: restart mariadb
tags: mysql
- name: Start and enable MariaDB - name: Start and enable MariaDB
service: name=mariadb state=started enabled=True service: name=mariadb state=started enabled=True
tags: mysql
- name: Check if we need to create a password for the root user - name: Check if we need to create a password for the root user
stat: path=/root/.my.cnf stat: path=/root/.my.cnf
register: my_no_cnf register: my_no_cnf
tags: mysql
- name: Generate a random password for user root - name: Generate a random password for user root
command: openssl rand -base64 45 command: openssl rand -base64 45
register: my_root_pass register: my_root_pass
when: not my_no_cnf.stat.exists when: not my_no_cnf.stat.exists
tags: mysql
- name: Set MariaDB root password - name: Set MariaDB root password
command: mysqladmin password "{{ my_root_pass.stdout }}" command: mysqladmin password "{{ my_root_pass.stdout }}"
when: when:
- not my_no_cnf.stat.exists - not my_no_cnf.stat.exists
- my_root_pass.stdout is defined - my_root_pass.stdout is defined
tags: mysql
- name: Deploy /root/.my.cnf - name: Deploy /root/.my.cnf
template: src=root_my.cnf.j2 dest=/root/.my.cnf template: src=root_my.cnf.j2 dest=/root/.my.cnf
when: when:
- not my_no_cnf.stat.exists - not my_no_cnf.stat.exists
- my_root_pass.stdout is defined - my_root_pass.stdout is defined
tags: mysql
- name: Remove anonymous user - name: Remove anonymous user
mysql_user: name='' host_all=yes state=absent mysql_user: name='' host_all=yes state=absent
tags: mysql
- name: Remove the test database - name: Remove the test database
mysql_db: name=test state=absent mysql_db: name=test state=absent
tags: mysql
- name: Handle MariaDB port - name: Handle MariaDB port
iptables_raw: iptables_raw:
@ -74,13 +80,16 @@
state: "{{ (mysql_src_ip is defined and mysql_src_ip | length > 0) | ternary('present','absent') }}" state: "{{ (mysql_src_ip is defined and mysql_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mysql_port | default('3306') }} -s {{ mysql_src_ip | join(',') }} -j ACCEPT" rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mysql_port | default('3306') }} -s {{ mysql_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True) when: iptables_manage | default(True)
tags: mysql
- name: Create database admin - name: Create database admin
mysql_user: name=sqladmin password={{ mysql_admin_pass }} host="%" priv="*.*:ALL,GRANT" state=present mysql_user: name=sqladmin password={{ mysql_admin_pass }} host="%" priv="*.*:ALL,GRANT" state=present
tags: mysql
- name: Create databases - name: Create databases
mysql_db: name={{ item }} state=present mysql_db: name={{ item }} state=present
with_items: "{{ mysql_databases | default([]) }}" with_items: "{{ mysql_databases | default([]) }}"
tags: mysql
- name: Create mysql users - name: Create mysql users
mysql_user: name={{ item.name }} password={{ item.password }} priv={{ item.privileges }} host={{ item.host | default('localhost') }} state=present mysql_user: name={{ item.name }} password={{ item.password }} priv={{ item.privileges }} host={{ item.host | default('localhost') }} state=present
@ -89,12 +98,15 @@
- item.name is defined - item.name is defined
- item.password is defined - item.password is defined
- item.privileges is defined - item.privileges is defined
tags: mysql
- name: Remove databases - name: Remove databases
mysql_db: name={{ item }} state=absent mysql_db: name={{ item }} state=absent
with_items: "{{ mysql_databases_to_remove }}" with_items: "{{ mysql_databases_to_remove }}"
tags: mysql
- name: Remove users - name: Remove users
mysql_user: name={{ item.name }} host={{ item.host | default(omit) }} state=absent mysql_user: name={{ item.name }} host={{ item.host | default(omit) }} state=absent
with_items: "{{ mysql_users_to_remove }}" with_items: "{{ mysql_users_to_remove }}"
tags: mysql
... ...

@ -5,3 +5,5 @@ dependencies:
when: seafile_memcached_server is search('^(127\.0\.0\.1|localhost)') when: seafile_memcached_server is search('^(127\.0\.0\.1|localhost)')
- role: clamav - role: clamav
when: seafile_license is defined and seafile_scan_av == True when: seafile_license is defined and seafile_scan_av == True
- role: mysql_server
when: seafile_db_server in ['127.0.0.1', 'localhost']

Loading…
Cancel
Save