|
|
|
@ -8,12 +8,7 @@ |
|
|
|
- MySQL-python |
|
|
|
- MySQL-python |
|
|
|
notify: |
|
|
|
notify: |
|
|
|
- restart mariadb |
|
|
|
- restart mariadb |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
- name: Create pre and post backup hook dir |
|
|
|
|
|
|
|
file: path={{ item }} state=directory mode=750 |
|
|
|
|
|
|
|
with_items: |
|
|
|
|
|
|
|
- /etc/backup/pre.d |
|
|
|
|
|
|
|
- /etc/backup/post.d |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy backup scripts |
|
|
|
- name: Deploy backup scripts |
|
|
|
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.hook }}.d/{{ item.script }} mode=755 |
|
|
|
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.hook }}.d/{{ item.script }} mode=755 |
|
|
|
@ -24,49 +19,60 @@ |
|
|
|
|
|
|
|
|
|
|
|
- name: Create system override directory |
|
|
|
- name: Create system override directory |
|
|
|
file: path=/etc/systemd/system/mariadb.service.d/ state=directory |
|
|
|
file: path=/etc/systemd/system/mariadb.service.d/ state=directory |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Modify the service unit |
|
|
|
- name: Modify the service unit |
|
|
|
template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/mariadb.service.d/limits.conf |
|
|
|
template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/mariadb.service.d/limits.conf |
|
|
|
register: mysql_unit |
|
|
|
register: mysql_unit |
|
|
|
notify: restart mariadb |
|
|
|
notify: restart mariadb |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Reload systemd |
|
|
|
- name: Reload systemd |
|
|
|
systemd: daemon_reload=True |
|
|
|
systemd: daemon_reload=True |
|
|
|
when: mysql_unit.changed |
|
|
|
when: mysql_unit.changed |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy my.cnf |
|
|
|
- name: Deploy my.cnf |
|
|
|
template: src=my.cnf.j2 dest=/etc/my.cnf |
|
|
|
template: src=my.cnf.j2 dest=/etc/my.cnf |
|
|
|
notify: restart mariadb |
|
|
|
notify: restart mariadb |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Start and enable MariaDB |
|
|
|
- name: Start and enable MariaDB |
|
|
|
service: name=mariadb state=started enabled=True |
|
|
|
service: name=mariadb state=started enabled=True |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Check if we need to create a password for the root user |
|
|
|
- name: Check if we need to create a password for the root user |
|
|
|
stat: path=/root/.my.cnf |
|
|
|
stat: path=/root/.my.cnf |
|
|
|
register: my_no_cnf |
|
|
|
register: my_no_cnf |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Generate a random password for user root |
|
|
|
- name: Generate a random password for user root |
|
|
|
command: openssl rand -base64 45 |
|
|
|
command: openssl rand -base64 45 |
|
|
|
register: my_root_pass |
|
|
|
register: my_root_pass |
|
|
|
when: not my_no_cnf.stat.exists |
|
|
|
when: not my_no_cnf.stat.exists |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Set MariaDB root password |
|
|
|
- name: Set MariaDB root password |
|
|
|
command: mysqladmin password "{{ my_root_pass.stdout }}" |
|
|
|
command: mysqladmin password "{{ my_root_pass.stdout }}" |
|
|
|
when: |
|
|
|
when: |
|
|
|
- not my_no_cnf.stat.exists |
|
|
|
- not my_no_cnf.stat.exists |
|
|
|
- my_root_pass.stdout is defined |
|
|
|
- my_root_pass.stdout is defined |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy /root/.my.cnf |
|
|
|
- name: Deploy /root/.my.cnf |
|
|
|
template: src=root_my.cnf.j2 dest=/root/.my.cnf |
|
|
|
template: src=root_my.cnf.j2 dest=/root/.my.cnf |
|
|
|
when: |
|
|
|
when: |
|
|
|
- not my_no_cnf.stat.exists |
|
|
|
- not my_no_cnf.stat.exists |
|
|
|
- my_root_pass.stdout is defined |
|
|
|
- my_root_pass.stdout is defined |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Remove anonymous user |
|
|
|
- name: Remove anonymous user |
|
|
|
mysql_user: name='' host_all=yes state=absent |
|
|
|
mysql_user: name='' host_all=yes state=absent |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Remove the test database |
|
|
|
- name: Remove the test database |
|
|
|
mysql_db: name=test state=absent |
|
|
|
mysql_db: name=test state=absent |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Handle MariaDB port |
|
|
|
- name: Handle MariaDB port |
|
|
|
iptables_raw: |
|
|
|
iptables_raw: |
|
|
|
@ -74,13 +80,16 @@ |
|
|
|
state: "{{ (mysql_src_ip is defined and mysql_src_ip | length > 0) | ternary('present','absent') }}" |
|
|
|
state: "{{ (mysql_src_ip is defined and mysql_src_ip | length > 0) | ternary('present','absent') }}" |
|
|
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mysql_port | default('3306') }} -s {{ mysql_src_ip | join(',') }} -j ACCEPT" |
|
|
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mysql_port | default('3306') }} -s {{ mysql_src_ip | join(',') }} -j ACCEPT" |
|
|
|
when: iptables_manage | default(True) |
|
|
|
when: iptables_manage | default(True) |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Create database admin |
|
|
|
- name: Create database admin |
|
|
|
mysql_user: name=sqladmin password={{ mysql_admin_pass }} host="%" priv="*.*:ALL,GRANT" state=present |
|
|
|
mysql_user: name=sqladmin password={{ mysql_admin_pass }} host="%" priv="*.*:ALL,GRANT" state=present |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Create databases |
|
|
|
- name: Create databases |
|
|
|
mysql_db: name={{ item }} state=present |
|
|
|
mysql_db: name={{ item }} state=present |
|
|
|
with_items: "{{ mysql_databases | default([]) }}" |
|
|
|
with_items: "{{ mysql_databases | default([]) }}" |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Create mysql users |
|
|
|
- name: Create mysql users |
|
|
|
mysql_user: name={{ item.name }} password={{ item.password }} priv={{ item.privileges }} host={{ item.host | default('localhost') }} state=present |
|
|
|
mysql_user: name={{ item.name }} password={{ item.password }} priv={{ item.privileges }} host={{ item.host | default('localhost') }} state=present |
|
|
|
@ -89,12 +98,15 @@ |
|
|
|
- item.name is defined |
|
|
|
- item.name is defined |
|
|
|
- item.password is defined |
|
|
|
- item.password is defined |
|
|
|
- item.privileges is defined |
|
|
|
- item.privileges is defined |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Remove databases |
|
|
|
- name: Remove databases |
|
|
|
mysql_db: name={{ item }} state=absent |
|
|
|
mysql_db: name={{ item }} state=absent |
|
|
|
with_items: "{{ mysql_databases_to_remove }}" |
|
|
|
with_items: "{{ mysql_databases_to_remove }}" |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
|
|
|
|
|
|
|
|
- name: Remove users |
|
|
|
- name: Remove users |
|
|
|
mysql_user: name={{ item.name }} host={{ item.host | default(omit) }} state=absent |
|
|
|
mysql_user: name={{ item.name }} host={{ item.host | default(omit) }} state=absent |
|
|
|
with_items: "{{ mysql_users_to_remove }}" |
|
|
|
with_items: "{{ mysql_users_to_remove }}" |
|
|
|
|
|
|
|
tags: mysql |
|
|
|
... |
|
|
|
... |
|
|
|
|
Daniel Berteaud
5 years ago