migration commit

README.MD

@@ -0,0 +1,5 @@
+# Mariadb role
+
+This role covers deployment, configuration and software updates of MariaDB Server. This role is a fork of [https://github.com/deimosfr/ansible-mariadb](https://github.com/deimosfr/ansible-mariadb) vy **Pierre Mavro / deimosfr** and is released under GPL2 Licence. We give no warranty for this piece of software. Currently supported OS - Debian..
+
+

README.md

@@ -1,3 +0,0 @@
-# mariadb
-
-Ansible role to deploy, configure and maintain mariadb database servers.

defaults/main.yml

@@ -0,0 +1,113 @@
+---
+
+# MariaDB repository
+mariadb_set_repository: True
+mariadb_version: 10.3
+mariadb_repo: 'deb http://ftp.nluug.nl/db/mariadb/repo/{{ mariadb_version }}/debian {{ansible_distribution_release }} main'
+mariadb_repo_key_id: '0xF1656F24C74CD1D8'
+mariadb_repo_key_url: 'keyserver.ubuntu.com'
+
+# MariaDB Packages
+mariadb_package_client: mariadb-client
+mariadb_package_server: mariadb-server
+
+# MariaDB service
+mariadb_manage_service: True
+mariadb_service_name: mysql
+
+# MariaDB/MySQL tools
+mariadb_install_tools: False
+
+# MariaDB users
+mariadb_user_home: /root
+mariadb_root_username: root
+mariadb_root_password: root
+mariadb_debsysmaint_password:
+mariadb_client_port: 3306
+#mariadb_uid: '' #uncomment and define if you use non-standard uid
+#mariadb_gid: '' #uncomment and define if you use non-standard gid
+
+# MariaDB Configuration
+mariadb_configuration: /etc/mysql/my.cnf
+mariadb_includedir: /etc/mysql/conf.d/
+
+# Configuration vars
+mariadb_datadir: /var/lib/mysql
+
+mariadb_default_config:
+  - name: 'client'
+    config:
+      - port = {{mariadb_client_port}}
+      - socket = /var/run/mysqld/mysqld.sock
+  - name: 'mysqld_safe'
+    config:
+      - safe_socket = /var/run/mysqld/mysqld.sock
+      - safe_nice = 0
+  - name: 'mysqld'
+    config:
+      - user = mysql
+      - pid_file = /var/run/mysqld/mysqld.pid
+      - socket = /var/run/mysqld/mysqld.sock
+      - port = 3306
+      - basedir = /usr
+      - datadir = "{{mariadb_datadir}}"
+      - tmpdir = /tmp
+      - skip_external_locking = True
+      - bind_address = 127.0.0.1
+      - key_buffer = 16M
+      - max_allowed_packet = 16M
+      - thread_stack = 192K
+      - thread_cache_size = 8
+      - myisam_recover = BACKUP
+      - max_connections = 1000
+      - query_cache_limit = 1M
+      - query_cache_size = 16M
+      - general_log_file = /var/log/mysql/mysql.log
+      - general_log = 0
+      - slow_query_log = 0
+      - slow_query_log_file = /var/log/mysql/mysql-slow.log
+      - long_query_time = 1
+      - log_queries_not_using_indexes = False
+      - default_storage_engine = InnoDB
+      - innodb_buffer_pool_size = 128M
+      - innodb_log_file_size = 128M
+      - innodb_log_buffer_size = 8M
+      - innodb_thread_concurrency = 64
+      - innodb_read_io_threads = 16
+      - innodb_write_io_threads = 16
+      - innodb_file_per_table = 1
+      - innodb_open_files = 400
+      - innodb_io_capacity = 600
+      - innodb_lock_wait_timeout = 60
+      - innodb_flush_method = O_DIRECT
+      - innodb_doublewrite = 0
+      - innodb_use_native_aio = 0
+      - server_id = 1
+      - log_bin = /var/log/mysql/mysql-bin.log
+      - expire_logs_days = 10
+      - max_binlog_size = 100M
+  - name: 'mysqldump'
+    config:
+      - quick
+      - quotes-names
+      - max_allowed_packet = 16M
+  - name: 'isamchk'
+    config:
+      - key_buffer = 16M
+
+# Databases
+# mariadb_databases:
+#   - { name: example, collation: utf8_general_ci, encoding: utf8, replicate: 1 }
+mariadb_databases: []
+
+# Users
+# mariadb_users:
+#   - { name: example, host: 127.0.0.1, password: secret, priv: *.*:USAGE }
+mariadb_users: []
+
+#APT
+mariadb_apt_deps:
+  - ca-certificates
+  - apt-transport-https
+  - dialog
+  - dirmngr

handlers/main.yml

@@ -0,0 +1,16 @@
+---
+
+- name: restart mariadb
+  systemd:
+    name: "{{ mariadb_service_name }}"
+    state: restarted
+
+- name: start mariadb
+  systemd:
+    name: "{{ mariadb_service_name }}"
+    state: started
+
+- name: stop mariadb
+  systemd:
+    name: "{{ mariadb_service_name }}"
+    state: stopped

tasks/configure.yml

@@ -0,0 +1,158 @@
+---
+
+# Manage permissions
+# need to stop mariadb to change uid/gid
+- meta: flush_handlers
+
+# be sure all folders exists before resting permissions
+- name: '[Configure] - Ensure /run/mysqld folder exists'
+  file:
+    path: /run/mysqld
+    owner: mysql
+    group: mysql
+    mode: 0755
+    state: directory
+
+# reseting permissions
+- name: '[Configure] - reset mariadb data folder and subfolder to new uid'
+  shell: 'find {{ item }} -user mysql -exec chown {{ mariadb_uid }}:{{ mariadb_gid }} {} \;'
+  with_items:
+    - "{{ mariadb_datadir }}"
+    - /run/mysqld
+    - /var/run/mysqld
+  when: mariadb_uid is defined or mariadb_gid is defined
+  changed_when: false
+
+- name: '[Configure] - reset mariadb log folder and subfolder to new uid'
+  file:
+    path: /var/log/mysql
+    owner: "{{ mariadb_uid }}"
+    group: adm
+    recurse: yes
+    state: directory
+  when: mariadb_uid is defined
+
+- name: '[Configure] - set mariadb user uid'
+  user:
+    name: mysql
+    uid: "{{ mariadb_uid }}"
+    state: present
+  when: mariadb_uid is defined
+
+- name: '[Configure] - set mariadb user gid'
+  group:
+    name: mysql
+    gid: "{{ mariadb_gid }}"
+    state: present
+  when: mariadb_gid is defined
+
+- name: '[Configure] - check datadir/mysql is present'
+  stat:
+    path: "{{mariadb_datadir}}/mysql"
+  register: datadir_is_ok
+
+# build default tables if absent
+- name: '[Configure] - create default databases if not exist'
+  command: mysql_install_db --user=mysql --ldata={{mariadb_datadir}}
+  when: datadir_is_ok.stat.exists == False
+
+- name: '[Configure] - start temporary mariadb'
+  shell: "mysqld_safe --datadir={{mariadb_datadir}} --user=mysql & echo $!"
+  register: mariadb_temp_instance
+  when: datadir_is_ok.stat.exists == False
+
+- name: '[Configure] - set .my.cnf root blank password for temporary mariadb'
+  lineinfile:
+    dest: /root/.my.cnf
+    regexp: '^password='
+    line: 'password='
+    owner: root
+    group: root
+    mode: 0600
+  when: datadir_is_ok.stat.exists == False
+
+- name: '[Configure] - start mariadb'
+  systemd:
+    name: mysql
+    state: started
+  when: datadir_is_ok.stat.exists
+
+- meta: flush_handlers
+
+# reset debian-sys-maint user password
+- name: '[Configure] - set debian-sys-maint user account'
+  mysql_user:
+    name: 'debian-sys-maint'
+    password: "{{mariadb_debsysmaint_password}}"
+    priv: '*.*:ALL'
+    state: present
+  when: mariadb_debsysmaint_password is defined and mariadb_debsysmaint_password
+
+- name: '[Configure] - set debian-sys-maint configuration file'
+  template:
+    src: debian.cnf.j2
+    dest: /etc/mysql/debian.cnf
+    owner: root
+    group: root
+    mode: 0600
+    backup: yes
+  when: mariadb_debsysmaint_password is defined and mariadb_debsysmaint_password
+
+# kill temp mariadb if present
+- name: '[Configure] - exit temporary started'
+  command: kill {{ mariadb_temp_instance.stdout_lines[0] }}
+  when: datadir_is_ok.stat.exists == False
+
+- name: '[Configure] -v start mariadb'
+  systemd:
+    name: mysql
+    state: started
+
+- meta: flush_handlers
+
+- name: '[Configure] - update mariadb root password for all root accounts'
+  mysql_user:
+    name: "root"
+    host: "{{ item }}"
+    password: "{{ mariadb_root_password }}"
+  with_items:
+    - 127.0.0.1
+    - ::1
+    - localhost
+
+- name: '[Configure] - setting mariadb configuration'
+  template:
+    src: my.cnf.j2
+    dest: "{{mariadb_configuration}}"
+    owner: root
+    group: root
+    mode: 0640
+    backup: yes
+  notify: restart mariadb
+
+- name: '[Configure] - copy .my.cnf file with root password credentials'
+  template:
+    src: "home_my.cnf.j2"
+    dest: "{{ mariadb_user_home }}/.my.cnf"
+    owner: root
+    group: root
+    mode: 0600
+
+# clean default unsecure data
+- name: '[Configure] - remove anonymous mariadb user'
+  mysql_user: 
+    name: '' 
+    state: 'absent'
+
+- name: '[Configure] - remove mariadb test database'
+  mysql_db: 
+    name: 'test' 
+    state: 'absent'
+
+- name: '[Configure] - ensure mariadb is started and enabled on boot'
+  systemd:
+    name: "{{ mariadb_service_name }}"
+    state: started
+    enabled: yes
+  when: mariadb_manage_service
+  changed_when: false

tasks/databases.yml

@@ -0,0 +1,10 @@
+---
+
+- name: '[Databases] - create MariaDB databases'
+  mysql_db:
+    name: "{{ item.name }}"
+    collation: "{{ item.collation | default('utf8_general_ci') }}"
+    encoding: "{{ item.encoding | default('utf8') }}"
+    state: present
+  with_items: "{{mariadb_databases}}"
+  when: mariadb_databases|length > 0

tasks/install.yml

@@ -0,0 +1,33 @@
+---
+
+# Install packages
+
+- name: '[APT] - Install dependencies'
+  apt:
+    name: "{{ mariadb_apt_deps }}"
+    update_cache: yes
+
+- name: '[APT] - Add official MariaDB apt key'
+  apt_key:
+    id: "{{mariadb_repo_key_id}}"
+    keyserver: "{{mariadb_repo_key_url}}"
+    state: present
+  when: mariadb_set_repository
+
+- name: '[APT] - setup official MariaDB repository'
+  apt_repository:
+    repo: "{{ mariadb_repo }}"
+    state: present
+    filename: 'mariadb'
+    update_cache: yes
+  when: mariadb_set_repository
+
+- name: '[APT] - installing MariaDB packages'
+  apt:
+    name:
+        - "{{ mariadb_package_client }}"
+        - "{{ mariadb_package_server }}"
+        - python-mysqldb
+    state: present
+    update_cache: yes
+  notify: stop mariadb

tasks/main.yml

@@ -0,0 +1,6 @@
+---
+
+- include: install.yml
+- include: configure.yml
+- include: databases.yml
+- include: users.yml

tasks/users.yml

@@ -0,0 +1,11 @@
+---
+
+- name: '[Users] - add MariaDB users accounts'
+  mysql_user:
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    priv: "{{ item.priv }}"
+    host: "{{ item.host }}"
+    state: "{{ item.state | default('present') }}"
+  with_items: "{{ mariadb_users }}"
+  when: mariadb_users|length > 0

templates/debian.cnf.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+# Automatically generated for Debian scripts. DO NOT TOUCH!
+[client]
+host     = localhost
+user     = debian-sys-maint
+password = {{ mariadb_debsysmaint_password }}
+socket   = /var/run/mysqld/mysqld.sock
+[mysql_upgrade]
+host     = localhost
+user     = debian-sys-maint
+password = {{ mariadb_debsysmaint_password }}
+socket   = /var/run/mysqld/mysqld.sock
+basedir  = /usr

templates/home_my.cnf.j2

@@ -0,0 +1,4 @@
+[client]
+user={{ mariadb_root_username }}
+password={{ mariadb_root_password }}
+port={{ mariadb_client_port }}

templates/my.cnf.j2

@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+{% for section in mariadb_default_config %}
+[{{ section.name }}]
+{% for item in section.config %}
+{{ item }}
+{% endfor %}
+
+{% endfor %}
+!includedir {{ mariadb_includedir }}