diff --git a/README.MD b/README.MD new file mode 100644 index 0000000..68abf78 --- /dev/null +++ b/README.MD @@ -0,0 +1,5 @@ +# Mariadb role + +This role covers deployment, configuration and software updates of MariaDB Server. This role is a fork of [https://github.com/deimosfr/ansible-mariadb](https://github.com/deimosfr/ansible-mariadb) vy **Pierre Mavro / deimosfr** and is released under GPL2 Licence. We give no warranty for this piece of software. Currently supported OS - Debian.. + + diff --git a/README.md b/README.md deleted file mode 100644 index 2c61967..0000000 --- a/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# mariadb - -Ansible role to deploy, configure and maintain mariadb database servers. \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..5ff563f --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,113 @@ +--- + +# MariaDB repository +mariadb_set_repository: True +mariadb_version: 10.3 +mariadb_repo: 'deb http://ftp.nluug.nl/db/mariadb/repo/{{ mariadb_version }}/debian {{ansible_distribution_release }} main' +mariadb_repo_key_id: '0xF1656F24C74CD1D8' +mariadb_repo_key_url: 'keyserver.ubuntu.com' + +# MariaDB Packages +mariadb_package_client: mariadb-client +mariadb_package_server: mariadb-server + +# MariaDB service +mariadb_manage_service: True +mariadb_service_name: mysql + +# MariaDB/MySQL tools +mariadb_install_tools: False + +# MariaDB users +mariadb_user_home: /root +mariadb_root_username: root +mariadb_root_password: root +mariadb_debsysmaint_password: +mariadb_client_port: 3306 +#mariadb_uid: '' #uncomment and define if you use non-standard uid +#mariadb_gid: '' #uncomment and define if you use non-standard gid + +# MariaDB Configuration +mariadb_configuration: /etc/mysql/my.cnf +mariadb_includedir: /etc/mysql/conf.d/ + +# Configuration vars +mariadb_datadir: /var/lib/mysql + +mariadb_default_config: + - name: 'client' + config: + - port = {{mariadb_client_port}} + - socket = /var/run/mysqld/mysqld.sock + - name: 'mysqld_safe' + config: + - safe_socket = /var/run/mysqld/mysqld.sock + - safe_nice = 0 + - name: 'mysqld' + config: + - user = mysql + - pid_file = /var/run/mysqld/mysqld.pid + - socket = /var/run/mysqld/mysqld.sock + - port = 3306 + - basedir = /usr + - datadir = "{{mariadb_datadir}}" + - tmpdir = /tmp + - skip_external_locking = True + - bind_address = 127.0.0.1 + - key_buffer = 16M + - max_allowed_packet = 16M + - thread_stack = 192K + - thread_cache_size = 8 + - myisam_recover = BACKUP + - max_connections = 1000 + - query_cache_limit = 1M + - query_cache_size = 16M + - general_log_file = /var/log/mysql/mysql.log + - general_log = 0 + - slow_query_log = 0 + - slow_query_log_file = /var/log/mysql/mysql-slow.log + - long_query_time = 1 + - log_queries_not_using_indexes = False + - default_storage_engine = InnoDB + - innodb_buffer_pool_size = 128M + - innodb_log_file_size = 128M + - innodb_log_buffer_size = 8M + - innodb_thread_concurrency = 64 + - innodb_read_io_threads = 16 + - innodb_write_io_threads = 16 + - innodb_file_per_table = 1 + - innodb_open_files = 400 + - innodb_io_capacity = 600 + - innodb_lock_wait_timeout = 60 + - innodb_flush_method = O_DIRECT + - innodb_doublewrite = 0 + - innodb_use_native_aio = 0 + - server_id = 1 + - log_bin = /var/log/mysql/mysql-bin.log + - expire_logs_days = 10 + - max_binlog_size = 100M + - name: 'mysqldump' + config: + - quick + - quotes-names + - max_allowed_packet = 16M + - name: 'isamchk' + config: + - key_buffer = 16M + +# Databases +# mariadb_databases: +# - { name: example, collation: utf8_general_ci, encoding: utf8, replicate: 1 } +mariadb_databases: [] + +# Users +# mariadb_users: +# - { name: example, host: 127.0.0.1, password: secret, priv: *.*:USAGE } +mariadb_users: [] + +#APT +mariadb_apt_deps: + - ca-certificates + - apt-transport-https + - dialog + - dirmngr diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..f64849f --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,16 @@ +--- + +- name: restart mariadb + systemd: + name: "{{ mariadb_service_name }}" + state: restarted + +- name: start mariadb + systemd: + name: "{{ mariadb_service_name }}" + state: started + +- name: stop mariadb + systemd: + name: "{{ mariadb_service_name }}" + state: stopped diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..6d923cd --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,158 @@ +--- + +# Manage permissions +# need to stop mariadb to change uid/gid +- meta: flush_handlers + +# be sure all folders exists before resting permissions +- name: '[Configure] - Ensure /run/mysqld folder exists' + file: + path: /run/mysqld + owner: mysql + group: mysql + mode: 0755 + state: directory + +# reseting permissions +- name: '[Configure] - reset mariadb data folder and subfolder to new uid' + shell: 'find {{ item }} -user mysql -exec chown {{ mariadb_uid }}:{{ mariadb_gid }} {} \;' + with_items: + - "{{ mariadb_datadir }}" + - /run/mysqld + - /var/run/mysqld + when: mariadb_uid is defined or mariadb_gid is defined + changed_when: false + +- name: '[Configure] - reset mariadb log folder and subfolder to new uid' + file: + path: /var/log/mysql + owner: "{{ mariadb_uid }}" + group: adm + recurse: yes + state: directory + when: mariadb_uid is defined + +- name: '[Configure] - set mariadb user uid' + user: + name: mysql + uid: "{{ mariadb_uid }}" + state: present + when: mariadb_uid is defined + +- name: '[Configure] - set mariadb user gid' + group: + name: mysql + gid: "{{ mariadb_gid }}" + state: present + when: mariadb_gid is defined + +- name: '[Configure] - check datadir/mysql is present' + stat: + path: "{{mariadb_datadir}}/mysql" + register: datadir_is_ok + +# build default tables if absent +- name: '[Configure] - create default databases if not exist' + command: mysql_install_db --user=mysql --ldata={{mariadb_datadir}} + when: datadir_is_ok.stat.exists == False + +- name: '[Configure] - start temporary mariadb' + shell: "mysqld_safe --datadir={{mariadb_datadir}} --user=mysql & echo $!" + register: mariadb_temp_instance + when: datadir_is_ok.stat.exists == False + +- name: '[Configure] - set .my.cnf root blank password for temporary mariadb' + lineinfile: + dest: /root/.my.cnf + regexp: '^password=' + line: 'password=' + owner: root + group: root + mode: 0600 + when: datadir_is_ok.stat.exists == False + +- name: '[Configure] - start mariadb' + systemd: + name: mysql + state: started + when: datadir_is_ok.stat.exists + +- meta: flush_handlers + +# reset debian-sys-maint user password +- name: '[Configure] - set debian-sys-maint user account' + mysql_user: + name: 'debian-sys-maint' + password: "{{mariadb_debsysmaint_password}}" + priv: '*.*:ALL' + state: present + when: mariadb_debsysmaint_password is defined and mariadb_debsysmaint_password + +- name: '[Configure] - set debian-sys-maint configuration file' + template: + src: debian.cnf.j2 + dest: /etc/mysql/debian.cnf + owner: root + group: root + mode: 0600 + backup: yes + when: mariadb_debsysmaint_password is defined and mariadb_debsysmaint_password + +# kill temp mariadb if present +- name: '[Configure] - exit temporary started' + command: kill {{ mariadb_temp_instance.stdout_lines[0] }} + when: datadir_is_ok.stat.exists == False + +- name: '[Configure] -v start mariadb' + systemd: + name: mysql + state: started + +- meta: flush_handlers + +- name: '[Configure] - update mariadb root password for all root accounts' + mysql_user: + name: "root" + host: "{{ item }}" + password: "{{ mariadb_root_password }}" + with_items: + - 127.0.0.1 + - ::1 + - localhost + +- name: '[Configure] - setting mariadb configuration' + template: + src: my.cnf.j2 + dest: "{{mariadb_configuration}}" + owner: root + group: root + mode: 0640 + backup: yes + notify: restart mariadb + +- name: '[Configure] - copy .my.cnf file with root password credentials' + template: + src: "home_my.cnf.j2" + dest: "{{ mariadb_user_home }}/.my.cnf" + owner: root + group: root + mode: 0600 + +# clean default unsecure data +- name: '[Configure] - remove anonymous mariadb user' + mysql_user: + name: '' + state: 'absent' + +- name: '[Configure] - remove mariadb test database' + mysql_db: + name: 'test' + state: 'absent' + +- name: '[Configure] - ensure mariadb is started and enabled on boot' + systemd: + name: "{{ mariadb_service_name }}" + state: started + enabled: yes + when: mariadb_manage_service + changed_when: false diff --git a/tasks/databases.yml b/tasks/databases.yml new file mode 100644 index 0000000..1af01c4 --- /dev/null +++ b/tasks/databases.yml @@ -0,0 +1,10 @@ +--- + +- name: '[Databases] - create MariaDB databases' + mysql_db: + name: "{{ item.name }}" + collation: "{{ item.collation | default('utf8_general_ci') }}" + encoding: "{{ item.encoding | default('utf8') }}" + state: present + with_items: "{{mariadb_databases}}" + when: mariadb_databases|length > 0 diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..90dcec9 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,33 @@ +--- + +# Install packages + +- name: '[APT] - Install dependencies' + apt: + name: "{{ mariadb_apt_deps }}" + update_cache: yes + +- name: '[APT] - Add official MariaDB apt key' + apt_key: + id: "{{mariadb_repo_key_id}}" + keyserver: "{{mariadb_repo_key_url}}" + state: present + when: mariadb_set_repository + +- name: '[APT] - setup official MariaDB repository' + apt_repository: + repo: "{{ mariadb_repo }}" + state: present + filename: 'mariadb' + update_cache: yes + when: mariadb_set_repository + +- name: '[APT] - installing MariaDB packages' + apt: + name: + - "{{ mariadb_package_client }}" + - "{{ mariadb_package_server }}" + - python-mysqldb + state: present + update_cache: yes + notify: stop mariadb diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..a2c852b --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,6 @@ +--- + +- include: install.yml +- include: configure.yml +- include: databases.yml +- include: users.yml diff --git a/tasks/users.yml b/tasks/users.yml new file mode 100644 index 0000000..d292b0b --- /dev/null +++ b/tasks/users.yml @@ -0,0 +1,11 @@ +--- + +- name: '[Users] - add MariaDB users accounts' + mysql_user: + name: "{{ item.name }}" + password: "{{ item.password }}" + priv: "{{ item.priv }}" + host: "{{ item.host }}" + state: "{{ item.state | default('present') }}" + with_items: "{{ mariadb_users }}" + when: mariadb_users|length > 0 diff --git a/templates/debian.cnf.j2 b/templates/debian.cnf.j2 new file mode 100644 index 0000000..4e68642 --- /dev/null +++ b/templates/debian.cnf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Automatically generated for Debian scripts. DO NOT TOUCH! +[client] +host = localhost +user = debian-sys-maint +password = {{ mariadb_debsysmaint_password }} +socket = /var/run/mysqld/mysqld.sock +[mysql_upgrade] +host = localhost +user = debian-sys-maint +password = {{ mariadb_debsysmaint_password }} +socket = /var/run/mysqld/mysqld.sock +basedir = /usr diff --git a/templates/home_my.cnf.j2 b/templates/home_my.cnf.j2 new file mode 100644 index 0000000..fab87c9 --- /dev/null +++ b/templates/home_my.cnf.j2 @@ -0,0 +1,4 @@ +[client] +user={{ mariadb_root_username }} +password={{ mariadb_root_password }} +port={{ mariadb_client_port }} diff --git a/templates/my.cnf.j2 b/templates/my.cnf.j2 new file mode 100644 index 0000000..f476cf6 --- /dev/null +++ b/templates/my.cnf.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} +{% for section in mariadb_default_config %} +[{{ section.name }}] +{% for item in section.config %} +{{ item }} +{% endfor %} + +{% endfor %} +!includedir {{ mariadb_includedir }}