ansible-playbooks/roles/mariadb/tasks/install.yml

- name: set mariadb config
  set_fact:
    mariadb_cfg: "{{ mariadb_default_config |
                     combine(mariadb_tls_config if mariadb_enable_tls else {}, recursive=true) |
                     combine(mariadb_config if mariadb_config is mapping else {}, recursive=true) }}"


- name: install nginx and dependencies
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - mariadb-client
      - alpine: mariadb
      - alpine: mariadb-openrc
      - alpine: mariadb-server-utils
      - alpine: py3-pip
        debian: python3-pip
      - debian: mariadb-server


- name: install pymysql
  pip:
    name: pymysql


- name: remove old mariadb configs
  file:
    path: "/etc/{{ item }}"
    state: absent
  loop:
    - my.cnf
    - my.cnf.d/
    - mysql/


- name: remove mysql user if it exists
  user:
    name: mysql
    remove: yes
    state: absent


- name: remove mysql group if it exists
  group:
    name: mysql
    state: absent


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ mariadb_user }}"
      group: "{{ mariadb_group }}"
      dir: "{{ mariadb_data_dir }}"
      notify: restart mariadb


- name: create mariadb config dir
  file:
    path: "{{ mariadb_conf_dir }}"
    state: directory
    mode: 0700
    owner: "{{ mariadb_user }}"
    group: "{{ mariadb_group }}"


- name: create mariadb data dir
  file:
    path: "{{ mariadb_data_dir }}"
    state: directory
    mode: 0755
    owner: "{{ mariadb_user }}"
    group: "{{ mariadb_group }}"
  notify: restart mariadb


- name: template custom config
  template:
    src: mariadb.j2
    dest: "{{ mariadb_conf_dir }}/mariadb.conf"
    force: yes
    mode: 0400
    owner: "{{ mariadb_user }}"
    group: "{{ mariadb_group }}"
    lstrip_blocks: yes
  notify: restart mariadb


- name: template init script
  template:
    src: init.j2
    dest: /etc/init.d/mariadb
    force: yes
  notify: restart mariadb
  when: ansible_distribution == 'Alpine'


- name: create tls directory for holding certs
  file:
    path: "{{ mariadb_tls_dir }}"
    state: directory
    mode: 0700
    owner: "{{ mariadb_user }}"
    group: "{{ mariadb_group }}"
  when: mariadb_enable_tls


- block:
  - name: add drop-in systemd directory
    file:
      path: /etc/systemd/system/mariadb.service.d
      state: directory

  - name: template systemd drop-in file
    template:
      src: systemd.j2
      dest: /etc/systemd/system/mariadb.service.d/mariadb.conf
      force: yes
    notify: reload systemd daemons

  - name: edit string in systemd init file
    lineinfile:
      path: /lib/systemd/system/mariadb.service
      regexp: '(ExecStartPre=/usr/bin/install -m 755 -o )(\S*)( -g root -d /var/run/mysqld)'
      line: '\1{{ mariadb_user }}\3'
      backrefs: yes
    notify: reload systemd daemons

  - name: remove string in systemd init file
    lineinfile:
      path: /lib/systemd/system/mariadb.service
      line: 'ExecStartPost=/etc/mysql/debian-start'
      state: absent

  - name: change mysql directory ownership
    file:
      path: /var/lib/mysql
      state: directory
      recurse: yes
      owner: "{{ mariadb_user }}"
      group: "{{ mariadb_group }}"

  when: ansible_distribution == 'Debian'


- name: create pid directory
  file:
    path: "/var/run/mysqld"
    state: directory
    owner: "{{ mariadb_user }}"
    group: "{{ mariadb_group }}"


- name: deploy ecc384 cert
  include_role:
    name: certs
  vars:
    certs:
      id: mariadb-ecc
      cert: "{{ mariadb_cfg.ssl_cert }}"
      key: "{{ mariadb_cfg.ssl_key }}"
      chain: "{{ mariadb_cfg.ssl_ca }}"
      ecc: yes
      post_hook: service mariadb restart
      owner: "{{ mariadb_user }}"
      group: "{{ mariadb_group }}"
      notify: restart mariadb
  when: mariadb_enable_tls


- name: run mariadb-install-db
  command:
    argv:
      - /usr/bin/mariadb-install-db
      - "--defaults-file={{ mariadb_conf_dir }}/mariadb.conf"
      - "--datadir={{ mariadb_data_dir }}"
      - "--user={{ mariadb_user }}"
  register: res
  changed_when: (res.rc == 0) and ("Two all-privilege accounts were created" in res.stdout)
  failed_when: res.rc != 0
  notify: restart mariadb


- name: flush handlers
  meta: flush_handlers


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ mariadb_conf_dir }}"


- name: enable and start mariadb
  service:
    name: mariadb
    enabled: yes
    state: started
init 2 years ago			`- name: set mariadb config`
			`set_fact:`
			`mariadb_cfg: "{{ mariadb_default_config \|`
			`combine(mariadb_tls_config if mariadb_enable_tls else {}, recursive=true) \|`
			`combine(mariadb_config if mariadb_config is mapping else {}, recursive=true) }}"`


			`- name: install nginx and dependencies`
			`include_tasks: tasks/install_packages.yml`
			`vars:`
			`package:`
			`- mariadb-client`
			`- alpine: mariadb`
			`- alpine: mariadb-openrc`
			`- alpine: mariadb-server-utils`
			`- alpine: py3-pip`
			`debian: python3-pip`
			`- debian: mariadb-server`


			`- name: install pymysql`
			`pip:`
			`name: pymysql`


			`- name: remove old mariadb configs`
			`file:`
			`path: "/etc/{{ item }}"`
			`state: absent`
			`loop:`
			`- my.cnf`
			`- my.cnf.d/`
			`- mysql/`


			`- name: remove mysql user if it exists`
			`user:`
			`name: mysql`
			`remove: yes`
			`state: absent`


			`- name: remove mysql group if it exists`
			`group:`
			`name: mysql`
			`state: absent`


			`- name: create user and group`
			`include_tasks: tasks/create_user.yml`
			`vars:`
			`user:`
			`name: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`
			`dir: "{{ mariadb_data_dir }}"`
			`notify: restart mariadb`


			`- name: create mariadb config dir`
			`file:`
			`path: "{{ mariadb_conf_dir }}"`
			`state: directory`
			`mode: 0700`
			`owner: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`


			`- name: create mariadb data dir`
			`file:`
			`path: "{{ mariadb_data_dir }}"`
			`state: directory`
			`mode: 0755`
			`owner: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`
			`notify: restart mariadb`


			`- name: template custom config`
			`template:`
			`src: mariadb.j2`
			`dest: "{{ mariadb_conf_dir }}/mariadb.conf"`
			`force: yes`
			`mode: 0400`
			`owner: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`
			`lstrip_blocks: yes`
			`notify: restart mariadb`


			`- name: template init script`
			`template:`
			`src: init.j2`
			`dest: /etc/init.d/mariadb`
			`force: yes`
			`notify: restart mariadb`
			`when: ansible_distribution == 'Alpine'`


			`- name: create tls directory for holding certs`
			`file:`
			`path: "{{ mariadb_tls_dir }}"`
			`state: directory`
			`mode: 0700`
			`owner: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`
			`when: mariadb_enable_tls`


			`- block:`
			`- name: add drop-in systemd directory`
			`file:`
			`path: /etc/systemd/system/mariadb.service.d`
			`state: directory`

			`- name: template systemd drop-in file`
			`template:`
			`src: systemd.j2`
			`dest: /etc/systemd/system/mariadb.service.d/mariadb.conf`
			`force: yes`
			`notify: reload systemd daemons`

			`- name: edit string in systemd init file`
			`lineinfile:`
			`path: /lib/systemd/system/mariadb.service`
			`regexp: '(ExecStartPre=/usr/bin/install -m 755 -o )(\S*)( -g root -d /var/run/mysqld)'`
			`line: '\1{{ mariadb_user }}\3'`
			`backrefs: yes`
			`notify: reload systemd daemons`

			`- name: remove string in systemd init file`
			`lineinfile:`
			`path: /lib/systemd/system/mariadb.service`
			`line: 'ExecStartPost=/etc/mysql/debian-start'`
			`state: absent`

			`- name: change mysql directory ownership`
			`file:`
			`path: /var/lib/mysql`
			`state: directory`
			`recurse: yes`
			`owner: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`

			`when: ansible_distribution == 'Debian'`


			`- name: create pid directory`
			`file:`
			`path: "/var/run/mysqld"`
			`state: directory`
			`owner: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`


			`- name: deploy ecc384 cert`
			`include_role:`
			`name: certs`
			`vars:`
			`certs:`
			`id: mariadb-ecc`
			`cert: "{{ mariadb_cfg.ssl_cert }}"`
			`key: "{{ mariadb_cfg.ssl_key }}"`
			`chain: "{{ mariadb_cfg.ssl_ca }}"`
			`ecc: yes`
			`post_hook: service mariadb restart`
			`owner: "{{ mariadb_user }}"`
			`group: "{{ mariadb_group }}"`
			`notify: restart mariadb`
			`when: mariadb_enable_tls`


			`- name: run mariadb-install-db`
			`command:`
			`argv:`
			`- /usr/bin/mariadb-install-db`
			`- "--defaults-file={{ mariadb_conf_dir }}/mariadb.conf"`
			`- "--datadir={{ mariadb_data_dir }}"`
			`- "--user={{ mariadb_user }}"`
			`register: res`
			`changed_when: (res.rc == 0) and ("Two all-privilege accounts were created" in res.stdout)`
			`failed_when: res.rc != 0`
			`notify: restart mariadb`


			`- name: flush handlers`
			`meta: flush_handlers`


			`- name: add directories to backup plan`
			`include_role:`
			`name: backup`
			`vars:`
			`function: add`
			`backup_items:`
			`- "{{ mariadb_conf_dir }}"`


			`- name: enable and start mariadb`
			`service:`
			`name: mariadb`
			`enabled: yes`
			`state: started`