- name: set mariadb config set_fact: mariadb_cfg: "{{ mariadb_default_config | combine(mariadb_tls_config if mariadb_enable_tls else {}, recursive=true) | combine(mariadb_config if mariadb_config is mapping else {}, recursive=true) }}" - name: install nginx and dependencies include_tasks: tasks/install_packages.yml vars: package: - mariadb-client - alpine: mariadb - alpine: mariadb-openrc - alpine: mariadb-server-utils - alpine: py3-pip debian: python3-pip - debian: mariadb-server - name: install pymysql pip: name: pymysql - name: remove old mariadb configs file: path: "/etc/{{ item }}" state: absent loop: - my.cnf - my.cnf.d/ - mysql/ - name: remove mysql user if it exists user: name: mysql remove: yes state: absent - name: remove mysql group if it exists group: name: mysql state: absent - name: create user and group include_tasks: tasks/create_user.yml vars: user: name: "{{ mariadb_user }}" group: "{{ mariadb_group }}" dir: "{{ mariadb_data_dir }}" notify: restart mariadb - name: create mariadb config dir file: path: "{{ mariadb_conf_dir }}" state: directory mode: 0700 owner: "{{ mariadb_user }}" group: "{{ mariadb_group }}" - name: create mariadb data dir file: path: "{{ mariadb_data_dir }}" state: directory mode: 0755 owner: "{{ mariadb_user }}" group: "{{ mariadb_group }}" notify: restart mariadb - name: template custom config template: src: mariadb.j2 dest: "{{ mariadb_conf_dir }}/mariadb.conf" force: yes mode: 0400 owner: "{{ mariadb_user }}" group: "{{ mariadb_group }}" lstrip_blocks: yes notify: restart mariadb - name: template init script template: src: init.j2 dest: /etc/init.d/mariadb force: yes notify: restart mariadb when: ansible_distribution == 'Alpine' - name: create tls directory for holding certs file: path: "{{ mariadb_tls_dir }}" state: directory mode: 0700 owner: "{{ mariadb_user }}" group: "{{ mariadb_group }}" when: mariadb_enable_tls - block: - name: add drop-in systemd directory file: path: /etc/systemd/system/mariadb.service.d state: directory - name: template systemd drop-in file template: src: systemd.j2 dest: /etc/systemd/system/mariadb.service.d/mariadb.conf force: yes notify: reload systemd daemons - name: edit string in systemd init file lineinfile: path: /lib/systemd/system/mariadb.service regexp: '(ExecStartPre=/usr/bin/install -m 755 -o )(\S*)( -g root -d /var/run/mysqld)' line: '\1{{ mariadb_user }}\3' backrefs: yes notify: reload systemd daemons - name: remove string in systemd init file lineinfile: path: /lib/systemd/system/mariadb.service line: 'ExecStartPost=/etc/mysql/debian-start' state: absent - name: change mysql directory ownership file: path: /var/lib/mysql state: directory recurse: yes owner: "{{ mariadb_user }}" group: "{{ mariadb_group }}" when: ansible_distribution == 'Debian' - name: create pid directory file: path: "/var/run/mysqld" state: directory owner: "{{ mariadb_user }}" group: "{{ mariadb_group }}" - name: deploy ecc384 cert include_role: name: certs vars: certs: id: mariadb-ecc cert: "{{ mariadb_cfg.ssl_cert }}" key: "{{ mariadb_cfg.ssl_key }}" chain: "{{ mariadb_cfg.ssl_ca }}" ecc: yes post_hook: service mariadb restart owner: "{{ mariadb_user }}" group: "{{ mariadb_group }}" notify: restart mariadb when: mariadb_enable_tls - name: run mariadb-install-db command: argv: - /usr/bin/mariadb-install-db - "--defaults-file={{ mariadb_conf_dir }}/mariadb.conf" - "--datadir={{ mariadb_data_dir }}" - "--user={{ mariadb_user }}" register: res changed_when: (res.rc == 0) and ("Two all-privilege accounts were created" in res.stdout) failed_when: res.rc != 0 notify: restart mariadb - name: flush handlers meta: flush_handlers - name: add directories to backup plan include_role: name: backup vars: function: add backup_items: - "{{ mariadb_conf_dir }}" - name: enable and start mariadb service: name: mariadb enabled: yes state: started