You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 lines
4.4 KiB
202 lines
4.4 KiB
- name: set mariadb config
|
|
set_fact:
|
|
mariadb_cfg: "{{ mariadb_default_config |
|
|
combine(mariadb_tls_config if mariadb_enable_tls else {}, recursive=true) |
|
|
combine(mariadb_config if mariadb_config is mapping else {}, recursive=true) }}"
|
|
|
|
|
|
- name: install nginx and dependencies
|
|
include_tasks: tasks/install_packages.yml
|
|
vars:
|
|
package:
|
|
- mariadb-client
|
|
- alpine: mariadb
|
|
- alpine: mariadb-openrc
|
|
- alpine: mariadb-server-utils
|
|
- alpine: py3-pip
|
|
debian: python3-pip
|
|
- debian: mariadb-server
|
|
|
|
|
|
- name: install pymysql
|
|
pip:
|
|
name: pymysql
|
|
|
|
|
|
- name: remove old mariadb configs
|
|
file:
|
|
path: "/etc/{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- my.cnf
|
|
- my.cnf.d/
|
|
- mysql/
|
|
|
|
|
|
- name: remove mysql user if it exists
|
|
user:
|
|
name: mysql
|
|
remove: yes
|
|
state: absent
|
|
|
|
|
|
- name: remove mysql group if it exists
|
|
group:
|
|
name: mysql
|
|
state: absent
|
|
|
|
|
|
- name: create user and group
|
|
include_tasks: tasks/create_user.yml
|
|
vars:
|
|
user:
|
|
name: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
dir: "{{ mariadb_data_dir }}"
|
|
notify: restart mariadb
|
|
|
|
|
|
- name: create mariadb config dir
|
|
file:
|
|
path: "{{ mariadb_conf_dir }}"
|
|
state: directory
|
|
mode: 0700
|
|
owner: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
|
|
|
|
- name: create mariadb data dir
|
|
file:
|
|
path: "{{ mariadb_data_dir }}"
|
|
state: directory
|
|
mode: 0755
|
|
owner: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
notify: restart mariadb
|
|
|
|
|
|
- name: template custom config
|
|
template:
|
|
src: mariadb.j2
|
|
dest: "{{ mariadb_conf_dir }}/mariadb.conf"
|
|
force: yes
|
|
mode: 0400
|
|
owner: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
lstrip_blocks: yes
|
|
notify: restart mariadb
|
|
|
|
|
|
- name: template init script
|
|
template:
|
|
src: init.j2
|
|
dest: /etc/init.d/mariadb
|
|
force: yes
|
|
notify: restart mariadb
|
|
when: ansible_distribution == 'Alpine'
|
|
|
|
|
|
- name: create tls directory for holding certs
|
|
file:
|
|
path: "{{ mariadb_tls_dir }}"
|
|
state: directory
|
|
mode: 0700
|
|
owner: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
when: mariadb_enable_tls
|
|
|
|
|
|
- block:
|
|
- name: add drop-in systemd directory
|
|
file:
|
|
path: /etc/systemd/system/mariadb.service.d
|
|
state: directory
|
|
|
|
- name: template systemd drop-in file
|
|
template:
|
|
src: systemd.j2
|
|
dest: /etc/systemd/system/mariadb.service.d/mariadb.conf
|
|
force: yes
|
|
notify: reload systemd daemons
|
|
|
|
- name: edit string in systemd init file
|
|
lineinfile:
|
|
path: /lib/systemd/system/mariadb.service
|
|
regexp: '(ExecStartPre=/usr/bin/install -m 755 -o )(\S*)( -g root -d /var/run/mysqld)'
|
|
line: '\1{{ mariadb_user }}\3'
|
|
backrefs: yes
|
|
notify: reload systemd daemons
|
|
|
|
- name: remove string in systemd init file
|
|
lineinfile:
|
|
path: /lib/systemd/system/mariadb.service
|
|
line: 'ExecStartPost=/etc/mysql/debian-start'
|
|
state: absent
|
|
|
|
- name: change mysql directory ownership
|
|
file:
|
|
path: /var/lib/mysql
|
|
state: directory
|
|
recurse: yes
|
|
owner: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
|
|
when: ansible_distribution == 'Debian'
|
|
|
|
|
|
- name: create pid directory
|
|
file:
|
|
path: "/var/run/mysqld"
|
|
state: directory
|
|
owner: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
|
|
|
|
- name: deploy ecc384 cert
|
|
include_role:
|
|
name: certs
|
|
vars:
|
|
certs:
|
|
id: mariadb-ecc
|
|
cert: "{{ mariadb_cfg.ssl_cert }}"
|
|
key: "{{ mariadb_cfg.ssl_key }}"
|
|
chain: "{{ mariadb_cfg.ssl_ca }}"
|
|
ecc: yes
|
|
post_hook: service mariadb restart
|
|
owner: "{{ mariadb_user }}"
|
|
group: "{{ mariadb_group }}"
|
|
notify: restart mariadb
|
|
when: mariadb_enable_tls
|
|
|
|
|
|
- name: run mariadb-install-db
|
|
command:
|
|
argv:
|
|
- /usr/bin/mariadb-install-db
|
|
- "--defaults-file={{ mariadb_conf_dir }}/mariadb.conf"
|
|
- "--datadir={{ mariadb_data_dir }}"
|
|
- "--user={{ mariadb_user }}"
|
|
register: res
|
|
changed_when: (res.rc == 0) and ("Two all-privilege accounts were created" in res.stdout)
|
|
failed_when: res.rc != 0
|
|
notify: restart mariadb
|
|
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
|
|
- name: add directories to backup plan
|
|
include_role:
|
|
name: backup
|
|
vars:
|
|
function: add
|
|
backup_items:
|
|
- "{{ mariadb_conf_dir }}"
|
|
|
|
|
|
- name: enable and start mariadb
|
|
service:
|
|
name: mariadb
|
|
enabled: yes
|
|
state: started
|
|
|