From 1f5b63160ee0bbdfc0c3750d1edaa3d5003292db Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Mon, 13 Mar 2023 20:07:25 +0100 Subject: [PATCH] up version reorg make it work on rocky --- defaults/main.yml | 2 +- tasks/main.yml | 155 +---------------------------------------- tasks/mariadb.yml | 142 +++++++++++++++++++++++++++++++++++++ templates/mariadb.repo | 15 ++++ vars/rocky9.yml | 3 + 5 files changed, 163 insertions(+), 154 deletions(-) create mode 100644 tasks/mariadb.yml create mode 100644 templates/mariadb.repo create mode 100644 vars/rocky9.yml diff --git a/defaults/main.yml b/defaults/main.yml index 3e61f4f..4eb9ce1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -mariadb_version: 10.6.4 +mariadb_version: 10.6.11 mariadb_data_dir: /var/lib/mysql mariadb_root_home: /root mariadb_user: mysql diff --git a/tasks/main.yml b/tasks/main.yml index 07ee89c..a41453c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,154 +1,3 @@ --- - - name: OS vars - include_vars: "{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}.yml" - tags: always - - - name: install prerequisite - package: - name: "{{ packages_list }}" - state: present - - - name: set some vars - set_fact: - mariadb_root_password: "{{ lookup( 'keepass', '{{ group_names[0]}}/{{ inventory_hostname }}_mysql', 'password' ) }}" - when: (mariadb_root_password is not defined) or (mariadb_root_password|length ==0) - - - name: install on CentOS - block: - - name: install repo 1 - get_url: - url: https://downloads.mariadb.com/MariaDB/mariadb_repo_setup - dest: /tmp/configure_mariadb_repo - mode: 0700 - - - name: install repo 2 - command: "/tmp/configure_mariadb_repo --os-type=rhel --os-version={{ ansible_distribution_major_version }} --skip-maxscale --mariadb-server-version={{ mariadb_version }}" - - - name: install mariadb server package - package: - name: - - "mariadb" - - mariadb-server - state: present - - - name: create datadir - file: - path: "{{ mariadb_data_dir }}" - state: directory - mode: 0700 - owner: "{{ mariadb_user }}" - setype: mysqld_db_t - - - name: initialize data dir - become: true - become_user: mysql - command: "/usr/bin/mysql_install_db --datadir={{ mariadb_data_dir }} --user={{ mariadb_user }}" - args: - creates: "{{ mariadb_data_dir }}/mysql" - - when: ansible_os_family == 'RedHat' - - - - name: installa mariadb server package - debian - apt: - name: "{{ packages_list }}" - state: present - when: ansible_os_family == "Debian" - - - name: setup logging - file: - path: "{{ mariadb_server_log }}" - state: touch - owner: mysql - group: "{{ admin_group }}" - mode: 0640 - - - name: setup logfile rotation - template: - src: mysql_logrotate - dest: /etc/logrotate.d/mysql.conf - - - name: configure mariadb - ini_file: - path: /etc/my.cnf.d/server.cnf - section: mysqld - option: "{{ item.option }}" - value: "{{ item.value}}" - state: present - loop: - "{{ mariadb_server_settings }}" - notify: restart mysql - - - - name: activate and start mariadb service - systemd: name=mariadb enabled=true state=started - -#Below tasks "stolen" from https://github.com/geerlingguy/ansible-role-mysql/ - - name: Get list of hosts for the root user. - command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = '{{ mariadb_root_username }}' ORDER BY (Host='localhost') ASC" - register: mariadb_root_hosts - changed_when: false - check_mode: no - - - name: Update MySQL root password for localhost root account (5.7.x). - shell: > - mysql -u root -NBe - 'ALTER USER "{{ mariadb_root_username }}"@"{{ item }}" IDENTIFIED BY "{{ mariadb_root_password }}";' - with_items: "{{ mariadb_root_hosts.stdout_lines|default([]) }}" - -# Has to be after the root password assignment, for idempotency. - - name: Copy .my.cnf file with root password credentials. - template: - src: "root-my.cnf.j2" - dest: "{{ mariadb_root_home }}/.my.cnf" - owner: root - group: root - mode: 0600 - - - name: Disallow root login remotely and anonymous access - command: 'mysql -NBe "{{ item }}"' - with_items: - - DELETE FROM mysql.user WHERE User='' - - DELETE FROM mysql.user WHERE User='{{ mariadb_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1') - changed_when: false - - - name: create root bin and backup dirs - file: - path: "{{ item }}" - state: directory - owner: root - group: root - mode: 0700 - loop: - - "{{ mariadb_backup_dir }}" - - /root/bin - - - name: deploy backup script - ansible.builtin.git: - repo: https://infra.opendoor.fr/git/tom/mysql_backup.git - dest: /root/bin - - - name: backup script permissions - ansible.builtin.file: - path: /root/bin/mysql_backup/mysql_backup.sh - mode: 700 - - - name: backup script cron - cron: - name: mysql_backup - cron_file: mysql_backup - user: root - hour: "01" - minute: "00" - job: "/root/bin/mysql_backup/mysql_backup.sh {{ mariadb_backup_dir }}" - - - name: install percona toolkit - yum: - name: https://downloads.percona.com/downloads/percona-toolkit/3.3.1/binary/redhat/{{ ansible_distribution }}/x86_64/percona-toolkit-3.3.1-1.el{{ ansible_distribution_major_version }}.x86_64.rpm - state: present - when: ansible_os_family == 'RedHat' and mariadb_use_percona - - - name: clean up - file: - path: /var/lib/mysql/.ansible - state: absent + - import_tasks: mariadb.yml + tags: mariadb,mysql diff --git a/tasks/mariadb.yml b/tasks/mariadb.yml new file mode 100644 index 0000000..404ff0d --- /dev/null +++ b/tasks/mariadb.yml @@ -0,0 +1,142 @@ +--- + - name: OS vars + ansible.builtin.include_vars: "{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}.yml" + tags: always + + - name: install prerequisite + ansible.builtin.package: + name: "{{ packages_list }}" + state: present + + - name: set some vars + ansible.builtin.set_fact: + mariadb_root_password: "{{ lookup( 'viczem.keepass.keepass', '{{ group_names[0]}}/{{ inventory_hostname }}_mysql', 'password' ) }}" + when: (mariadb_root_password is not defined) or (mariadb_root_password|length ==0) + + - name: install on CentOS + block: + - name: install repo + vars: + va: "{{ mariadb_version | ansible.builtin.split('.') }}" + ve: "{{ va[0] }}.{{ va[1] }}" + ansible.builtin.yum_repository: + name: mariadb + descrition: mariadb repo + baseurl: "https://downloads.mariadb.com/MariaDB/mariadb-{{ ve }}/yum/rhel/$releasever/$basearch" + src: mariadb.repo + dest: /etc/yum.repos.d/ + gpgkey: https://mirrors.ircam.fr/pub/mariadb/yum/RPM-GPG-KEY-MariaDB + + - name: install mariadb server package + ansible.builtin.package: + name: + - "mariadb" + - mariadb-server + state: present + + when: ansible_os_family == 'RedHat' + + + - name: install mariadb server package - debian + ansible.builtin.package: + name: "{{ packages_list }}" + state: present + when: ansible_os_family == "Debian" + + - name: setup logging + ansible.builtin.file: + path: "{{ mariadb_server_log }}" + state: touch + owner: mysql + group: "{{ admin_group }}" + mode: 0640 + + - name: setup logfile rotation + ansible.builtin.template: + src: mysql_logrotate + dest: /etc/logrotate.d/mysql.conf + + - name: configure mariadb + ansible.builtin.ini_file: + path: /etc/my.cnf.d/server.cnf + section: mysqld + option: "{{ item.option }}" + value: "{{ item.value}}" + state: present + loop: + "{{ mariadb_server_settings }}" + notify: restart mysql + + + - name: activate and start mariadb service + ansible.builtin.systemd: name=mariadb enabled=true state=started + +#Below tasks "stolen" from https://github.com/geerlingguy/ansible-role-mysql/ + - name: Get list of hosts for the root user. + ansible.builtin.command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = '{{ mariadb_root_username }}' ORDER BY (Host='localhost') ASC" + register: mariadb_root_hosts + changed_when: false + check_mode: no + + - name: Update MySQL root password for localhost root account (5.7.x). + ansible.builtin.shell: > + mysql -u root -NBe + 'ALTER USER "{{ mariadb_root_username }}"@"{{ item }}" IDENTIFIED BY "{{ mariadb_root_password }}";' + with_items: "{{ mariadb_root_hosts.stdout_lines|default([]) }}" + +# Has to be after the root password assignment, for idempotency. + - name: Copy .my.cnf file with root password credentials. + ansible.builtin.template: + src: "root-my.cnf.j2" + dest: "{{ mariadb_root_home }}/.my.cnf" + owner: root + group: root + mode: 0600 + + - name: Disallow root login remotely and anonymous access + ansible.builtin.command: 'mysql -NBe "{{ item }}"' + with_items: + - DELETE FROM mysql.user WHERE User='' + - DELETE FROM mysql.user WHERE User='{{ mariadb_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1') + changed_when: false + + - name: create root bin and backup dirs + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: 0700 + loop: + - "{{ mariadb_backup_dir }}" + - /root/bin + + - name: deploy backup script + ansible.builtin.git: + repo: https://infra.opendoor.fr/git/tom/mysql_backup.git + dest: /root/bin/mysql_backup + + - name: backup script permissions + ansible.builtin.file: + path: /root/bin/mysql_backup/mysql_backup.sh + mode: 700 + + - name: backup script cron + ansible.builtin.cron: + name: mysql_backup + cron_file: mysql_backup + user: root + hour: "01" + minute: "00" + job: "/root/bin/mysql_backup/mysql_backup.sh {{ mariadb_backup_dir }}" + + - name: install percona toolkit + ansible.builtin.package: + name: https://downloads.percona.com/downloads/percona-toolkit/3.3.1/binary/redhat/{{ ansible_distribution }}/x86_64/percona-toolkit-3.3.1-1.el{{ ansible_distribution_major_version }}.x86_64.rpm + state: present + when: ansible_os_family == 'RedHat' and mariadb_use_percona + + - name: clean up + ansible.builtin.file: + path: /var/lib/mysql/.ansible + state: absent diff --git a/templates/mariadb.repo b/templates/mariadb.repo new file mode 100644 index 0000000..82058b2 --- /dev/null +++ b/templates/mariadb.repo @@ -0,0 +1,15 @@ +[mariadb-main] +name = MariaDB Server +baseurl = https://dlm.mariadb.com/repo/mariadb-server/{{ mariadb_version }}/yum/rhel/{{ ansible_distribution_major_version }}/x86_64 +gpgkey = file:///etc/pki/rpm-gpg/MariaDB-Server-GPG-KEY +gpgcheck = 1 +enabled = 1 +module_hotfixes = 1 + + +[mariadb-tools] +name = MariaDB Tools +baseurl = https://downloads.mariadb.com/Tools/rhel/{{ ansible_distribution_major_version }}/x86_64 +gpgkey = file:///etc/pki/rpm-gpg/MariaDB-Enterprise-GPG-KEY +gpgcheck = 1 +enabled = 1 diff --git a/vars/rocky9.yml b/vars/rocky9.yml new file mode 100644 index 0000000..7740fe7 --- /dev/null +++ b/vars/rocky9.yml @@ -0,0 +1,3 @@ +packages_list: +- python3-PyMySQL +admin_group: wheel \ No newline at end of file