commit 7c9285ce17dd912c43dc2a1e21a2100281e2e192
Author: Thomas Constans <thomas@opendoor.fr>
Date:   Mon Oct 18 17:42:25 2021 +0200

    mariadb: initial commit

diff --git a/README b/README
new file mode 100644
index 0000000..2a679ae
--- /dev/null
+++ b/README
@@ -0,0 +1,10 @@
+install and configure mariadb on CentOS 7
+
+variables:
+
+mariadb_data_dir - default /var/lib/mysql
+mariadb_user - default mysql
+mariadb_root_password - lookup from group_names[0]}}/{{ inventory_hostname }}_mysql
+mariadb_root_home - default /root
+mariadb_root_username - default root
+mariadb_backup_dir - directory where backups will be stored
\ No newline at end of file
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..41cab4e
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,21 @@
+---
+mariadb_data_dir: /var/lib/mysql
+mariadb_root_home: /root
+mariadb_user: mysql
+mariadb_root_username: root
+mariadb_server_log: /var/log/mysqld.log
+mariadb_backup_dir: /srv/Backups/mysql
+mariadb_server_settings:
+ - { option: "datadir",            value: "{{mariadb_data_dir }}" }
+ - { option: "max_allowed_packet",  value: "64M" }
+ - { option: "query_cache_size",    value: "0" }
+ - { option: "join_buffer_size",    value: "1M" }
+ - { option: "tmp_table_size",      value: "32M" }
+ - { option: "max_heap_table_size", value: "32M" }
+ - { option: "performance_schema",  value: "ON" }
+ - { option: "innodb_buffer_pool_size", value: "4G" }
+ - { option: "innodb_log_file_size",value: "1G" }
+ - { option: "log-error",           value: "{{ mariadb_server_log }}" }
+ - { option: "log-bin",           value: "{{ mariadb_data_dir }}/log-bin" }
+ - { option: "expire_logs_days",           value: "7" }
+ - { option: "max_binlog_size",           value: "1G" }
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..9ec0733
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart mysql
+  service:
+    name: mysql
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..68e1585
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,134 @@
+---
+  - name: OS vars
+    include_vars: "{{ ansible_distribution|lower }}.yml"
+  - name: install prerequisite
+    package:
+      name: "{{ packages_list }}"
+      state: present
+
+  - name: set some vars
+    set_fact:
+      mariadb_root_password: "{{ lookup( 'keepass', '{{ group_names[0]}}/{{ inventory_hostname }}_mysql', 'password' ) }}"
+
+  - name: install on CentOS
+    block:
+    - name: install repo 1
+      get_url:
+        url: https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
+        dest: /tmp/configure_mariadb_repo
+        mode: 0700
+
+    - name: install repo 2
+      command: /tmp/configure_mariadb_repo --os-type=rhel --os-version=7 --skip-maxscale
+
+    - name: install mariadb server package
+      yum:
+        name:
+        - "mariadb"
+        - mariadb-server
+        state: present
+
+    - name: create datadir
+      file:
+        path: "{{ mariadb_data_dir }}"
+        state: directory
+        mode: 0700
+        owner: "{{ mariadb_user }}"
+        setype: mysqld_db_t
+    when: ansible_distribution == "CentOS"
+
+
+  - name: initialize data dir
+    become: true
+    become_user: mysql
+    command: "/usr/bin/mysql_install_db --datadir={{ mariadb_data_dir }} --user={{ mariadb_user }}"
+    args:
+      creates: "{{ mariadb_data_dir }}/mysql"
+  - name: setup logging
+    file:
+      path: "{{ mariadb_server_log }}"
+      state: touch
+      owner: mysql
+      group: "{{ admin_group }}"
+      mode: 0640
+
+  - name: setup logfile rotation
+    template:
+      src: mysql_logrotate
+      dest: /etc/logrotate.d/mysql.conf
+
+  - name: configure mariadb
+    ini_file:
+      path: /etc/my.cnf.d/server.cnf
+      section: mysqld
+      option: "{{ item.option }}"
+      value: "{{ item.value}}"
+      state: present
+    loop:
+      "{{ mariadb_server_settings }}"
+    notify: restart mysql
+
+
+  - name: activate and start mariadb service
+    systemd: name=mariadb enabled=true state=started
+
+#Below tasks "stolen" from https://github.com/geerlingguy/ansible-role-mysql/
+  - name: Get list of hosts for the root user.
+    command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = '{{ mariadb_root_username }}' ORDER BY (Host='localhost') ASC"
+    register: mariadb_root_hosts
+    changed_when: false
+    check_mode: no
+
+  - name: Update MySQL root password for localhost root account (5.7.x).
+    shell: >
+      mysql -u root -NBe
+      'ALTER USER "{{ mariadb_root_username }}"@"{{ item }}" IDENTIFIED BY "{{ mariadb_root_password }}";'
+    with_items: "{{ mariadb_root_hosts.stdout_lines|default([]) }}"
+
+# Has to be after the root password assignment, for idempotency.
+  - name: Copy .my.cnf file with root password credentials.
+    template:
+      src: "root-my.cnf.j2"
+      dest: "{{ mariadb_root_home }}/.my.cnf"
+      owner: root
+      group: root
+      mode: 0600
+
+  - name: Disallow root login remotely and anonymous access
+    command: 'mysql -NBe "{{ item }}"'
+    with_items:
+      - DELETE FROM mysql.user WHERE User=''
+      - DELETE FROM mysql.user WHERE User='{{ mariadb_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
+    changed_when: false
+
+  - name: create root bin and backup dirs
+    file:
+      path: "{{ item }}"
+      state: directory
+      owner: root
+      group: root
+      mode: 0700
+    loop:
+    - "{{ mariadb_backup_dir }}"
+    - /root/bin
+
+  - name: deploy backup script
+    copy:
+      src: /home/tom/Documents/Opendoor/Developpement/Scripts/MySQL/mysql_backup.sh
+      dest: /root/bin
+      mode: 0700
+
+  - name: backup script cron
+    cron:
+      name: mysql_backup
+      cron_file: mysql_backup
+      user: root
+      hour: "01"
+      minute: "00"
+      job: "/root/bin/mysql_backup.sh {{ mariadb_backup_dir }}"
+
+  - name: install percona toolkit
+    yum:
+      name: https://www.percona.com/downloads/percona-toolkit/3.1.0/binary/redhat/7/x86_64/percona-toolkit-3.1.0-2.el7.x86_64.rpm
+      state: present
+    when: ansible_distribution == 'CentOS'
diff --git a/templates/init_root_password.ini b/templates/init_root_password.ini
new file mode 100644
index 0000000..6926a9e
--- /dev/null
+++ b/templates/init_root_password.ini
@@ -0,0 +1 @@
+SET PASSWORD FOR 'root'@'localhost' = PASSWORD('{{ mysql_root_password }}') ;
diff --git a/templates/mysql_logrotate b/templates/mysql_logrotate
new file mode 100644
index 0000000..f6f5402
--- /dev/null
+++ b/templates/mysql_logrotate
@@ -0,0 +1,8 @@
+{{ mariadb_server_log }} {
+        daily
+        rotate 7
+        create 0640 mysql wheel
+        postrotate
+                /usr/bin/mysqladmin flush-logs
+        endscript
+}
diff --git a/templates/root-my.cnf.j2 b/templates/root-my.cnf.j2
new file mode 100644
index 0000000..5f8400a
--- /dev/null
+++ b/templates/root-my.cnf.j2
@@ -0,0 +1,4 @@
+[client]
+host=localhost
+user={{ mariadb_root_username }}
+password={{ mariadb_root_password }}
\ No newline at end of file
diff --git a/vars/centos.yml b/vars/centos.yml
new file mode 100644
index 0000000..3880eb3
--- /dev/null
+++ b/vars/centos.yml
@@ -0,0 +1,4 @@
+
+packages_list:
+- MySQL-python
+admin_group: wheel
diff --git a/vars/debian.yml b/vars/debian.yml
new file mode 100644
index 0000000..57b05e2
--- /dev/null
+++ b/vars/debian.yml
@@ -0,0 +1,5 @@
+packages_list:
+  - mariadb-server
+  - python-pymysql
+admin_group: adm
+