--- - name: OS vars include_vars: "{{ ansible_distribution|lower }}.yml" - name: install prerequisite package: name: "{{ packages_list }}" state: present - name: set some vars set_fact: mariadb_root_password: "{{ lookup( 'keepass', '{{ group_names[0]}}/{{ inventory_hostname }}_mysql', 'password' ) }}" - name: install on CentOS block: - name: install repo 1 get_url: url: https://downloads.mariadb.com/MariaDB/mariadb_repo_setup dest: /tmp/configure_mariadb_repo mode: 0700 - name: install repo 2 command: /tmp/configure_mariadb_repo --os-type=rhel --os-version=7 --skip-maxscale - name: install mariadb server package yum: name: - "mariadb" - mariadb-server state: present - name: create datadir file: path: "{{ mariadb_data_dir }}" state: directory mode: 0700 owner: "{{ mariadb_user }}" setype: mysqld_db_t when: ansible_distribution == "CentOS" - name: initialize data dir become: true become_user: mysql command: "/usr/bin/mysql_install_db --datadir={{ mariadb_data_dir }} --user={{ mariadb_user }}" args: creates: "{{ mariadb_data_dir }}/mysql" - name: setup logging file: path: "{{ mariadb_server_log }}" state: touch owner: mysql group: "{{ admin_group }}" mode: 0640 - name: setup logfile rotation template: src: mysql_logrotate dest: /etc/logrotate.d/mysql.conf - name: configure mariadb ini_file: path: /etc/my.cnf.d/server.cnf section: mysqld option: "{{ item.option }}" value: "{{ item.value}}" state: present loop: "{{ mariadb_server_settings }}" notify: restart mysql - name: activate and start mariadb service systemd: name=mariadb enabled=true state=started #Below tasks "stolen" from https://github.com/geerlingguy/ansible-role-mysql/ - name: Get list of hosts for the root user. command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = '{{ mariadb_root_username }}' ORDER BY (Host='localhost') ASC" register: mariadb_root_hosts changed_when: false check_mode: no - name: Update MySQL root password for localhost root account (5.7.x). shell: > mysql -u root -NBe 'ALTER USER "{{ mariadb_root_username }}"@"{{ item }}" IDENTIFIED BY "{{ mariadb_root_password }}";' with_items: "{{ mariadb_root_hosts.stdout_lines|default([]) }}" # Has to be after the root password assignment, for idempotency. - name: Copy .my.cnf file with root password credentials. template: src: "root-my.cnf.j2" dest: "{{ mariadb_root_home }}/.my.cnf" owner: root group: root mode: 0600 - name: Disallow root login remotely and anonymous access command: 'mysql -NBe "{{ item }}"' with_items: - DELETE FROM mysql.user WHERE User='' - DELETE FROM mysql.user WHERE User='{{ mariadb_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1') changed_when: false - name: create root bin and backup dirs file: path: "{{ item }}" state: directory owner: root group: root mode: 0700 loop: - "{{ mariadb_backup_dir }}" - /root/bin - name: deploy backup script copy: src: /home/tom/Documents/Opendoor/Developpement/Scripts/MySQL/mysql_backup.sh dest: /root/bin mode: 0700 - name: backup script cron cron: name: mysql_backup cron_file: mysql_backup user: root hour: "01" minute: "00" job: "/root/bin/mysql_backup.sh {{ mariadb_backup_dir }}" - name: install percona toolkit yum: name: https://www.percona.com/downloads/percona-toolkit/3.1.0/binary/redhat/7/x86_64/percona-toolkit-3.1.0-2.el7.x86_64.rpm state: present when: ansible_distribution == 'CentOS'