--- - name: OS vars ansible.builtin.include_vars: "{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}.yml" tags: always - name: install prerequisite ansible.builtin.package: name: "{{ packages_list }}" state: present - name: set some vars ansible.builtin.set_fact: mariadb_root_password: "{{ lookup( 'viczem.keepass.keepass', '{{ group_names[0]}}/{{ inventory_hostname }}_mysql', 'password' ) }}" when: (mariadb_root_password is not defined) or (mariadb_root_password|length ==0) - name: install on CentOS when: ansible_os_family == 'RedHat' block: - name: install repo vars: va: "{{ mariadb_version | ansible.builtin.split('.') }}" ve: "{{ va[0] }}.{{ va[1] }}" ansible.builtin.yum_repository: name: mariadb descrition: mariadb repo baseurl: "https://downloads.mariadb.com/MariaDB/mariadb-{{ ve }}/yum/rhel/$releasever/$basearch" src: mariadb.repo dest: /etc/yum.repos.d/ gpgkey: https://mirrors.ircam.fr/pub/mariadb/yum/RPM-GPG-KEY-MariaDB - name: install mariadb server package ansible.builtin.package: name: - "mariadb" - mariadb-server state: present - name: setup logging when: ansible_os_family == 'RedHat' ansible.builtin.file: path: "{{ mariadb_server_log }}" state: touch owner: mysql group: "{{ admin_group }}" mode: 0640 - name: setup logfile rotation when: ansible_os_family == 'RedHat' ansible.builtin.template: src: mysql_logrotate dest: /etc/logrotate.d/mysql.conf - name: configure mariadb ansible.builtin.ini_file: path: /etc/my.cnf.d/server.cnf section: mysqld option: "{{ item.option }}" value: "{{ item.value}}" state: present loop: "{{ mariadb_server_settings }}" notify: restart mysql - name: activate and start mariadb service ansible.builtin.systemd: name=mariadb enabled=true state=started #Below tasks "stolen" from https://github.com/geerlingguy/ansible-role-mysql/ - name: Get list of hosts for the root user. ansible.builtin.command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = '{{ mariadb_root_username }}' ORDER BY (Host='localhost') ASC" register: mariadb_root_hosts changed_when: false check_mode: no - name: Update MySQL root password for localhost root account (5.7.x). ansible.builtin.shell: > mysql -u root -NBe 'ALTER USER "{{ mariadb_root_username }}"@"{{ item }}" IDENTIFIED BY "{{ mariadb_root_password }}";' with_items: "{{ mariadb_root_hosts.stdout_lines|default([]) }}" # Has to be after the root password assignment, for idempotency. - name: Copy .my.cnf file with root password credentials. ansible.builtin.template: src: "root-my.cnf.j2" dest: "{{ mariadb_root_home }}/.my.cnf" owner: root group: root mode: 0600 - name: Disallow root login remotely and anonymous access ansible.builtin.command: 'mysql -NBe "{{ item }}"' with_items: - DELETE FROM mysql.user WHERE User='' - DELETE FROM mysql.user WHERE User='{{ mariadb_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1') changed_when: false - name: create root bin and backup dirs ansible.builtin.file: path: "{{ item }}" state: directory owner: root group: root mode: 0700 loop: - "{{ mariadb_backup_dir }}" - /root/bin - name: deploy backup script ansible.builtin.git: repo: https://infra.opendoor.fr/git/tom/mysql_backup.git dest: /root/bin/mysql_backup - name: backup script permissions ansible.builtin.file: path: /root/bin/mysql_backup/mysql_backup.sh mode: 700 - name: backup script cron ansible.builtin.cron: name: mysql_backup cron_file: mysql_backup user: root hour: "01" minute: "00" job: "/root/bin/mysql_backup/mysql_backup.sh {{ mariadb_backup_dir }}" - name: install percona toolkit ansible.builtin.package: name: https://downloads.percona.com/downloads/percona-toolkit/3.3.1/binary/redhat/{{ ansible_distribution }}/x86_64/percona-toolkit-3.3.1-1.el{{ ansible_distribution_major_version }}.x86_64.rpm state: present when: ansible_os_family == 'RedHat' and mariadb_use_percona - name: clean up ansible.builtin.file: path: /var/lib/mysql/.ansible state: absent