From a4a5a91b4ad8e636e8db5afa72cc73885f2f38a5 Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Fri, 22 Dec 2023 12:28:49 +0100
Subject: [PATCH 1/7] Adds support for Rocky Linux

---
 tasks/main.yml |  2 +-
 vars/Rocky.yml | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 vars/Rocky.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index 428b4f5..f9dac9f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,7 +15,7 @@
 
 - name: Include task setup_redhat.yml
   ansible.builtin.import_tasks: setup_redhat.yml
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family in ["RedHat", "Rocky"]
 
 - name: Include task setup_alpine.yml
   ansible.builtin.import_tasks: setup_alpine.yml
diff --git a/vars/Rocky.yml b/vars/Rocky.yml
new file mode 100644
index 0000000..801f12a
--- /dev/null
+++ b/vars/Rocky.yml
@@ -0,0 +1,10 @@
+---
+mariadb_user: mysql
+mariadb_package: mariadb-server
+mariadb_config_file: "/etc/my.cnf.d/mariadb-server.cnf"
+mariadb_data_dir: "/var/lib/mysql"
+mariadb_pid_file: "/run/mariadb/mariadb.pid"
+mariadb_unix_socket: "/var/lib/mysql/mysql.sock"
+mariadb_log_dir: "/var/log/mariadb"
+mariadb_log_error_file: "{{ mariadb_log_dir }}/error.log"
+mariadb_cron_package_name: "cronie"

From 0ca721bd171f39caf4675f160aed24f63eff64dd Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Fri, 22 Dec 2023 12:51:51 +0100
Subject: [PATCH 2/7] Changes the root password

---
 defaults/main.yml       |  5 +++++
 tasks/configure.yml     |  4 ++++
 tasks/root-password.yml | 39 +++++++++++++++++++++++++++++++++++++++
 tasks/users.yml         |  2 ++
 4 files changed, 50 insertions(+)
 create mode 100644 tasks/root-password.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 085ef11..e83d42d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -78,6 +78,11 @@ mariadb_mysqldump_raw: |
   quote-names
   max_allowed_packet = 16M
 
+# Changes the root password the first time and uses this variable
+# to connect to mariadb for any other operations
+#mariadb_root_password: changeme
+#mariadb_create_root_my_cnf: false
+
 # Databases
 mariadb_databases: []
 #   - name: db1
diff --git a/tasks/configure.yml b/tasks/configure.yml
index aecdc11..13090a5 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -28,3 +28,7 @@
 
 - name: Immediately restart MariaDB (necessary for replication)
   ansible.builtin.meta: flush_handlers
+
+- name: Root password
+  ansible.builtin.include: root-password.yml
+  when: mariadb_root_password is defined and mariadb_root_password != ""
diff --git a/tasks/root-password.yml b/tasks/root-password.yml
new file mode 100644
index 0000000..f35552c
--- /dev/null
+++ b/tasks/root-password.yml
@@ -0,0 +1,39 @@
+---
+- name: Check if the specified root password is already set
+  ansible.builtin.shell: >
+    mysqladmin -u root status
+  changed_when: false
+  failed_when: false
+  no_log: true
+  become: true
+  ignore_errors: true
+  register: _mariadb_password_check
+  tags: mariadb
+
+- name: Change the root password
+  community.mysql.mysql_user:
+    name: "root"
+    host: "localhost"
+    password: "{{ mariadb_root_password }}"
+    login_unix_socket: "{{ mariadb_unix_socket }}"
+  no_log: true
+  run_once: true
+  when: _mariadb_password_check.rc == 0
+  tags: root_password
+
+- name: Create /root/.my.cnf
+  ansible.builtin.copy:
+    dest: "/root/.my.cnf"
+    mode: "0640"
+    owner: root
+    group: root
+    content: |
+      [client]
+      user=root
+      password={{ mariadb_root_password}}
+  become: true
+  when:
+    - mariadb_root_password is defined and mariadb_root_password != ""
+    - mariadb_create_root_my_cnf is defined and mariadb_create_root_my_cnf
+
+# code: language=ansible
diff --git a/tasks/users.yml b/tasks/users.yml
index 9611248..3d4b06e 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -9,5 +9,7 @@
     append_privs: "{{ item.append_privs | default('no') }}"
     encrypted: "{{ item.encrypted | default('no') }}"
     login_unix_socket: "{{ mariadb_unix_socket }}"
+    login_user: root
+    login_password: "{{ mariadb_root_password | default(omit) }}"
   loop: "{{ mariadb_users }}"
   no_log: true

From 60a8856d12bc8ee9b4338c716c296c94698f89a3 Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Fri, 22 Dec 2023 13:12:20 +0100
Subject: [PATCH 3/7] Linting

---
 tasks/configure.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/configure.yml b/tasks/configure.yml
index 13090a5..dd18015 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -30,5 +30,5 @@
   ansible.builtin.meta: flush_handlers
 
 - name: Root password
-  ansible.builtin.include: root-password.yml
+  ansible.builtin.import_tasks: root-password.yml
   when: mariadb_root_password is defined and mariadb_root_password != ""

From 7cf07cb95854d8df9ba9cb50902973dce4392d37 Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Fri, 22 Dec 2023 13:45:47 +0100
Subject: [PATCH 4/7] Linting

---
 tasks/root-password.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tasks/root-password.yml b/tasks/root-password.yml
index f35552c..d4fc11f 100644
--- a/tasks/root-password.yml
+++ b/tasks/root-password.yml
@@ -35,5 +35,4 @@
   when:
     - mariadb_root_password is defined and mariadb_root_password != ""
     - mariadb_create_root_my_cnf is defined and mariadb_create_root_my_cnf
-
 # code: language=ansible

From 24e59a44c8176b8036f35317ec709836f768e21d Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Thu, 4 Jan 2024 12:24:32 +0100
Subject: [PATCH 5/7] Allows setting up SSL certs

---
 templates/mariadb.cnf.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/templates/mariadb.cnf.j2 b/templates/mariadb.cnf.j2
index fd4e001..245cc40 100644
--- a/templates/mariadb.cnf.j2
+++ b/templates/mariadb.cnf.j2
@@ -50,5 +50,13 @@ relay-log-index = relay-bin.index
 {% endif %}
 {% endif -%}
 
+{% if mariadb_ssl_cert is defined and mariadb_ssl_cert != "" and mariadb_ssl_key is defined and mariadb_ssl_key != "" %}
+ssl_cert = {{ mariadb_ssl_cert }}
+ssl_key = {{ mariadb_ssl_key }}
+{% endif %}
+{% if mariadb_ssl_ca is defined and mariadb_ssl_ca != "" and mariadb_ssl_ca is defined and mariadb_ssl_ca != "" %}
+ssl_ca = {{ mariadb_ssl_ca }}
+{% endif %}
+
 [mysqldump]
 {{ mariadb_mysqldump_raw }}

From a1149ccda3b7b16559e3a23683da3845a51787ef Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Thu, 11 Jan 2024 12:49:42 +0100
Subject: [PATCH 6/7] New features added

- Support for setting the root user password
- It is possible to install additional packages required by MariaDB
- Configure MariaDB using `mariadb_options`
- Fixes users creation for servers requiring authentication
- Adds support for SSL
---
 defaults/main.yml        | 8 ++++++++
 tasks/main.yml           | 1 +
 tasks/root-password.yml  | 2 ++
 tasks/setup_alpine.yml   | 9 +++++++++
 tasks/setup_debian.yml   | 8 ++++++++
 tasks/setup_redhat.yml   | 8 ++++++++
 tasks/users.yml          | 4 +++-
 templates/mariadb.cnf.j2 | 6 ++++++
 8 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e83d42d..c52a904 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -78,6 +78,14 @@ mariadb_mysqldump_raw: |
   quote-names
   max_allowed_packet = 16M
 
+# additional options to add to mariadb
+#mariadb_options:
+#  key_buffer_size: 100M
+
+# install also these packages
+#mariadb_additional_packages:
+#  - mariadb-pam
+
 # Changes the root password the first time and uses this variable
 # to connect to mariadb for any other operations
 #mariadb_root_password: changeme
diff --git a/tasks/main.yml b/tasks/main.yml
index f9dac9f..803f777 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -32,6 +32,7 @@
 
 - name: Include task users.yml
   ansible.builtin.import_tasks: users.yml
+  tags: mariadb_users
   when:
     - mariadb_users is defined
     - mariadb_replication_role != "replica"
diff --git a/tasks/root-password.yml b/tasks/root-password.yml
index d4fc11f..c15574c 100644
--- a/tasks/root-password.yml
+++ b/tasks/root-password.yml
@@ -35,4 +35,6 @@
   when:
     - mariadb_root_password is defined and mariadb_root_password != ""
     - mariadb_create_root_my_cnf is defined and mariadb_create_root_my_cnf
+  no_log: true
+
 # code: language=ansible
diff --git a/tasks/setup_alpine.yml b/tasks/setup_alpine.yml
index a812213..b7d68bc 100644
--- a/tasks/setup_alpine.yml
+++ b/tasks/setup_alpine.yml
@@ -8,6 +8,15 @@
     state: present
   notify: Setup MariaDB
 
+- name: Install additional packages (package)
+  ansible.builtin.package:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
+  notify: Setup MariaDB
+
 - name: Check if mariadb command exists
   ansible.builtin.stat:
     path: /usr/bin/mariadb
diff --git a/tasks/setup_debian.yml b/tasks/setup_debian.yml
index ca3f744..462fe1f 100644
--- a/tasks/setup_debian.yml
+++ b/tasks/setup_debian.yml
@@ -82,3 +82,11 @@
       - python3-pymysql
     state: present
     update_cache: true
+
+- name: Install additional packages (apt)
+  ansible.builtin.apt:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
diff --git a/tasks/setup_redhat.yml b/tasks/setup_redhat.yml
index 46b801c..4e259c9 100644
--- a/tasks/setup_redhat.yml
+++ b/tasks/setup_redhat.yml
@@ -27,6 +27,14 @@
       - python3-PyMySQL
     state: present
 
+- name: Install additional packages (dnf)
+  ansible.builtin.dnf:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
+
 - name: Check if mariadb command exists
   ansible.builtin.stat:
     path: /usr/bin/mariadb
diff --git a/tasks/users.yml b/tasks/users.yml
index 3d4b06e..ce32fa6 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -8,8 +8,10 @@
     state: "{{ item.state | default('present') }}"
     append_privs: "{{ item.append_privs | default('no') }}"
     encrypted: "{{ item.encrypted | default('no') }}"
+    plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
     login_unix_socket: "{{ mariadb_unix_socket }}"
-    login_user: root
+    login_user: "{{ mariadb_root_user | default('root') }}"
     login_password: "{{ mariadb_root_password | default(omit) }}"
+    check_implicit_admin: true
   loop: "{{ mariadb_users }}"
   no_log: true
diff --git a/templates/mariadb.cnf.j2 b/templates/mariadb.cnf.j2
index 245cc40..e645978 100644
--- a/templates/mariadb.cnf.j2
+++ b/templates/mariadb.cnf.j2
@@ -58,5 +58,11 @@ ssl_key = {{ mariadb_ssl_key }}
 ssl_ca = {{ mariadb_ssl_ca }}
 {% endif %}
 
+{% if mariadb_options is defined %}
+{% for key, value in mariadb_options.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endif %}
+
 [mysqldump]
 {{ mariadb_mysqldump_raw }}

From 41f01dfe281a95055456f18c38f73100ffd3f29e Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Thu, 11 Jan 2024 15:00:58 +0100
Subject: [PATCH 7/7] Linting

---
 tasks/root-password.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tasks/root-password.yml b/tasks/root-password.yml
index c15574c..d6cfc11 100644
--- a/tasks/root-password.yml
+++ b/tasks/root-password.yml
@@ -36,5 +36,4 @@
     - mariadb_root_password is defined and mariadb_root_password != ""
     - mariadb_create_root_my_cnf is defined and mariadb_create_root_my_cnf
   no_log: true
-
 # code: language=ansible