Merge 41f01dfe28 into 40f2b782dc

2025-01-10 13:13:55 +01:00 · 2025-01-10 13:13:55 +01:00 · 15414afdf1
parent 40f2b782dc 41f01dfe28
commit 15414afdf1
10 changed files with 111 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -78,6 +78,19 @@ mariadb_mysqldump_raw: |
  quote-names
  max_allowed_packet = 16M

+# additional options to add to mariadb
+#mariadb_options:
+#  key_buffer_size: 100M
+
+# install also these packages
+#mariadb_additional_packages:
+#  - mariadb-pam
+
+# Changes the root password the first time and uses this variable
+# to connect to mariadb for any other operations
+#mariadb_root_password: changeme
+#mariadb_create_root_my_cnf: false
+
 # Databases
 mariadb_databases: []
 #   - name: db1
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -28,3 +28,7 @@

 - name: Immediately restart MariaDB (necessary for replication)
  ansible.builtin.meta: flush_handlers
+
+- name: Root password
+  ansible.builtin.import_tasks: root-password.yml
+  when: mariadb_root_password is defined and mariadb_root_password != ""
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -15,7 +15,7 @@

 - name: Include task setup_redhat.yml
  ansible.builtin.import_tasks: setup_redhat.yml
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family in ["RedHat", "Rocky"]

 - name: Include task setup_alpine.yml
  ansible.builtin.import_tasks: setup_alpine.yml
@ -32,6 +32,7 @@

 - name: Include task users.yml
  ansible.builtin.import_tasks: users.yml
+  tags: mariadb_users
  when:
    - mariadb_users is defined
    - mariadb_replication_role != "replica"
--- a/tasks/root-password.yml
+++ b/tasks/root-password.yml
@ -0,0 +1,39 @@
+---
+- name: Check if the specified root password is already set
+  ansible.builtin.shell: >
+    mysqladmin -u root status
+  changed_when: false
+  failed_when: false
+  no_log: true
+  become: true
+  ignore_errors: true
+  register: _mariadb_password_check
+  tags: mariadb
+
+- name: Change the root password
+  community.mysql.mysql_user:
+    name: "root"
+    host: "localhost"
+    password: "{{ mariadb_root_password }}"
+    login_unix_socket: "{{ mariadb_unix_socket }}"
+  no_log: true
+  run_once: true
+  when: _mariadb_password_check.rc == 0
+  tags: root_password
+
+- name: Create /root/.my.cnf
+  ansible.builtin.copy:
+    dest: "/root/.my.cnf"
+    mode: "0640"
+    owner: root
+    group: root
+    content: |
+      [client]
+      user=root
+      password={{ mariadb_root_password}}
+  become: true
+  when:
+    - mariadb_root_password is defined and mariadb_root_password != ""
+    - mariadb_create_root_my_cnf is defined and mariadb_create_root_my_cnf
+  no_log: true
+# code: language=ansible
--- a/tasks/setup_alpine.yml
+++ b/tasks/setup_alpine.yml
@ -8,6 +8,15 @@
    state: present
  notify: Setup MariaDB

+- name: Install additional packages (package)
+  ansible.builtin.package:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
+  notify: Setup MariaDB
+
 - name: Check if mariadb command exists
  ansible.builtin.stat:
    path: /usr/bin/mariadb
--- a/tasks/setup_debian.yml
+++ b/tasks/setup_debian.yml
@ -82,3 +82,11 @@
      - python3-pymysql
    state: present
    update_cache: true
+
+- name: Install additional packages (apt)
+  ansible.builtin.apt:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
--- a/tasks/setup_redhat.yml
+++ b/tasks/setup_redhat.yml
@ -27,6 +27,14 @@
      - python3-PyMySQL
    state: present

+- name: Install additional packages (dnf)
+  ansible.builtin.dnf:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
+
 - name: Check if mariadb command exists
  ansible.builtin.stat:
    path: /usr/bin/mariadb
--- a/tasks/users.yml
+++ b/tasks/users.yml
@ -8,6 +8,10 @@
    state: "{{ item.state | default('present') }}"
    append_privs: "{{ item.append_privs | default('no') }}"
    encrypted: "{{ item.encrypted | default('no') }}"
+    plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
    login_unix_socket: "{{ mariadb_unix_socket }}"
+    login_user: "{{ mariadb_root_user | default('root') }}"
+    login_password: "{{ mariadb_root_password | default(omit) }}"
+    check_implicit_admin: true
  loop: "{{ mariadb_users }}"
  no_log: true
--- a/templates/mariadb.cnf.j2
+++ b/templates/mariadb.cnf.j2
@ -50,5 +50,19 @@ relay-log-index = relay-bin.index
 {% endif %}
 {% endif -%}

+{% if mariadb_ssl_cert is defined and mariadb_ssl_cert != "" and mariadb_ssl_key is defined and mariadb_ssl_key != "" %}
+ssl_cert = {{ mariadb_ssl_cert }}
+ssl_key = {{ mariadb_ssl_key }}
+{% endif %}
+{% if mariadb_ssl_ca is defined and mariadb_ssl_ca != "" and mariadb_ssl_ca is defined and mariadb_ssl_ca != "" %}
+ssl_ca = {{ mariadb_ssl_ca }}
+{% endif %}
+
+{% if mariadb_options is defined %}
+{% for key, value in mariadb_options.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endif %}
+
 [mysqldump]
 {{ mariadb_mysqldump_raw }}
--- a/vars/Rocky.yml
+++ b/vars/Rocky.yml
@ -0,0 +1,10 @@
+---
+mariadb_user: mysql
+mariadb_package: mariadb-server
+mariadb_config_file: "/etc/my.cnf.d/mariadb-server.cnf"
+mariadb_data_dir: "/var/lib/mysql"
+mariadb_pid_file: "/run/mariadb/mariadb.pid"
+mariadb_unix_socket: "/var/lib/mysql/mysql.sock"
+mariadb_log_dir: "/var/log/mariadb"
+mariadb_log_error_file: "{{ mariadb_log_dir }}/error.log"
+mariadb_cron_package_name: "cronie"