From a1149ccda3b7b16559e3a23683da3845a51787ef Mon Sep 17 00:00:00 2001
From: Sergio Rua <sergio.rua@digitalis.io>
Date: Thu, 11 Jan 2024 12:49:42 +0100
Subject: [PATCH] New features added

- Support for setting the root user password
- It is possible to install additional packages required by MariaDB
- Configure MariaDB using `mariadb_options`
- Fixes users creation for servers requiring authentication
- Adds support for SSL
---
 defaults/main.yml        | 8 ++++++++
 tasks/main.yml           | 1 +
 tasks/root-password.yml  | 2 ++
 tasks/setup_alpine.yml   | 9 +++++++++
 tasks/setup_debian.yml   | 8 ++++++++
 tasks/setup_redhat.yml   | 8 ++++++++
 tasks/users.yml          | 4 +++-
 templates/mariadb.cnf.j2 | 6 ++++++
 8 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e83d42d..c52a904 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -78,6 +78,14 @@ mariadb_mysqldump_raw: |
   quote-names
   max_allowed_packet = 16M
 
+# additional options to add to mariadb
+#mariadb_options:
+#  key_buffer_size: 100M
+
+# install also these packages
+#mariadb_additional_packages:
+#  - mariadb-pam
+
 # Changes the root password the first time and uses this variable
 # to connect to mariadb for any other operations
 #mariadb_root_password: changeme
diff --git a/tasks/main.yml b/tasks/main.yml
index f9dac9f..803f777 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -32,6 +32,7 @@
 
 - name: Include task users.yml
   ansible.builtin.import_tasks: users.yml
+  tags: mariadb_users
   when:
     - mariadb_users is defined
     - mariadb_replication_role != "replica"
diff --git a/tasks/root-password.yml b/tasks/root-password.yml
index d4fc11f..c15574c 100644
--- a/tasks/root-password.yml
+++ b/tasks/root-password.yml
@@ -35,4 +35,6 @@
   when:
     - mariadb_root_password is defined and mariadb_root_password != ""
     - mariadb_create_root_my_cnf is defined and mariadb_create_root_my_cnf
+  no_log: true
+
 # code: language=ansible
diff --git a/tasks/setup_alpine.yml b/tasks/setup_alpine.yml
index a812213..b7d68bc 100644
--- a/tasks/setup_alpine.yml
+++ b/tasks/setup_alpine.yml
@@ -8,6 +8,15 @@
     state: present
   notify: Setup MariaDB
 
+- name: Install additional packages (package)
+  ansible.builtin.package:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
+  notify: Setup MariaDB
+
 - name: Check if mariadb command exists
   ansible.builtin.stat:
     path: /usr/bin/mariadb
diff --git a/tasks/setup_debian.yml b/tasks/setup_debian.yml
index ca3f744..462fe1f 100644
--- a/tasks/setup_debian.yml
+++ b/tasks/setup_debian.yml
@@ -82,3 +82,11 @@
       - python3-pymysql
     state: present
     update_cache: true
+
+- name: Install additional packages (apt)
+  ansible.builtin.apt:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
diff --git a/tasks/setup_redhat.yml b/tasks/setup_redhat.yml
index 46b801c..4e259c9 100644
--- a/tasks/setup_redhat.yml
+++ b/tasks/setup_redhat.yml
@@ -27,6 +27,14 @@
       - python3-PyMySQL
     state: present
 
+- name: Install additional packages (dnf)
+  ansible.builtin.dnf:
+    name: "{{ mariadb_additional_packages }}"
+    state: present
+  when:
+    - mariadb_additional_packages is defined
+    - mariadb_additional_packages | length > 0
+
 - name: Check if mariadb command exists
   ansible.builtin.stat:
     path: /usr/bin/mariadb
diff --git a/tasks/users.yml b/tasks/users.yml
index 3d4b06e..ce32fa6 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -8,8 +8,10 @@
     state: "{{ item.state | default('present') }}"
     append_privs: "{{ item.append_privs | default('no') }}"
     encrypted: "{{ item.encrypted | default('no') }}"
+    plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
     login_unix_socket: "{{ mariadb_unix_socket }}"
-    login_user: root
+    login_user: "{{ mariadb_root_user | default('root') }}"
     login_password: "{{ mariadb_root_password | default(omit) }}"
+    check_implicit_admin: true
   loop: "{{ mariadb_users }}"
   no_log: true
diff --git a/templates/mariadb.cnf.j2 b/templates/mariadb.cnf.j2
index 245cc40..e645978 100644
--- a/templates/mariadb.cnf.j2
+++ b/templates/mariadb.cnf.j2
@@ -58,5 +58,11 @@ ssl_key = {{ mariadb_ssl_key }}
 ssl_ca = {{ mariadb_ssl_ca }}
 {% endif %}
 
+{% if mariadb_options is defined %}
+{% for key, value in mariadb_options.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endif %}
+
 [mysqldump]
 {{ mariadb_mysqldump_raw }}