Compare commits
33 commits
Author | SHA1 | Date | |
---|---|---|---|
951ec2a4c8 | |||
2c32003804 | |||
0efdcb045e | |||
5eb6a71466 | |||
6361a81fe5 | |||
a5a31223c0 | |||
e109a23cfa | |||
fcbf14dc3a | |||
753770e77d | |||
03dcb51ea1 | |||
51fbef2480 | |||
837a6cce63 | |||
611d8234ad | |||
b9070661f9 | |||
2dbbaf8147 | |||
08f588d4aa | |||
0a4da9a633 | |||
025bd8e278 | |||
ab8cdfa15c | |||
d753376dda | |||
e947d74e13 | |||
59b557c6e7 | |||
296bd09081 | |||
2a566e879a | |||
07a4bdeefe | |||
0c5cd7d681 | |||
a9d589e40d | |||
b14e475195 | |||
40b6ef02b8 | |||
9e65c1b8fb | |||
9c0af58687 | |||
d5d12a0b3b | |||
2f790dfd01 |
21 changed files with 371 additions and 201 deletions
18
.forgejo/workflows/molecule.yml
Normal file
18
.forgejo/workflows/molecule.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
on: [push]
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: code.waks.be/nishiki/molecule:docker
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- run: ansible-lint .
|
||||||
|
- run: yamllint .
|
||||||
|
molecule:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: code.waks.be/nishiki/molecule:docker
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- run: molecule test
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +1,2 @@
|
||||||
.kitchen/*
|
.kitchen/*
|
||||||
|
*.pyc
|
||||||
|
|
10
.gitlab-ci.yml
Normal file
10
.gitlab-ci.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
image: nishiki/molecule:docker
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- molecule --version
|
||||||
|
|
||||||
|
molecule:
|
||||||
|
stage: test
|
||||||
|
script:
|
||||||
|
- molecule test
|
27
.kitchen.yml
27
.kitchen.yml
|
@ -1,27 +0,0 @@
|
||||||
---
|
|
||||||
driver:
|
|
||||||
name: docker_cli
|
|
||||||
|
|
||||||
transport:
|
|
||||||
name: docker_cli
|
|
||||||
|
|
||||||
provisioner:
|
|
||||||
name: ansible_playbook
|
|
||||||
hosts: localhost
|
|
||||||
require_ansible_repo: false
|
|
||||||
require_ansible_omnibus: false
|
|
||||||
require_chef_for_busser: true
|
|
||||||
ansible_verbose: false
|
|
||||||
ansible_inventory: ./test/integration/inventory
|
|
||||||
|
|
||||||
platforms:
|
|
||||||
- name: debian-9
|
|
||||||
driver_config:
|
|
||||||
image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.7' %>"
|
|
||||||
command: /bin/systemd
|
|
||||||
volume:
|
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
|
||||||
security_opt: seccomp=unconfined
|
|
||||||
|
|
||||||
suites:
|
|
||||||
- name: default
|
|
27
.travis.yml
27
.travis.yml
|
@ -1,28 +1,29 @@
|
||||||
---
|
---
|
||||||
sudo: required
|
sudo: required
|
||||||
language: ruby
|
dist: bionic
|
||||||
|
addons:
|
||||||
|
apt:
|
||||||
|
packages:
|
||||||
|
- python3
|
||||||
|
- python3-pip
|
||||||
|
- python3-setuptools
|
||||||
|
|
||||||
env:
|
env:
|
||||||
- ANSIBLE_VERSION=2.5
|
- ANSIBLE_VERSION=2.7.16
|
||||||
- ANSIBLE_VERSION=2.6
|
- ANSIBLE_VERSION=2.8.8
|
||||||
- ANSIBLE_VERSION=2.7
|
- ANSIBLE_VERSION=2.9.4
|
||||||
|
|
||||||
services:
|
services:
|
||||||
- docker
|
- docker
|
||||||
|
|
||||||
before_install:
|
before_install:
|
||||||
- bundle install
|
- sudo pip3 install ansible==${ANSIBLE_VERSION}
|
||||||
- sudo pip install --upgrade pip
|
- sudo pip3 install molecule 'molecule[docker]' docker testinfra ansible-lint yamllint
|
||||||
- sudo pip install yamllint
|
|
||||||
- sudo pip install ansible-lint
|
|
||||||
- git clone https://github.com/ansible/galaxy-lint-rules.git
|
- git clone https://github.com/ansible/galaxy-lint-rules.git
|
||||||
|
|
||||||
script:
|
script:
|
||||||
- kitchen conv
|
- ansible --version
|
||||||
- kitchen conv | grep changed=0
|
- molecule test
|
||||||
- kitchen verify
|
|
||||||
- ansible-lint -r galaxy-lint-rules/rules .
|
|
||||||
- yamllint .
|
|
||||||
|
|
||||||
notifications:
|
notifications:
|
||||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
extends: default
|
extends: default
|
||||||
|
|
||||||
ignore: |
|
ignore: |
|
||||||
.kitchen/*
|
.kitchen*
|
||||||
vendor/
|
vendor/
|
||||||
|
.forgejo/
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
line-length:
|
line-length:
|
||||||
max: 120
|
max: 120
|
||||||
level: warning
|
level: warning
|
||||||
truthy: false
|
|
||||||
|
|
42
CHANGELOG.md
42
CHANGELOG.md
|
@ -3,12 +3,48 @@
|
||||||
This project adheres to [Semantic Versioning](http://semver.org/).
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
||||||
Which is based on [Keep A Changelog](http://keepachangelog.com/)
|
Which is based on [Keep A Changelog](http://keepachangelog.com/)
|
||||||
|
|
||||||
## [Unreleased]
|
## Unreleased
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- fix: change gpg key
|
||||||
|
|
||||||
|
## v2.1.0 - 2021-08-22
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- test: add support debian 11
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- fix: bug with multiple privileges
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- chore: use FQCN for module name
|
||||||
|
- fix: replace no_log to loop label
|
||||||
|
- test: use personal docker registry
|
||||||
|
|
||||||
|
## v2.0.1 - 2020-03-28
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- fix: remove default value for mariadb_password
|
||||||
|
- test: replace kitchen to molecule
|
||||||
|
|
||||||
|
## v2.0.0 - 2019-06-05
|
||||||
|
|
||||||
|
- breaking: remove support for ansible < 2.8
|
||||||
|
- feat: add official repository
|
||||||
|
- feat: remove unused users in init
|
||||||
|
- feat: install database if datadir doesn't exist
|
||||||
|
|
||||||
|
## v1.0.1 - 2019-03-16
|
||||||
|
|
||||||
## [v1.0.1] - 2019-03-16
|
|
||||||
- fix: add client-server option in default configuration
|
- fix: add client-server option in default configuration
|
||||||
- fix: install python-mysqldb package
|
- fix: install python-mysqldb package
|
||||||
- test: add tests with travis-ci
|
- test: add tests with travis-ci
|
||||||
|
|
||||||
## [v1.0.0] - 2019-02-23
|
## v1.0.0 - 2019-02-23
|
||||||
|
|
||||||
- first version
|
- first version
|
||||||
|
|
8
Gemfile
8
Gemfile
|
@ -1,8 +0,0 @@
|
||||||
source 'https://rubygems.org'
|
|
||||||
|
|
||||||
group :development do
|
|
||||||
gem 'kitchen-ansible'
|
|
||||||
gem 'kitchen-docker_cli'
|
|
||||||
gem 'rubocop', '0.50.0'
|
|
||||||
gem 'test-kitchen'
|
|
||||||
end
|
|
90
README.md
90
README.md
|
@ -1,39 +1,70 @@
|
||||||
# Ansible role: MariaDB
|
# Ansible role: MariaDB
|
||||||
[![Version](https://img.shields.io/badge/latest_version-1.0.1-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-mariadb/releases)
|
|
||||||
[![Build Status](https://travis-ci.org/nishiki/ansible-role-mariadb.svg?branch=master)](https://travis-ci.org/nishiki/ansible-role-mariadb)
|
[![Version](https://img.shields.io/badge/latest_version-2.1.0-green.svg)](https://code.waks.be/nishiki/ansible-role-mariadb/releases)
|
||||||
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-mariadb/src/branch/master/LICENSE)
|
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-mariadb/src/branch/master/LICENSE)
|
||||||
|
[![Build](https://code.waks.be/nishiki/ansible-role-mariadb/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-mariadb/actions?workflow=molecule.yml)
|
||||||
|
|
||||||
Install and configure MariaDB
|
Install and configure MariaDB
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
* Ansible >= 2.7
|
- Ansible >= 2.9
|
||||||
* Debian Stretch
|
- Debian
|
||||||
|
- Bullseye
|
||||||
|
- Bookworm
|
||||||
|
|
||||||
## Role variables
|
## Role variables
|
||||||
|
|
||||||
- `mariadb_user` - login to connect on mariadb (default: `root`)
|
| Name | Type | Required | Default | Comment |
|
||||||
- `mariadb_password` - password to connect on mariadb (default: `secret`)
|
| ------------------------------- | ----- | -------- | ------- | -------------------------------------- |
|
||||||
- `mariadb_master` - the server is master (default: `no`)
|
| mariadb_use_official_repository | bool | no | true | use the official repository |
|
||||||
- `mariadb_autorestart` - restart mariadb when the config change (default: `no`)
|
| mariadb_branch | str | no | 10.3 | the branch version to install |
|
||||||
- `mariadb_users` - array with the users to manage
|
| mariadb_user | str | no | root | login to connect on mariadb |
|
||||||
|
| mariadb_password | str | yes | | password to connect on mariadb |
|
||||||
|
| mariadb_master | bool | no | false | the server is master |
|
||||||
|
| mariadb_autorestart | bool | no | false | restart mariadb when the config change |
|
||||||
|
| mariadb_users | array | no | | the users to manage |
|
||||||
|
| mariadb_databases | array | no | | the databases to manage |
|
||||||
|
| mariadb_config | hash | no | | extra options for configuration |
|
||||||
|
|
||||||
|
### mariadb_users
|
||||||
|
|
||||||
|
| Name | Type | Required | Default | Comment |
|
||||||
|
| ---------- | ----- | -------- | ------- | --------------------------------------------------------- |
|
||||||
|
| name | str | yes | | the username |
|
||||||
|
| host | str | yes | | the mysql user host |
|
||||||
|
| password | str | yes | | the user password |
|
||||||
|
| privileges | array | no | | the privileges with this form `database.*:SELECT,UPDATE`) |
|
||||||
|
| state | str | no | present | if state is `absent` the user is deleted |
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
```
|
```
|
||||||
- name: johndoe
|
- name: johndoe
|
||||||
|
host: '%'
|
||||||
password: supersecret
|
password: supersecret
|
||||||
privileges:
|
privileges:
|
||||||
- 'database.*:SELECT,UPDATE'
|
- 'database.*:SELECT,UPDATE'
|
||||||
state: present
|
state: present
|
||||||
```
|
```
|
||||||
|
|
||||||
- `mariadb_databases` - array with the databases to manage
|
### mariadb_databases
|
||||||
|
|
||||||
|
| Name | Type | Required | Default | Comment |
|
||||||
|
| ----- | ---- | -------- | ------- | -------------------------------------------- |
|
||||||
|
| name | str | yes | | the dabase name |
|
||||||
|
| state | str | no | present | if state is `absent` the database is deleted |
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
```
|
```
|
||||||
- name: superprogram
|
- name: superprogram
|
||||||
state: present
|
state: present
|
||||||
```
|
```
|
||||||
|
|
||||||
- `mariadb_config` - hash with mariadb configuration
|
### mariadb_config
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
```
|
```
|
||||||
mysqld:
|
mysqld:
|
||||||
|
@ -45,30 +76,31 @@ Install and configure MariaDB
|
||||||
|
|
||||||
```
|
```
|
||||||
- hosts: server
|
- hosts: server
|
||||||
|
vars:
|
||||||
|
mariadb_password: supersecret
|
||||||
|
mariadb_users:
|
||||||
|
- name: johndoe
|
||||||
|
host: '%'
|
||||||
|
password: usersecret
|
||||||
|
privileges:
|
||||||
|
- 'myappli.*:ALL'
|
||||||
|
mariadb_databases:
|
||||||
|
- name: myappli
|
||||||
|
mariadb_config:
|
||||||
|
server-id: 1
|
||||||
|
bind-address: 0.0.0.0
|
||||||
roles:
|
roles:
|
||||||
- mariadb
|
- mariadb
|
||||||
```
|
```
|
||||||
|
|
||||||
## Development
|
## Development
|
||||||
### Test syntax with yamllint
|
|
||||||
|
|
||||||
* install `python` and `python-pip`
|
### Test with molecule and docker
|
||||||
* install yamllint `pip install yamllint`
|
|
||||||
* run `yamllint .`
|
|
||||||
|
|
||||||
### Test syntax with ansible-lint
|
- install [docker](https://docs.docker.com/engine/installation/)
|
||||||
|
- install `python3` and `python3-pip`
|
||||||
* install `python` and `python-pip`
|
- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint`
|
||||||
* install yamllint `pip install ansible-lint`
|
- run `molecule test`
|
||||||
* run `ansible-lint .`
|
|
||||||
|
|
||||||
### Tests with docker
|
|
||||||
|
|
||||||
* install [docker](https://docs.docker.com/engine/installation/)
|
|
||||||
* install ruby
|
|
||||||
* install bundler `gem install bundler`
|
|
||||||
* install dependencies `bundle install`
|
|
||||||
* run the tests `kitchen test`
|
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,13 @@
|
||||||
---
|
---
|
||||||
|
mariadb_use_official_repository: true
|
||||||
|
mariadb_branch: 10.6
|
||||||
|
mariadb_repository: |
|
||||||
|
deb http://mariadb.mirrors.ovh.net/MariaDB/repo/{{ mariadb_branch }}/debian {{ ansible_distribution_release }} main
|
||||||
|
mariadb_repository_key_id: '0xF1656F24C74CD1D8'
|
||||||
|
mariadb_repository_key_server: hkp://keyserver.ubuntu.com:80
|
||||||
mariadb_user: root
|
mariadb_user: root
|
||||||
mariadb_password: secret
|
mariadb_master: false
|
||||||
mariadb_master: no
|
mariadb_autorestart: false
|
||||||
mariadb_autorestart: no
|
|
||||||
mariadb_users: []
|
mariadb_users: []
|
||||||
mariadb_databases: []
|
mariadb_databases: []
|
||||||
mariadb_config: {}
|
mariadb_config: {}
|
||||||
|
@ -42,4 +47,4 @@ mariadb_default_config:
|
||||||
max_binlog_size: 100M
|
max_binlog_size: 100M
|
||||||
character-set-server: utf8mb4
|
character-set-server: utf8mb4
|
||||||
collation-server: utf8mb4_general_ci
|
collation-server: utf8mb4_general_ci
|
||||||
mariadb_full_config: '{{ mariadb_default_config|combine(mariadb_config, recursive=True) }}'
|
mariadb_full_config: '{{ mariadb_default_config | combine(mariadb_config, recursive=True) }}'
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: restart mariadb
|
- name: Restart mariadb
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: mysql
|
name: mysql
|
||||||
state: restarted
|
state: restarted
|
||||||
when: mariadb_autorestart
|
when: mariadb_autorestart|bool
|
||||||
|
|
|
@ -1,16 +1,18 @@
|
||||||
---
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
role_name: mariadb
|
role_name: mariadb
|
||||||
|
namespace: nishiki
|
||||||
author: Adrien Waksberg
|
author: Adrien Waksberg
|
||||||
company: Adrien Waksberg
|
company: Adrien Waksberg
|
||||||
description: Install and configure mariadb
|
description: Install and configure mariadb
|
||||||
license: Apache2
|
license: Apache2
|
||||||
min_ansible_version: 2.7
|
min_ansible_version: "2.9"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- stretch
|
- bullseye
|
||||||
|
- bookworm
|
||||||
|
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- database
|
- database
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
---
|
---
|
||||||
- hosts: localhost
|
- name: Converge
|
||||||
connection: local
|
hosts: all
|
||||||
|
roles:
|
||||||
|
- ansible-role-mariadb
|
||||||
vars:
|
vars:
|
||||||
|
mariadb_password: secret
|
||||||
mariadb_autorestart: yes
|
mariadb_autorestart: yes
|
||||||
mariadb_master: yes
|
mariadb_master: yes
|
||||||
mariadb_config:
|
mariadb_config:
|
||||||
client-server: {}
|
client-server: {}
|
||||||
mysqld:
|
mysqld:
|
||||||
|
datadir: /opt/mariadb
|
||||||
server-id: 5
|
server-id: 5
|
||||||
log-bin: mysql-bin
|
log-bin: mysql-bin
|
||||||
mariadb_databases:
|
mariadb_databases:
|
||||||
|
@ -18,5 +22,7 @@
|
||||||
privileges:
|
privileges:
|
||||||
- 'test.*:ALL'
|
- 'test.*:ALL'
|
||||||
|
|
||||||
roles:
|
pre_tasks:
|
||||||
- ansible-role-mariadb
|
- name: update apt cache
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
24
molecule/default/molecule.yml
Normal file
24
molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: debian12
|
||||||
|
image: code.waks.be/nishiki/molecule:debian12
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
cgroupns_mode: host
|
||||||
|
command: /bin/systemd
|
||||||
|
capabilities:
|
||||||
|
- SYS_ADMIN
|
||||||
|
provisioner:
|
||||||
|
inventory:
|
||||||
|
host_vars:
|
||||||
|
debian12:
|
||||||
|
mariadb_use_official_repository: false
|
||||||
|
lint: |
|
||||||
|
set -e
|
||||||
|
yamllint .
|
||||||
|
ansible-lint .
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
49
molecule/default/tests/test_default.py
Normal file
49
molecule/default/tests/test_default.py
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
import os, re
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
def test_packages(host):
|
||||||
|
for package_name in ['mariadb-server', 'python3-mysqldb']:
|
||||||
|
package = host.package(package_name)
|
||||||
|
assert package.is_installed
|
||||||
|
|
||||||
|
def test_config_file(host):
|
||||||
|
config = host.file('/etc/mysql/my.cnf')
|
||||||
|
assert config.exists
|
||||||
|
assert config.is_file
|
||||||
|
assert config.user == 'root'
|
||||||
|
assert config.group == 'root'
|
||||||
|
assert config.mode == 0o644
|
||||||
|
assert config.contains('server-id = 5')
|
||||||
|
|
||||||
|
def test_data_directory(host):
|
||||||
|
config = host.file('/opt/mariadb')
|
||||||
|
assert config.exists
|
||||||
|
assert config.is_directory
|
||||||
|
assert config.user == 'mysql'
|
||||||
|
assert config.group == 'root'
|
||||||
|
assert config.mode == 0o750
|
||||||
|
|
||||||
|
def test_service(host):
|
||||||
|
service = host.service('mysql')
|
||||||
|
assert service.is_running
|
||||||
|
assert service.is_enabled
|
||||||
|
|
||||||
|
def test_socket(host):
|
||||||
|
socket = host.socket('tcp://127.0.0.1:3306')
|
||||||
|
assert socket.is_listening
|
||||||
|
|
||||||
|
def test_user_exists(host):
|
||||||
|
result = host.check_output('mysql -uroot -psecret -e "show grants for toto@\'%\'"')
|
||||||
|
assert re.search('toto.*%', result)
|
||||||
|
|
||||||
|
def test_root_user(host):
|
||||||
|
result = host.check_output('mysql -uroot -psecret -e "select count(*) from mysql.user where user=\'root\'"')
|
||||||
|
assert '1' in result
|
||||||
|
|
||||||
|
def test_grant_access(host):
|
||||||
|
result = host.check_output('mysql -uroot -psecret -e "show grants for toto@\'%\'"')
|
||||||
|
assert "GRANT ALL PRIVILEGES ON `test`.* TO `toto`@`%`" in result
|
||||||
|
|
||||||
|
def test_logbin_enabled(host):
|
||||||
|
result = host.check_output('mysql -uroot -psecret -e "show variables where variable_name = \'log_bin\'"')
|
||||||
|
assert 'ON' in result
|
57
tasks/initdb.yml
Normal file
57
tasks/initdb.yml
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
---
|
||||||
|
- name: Create the data directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: '{{ mariadb_full_config.mysqld.datadir }}'
|
||||||
|
owner: '{{ mariadb_full_config.mysqld.user }}'
|
||||||
|
group: root
|
||||||
|
mode: 0750
|
||||||
|
state: directory
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Initialize database # noqa no-changed-when
|
||||||
|
ansible.builtin.command:
|
||||||
|
args:
|
||||||
|
argv:
|
||||||
|
- mysql_install_db
|
||||||
|
- '--datadir={{ mariadb_full_config.mysqld.datadir }}'
|
||||||
|
- '--user={{ mariadb_full_config.mysqld.user }}'
|
||||||
|
- '--skip-name-resolve'
|
||||||
|
- '--no-defaults'
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Start mariadb
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: mysql
|
||||||
|
state: started
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Wait mysql start
|
||||||
|
ansible.builtin.pause:
|
||||||
|
seconds: 5
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Set root password # noqa no-changed-when
|
||||||
|
ansible.builtin.command: 'mysqladmin -u root password {{ mariadb_password }}'
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Remove anonymous users
|
||||||
|
community.mysql.mysql_user:
|
||||||
|
name: ''
|
||||||
|
host_all: true
|
||||||
|
state: absent
|
||||||
|
login_user: '{{ mariadb_user }}'
|
||||||
|
login_password: '{{ mariadb_password }}'
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Remove root user without password
|
||||||
|
community.mysql.mysql_user:
|
||||||
|
name: root
|
||||||
|
host: '{{ item }}'
|
||||||
|
state: absent
|
||||||
|
login_user: '{{ mariadb_user }}'
|
||||||
|
login_password: '{{ mariadb_password }}'
|
||||||
|
loop:
|
||||||
|
- 127.0.0.1
|
||||||
|
- '::1'
|
||||||
|
- '{{ ansible_nodename }}'
|
||||||
|
tags: mariadb
|
105
tasks/main.yml
105
tasks/main.yml
|
@ -1,68 +1,79 @@
|
||||||
---
|
---
|
||||||
- name: install package
|
- name: Install dependencies packages
|
||||||
package:
|
ansible.builtin.package:
|
||||||
name: '{{ packages }}'
|
name:
|
||||||
vars:
|
- gpg
|
||||||
packages:
|
- python3-mysqldb
|
||||||
- mariadb-server
|
|
||||||
- python-mysqldb
|
|
||||||
retries: 2
|
retries: 2
|
||||||
register: result
|
register: result
|
||||||
until: result is succeeded
|
until: result is succeeded
|
||||||
tags: mariadb
|
tags: mariadb
|
||||||
|
|
||||||
- name: copy configuration file
|
- name: Install official repository
|
||||||
template:
|
ansible.builtin.import_tasks: repo.yml
|
||||||
|
when: mariadb_use_official_repository|bool
|
||||||
|
|
||||||
|
- name: Install package
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- mariadb-server
|
||||||
|
retries: 2
|
||||||
|
register: result
|
||||||
|
until: result is succeeded
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Copy configuration file
|
||||||
|
ansible.builtin.template:
|
||||||
src: my.cnf.j2
|
src: my.cnf.j2
|
||||||
dest: /etc/mysql/mariadb.cnf
|
dest: /etc/mysql/my.cnf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: restart mariadb
|
notify: Restart mariadb
|
||||||
tags: mariadb
|
tags: mariadb
|
||||||
|
|
||||||
- name: enable and start the service
|
- name: Check if datadir exist
|
||||||
service:
|
ansible.builtin.stat:
|
||||||
|
path: "{{ mariadb_full_config.mysqld.datadir }}"
|
||||||
|
register: st
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Initialize the database
|
||||||
|
ansible.builtin.import_tasks: initdb.yml
|
||||||
|
when: not st.stat.exists
|
||||||
|
|
||||||
|
- name: Enable and start the service
|
||||||
|
ansible.builtin.service:
|
||||||
name: mysql
|
name: mysql
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
tags: mariadb
|
tags: mariadb
|
||||||
|
|
||||||
- name: remove anonymous users
|
- name: Manage users
|
||||||
mysql_user:
|
community.mysql.mysql_user:
|
||||||
name: ''
|
name: "{{ item.name }}"
|
||||||
host_all: yes
|
host: "{{ item.host }}"
|
||||||
state: absent
|
password: "{{ item.password }}"
|
||||||
login_user: '{{ mariadb_user }}'
|
priv: "{{ item.privileges | default('') | join('/') }}"
|
||||||
login_password: '{{ mariadb_password }}'
|
state: "{{ item.state | default('present') }}"
|
||||||
|
login_user: "{{ mariadb_user }}"
|
||||||
|
login_password: "{{ mariadb_password }}"
|
||||||
|
loop: "{{ mariadb_users }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}@{{ item.host }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
no_log: true
|
when: mariadb_master|bool
|
||||||
when: mariadb_master
|
|
||||||
tags: mariadb
|
tags: mariadb
|
||||||
|
|
||||||
- name: manage users
|
- name: Manage databases
|
||||||
mysql_user:
|
community.mysql.mysql_db:
|
||||||
name: '{{ item.name }}'
|
name: "{{ item.name }}"
|
||||||
host: '{{ item.host }}'
|
state: "{{ item.state | default('present') }}"
|
||||||
password: '{{ item.password }}'
|
login_user: "{{ mariadb_user }}"
|
||||||
priv: '{{ item.privileges|default("")|join(",") }}'
|
login_password: "{{ mariadb_password }}"
|
||||||
state: '{{ item.state|default("present") }}'
|
loop: "{{ mariadb_databases }}"
|
||||||
login_user: '{{ mariadb_user }}'
|
loop_control:
|
||||||
login_password: '{{ mariadb_password }}'
|
label: "{{ item.name }}"
|
||||||
loop: '{{ mariadb_users }}'
|
|
||||||
run_once: true
|
run_once: true
|
||||||
no_log: true
|
when: mariadb_master|bool
|
||||||
when: mariadb_master
|
|
||||||
tags: mariadb
|
|
||||||
|
|
||||||
- name: manage databases
|
|
||||||
mysql_db:
|
|
||||||
name: '{{ item.name }}'
|
|
||||||
state: '{{ item.state|default("present") }}'
|
|
||||||
login_user: '{{ mariadb_user }}'
|
|
||||||
login_password: '{{ mariadb_password }}'
|
|
||||||
loop: '{{ mariadb_databases }}'
|
|
||||||
run_once: true
|
|
||||||
no_log: true
|
|
||||||
when: mariadb_master
|
|
||||||
tags: mariadb
|
tags: mariadb
|
||||||
|
|
10
tasks/repo.yml
Normal file
10
tasks/repo.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Add gpg key for mariadb repository
|
||||||
|
ansible.builtin.apt_key:
|
||||||
|
url: https://supplychain.mariadb.com/MariaDB-Server-GPG-KEY
|
||||||
|
tags: mariadb
|
||||||
|
|
||||||
|
- name: Add official repo
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "{{ mariadb_repository }}"
|
||||||
|
tags: mariadb
|
|
@ -1,8 +1,8 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
{% for section, options in mariadb_full_config.iteritems() %}
|
{% for section, options in mariadb_full_config.items() %}
|
||||||
[{{section}}]
|
[{{section}}]
|
||||||
{% for option, value in options.iteritems() %}
|
{% for option, value in options.items() %}
|
||||||
{{ option }}{% if not value is sameas true %} = {{ value }}{% endif %}
|
{{ option }}{% if not value is sameas true %} = {{ value }}{% endif %}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -1,56 +0,0 @@
|
||||||
require 'serverspec'
|
|
||||||
|
|
||||||
set :backend, :exec
|
|
||||||
|
|
||||||
puts
|
|
||||||
puts '================================'
|
|
||||||
puts %x(ansible --version)
|
|
||||||
puts '================================'
|
|
||||||
|
|
||||||
%w[
|
|
||||||
mariadb-server
|
|
||||||
python-mysqldb
|
|
||||||
].each do |name|
|
|
||||||
describe package(name) do
|
|
||||||
it { should be_installed }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe file('/etc/mysql/mariadb.cnf') do
|
|
||||||
it { should be_file }
|
|
||||||
it { should be_mode 644 }
|
|
||||||
it { should be_owned_by 'root' }
|
|
||||||
it { should be_grouped_into 'root' }
|
|
||||||
it { should contain 'server-id = 5' }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe service('mysql') do
|
|
||||||
it { should be_enabled }
|
|
||||||
it { should be_running.under('systemd') }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe port(3306) do
|
|
||||||
it { should be_listening }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe command('mysql -u root -e "show databases"') do
|
|
||||||
its(:exit_status) { should eq 0 }
|
|
||||||
its(:stdout) { should contain 'test' }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe command('mysql -u root -e "select user, host from mysql.user"') do
|
|
||||||
its(:exit_status) { should eq 0 }
|
|
||||||
its(:stdout) { should contain(/toto.*%/) }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe command('mysql -u root -e "show grants for toto@\'%\'"') do
|
|
||||||
its(:exit_status) { should eq 0 }
|
|
||||||
its(:stdout) do
|
|
||||||
should contain "GRANT ALL PRIVILEGES ON `test`.* TO 'toto'@'%'"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe command('mysql -u root -e "show variables where variable_name = \'log_bin\'"') do
|
|
||||||
its(:exit_status) { should eq 0 }
|
|
||||||
its(:stdout) { should contain 'ON' }
|
|
||||||
end
|
|
|
@ -1 +0,0 @@
|
||||||
localhost
|
|
Loading…
Reference in a new issue