test: fix syntax for ansible lint

.forgejo/workflows/molecule.yml

@@ -0,0 +1,18 @@
+---
+on: [push]
+jobs:
+  lint:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: ansible-lint .
+      - run: yamllint .
+  molecule:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: molecule test

.gitignore

@@ -1 +1,2 @@
 .kitchen/*
+*.pyc

.gitlab-ci.yml

@@ -0,0 +1,10 @@
+---
+image: nishiki/molecule:docker
+
+before_script:
+  - molecule --version
+
+molecule:
+  stage: test
+  script:
+    - molecule test

.kitchen.yml

@@ -1,27 +0,0 @@
----
-driver:
-  name: docker_cli
-
-transport:
-  name: docker_cli
-
-provisioner:
-  name: ansible_playbook
-  hosts: localhost
-  require_ansible_repo: false
-  require_ansible_omnibus: false
-  require_chef_for_busser: true
-  ansible_verbose: false
-  ansible_inventory: ./test/integration/inventory
-
-platforms:
-  - name: debian-9
-    driver_config:
-      image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.8' %>"
-      command: /bin/systemd
-      volume:
-        - /sys/fs/cgroup:/sys/fs/cgroup:ro
-      security_opt: seccomp=unconfined
-
-suites:
-  - name: default

.rubocop.yml

@@ -1,38 +0,0 @@
----
-AllCops:
-  Exclude:
-    - db/**/*
-    - config/**/*
-    - Vagrantfile
-  TargetRubyVersion: 2.4
-
-Naming/AccessorMethodName:
-  Enabled: false
-
-Lint/RescueWithoutErrorClass:
-  Enabled: false
-
-Metrics/LineLength:
-  Max: 120
-Metrics/CyclomaticComplexity:
-  Enabled: false
-Metrics/PerceivedComplexity:
-  Enabled: false
-Metrics/MethodLength:
-  Enabled: false
-Metrics/BlockLength:
-  Enabled: false
-Metrics/ClassLength:
-  Enabled: false
-Metrics/AbcSize:
-  Enabled: false
-
-Style/NumericLiteralPrefix:
-  Enabled: false
-Style/FrozenStringLiteralComment:
-  Enabled: false
-Style/CommandLiteral:
-  Enabled: true
-  EnforcedStyle: percent_x
-Style/Documentation:
-  Enabled: false

.travis.yml

@@ -1,26 +1,29 @@
 ---
 sudo: required
-language: ruby
+dist: bionic
+addons:
+  apt:
+    packages:
+      - python3
+      - python3-pip
+      - python3-setuptools
 
 env:
-  - ANSIBLE_VERSION=2.8
+  - ANSIBLE_VERSION=2.7.16
+  - ANSIBLE_VERSION=2.8.8
+  - ANSIBLE_VERSION=2.9.4
 
 services:
   - docker
 
 before_install:
-  - bundle install
-  - sudo pip install --upgrade pip
-  - sudo pip install yamllint
-  - sudo pip install ansible-lint
+  - sudo pip3 install ansible==${ANSIBLE_VERSION}
+  - sudo pip3 install molecule 'molecule[docker]' docker testinfra ansible-lint yamllint
   - git clone https://github.com/ansible/galaxy-lint-rules.git
 
 script:
-  - kitchen conv
-  - kitchen conv | grep changed=0
-  - kitchen verify
-  - ansible-lint -r galaxy-lint-rules/rules .
-  - yamllint .
+  - ansible --version
+  - molecule test
 
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint

@@ -2,11 +2,11 @@
 extends: default
 
 ignore: |
-  .kitchen/*
+  .kitchen*
   vendor/
+  .forgejo/
 
 rules:
   line-length:
     max: 120
     level: warning
-  truthy: false

CHANGELOG.md

@@ -3,21 +3,48 @@
 This project adheres to [Semantic Versioning](http://semver.org/).
 Which is based on [Keep A Changelog](http://keepachangelog.com/)
 
-## [Unreleased]
+## Unreleased
 
-## [v2.0.0] - 2019-06-05
+### Fixed
+
+- fix: change gpg key
+
+## v2.1.0 - 2021-08-22
+
+### Added
+
+- test: add support debian 11
+
+### Fixed
+
+- fix: bug with multiple privileges
+
+### Changed
+
+- chore: use FQCN for module name
+- fix: replace no_log to loop label
+- test: use personal docker registry
+
+## v2.0.1 - 2020-03-28
+
+### Changed
+
+- fix: remove default value for mariadb_password
+- test: replace kitchen to molecule
+
+## v2.0.0 - 2019-06-05
 
 - breaking: remove support for ansible < 2.8
 - feat: add official repository
 - feat: remove unused users in init
 - feat: install database if datadir doesn't exist
 
-## [v1.0.1] - 2019-03-16
+## v1.0.1 - 2019-03-16
 
 - fix: add client-server option in default configuration
 - fix: install python-mysqldb package
 - test: add tests with travis-ci
 
-## [v1.0.0] - 2019-02-23
+## v1.0.0 - 2019-02-23
 
 - first version

Gemfile

@@ -1,8 +0,0 @@
-source 'https://rubygems.org'
-
-group :development do
-  gem 'kitchen-ansible'
-  gem 'kitchen-docker_cli'
-  gem 'rubocop', '0.50.0'
-  gem 'test-kitchen'
-end

Gemfile.lock

@@ -1,133 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    ast (2.4.0)
-    bcrypt_pbkdf (1.0.1)
-    builder (3.2.3)
-    ed25519 (1.2.4)
-    equatable (0.5.0)
-    erubis (2.7.0)
-    ffi (1.11.1)
-    gssapi (1.3.0)
-      ffi (>= 1.0.1)
-    gyoku (1.3.1)
-      builder (>= 2.1.2)
-    httpclient (2.8.3)
-    kitchen-ansible (0.50.0)
-      net-ssh (>= 3)
-      test-kitchen (>= 1.4)
-    kitchen-docker_cli (0.19.0)
-      test-kitchen (>= 1.3)
-    license-acceptance (1.0.12)
-      pastel (~> 0.7)
-      tomlrb (~> 1.2)
-      tty-box (~> 0.3)
-      tty-prompt (~> 0.18)
-    little-plugger (1.1.4)
-    logging (2.2.2)
-      little-plugger (~> 1.1)
-      multi_json (~> 1.10)
-    mixlib-install (3.11.18)
-      mixlib-shellout
-      mixlib-versioning
-      thor
-    mixlib-shellout (2.4.4)
-    mixlib-versioning (1.2.7)
-    multi_json (1.13.1)
-    necromancer (0.4.0)
-    net-scp (2.0.0)
-      net-ssh (>= 2.6.5, < 6.0.0)
-    net-ssh (5.2.0)
-    net-ssh-gateway (2.0.0)
-      net-ssh (>= 4.0.0)
-    nori (2.6.0)
-    parallel (1.17.0)
-    parser (2.6.3.0)
-      ast (~> 2.4.0)
-    pastel (0.7.2)
-      equatable (~> 0.5.0)
-      tty-color (~> 0.4.0)
-    powerpack (0.1.2)
-    rainbow (2.2.2)
-      rake
-    rake (12.3.2)
-    rubocop (0.50.0)
-      parallel (~> 1.10)
-      parser (>= 2.3.3.1, < 3.0)
-      powerpack (~> 0.1)
-      rainbow (>= 2.2.2, < 3.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.0, >= 1.0.1)
-    ruby-progressbar (1.10.1)
-    rubyntlm (0.6.2)
-    rubyzip (1.2.3)
-    strings (0.1.5)
-      strings-ansi (~> 0.1)
-      unicode-display_width (~> 1.5)
-      unicode_utils (~> 1.4)
-    strings-ansi (0.1.0)
-    test-kitchen (2.2.5)
-      bcrypt_pbkdf (~> 1.0)
-      ed25519 (~> 1.2)
-      license-acceptance (~> 1.0, >= 1.0.11)
-      mixlib-install (~> 3.6)
-      mixlib-shellout (>= 1.2, < 3.0)
-      net-scp (>= 1.1, < 3.0)
-      net-ssh (>= 2.9, < 6.0)
-      net-ssh-gateway (>= 1.2, < 3.0)
-      thor (~> 0.19)
-      winrm (~> 2.0)
-      winrm-elevated (~> 1.0)
-      winrm-fs (~> 1.1)
-    thor (0.20.3)
-    timers (4.3.0)
-    tomlrb (1.2.8)
-    tty-box (0.3.0)
-      pastel (~> 0.7.2)
-      strings (~> 0.1.4)
-      tty-cursor (~> 0.6.0)
-    tty-color (0.4.3)
-    tty-cursor (0.6.1)
-    tty-prompt (0.18.1)
-      necromancer (~> 0.4.0)
-      pastel (~> 0.7.0)
-      timers (~> 4.0)
-      tty-cursor (~> 0.6.0)
-      tty-reader (~> 0.5.0)
-    tty-reader (0.5.0)
-      tty-cursor (~> 0.6.0)
-      tty-screen (~> 0.6.4)
-      wisper (~> 2.0.0)
-    tty-screen (0.6.5)
-    unicode-display_width (1.6.0)
-    unicode_utils (1.4.0)
-    winrm (2.3.2)
-      builder (>= 2.1.2)
-      erubis (~> 2.7)
-      gssapi (~> 1.2)
-      gyoku (~> 1.0)
-      httpclient (~> 2.2, >= 2.2.0.2)
-      logging (>= 1.6.1, < 3.0)
-      nori (~> 2.0)
-      rubyntlm (~> 0.6.0, >= 0.6.1)
-    winrm-elevated (1.1.1)
-      winrm (~> 2.0)
-      winrm-fs (~> 1.0)
-    winrm-fs (1.3.2)
-      erubis (~> 2.7)
-      logging (>= 1.6.1, < 3.0)
-      rubyzip (~> 1.1)
-      winrm (~> 2.0)
-    wisper (2.0.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  kitchen-ansible
-  kitchen-docker_cli
-  rubocop (= 0.50.0)
-  test-kitchen
-
-BUNDLED WITH
-   1.16.0

README.md

@@ -1,42 +1,70 @@
 # Ansible role: MariaDB
 
-[![Version](https://img.shields.io/badge/latest_version-2.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-mariadb/releases)
-[![Build Status](https://travis-ci.org/nishiki/ansible-role-mariadb.svg?branch=master)](https://travis-ci.org/nishiki/ansible-role-mariadb)
-[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-mariadb/src/branch/master/LICENSE)
+[![Version](https://img.shields.io/badge/latest_version-2.1.0-green.svg)](https://code.waks.be/nishiki/ansible-role-mariadb/releases)
+[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-mariadb/src/branch/master/LICENSE)
+[![Build](https://code.waks.be/nishiki/ansible-role-mariadb/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-mariadb/actions?workflow=molecule.yml)
 
 Install and configure MariaDB
 
 ## Requirements
 
-* Ansible >= 2.6
-* Debian Stretch
+- Ansible >= 2.9
+- Debian
+  - Bullseye
+  - Bookworm
 
 ## Role variables
 
-* `mariadb_use_official_repository` - use the official repository (default: `yes`)
-* `mariadb_branch` - the branch version to install (default: `10.3`)
-* `mariadb_user` - login to connect on mariadb (default: `root`)
-* `mariadb_password` - password to connect on mariadb (default: `secret`)
-* `mariadb_master` - the server is master (default: `no`)
-* `mariadb_autorestart` - restart mariadb when the config change (default: `no`)
-* `mariadb_users` - array with the users to manage
+| Name                            | Type  | Required | Default | Comment                                |
+| ------------------------------- | ----- | -------- | ------- | -------------------------------------- |
+| mariadb_use_official_repository | bool  | no       | true    | use the official repository            |
+| mariadb_branch                  | str   | no       | 10.3    | the branch version to install          |
+| mariadb_user                    | str   | no       | root    | login to connect on mariadb            |
+| mariadb_password                | str   | yes      |         | password to connect on mariadb         |
+| mariadb_master                  | bool  | no       | false   | the server is master                   |
+| mariadb_autorestart             | bool  | no       | false   | restart mariadb when the config change |
+| mariadb_users                   | array | no       |         | the users to manage                    |
+| mariadb_databases               | array | no       |         | the databases to manage                |
+| mariadb_config                  | hash  | no       |         | extra options for configuration        |
+
+### mariadb_users
+
+| Name       | Type  | Required | Default | Comment                                                   |
+| ---------- | ----- | -------- | ------- | --------------------------------------------------------- |
+| name       | str   | yes      |         | the username                                              |
+| host       | str   | yes      |         | the mysql user host                                       |
+| password   | str   | yes      |         | the user password                                         |
+| privileges | array | no       |         | the privileges with this form `database.*:SELECT,UPDATE`) |
+| state      | str   | no       | present | if state is `absent` the user is deleted                  |
+
+Example:
 
 ```
 - name: johndoe
+  host: '%'
   password: supersecret
   privileges:
     - 'database.*:SELECT,UPDATE'
   state: present
 ```
 
-* `mariadb_databases` -  array with the databases to manage
+### mariadb_databases
+
+| Name  | Type | Required | Default | Comment                                      |
+| ----- | ---- | -------- | ------- | -------------------------------------------- |
+| name  | str  | yes      |         | the dabase name                              |
+| state | str  | no       | present | if state is `absent` the database is deleted |
+
+Example:
 
 ```
 - name: superprogram
   state: present
 ```
 
-* `mariadb_config` -  hash with mariadb configuration
+### mariadb_config
+
+Example:
 
 ```
   mysqld:
@@ -48,31 +76,31 @@ Install and configure MariaDB
 
 ```
 - hosts: server
+  vars:
+    mariadb_password: supersecret
+    mariadb_users:
+      - name: johndoe
+        host: '%'
+        password: usersecret
+        privileges:
+          - 'myappli.*:ALL'
+    mariadb_databases:
+      - name: myappli
+    mariadb_config:
+      server-id: 1
+      bind-address: 0.0.0.0
   roles:
     - mariadb
 ```
 
 ## Development
 
-### Test syntax with yamllint
+### Test with molecule and docker
 
-* install `python` and `python-pip`
-* install yamllint `pip install yamllint`
-* run `yamllint .`
-
-### Test syntax with ansible-lint
-
-* install `python` and `python-pip`
-* install yamllint `pip install ansible-lint`
-* run `ansible-lint .`
-
-### Tests with docker
-
-* install [docker](https://docs.docker.com/engine/installation/)
-* install ruby
-* install bundler `gem install bundler`
-* install dependencies `bundle install`
-* run the tests `kitchen test`
+- install [docker](https://docs.docker.com/engine/installation/)
+- install `python3` and `python3-pip`
+- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint`
+- run `molecule test`
 
 ## License
 

defaults/main.yml

@@ -1,14 +1,13 @@
 ---
-mariadb_use_official_repository: yes
-mariadb_branch: 10.3
+mariadb_use_official_repository: true
+mariadb_branch: 10.6
 mariadb_repository: |
   deb http://mariadb.mirrors.ovh.net/MariaDB/repo/{{ mariadb_branch }}/debian {{ ansible_distribution_release }} main
 mariadb_repository_key_id: '0xF1656F24C74CD1D8'
-mariadb_repository_key_server: keyserver.ubuntu.com
+mariadb_repository_key_server: hkp://keyserver.ubuntu.com:80
 mariadb_user: root
-mariadb_password: secret
-mariadb_master: no
-mariadb_autorestart: no
+mariadb_master: false
+mariadb_autorestart: false
 mariadb_users: []
 mariadb_databases: []
 mariadb_config: {}
@@ -48,4 +47,4 @@ mariadb_default_config:
     max_binlog_size: 100M
     character-set-server: utf8mb4
     collation-server: utf8mb4_general_ci
-mariadb_full_config: '{{ mariadb_default_config|combine(mariadb_config, recursive=True) }}'
+mariadb_full_config: '{{ mariadb_default_config | combine(mariadb_config, recursive=True) }}'

handlers/main.yml

@@ -1,6 +1,6 @@
 ---
-- name: restart mariadb
-  service:
+- name: Restart mariadb
+  ansible.builtin.service:
     name: mysql
     state: restarted
   when: mariadb_autorestart|bool

meta/main.yml

@@ -1,16 +1,18 @@
 ---
 galaxy_info:
   role_name: mariadb
+  namespace: nishiki
   author: Adrien Waksberg
   company: Adrien Waksberg
   description: Install and configure mariadb
   license: Apache2
-  min_ansible_version: 2.8
+  min_ansible_version: "2.9"
 
   platforms:
     - name: Debian
       versions:
-        - stretch
+        - bullseye
+        - bookworm
 
   galaxy_tags:
     - database

molecule/default/converge.yml

@@ -1,7 +1,10 @@
 ---
-- hosts: localhost
-  connection: local
+- name: Converge
+  hosts: all
+  roles:
+    - ansible-role-mariadb
   vars:
+    mariadb_password: secret
     mariadb_autorestart: yes
     mariadb_master: yes
     mariadb_config:
@@ -19,5 +22,7 @@
         privileges:
           - 'test.*:ALL'
 
-  roles:
-    - ansible-role-mariadb
+  pre_tasks:
+    - name: update apt cache
+      ansible.builtin.apt:
+        update_cache: true

molecule/default/molecule.yml

@@ -0,0 +1,24 @@
+---
+driver:
+  name: docker
+platforms:
+  - name: debian12
+    image: code.waks.be/nishiki/molecule:debian12
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    command: /bin/systemd
+    capabilities:
+      - SYS_ADMIN
+provisioner:
+  inventory:
+    host_vars:
+      debian12:
+        mariadb_use_official_repository: false
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .
+verifier:
+  name: testinfra

molecule/default/tests/test_default.py

@@ -0,0 +1,49 @@
+import os, re
+import testinfra.utils.ansible_runner
+
+def test_packages(host):
+  for package_name in ['mariadb-server', 'python3-mysqldb']:
+    package = host.package(package_name)
+    assert package.is_installed
+
+def test_config_file(host):
+  config = host.file('/etc/mysql/my.cnf')
+  assert config.exists
+  assert config.is_file
+  assert config.user == 'root'
+  assert config.group == 'root'
+  assert config.mode == 0o644
+  assert config.contains('server-id = 5')
+
+def test_data_directory(host):
+  config = host.file('/opt/mariadb')
+  assert config.exists
+  assert config.is_directory
+  assert config.user == 'mysql'
+  assert config.group == 'root'
+  assert config.mode == 0o750
+
+def test_service(host):
+  service = host.service('mysql')
+  assert service.is_running
+  assert service.is_enabled
+
+def test_socket(host):
+  socket = host.socket('tcp://127.0.0.1:3306')
+  assert socket.is_listening
+
+def test_user_exists(host):
+  result = host.check_output('mysql -uroot -psecret -e "show grants for toto@\'%\'"')
+  assert re.search('toto.*%', result)
+
+def test_root_user(host):
+  result = host.check_output('mysql -uroot -psecret -e "select count(*) from mysql.user where user=\'root\'"')
+  assert '1' in result
+
+def test_grant_access(host):
+  result = host.check_output('mysql -uroot -psecret -e "show grants for toto@\'%\'"')
+  assert "GRANT ALL PRIVILEGES ON `test`.* TO `toto`@`%`" in result
+
+def test_logbin_enabled(host):
+  result = host.check_output('mysql -uroot -psecret -e "show variables where variable_name = \'log_bin\'"')
+  assert 'ON' in result

tasks/initdb.yml

@@ -1,6 +1,6 @@
 ---
-- name: create the data directory
-  file:
+- name: Create the data directory
+  ansible.builtin.file:
     path: '{{ mariadb_full_config.mysqld.datadir }}'
     owner: '{{ mariadb_full_config.mysqld.user }}'
     group: root
@@ -8,8 +8,8 @@
     state: directory
   tags: mariadb
 
-- name: initialize database
-  command:
+- name: Initialize database  # noqa no-changed-when
+  ansible.builtin.command:
   args:
     argv:
       - mysql_install_db
@@ -17,37 +17,34 @@
       - '--user={{ mariadb_full_config.mysqld.user }}'
       - '--skip-name-resolve'
       - '--no-defaults'
-  when: True
   tags: mariadb
 
-- name: start mariadb
-  systemd:
+- name: Start mariadb
+  ansible.builtin.service:
     name: mysql
     state: started
   tags: mariadb
 
-- name: wait mysql start
-  pause:
+- name: Wait mysql start
+  ansible.builtin.pause:
     seconds: 5
   tags: mariadb
 
-- name: set root password
-  command: 'mysqladmin -u root password {{ mariadb_password }}'
-  when: True
+- name: Set root password  # noqa no-changed-when
+  ansible.builtin.command: 'mysqladmin -u root password {{ mariadb_password }}'
   tags: mariadb
 
-- name: remove anonymous users
-  mysql_user:
+- name: Remove anonymous users
+  community.mysql.mysql_user:
     name: ''
-    host_all: yes
+    host_all: true
     state: absent
     login_user: '{{ mariadb_user }}'
     login_password: '{{ mariadb_password }}'
-  no_log: true
   tags: mariadb
 
-- name: remove root user without password
-  mysql_user:
+- name: Remove root user without password
+  community.mysql.mysql_user:
     name: root
     host: '{{ item }}'
     state: absent
@@ -57,5 +54,4 @@
     - 127.0.0.1
     - '::1'
     - '{{ ansible_nodename }}'
-  no_log: true
   tags: mariadb

tasks/main.yml

@@ -1,68 +1,79 @@
 ---
-- import_tasks: repo.yml
-  when: mariadb_use_official_repository|bool
-
-- name: install package
-  package:
-    name: '{{ packages }}'
-  vars:
-    packages:
-      - mariadb-server
-      - python-mysqldb
+- name: Install dependencies packages
+  ansible.builtin.package:
+    name:
+      - gpg
+      - python3-mysqldb
   retries: 2
   register: result
   until: result is succeeded
   tags: mariadb
 
-- name: copy configuration file
-  template:
+- name: Install official repository
+  ansible.builtin.import_tasks: repo.yml
+  when: mariadb_use_official_repository|bool
+
+- name: Install package
+  ansible.builtin.package:
+    name:
+      - mariadb-server
+  retries: 2
+  register: result
+  until: result is succeeded
+  tags: mariadb
+
+- name: Copy configuration file
+  ansible.builtin.template:
     src: my.cnf.j2
     dest: /etc/mysql/my.cnf
     owner: root
     group: root
     mode: 0644
-  notify: restart mariadb
+  notify: Restart mariadb
   tags: mariadb
 
-- name: check if datadir exist
-  stat:
-    path: '{{ mariadb_full_config.mysqld.datadir }}'
+- name: Check if datadir exist
+  ansible.builtin.stat:
+    path: "{{ mariadb_full_config.mysqld.datadir }}"
   register: st
   tags: mariadb
 
-- import_tasks: initdb.yml
+- name: Initialize the database
+  ansible.builtin.import_tasks: initdb.yml
   when: not st.stat.exists
 
-- name: enable and start the service
-  service:
+- name: Enable and start the service
+  ansible.builtin.service:
     name: mysql
     state: started
-    enabled: yes
+    enabled: true
   tags: mariadb
 
-- name: manage users
-  mysql_user:
-    name: '{{ item.name }}'
-    host: '{{ item.host }}'
-    password: '{{ item.password }}'
-    priv: '{{ item.privileges|default("")|join(",") }}'
-    state: '{{ item.state|default("present") }}'
-    login_user: '{{ mariadb_user }}'
-    login_password: '{{ mariadb_password }}'
-  loop: '{{ mariadb_users }}'
+- name: Manage users
+  community.mysql.mysql_user:
+    name: "{{ item.name }}"
+    host: "{{ item.host }}"
+    password: "{{ item.password }}"
+    priv: "{{ item.privileges | default('') | join('/') }}"
+    state: "{{ item.state | default('present') }}"
+    login_user: "{{ mariadb_user }}"
+    login_password: "{{ mariadb_password }}"
+  loop: "{{ mariadb_users }}"
+  loop_control:
+    label: "{{ item.name }}@{{ item.host }}"
   run_once: true
-  no_log: true
   when: mariadb_master|bool
   tags: mariadb
 
-- name: manage databases
-  mysql_db:
-    name: '{{ item.name }}'
-    state: '{{ item.state|default("present") }}'
-    login_user: '{{ mariadb_user }}'
-    login_password: '{{ mariadb_password }}'
-  loop: '{{ mariadb_databases }}'
+- name: Manage databases
+  community.mysql.mysql_db:
+    name: "{{ item.name }}"
+    state: "{{ item.state | default('present') }}"
+    login_user: "{{ mariadb_user }}"
+    login_password: "{{ mariadb_password }}"
+  loop: "{{ mariadb_databases }}"
+  loop_control:
+    label: "{{ item.name }}"
   run_once: true
-  no_log: true
   when: mariadb_master|bool
   tags: mariadb

tasks/repo.yml

@@ -1,14 +1,10 @@
 ---
-- name: add gpg key for mariadb repository
-  apt_key:
-    keyserver: '{{ mariadb_repository_key_server }}'
-    id: '{{ mariadb_repository_key_id }}'
-  retries: 2
-  register: result
-  until: result is succeeded
+- name: Add gpg key for mariadb repository
+  ansible.builtin.apt_key:
+    url: https://supplychain.mariadb.com/MariaDB-Server-GPG-KEY
   tags: mariadb
 
-- name: add official repo
-  apt_repository:
-    repo: '{{ mariadb_repository }}'
+- name: Add official repo
+  ansible.builtin.apt_repository:
+    repo: "{{ mariadb_repository }}"
   tags: mariadb

templates/my.cnf.j2

@@ -1,8 +1,8 @@
 # {{ ansible_managed }}
 
-{% for section, options in mariadb_full_config.iteritems() %}
+{% for section, options in mariadb_full_config.items() %}
 [{{section}}]
-{% for option, value in options.iteritems() %}
+{% for option, value in options.items() %}
 {{ option }}{% if not value is sameas true %} = {{ value }}{% endif %}
 
 {% endfor %}

test/integration/default/serverspec/default_spec.rb

@@ -1,68 +0,0 @@
-require 'serverspec'
-
-set :backend, :exec
-
-puts
-puts '================================'
-puts %x(ansible --version)
-puts '================================'
-
-%w[
-  mariadb-server
-  python-mysqldb
-].each do |name|
-  describe package(name) do
-    it { should be_installed }
-  end
-end
-
-describe file('/opt/mariadb') do
-  it { should be_directory }
-  it { should be_mode 750 }
-  it { should be_owned_by 'mysql' }
-  it { should be_grouped_into 'root' }
-end
-
-describe file('/etc/mysql/my.cnf') do
-  it { should be_file }
-  it { should be_mode 644 }
-  it { should be_owned_by 'root' }
-  it { should be_grouped_into 'root' }
-  it { should contain 'server-id = 5' }
-end
-
-describe service('mysql') do
-  it { should be_enabled }
-  it { should be_running.under('systemd') }
-end
-
-describe port(3306) do
-  it { should be_listening }
-end
-
-describe command('mysql -uroot -psecret -e "show databases"') do
-  its(:exit_status) { should eq 0 }
-  its(:stdout) { should contain 'test' }
-end
-
-describe command('mysql -uroot -psecret -e "select user, host, password from mysql.user"') do
-  its(:exit_status) { should eq 0 }
-  its(:stdout) { should contain(/toto.*%/) }
-end
-
-describe command('mysql -uroot -psecret -e "select count(*) from mysql.user where user=\'root\'"') do
-  its(:exit_status) { should eq 0 }
-  its(:stdout) { should contain('1') }
-end
-
-describe command('mysql -uroot -psecret -e "show grants for toto@\'%\'"') do
-  its(:exit_status) { should eq 0 }
-  its(:stdout) do
-    should contain "GRANT ALL PRIVILEGES ON `test`.* TO 'toto'@'%'"
-  end
-end
-
-describe command('mysql -uroot -psecret -e "show variables where variable_name = \'log_bin\'"') do
-  its(:exit_status) { should eq 0 }
-  its(:stdout) { should contain 'ON' }
-end

test/integration/inventory

@@ -1 +0,0 @@
-localhost