slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
VC
2019-09-04 09:06:55 +02:00
commit dded46ff64
144 changed files with 7495 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/mariadb/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
mariadb_backup_hour: 5
mariadb_backup_minute: 0

137
roles/mariadb/files/50-server.cnf Normal file
View File

@@ -0,0 +1,137 @@
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /run/mysqld/mysqld.pid
socket = /run/mysqld/mysqld.sock
#port = 3306
basedir = /usr
datadir = /srv/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
default-storage-engine = InnoDB
#skip-external-locking
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
#
# * Fine Tuning
#
key_buffer_size = 32M
max_allowed_packet = 64M
thread_stack = 256K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam_recover_options = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 16M
query_cache_size = 64M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Enable the slow query log to see queries with especially long duration
#slow_query_log_file = /var/log/mysql/mariadb-slow.log
#long_query_time = 10
#log_slow_rate_limit = 1000
#log_slow_verbosity = query_plan
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = exclude_database_name
#
# * Security Features
#
# Read the manual, too, if you want chroot!
#chroot = /srv/mysql/
#
# For generating SSL certificates you can use for example the GUI tool "tinyca".
#
#ssl-ca = /etc/mysql/cacert.pem
#ssl-cert = /etc/mysql/server-cert.pem
#ssl-key = /etc/mysql/server-key.pem
#
# Accept only connections using the latest and most secure TLS protocol version.
# ..when MariaDB is compiled with OpenSSL:
#ssl-cipher = TLSv1.2
# ..when MariaDB is compiled with YaSSL (default in Debian):
#ssl = on
#
# * Character sets
#
# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
# utf8 4-byte character set. See also client.cnf
#
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /srv/mysql/.
# Read the manual for more InnoDB related options. There are many!
innodb_file_per_table
innodb_data_file_path=ibdata1:10M:autoextend
#
# * Unix socket authentication plugin is built-in since 10.0.22-6
#
# Needed so the root database user can authenticate without a password but
# only when running as the unix root user.
#
# Also available for other users if required.
# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
# this is only for embedded server
[embedded]
# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]
# This group is only read by MariaDB-10.3 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.3]

43
roles/mariadb/files/backup_mysql.sh Normal file
View File

@@ -0,0 +1,43 @@
#!/bin/bash
##########
# THIS FILE IS MANAGED BY ANSIBLE
# ANY MODIFICATION IS LIKELY TO BE ERASED
##########
##############################################
# Nom : backup_mysql.sh
# Objet : Dump les bases mysql
# listees dans $backup_db_list
# dans le dossier $backup_dump_path, un sous-dossier par base
###############################################
# Chemin de stockage des dump
backup_dump_path="/srv/backup/mysql/"
# Liste des bases a sauvegarder séparées par des espaces
backup_db_list=`echo -n 'show databases' | mysql | grep -v Database | grep -v _schema`
# Verifie que backup_dump_path existe, on crée sinon
if [ ! -d $backup_dump_path ] ; then mkdir -p $backup_dump_path ; fi
# On se deplace dans le dossier, et on purge les fichiers plus vieux que backup_max_age
cd $backup_dump_path
mysqlcheck --all-databases > /srv/mysql/check
# Pour chaque base a sauvegarder
for backup_db_name in $backup_db_list
do
# Verifie si un dossier existe pour cette base, on cree si non
if [ ! -d ./$backup_db_name ] ; then mkdir ./$backup_db_name ; fi
cd ./$backup_db_name
# On dump
mysqldump --events $backup_db_name | gzip > $backup_db_name.sql.gz
cd ..
done
# On s'assure que nimporte qui ne peut lire les dump
chmod a-rwx,u+rwX -R $backup_dump_path

4
roles/mariadb/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart mariadb
service:
name: mariadb
state: restarted

87
roles/mariadb/tasks/main.yml Normal file
View File

@@ -0,0 +1,87 @@
- name: install mariadb
package:
name: mariadb-server
state: present
- name: create mysql directory
file:
path: /srv/mysql
owner: mysql
group: mysql
state: directory
- name: populate mysql directory
command: /usr/bin/mysql_install_db --datadir=/srv/mysql
args:
creates: /srv/mysql/ibdata1
notify: restart mariadb
- name: replace conffile
copy:
src: files/50-server.cnf
dest: /etc/mysql/mariadb.conf.d/50-server.cnf
notify: restart mariadb
- name: debian upgrade file conf
template:
src: debian.cnf.j2
dest: /etc/mysql/debian.cnf
owner: root
group: root
mode: '0600'
notify: restart mariadb
- name: force handlers
meta: flush_handlers
- name: install python-mysql
package:
name: "{{ item }}"
state: present
loop:
- python-pymysql
- python3-pymysql
- name: root password
mysql_user:
login_user: root
host: "{{ item }}"
name: root
password: "{{ mariadb_root_pass }}"
loop:
- "localhost"
- "127.0.0.1"
- "::1"
- name: put .my.cnf file
template:
src: dot.my.cnf.j2
dest: ~/.my.cnf
mode: '0600'
- name: scripted version of mysql_secure_installation
command: "{{ item }}"
args:
warn: false
creates: ~/mysql_secure_installation
loop:
- "mysql -e \"DELETE FROM mysql.user WHERE User='';\""
- "mysql -e \"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');\""
- "mysql -e \"DROP DATABASE IF EXISTS test;\""
- "mysql -e \"DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';\""
- "mysql -e \"FLUSH PRIVILEGES;\""
- touch ~/mysql_secure_installation
- name: install backup script
copy:
src: files/backup_mysql.sh
dest: /usr/local/bin/backup_mysql.sh
mode: '0755'
- name: cron backup script
cron:
name: "MariaDB backup"
hour: "{{ mariadb_backup_hour }}"
minute: "{{ mariadb_backup_minute }}"
job: "/usr/local/bin/backup_mysql.sh"
state: present

12
roles/mariadb/templates/debian.cnf.j2 Normal file
View File

@@ -0,0 +1,12 @@
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = {{ mariadb_root_pass }}
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password = {{ mariadb_root_pass }}
socket = /var/run/mysqld/mysqld.sock
basedir = /usr

3
roles/mariadb/templates/dot.my.cnf.j2 Normal file
View File

@@ -0,0 +1,3 @@
[client]
user = root
password = {{ mariadb_root_pass }}