104 lines
2.6 KiB
YAML
104 lines
2.6 KiB
YAML
---
|
|
|
|
- name: Install mariadb and mysqltuner
|
|
ansible.builtin.package:
|
|
name:
|
|
- mariadb-server
|
|
- mysqltuner
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Put mariadb configuration file
|
|
ansible.builtin.template:
|
|
src: 50-server.cnf.j2
|
|
dest: /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
mode: "0o644"
|
|
notify: Restart mariadb
|
|
|
|
- name: Upgrade debian configuration file
|
|
ansible.builtin.template:
|
|
src: debian.cnf.j2
|
|
dest: /etc/mysql/debian.cnf
|
|
owner: root
|
|
group: root
|
|
mode: "0o600"
|
|
notify: Restart mariadb
|
|
|
|
- name: Force handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Install python-mysql
|
|
ansible.builtin.package:
|
|
name: python3-pymysql
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Check if .my.cnf file exists
|
|
ansible.builtin.stat:
|
|
path: /root/.my.cnf
|
|
register: dot_my_cnf
|
|
|
|
- name: Set root password
|
|
community.mysql.mysql_user:
|
|
login_unix_socket: "/var/run/mysqld/mysqld.sock"
|
|
host: localhost
|
|
name: root
|
|
password: "{{ mariadb_root_pass }}"
|
|
when: not dot_my_cnf.stat.exists
|
|
|
|
- name: Put .my.cnf file
|
|
ansible.builtin.template:
|
|
src: dot.my.cnf.j2
|
|
dest: ~/.my.cnf
|
|
mode: "0o600"
|
|
|
|
- name: Set root password (follow-up)
|
|
community.mysql.mysql_user:
|
|
login_user: root
|
|
host: "{{ item }}"
|
|
name: root
|
|
password: "{{ mariadb_root_pass }}"
|
|
loop:
|
|
- "localhost"
|
|
- "127.0.0.1"
|
|
- "::1"
|
|
|
|
- name: Exec scripted version of mysql_secure_installation
|
|
ansible.builtin.command:
|
|
cmd: "{{ item }}"
|
|
creates: ~/mysql_secure_installation
|
|
loop:
|
|
- "mysql -e \"DELETE FROM mysql.user WHERE User='';\""
|
|
- "mysql -e \"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');\""
|
|
- "mysql -e \"DROP DATABASE IF EXISTS test;\""
|
|
- "mysql -e \"DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';\""
|
|
- "mysql -e \"FLUSH PRIVILEGES;\""
|
|
- touch ~/mysql_secure_installation
|
|
|
|
- name: Create MariaDB service dir
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/mariadb.service.d/
|
|
state: directory
|
|
mode: "0o755"
|
|
|
|
- name: Create MariaDB service override
|
|
ansible.builtin.copy:
|
|
src: files/override.conf
|
|
dest: /etc/systemd/system/mariadb.service.d/override.conf
|
|
mode: "0o644"
|
|
notify: Restart mariadb
|
|
|
|
- name: Install backup script
|
|
ansible.builtin.copy:
|
|
src: files/backup_mysql.sh
|
|
dest: /usr/local/bin/backup_mysql.sh
|
|
mode: "0o755"
|
|
|
|
- name: Cron backup script
|
|
ansible.builtin.cron:
|
|
name: "MariaDB backup"
|
|
hour: "{{ mariadb_backup_hour }}"
|
|
minute: "{{ mariadb_backup_minute }}"
|
|
job: "/usr/local/bin/backup_mysql.sh"
|
|
state: present
|