121 lines
2.9 KiB
YAML
121 lines
2.9 KiB
YAML
---
|
|
|
|
# debian package has sane defaults and listens on localhost only
|
|
|
|
- name: install mariadb
|
|
apt:
|
|
name:
|
|
- mariadb-server
|
|
- mariadb-client
|
|
- python3-pymysql
|
|
- gzip
|
|
state: present
|
|
tags:
|
|
- packages
|
|
|
|
- name: mariadb sever config
|
|
template:
|
|
src: 50-server.cnf.j2
|
|
dest: /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
notify: restart mariadb
|
|
|
|
- name: ensure mariadb service is running
|
|
service:
|
|
name: mariadb
|
|
state: started
|
|
|
|
- name: create dump destination
|
|
file:
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0770
|
|
path: "{{ mariadb_dump_path }}"
|
|
when: mariadb_dump_path is defined
|
|
|
|
- name: create dbs
|
|
mysql_db:
|
|
name: "{{ item.mariadb_username|default(item.username) }}"
|
|
encoding: utf8mb4
|
|
collation: utf8mb4_general_ci
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
with_items: "{{ systemuserlist.values() | selectattr('mariadb', 'true') }}"
|
|
when:
|
|
- not item.mariadb_role_managed|default(false)
|
|
loop_control:
|
|
label: "{{ item.username }}"
|
|
tags:
|
|
- mariadb-users
|
|
|
|
- name: mariadb users without password
|
|
mysql_user:
|
|
name: "{{ item.mariadb_username|default(item.username) }}"
|
|
priv: "{{ item.mariadb_username|default(item.username) }}.*:ALL"
|
|
state: present
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
with_items: "{{ systemuserlist.values() | selectattr('mariadb', 'true') }}"
|
|
when:
|
|
- not item.mariadb_role_managed|default(false)
|
|
loop_control:
|
|
label: "{{ item.username }}"
|
|
tags:
|
|
- mariadb-users
|
|
|
|
- name: mariadb users with password
|
|
mysql_user:
|
|
name: "{{ item.mariadb_username|default(item.username) }}"
|
|
password: "{{ item.mariadb_pass }}"
|
|
host: "{{ item.mariadb_host | default(bridgewithdns_mariadb) }}"
|
|
priv: "{{ item.mariadb_username|default(item.username) }}.*:ALL"
|
|
state: present
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
with_items: "{{ systemuserlist.values() | selectattr('mariadb', 'true') }}"
|
|
when:
|
|
- '"mariadb_pass" in item'
|
|
- not item.mariadb_role_managed|default(false)
|
|
loop_control:
|
|
label: "{{ item.username }}"
|
|
tags:
|
|
- mariadb-users
|
|
|
|
- name: backup script
|
|
template:
|
|
src: mariadb_backup.sh.j2
|
|
dest: /usr/local/bin/mariadb_backup.sh
|
|
owner: root
|
|
group: root
|
|
mode: 0770
|
|
tags:
|
|
- backup
|
|
- mariadb-backup
|
|
|
|
- name: backup cron
|
|
template:
|
|
src: mariadb_backup_cron.j2
|
|
dest: /etc/cron.d/mariadb_backup_cron
|
|
tags:
|
|
- backup
|
|
- mysql-users
|
|
|
|
- name: cleanup
|
|
file:
|
|
path: users.sql.j2
|
|
state: absent
|
|
|
|
- name: enable filebeat mysql module
|
|
command: filebeat modules enable mysql
|
|
register: filebeat_enable_mysql
|
|
changed_when: "'Enabled mysql' in filebeat_enable_mysql.stdout"
|
|
|
|
- name: template filebeat module
|
|
template:
|
|
src: filebeat-mysql.yml.j2
|
|
dest: "/etc/filebeat/modules.d/mysql.yml"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- filebeat-input
|
|
- filebeat
|
|
notify: restart filebeat
|