diff --git a/group_vars/maria/plain.yml b/group_vars/maria/plain.yml new file mode 100644 index 0000000..f697ab5 --- /dev/null +++ b/group_vars/maria/plain.yml @@ -0,0 +1,24 @@ +--- + +hetzner_server_type: cpx11 +hetzner_server_labels: "stage={{ stage }} service=maria" + +mysql_databases: [ + { + name: "demo01", + collation: "utf8_general_ci", + encoding: "utf8", + } +] + +mysql_users: [ + { + name: "demo01", + host: "%", + password: "demo01", + priv: "demo01.*:ALL", + } +] + +mysql_root_username: "root" +mysql_root_password: "maria-admin" diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index 6ac1478..bae4983 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -14,6 +14,7 @@ shared_service_elastic_03: "10.0.0.4" shared_service_iam_ip: "10.0.0.13" shared_service_keycloak_ip: "10.0.0.6" shared_service_mail_ip: "10.0.0.8" +shared_service_maria_ip: "10.0.0.19" shared_service_pg_master_ip: "10.0.0.17" shared_service_pg_slave_ip: "10.0.0.18" shared_service_webdav_ip: "10.0.0.16" @@ -23,6 +24,7 @@ shared_service_docker_registry_hostname: "dev-docker-registry-01.smardigo.digita shared_service_iam_hostname: "dev-iam-01.smardigo.digital" shared_service_keycloak_hostname: "dev-keycloak-01.smardigo.digital" shared_service_mail_hostname: "dev-mail-01.smardigo.digital" +shared_service_maria_hostname: "dev-maria-01.smardigo.digital" shared_service_pg_master_hostname: "dev-postgres-01.smardigo.digital" shared_service_pg_slave_hostname: "dev-postgres-02.smardigo.digital" shared_service_webdav_hostname: "dev-webdav-01.smardigo.digital" @@ -52,6 +54,10 @@ shared_service_hosts: [ ip: "{{ shared_service_mail_ip }}", name: "{{ shared_service_mail_hostname }}" }, + { + ip: "{{ shared_service_maria_ip }}", + name: "{{ shared_service_maria_hostname }}" + }, { ip: "{{ shared_service_pg_master_ip }}", name: "{{ shared_service_pg_master_hostname }}" diff --git a/roles/maria/defaults/main.yml b/roles/maria/defaults/main.yml new file mode 100644 index 0000000..091ca6a --- /dev/null +++ b/roles/maria/defaults/main.yml @@ -0,0 +1,2 @@ +--- +mysql_root_password: "abc123" diff --git a/roles/maria/tasks/main.yml b/roles/maria/tasks/main.yml new file mode 100644 index 0000000..1fa52c0 --- /dev/null +++ b/roles/maria/tasks/main.yml @@ -0,0 +1,89 @@ +--- + +- name: "Send mattermost message" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages + +- name: Update + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + +- name: MariaDB | install + package: + name: "{{ item }}" + state: latest + with_items: + - mariadb-server + - python3-pymysql + +- name: Fix binding.. + ansible.builtin.lineinfile: + path: /etc/mysql/mariadb.conf.d/50-server.cnf + regexp: '^bind-address' + line: 'bind-address={{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(shared_service_network) | first }}' + +- name: Ensure service is started + service: + name: mariadb + state: restarted + enabled: yes + +- name: Check if root password is set + shell: > + mysqladmin -u root status + changed_when: false + failed_when: false + register: root_pwd_check + +- name: Set MariaDB root password for the first time + mysql_user: + name: root + password: "{{ mysql_root_password }}" + host_all: yes + login_unix_socket: /var/run/mysqld/mysqld.sock + state: present + when: root_pwd_check.rc == 0 + +- name: Ensure MySQL databases are present. + mysql_db: + name: "{{ item.name }}" + collation: "{{ item.collation | default('utf8_general_ci') }}" + encoding: "{{ item.encoding | default('utf8') }}" + state: "{{ item.state | default('present') }}" + config_file: "/etc/mysql/mariadb.conf.d/50-client.cnf" + login_password: "{{ mysql_root_password }}" + with_items: "{{ mysql_databases }}" + +- name: Ensure MySQL users are present. + mysql_user: + name: "{{ item.name }}" + password: "{{ item.password }}" + priv: "{{ item.priv | default('*.*:USAGE') }}" + state: "{{ item.state | default('present') }}" + append_privs: "{{ item.append_privs | default('no') }}" + encrypted: "{{ item.encrypted | default('no') }}" + config_file: "/etc/mysql/mariadb.conf.d/50-client.cnf" + login_password: "{{ mysql_root_password }}" + host: "{{ item.host }}" + with_items: "{{ mysql_users }}" + +- name: "Send mattermost messsge" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages diff --git a/smardigo.yml b/smardigo.yml index 40c0e9a..ce22e97 100644 --- a/smardigo.yml +++ b/smardigo.yml @@ -25,7 +25,7 @@ - awx_config - name: "Set current server infos as fact: hetzner_server_infos_json" - set_fact: + set_fact: hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" delegate_to: 127.0.0.1 become: false @@ -67,10 +67,10 @@ when: "'postgres' in group_names" - role: prometheus when: "'prometheus' in group_names" - + - role: maria + when: "'maria' in group_names" - role: awx when: "'awx' in group_names" - - role: iam when: "'iam' in group_names" - role: webdav diff --git a/stage-dev b/stage-dev index 7115b81..311734b 100644 --- a/stage-dev +++ b/stage-dev @@ -19,6 +19,9 @@ dev-iam-01 [keycloak] dev-keycloak-01 +[maria] +dev-maria-01 + [postfix] dev-mail-01 @@ -39,6 +42,7 @@ elastic harbor iam keycloak +maria postfix postgres prometheus