--- - name: "Set vars" set_fact: cert_private_key: '/etc/mysql/conf.d/{{ inventory_hostname }}.{{ domain }}-key.pem' cert_public_key: '/etc/mysql/conf.d/{{ inventory_hostname }}.{{ domain }}-crt.pem' ca_cert: '/etc/mysql/conf.d/ca-certificate.pem' # DEV-375 # "fixes" error for mysql-connect as root-user # it's just a restore server ... - name: "Ensure passwordless mysql-connect for root " copy: dest: '/root/.my.cnf' owner: root group: root mode: '0600' content: | [client] user={{ mysql_root_username }} password={{ mysql_root_password }} - name: "Install mariadb via include_role" vars: mysql_packages: - mariadb-client - mariadb-server - mariadb-backup mysql_bind_address: '{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(shared_service_network) | first }}' # mysql_config_include_files: # - src: 50-ssl.cnf include_role: name: geerlingguy.mysql - name: "Include role for self-signed CA" include_role: name: selfsigned_ca - name: "Create certs with selfsigned CA" include_role: name: selfsigned_ca tasks_from: _create_cert vars: selfsigned_ca_cert_private_key: '{{ cert_private_key }}' selfsigned_ca_cert_private_key_group: mysql selfsigned_ca_cert_public_key: '{{ cert_public_key }}' selfsigned_ca_cacert: '{{ ca_cert }}' selfsigned_ca_cert_subject: CN: '{{ inventory_hostname }}.{{ domain }}' selfsigned_ca_cert_altnames: - 'DNS:{{ inventory_hostname }}.{{ domain }}' selfsigned_ca_trigger_handler: restart mysql - name: "Copy restore script to restore server" copy: src: restore.sh dest: '/root/restore.sh' mode: '0750' owner: root group: root - name: "Create file for gpg secret key" become: yes copy: dest: '/root/gpg_private_key' mode: '0600' owner: 'root' group: 'root' content: | {{ gpg_key_smardigo_automation__private }} - name: "Import private gpg key" # noqa command-instead-of-shell become: yes shell: 'gpg --import /root/gpg_private_key' register: gpg_import changed_when: - gpg_import.rc != '0'