gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2c64432d1e'
${ noResults }
hetzner-ansible/roles/maria/tasks/main.yml

159 lines
4.6 KiB
YAML
Raw Blame History

---
### tags:
- name: "Add apt-key for "
ansible.builtin.apt_key:
url: https://mariadb.org/mariadb_release_signing_key.asc
state: present
- name: "Add source repository for mariadb-server"
ansible.builtin.apt_repository:
repo: "deb [arch=amd64] https://ftp.agdsn.de/pub/mirrors/mariadb/repo/{{ mariadb_server_version }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
state: present
- name: "Install MariaDB "# noqa package-latest
package:
name: "{{ item }}"
state: latest
with_items:
- mariadb-server
- mariadb-backup
- python3-pymysql
- name: "Set vars"
set_fact:
cert_private_key: '{{ mariadb_server_config_dir }}/{{ inventory_hostname }}.{{ domain }}-key.pem'
cert_public_key: '{{ mariadb_server_config_dir }}/{{ inventory_hostname }}.{{ domain }}-crt.pem'
ca_cert: '{{ mariadb_server_config_dir }}/ca-certificate.pem'
- name: "Include role for self-signed CA"
include_role:
name: selfsigned_ca
- name: "Create certs with selfsigned CA"
include_role:
name: selfsigned_ca
tasks_from: _create_cert
vars:
selfsigned_ca_cert_private_key: '{{ cert_private_key }}'
selfsigned_ca_cert_private_key_group: mysql
selfsigned_ca_cert_public_key: '{{ cert_public_key }}'
selfsigned_ca_cacert: '{{ ca_cert }}'
selfsigned_ca_cert_subject:
CN: '{{ inventory_hostname }}.{{ domain }}'
selfsigned_ca_cert_altnames:
- 'DNS:{{ inventory_hostname }}.{{ domain }}'
- 'DNS:{{ inventory_hostname }}'
selfsigned_ca_trigger_handler: restart mysql
- name: "Create global my.cnf for mariadb"
copy:
dest: '{{ mariadb_server_global_my_cnf }}'
owner: root
group: root
mode: '0644'
content: |
{{ ansible_managed | comment }}
!includedir /etc/mysql/mariadb.conf.d/
notify: restart mysql
- name: "Create mariadb cnf file"
vars:
mariadb_server_bind_address: '{{ stage_private_server_ip }}'
template:
src: 50-server.cnf
dest: '{{ mariadb_server_config_dir }}/'
mode: '0644'
owner: root
group: root
notify: restart mysql
- name: Ensure service is started
service:
name: mariadb
state: started
enabled: yes
- name: Check if root password is set
shell: >
mysqladmin -u root status
changed_when: false
failed_when: false
register: root_pwd_check
- name: Set MariaDB root password for the first time
community.mysql.mysql_user:
name: root
password: "{{ mysql_root_password }}"
host_all: yes
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
when: root_pwd_check.rc == 0
- name: Ensure MySQL databases are present.
community.mysql.mysql_db:
name: "{{ item.name }}"
collation: "{{ item.collation | default('utf8_general_ci') }}"
encoding: "{{ item.encoding | default('utf8') }}"
state: "{{ item.state | default('present') }}"
login_unix_socket: /run/mysqld/mysqld.sock
login_password: "{{ mysql_root_password }}"
with_items: "{{ mysql_databases }}"
when: mysql_databases is defined
- name: Ensure MySQL users are present.
community.mysql.mysql_user:
name: "{{ item.name }}"
password: "{{ item.password }}"
priv: "{{ item.priv | default('*.*:USAGE') }}"
state: "{{ item.state | default('present') }}"
append_privs: "{{ item.append_privs | default('no') }}"
encrypted: "{{ item.encrypted | default('no') }}"
login_unix_socket: /run/mysqld/mysqld.sock
login_password: "{{ mysql_root_password }}"
host: "{{ item.host }}"
with_items: "{{ mysql_users }}"
when: mysql_users is defined
- name: "Install promethues mysqld-exporter"
include_tasks: install_mysqld_exporter.yml
when: mariadb_server_with_mysqld_exporter | default(True)
- name: 'Ensures <{{ backup_directory }}> directory exists'
file:
state: directory
path: '{{ backup_directory }}'
mode: 0755
- name: "Copy testdb.sql to ensure test DB"
copy:
src: '{{ item }}'
dest: '/tmp/{{ item }}'
mode: '0444'
owner: root
group: root
loop:
- testdb.sql
- name: "Ensure test DB"
community.mysql.mysql_db:
login_unix_socket: /run/mysqld/mysqld.sock
login_password: "{{ mysql_root_password }}"
name: dummytestdb
state: import
target: /tmp/testdb.sql
- name: "Do stuff for M-M-replication"
throttle: 1
block:
- name: "Init M-S-replication-setup"
include_tasks: replication.yml
vars:
mysql_replication_master: "{{ master }}"
mysql_replication_slave: "{{ slave }}"
import_dump: "{{ mysql_import | default(False) }}"
when:
- mysql_mastermaster_replication | default(False)
- mysql_mastermaster_replication_init | default(False)
Reference in New Issue View Git Blame Copy Permalink