gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b4937db87a'
${ noResults }
hetzner-ansible/roles/restore_maria/tasks/main.yml

77 lines
2.1 KiB
YAML
Raw Blame History

---
- name: "Set vars"
set_fact:
cert_private_key: '/etc/mysql/conf.d/{{ inventory_hostname }}.{{ domain }}-key.pem'
cert_public_key: '/etc/mysql/conf.d/{{ inventory_hostname }}.{{ domain }}-crt.pem'
ca_cert: '/etc/mysql/conf.d/ca-certificate.pem'
# DEV-375
# "fixes" error for mysql-connect as root-user
# it's just a restore server ...
- name: "Ensure passwordless mysql-connect for root "
copy:
dest: '/root/.my.cnf'
owner: root
group: root
mode: '0600'
content: |
[client]
user={{ mysql_root_username }}
password={{ mysql_root_password }}
- name: "Install mariadb via include_role"
vars:
mysql_packages:
- mariadb-client
- mariadb-server
- mariadb-backup
mysql_bind_address: '{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(shared_service_network) | first }}'
# mysql_config_include_files:
# - src: 50-ssl.cnf
include_role:
name: geerlingguy.mysql
- name: "Include role for self-signed CA"
include_role:
name: selfsigned_ca
- name: "Create certs with selfsigned CA"
include_role:
name: selfsigned_ca
tasks_from: _create_cert
vars:
selfsigned_ca_cert_private_key: '{{ cert_private_key }}'
selfsigned_ca_cert_private_key_group: mysql
selfsigned_ca_cert_public_key: '{{ cert_public_key }}'
selfsigned_ca_cacert: '{{ ca_cert }}'
selfsigned_ca_cert_subject:
CN: '{{ inventory_hostname }}.{{ domain }}'
selfsigned_ca_cert_altnames:
- 'DNS:{{ inventory_hostname }}.{{ domain }}'
selfsigned_ca_trigger_handler: restart mysql
- name: "Copy restore script to restore server"
copy:
src: restore.sh
dest: '/root/restore.sh'
mode: '0750'
owner: root
group: root
- name: "Create file for gpg secret key"
become: yes
copy:
dest: '/root/gpg_private_key'
mode: '0600'
owner: 'root'
group: 'root'
content: |
{{ gpg_key_smardigo_automation__private }}
- name: "Import private gpg key" # noqa command-instead-of-shell
become: yes
shell: 'gpg --import /root/gpg_private_key'
register: gpg_import
changed_when:
- gpg_import.rc != '0'
Reference in New Issue View Git Blame Copy Permalink