Added roles for mysql

5 years ago · 80dc14fd96
parent 3910b1bac6
commit 80dc14fd96
6 changed files with 115 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -13,3 +13,6 @@ Following roles have been defined to make creating a server configuration easy:
 - **bootstrap** defines a way to connect to a server which has not been configured yet
 - **common** defines the installation of common packages and common configurations like firewall
 - **hostname** configures the hostname for a given host
+- **mysql** defines roles for handling mysql databases and users, uses *MariaDB*
+  - **application** installs the main application with automatic backup
+  - **database** configures a database for an external application with its own user
--- a/roles/mysql/application/defaults/main.yml
+++ b/roles/mysql/application/defaults/main.yml
@ -0,0 +1,3 @@
+---
+
+mysql_root_password: "{{ lookup('password', '/etc/ansible-credentials/mysql/root length=80' ) }}"
--- a/roles/mysql/application/handlers/main.yml
+++ b/roles/mysql/application/handlers/main.yml
@ -0,0 +1,6 @@
+---
+
+- name: restart mysql
+  service:
+    name: mysql
+    state: restarted
--- a/roles/mysql/application/tasks/main.yml
+++ b/roles/mysql/application/tasks/main.yml
@ -0,0 +1,81 @@
+---
+
+- name: Install dependencies for mysql database
+  apt:
+    state: present
+    name:
+      - mariadb-server
+      - mariadb-client
+
+- name: Install ansible dependencies for configuring
+  pip:
+    state: present
+    name:
+      - PyMySQL
+
+- name: Lock root user for localhost
+  mysql_user:
+    user: "root"
+    password: "{{ mysql_root_password }}"
+    host: "localhost"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Remove test user for public
+  mysql_user:
+    user: ""
+    host: "{{ ansible_fqdn }}"
+    state: "absent"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Remove test user in general
+  mysql_user:
+    user: ""
+    state: absent
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Lock root user for ::1
+  mysql_user:
+    user: "root"
+    password: "{{ mysql_root_password }}"
+    host: "::1"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Lock root user for 127.0.0.1
+  mysql_user:
+    user: "root"
+    password: "{{ mysql_root_password }}"
+    host: "127.0.0.1"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Lock root user for localhost
+  mysql_user:
+    user: "root"
+    password: "{{ mysql_root_password }}"
+    host: "localhost"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Disable public root user access
+  mysql_user:
+    user: "root"
+    host: "{{ ansible_fqdn }}"
+    state: absent
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Remove mysql test database
+  mysql_db:
+    db: "test"
+    state: absent
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Configure innodb of mysql
+  copy:
+    dest: "/etc/mysql/conf.d/innodb.cnf"
+    content: |
+      [mysqld]
+      innodb_large_prefix=ON
+      innodb_file_format=barracuda
+      innodb_file_per_table=ON
+  notify:
+    - restart mysql
+
+# TODO Configure automatic local backup
--- a/roles/mysql/database/meta/main.yml
+++ b/roles/mysql/database/meta/main.yml
@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: mysql/application
--- a/roles/mysql/database/tasks/main.yml
+++ b/roles/mysql/database/tasks/main.yml
@ -0,0 +1,18 @@
+---
+
+- meta: flush_handlers
+
+- name: Create SQL user {{ user }}
+  mysql_user:
+    state: present
+    host: localhost
+    user: "{{ user }}"
+    password: "{{ pass }}"
+    update_password: always
+    priv: "{{ name }}.*:ALL"
+    login_unix_socket: "/var/run/mysqld/mysqld.sock"
+
+- name: Create SQL database {{ name }}
+  mysql_db:
+    db: "{{ name }}"
+    login_unix_socket: "/var/run/mysqld/mysqld.sock"