156 lines
3.5 KiB
YAML
156 lines
3.5 KiB
YAML
---
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- mariadb-server
|
|
- python3-PyMySQL
|
|
|
|
- name: Fix SELinux contexts from data directory
|
|
community.general.sefcontext:
|
|
path: "/export/mariadb(/.*)?"
|
|
setype: mysqld_db_t
|
|
|
|
- name: Create data directory
|
|
ansible.builtin.file:
|
|
path: /export/mariadb
|
|
state: directory
|
|
mode: "0750"
|
|
owner: mysql
|
|
group: mysql
|
|
setype: _default
|
|
|
|
- name: Link data diretory
|
|
ansible.builtin.file:
|
|
dest: /srv/mariadb
|
|
src: /export/mariadb
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|
|
|
|
- name: Configure data directory
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/my.cnf.d/mariadb-server.cnf
|
|
regexp: "^datadir=.*"
|
|
line: datadir=/srv/mariadb
|
|
notify: Restart mariadb
|
|
|
|
- name: Create additional config directory
|
|
ansible.builtin.file:
|
|
path: /etc/mysql
|
|
state: directory
|
|
mode: "0750"
|
|
owner: root
|
|
group: mysql
|
|
|
|
- name: Allow mysql user to read private key
|
|
ansible.builtin.user:
|
|
name: mysql
|
|
groups: hostkey
|
|
append: true
|
|
notify: Restart mariadb
|
|
|
|
- name: Create TLS configuration
|
|
ansible.builtin.template:
|
|
dest: /etc/my.cnf.d/tls.cnf
|
|
src: tls.cnf.j2
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart mariadb
|
|
|
|
- name: Create local configuration
|
|
ansible.builtin.copy:
|
|
dest: /etc/my.cnf.d/local.cnf
|
|
src: local.cnf
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart mariadb
|
|
|
|
- name: Enable service
|
|
ansible.builtin.service:
|
|
name: mariadb
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Set root password
|
|
community.mysql.mysql_user:
|
|
name: root
|
|
password: "{{ mariadb_root_password }}"
|
|
login_user: root
|
|
login_password: "{{ mariadb_root_password }}"
|
|
check_implicit_admin: true
|
|
login_unix_socket: /var/lib/mysql/mysql.sock
|
|
no_log: true
|
|
when: mariadb_root_password is defined
|
|
|
|
- name: Create root .my.cnf
|
|
ansible.builtin.template:
|
|
dest: /root/.my.cnf
|
|
src: my.cnf.j2
|
|
mode: "0600"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
when: mariadb_root_password is defined
|
|
|
|
- name: Import sftpuser role
|
|
ansible.builtin.import_role:
|
|
name: sftpuser
|
|
|
|
- name: Create backup directory
|
|
ansible.builtin.file:
|
|
path: /export/backup
|
|
state: directory
|
|
mode: "02750"
|
|
owner: root
|
|
group: backup
|
|
|
|
- name: Link backup directory
|
|
ansible.builtin.file:
|
|
path: /srv/backup
|
|
src: /export/backup
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|
|
|
|
- name: Copy backup script
|
|
ansible.builtin.copy:
|
|
dest: /usr/local/sbin/mariadb-backup
|
|
src: mariadb-backup.sh
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Create backup cron job
|
|
ansible.builtin.cron:
|
|
name: mariadb-backup
|
|
job: /usr/local/sbin/mariadb-backup
|
|
hour: "0"
|
|
minute: "30"
|
|
|
|
- name: Add logrotate job for query log
|
|
ansible.builtin.copy:
|
|
dest: /etc/logrotate.d/mariadb-querylog
|
|
src: mariadb-querylog.logrotate
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Copy script to check timezone data
|
|
ansible.builtin.copy:
|
|
dest: /usr/local/sbin/mysql_tzinfo_check
|
|
src: mysql_tzinfo_check.sh
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Create cron job for checking timezone data
|
|
ansible.builtin.cron:
|
|
name: mysql_tzinfo_check
|
|
job: /usr/local/sbin/mysql_tzinfo_check
|
|
hour: "3"
|
|
minute: "15"
|