Compare commits
No commits in common. "master" and "tpiccioli-patch-1" have entirely different histories.
master
...
tpiccioli-
|
|
@ -1,63 +1,25 @@
|
|||
---
|
||||
mysql_enabled: true
|
||||
mysql_installs_mariadb: true
|
||||
mysql_service_name: "{% if mysql_installs_mariadb %}mariadb{% else %}mysql{% endif %}"
|
||||
mysql_enabled: True
|
||||
mysql_pkg_state: present
|
||||
mysql_conf_dir: /etc/mysql/conf.d
|
||||
mysql_service_conf_dir: "{% if mysql_installs_mariadb %}/etc/mysql/mariadb.conf.d{% else %}/etc/mysql/mysql.conf.d{% endif %}"
|
||||
mysql_service_conf_dir: /etc/mysql/mysql.conf.d
|
||||
mysql_socket: /run/mysqld/mysqld.sock
|
||||
mysql_data_dir: /var/lib/mysql
|
||||
mysql_log_dir: /var/log/mysql
|
||||
# If you move it, the apparmor configuration must be updated accordingly on Debian/Ubuntu hosts
|
||||
mysql_binlog_dir: '{{ mysql_data_dir }}'
|
||||
|
||||
mysql_use_ssl: true
|
||||
mysql_use_letsencrypt_certificates: '{% if letsencrypt_acme_install %}true{% else %}false{% endif %}'
|
||||
mysql_letsencrypt_certificates: '{{ mysql_use_letsencrypt_certificates | bool }}'
|
||||
mysql_use_ssl: True
|
||||
mysql_letsencrypt_certificates: True
|
||||
|
||||
# python-mysqldb is needed by ansible to manage users and databases
|
||||
mysql_packages_list:
|
||||
- mysql-server
|
||||
- mysql-client
|
||||
- "{% if ansible_distribution_version is version_compare('24.04', '<') %}mytop{% else %}mycli{% endif %}"
|
||||
- "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
|
||||
- "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-pymysql{% else %}python-pymysql{% endif %}"
|
||||
- "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-mysql.connector{% else %}python-mysql.connector{% endif %}"
|
||||
|
||||
mysql_mariadb_pkgs:
|
||||
- mariadb-server
|
||||
- mariadb-client
|
||||
- "{% if ansible_distribution_version is version_compare('24.04', '<') %}mytop{% else %}mycli{% endif %}"
|
||||
- "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
|
||||
- "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-pymysql{% else %}python-pymysql{% endif %}"
|
||||
- "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-mysql.connector{% else %}python-mysql.connector{% endif %}"
|
||||
|
||||
mariadb_server_conf_file: /etc/mysql/mariadb.conf.d/50-server.cnf
|
||||
mariadb_server_conf_params:
|
||||
- section: mysqld
|
||||
option: bind-address
|
||||
value: '{% if mysql_listen_on_ext_int %}0.0.0.0{% else %}127.0.0.1{% endif %}'
|
||||
state: present
|
||||
- section: mysqld
|
||||
option: skip-name-resolve
|
||||
value: ''
|
||||
state: '{% if mysql_skip_name_resolve %}present{% else %}absent{% endif %}'
|
||||
- section: mysqld
|
||||
option: port
|
||||
value: '{{ mysql_db_port }}'
|
||||
state: present
|
||||
- section: mysqld
|
||||
option: socket
|
||||
value: '{{ mysql_socket }}'
|
||||
state: present
|
||||
- section: mysqld
|
||||
option: datadir
|
||||
value: '{{ mysql_data_dir }}'
|
||||
state: present
|
||||
- section: mysqld
|
||||
option: max-connections
|
||||
value: '{{ mysql_db_max_connections }}'
|
||||
state: present
|
||||
- mytop
|
||||
- python-mysqldb
|
||||
- python-pymysql
|
||||
- python-mysql.connector
|
||||
|
||||
mysql_db_name: db_name
|
||||
mysql_db_user: db_user
|
||||
|
|
@ -84,7 +46,7 @@ mysql_db_innodb_log_file_size: 64M
|
|||
mysql_db_innodb_log_buffer_size: 9M
|
||||
mysql_safe_open_files_limit: 1024
|
||||
mysql_max_allowed_packet: 16M
|
||||
mysql_skip_name_resolve: true
|
||||
mysql_skip_name_resolve: True
|
||||
|
||||
mysql_listen_on_ext_int: False
|
||||
#mysql_db_data:
|
||||
|
|
|
|||
|
|
@ -1,65 +1,40 @@
|
|||
---
|
||||
# 'localhost' needs to be the last item for idempotency, the mysql_user docs
|
||||
- name: configure_root_access | Secure the mysql root user with a password
|
||||
community.mysql.mysql_user:
|
||||
name: root
|
||||
host: "{{ item }}"
|
||||
password: "{{ mysql_root_password }}"
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
no_log: true
|
||||
- name: Secure the mysql root user with a password
|
||||
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} login_unix_socket={{ mysql_socket }}
|
||||
when: mysql_root_password is defined
|
||||
loop:
|
||||
with_items:
|
||||
- '{{ ansible_hostname }}'
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
- '{{ ansible_hostname }}'
|
||||
- localhost
|
||||
# ignore_errors: true
|
||||
tags: ['mysql', 'mysql_root']
|
||||
ignore_errors: True
|
||||
tags: [ 'mysql', 'mysql_root' ]
|
||||
|
||||
- name: configure_root_access | Secure the mysql root user when no password has been defined
|
||||
community.mysql.mysql_user:
|
||||
name: root
|
||||
host: "{{ item }}"
|
||||
password: ""
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
- name: Secure the mysql root user when no password has been defined
|
||||
mysql_user: name=root host={{ item }} password="" login_unix_socket={{ mysql_socket }}
|
||||
when: mysql_root_password is not defined
|
||||
loop:
|
||||
with_items:
|
||||
- '{{ ansible_hostname }}'
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
- '{{ ansible_hostname }}'
|
||||
- localhost
|
||||
no_log: true
|
||||
# ignore_errors: true
|
||||
tags: ['mysql', 'mysql_root']
|
||||
ignore_errors: True
|
||||
tags: [ 'mysql', 'mysql_root' ]
|
||||
|
||||
- name: configure_root_access | Install the .my.cnf file with root password credentials
|
||||
ansible.builtin.template:
|
||||
src: dot_my.cnf.j2
|
||||
dest: /root/.my.cnf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0400"
|
||||
- name: Install the .my.cnf file with root password credentials
|
||||
template: src=dot_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0400
|
||||
when: mysql_root_password is defined
|
||||
tags: ['mysql', 'mysql_root']
|
||||
tags: [ 'mysql', 'mysql_root' ]
|
||||
|
||||
- name: configure_root_access | Delete anonymous MySQL server user for the server hostname
|
||||
community.mysql.mysql_user:
|
||||
user: ""
|
||||
host: "{{ ansible_hostname }}"
|
||||
state: "absent"
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
tags: ['mysql', 'mysql_root']
|
||||
- name: delete anonymous MySQL server user for the server hostname
|
||||
mysql_user: user="" host="{{ ansible_hostname }}" state="absent" login_unix_socket={{ mysql_socket }}
|
||||
tags: [ 'mysql', 'mysql_root' ]
|
||||
|
||||
- name: configure_root_access | Delete anonymous MySQL server user for localhost
|
||||
community.mysql.mysql_user:
|
||||
user: ""
|
||||
state: "absent"
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
- name: delete anonymous MySQL server user for localhost
|
||||
mysql_user: user="" state="absent" login_unix_socket={{ mysql_socket }}
|
||||
tags: mysql
|
||||
|
||||
- name: configure_root_access | Remove the MySQL test database
|
||||
community.mysql.mysql_db:
|
||||
db: test
|
||||
state: absent
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
- name: remove the MySQL test database
|
||||
mysql_db: db=test state=absent login_unix_socket={{ mysql_socket }}
|
||||
tags: mysql
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
---
|
||||
- name: disable-mariadb-service | Stop and disable the mysql server if we do not want it running
|
||||
ansible.builtin.service:
|
||||
name: mysql
|
||||
state: stopped
|
||||
enabled: false
|
||||
- name: Stop and disable the mysql server if we do not want it running
|
||||
service: name=mysql state=stopped enabled=no
|
||||
when: not mysql_enabled
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
|
|
|
|||
|
|
@ -1,20 +1,15 @@
|
|||
---
|
||||
- name: Install the mysql/mariadb packages
|
||||
ansible.builtin.import_tasks: packages.yml
|
||||
- name: Configure mysql/mariadb
|
||||
ansible.builtin.import_tasks: mysql-conf.yml
|
||||
- import_tasks: packages.yml
|
||||
- import_tasks: mysql-conf.yml
|
||||
when: mysql_enabled | bool
|
||||
- name: Manage the mysql/mariadb service
|
||||
ansible.builtin.import_tasks: manage-mysql-service.yml
|
||||
- name: Configure the root user
|
||||
ansible.builtin.import_tasks: configure_root_access.yml
|
||||
- import_tasks: manage-mysql-service.yml
|
||||
- import_tasks: configure_root_access.yml
|
||||
when: mysql_enabled | bool
|
||||
- name: Eventually manage databases
|
||||
ansible.builtin.import_tasks: manage_my_db.yml
|
||||
- import_tasks: manage_my_db.yml
|
||||
when: mysql_enabled | bool
|
||||
- name: Configure a basic backup service
|
||||
ansible.builtin.import_tasks: mysql-backup.yml
|
||||
- import_tasks: mysql-backup.yml
|
||||
when: mysql_enabled | bool
|
||||
- name: Configure for letsencrypt
|
||||
ansible.builtin.import_tasks: mysql-letsencrypt.yml
|
||||
- import_tasks: mysql-letsencrypt.yml
|
||||
when: mysql_letsencrypt_certificates | bool
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,16 +1,11 @@
|
|||
---
|
||||
- name: manage-mysql-service | Ensure that the mysql server is enabled and running
|
||||
ansible.builtin.service:
|
||||
name: "{{ mysql_service_name }}"
|
||||
state: started
|
||||
enabled: true
|
||||
- name: Ensure that the mysql server is enabled and running
|
||||
service: name=mysql state=started enabled=yes
|
||||
when: mysql_enabled
|
||||
tags: ['mysql', 'mariadb']
|
||||
tags: [ 'mysql', 'mariadb' ]
|
||||
|
||||
- name: manage-mysql-service | Stop and disable the mysql server if we do not want it running
|
||||
ansible.builtin.service:
|
||||
name: "{{ mysql_service_name }}"
|
||||
state: stopped
|
||||
enabled: false
|
||||
- name: Stop and disable the mysql server if we do not want it running
|
||||
service: name=mysql state=stopped enabled=no
|
||||
when: not mysql_enabled
|
||||
tags: ['mysql', 'mariadb']
|
||||
tags: [ 'mysql', 'mariadb' ]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,43 +1,24 @@
|
|||
---
|
||||
- name: manage_my_db | Add databases to mysql, if any
|
||||
community.mysql.mysql_db:
|
||||
name: "{{ item.name }}"
|
||||
collation: "{{ item.collation }}"
|
||||
encoding: "{{ item.encoding }}"
|
||||
state: present
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
no_log: true
|
||||
- name: Add databases to mysql, if any
|
||||
mysql_db: name={{ item.name }} collation={{ item.collation }} encoding={{ item.encoding }} state=present login_unix_socket={{ mysql_socket }}
|
||||
with_items: '{{ mysql_db_data | default([]) }}'
|
||||
when: item.name is defined
|
||||
tags: ['mysql', 'mysql_db']
|
||||
tags: [ 'mysql', 'mysql_db' ]
|
||||
|
||||
- name: manage_my_db | Add a user for the databases
|
||||
community.mysql.mysql_user:
|
||||
name: "{{ item.0.user }}"
|
||||
password: "{{ item.0.pwd }}"
|
||||
host: "{{ item.1 }}"
|
||||
priv: "{{ item.0.name }}.*:{{ item.0.user_grant }}"
|
||||
state: present
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
no_log: true
|
||||
- name: Add a user for the databases
|
||||
mysql_user: name={{ item.0.user }} password={{ item.0.pwd }} host={{ item.1 }} priv="{{ item.0.name }}.*:{{ item.0.user_grant }}" state=present login_unix_socket={{ mysql_socket }}
|
||||
with_subelements:
|
||||
- '{{ mysql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when: item.0.name is defined
|
||||
tags: ['mysql', 'mysql_db', 'mysql_user']
|
||||
tags: [ 'mysql', 'mysql_db', 'mysql_user' ]
|
||||
|
||||
- name: manage_my_db | Additional user privileges, if defined
|
||||
community.mysql.mysql_user:
|
||||
name: "{{ item.0.user }}"
|
||||
append_privs: true
|
||||
priv: "{{ item.0.name }}.*:{{ item.0.additional_privs }}"
|
||||
state: present
|
||||
login_unix_socket: "{{ mysql_socket }}"
|
||||
no_log: true
|
||||
- name: Additional user privileges, if defined
|
||||
mysql_user: name={{ item.0.user }} append_privs=yes priv="{{ item.0.name }}.*:{{ item.0.additional_privs }}" state=present login_unix_socket={{ mysql_socket }}
|
||||
with_subelements:
|
||||
- '{{ mysql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- item.0.name is defined
|
||||
- item.0.additional_privs is defined
|
||||
tags: ['mysql', 'mysql_db', 'mysql_user']
|
||||
tags: [ 'mysql', 'mysql_db', 'mysql_user' ]
|
||||
|
|
|
|||
|
|
@ -1,27 +1,12 @@
|
|||
---
|
||||
- name: mysql-backup | Install a script that performs mysql dumps
|
||||
ansible.builtin.copy:
|
||||
src: mysql-backup.sh
|
||||
dest: /usr/local/sbin/mysql-backup
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
tags: ['mysql', 'mysql_backup']
|
||||
- name: Install a script that performs mysql dumps
|
||||
copy: src=mysql-backup.sh dest=/usr/local/sbin/mysql-backup owner=root group=root mode=0750
|
||||
tags: [ 'mysql', 'mysql_backup' ]
|
||||
|
||||
- name: mysql-backup | Install the mysql backup defaults
|
||||
ansible.builtin.template:
|
||||
src: mysql_backup-default.j2
|
||||
dest: /etc/default/mysql_backup
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0440"
|
||||
tags: ['mysql', 'mysql_backup']
|
||||
- name: Install the mysql backup defaults
|
||||
template: src=mysql_backup-default.j2 dest=/etc/default/mysql_backup owner=root group=root mode=0440
|
||||
tags: [ 'mysql', 'mysql_backup' ]
|
||||
|
||||
- name: mysql-backup | Cron job that executes mysql nightly backups
|
||||
ansible.builtin.template:
|
||||
src: mysql-backup.cron.j2
|
||||
dest: /etc/cron.daily/mysql-backup
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
tags: ['mysql', 'mysql_backup']
|
||||
- name: Cron job that executes mysql nightly backups
|
||||
template: src=mysql-backup.cron.j2 dest=/etc/cron.daily/mysql-backup owner=root group=root mode=0755
|
||||
tags: [ 'mysql', 'mysql_backup' ]
|
||||
|
|
|
|||
|
|
@ -1,105 +1,41 @@
|
|||
---
|
||||
- name: mysql-conf | Manage the MySQL data directory if not the default one
|
||||
- name: Manage the MySQL configuration files
|
||||
block:
|
||||
- name: Check if the new mysql data directory exists
|
||||
stat: path={{ mysql_data_dir }}
|
||||
register: my_data_dir
|
||||
|
||||
- name: Stop the mysql service while reconfiguring the data directory
|
||||
service: name=mysql state=stopped
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: Create the data directory
|
||||
file: dest={{ mysql_data_dir }} state=directory owner=mysql group=mysql mode=0700
|
||||
|
||||
- name: Copy data to the new directory
|
||||
synchronize: src=/var/lib/mysql/ dest={{ mysql_data_dir }}
|
||||
delegate_to: "{{ inventory_hostname }}"
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: Create the log directory
|
||||
file: dest={{ mysql_log_dir }} state=directory owner=mysql group=adm mode=1750
|
||||
|
||||
- name: Install the main configuration files.
|
||||
template: src={{ item }}.cnf.j2 dest={{ mysql_conf_dir }}/{{ item }}.cnf owner=root group=root mode=0644
|
||||
with_items:
|
||||
- client
|
||||
- mysql-clients
|
||||
notify: Restart mysql
|
||||
|
||||
- name: Install the main configuration files.
|
||||
template: src={{ item }}.cnf.j2 dest={{ mysql_service_conf_dir }}/mysqld.cnf owner=root group=root mode=0644
|
||||
with_items:
|
||||
- server
|
||||
notify: Restart mysql
|
||||
|
||||
- name: Start the mysql service with the new the data directory
|
||||
service: name=mysql state=started
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
when: mysql_enabled | bool
|
||||
tags: ['mysql', 'mariadb', 'mysql_data_dir']
|
||||
block:
|
||||
- name: mysql-conf | Check if the new mysql data directory exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ mysql_data_dir }}"
|
||||
register: my_data_dir
|
||||
|
||||
- name: mysql-conf | Stop the mysql service while reconfiguring the data directory
|
||||
ansible.builtin.service:
|
||||
name: "{{ mysql_service_name }}"
|
||||
state: stopped
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: mysql-conf | Create the data directory
|
||||
ansible.builtin.file:
|
||||
dest: "{{ mysql_data_dir }}"
|
||||
state: directory
|
||||
owner: mysql
|
||||
group: mysql
|
||||
mode: "0700"
|
||||
|
||||
- name: mysql-conf | Copy data to the new directory
|
||||
ansible.posix.synchronize:
|
||||
src: /var/lib/mysql/
|
||||
dest: "{{ mysql_data_dir }}"
|
||||
delegate_to: "{{ inventory_hostname }}"
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: mysql-conf | Create the log directory
|
||||
ansible.builtin.file:
|
||||
dest: "{{ mysql_log_dir }}"
|
||||
state: directory
|
||||
owner: mysql
|
||||
group: adm
|
||||
mode: "1750"
|
||||
|
||||
- name: mysql-conf | Add AppArmor alias
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/apparmor.d/tunables/alias
|
||||
line: 'alias /var/lib/mysql/ -> {{ mysql_data_dir }}/,'
|
||||
insertafter: EOF
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: mysql-conf | Restart the AppArmor service
|
||||
ansible.builtin.service:
|
||||
name: apparmor
|
||||
state: restarted
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: mysql-conf | Start the mysql service with the new the data directory
|
||||
ansible.builtin.service:
|
||||
name: "{{ mysql_service_name }}"
|
||||
state: started
|
||||
when: my_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: mysql-conf | Manage the MySQL configuration files
|
||||
when:
|
||||
- mysql_enabled | bool
|
||||
- not mysql_installs_mariadb
|
||||
tags: ['mysql', 'mariadb', 'mysql_conf']
|
||||
block:
|
||||
- name: mysql-conf | Install the main configuration files.
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.cnf.j2"
|
||||
dest: "{{ mysql_conf_dir }}/{{ item }}.cnf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
loop:
|
||||
- client
|
||||
- mysql-clients
|
||||
notify: Restart mysql
|
||||
|
||||
- name: mysql-conf | Install the main configuration files.
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.cnf.j2"
|
||||
dest: "{{ mysql_service_conf_dir }}/mysqld.cnf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
with_items:
|
||||
- server
|
||||
notify: Restart mysql
|
||||
|
||||
- name: mysql-conf | Manage the MariaDB configuration files
|
||||
when:
|
||||
- mysql_enabled | bool
|
||||
- mysql_installs_mariadb
|
||||
tags: ['mysql', 'mariadb', 'mysql_conf']
|
||||
block:
|
||||
- name: mysql-conf | Configure MariaDB server options
|
||||
community.general.ini_file:
|
||||
section: "{{ item.section }}"
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
state: "{{ item.state }}"
|
||||
dest: "{{ mariadb_server_conf_file }}"
|
||||
backup: false
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
loop: "{{ mariadb_server_conf_params }}"
|
||||
tags: [ 'mysql', 'mariadb', 'mysql_conf' ]
|
||||
|
|
|
|||
|
|
@ -1,61 +1,30 @@
|
|||
---
|
||||
- name: mysql-letsencrypt | Manage the letsencrypt configuration
|
||||
when: mysql_letsencrypt_certificates
|
||||
tags: ['mysql', 'mariadb', 'letsencrypt', 'mysql_letsencrypt']
|
||||
- name: Manage the letsencrypt configuration
|
||||
block:
|
||||
- name: mysql-letsencrypt | Check if the letsencrypt certificates are in place
|
||||
ansible.builtin.stat:
|
||||
path: "{{ letsencrypt_acme_certs_dir }}/privkey"
|
||||
register: letsencrypt_keyfile
|
||||
- name: Check if the letsencrypt certificates are in place
|
||||
stat: path={{ letsencrypt_acme_certs_dir }}/privkey
|
||||
register: letsencrypt_keyfile
|
||||
|
||||
- name: mysql-letsencrypt | Copy the letsencrypt certificate key into the right place
|
||||
ansible.builtin.copy:
|
||||
src: "{{ letsencrypt_acme_certs_dir }}/privkey"
|
||||
dest: /var/lib/mysql/client-key.pem
|
||||
owner: mysql
|
||||
group: mysql
|
||||
mode: "0400"
|
||||
remote_src: true
|
||||
force: true
|
||||
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
||||
notify: Restart mysql
|
||||
- name: Copy the letsencrypt certificate key into the right place
|
||||
copy: src={{ letsencrypt_acme_certs_dir }}/privkey dest=/var/lib/mysql/client-key.pem owner=mysql group=mysql mode=0400 remote_src=yes force=yes
|
||||
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
||||
notify: Restart mysql
|
||||
|
||||
- name: mysql-letsencrypt | Copy the letsencrypt public certificate into the right place
|
||||
ansible.builtin.copy:
|
||||
src: "{{ letsencrypt_acme_certs_dir }}/cert"
|
||||
dest: "/var/lib/mysql/client-cert.pem"
|
||||
owner: mysql
|
||||
group: mysql
|
||||
mode: "0444"
|
||||
remote_src: true
|
||||
force: true
|
||||
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
||||
notify: Restart mysql
|
||||
- name: Copy the letsencrypt public certificate into the right place
|
||||
copy: src={{ letsencrypt_acme_certs_dir }}/cert dest=/var/lib/mysql/client-cert.pem owner=mysql group=mysql mode=0444 remote_src=yes force=yes
|
||||
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
||||
notify: Restart mysql
|
||||
|
||||
- name: mysql-letsencrypt | Copy the letsencrypt CA certificate into the right place
|
||||
ansible.builtin.copy:
|
||||
src: "{{ letsencrypt_acme_certs_dir }}/fullchain"
|
||||
dest: /var/lib/mysql/ca.pem
|
||||
owner: mysql
|
||||
group: mysql
|
||||
mode: "0444"
|
||||
remote_src: true
|
||||
force: true
|
||||
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
||||
notify: Restart mysql
|
||||
- name: Copy the letsencrypt CA certificate into the right place
|
||||
copy: src={{ letsencrypt_acme_certs_dir }}/fullchain dest=/var/lib/mysql/ca.pem owner=mysql group=mysql mode=0444 remote_src=yes force=yes
|
||||
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
||||
notify: Restart mysql
|
||||
|
||||
- name: mysql-letsencrypt | Create the acme hooks directory if it does not yet exist
|
||||
ansible.builtin.file:
|
||||
dest: "{{ letsencrypt_acme_sh_services_scripts_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
- name: Create the acme hooks directory if it does not yet exist
|
||||
file: dest={{ letsencrypt_acme_sh_services_scripts_dir }} state=directory owner=root group=root
|
||||
|
||||
- name: mysql-letsencrypt | Install a script that fix the letsencrypt certificate for mysql and then reloads the service
|
||||
ansible.builtin.copy:
|
||||
src: letsencrypt-mysql-hook.sh
|
||||
dest: "{{ letsencrypt_acme_sh_services_scripts_dir }}/mysql"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "4555"
|
||||
- name: Install a script that fix the letsencrypt certificate for mysql and then reload the service
|
||||
copy: src=letsencrypt-mysql-hook.sh dest={{ letsencrypt_acme_sh_services_scripts_dir }}/mysql owner=root group=root mode=4555
|
||||
|
||||
when: letsencrypt_acme_sh_install is defined and letsencrypt_acme_sh_install | bool
|
||||
tags: [ 'mysql', 'mariadb', 'letsencrypt', 'mysql_letsencrypt' ]
|
||||
|
|
@ -1,8 +1,6 @@
|
|||
---
|
||||
- name: packages | Install the mysql or maridb server packages
|
||||
ansible.builtin.apt:
|
||||
pkg: "{{ item }}"
|
||||
cache_valid_time: 1800
|
||||
state: present
|
||||
loop: "{% if mysql_installs_mariadb %}{{ mysql_mariadb_pkgs }}{% else %}{{ mysql_packages_list }}{% endif %}"
|
||||
- name: install the mysql packages
|
||||
apt: pkg={{ item }} state={{ mysql_pkg_state }}
|
||||
with_items: '{{ mysql_packages_list }}'
|
||||
tags: mysql
|
||||
|
||||
|
|
|
|||
|
|
@ -47,6 +47,12 @@ ft_min_word_len = {{ mysqld_ft_min_word_lenght }}
|
|||
{% endif %}
|
||||
ft_boolean_syntax = '{{ mysql_ft_boolean_syntax | default('+ -><()~*:\"\"&|') }}'
|
||||
|
||||
#
|
||||
# * Query Cache Configuration
|
||||
#
|
||||
query_cache_limit = 1M
|
||||
query_cache_size = 16M
|
||||
|
||||
{% if mysql_binary_logging %}
|
||||
server-id={{ mysql_server_id }}
|
||||
# Enable binary logging. This is required for acting as a MASTER in a
|
||||
|
|
|
|||
Loading…
Reference in New Issue