mirror of
https://github.com/geerlingguy/ansible-role-apache
synced 2025-01-10 03:40:18 +01:00
Replaced mysql with geerlingguy's one.
This commit is contained in:
parent
833ef75273
commit
6804f4678f
31 changed files with 871 additions and 42 deletions
|
@ -3,15 +3,29 @@
|
|||
wp_version: 4.3
|
||||
wp_sha256sum: 3b0db3abe8504f15a33cf64188a493ec0de01eaa8d20e37c3d6a1d9fa0a40fb4
|
||||
|
||||
# MySQL settings
|
||||
mysqlservice: mysqld
|
||||
mysql_port: 3306
|
||||
|
||||
# These are the WordPress database settings
|
||||
wp_db_name: wordpress
|
||||
wp_db_user: wordpress
|
||||
wp_db_password: secret
|
||||
|
||||
# MySQL settings
|
||||
mysql_root_password: Ff!2KDSUOs10[tXR*M</_#mgvlJCkz5W
|
||||
mysql_root_password_update: yes
|
||||
mysql_bind_address: '127.0.0.1'
|
||||
mysql_slow_query_log_enabled: yes
|
||||
mysql_slow_query_log_file: /var/log/mysql-slow.log
|
||||
mysql_slow_query_time: 2
|
||||
mysql_max_allowed_packet: "256M"
|
||||
mysql_databases:
|
||||
- name: drupal8db
|
||||
encoding: utf8
|
||||
collation: utf8_general_ci
|
||||
mysql_users:
|
||||
- name: drupal8user
|
||||
host: "127.0.0.1"
|
||||
password: dcSEMWpH]O2P(?ubNjFmLYJ[xoVhXiCs
|
||||
priv: "drupal8db.*:ALL"
|
||||
|
||||
# This is used for the nginx server configuration, but access to the
|
||||
# WordPress site is not restricted by a named host.
|
||||
nginx_port: 80
|
||||
|
|
76
lemp-rhel7/roles/ansible-role-mysql/.travis.yml
Executable file
76
lemp-rhel7/roles/ansible-role-mysql/.travis.yml
Executable file
|
@ -0,0 +1,76 @@
|
|||
---
|
||||
sudo: required
|
||||
|
||||
env:
|
||||
- distribution: centos
|
||||
version: 6
|
||||
init: /sbin/init
|
||||
run_opts: ""
|
||||
playbook: test.yml
|
||||
- distribution: centos
|
||||
version: 7
|
||||
init: /usr/lib/systemd/systemd
|
||||
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
|
||||
playbook: centos-7-test.yml
|
||||
- distribution: ubuntu
|
||||
version: 14.04
|
||||
init: /sbin/init
|
||||
run_opts: ""
|
||||
playbook: test.yml
|
||||
# - distribution: ubuntu
|
||||
# version: 12.04
|
||||
# init: /sbin/init
|
||||
# run_opts: ""
|
||||
# playbook: test.yml
|
||||
|
||||
services:
|
||||
- docker
|
||||
|
||||
before_install:
|
||||
# Pull container
|
||||
- 'sudo docker pull ${distribution}:${version}'
|
||||
# Customize container
|
||||
- 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests'
|
||||
|
||||
script:
|
||||
- container_id=$(mktemp)
|
||||
# Run container in detached state
|
||||
- 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"'
|
||||
|
||||
# Ansible syntax check.
|
||||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} --syntax-check'
|
||||
|
||||
# Test role.
|
||||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}'
|
||||
|
||||
# Test role idempotence.
|
||||
- >
|
||||
sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}
|
||||
| grep -q 'changed=0.*failed=0'
|
||||
&& (echo 'Idempotence test: pass' && exit 0)
|
||||
|| (echo 'Idempotence test: fail' && exit 1)
|
||||
|
||||
# Some MySQL debugging (show all the logs).
|
||||
- sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ls -lah /var/log
|
||||
- sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql/error.log || true
|
||||
- sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql.err || true
|
||||
|
||||
# Check to make sure we can connect to MySQL via Unix socket.
|
||||
- >
|
||||
sudo docker exec "$(cat ${container_id})" mysql -u root -proot -e 'show databases;'
|
||||
| grep -q 'information_schema'
|
||||
&& (echo 'MySQL running normally' && exit 0)
|
||||
|| (echo 'MySQL not running' && exit 1)
|
||||
|
||||
# Check to make sure we can connect to MySQL via TCP.
|
||||
- >
|
||||
sudo docker exec "$(cat ${container_id})" mysql -u root -proot -h 127.0.0.1 -e 'show databases;'
|
||||
| grep -q 'information_schema'
|
||||
&& (echo 'MySQL running normally' && exit 0)
|
||||
|| (echo 'MySQL not running' && exit 1)
|
||||
|
||||
# Clean up
|
||||
- sudo docker stop "$(cat ${container_id})"
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
143
lemp-rhel7/roles/ansible-role-mysql/README.md
Executable file
143
lemp-rhel7/roles/ansible-role-mysql/README.md
Executable file
|
@ -0,0 +1,143 @@
|
|||
# Ansible Role: MySQL
|
||||
|
||||
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-mysql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-mysql)
|
||||
|
||||
Installs and configures MySQL or MariaDB server on RHEL/CentOS or Debian/Ubuntu servers.
|
||||
|
||||
## Requirements
|
||||
|
||||
No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like:
|
||||
|
||||
- hosts: database
|
||||
roles:
|
||||
- role: geerlingguy.mysql
|
||||
become: yes
|
||||
|
||||
## Role Variables
|
||||
|
||||
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||
|
||||
mysql_user_home: /root
|
||||
|
||||
The home directory inside which Python MySQL settings will be stored, which Ansible will use when connecting to MySQL. This should be the home directory of the user which runs this Ansible role.
|
||||
|
||||
mysql_root_password: root
|
||||
|
||||
The MySQL root user account password.
|
||||
|
||||
mysql_root_password_update: no
|
||||
|
||||
Whether to force update the MySQL root user's password. By default, this role will only change the root user's password when MySQL is first configured. You can force an update by setting this to `yes`.
|
||||
|
||||
> Note: If you get an error like `ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)` after a failed or interrupted playbook run, this usually means the root password wasn't originally updated to begin with. Try either removing the `.my.cnf` file inside the configured `mysql_user_home` or updating it and setting `password=''` (the insecure default password). Run the playbook again, with `mysql_root_password_update` set to `yes`, and the setup should complete.
|
||||
|
||||
mysql_enabled_on_startup: yes
|
||||
|
||||
Whether MySQL should be enabled on startup.
|
||||
|
||||
overwrite_global_mycnf: yes
|
||||
|
||||
Whether the global my.cnf should be overwritten each time this role is run. Setting this to `no` tells Ansible to only create the `my.cnf` file if it doesn't exist. This should be left at its default value (`yes`) if you'd like to use this role's variables to configure MySQL.
|
||||
|
||||
mysql_config_include_files: []
|
||||
|
||||
A list of files that should override the default global my.cnf. Each item in the array requires a "src" parameter which is a path to a file. An optional "force" parameter can force the file to be updated each time ansible runs.
|
||||
|
||||
mysql_databases: []
|
||||
|
||||
The MySQL databases to create. A database has the values `name`, `encoding` (defaults to `utf8`), `collation` (defaults to `utf8_general_ci`) and `replicate` (defaults to `1`, only used if replication is configured). The formats of these are the same as in the `mysql_db` module.
|
||||
|
||||
mysql_users: []
|
||||
|
||||
The MySQL users and their privileges. A user has the values `name`, `host` (defaults to `localhost`), `password`, `priv` (defaults to `*.*:USAGE`), `append_privs` (defaults to `no`), `state` (defaults to `present`). The formats of these are the same as in the `mysql_user` module.
|
||||
|
||||
mysql_packages:
|
||||
- mysql
|
||||
- mysql-server
|
||||
|
||||
(OS-specific, RedHat/CentOS defaults listed here) Packages to be installed. In some situations, you may need to add additional packages, like `mysql-devel`.
|
||||
|
||||
mysql_enablerepo: ""
|
||||
|
||||
(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install later versions of MySQL.
|
||||
|
||||
mysql_port: "3306"
|
||||
mysql_bind_address: '0.0.0.0'
|
||||
mysql_datadir: /var/lib/mysql
|
||||
|
||||
Default MySQL connection configuration.
|
||||
|
||||
mysql_log: ""
|
||||
mysql_log_error: /var/log/mysqld.log
|
||||
mysql_syslog_tag: mysqld
|
||||
|
||||
MySQL logging configuration. Setting `mysql_log` (the general query log) or `mysql_log_error` to `syslog` will make MySQL log to syslog using the `mysql_syslog_tag`.
|
||||
|
||||
mysql_slow_query_log_enabled: no
|
||||
mysql_slow_query_log_file: /var/log/mysql-slow.log
|
||||
mysql_slow_query_time: 2
|
||||
|
||||
Slow query log settings. Note that the log file will be created by this role, but if you're running on a server with SELinux or AppArmor, you may need to add this path to the allowed paths for MySQL, or disable the mysql profile. For example, on Debian/Ubuntu, you can run `sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/usr.sbin.mysqld && sudo service apparmor restart`.
|
||||
|
||||
mysql_key_buffer_size: "256M"
|
||||
mysql_max_allowed_packet: "64M"
|
||||
mysql_table_open_cache: "256"
|
||||
[...]
|
||||
|
||||
The rest of the settings in `defaults/main.yml` control MySQL's memory usage. The default values are tuned for a server where MySQL can consume ~512 MB RAM, so you should consider adjusting them to suit your particular server better.
|
||||
|
||||
mysql_server_id: "1"
|
||||
mysql_max_binlog_size: "100M"
|
||||
mysql_expire_logs_days: "10"
|
||||
mysql_replication_role: ''
|
||||
mysql_replication_master: ''
|
||||
mysql_replication_user: []
|
||||
|
||||
Replication settings. Set `mysql_server_id` and `mysql_replication_role` by server (e.g. the master would be ID `1`, with the `mysql_replication_role` of `master`, and the slave would be ID `2`, with the `mysql_replication_role` of `slave`). The `mysql_replication_user` uses the same keys as `mysql_users`, and is created on master servers, and used to replicate on all the slaves.
|
||||
|
||||
### MariaDB usage
|
||||
|
||||
This role works with either MySQL or a compatible version of MariaDB. On RHEL/CentOS 7+, the mariadb database engine was substituted as the default MySQL replacement package. No modifications are necessary though all of the variables still reference 'mysql' instead of mariadb.
|
||||
|
||||
#### Ubuntu 14.04 and 16.04 MariaDB configuration
|
||||
|
||||
On Ubuntu, the package names are named differently, so the `mysql_package` variable needs to be altered. Set the following variables (at a minimum):
|
||||
|
||||
mysql_packages:
|
||||
- mariadb-client
|
||||
- mariadb-server
|
||||
- python-mysqldb
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
||||
|
||||
## Example Playbook
|
||||
|
||||
- hosts: db-servers
|
||||
become: yes
|
||||
vars_files:
|
||||
- vars/main.yml
|
||||
roles:
|
||||
- { role: geerlingguy.mysql }
|
||||
|
||||
*Inside `vars/main.yml`*:
|
||||
|
||||
mysql_root_password: super-secure-password
|
||||
mysql_databases:
|
||||
- name: example_db
|
||||
encoding: latin1
|
||||
collation: latin1_general_ci
|
||||
mysql_users:
|
||||
- name: example_user
|
||||
host: "%"
|
||||
password: similarly-secure-password
|
||||
priv: "example_db.*:ALL"
|
||||
|
||||
## License
|
||||
|
||||
MIT / BSD
|
||||
|
||||
## Author Information
|
||||
|
||||
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).
|
95
lemp-rhel7/roles/ansible-role-mysql/defaults/main.yml
Executable file
95
lemp-rhel7/roles/ansible-role-mysql/defaults/main.yml
Executable file
|
@ -0,0 +1,95 @@
|
|||
---
|
||||
mysql_user_home: /root
|
||||
mysql_root_username: root
|
||||
mysql_root_password: root
|
||||
|
||||
# Set this to `yes` to forcibly update the root password.
|
||||
mysql_root_password_update: no
|
||||
|
||||
mysql_enabled_on_startup: yes
|
||||
|
||||
# update my.cnf. each time role is run? yes | no
|
||||
overwrite_global_mycnf: yes
|
||||
|
||||
# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only
|
||||
# for RedHat systems (and derivatives).
|
||||
mysql_enablerepo: ""
|
||||
|
||||
# Define a custom list of packages to install; if none provided, the default
|
||||
# package list from vars/[OS-family].yml will be used.
|
||||
# mysql_packages:
|
||||
# - mysql
|
||||
# - mysql-server
|
||||
# - MySQL-python
|
||||
|
||||
# MySQL connection settings.
|
||||
mysql_port: "3306"
|
||||
mysql_bind_address: '0.0.0.0'
|
||||
mysql_datadir: /var/lib/mysql
|
||||
mysql_pid_file: /var/run/mysqld/mysqld.pid
|
||||
mysql_skip_name_resolve: no
|
||||
|
||||
# Slow query log settings.
|
||||
mysql_slow_query_log_enabled: no
|
||||
mysql_slow_query_log_file: /var/log/mysql-slow.log
|
||||
mysql_slow_query_time: 2
|
||||
|
||||
# Memory settings (default values optimized ~512MB RAM).
|
||||
mysql_key_buffer_size: "256M"
|
||||
mysql_max_allowed_packet: "64M"
|
||||
mysql_table_open_cache: "256"
|
||||
mysql_sort_buffer_size: "1M"
|
||||
mysql_read_buffer_size: "1M"
|
||||
mysql_read_rnd_buffer_size: "4M"
|
||||
mysql_myisam_sort_buffer_size: "64M"
|
||||
mysql_thread_cache_size: "8"
|
||||
mysql_query_cache_size: "16M"
|
||||
mysql_max_connections: 151
|
||||
|
||||
# Other settings.
|
||||
mysql_wait_timeout: 28800
|
||||
|
||||
# InnoDB settings.
|
||||
# Set .._buffer_pool_size up to 80% of RAM but beware of setting too high.
|
||||
mysql_innodb_file_per_table: "1"
|
||||
mysql_innodb_buffer_pool_size: "256M"
|
||||
# Set .._log_file_size to 25% of buffer pool size.
|
||||
mysql_innodb_log_file_size: "64M"
|
||||
mysql_innodb_log_buffer_size: "8M"
|
||||
mysql_innodb_flush_log_at_trx_commit: "1"
|
||||
mysql_innodb_lock_wait_timeout: 50
|
||||
|
||||
# mysqldump settings.
|
||||
mysql_mysqldump_max_allowed_packet: "64M"
|
||||
|
||||
# Logging settings.
|
||||
mysql_log: ""
|
||||
mysql_log_error: /var/log/mysql.err
|
||||
mysql_syslog_tag: mysql
|
||||
|
||||
mysql_config_include_files: []
|
||||
# - src: path/relative/to/playbook/file.cnf
|
||||
# - { src: path/relative/to/playbook/anotherfile.cnf, force: yes }
|
||||
|
||||
# Databases.
|
||||
mysql_databases: []
|
||||
# - name: example
|
||||
# collation: utf8_general_ci
|
||||
# encoding: utf8
|
||||
# replicate: 1
|
||||
|
||||
# Users.
|
||||
mysql_users: []
|
||||
# - name: example
|
||||
# host: 127.0.0.1
|
||||
# password: secret
|
||||
# priv: *.*:USAGE
|
||||
|
||||
# Replication settings (replication is only enabled if master/user have values).
|
||||
mysql_server_id: "1"
|
||||
mysql_max_binlog_size: "100M"
|
||||
mysql_expire_logs_days: "10"
|
||||
mysql_replication_role: ''
|
||||
mysql_replication_master: ''
|
||||
# Same keys as `mysql_users` above.
|
||||
mysql_replication_user: []
|
3
lemp-rhel7/roles/ansible-role-mysql/handlers/main.yml
Executable file
3
lemp-rhel7/roles/ansible-role-mysql/handlers/main.yml
Executable file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: restart mysql
|
||||
service: "name={{ mysql_daemon }} state=restarted sleep=5"
|
22
lemp-rhel7/roles/ansible-role-mysql/meta/main.yml
Executable file
22
lemp-rhel7/roles/ansible-role-mysql/meta/main.yml
Executable file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
dependencies: []
|
||||
|
||||
galaxy_info:
|
||||
author: geerlingguy
|
||||
description: MySQL server for RHEL/CentOS and Debian/Ubuntu.
|
||||
company: "Midwestern Mac, LLC"
|
||||
license: "license (BSD, MIT)"
|
||||
min_ansible_version: 1.9
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- all
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
galaxy_tags:
|
||||
- database
|
69
lemp-rhel7/roles/ansible-role-mysql/tasks/configure.yml
Executable file
69
lemp-rhel7/roles/ansible-role-mysql/tasks/configure.yml
Executable file
|
@ -0,0 +1,69 @@
|
|||
---
|
||||
- name: Copy my.cnf global MySQL configuration.
|
||||
template:
|
||||
src: my.cnf.j2
|
||||
dest: "{{ mysql_config_file }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
force: "{{ overwrite_global_mycnf }}"
|
||||
notify: restart mysql
|
||||
|
||||
- name: Verify mysql include directory exists.
|
||||
file:
|
||||
path: "{{ mysql_config_include_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
when: mysql_config_include_files | length
|
||||
|
||||
- name: Copy my.cnf override files into include directory.
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ mysql_config_include_dir }}/{{ item.src | basename }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
force: "{{ item.force | default(False) }}"
|
||||
with_items: "{{ mysql_config_include_files }}"
|
||||
notify: restart mysql
|
||||
|
||||
- name: Create slow query log file (if configured).
|
||||
shell: "touch {{ mysql_slow_query_log_file }} creates={{ mysql_slow_query_log_file }}"
|
||||
when: mysql_slow_query_log_enabled
|
||||
|
||||
- name: Create datadir if it does not exist
|
||||
file:
|
||||
path: "{{ mysql_datadir }}"
|
||||
state: directory
|
||||
owner: mysql
|
||||
group: mysql
|
||||
mode: 0755
|
||||
setype: mysqld_db_t
|
||||
|
||||
- name: Set ownership on slow query log file (if configured).
|
||||
file:
|
||||
path: "{{ mysql_slow_query_log_file }}"
|
||||
state: file
|
||||
owner: mysql
|
||||
group: mysql
|
||||
mode: 0640
|
||||
when: mysql_slow_query_log_enabled
|
||||
|
||||
- name: Create error log file (if configured).
|
||||
shell: "touch {{ mysql_log_error }} creates={{ mysql_log_error }}"
|
||||
when: mysql_log == "" and mysql_log_error != ""
|
||||
|
||||
- name: Set ownership on error log file (if configured).
|
||||
file:
|
||||
path: "{{ mysql_log_error }}"
|
||||
state: file
|
||||
owner: mysql
|
||||
group: mysql
|
||||
mode: 0640
|
||||
when: mysql_log == "" and mysql_log_error != ""
|
||||
|
||||
- name: Ensure MySQL is started and enabled on boot.
|
||||
service: "name={{ mysql_daemon }} state=started enabled={{ mysql_enabled_on_startup }}"
|
||||
register: mysql_service_configuration
|
8
lemp-rhel7/roles/ansible-role-mysql/tasks/databases.yml
Executable file
8
lemp-rhel7/roles/ansible-role-mysql/tasks/databases.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Ensure MySQL databases are present.
|
||||
mysql_db:
|
||||
name: "{{ item.name }}"
|
||||
collation: "{{ item.collation | default('utf8_general_ci') }}"
|
||||
encoding: "{{ item.encoding | default('utf8') }}"
|
||||
state: present
|
||||
with_items: "{{ mysql_databases }}"
|
42
lemp-rhel7/roles/ansible-role-mysql/tasks/main.yml
Executable file
42
lemp-rhel7/roles/ansible-role-mysql/tasks/main.yml
Executable file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
# Variable configuration.
|
||||
- name: Include OS-specific variables.
|
||||
include_vars: "{{ ansible_os_family }}.yml"
|
||||
when: ansible_os_family != "RedHat"
|
||||
|
||||
- name: Include OS-specific variables (RedHat).
|
||||
include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Define mysql_packages.
|
||||
set_fact:
|
||||
mysql_packages: "{{ __mysql_packages | list }}"
|
||||
when: mysql_packages is not defined
|
||||
|
||||
- name: Define mysql_daemon.
|
||||
set_fact:
|
||||
mysql_daemon: "{{ __mysql_daemon }}"
|
||||
when: mysql_daemon is not defined
|
||||
|
||||
- name: Define mysql_slow_query_log_file.
|
||||
set_fact:
|
||||
mysql_slow_query_log_file: "{{ __mysql_slow_query_log_file }}"
|
||||
when: mysql_slow_query_log_file is not defined
|
||||
|
||||
# Setup/install tasks.
|
||||
- include: setup-RedHat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- include: setup-Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: Check if MySQL packages were installed.
|
||||
set_fact:
|
||||
mysql_install_packages: "{{ (rh_mysql_install_packages is defined and rh_mysql_install_packages.changed) or (deb_mysql_install_packages is defined and deb_mysql_install_packages.changed) }}"
|
||||
|
||||
# Configure MySQL.
|
||||
- include: configure.yml
|
||||
- include: secure-installation.yml
|
||||
- include: databases.yml
|
||||
- include: users.yml
|
||||
- include: replication.yml
|
51
lemp-rhel7/roles/ansible-role-mysql/tasks/replication.yml
Executable file
51
lemp-rhel7/roles/ansible-role-mysql/tasks/replication.yml
Executable file
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
- name: Ensure replication user exists on master.
|
||||
mysql_user:
|
||||
name: "{{ mysql_replication_user.name }}"
|
||||
host: "{{ mysql_replication_user.host | default('%') }}"
|
||||
password: "{{ mysql_replication_user.password }}"
|
||||
priv: "{{ mysql_replication_user.priv | default('*.*:REPLICATION SLAVE') }}"
|
||||
state: present
|
||||
when: >
|
||||
(mysql_replication_role == 'master')
|
||||
and mysql_replication_user
|
||||
and (mysql_replication_master != '')
|
||||
|
||||
- name: Check slave replication status.
|
||||
mysql_replication: mode=getslave
|
||||
ignore_errors: true
|
||||
register: slave
|
||||
when: >
|
||||
mysql_replication_role == 'slave'
|
||||
and (mysql_replication_master != '')
|
||||
|
||||
- name: Check master replication status.
|
||||
mysql_replication: mode=getmaster
|
||||
delegate_to: "{{ mysql_replication_master }}"
|
||||
register: master
|
||||
when: >
|
||||
slave|failed
|
||||
and (mysql_replication_role == 'slave')
|
||||
and (mysql_replication_master != '')
|
||||
|
||||
- name: Configure replication on the slave.
|
||||
mysql_replication:
|
||||
mode: changemaster
|
||||
master_host: "{{ mysql_replication_master }}"
|
||||
master_user: "{{ mysql_replication_user.name }}"
|
||||
master_password: "{{ mysql_replication_user.password }}"
|
||||
master_log_file: "{{ master.File }}"
|
||||
master_log_pos: "{{ master.Position }}"
|
||||
ignore_errors: True
|
||||
when: >
|
||||
slave|failed
|
||||
and (mysql_replication_role == 'slave')
|
||||
and (mysql_replication_master != '')
|
||||
and mysql_replication_user
|
||||
|
||||
- name: Start replication.
|
||||
mysql_replication: mode=startslave
|
||||
when: >
|
||||
slave|failed
|
||||
and (mysql_replication_role == 'slave')
|
||||
and (mysql_replication_master != '')
|
44
lemp-rhel7/roles/ansible-role-mysql/tasks/secure-installation.yml
Executable file
44
lemp-rhel7/roles/ansible-role-mysql/tasks/secure-installation.yml
Executable file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
- name: Disallow root login remotely
|
||||
command: 'mysql -NBe "{{ item }}"'
|
||||
with_items:
|
||||
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
|
||||
changed_when: False
|
||||
|
||||
- name: Get list of hosts for the root user.
|
||||
command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC'
|
||||
register: mysql_root_hosts
|
||||
changed_when: false
|
||||
|
||||
# Note: We do not use mysql_user for this operation, as it doesn't always update
|
||||
# the root password correctly. See: https://goo.gl/MSOejW
|
||||
- name: Update MySQL root password for localhost root account.
|
||||
shell: >
|
||||
mysql -u root -NBe
|
||||
'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");'
|
||||
with_items: "{{ mysql_root_hosts.stdout_lines }}"
|
||||
when: mysql_install_packages | bool or mysql_root_password_update
|
||||
|
||||
# Has to be after the root password assignment, for idempotency.
|
||||
- name: Copy .my.cnf file with root password credentials.
|
||||
template:
|
||||
src: "user-my.cnf.j2"
|
||||
dest: "{{ mysql_user_home }}/.my.cnf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
|
||||
- name: Get list of hosts for the anonymous user.
|
||||
command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""'
|
||||
register: mysql_anonymous_hosts
|
||||
changed_when: false
|
||||
|
||||
- name: Remove anonymous MySQL users.
|
||||
mysql_user:
|
||||
name: ""
|
||||
host: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ mysql_anonymous_hosts.stdout_lines }}"
|
||||
|
||||
- name: Remove MySQL test database.
|
||||
mysql_db: "name='test' state=absent"
|
26
lemp-rhel7/roles/ansible-role-mysql/tasks/setup-Debian.yml
Executable file
26
lemp-rhel7/roles/ansible-role-mysql/tasks/setup-Debian.yml
Executable file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
- name: Check if MySQL is already installed.
|
||||
stat: path=/etc/init.d/mysql
|
||||
register: mysql_installed
|
||||
|
||||
- name: Update apt cache if MySQL is not yet installed.
|
||||
apt: update_cache=yes
|
||||
when: mysql_installed.stat.exists == false
|
||||
|
||||
- name: Ensure MySQL Python libraries are installed.
|
||||
apt: "name=python-mysqldb state=installed"
|
||||
|
||||
- name: Ensure MySQL packages are installed.
|
||||
apt: "name={{ item }} state=installed"
|
||||
with_items: "{{ mysql_packages }}"
|
||||
register: deb_mysql_install_packages
|
||||
|
||||
# Because Ubuntu starts MySQL as part of the install process, we need to stop
|
||||
# mysql and remove the logfiles in case the user set a custom log file size.
|
||||
- name: Ensure MySQL is stopped after initial install.
|
||||
service: "name={{ mysql_daemon }} state=stopped"
|
||||
when: mysql_installed.stat.exists == false
|
||||
|
||||
- name: Delete innodb log files created by apt package after initial install.
|
||||
shell: "rm -f {{ mysql_datadir }}/ib_logfile[01]"
|
||||
when: mysql_installed.stat.exists == false
|
8
lemp-rhel7/roles/ansible-role-mysql/tasks/setup-RedHat.yml
Executable file
8
lemp-rhel7/roles/ansible-role-mysql/tasks/setup-RedHat.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Ensure MySQL packages are installed.
|
||||
yum: "name={{ item }} state=installed enablerepo={{ mysql_enablerepo }}"
|
||||
with_items: "{{ mysql_packages }}"
|
||||
register: rh_mysql_install_packages
|
||||
|
||||
- name: Ensure MySQL Python libraries are installed.
|
||||
yum: "name=MySQL-python state=installed enablerepo={{ mysql_enablerepo }}"
|
11
lemp-rhel7/roles/ansible-role-mysql/tasks/users.yml
Executable file
11
lemp-rhel7/roles/ansible-role-mysql/tasks/users.yml
Executable file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
- name: Ensure MySQL users are present.
|
||||
mysql_user:
|
||||
name: "{{ item.name }}"
|
||||
host: "{{ item.host | default('localhost') }}"
|
||||
password: "{{ item.password }}"
|
||||
priv: "{{ item.priv | default('*.*:USAGE') }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
append_privs: "{{ item.append_privs | default('no') }}"
|
||||
with_items: "{{ mysql_users }}"
|
||||
no_log: true
|
105
lemp-rhel7/roles/ansible-role-mysql/templates/my.cnf.j2
Executable file
105
lemp-rhel7/roles/ansible-role-mysql/templates/my.cnf.j2
Executable file
|
@ -0,0 +1,105 @@
|
|||
[client]
|
||||
#password = your_password
|
||||
port = {{ mysql_port }}
|
||||
socket = {{ mysql_socket }}
|
||||
|
||||
[mysqld]
|
||||
port = {{ mysql_port }}
|
||||
bind-address = {{ mysql_bind_address }}
|
||||
datadir = {{ mysql_datadir }}
|
||||
socket = {{ mysql_socket }}
|
||||
pid-file = {{ mysql_pid_file }}
|
||||
{% if mysql_skip_name_resolve %}
|
||||
skip-name-resolve
|
||||
{% endif %}
|
||||
|
||||
# Logging configuration.
|
||||
{% if mysql_log_error == 'syslog' or mysql_log == 'syslog' %}
|
||||
syslog
|
||||
syslog-tag = {{ mysql_syslog_tag }}
|
||||
{% else %}
|
||||
{% if mysql_log %}
|
||||
log = {{ mysql_log }}
|
||||
{% endif %}
|
||||
log-error = {{ mysql_log_error }}
|
||||
{% endif %}
|
||||
|
||||
{% if mysql_slow_query_log_enabled %}
|
||||
# Slow query log configuration.
|
||||
slow_query_log = 1
|
||||
slow_query_log_file = {{ mysql_slow_query_log_file }}
|
||||
long_query_time = {{ mysql_slow_query_time }}
|
||||
{% endif %}
|
||||
|
||||
{% if mysql_replication_master %}
|
||||
# Replication
|
||||
server-id = {{ mysql_server_id }}
|
||||
|
||||
{% if mysql_replication_role == 'master' %}
|
||||
log_bin = mysql-bin
|
||||
log-bin-index = mysql-bin.index
|
||||
expire_logs_days = {{ mysql_expire_logs_days }}
|
||||
max_binlog_size = {{ mysql_max_binlog_size }}
|
||||
|
||||
{% for db in mysql_databases %}
|
||||
{% if db.replicate|default(1) %}
|
||||
binlog_do_db = {{ db.name }}
|
||||
{% else %}
|
||||
binlog_ignore_db = {{ db.name }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if mysql_replication_role == 'slave' %}
|
||||
read_only
|
||||
relay-log = relay-bin
|
||||
relay-log-index = relay-bin.index
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
# Disabling symbolic-links is recommended to prevent assorted security risks
|
||||
symbolic-links = 0
|
||||
|
||||
# User is ignored when systemd is used (fedora >= 15).
|
||||
user = mysql
|
||||
|
||||
# http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html
|
||||
;performance_schema
|
||||
|
||||
# Memory settings.
|
||||
key_buffer_size = {{ mysql_key_buffer_size }}
|
||||
max_allowed_packet = {{ mysql_max_allowed_packet }}
|
||||
table_open_cache = {{ mysql_table_open_cache }}
|
||||
sort_buffer_size = {{ mysql_sort_buffer_size }}
|
||||
read_buffer_size = {{ mysql_read_buffer_size }}
|
||||
read_rnd_buffer_size = {{ mysql_read_rnd_buffer_size }}
|
||||
myisam_sort_buffer_size = {{ mysql_myisam_sort_buffer_size }}
|
||||
thread_cache_size = {{ mysql_thread_cache_size }}
|
||||
query_cache_size = {{ mysql_query_cache_size }}
|
||||
max_connections = {{ mysql_max_connections }}
|
||||
|
||||
# Other settings.
|
||||
wait_timeout = {{ mysql_wait_timeout }}
|
||||
|
||||
# InnoDB settings.
|
||||
innodb_file_per_table = {{ mysql_innodb_file_per_table }}
|
||||
innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }}
|
||||
innodb_log_file_size = {{ mysql_innodb_log_file_size }}
|
||||
innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }}
|
||||
innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }}
|
||||
innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }}
|
||||
|
||||
[mysqldump]
|
||||
quick
|
||||
max_allowed_packet = {{ mysql_mysqldump_max_allowed_packet }}
|
||||
|
||||
[mysqld_safe]
|
||||
pid-file = {{ mysql_pid_file }}
|
||||
|
||||
{% if mysql_config_include_files | length %}
|
||||
# * IMPORTANT: Additional settings that can override those from this file!
|
||||
# The files must end with '.cnf', otherwise they'll be ignored.
|
||||
#
|
||||
!includedir {{ mysql_config_include_dir }}
|
||||
{% endif %}
|
||||
|
3
lemp-rhel7/roles/ansible-role-mysql/templates/user-my.cnf.j2
Executable file
3
lemp-rhel7/roles/ansible-role-mysql/templates/user-my.cnf.j2
Executable file
|
@ -0,0 +1,3 @@
|
|||
[client]
|
||||
user={{ mysql_root_username }}
|
||||
password="{{ mysql_root_password }}"
|
15
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.centos-6
Executable file
15
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.centos-6
Executable file
|
@ -0,0 +1,15 @@
|
|||
FROM centos:6
|
||||
|
||||
# Install Ansible
|
||||
RUN yum -y update; yum clean all;
|
||||
RUN yum -y install epel-release
|
||||
RUN yum -y install git ansible sudo
|
||||
RUN yum clean all
|
||||
|
||||
# Disable requiretty
|
||||
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
|
||||
|
||||
# Install Ansible inventory file
|
||||
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
|
||||
|
||||
CMD ["/usr/sbin/init"]
|
27
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.centos-7
Executable file
27
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.centos-7
Executable file
|
@ -0,0 +1,27 @@
|
|||
FROM centos:7
|
||||
|
||||
# Install systemd -- See https://hub.docker.com/_/centos/
|
||||
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
|
||||
RUN yum -y update; yum clean all; \
|
||||
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
|
||||
rm -f /lib/systemd/system/multi-user.target.wants/*; \
|
||||
rm -f /etc/systemd/system/*.wants/*; \
|
||||
rm -f /lib/systemd/system/local-fs.target.wants/*; \
|
||||
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
|
||||
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
|
||||
rm -f /lib/systemd/system/basic.target.wants/*; \
|
||||
rm -f /lib/systemd/system/anaconda.target.wants/*;
|
||||
|
||||
# Install Ansible
|
||||
RUN yum -y install epel-release
|
||||
RUN yum -y install git ansible sudo
|
||||
RUN yum clean all
|
||||
|
||||
# Disable requiretty
|
||||
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
|
||||
|
||||
# Install Ansible inventory file
|
||||
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
|
||||
|
||||
VOLUME ["/sys/fs/cgroup"]
|
||||
CMD ["/usr/sbin/init"]
|
14
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.ubuntu-12.04
Executable file
14
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.ubuntu-12.04
Executable file
|
@ -0,0 +1,14 @@
|
|||
FROM ubuntu:12.04
|
||||
RUN apt-get update
|
||||
|
||||
# Install Ansible
|
||||
RUN apt-get install -y software-properties-common python-software-properties git
|
||||
RUN apt-add-repository -y ppa:ansible/ansible
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y ansible
|
||||
|
||||
COPY initctl_faker .
|
||||
RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl
|
||||
|
||||
# Install Ansible inventory file
|
||||
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
|
14
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.ubuntu-14.04
Executable file
14
lemp-rhel7/roles/ansible-role-mysql/tests/Dockerfile.ubuntu-14.04
Executable file
|
@ -0,0 +1,14 @@
|
|||
FROM ubuntu:14.04
|
||||
RUN apt-get update
|
||||
|
||||
# Install Ansible
|
||||
RUN apt-get install -y software-properties-common git
|
||||
RUN apt-add-repository -y ppa:ansible/ansible
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y ansible
|
||||
|
||||
COPY initctl_faker .
|
||||
RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl
|
||||
|
||||
# Install Ansible inventory file
|
||||
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
|
15
lemp-rhel7/roles/ansible-role-mysql/tests/centos-7-test.yml
Executable file
15
lemp-rhel7/roles/ansible-role-mysql/tests/centos-7-test.yml
Executable file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
mysql_packages:
|
||||
- mariadb
|
||||
- mariadb-server
|
||||
- mariadb-libs
|
||||
- MySQL-python
|
||||
- perl-DBD-MySQL
|
||||
mysql_daemon: mariadb
|
||||
mysql_log_error: /var/log/mariadb/mariadb.log
|
||||
mysql_syslog_tag: mariadb
|
||||
mysql_pid_file: /var/run/mariadb/mariadb.pid
|
||||
roles:
|
||||
- role_under_test
|
23
lemp-rhel7/roles/ansible-role-mysql/tests/initctl_faker
Executable file
23
lemp-rhel7/roles/ansible-role-mysql/tests/initctl_faker
Executable file
|
@ -0,0 +1,23 @@
|
|||
#!/bin/sh
|
||||
ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')"
|
||||
|
||||
case "$ALIAS_CMD" in
|
||||
start|stop|restart|reload|status)
|
||||
exec service $1 $ALIAS_CMD
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$1" in
|
||||
list )
|
||||
exec service --status-all
|
||||
;;
|
||||
reload-configuration )
|
||||
exec service $2 restart
|
||||
;;
|
||||
start|stop|restart|reload|status)
|
||||
exec service $2 $1
|
||||
;;
|
||||
\?)
|
||||
exit 0
|
||||
;;
|
||||
esac
|
1
lemp-rhel7/roles/ansible-role-mysql/tests/inventory
Executable file
1
lemp-rhel7/roles/ansible-role-mysql/tests/inventory
Executable file
|
@ -0,0 +1 @@
|
|||
localhost
|
4
lemp-rhel7/roles/ansible-role-mysql/tests/test.yml
Executable file
4
lemp-rhel7/roles/ansible-role-mysql/tests/test.yml
Executable file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- hosts: all
|
||||
roles:
|
||||
- role_under_test
|
9
lemp-rhel7/roles/ansible-role-mysql/vars/Debian.yml
Executable file
9
lemp-rhel7/roles/ansible-role-mysql/vars/Debian.yml
Executable file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
__mysql_daemon: mysql
|
||||
__mysql_packages:
|
||||
- mysql-common
|
||||
- mysql-server
|
||||
__mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log
|
||||
mysql_config_file: /etc/mysql/my.cnf
|
||||
mysql_config_include_dir: /etc/mysql/conf.d
|
||||
mysql_socket: /var/run/mysqld/mysqld.sock
|
9
lemp-rhel7/roles/ansible-role-mysql/vars/RedHat-6.yml
Executable file
9
lemp-rhel7/roles/ansible-role-mysql/vars/RedHat-6.yml
Executable file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
__mysql_daemon: mysqld
|
||||
__mysql_packages:
|
||||
- mysql
|
||||
- mysql-server
|
||||
__mysql_slow_query_log_file: /var/log/mysql-slow.log
|
||||
mysql_config_file: /etc/my.cnf
|
||||
mysql_config_include_dir: /etc/my.cnf.d
|
||||
mysql_socket: /var/lib/mysql/mysql.sock
|
15
lemp-rhel7/roles/ansible-role-mysql/vars/RedHat-7.yml
Executable file
15
lemp-rhel7/roles/ansible-role-mysql/vars/RedHat-7.yml
Executable file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
__mysql_daemon: mariadb
|
||||
__mysql_packages:
|
||||
- mariadb
|
||||
- mariadb-server
|
||||
- mariadb-libs
|
||||
- MySQL-python
|
||||
- perl-DBD-MySQL
|
||||
__mysql_slow_query_log_file: /var/log/mysql-slow.log
|
||||
mysql_log_error: /var/log/mariadb/mariadb.log
|
||||
mysql_syslog_tag: mariadb
|
||||
mysql_pid_file: /var/run/mariadb/mariadb.pid
|
||||
mysql_config_file: /etc/my.cnf
|
||||
mysql_config_include_dir: /etc/my.cnf.d
|
||||
mysql_socket: /var/lib/mysql/mysql.sock
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
# Handler to handle DB tier notifications
|
||||
|
||||
- name: restart mariadb
|
||||
service: name=mariadb state=restarted
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
# This playbook will install MariaDB and create db user and give permissions.
|
||||
|
||||
- name: Install MariaDB package
|
||||
yum: name={{ item }} state=installed
|
||||
with_items:
|
||||
- mariadb-server
|
||||
- MySQL-python
|
||||
- libselinux-python
|
||||
- libsemanage-python
|
||||
|
||||
- name: Create Mysql configuration file
|
||||
template: src=my.cnf.j2 dest=/etc/my.cnf
|
||||
notify:
|
||||
- restart mariadb
|
||||
|
||||
- name: Create MariaDB log file
|
||||
file: path=/var/log/mysqld.log state=touch owner=mysql group=mysql mode=0775
|
||||
|
||||
- name: Start MariaDB Service
|
||||
service: name=mariadb state=started enabled=yes
|
|
@ -1,11 +0,0 @@
|
|||
[mysqld]
|
||||
datadir=/var/lib/mysql
|
||||
socket=/var/lib/mysql/mysql.sock
|
||||
user=mysql
|
||||
# Disabling symbolic-links is recommended to prevent assorted security risks
|
||||
symbolic-links=0
|
||||
port={{ mysql_port }}
|
||||
|
||||
[mysqld_safe]
|
||||
log-error=/var/log/mysqld.log
|
||||
pid-file=/var/run/mariadb/mysqld.pid
|
|
@ -6,6 +6,6 @@
|
|||
|
||||
roles:
|
||||
- common
|
||||
- mariadb
|
||||
- ansible-role-mysql
|
||||
- ansible-role-nginx
|
||||
- ansible-role-php
|
||||
|
|
Loading…
Reference in a new issue