majic-ansible-roles Files · roles/database

Files @ 9ca9c3ada58a

Branch filter:

Location: majic-ansible-roles/roles/database_server/tasks/main.yml

9ca9c3ada58a 3.2 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-181: Use Debian-provided Prosody package for testing optional parameter:

- Still properly tests the role, while at the same time making it
possible to use custom apt repository for Debian Buster (due to
Prosody project dropping all repository archives for it).

---

- name: Install MariaDB
  apt:
    name:
      - mariadb-client
      - mariadb-server
      - python3-pymysql
    state: present

- name: Enable and start MariaDB
  service:
    name: mysql
    state: started
    enabled: true

- name: Check if root user authentication is based on use of unix_socket module
  command: mysql --skip-column-names -B -e "select 1 from mysql.user where user='root' and host='localhost' and plugin='unix_socket';"
  register: "root_using_unix_socket_authentication"
  changed_when: false

# @TODO: It should be possible to replace this with mysql_user
#        invocation once MAR gets upgraded to use Ansible 2.10.x,
#        where mysql_user module has support for specifying the
#        authentication plugin. Once the switch is done, the above
#        task that registers the root_using_unix_socket_authentication
#        variable can be dropped as well.
- name: Set-up unix socket authentication for the root user
  command: mysql --skip-column-names -B -e "grant all privileges on *.* to root@localhost identified via unix_socket;"
  when: "not root_using_unix_socket_authentication.stdout"

- name: Check if there are any root-like database accounts available where host is not localhost
  command: mysql --skip-column-names -B -e "select 1 from mysql.user where user='root' and host!='localhost';"
  register: "additional_root_users"
  changed_when: false

- name: Drop all excess root user logins
  command:
    argv:
      - "mysql"
      - "-N"
      - "-B"
      - "-e"
      - "delete from mysql.user where User='root' and Host != 'localhost'; flush privileges;"
  when: "additional_root_users.stdout"

- name: Remove (now deprecated) my.cnf configuration file for the root database user
  file:
    path: "/root/.my.cnf"
    state: absent

- name: Check if Debian system maintenance configuration file uses the root account
  command: "grep -q 'user.*=.*root' /etc/mysql/debian.cnf"
  register: debian_maintenance_configuration_uses_root
  failed_when: false
  changed_when: false

- name: Deploy Debian system maintenance configuration file that uses root account
  copy:
    src: "debian.cnf"
    dest: "/etc/mysql/debian.cnf"
    owner: root
    group: root
    mode: 0600
  when: "debian_maintenance_configuration_uses_root.rc != 0"

- name: Drop the dedicated Debian system maintenance user
  mysql_user:
    name: "debian-sys-maint"
    state: absent
    login_unix_socket: "/var/run/mysqld/mysqld.sock"

- name: Set UTF-8 encoding as default for MariaDB
  copy:
    src: "utf8.cnf"
    dest: "/etc/mysql/mariadb.conf.d/90-utf8.cnf"
    owner: root
    group: root
    mode: 0644
  register: mariadb_utf8_configuration

- name: Restart MariaDB in order to use UTF-8 as default character set  # noqa 503
  # [503] Tasks that run when changed should likely be handlers
  #   UTF-8 configuration must be applied immediatelly in order to ensure that
  #   subsequent tasks that create databases will end-up with correct (UTF-8)
  #   encoding. Otherwise they will be created using default latin1.
  service:
    name: mysql
    state: restarted
  when: mariadb_utf8_configuration.changed

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers