---

- name: Install MariaDB
  apt:
    name:
      - mariadb-client
      - mariadb-server
      - python3-pymysql
    state: present

- name: Enable and start MariaDB
  service:
    name: mysql
    state: started
    enabled: true

- name: Check if root user authentication is based on use of unix_socket module
  command: mysql --skip-column-names -B -e "select 1 from mysql.user where user='root' and host='localhost' and plugin='unix_socket';"
  register: "root_using_unix_socket_authentication"
  changed_when: false

# @TODO: It should be possible to replace this with mysql_user
#        invocation once MAR gets upgraded to use Ansible 2.10.x,
#        where mysql_user module has support for specifying the
#        authentication plugin. Once the switch is done, the above
#        task that registers the root_using_unix_socket_authentication
#        variable can be dropped as well.
- name: Set-up unix socket authentication for the root user
  command: mysql --skip-column-names -B -e "grant all privileges on *.* to root@localhost identified via unix_socket;"
  when: "not root_using_unix_socket_authentication.stdout"

- name: Check if there are any root-like database accounts available where host is not localhost
  command: mysql --skip-column-names -B -e "select 1 from mysql.user where user='root' and host!='localhost';"
  register: "additional_root_users"
  changed_when: false

- name: Drop all excess root user logins
  command:
    argv:
      - "mysql"
      - "-N"
      - "-B"
      - "-e"
      - "delete from mysql.user where User='root' and Host != 'localhost'; flush privileges;"
  when: "additional_root_users.stdout"

- name: Remove (now deprecated) my.cnf configuration file for the root database user
  file:
    path: "/root/.my.cnf"
    state: absent

- name: Check if Debian system maintenance configuration file uses the root account
  command: "grep -q 'user.*=.*root' /etc/mysql/debian.cnf"
  register: debian_maintenance_configuration_uses_root
  failed_when: false
  changed_when: false

- name: Deploy Debian system maintenance configuration file that uses root account
  copy:
    src: "debian.cnf"
    dest: "/etc/mysql/debian.cnf"
    owner: root
    group: root
    mode: 0600
  when: "debian_maintenance_configuration_uses_root.rc != 0"

- name: Drop the dedicated Debian system maintenance user
  mysql_user:
    name: "debian-sys-maint"
    state: absent
    login_unix_socket: "/var/run/mysqld/mysqld.sock"

- name: Set UTF-8 encoding as default for MariaDB
  copy:
    src: "utf8.cnf"
    dest: "/etc/mysql/mariadb.conf.d/90-utf8.cnf"
    owner: root
    group: root
    mode: 0644
  register: mariadb_utf8_configuration

- name: Restart MariaDB in order to use UTF-8 as default character set  # noqa 503
  # [503] Tasks that run when changed should likely be handlers
  #   UTF-8 configuration must be applied immediatelly in order to ensure that
  #   subsequent tasks that create databases will end-up with correct (UTF-8)
  #   encoding. Otherwise they will be created using default latin1.
  service:
    name: mysql
    state: restarted
  when: mariadb_utf8_configuration.changed

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers