Update to 2021-12-01 19:13

roles/mysql_server/defaults/main.yml

@@ -0,0 +1,44 @@
+---
+
+mysql_port: 3306
+mysql_networking: True
+mysql_src_ip: []
+mysql_innodb_file_per_table: True
+mysql_innodb_buffer_pool_size: "{{ (ansible_memtotal_mb * 0.2) | int }}M"
+#mysql_innodb_buffer_pool_instances: 8
+mysql_innodb_log_buffer_size: 8M
+mysql_innodb_flush_log_at_trx_commit: 2
+mysql_innodb_flush_method: O_DIRECT
+mysql_open_files_limit: 8192
+mysql_max_allowed_packet: 32M
+mysql_max_connections: 300
+
+# Engine can be either mariadb or mysql
+mysql_engine: mariadb
+
+mysql_sql_mode: []
+#  - ERROR_FOR_DIVISION_BY_ZERO
+#  - NO_AUTO_CREATE_USER
+#  - NO_ENGINE_SUBSTITUTION
+
+# Databases and users to create
+mysql_databases: []
+mysql_users: []
+
+# Databases and users to remove
+# Eg:
+# mysql_databases_to_remove:
+#   - vtiger
+# mysql_users_to_remove:
+#   - name: vtiger
+#     host: 10.99.3.10
+#
+mysql_databases_to_remove: []
+mysql_users_to_remove: []
+
+# Command to use to compress dumps. Will read from stdin and write to stdout. Set to False to disable compression
+mysql_compress_cmd: zstd -T0 -c
+
+# List of database which shouldn't be backed up
+mysql_skip_backup: []
+...

roles/mysql_server/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- include: ../common/handlers/main.yml
+
+- name: restart mysql
+  service: name={{ mysql_service_name }} state=restarted enabled=yes
+
+- name: mysql_upgrade
+  command: mysql_upgrade
+...

roles/mysql_server/meta/main.yml

@@ -0,0 +1,6 @@
+---
+
+dependencies:
+  - role: repo_mariadb
+    when: mysql_engine == 'mariadb'
+  - role: mkdir

roles/mysql_server/tasks/main.yml

@@ -0,0 +1,132 @@
+---
+
+- name: set service name
+  set_fact: mysql_service_name={{ (mysql_engine == 'mysql') | ternary('mysqld','mariadb') }}
+  tags: mysql
+
+- name: Remove mariadb repo
+  file: path=/etc/yum.repos.d/mariadb.repo state=absent
+  when: mysql_engine == 'mysql'
+  tags: mysql
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+  tags: mysql
+
+- name: Install server and client packages
+  package: name={{ mysql_server_packages }}
+  tags: mysql
+
+- name: Deploy backup scripts
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mysql mode=755
+  loop:
+    - pre
+    - post
+  tags: mysql
+
+- name: Remove old backup hooks
+  file: path=/etc/backup/{{ item }} state=absent
+  loop:
+    - pre.d/mariadb_create_dumps.sh
+    - post.d/mariadb_delete_dumps.sh
+    - pre.d/mariadb
+    - post.d/mariadb
+  tags: mysql
+
+- name: Create system override directory
+  file: path=/etc/systemd/system/{{ mysql_service_name }}.service.d/ state=directory
+  tags: mysql
+
+- name: Modify the service unit
+  template: src=systemd_limits.conf.j2 dest=/etc/systemd/system/{{ mysql_service_name }}.service.d/limits.conf
+  register: mysql_unit
+  notify: restart mysql
+  tags: mysql
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: mysql_unit.changed
+  tags: mysql
+
+- name: Deploy my.cnf
+  template: src=my.cnf.j2 dest=/etc/my.cnf
+  notify: restart mysql
+  tags: mysql
+
+- name: Start and enable the server
+  service: name={{ mysql_service_name }} state=started enabled=True
+  tags: mysql
+
+- name: Check if we need to create a password for the root user
+  stat: path=/root/.my.cnf
+  register: my_no_cnf
+  tags: mysql
+
+- name: Generate a random password for user root
+  command: openssl rand -base64 45
+  register: my_root_pass
+  when: not my_no_cnf.stat.exists
+  tags: mysql
+
+- name: Set root password
+  command: mysqladmin password "{{ my_root_pass.stdout }}"
+  when:
+    - not my_no_cnf.stat.exists
+    - my_root_pass.stdout is defined
+  tags: mysql
+
+- name: Deploy /root/.my.cnf
+  template: src=root_my.cnf.j2 dest=/root/.my.cnf
+  when:
+    - not my_no_cnf.stat.exists
+    - my_root_pass.stdout is defined
+  tags: mysql
+
+- name: Remove anonymous user
+  mysql_user: name='' host_all=yes state=absent
+  tags: mysql
+
+- name: Remove the test database
+  mysql_db: name=test state=absent
+  tags: mysql
+
+- name: Handle service port
+  iptables_raw:
+    name: mysql_port
+    state: "{{ (mysql_src_ip is defined and mysql_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mysql_port | default('3306') }} -s {{ mysql_src_ip | join(',') }} -j ACCEPT"
+  when: iptables_manage | default(True)
+  tags: mysql,firewall
+
+- name: Create database admin
+  mysql_user: name=sqladmin password={{ mysql_admin_pass }} host="%" priv="*.*:ALL,GRANT" state=present
+  tags: mysql
+
+- name: Create databases
+  mysql_db: name={{ item }} state=present
+  with_items: "{{ mysql_databases | default([]) }}"
+  tags: mysql
+
+- name: Create mysql users
+  mysql_user: name={{ item.name }} password={{ item.password }} priv={{ item.privileges }} host={{ item.host | default('localhost') }} state=present
+  with_items: "{{ mysql_users | default([]) }}"
+  when:
+    - item.name is defined
+    - item.password is defined
+    - item.privileges is defined
+  tags: mysql
+
+- name: Remove databases
+  mysql_db: name={{ item }} state=absent
+  with_items: "{{ mysql_databases_to_remove }}"
+  tags: mysql
+
+- name: Remove users
+  mysql_user: name={{ item.name }} host={{ item.host | default(omit) }} state=absent
+  with_items: "{{ mysql_users_to_remove }}"
+  tags: mysql
+...

roles/mysql_server/templates/my.cnf.j2

@@ -0,0 +1,47 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+symbolic-links=0
+{% if not mysql_networking | default(False) %}
+skip-networking
+{% endif %}
+{% if mysql_innodb_file_per_table | default(True) %}
+innodb_file_per_table
+{% endif %}
+{% if mysql_innodb_buffer_pool_size is defined %}
+innodb_buffer_pool_size={{ mysql_innodb_buffer_pool_size }}
+{% endif %}
+{% if mysql_innodb_buffer_pool_instances is defined %}
+innodb_buffer_pool_instances={{ mysql_innodb_buffer_pool_instances }}
+{% endif %}
+{% if mysql_innodb_log_buffer_size is defined %}
+innodb_log_buffer_size={{ mysql_innodb_log_buffer_size }}
+{% endif %}
+{% if mysql_innodb_flush_log_at_trx_commit is defined %}
+innodb_flush_log_at_trx_commit={{ mysql_innodb_flush_log_at_trx_commit }}
+{% endif %}
+{% if mysql_innodb_flush_method is defined %}
+innodb_flush_method={{ mysql_innodb_flush_method }}
+{% endif %}
+{% if mysql_innodb_log_file_size is defined %}
+innodb_log_file_size={{ mysql_innodb_log_file_size }}
+{% endif %}
+
+{% if mysql_sql_mode | length > 0 %}
+sql_mode = {{ mysql_sql_mode | join(',') }}
+{% endif %}
+
+max_allowed_packet={{ mysql_max_allowed_packet | default('16M') }}
+open_files_limit={{ mysql_open_files_limit | default('8192') }}
+max_connections={{ mysql_max_connections | default('300') }}
+
+[mysqld_safe]
+{% if mysql_engine == 'mysql' %}
+log-error=/var/log/mysql/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
+{% else %}
+log-error=/var/log/mariadb/mariadb.log
+pid-file=/var/run/mariadb/mariadb.pid
+{% endif %}
+
+!includedir /etc/my.cnf.d

roles/mysql_server/templates/post-backup.j2

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+{% if mysql_remove_dump_after_backup | default(True) %}
+rm -f /home/lbkp/mysql/*.sql*
+{% endif %}

roles/mysql_server/templates/pre-backup.j2

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -eo pipefail
+
+# Get the .my.cnf from root
+HOME=/root
+PATH=/usr/bin:$PATH
+DEST=/home/lbkp/mysql
+
+[ -d $DEST ] || mkdir -p $DEST
+
+for DB in $(/usr/bin/mysqlshow | /bin/awk '{print $2}' | /bin/grep -v Databases)
+do
+  if [[ "$DB" == "information_schema" ]]; then
+    continue
+  fi
+{% for db in mysql_skip_backup %}
+  # {{ db }} is configured not to be backed up
+  if [[ "$DB" == "{{ db }}" ]]; then
+    echo "Skiping $DB as per configuration"
+    continue
+  fi
+{% endfor %}
+{% if mysql_compress_cmd %}
+{% if mysql_compress_cmd is search('p?xz') %}
+{% set compext = 'xz' %}
+{% elif mysql_compress_cmd is search('p?bzip2') %}
+{% set compext = 'bz2' %}
+{% elif mysql_compress_cmd is search('(pi)?gz') %}
+{% set compext = 'gz' %}
+{% elif mysql_compress_cmd is search('lzop') %}
+{% set compext = 'lzo' %}
+{% elif mysql_compress_cmd is search('lz4') %}
+{% set compext = 'lz4' %}
+{% elif mysql_compress_cmd is search('zstd') %}
+{% set compext = 'zst' %}
+{% else %}
+{% set compext = 'z' %}
+{% endif %}
+  echo "Dumping $DB to $DEST/$DB.sql.{{ compext }}"
+  /usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB | /bin/nice -n 10 {{ mysql_compress_cmd }} > $DEST/$DB.sql.{{ compext }}
+{% else %}
+  echo "Dumping $DB to $DEST/$DB.sql"
+  /usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB -r $DEST/$DB.sql
+{% endif %}
+done

roles/mysql_server/templates/root_my.cnf.j2

@@ -0,0 +1,2 @@
+[client]
+password={{ my_root_pass.stdout }}

roles/mysql_server/templates/systemd_limits.conf.j2

@@ -0,0 +1,5 @@
+[Service]
+LimitNOFILE={{ mysql_open_files_limit | default('8192') }}
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=1

roles/mysql_server/vars/RedHat-7.yml

@@ -0,0 +1,7 @@
+---
+
+mysql_server_packages:
+  - "{{ (mysql_engine == 'mysql') | ternary('mysql-server','mariadb-server') }}"
+  - "{{ (mysql_engine == 'mysql') | ternary('mysql','mariadb') }}"
+  - MySQL-python
+

roles/mysql_server/vars/RedHat-8.yml

@@ -0,0 +1,6 @@
+---
+
+mysql_server_packages:
+  - "{{ (mysql_engine == 'mysql') | ternary('mysql-server','mariadb-server') }}"
+  - "{{ (mysql_engine == 'mysql') | ternary('mysql','mariadb') }}"
+  - python3-mysql

roles/mysql_server/vars/defaults.yml

@@ -0,0 +1,6 @@
+---
+
+mysql_server_packages:
+  - mariadb-server
+  - mariadb
+  - MySQL-python