jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-31 19:55:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-03-19 19:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-03-19 19:00:07 +01:00
parent 4bdecbaba3
commit c4a7f11445
8 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/mysql_server/defaults/main.yml
View File

@@ -13,6 +13,15 @@ mysql_open_files_limit: 8192
mysql_max_allowed_packet: 32M
mysql_max_connections: 300
# If mysql_letsencrypt_cert is defined, it'll turn SSL on and configure cert to use
# mysql_letsencrypt_cert: mysql.example.org
# ELse, it's possible to configure SSL manually
mysql_ssl: "{{ (mysql_letsencrypt_cert is defined) | ternary(True, False) }}"
mysql_ssl_cert: /etc/my.ssl/server.crt
mysql_ssl_key: /etc/my.ssl/server.key
mysql_ssl_ca: /etc/pki/tls/cert.pem
# Engine can be either mariadb or mysql
mysql_engine: mariadb

17
roles/mysql_server/tasks/main.yml
View File

@@ -21,6 +21,23 @@
package: name={{ mysql_server_packages }}
tags: mysql
- name: Create ssl directory
file: path=/etc/my.ssl state=directory owner=root group=mysql mode=750
tags: mysql
- name: Create default self-signed cert
import_tasks: ../includes/create_selfsigned_cert.yml
vars:
- cert_path: /etc/my.ssl/server.crt
- cert_key_path: /etc/my.ssl/server.key
- cert_key_group: mysql
- cert_key_mode: '640'
tags: mysql
- name: Deploy dehydrated hook
template: src=dehydrated_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/mysql mode=755
tags: mysql
- name: Deploy backup scripts
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mysql mode=755
loop:

20
roles/mysql_server/templates/dehydrated_hook.j2 Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
{% if mysql_letsencrypt_cert is defined %}
if [ $1 == "{{ pg_letsencrypt_cert }}" ]; then
cp /var/lib/dehydrated/certificates/certs/{{ mysql_letsencrypt_cert }}/fullchain.pem /etc/my.ssl/server.crt
cp /var/lib/dehydrated/certificates/certs/{{ mysql_letsencrypt_cert }}/privkey.pem /etc/my.ssl/server.key
chown root:mysql /etc/my.ssl/server.key
chown root:root /etc/my.ssl/server.crt
chmod 640 /etc/my.ssl/server.key
chmod 644 /etc/my.ssl/server.crt
mysql -e 'FLUSH SSL;'
fi
{% else %}
# No Let's Encrypt cert configured, nothing to do
exit 0
{% endif %}

6
roles/mysql_server/templates/my.cnf.j2
View File

@@ -35,6 +35,12 @@ max_allowed_packet={{ mysql_max_allowed_packet | default('16M') }}
open_files_limit={{ mysql_open_files_limit | default('8192') }}
max_connections={{ mysql_max_connections | default('300') }}
{% if mysql_ssl %}
ssl_cert={{ mysql_ssl_cert }}
ssl_key={{ mysql_ssl_key }}
ssl_ca={{ mysql_ssl_ca }}
{% endif %}
[mysqld_safe]
{% if mysql_engine == 'mysql' %}
log-error=/var/log/mysql/mysqld.log