From cff00f04c7669a3cc2a4629590b5aef36ce24980 Mon Sep 17 00:00:00 2001
From: Marcel Nijenhof <marceln@pion.xs4all.nl>
Date: Thu, 6 May 2021 14:46:09 +0200
Subject: [PATCH] Eerste grote update:  - Wissen standaard accounts  - Zetten
 root password  - Aanmaken databases  - Aanmaken gebruikers per database  -
 Lege files klaar zetten voor backup, slave, config

---
 inventory/group_vars/mysql_dev.yml   | 49 ++++++++++++++++++++++++++++
 inventory/hosts                      |  7 ++++
 roles/mysql/defaults/main.yml        |  2 +-
 roles/mysql/handlers/main.yml        |  5 +--
 roles/mysql/meta/main.yml            |  4 +--
 roles/mysql/tasks/filesystem.yml     | 28 ----------------
 roles/mysql/tasks/install.yml        | 11 ++-----
 roles/mysql/tasks/main.yml           | 13 +++++---
 roles/mysql/tasks/mysql_backup.yml   |  4 +++
 roles/mysql/tasks/mysql_config.yml   |  4 +++
 roles/mysql/tasks/mysql_db.yml       | 26 +++++++--------
 roles/mysql/tasks/mysql_db_users.yml | 11 +++++++
 roles/mysql/tasks/mysql_nodes.yml    |  7 ++++
 roles/mysql/tasks/mysql_slaves.yml   |  4 +++
 roles/mysql/tasks/mysql_user.yml     | 42 +++++++++++-------------
 roles/mysql/templates/my.cnf.j2      | 11 +++++++
 roles/mysql/tests/test.yml           |  2 +-
 roles/mysql/vars/main.yml            |  2 +-
 18 files changed, 143 insertions(+), 89 deletions(-)
 create mode 100644 inventory/group_vars/mysql_dev.yml
 create mode 100644 inventory/hosts
 delete mode 100644 roles/mysql/tasks/filesystem.yml
 create mode 100644 roles/mysql/tasks/mysql_backup.yml
 create mode 100644 roles/mysql/tasks/mysql_config.yml
 create mode 100644 roles/mysql/tasks/mysql_db_users.yml
 create mode 100644 roles/mysql/tasks/mysql_nodes.yml
 create mode 100644 roles/mysql/tasks/mysql_slaves.yml
 create mode 100644 roles/mysql/templates/my.cnf.j2

diff --git a/inventory/group_vars/mysql_dev.yml b/inventory/group_vars/mysql_dev.yml
new file mode 100644
index 0000000..014f632
--- /dev/null
+++ b/inventory/group_vars/mysql_dev.yml
@@ -0,0 +1,49 @@
+--- 
+mysql_root_password: TODO-Vault
+nfsdir: /var/backup/mysql
+
+
+db_clients:
+  - h1
+  - localhost
+
+nodes:
+  - node: h112
+    slaves:
+      - h235:
+    db:
+      - name: db1
+        users:
+          - name: db1_admin
+            password: TODO-Vault
+            priv: ALL
+          - name: db1_user
+            password: TODO-Vault
+            priv: "select,insert,update,delete"
+          - name: db1_read
+            password: TODO-Vault
+            priv: "select"
+          - name: db1_absent
+            password: TODO-Vault
+            priv: "select"
+            state: absent
+      - name: db2
+        users:
+          - name: db2_admin
+            password: TODO-Vault
+            priv: ALL
+  - node: h235
+    slaves:
+      - h112:
+    db:
+      - name: db3
+        users:
+          - name: db3_admin
+            password: TODO-Vault
+            priv: ALL
+      - name: db4
+        state: absent
+        users:
+          - name: db4_admin
+            password: TODO-Vault
+            priv: ALL
diff --git a/inventory/hosts b/inventory/hosts
new file mode 100644
index 0000000..d34d826
--- /dev/null
+++ b/inventory/hosts
@@ -0,0 +1,7 @@
+---
+mysql_dev:
+  hosts:
+    h112:
+      ansible_user: root
+    h235:
+      ansible_user: root
diff --git a/roles/mysql/defaults/main.yml b/roles/mysql/defaults/main.yml
index c72b47b..e1a355a 100644
--- a/roles/mysql/defaults/main.yml
+++ b/roles/mysql/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-# defaults file for dbnode
+# defaults file for mysql
\ No newline at end of file
diff --git a/roles/mysql/handlers/main.yml b/roles/mysql/handlers/main.yml
index 624e51c..fcc2221 100644
--- a/roles/mysql/handlers/main.yml
+++ b/roles/mysql/handlers/main.yml
@@ -1,5 +1,2 @@
 ---
-- name: Restart MariaDB service
-  service:
-    name: mariadb
-    state: restarted
+# handlers file for mysql
\ No newline at end of file
diff --git a/roles/mysql/meta/main.yml b/roles/mysql/meta/main.yml
index 6fae453..227ad9c 100644
--- a/roles/mysql/meta/main.yml
+++ b/roles/mysql/meta/main.yml
@@ -50,6 +50,4 @@ galaxy_info:
 dependencies: []
   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
   # if you add dependencies to this list.
-  
-collections:
-  - community.mysql
+  
\ No newline at end of file
diff --git a/roles/mysql/tasks/filesystem.yml b/roles/mysql/tasks/filesystem.yml
deleted file mode 100644
index 46604e1..0000000
--- a/roles/mysql/tasks/filesystem.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- name: Create volume group vgdata
-  lvg:
-    vg: vgdata
-    pvs: /dev/sdc
-
-- name: "Create a logical volume lv_var_lib_mysql of size: {{ disk_var_lib_mysql_size }}"
-  lvol:
-    vg: vgdata
-    lv: lv_var_lib_mysql
-    size: "{{ disk_var_lib_mysql_size }}"
-
-- name: Create a xfs filesystem on /dev/vgdata/lv_var_lib_mysql
-  filesystem:
-    fstype: xfs
-    dev: /dev/vgdata/lv_var_lib_mysql
-
-- name: Create directory /var/lib/mysql
-  file:
-    path: /var/lib/mysql
-    state: directory
-
-- name: Mount /var/lib/mysql
-  mount:
-    path: /var/lib/mysql
-    src: /dev/vgdata/lv_var_lib_mysql
-    fstype: xfs
-    state: mounted
diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml
index b9885f4..eeb3a00 100644
--- a/roles/mysql/tasks/install.yml
+++ b/roles/mysql/tasks/install.yml
@@ -1,12 +1,7 @@
 ---
 - name: Install the MariaDB packages
   dnf:
-    name: [mariadb-server, python3-pip]
+    name:
+     - mariadb-server
+     - python3-PyMySQL
     state: present
-
-- name: "Install python packages"
-  pip:
-    name: "{{ python_packages }}"
-  environment:
-    HTTP_PROXY: "{{ webproxy }}"
-    HTTPS_PROXY: "{{ webproxy }}"
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
index e8d5b76..69d83c2 100644
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -1,6 +1,9 @@
 ---
-- include_tasks: filesystem.yml
-- include_tasks: install.yml
-- include_tasks: service.yml
-- include_tasks: mysql_user.yml
-- include_tasks: mysql_db.yml
+#- include_tasks: install.yml
+#- include_tasks: mysql_config.yml
+#- include_tasks: service.yml
+#- include_tasks: mysql_user.yml
+- include_tasks: mysql_nodes.yml
+#- include_tasks: mysql_db.yml
+#- include_tasks: mysql_slaves.yml
+#- include_tasks: mysql_backup.yml
diff --git a/roles/mysql/tasks/mysql_backup.yml b/roles/mysql/tasks/mysql_backup.yml
new file mode 100644
index 0000000..25df079
--- /dev/null
+++ b/roles/mysql/tasks/mysql_backup.yml
@@ -0,0 +1,4 @@
+---
+- name: todo backup
+  debug:
+    msg: "todo backup"
diff --git a/roles/mysql/tasks/mysql_config.yml b/roles/mysql/tasks/mysql_config.yml
new file mode 100644
index 0000000..8679372
--- /dev/null
+++ b/roles/mysql/tasks/mysql_config.yml
@@ -0,0 +1,4 @@
+---
+- name: todo config
+  debug:
+    msg: "todo config"
diff --git a/roles/mysql/tasks/mysql_db.yml b/roles/mysql/tasks/mysql_db.yml
index 42cd7cb..b0d6980 100644
--- a/roles/mysql/tasks/mysql_db.yml
+++ b/roles/mysql/tasks/mysql_db.yml
@@ -1,18 +1,14 @@
 ---
-- name: Create a database with name 'lavs_alfresco'
+- name: Create databases
   community.mysql.mysql_db:
     check_implicit_admin: yes
-    name: lavs_alfresco
-    state: present
-
-- name: Create a database with name 'lavs_zm'
-  community.mysql.mysql_db:
-    check_implicit_admin: yes
-    name: lavs_zm
-    state: present
-
-- name: Create a database with name 'lavs_systeem'
-  community.mysql.mysql_db:
-    check_implicit_admin: yes
-    name: lavs_systeem
-    state: present
+    name: "{{ db.name }}"
+    state: "{{ db.state|default('present') }}"
+  loop: "{{ node.db }}"
+  loop_control:
+    loop_var: db
+- name: Create users for db
+  include_tasks: mysql_db_users.yml
+  loop: "{{ node.db }}"
+  loop_control:
+    loop_var: db
diff --git a/roles/mysql/tasks/mysql_db_users.yml b/roles/mysql/tasks/mysql_db_users.yml
new file mode 100644
index 0000000..dc2e4fb
--- /dev/null
+++ b/roles/mysql/tasks/mysql_db_users.yml
@@ -0,0 +1,11 @@
+---
+- name: Create users
+  community.mysql.mysql_user:
+    name: "{{ user[0].name }}"
+    password: "{{ user[0].password }}"
+    state: "{{ user[0].state|default(db.state)|default('present') }}"
+    host: "{{ user[1] }}"
+    priv: "{{db.name}}.*:{{ user[0].priv|default('ALL') }}"
+  loop: "{{ db.users|product(db_clients)|list }}"
+  loop_control:
+    loop_var: user
diff --git a/roles/mysql/tasks/mysql_nodes.yml b/roles/mysql/tasks/mysql_nodes.yml
new file mode 100644
index 0000000..df3cabc
--- /dev/null
+++ b/roles/mysql/tasks/mysql_nodes.yml
@@ -0,0 +1,7 @@
+---
+- name: Loop over nodes to create db
+  include_tasks: mysql_db.yml
+  with_items: "{{ nodes }}"
+  loop_control:
+    loop_var: node
+  when: (ansible_nodename == node.node)
diff --git a/roles/mysql/tasks/mysql_slaves.yml b/roles/mysql/tasks/mysql_slaves.yml
new file mode 100644
index 0000000..1014120
--- /dev/null
+++ b/roles/mysql/tasks/mysql_slaves.yml
@@ -0,0 +1,4 @@
+---
+- name: todo slaves
+  debug:
+    msg: "todo slaves"
diff --git a/roles/mysql/tasks/mysql_user.yml b/roles/mysql/tasks/mysql_user.yml
index add33b3..78a2ab3 100644
--- a/roles/mysql/tasks/mysql_user.yml
+++ b/roles/mysql/tasks/mysql_user.yml
@@ -4,30 +4,26 @@
     name: root
     host: "{{ ansible_fqdn }}"
     state: absent
-
-- name: "Create lavs user for {{ ansible_fqdn }}"
+- name: Remove remote root account (::1)
   community.mysql.mysql_user:
-    name: lavs
-    password: "{{ db_lavs_password }}"
-    host: "{{ db_remote_host }}"
-    state: present
-    priv:
-      'lavs_alfresco.*': 'ALL'
-
-- name: "Create zm_user user for {{ ansible_fqdn }}"
+    name: root
+    host: ::1
+    state: absent
+- name: Remove remote root account (127.0.0.1)
   community.mysql.mysql_user:
-    name: zm_user
-    password: "{{ db_zm_user_password }}"
-    host: "{{ db_remote_host }}"
-    state: present
-    priv:
-      'lavs_zm.*': 'ALL'
-
-- name: "Create lars_user user for {{ ansible_fqdn }}"
+    name: root
+    host: 127.0.0.1
+    state: absent
+- name: Set root password for root@localhost
   community.mysql.mysql_user:
-    name: lars_user
-    password: "{{ db_lars_user_password }}"
-    host: "{{ db_remote_host }}"
+    name: root
+    host: localhost
+    password: "{{ mysql_root_password }}"
     state: present
-    priv:
-      'lavs_systeem.*': 'ALL'
+- name: Create my.cnf
+  ansible.builtin.template:
+    src: my.cnf.j2
+    dest: /root/.my.cnf
+    owner: root
+    group: root
+    mode: 0600
diff --git a/roles/mysql/templates/my.cnf.j2 b/roles/mysql/templates/my.cnf.j2
new file mode 100644
index 0000000..896ba2b
--- /dev/null
+++ b/roles/mysql/templates/my.cnf.j2
@@ -0,0 +1,11 @@
+[client]
+user=root
+password={{ mysql_root_password }}
+
+[mysql]
+user=root
+password={{ mysql_root_password }}
+
+[mariabackup]
+user=root
+password={{ mysql_root_password }}
diff --git a/roles/mysql/tests/test.yml b/roles/mysql/tests/test.yml
index 9392ab3..d348bdb 100644
--- a/roles/mysql/tests/test.yml
+++ b/roles/mysql/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - dbnode
\ No newline at end of file
+    - mysql
\ No newline at end of file
diff --git a/roles/mysql/vars/main.yml b/roles/mysql/vars/main.yml
index adb961b..2fc05a3 100644
--- a/roles/mysql/vars/main.yml
+++ b/roles/mysql/vars/main.yml
@@ -1,2 +1,2 @@
 ---
-python_packages: [pymysql >= 1.0.2]
+# vars file for mysql
\ No newline at end of file