Eerste grote update:

- Wissen standaard accounts - Zetten root password - Aanmaken databases - Aanmaken gebruikers per database - Lege files klaar zetten voor backup, slave, config
2021-05-06 14:46:09 +02:00
parent bf1c4d86e7
commit cff00f04c7
18 changed files with 143 additions and 89 deletions
--- a/inventory/group_vars/mysql_dev.yml
+++ b/inventory/group_vars/mysql_dev.yml
@@ -0,0 +1,49 @@
+--- 
+mysql_root_password: TODO-Vault
+nfsdir: /var/backup/mysql
+
+
+db_clients:
+  - h1
+  - localhost
+
+nodes:
+  - node: h112
+    slaves:
+      - h235:
+    db:
+      - name: db1
+        users:
+          - name: db1_admin
+            password: TODO-Vault
+            priv: ALL
+          - name: db1_user
+            password: TODO-Vault
+            priv: "select,insert,update,delete"
+          - name: db1_read
+            password: TODO-Vault
+            priv: "select"
+          - name: db1_absent
+            password: TODO-Vault
+            priv: "select"
+            state: absent
+      - name: db2
+        users:
+          - name: db2_admin
+            password: TODO-Vault
+            priv: ALL
+  - node: h235
+    slaves:
+      - h112:
+    db:
+      - name: db3
+        users:
+          - name: db3_admin
+            password: TODO-Vault
+            priv: ALL
+      - name: db4
+        state: absent
+        users:
+          - name: db4_admin
+            password: TODO-Vault
+            priv: ALL
--- a/inventory/hosts
+++ b/inventory/hosts
@@ -0,0 +1,7 @@
+---
+mysql_dev:
+  hosts:
+    h112:
+      ansible_user: root
+    h235:
+      ansible_user: root
--- a/roles/mysql/defaults/main.yml
+++ b/roles/mysql/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-# defaults file for dbnode
+# defaults file for mysql
--- a/roles/mysql/handlers/main.yml
+++ b/roles/mysql/handlers/main.yml
@@ -1,5 +1,2 @@
 ---
- name: Restart MariaDB service
-  service:
-    name: mariadb
-    state: restarted
+# handlers file for mysql
--- a/roles/mysql/meta/main.yml
+++ b/roles/mysql/meta/main.yml
@@ -51,5 +51,3 @@ dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
  
-collections:
-  - community.mysql
--- a/roles/mysql/tasks/filesystem.yml
+++ b/roles/mysql/tasks/filesystem.yml
@@ -1,28 +0,0 @@
---
- name: Create volume group vgdata
-  lvg:
-    vg: vgdata
-    pvs: /dev/sdc
-
- name: "Create a logical volume lv_var_lib_mysql of size: {{ disk_var_lib_mysql_size }}"
-  lvol:
-    vg: vgdata
-    lv: lv_var_lib_mysql
-    size: "{{ disk_var_lib_mysql_size }}"
-
- name: Create a xfs filesystem on /dev/vgdata/lv_var_lib_mysql
-  filesystem:
-    fstype: xfs
-    dev: /dev/vgdata/lv_var_lib_mysql
-
- name: Create directory /var/lib/mysql
-  file:
-    path: /var/lib/mysql
-    state: directory
-
- name: Mount /var/lib/mysql
-  mount:
-    path: /var/lib/mysql
-    src: /dev/vgdata/lv_var_lib_mysql
-    fstype: xfs
-    state: mounted
--- a/roles/mysql/tasks/install.yml
+++ b/roles/mysql/tasks/install.yml
@@ -1,12 +1,7 @@
 ---
 - name: Install the MariaDB packages
  dnf:
-    name: [mariadb-server, python3-pip]
+    name:
+     - mariadb-server
+     - python3-PyMySQL
    state: present
-
- name: "Install python packages"
-  pip:
-    name: "{{ python_packages }}"
-  environment:
-    HTTP_PROXY: "{{ webproxy }}"
-    HTTPS_PROXY: "{{ webproxy }}"
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -1,6 +1,9 @@
 ---
- include_tasks: filesystem.yml
- include_tasks: install.yml
- include_tasks: service.yml
- include_tasks: mysql_user.yml
- include_tasks: mysql_db.yml
+#- include_tasks: install.yml
+#- include_tasks: mysql_config.yml
+#- include_tasks: service.yml
+#- include_tasks: mysql_user.yml
+- include_tasks: mysql_nodes.yml
+#- include_tasks: mysql_db.yml
+#- include_tasks: mysql_slaves.yml
+#- include_tasks: mysql_backup.yml
--- a/roles/mysql/tasks/mysql_backup.yml
+++ b/roles/mysql/tasks/mysql_backup.yml
@@ -0,0 +1,4 @@
+---
+- name: todo backup
+  debug:
+    msg: "todo backup"
--- a/roles/mysql/tasks/mysql_config.yml
+++ b/roles/mysql/tasks/mysql_config.yml
@@ -0,0 +1,4 @@
+---
+- name: todo config
+  debug:
+    msg: "todo config"
--- a/roles/mysql/tasks/mysql_db.yml
+++ b/roles/mysql/tasks/mysql_db.yml
@@ -1,18 +1,14 @@
 ---
- name: Create a database with name 'lavs_alfresco'
+- name: Create databases
  community.mysql.mysql_db:
    check_implicit_admin: yes
-    name: lavs_alfresco
-    state: present
-
- name: Create a database with name 'lavs_zm'
-  community.mysql.mysql_db:
-    check_implicit_admin: yes
-    name: lavs_zm
-    state: present
-
- name: Create a database with name 'lavs_systeem'
-  community.mysql.mysql_db:
-    check_implicit_admin: yes
-    name: lavs_systeem
-    state: present
+    name: "{{ db.name }}"
+    state: "{{ db.state|default('present') }}"
+  loop: "{{ node.db }}"
+  loop_control:
+    loop_var: db
+- name: Create users for db
+  include_tasks: mysql_db_users.yml
+  loop: "{{ node.db }}"
+  loop_control:
+    loop_var: db
--- a/roles/mysql/tasks/mysql_db_users.yml
+++ b/roles/mysql/tasks/mysql_db_users.yml
@@ -0,0 +1,11 @@
+---
+- name: Create users
+  community.mysql.mysql_user:
+    name: "{{ user[0].name }}"
+    password: "{{ user[0].password }}"
+    state: "{{ user[0].state|default(db.state)|default('present') }}"
+    host: "{{ user[1] }}"
+    priv: "{{db.name}}.*:{{ user[0].priv|default('ALL') }}"
+  loop: "{{ db.users|product(db_clients)|list }}"
+  loop_control:
+    loop_var: user
--- a/roles/mysql/tasks/mysql_nodes.yml
+++ b/roles/mysql/tasks/mysql_nodes.yml
@@ -0,0 +1,7 @@
+---
+- name: Loop over nodes to create db
+  include_tasks: mysql_db.yml
+  with_items: "{{ nodes }}"
+  loop_control:
+    loop_var: node
+  when: (ansible_nodename == node.node)
--- a/roles/mysql/tasks/mysql_slaves.yml
+++ b/roles/mysql/tasks/mysql_slaves.yml
@@ -0,0 +1,4 @@
+---
+- name: todo slaves
+  debug:
+    msg: "todo slaves"
--- a/roles/mysql/tasks/mysql_user.yml
+++ b/roles/mysql/tasks/mysql_user.yml
@@ -4,30 +4,26 @@
    name: root
    host: "{{ ansible_fqdn }}"
    state: absent
-
- name: "Create lavs user for {{ ansible_fqdn }}"
+- name: Remove remote root account (::1)
  community.mysql.mysql_user:
-    name: lavs
-    password: "{{ db_lavs_password }}"
-    host: "{{ db_remote_host }}"
-    state: present
-    priv:
-      'lavs_alfresco.*': 'ALL'
-
- name: "Create zm_user user for {{ ansible_fqdn }}"
+    name: root
+    host: ::1
+    state: absent
+- name: Remove remote root account (127.0.0.1)
  community.mysql.mysql_user:
-    name: zm_user
-    password: "{{ db_zm_user_password }}"
-    host: "{{ db_remote_host }}"
-    state: present
-    priv:
-      'lavs_zm.*': 'ALL'
-
- name: "Create lars_user user for {{ ansible_fqdn }}"
+    name: root
+    host: 127.0.0.1
+    state: absent
+- name: Set root password for root@localhost
  community.mysql.mysql_user:
-    name: lars_user
-    password: "{{ db_lars_user_password }}"
-    host: "{{ db_remote_host }}"
+    name: root
+    host: localhost
+    password: "{{ mysql_root_password }}"
    state: present
-    priv:
-      'lavs_systeem.*': 'ALL'
+- name: Create my.cnf
+  ansible.builtin.template:
+    src: my.cnf.j2
+    dest: /root/.my.cnf
+    owner: root
+    group: root
+    mode: 0600
--- a/roles/mysql/templates/my.cnf.j2
+++ b/roles/mysql/templates/my.cnf.j2
@@ -0,0 +1,11 @@
+[client]
+user=root
+password={{ mysql_root_password }}
+
+[mysql]
+user=root
+password={{ mysql_root_password }}
+
+[mariabackup]
+user=root
+password={{ mysql_root_password }}
--- a/roles/mysql/tests/test.yml
+++ b/roles/mysql/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
  remote_user: root
  roles:
-    - dbnode
+    - mysql
--- a/roles/mysql/vars/main.yml
+++ b/roles/mysql/vars/main.yml
@@ -1,2 +1,2 @@
 ---
-python_packages: [pymysql >= 1.0.2]
+# vars file for mysql