Permalink
Browse files

Added 'mysql' role

This role sets up mysql service. Several variables in defaults/main.yml allow for customization of mysqld options, there's also support for random root passwords using lookup function if "$secret" variable is defined in playbook or inventory.
  • Loading branch information...
drybjed committed Oct 11, 2013
1 parent 1b2401a commit d53b9ce1c340ee621c349027938980c10e16f56f
@@ -0,0 +1,10 @@
---

- name: MySQL support
hosts: aiua_mysql
sudo: yes
tags: mysql

roles:
- { role: mysql }

@@ -0,0 +1,29 @@
---

mysql_utf8: True

# If 'secret' variable is undefined, this variable will be used to set password
mysql_root_password: 'password'

mysql_backup_mailaddr: 'root'
mysql_backup_doweekly: 6
mysql_backup_latest: 'no'

mysql_mysqld_bind_address: '127.0.0.1'
mysql_mysqld_port: 3306
mysql_mysqld_max_connections: 100

# Use this variable to set additional mysqld options
#mysql_mysqld_options:
# key_buffer: '16M'
# skip-name-resolve:

# This is a list of networks allowed to connect to mysqld from remote hosts
# It will be applied in firewall (ferm) and /etc/hosts.allow (tcpwrappers)
# Also you need to set mysql_mysqld_bind_address to 0.0.0.0
#mysql_network_allow_list:
# - '10.0.0.0/8'
# - '172.16.0.0/12'
# - '192.168.0.0/16'


@@ -0,0 +1,8 @@
---

- name: Restart mysql
service: name=mysql state=restarted

- name: Reload mysql
service: name=mysql state=reloaded

@@ -0,0 +1,6 @@
---

dependencies:
- { role: ferm }
- { role: tcpwrappers }

@@ -0,0 +1,111 @@
---

- name: MYSQL | Install MySQL-related packages
apt: pkg={{ item }} state=latest install_recommends=no
with_items:
- python-mysqldb
- mysql-server
- automysqlbackup
tags:
- mysql
- packages

- name: MYSQL | Apply mysqld configuration
template: src=etc/mysql/conf.d/mysqld.cnf.j2 dest=/etc/mysql/conf.d/mysqld.cnf owner=root group=root mode=0644
notify:
- Reload mysql
tags:
- mysql

- name: MYSQL | Apply client configuration
template: src=etc/mysql/conf.d/client.cnf.j2 dest=/etc/mysql/conf.d/client.cnf owner=root group=root mode=0644
notify:
- Reload mysql
tags:
- mysql

- name: MYSQL | Start the MySQL service
service: name=mysql state=started
tags:
- mysql

- name: MYSQL | Lookup mysql root password if $secret is defined
set_fact:
mysql_root_password: "{{ lookup('password', secret + '/credentials/' + ansible_fqdn + '/mysql/root/password length=15') }}"
when: secret is defined
tags:
- mysql
- secret

- name: MYSQL | Update mysql root password for all root accounts
mysql_user: name=root host={{ item }} password={{ mysql_root_password }}
with_items:
- '{{ ansible_hostname }}'
- 127.0.0.1
- ::1
- localhost
tags:
- mysql
- secret

- name: MYSQL | Copy .my.cnf file with root password credentials
template: src=root/my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600
tags:
- mysql
- secret

- name: MYSQL | Delete anonymous users
mysql_user: user="" host={{ item }} state=absent
with_items:
- '{{ ansible_hostname }}'
- 'localhost'
tags:
- mysql

- name: MYSQL | Remove the test database
mysql_db: db=test state=absent
tags:
- mysql

- name: MYSQL | Setup automysqlbackup configuration
template: src=etc/default/automysqlbackup.j2 dest=/etc/default/automysqlbackup owner=root group=root mode=0644
tags:
- mysql

- name: MYSQL | Enable network access in firewall
template: src=etc/ferm/ferm.d/mysql.conf.j2 dest=/etc/ferm/ferm.d/mysql.conf owner=root group=root mode=0644
when: mysql_network_allow_list is defined and mysql_network_allow_list is not none
notify:
- Restart ferm
tags:
- mysql
- firewall

- name: MYSQL | Disable network access in firewall
file: path=/etc/ferm/ferm.d/mysql.conf state=absent
when: mysql_network_allow_list is not defined
notify:
- Restart ferm
tags:
- mysql
- firewall

- name: MYSQL | Enable network access in tcpwrappers
template: src=etc/hosts.allow.d/50_mysql.j2 dest=/etc/hosts.allow.d/50_mysql owner=root group=root mode=0644
when: mysql_network_allow_list is defined and mysql_network_allow_list is not none
notify:
- Assemble hosts.allow.d
tags:
- mysql
- tcpwrappers

- name: MYSQL | Disable network access in tcpwrappers
file: path=/etc/hosts.allow.d/50_mysql state=absent
when: mysql_network_allow_list is not defined
notify:
- Assemble hosts.allow.d
tags:
- mysql
- tcpwrappers


@@ -0,0 +1,96 @@
# {{ ansible_managed }}

# By default, the Debian version of automysqlbackup will use:
# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.

# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`

# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`

# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost

# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r\\\n ,\ `

# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"

# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"

# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"

# Email Address to send mail to? (user@domain.com)
MAILADDR="{{ mysql_backup_mailaddr }}"

# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================

# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"

# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""

# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes

# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes

# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY={{ mysql_backup_doweekly }}

# Choose Compression type. (gzip or bzip2)
COMP=gzip

# Compress communications between backup server and MySQL server?
COMMCOMP=no

# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST={{ mysql_backup_latest }}

# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=

# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=

# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"

# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"

# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes


@@ -0,0 +1,14 @@
# iptables ferm firewall - mysql access
# {{ ansible_managed }}

table filter {
chain INPUT {
protocol tcp dport {{ mysql_mysqld_port }} {
{% for network in mysql_network_allow_list %}
saddr {{ network }} ACCEPT;
{% endfor %}
}
}
}


@@ -0,0 +1,6 @@
# Allow mysqld connections
{% for network in mysql_network_allow_list %}
mysqld: {{ network }}
{% endfor %}


@@ -0,0 +1,9 @@
# {{ ansible_managed }}

[client]

{% if mysql_utf8 is defined and mysql_utf8 == True %}
default-character-set = utf8
{% endif %}


@@ -0,0 +1,20 @@
# {{ ansible_managed }}

[mysqld]
bind-address = {{ mysql_mysqld_bind_address }}
port = {{ mysql_mysqld_port }}
max-connections = {{ mysql_mysqld_max_connections }}

{% if mysql_utf8 is defined and mysql_utf8 == True %}
character-set-server = utf8
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'

{% endif %}
{% if mysql_mysqld_options is defined and mysql_mysqld_options is not none %}
{% for key, value in mysql_mysqld_options.iteritems() %}
{{ key }}{% if value is not none %} = {{ value }}{% endif %}

{% endfor %}

{% endif %}
@@ -0,0 +1,7 @@
# {{ ansible_managed }}

[client]
user=root
password={{ mysql_root_password }}


@@ -3,5 +3,6 @@
- include: playbooks/common.yml
- include: playbooks/kvm.yml
- include: playbooks/lxc.yml
- include: playbooks/mysql.yml


0 comments on commit d53b9ce

Please sign in to comment.