From d95311d92d1802cd6a3b797b5efc959230465b0d Mon Sep 17 00:00:00 2001 From: Blagovest Petrov Date: Mon, 30 May 2016 15:50:56 +0300 Subject: [PATCH] first commit --- README.md | 53 +++++++++++++++++++++++++++++ defaults/main.yml | 3 ++ handlers/main.yml | 3 ++ meta/main.yml | 15 ++++++++ tasks/main.yml | 14 ++++++++ tasks/mysql_secure_installation.yml | 46 +++++++++++++++++++++++++ tasks/ubuntu.yml | 27 +++++++++++++++ templates/my.cnf.j2 | 3 ++ vars/main.yml | 3 ++ 9 files changed, 167 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 tasks/mysql_secure_installation.yml create mode 100644 tasks/ubuntu.yml create mode 100644 templates/my.cnf.j2 create mode 100644 vars/main.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..7bcd07b --- /dev/null +++ b/README.md @@ -0,0 +1,53 @@ +# Ansible Role: MariaDB + +Installs MariaDB + +## Supported platforms + +``` +Ubuntu 16.04 +``` + +## Post install + +Run `mysql_secure_installation` + +## Requirements + +None + +## Role Variables + +MariaDB version: + +``` +mariadb_version: 10.1 +``` + + +### Experimental unattended mysql_secure_installation + +``` +ansible-playbook release.yml --extra-vars "mysql_secure_installation=true mysql_root_password=your_very_secret_password" +``` + +## Dependencies + +None + +## Example Playbook + +``` +- hosts: servers + roles: + - { role: eniac111.mariadb } +``` + +## License + +MIT / BSD + +## Author Information + +Created by [Blagovest Petrov](http://petrovs.info) +Based on the role of [Attila van der Velde](https://github.com/vdvm) diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..609bbbb --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +mysql_secure_installation: false diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..3755d8c --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart mysql + service: name=mysql state=restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..aea2121 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: "Blagovest Petrov" + description: "Installs MariaDB" + company: "Veriosoft" + license: "license (MIT, BSD)" + min_ansible_version: 1.8 + platforms: + - name: Ubuntu + versions: + - xenial + categories: + - database:sql + +dependencies: [] diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..8af66d5 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- include: ubuntu.yml + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '16.04' + +- name: Add configuration + template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 + when: mysql_conf_tpl != 'change_me' + notify: restart mysql + +- name: Start and enable service + service: name=mysql state=started enabled=yes + +- include: mysql_secure_installation.yml + when: mysql_secure_installation and mysql_root_password is defined diff --git a/tasks/mysql_secure_installation.yml b/tasks/mysql_secure_installation.yml new file mode 100644 index 0000000..8df6a99 --- /dev/null +++ b/tasks/mysql_secure_installation.yml @@ -0,0 +1,46 @@ +--- +# Set root password +# UPDATE mysql.user SET Password=PASSWORD('mysecret') WHERE User='root'; +# FLUSH PRIVILEGES; + +- name: Set root Password + mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present + with_items: + - localhost + - 127.0.0.1 + - ::1 + +- name: Reload privilege tables + command: 'mysql -ne "{{ item }}"' + with_items: + - FLUSH PRIVILEGES + changed_when: False + +- name: Add .my.cnf + template: src=my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 + +- name: Remove anonymous users + command: 'mysql -ne "{{ item }}"' + with_items: + - DELETE FROM mysql.user WHERE User='' + changed_when: False + +- name: Disallow root login remotely + command: 'mysql -ne "{{ item }}"' + with_items: + - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1') + changed_when: False + +- name: Remove test database and access to it + command: 'mysql -ne "{{ item }}"' + with_items: + - DROP DATABASE test + - DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%' + changed_when: False + ignore_errors: True + +- name: Reload privilege tables + command: 'mysql -ne "{{ item }}"' + with_items: + - FLUSH PRIVILEGES + changed_when: False diff --git a/tasks/ubuntu.yml b/tasks/ubuntu.yml new file mode 100644 index 0000000..68e5b8b --- /dev/null +++ b/tasks/ubuntu.yml @@ -0,0 +1,27 @@ +--- +- name: Add MariaDB Repository Key + apt_key: + state : 'present' + keyserver: 'keyserver.ubuntu.com' + id : '0xcbcb082a1bb943db' + +- name: Setup MariaDB Repo + apt_repository: + repo: 'deb [arch=amd64,i386] http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.1/ubuntu xenial main' + +- name: Install MariaDB + apt: name=mariadb-server state=latest update_cache=yes + +- name: Update apt cache + apt: update_cache=yes + when: mariadb_list.changed == True or mariadb_key.changed == True + +- name: Install MariaDB + apt: pkg={{ item }} state=present + with_items: + - mariadb-server + - mariadb-client + +- name: Install MySQLdb Python package for secure installations. + apt: pkg=python-mysqldb state=present + when: mysql_secure_installation and mysql_root_password is defined diff --git a/templates/my.cnf.j2 b/templates/my.cnf.j2 new file mode 100644 index 0000000..b63b4e6 --- /dev/null +++ b/templates/my.cnf.j2 @@ -0,0 +1,3 @@ +[client] +user=root +password={{ mysql_root_password }} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..31b8564 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,3 @@ +--- +mysql_conf_dir: + "Ubuntu": /etc/mysql/conf.d