Repository: bennojoy/mysql Branch: master Commit: 9a8fe58d227f Files: 12 Total size: 10.7 KB Directory structure: gitextract_bn4uk6yi/ ├── README.md ├── defaults/ │ └── main.yml ├── handlers/ │ └── main.yml ├── meta/ │ └── main.yml ├── tasks/ │ └── main.yml ├── templates/ │ ├── .my.cnf.j2 │ ├── my.cnf.Debian.j2 │ ├── my.cnf.RedHat.j2 │ └── mysql.cnf.j2 └── vars/ ├── Debian.yml ├── RedHat.yml └── main.yml ================================================ FILE CONTENTS ================================================ ================================================ FILE: README.md ================================================ MySQL Server ============ This roles helps to install MySQL Server across RHEL and Ubuntu variants. Apart from installing the MySQL Server, it applies basic hardening, like securing the root account with password, and removing test databases. The role can also be used to add databases to the MySQL server and create users in the database. It also supports configuring the databases for replication--both master and slave can be configured via this role. Requirements ------------ This role requires Ansible 1.4 or higher, and platform requirements are listed in the metadata file. Role Variables -------------- The variables that can be passed to this role and a brief description about them are as follows: mysql_port: 3306 # The port for mysql server to listen mysql_bind_address: "0.0.0.0" # The bind address for mysql server mysql_root_db_pass: foobar # The root DB password # A list that has all the databases to be # created and their replication status: mysql_db: - name: foo replicate: yes - name: bar replicate: no # A list of the mysql users to be created # and their password and privileges: mysql_users: - name: benz pass: foobar priv: "*.*:ALL" # If the database is replicated the users # to be used for replication: mysql_repl_user: - name: repl pass: foobar # The role of this server in replication: mysql_repl_role: master # A unique id for the mysql server (used in replication): mysql_db_id: 7 Examples -------- 1) Install MySQL Server and set the root password, but don't create any database or users. - hosts: all roles: - {role: mysql, mysql_root_db_pass: foobar, mysql_db: none, mysql_users: none } 2) Install MySQL Server and create 2 databases and 2 users. - hosts: all roles: - {role: mysql, mysql_db: [{name: benz}, {name: benz2}], mysql_users: [{name: ben3, pass: foobar, priv: "*.*:ALL"}, {name: ben2, pass: foo}] } Note: If users are specified and password/privileges are not specified, then default values are set. 3) Install MySQL Server and create 2 databases and 2 users and configure the database as replication master with one database configured for replication. - hosts: all roles: - {role: mysql, mysql_db: [{name: benz, replicate: yes }, { name: benz2, replicate: no}], mysql_users: [{name: ben3, pass: foobar, priv: "*.*:ALL"}, {name: ben2, pass: foo}], mysql_repl_user: [{name: repl, pass: foobar}] } 4) A fully installed/configured MySQL Server with master and slave replication. - hosts: master roles: - {role: mysql, mysql_db: [{name: benz}, {name: benz2}], mysql_users: [{name: ben3, pass: foobar, priv: "*.*:ALL"}, {name: ben2, pass: foo}], mysql_db_id: 8 } - hosts: slave roles: - {role: mysql, mysql_db: none, mysql_users: none, mysql_repl_role: slave, mysql_repl_master: vm2, mysql_db_id: 9, mysql_repl_user: [{name: repl, pass: foobar}] } Note: When configuring the full replication please make sure the master is configured via this role and the master is available in inventory and facts have been gathered for master. The replication tasks assume the database is new and has no data. Dependencies ------------ None License ------- BSD Author Information ------------------ Benno Joy ================================================ FILE: defaults/main.yml ================================================ --- mysql_port: 3306 mysql_bind_address: "0.0.0.0" mysql_root_db_pass: foobar mysql_db: - name: foo replicate: yes - name: bar replicate: no mysql_users: - name: benz pass: foobar priv: "*.*:ALL" mysql_repl_user: - name: repl pass: foobar mysql_repl_role: master mysql_db_id: 7 mysql_sql_mode: STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION ================================================ FILE: handlers/main.yml ================================================ --- - name: restart mysql service: name={{ mysql_service }} state=restarted ================================================ FILE: meta/main.yml ================================================ --- galaxy_info: author: "Benno Joy" company: AnsibleWorks license: license (BSD) min_ansible_version: 1.4 platforms: - name: EL versions: - 5 - 6 - name: Fedora versions: - 16 - 17 - 18 - name: Ubuntu versions: - precise - quantal - raring - saucy categories: - database:sql dependencies: [] ================================================ FILE: tasks/main.yml ================================================ --- - name: Add the OS specific variables include_vars: "{{ ansible_os_family }}.yml" - name: Install the mysql packages in Redhat derivatives yum: name={{ item }} state=installed with_items: - "{{ mysql_pkgs }}" when: ansible_os_family == 'RedHat' - name: Install the mysql packages in Debian derivatives apt: name={{ item }} state=installed update_cache=yes with_items: - "{{ mysql_pkgs }}" environment: "{{ env }}" when: ansible_os_family == 'Debian' - name: Copy the my.cnf file template: src=my.cnf.{{ ansible_os_family }}.j2 dest={{ mysql_conf_dir }}/my.cnf notify: - restart mysql - name: Create the directory /etc/mysql/conf.d file: path=/etc/mysql/conf.d state=directory notify: - restart mysql - name: Deploy mysql config to conf.d template: src=mysql.cnf.j2 dest=/etc/mysql/conf.d/mysql.cnf notify: - restart mysql - name: Start the mysql services service: name={{ mysql_service }} state=started enabled=yes - name: update mysql root password for all root accounts mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass }} with_items: - "{{ ansible_hostname }}" - 127.0.0.1 - ::1 - localhost when: ansible_hostname != 'localhost' - name: update mysql root password for all root accounts mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass }} with_items: - 127.0.0.1 - ::1 - localhost when: ansible_hostname == 'localhost' - name: copy .my.cnf file with root password credentials template: src=.my.cnf.j2 dest=~/.my.cnf mode=0600 - name: ensure anonymous users are not in the database mysql_user: name='' host={{ item }} state=absent with_items: - localhost - "{{ ansible_hostname }}" - name: remove the test database mysql_db: name=test state=absent - name: Create the database's mysql_db: name={{ item.name }} state=present with_items: - "{{ mysql_db }}" when: mysql_db|lower() != 'none' - name: Create the database users mysql_user: name={{ item.name }} password={{ item.pass|default("foobar") }} priv={{ item.priv|default("*.*:ALL") }} state=present host={{ item.host | default("localhost") }} with_items: - "{{ mysql_users }}" when: mysql_users|lower() != 'none' - name: Create the replication users mysql_user: name={{ item.name }} host="%" password={{ item.pass|default("foobar") }} priv="*.*:REPLICATION SLAVE" state=present with_items: - "{{ mysql_repl_user }}" when: mysql_repl_role == 'master' - name: Check if slave is already configured for replication mysql_replication: mode=getslave ignore_errors: true register: slave when: mysql_repl_role == 'slave' - name: Ensure the hostname entry for master is available for the client. lineinfile: dest=/etc/hosts regexp="{{ mysql_repl_master }}" line="{{ hostvars[mysql_repl_master].ansible_default_ipv4.address + " " + mysql_repl_master }}" state=present when: slave|failed and mysql_repl_role == 'slave' and mysql_repl_master is defined - name: Get the current master servers replication status mysql_replication: mode=getmaster delegate_to: "{{ mysql_repl_master }}" register: repl_stat when: slave|failed and mysql_repl_role == 'slave' and mysql_repl_master is defined - name: Change the master in slave to start the replication mysql_replication: mode=changemaster master_host={{ mysql_repl_master }} master_log_file={{ repl_stat.File }} master_log_pos={{ repl_stat.Position }} master_user={{ mysql_repl_user[0].name }} master_password={{ mysql_repl_user[0].pass }} when: slave|failed and mysql_repl_role == 'slave' and mysql_repl_master is defined ================================================ FILE: templates/.my.cnf.j2 ================================================ [client] user=root password={{ mysql_root_db_pass }} ================================================ FILE: templates/my.cnf.Debian.j2 ================================================ # # The MySQL database server configuration file. # [client] port = {{ mysql_port }} socket = /var/run/mysqld/mysqld.sock # This was formally known as [safe_mysqld]. Both versions are currently parsed. [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = {{ mysql_port }} basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking bind-address = {{ mysql_bind_address }} #key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 query_cache_limit = 1M query_cache_size = 16M log_error = /var/log/mysql/error.log server-id = {{ mysql_db_id }} {% if mysql_repl_role == 'master' %} log_bin = mysql-bin expire_logs_days = 10 max_binlog_size = 100M {% if mysql_db is iterable and mysql_db is not string %} {% for i in mysql_db %} {% if i.replicate|default(1) %} binlog_do_db = {{ i.name }} {% endif %} {% endfor %} {% for i in mysql_db %} {% if not i.replicate|default(1) %} binlog_ignore_db = {{ i.name }} {% endif %} {% endfor %} {% endif %} {% endif %} !includedir /etc/mysql/conf.d/ ================================================ FILE: templates/my.cnf.RedHat.j2 ================================================ [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 port={{ mysql_port }} bind-address={{ mysql_bind_address }} server-id = {{ mysql_db_id }} {% if mysql_repl_role == 'master' %} log_bin = mysql-bin expire_logs_days = 10 max_binlog_size = 100M {% for i in mysql_db %} {% if i.replicate|default(1) %} binlog_do_db = {{ i.name }} {% endif %} {% endfor %} {% for i in mysql_db %} {% if not i.replicate|default(1) %} binlog_ignore_db = {{ i.name }} {% endif %} {% endfor %} {% endif %} [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid !includedir /etc/mysql/conf.d/ ================================================ FILE: templates/mysql.cnf.j2 ================================================ [mysqld] sql_mode={{ mysql_sql_mode }} ================================================ FILE: vars/Debian.yml ================================================ --- mysql_pkgs: - python-selinux - mysql-server - python-mysqldb mysql_service: mysql mysql_conf_dir: "/etc/mysql/" ================================================ FILE: vars/RedHat.yml ================================================ --- mysql_pkgs: - libselinux-python - mysql-server - MySQL-python mysql_service: mysqld mysql_conf_dir: "/etc/" ================================================ FILE: vars/main.yml ================================================ --- env: RUNLEVEL: 1