-
Notifications
You must be signed in to change notification settings - Fork 1
/
mysql.yml
173 lines (139 loc) · 4.12 KB
/
mysql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
- name: oel 7.5 mysql build
remote_user: ulsprovision
hosts: dbservers
become: yes
tasks:
- name: Include vars of mysqlvars.yml into the 'mysqlvars' variable
include_vars:
file: mysqlvars.yml
name: mysqlvars
#just on servers where we want to host a mysql db
- name: install mariadb-server
yum:
name: mariadb-server
state: present
#depends on mariadbserver
- name: start mariadb
service:
name: mariadb
state: started
#mariadbserver only for the rest of these mysql relevant plays
- name: install MySQL-python for use with ansible mysql module
yum:
name: MySQL-python
state: latest
### mysql_secure_installation
# ulsprovision will log in with blank default password
- name: set password for root@localhost localhost
mysql_user:
user: root
password: "{{ mysqlvars.password }}"
host: localhost
# password is now set
# we'll upload a .my.cnf with the new credentials for future commands
- name: Add mysql root password
vars:
mysqluser: root
mysqlpassword: "{{ mysqlvars.password }}"
template:
src: resources/my.cnf
dest: "/root/.my.cnf"
- name: populate .my.cnf password
lineinfile:
path: /root/.my.cnf
regexp: 'password='
line: "password={{ mysqlvars.password }}"
- name: set password for root@localhost 127.0.0.1
mysql_user:
user: root
password: "{{ mysqlvars.password }}"
host: 127.0.0.1
- name: "set password for root@localhost ::1"
mysql_user:
user: root
password: "{{ mysqlvars.password }}"
host: "::1"
- name: remove anonymous mysql users
mysql_user:
name: ''
host_all: yes
state: absent
- name: remove test database
mysql_db:
name: test
state: absent
- name: disallow root access from remote hosts
command: mysql -uroot -p"{{ mysqlvars.password }}" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
#only mariadbserver
- name: enable mariadb
service:
name: mariadb
enabled: yes
# manage automatic mysqlbackups
- name: Add backup user
user:
name: backup
comment: Mysql Backup
shell: /sbin/nologin
- name: Add mysql backup password
vars:
mysqluser: backup
mysqlpassword: "{{ mysqlvars.backup }}"
template:
src: resources/my.cnf
dest: "/home/backup/.my.cnf"
- name: Add mysql backup directory parent
file:
path: /var/local/backup
state: directory
- name: Add mysql backup directory
file:
path: /var/local/backup/mysql
state: directory
owner: backup
group: backup
- name: set password and access for backup@localhost
mysql_user:
user: backup
password: "{{ mysqlvars.backup }}"
priv: '*.*:SHOW DATABASES,SELECT,LOCK TABLES,SHOW VIEW,EVENT,TRIGGER'
host: localhost
- name: set password and access for [email protected]
mysql_user:
user: backup
password: "{{ mysqlvars.backup }}"
priv: '*.*:SHOW DATABASES,SELECT,LOCK TABLES,SHOW VIEW,EVENT,TRIGGER'
host: 127.0.0.1
- name: "set password and access for backup@::1"
mysql_user:
user: backup
password: "{{ mysqlvars.backup }}"
priv: '*.*:SHOW DATABASES,SELECT,LOCK TABLES,SHOW VIEW,EVENT,TRIGGER'
host: "::1"
- name: Add mysql-backup script
copy:
src: resources/mysql/local-scripts/mysql-backup
dest: /usr/local/bin/mysql-backup
mode: u=rwx,g=rx,o=r
owner: root
group: backup
- name: Cron mysql-backup script
cron:
name: "Backup mysql databases nightly"
job: /usr/local/bin/cronic /usr/local/bin/mysql-backup
user: backup
hour: 0
minute: 30
- name: Add sysdev users to backup group.
user:
name: "{{ item }}"
groups: backup
append: yes
loop:
- rlh52
- ctgraham
- bdgregg
- asw76
- mem375
- chl310
- kmc247