Description and basic usage
This role allows to install and configure the MySQL on your server
This role is used by appending it to your ansible playbook :
- hosts : databases
roles:
- { role: mariadb-server }
Additionally this role can init databases and user associated to them and manage data into these databases.
Documentation
Available variables
Variable | Default value | Description |
---|---|---|
use_satellite_repo |
false | Use official internet repository to install package of this role. In case host have no internet access and package must be install from a local satellite, set this option to true . Repository must be previously declare in satellite and VM must be register to it before deploy this role. |
Configuration variables have been splitted in two categories :
-
Dangerous settings : Variables that can only be set while installing the server for the first time. Changing them is considered as dangerous since it requires to drop all the databases and reimporting them from a previous dump.
-
Dynamic settings : Variables that can be changed with a simple MySQL server restart.
These settings have default values that should be tuned specifically project by project and environment by environment. It should mainly be considered as an inventory variables that are important to care about and an easier way to update it.
Install time settings (a.k.a dangerous settings)
Variable | Default value | MySQL variable |
---|---|---|
mysql_config_innodb_file_per_table |
1 | innodb_file_per_table |
mysql_config_innodb_log_file_size |
32M | innodb_log_file_size |
mysql_config_innodb_log_buffer_size |
4M | innodb_log_buffer_size |
mysql_config_innodb_data_file_path |
"ibdata1:256M:autoextend" | innodb_data_file_path |
mysql_config_innodb_autoextend_increment |
64 | innodb_autoextend_increment |
All the variables are set into the /etc/mysql/conf.d/01-dangerous-settings.cnf
file.
Other settings (a.k.a dynamic settings)
Variable | Default value | MySQL variable |
---|---|---|
mysql_data_dir |
/var/lib/mysql | MySQL data directory |
mysql_default_backup_dir |
/var/backup/mysql | Default backup directory used by backup scripts |
mysql_force_remove_backup_dir |
False | Remove backup dir |
mysql_backup_dir |
{{ mysql_default_backup_dir }} | backup directory used by backup scripts |
mysql_config_max_connections |
500 | max-connections |
mysql_config_bind_address |
0.0.0.0 | bind-address |
mysql_config_bind_port |
3306 | port |
mysql_config_skip_name_resolve |
1 | skip-name-resolve |
mysql_config_key_buffer_size |
64M | key_buffer_size |
mysql_config_max_allowed_packet |
16M | max_allowed_packet |
mysql_config_thread_stack |
192K | thread_stack |
mysql_config_thread_cache_size |
0 | thread_cache_size |
mysql_config_query_cache_type |
1 | query_cache_type |
mysql_config_query_cache_limit |
1M | query_cache_limit |
mysql_config_query_cache_size |
32MB | query_cache_size |
mysql_config_innodb_buffer_pool_size_prct |
0.7 | innodb_buffer_pool_size percent of server memory |
mysql_config_innodb_buffer_pool_size |
2G | innodb_buffer_pool_size |
mysql_config_innodb_additional_mem_pool_size |
4M | innodb_additional_mem_pool_size |
mysql_config_innodb_flush_log_at_trx_commit |
1 | innodb_flush_log_at_trx_commit |
mysql_config_slow_query_log |
1 | slow_query_log |
mysql_config_slow_query_log_file |
/var/log/mysql/mysql-slow.log | slow_query_log_file |
mysql_config_slow_long_query_time |
2 | slow_long_query_time |
mysql_config_log_bin |
mysql_data_dir /mysql-bin.log |
log_bin |
mysql_config_binlog_format |
ROW | binlog_format |
mysql_config_expire_logs_days |
8 | expire_logs_days |
manage_by_cluster |
False | Variable set to true if service state must be managed by a cluster solution (like PCS) |
In the end there is a little set of variables that are related to the role itself :
Variable` | Default value | Description |
---|---|---|
mysql_version |
10.1 | MySQL version to install depending to selected flavor. |
mysql_flavor |
mysql | The brand of MySQL server to install. Supported values : mysql , percona |
mysql_packages |
mysql-server, python-mysqldb | List of the packages installed by the role. Can be used to changed the MySQL flavour installed (MariaDB, Percona, ...) if you have set up additional repositories. |
mysql_root_password |
auto generated |
The root password of the database. It should be set environment by environment. A passwordless login to the dabatase is installed by the role for the root user of the server using this (into the /root/.my.cnf file). |
mysql_config_use_binlog |
True | Set this variable if you intend to use binary logging. By default, binary logging will be enabled. |
Nagios monitoring
Enable remote nagios monitoring
Variable` | Default value | Description |
---|---|---|
monitoring_nagios_enable |
false | Define if monitoring should be enabled for MariaDB |
monitoring_nagios_server_fqdn |
% | Defines the remote monitoring server |
monitoring_nagios_db_user |
nagios | Define the user for monitoring db... define here or globally in group_vars/all/accounts |
monitoring_nagios_db_pass |
changeme | Define the password for monitoring db... define here or globally in group_vars/all/accounts |
PMM monitoring
Create user and set specific MySQL configuration to enable innodb stats and performance schema
Variable` | Default value | Description |
---|---|---|
monitoring_pmm_enable |
false | Define if monitoring should be enabled for PMM |
monitoring_pmm_db_user |
pmm | Define the user name for monitoring db... define here or globally in group_vars/all/accounts |
monitoring_pmm_db_pass |
changeme | Define the user password for monitoring db... define here or globally in group_vars/all/accounts |
Database management
This role allow you to create database and users allowed to connect to them.
You can redeploy only admin script with a var: deploy_scripts_only
Variable` | Default value | Description |
---|---|---|
deploy_scripts_only |
True | Deploy scripts only |
Example:
---
- name: Deploy mariadb admin scripts
hosts: mariadb
roles:
- role: mariadb-server
deploy_scripts_only: True
Creating databases and users
Creating databases and an user allowed to connect to it can be done by filling the mysql_databases dictionary into your inventory or into var files of your playbook :
mysql_databases:
magento:
db_name : magento
collation: utf8_unicode_ci
encoding: utf8
user: magento
password: changethepassword
another_db:
db_name : drupal
collation: utf8_unicode_ci
encoding: utf8
user: drupal
password: changethepassword
mysql_users:
- name: superadmin
password: changethepassword
priv: '*.*:ALL,GRANT'
state: present
- name: superdatabaseadmin
password: changethepassword
priv: 'database.*:ALL,GRANT'
state: present
Available settings are those listed above. Note that encoding and collation are optional and their respective default values are utf8
and utf8_unicode_ci
.
You can note that the key foreach database is different from the database name. It is very important since you can then obtain the database name into your playbook by using :
{{hostvars.dbserver.mysql_databases.first_database.db_name}}}
It allows you to have different name by environment without changing playbook using the databases.
Note :
The host part of the user is not fine grained. You should think it just like an equivalent of running a GRANT command in MySQL with 'user'@'%'
.
While this is not fixed you have to consider additional security policies like firewalling (in fact you should even with it will be fixed !!!).
Init and update database with data
When bootstrapping a new environment you may will to have a database dump deployed automatically on it. This role allow you to get this achieved it by downloading a dump from a remote ssh server and getting it imported into the newly created database. Using this feature require you to declare a sync_source
entry into the database setting :
mysql_databases:
first_database:
db_name : magento
collation: utf8_unicode_ci
encoding: utf8
user: magento
password: changethepassword
sync_source:
host: boass.lab.lan # Host the dump is located on
user: remote_user # User used on the remote server
path: /home/remote_user/db_name # Path where to find the dump on the remote host
file: magento_current.sql # Dump file name on the remote host
The sync_source
can also be the ansible client itself :
sync_source:
src: ../data/magento_current.sql # Source file on the Ansible machine
file: magento_current.sql # Destination filename on the remote server
Or an arbitrary URL (download will be done from the server)
sync_source:
url: http://myserver.eqx/dumps/magento_current.tgz # Source file on the Ansible machine
file: magento_current.sql # Destination filename on the remote server
The dump are downloaded into the /data/dump/db_name
directory.
On the other side, environment data need to be periodically updated. One part of this data are located into MySQL databases. By default the dump is fetched from remotes and imported only for newly created databases. You can force it to be imported by adding an additional variable allow_update_data
in your playbook execution command :
ansible-playbook myplaybook.yml --extras_vars "allow_update_data=1"
As a result the target database is dropped and a new one is created containing all the data. For some reason (e.g. avoiding an human error erasing all production data) you may want to forbid this to be executed on some environment. You can do this by appending the forbid_update_data
into the hostvars of this environment (e.g. in inventory/prod/group_vars/all
):
forbid_update_data: 1
The variable forbid_update_data
has always precedence on allow_update_data
. The only way to override it is to pass both variables to your playbook execution :
ansible-playbook myplaybook.yml --extras_vars "allow_update_data=1 forbid_update_data=0"
Notes :
-
Using this feature require you to be allowed to access the sync server in SSH. Your private key have to be present on the sync server.
-
This feature will be completed by an additional layer providing a pluggable mechanism of anonymization of the data very soon.
Available tags
Following are available tags :
-
install : Run everything. Only present since some playbook uses it.
-
script : déploie les scripts d'administration
-
config : déploie la configuration standard du role
-
monitoring : configure la partie monitoring du role (création d'un user de supervision dans une base par exemple, ajout de la conf server-status sous apache, etc.)
-
update_config : Update every configuration that are not marked as dangerous. Database users are also modified using this tag.
-
update_data : Only play the databases creation part of the role. Use this with 'allow_update_data=1` to refresh data.
Available handlers
This role provides an handler which restart MySQL. You can use it in your own task through :
- hosts : db-servers
tasks:
- name: "Useless task that will restart MySQL on changed"
debug: msg="My super dumb task"
notify: "Restart MySQL"
roles:
- { role: mariadb-server }
Testing
Install molecule and docker
sudo pip2 install molecule docker
For docker just follow the official doc
https://docs.docker.com/engine/installation/#supported-platforms
Launch the test with this command.
molecule verify # lint role
molecule check # dry run
molecule test # launch test from scracth
# You can relaunch test after with existing instances
ansible-playbook playbook
Docs on testing: https://molecule.readthedocs.io
License
BSD
Author Information
- ASSOGBA Boris borisassogba@live.fr