mysql: improve Bullseye compatibility

This commit is contained in:
Jérémy Lecour 2021-09-30 10:13:11 +02:00 committed by Jérémy Lecour
parent 4c52719561
commit 3de5de5304
8 changed files with 147 additions and 41 deletions

View File

@ -34,6 +34,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* listupgrade: crontab is configurable
* logstash: logging to syslog is configurable (default: True)
* mongodb: create munin plugins directory if missing
* mysql: improve Bullseye compatibility
* mysql: script "mysql_connections" to display a compact list of connections
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
* nagios-nrpe + evolinux-users: new checks for bkctld

View File

@ -10,8 +10,15 @@
- include: packages_jessie.yml
when: ansible_distribution_release == "jessie"
## There is nothing to do with users on Debian 11
# - include: users_bullseye.yml
# when: ansible_distribution_release == "bullseye"
- include: users_buster.yml
when: ansible_distribution_release == "buster"
- include: users_stretch.yml
when: ansible_distribution_major_version is version('9', '>=')
when: ansible_distribution_release == "stretch"
- include: users_jessie.yml
when: ansible_distribution_release == "jessie"

View File

@ -10,12 +10,20 @@
- munin
- block:
- name: Install perl libraries for Munin
- name: "Install perl libraries for Munin (Debian < 11)"
apt:
name:
- libdbd-mysql-perl
- libcache-cache-perl
state: present
when: ansible_distribution_major_version is version('11', '<')
- name: "Install perl libraries for Munin (Debian >= 11)"
apt:
name:
- libcache-cache-perl
- libdbd-mariadb-perl
when: ansible_distribution_major_version is version('11', '>=')
- name: Enable core Munin plugins
file:

View File

@ -0,0 +1,96 @@
---
- name: Python dependencies for Ansible are installed
apt:
name:
- python-mysqldb
- python-pymysql
- python3-mysqldb
- python3-pymysql
state: present
tags:
- mysql
- name: create a password for mysqladmin
command: "apg -n 1 -m 16 -M lcN"
register: mysql_admin_password
changed_when: False
check_mode: False
tags:
- mysql
- name: there is a mysqladmin user
mysql_user:
name: mysqladmin
password: '{{ mysql_admin_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/etc/mysql/debian.cnf"
login_user: root
login_unix_socket: /var/run/mysqld/mysqld.sock
register: create_mysqladmin_user
tags:
- mysql
- name: mysqladmin is the default user
ini_file:
dest: /root/.my.cnf
mode: "0600"
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed
tags:
- mysql
- name: create a password for debian-sys-maint
command: "apg -n 1 -m 16 -M lcN"
register: mysql_debian_password
changed_when: False
check_mode: False
tags:
- mysql
- name: there is a debian-sys-maint user
mysql_user:
name: debian-sys-maint
password: '{{ mysql_debian_password.stdout }}'
priv: "*.*:ALL,GRANT"
update_password: on_create
state: present
config_file: "/root/.my.cnf"
register: create_debian_user
tags:
- mysql
- name: store debian-sys-maint user credentials
ini_file:
dest: /etc/mysql/debian.cnf
mode: "0600"
section: "{{ item[0] }}"
option: '{{ item[1].option }}'
value: '{{ item[1].value }}'
create: yes
loop: "{{ _sections | product(_credentials) | list }}"
vars:
_sections: [ 'client', 'mysql_upgrade' ]
_credentials:
- { option: 'user', value: 'debian-sys-maint' }
- { option: 'password', value: '{{ mysql_debian_password.stdout }}' }
when: create_debian_user is changed
tags:
- mysql
- name: root user is absent
mysql_user:
name: root
host_all: yes
config_file: "/root/.my.cnf"
state: absent
tags:
- mysql

View File

@ -5,21 +5,10 @@
msg: "We can't create other users with 'debian-sys-maint' on Debian 8 with MariaDB.\nWe must give it the GRANT privilege before continuing."
when: mysql_variant == "mariadb"
# dependency for mysql_user and mysql_db
- name: python-mysqldb is installed (Ansible dependency)
- name: Python dependencies for Ansible are installed
apt:
name: python-mysqldb
state: present
when: ansible_distribution_major_version is version('10', '<=')
tags:
- mysql
# dependency for mysql_user and mysql_db
- name: python3-mysqldb is installed (Ansible dependency)
apt:
name: python3-mysqldb
state: present
when: ansible_distribution_major_version is version('10', '>')
tags:
- mysql
@ -29,7 +18,7 @@
changed_when: False
check_mode: no
tags:
- mysql
- mysql
- name: there is a mysqladmin user
mysql_user:
@ -41,7 +30,7 @@
config_file: "/etc/mysql/debian.cnf"
register: create_mysqladmin_user
tags:
- mysql
- mysql
- name: mysqladmin is the default user
ini_file:
@ -56,13 +45,13 @@
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed
tags:
- mysql
- mysql
- name: remove root user
- name: root user is absent
mysql_user:
name: root
host_all: yes
config_file: "/root/.my.cnf"
state: absent
tags:
- mysql
- mysql

View File

@ -1,24 +1,11 @@
---
# dependency for mysql_user and mysql_db
- name: python modules is installed (Ansible dependency)
- name: Python dependencies for Ansible are installed
apt:
name:
- python-mysqldb
- python-pymysql
state: present
when: ansible_distribution_major_version is version('10', '<=')
tags:
- mysql
# dependency for mysql_user and mysql_db
- name: python3 modules is installed (Ansible dependency)
apt:
name:
- python3-mysqldb
- python3-pymysql
state: present
when: ansible_distribution_major_version is version('10', '>=')
tags:
- mysql
@ -28,7 +15,7 @@
changed_when: False
check_mode: False
tags:
- mysql
- mysql
- name: there is a mysqladmin user
mysql_user:
@ -38,9 +25,11 @@
update_password: on_create
state: present
config_file: "/etc/mysql/debian.cnf"
login_user: root
login_unix_socket: /var/run/mysqld/mysqld.sock
register: create_mysqladmin_user
tags:
- mysql
- mysql
- name: mysqladmin is the default user
ini_file:
@ -55,8 +44,7 @@
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed
tags:
- mysql
- mysql
- name: create a password for debian-sys-maint
command: "apg -n 1 -m 16 -M lcN"
@ -64,7 +52,7 @@
changed_when: False
check_mode: False
tags:
- mysql
- mysql
- name: there is a debian-sys-maint user
mysql_user:
@ -96,7 +84,7 @@
tags:
- mysql
- name: remove root user
- name: root user is absent
mysql_user:
name: root
host_all: yes

View File

@ -49,17 +49,19 @@
- mariadb-client-10.5
- libconfig-inifiles-perl
- libterm-readkey-perl
- libdbd-mariadb-perl
when: ansible_distribution_major_version is version('11', '>=')
- name: Read debian-sys-maint password
- name: Read debian-sys-maint password (Debian < 11)
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
register: mysql_debian_password
changed_when: False
check_mode: no
tags:
- mysql
when: ansible_distribution_major_version is version('11', '<')
- name: Configure mytop
- name: Configure mytop (Debian < 11)
template:
src: mytop.j2
dest: /root/.mytop
@ -68,6 +70,18 @@
tags:
- mytop
- mysql
when: ansible_distribution_major_version is version('11', '<')
- name: Configure mytop (Debian >= 11)
template:
src: mytop.bullseye.j2
dest: /root/.mytop
mode: "0600"
force: yes
tags:
- mytop
- mysql
when: ansible_distribution_major_version is version('11', '>=')
# mysqltuner

View File

@ -0,0 +1,3 @@
user = root
socket = /var/run/mysqld/mysqld.sock
db = mysql