Use modern configuration

- Debian buster configuration style
- Drop logrotate management (useless)
- Add new default values in defaults/main.yml (according with MariaDB
doc)
- Travis with Ansible 2.8+

.travis.yml

@@ -1,12 +1,12 @@
 env:
-  - PLATFORM='docker-buster-default-master'     ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-buster-upstream-master'    ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-buster-default-galera-1'   ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-buster-upstream-galera-1'  ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-buster-default-master'     ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-buster-upstream-master'    ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-buster-default-galera-1'   ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-buster-upstream-galera-1'  ANSIBLE_VERSION='ansible>=2.7,<2.8'
+  - PLATFORM='docker-buster-default-master'     ANSIBLE_VERSION='ansible>=2.8,<2.9'
+  - PLATFORM='docker-buster-upstream-master'    ANSIBLE_VERSION='ansible>=2.8,<2.9'
+  - PLATFORM='docker-buster-default-galera-1'   ANSIBLE_VERSION='ansible>=2.8,<2.9'
+  - PLATFORM='docker-buster-upstream-galera-1'  ANSIBLE_VERSION='ansible>=2.8,<2.9'
+  - PLATFORM='docker-buster-default-master'     ANSIBLE_VERSION='ansible>=2.9,<2.10'
+  - PLATFORM='docker-buster-upstream-master'    ANSIBLE_VERSION='ansible>=2.9,<2.10'
+  - PLATFORM='docker-buster-default-galera-1'   ANSIBLE_VERSION='ansible>=2.9,<2.10'
+  - PLATFORM='docker-buster-upstream-galera-1'  ANSIBLE_VERSION='ansible>=2.9,<2.10'
 
 sudo: required
 

defaults/main.yml

@@ -7,21 +7,17 @@ mariadb_origin: 'default'
 mariadb_use_galera: false
 mariadb_notify_restart: true
 mariadb_upstream_apt_src: false
-mariadb_manage_logrotate: true
 
 # -------------------------------------
 # Configuration
 # -------------------------------------
 
-# MariaDB configuration template
-mariadb_config_template: 'etc/mysql/my.cnf.j2'
-
 # MariaDB connection settings.
 mariadb_port: "3306"
 mariadb_bind_address: '127.0.0.1'
 mariadb_datadir: '/var/lib/mysql'
-mariadb_pid_file: '/var/run/mysqld/mysqld.pid'
-mariadb_socket: '/var/run/mysqld/mysqld.sock'
+mariadb_pid_file: '/run/mysqld/mysqld.pid'
+mariadb_socket: '/run/mysqld/mysqld.sock'
 
 # Slow query log settings.
 mariadb_slow_query_log_enabled: false
@@ -29,37 +25,38 @@ mariadb_slow_query_log_file: '/var/log/mysql/mysql_slow.log'
 mariadb_slow_query_time: 2
 
 # Memory settings (default values optimized ~512MB RAM).
+# Fine Tuning
 mariadb_key_buffer_size: '256M'
 mariadb_max_allowed_packet: '64M'
-mariadb_table_open_cache: '256'
-mariadb_sort_buffer_size: '1M'
+mariadb_max_connections: 100
+mariadb_thread_concurrency: "{{ ansible_processor_cores * 2 }}"
+
+
+mariadb_table_open_cache: '2000'
+mariadb_sort_buffer_size: '2M'
 mariadb_read_buffer_size: '1M'
-mariadb_read_rnd_buffer_size: '4M'
-mariadb_myisam_sort_buffer_size: '64M'
-mariadb_thread_cache_size: '8'
+mariadb_read_rnd_buffer_size: '2M'
+mariadb_myisam_sort_buffer_size: '128M'
+mariadb_thread_cache_size: '256'
 mariadb_query_cache_size: '16M'
 
 # Other settings.
 mariadb_wait_timeout: 28800
 
-# Try number of CPU's * 2 for thread_concurrency.
-mariadb_thread_concurrency: "{{ ansible_processor_cores * 2 }}"
-
 # InnoDB settings.
-mariadb_innodb_file_per_table: '1'
 mariadb_innodb_buffer_pool_size: "{{ (ansible_memtotal_mb * 0.2) | round | int }}M"
 mariadb_innodb_log_file_size: "64M" # If this setting changes on a running system, you will break it! http://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html
 mariadb_innodb_log_buffer_size: '8M'
 mariadb_innodb_flush_log_at_trx_commit: '1'
 mariadb_innodb_lock_wait_timeout: 50
 
-# mysqldump settings.
-mariadb_mysqldump_max_allowed_packet: '64M'
-
 # Logging settings.
 mariadb_log_error: '/var/log/mysql/mysql_error.log'
 mariadb_syslog_tag: 'mysql'
 
+# mysqldump settings.
+mariadb_mysqldump_max_allowed_packet: '64M'
+
 # -------------------------------------
 # Extra configuration
 # -------------------------------------

tasks/galera/main.yml

@@ -2,8 +2,8 @@
 
 - name: TEMPLATE | Deploy Galera configuration
   template:
-    src: etc/mysql/conf.d/09-galera.cnf.j2
-    dest: /etc/mysql/conf.d/09-galera.cnf
+    src: etc/mysql/mariadb.conf.d/20-galera.cnf.j2
+    dest: /etc/mysql/mariadb.conf.d/20-galera.cnf
   register: galeraconfig
 
 - name: INCLUDE | Bootstrap first node

tasks/main.yml

@@ -12,24 +12,25 @@
 - name: INCLUDE | Install
   import_tasks: install/main.yml
 
-- name: TEMPLATE | Deploy configuration
+- name: TEMPLATE | Deploy config files
   template:
-    src: "{{ mariadb_config_template }}"
-    dest: /etc/mysql/my.cnf
+    src: "{{ item }}"
+    dest: "/{{ item | replace('.j2', '') }}"
+  loop:
+    - etc/mysql/my.cnf
+    - etc/mysql/conf.d/mysqldump.cnf.j2
+    - etc/mysql/mariadb.conf.d/10-extra.cnf.j2
+    - etc/mysql/mariadb.conf.d/50-client.cnf.j2
+    - etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf.j2
+    - etc/mysql/mariadb.conf.d/50-server.cnf.j2
   register: config
 
-- name: TEMPLATE | Deploy extra configuration
-  template:
-    src: etc/mysql/conf.d/10-extra.cnf.j2
-    dest: /etc/mysql/conf.d/10-extra.cnf
-  register: extraconfig
-
 - name: SERVICE | Restart now (prevent bugs)
   service:
     name: mysql
     state: restarted
   when:
-    (config.changed or extraconfig.changed) and
+    config.changed and
     not mariadb_galera_resetup
 
 - name: INCLUDE | Galera
@@ -63,9 +64,3 @@
     host_all: "{{ item.host_all | default(omit) }}"
     state: present
   loop: "{{ mariadb_users }}"
-
-- name: TEMPLATE | Deploy logrotate configuration
-  template:
-    src: "etc/logrotate.d/mysql-server.j2"
-    dest: "/etc/logrotate.d/mysql-server"
-  when: mariadb_manage_logrotate | bool

tasks/replication/master.yml

@@ -2,6 +2,6 @@
 
 - name: TEMPLATE | Deploy master configuration
   template:
-    src: etc/mysql/conf.d/50-master.cnf.j2
-    dest: /etc/mysql/conf.d/50-master.cnf
+    src: etc/mysql/mariadb.conf.d/50-master.cnf.j2
+    dest: /etc/mysql/mariadb.conf.d/50-master.cnf
   notify: restart mariadb

tasks/replication/slave.yml

@@ -8,8 +8,8 @@
 
 - name: TEMPLATE | Deploy slave configuration
   template:
-    src: etc/mysql/conf.d/51-slave.cnf.j2
-    dest: /etc/mysql/conf.d/51-slave.cnf
+    src: etc/mysql/mariadb.conf.d/40-slave.cnf.j2
+    dest: /etc/mysql/mariadb.conf.d/40-slave.cnf
   notify: restart mariadb
 
 - name: MYSQL_REPLICATION | Get slave status

templates/etc/mysql/conf.d/mysqldump.cnf.j2

@@ -0,0 +1,4 @@
+[mysqldump]
+quick
+quote-names
+max_allowed_packet	= {{ mariadb_mysqldump_max_allowed_packet }} 

templates/etc/mysql/mariadb.conf.d/20-galera.cnf.j2

@@ -29,6 +29,3 @@ binlog_format=ROW
 default_storage_engine=InnoDB
 innodb_autoinc_lock_mode=2
 innodb_doublewrite=1
-{% if mariadb_version == '10.0'%}
-query_cache_size=0
-{% endif %}

templates/etc/mysql/mariadb.conf.d/40-master.cnf.j2

@@ -2,7 +2,6 @@
 # {{ ansible_managed }}
 #
 
-#
 # Replication master
 
 [mysqld]

templates/etc/mysql/mariadb.conf.d/50-client.cnf.j2

@@ -0,0 +1,29 @@
+#
+# {{ ansible_managed }}
+#
+
+#
+# This group is read by the client library
+# Use it for options that affect all clients, but not the server
+#
+
+[client]
+# Default is Latin1, if you need UTF-8 set this (also in server section)
+default-character-set = utf8mb4
+
+# socket location
+socket = {{ mariadb_socket }}
+
+# Example of client certificate usage
+# ssl-cert=/etc/mysql/client-cert.pem
+# ssl-key=/etc/mysql/client-key.pem
+#
+# Allow only TLS encrypted connections
+# ssl-verify-server-cert=on
+
+# This group is *never* read by mysql client library, though this
+# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL
+# client anyway.
+# If you use the same .cnf file for MySQL and MariaDB,
+# use it for MariaDB-only client options
+[client-mariadb]

templates/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf.j2

@@ -0,0 +1,34 @@
+#
+# {{ ansible_managed }}
+#
+
+# NOTE: This file is read only by the traditional SysV init script, not systemd.
+# MariaDB systemd does _not_ utilize mysqld_safe nor read this file.
+#
+# For similar behaviour, systemd users should create the following file:
+# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
+#
+# To achieve the same result as the default 50-mysqld_safe.cnf, please create
+# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
+# with the following contents:
+#
+# [Service]
+# User=mysql
+# StandardOutput=syslog
+# StandardError=syslog
+# SyslogFacility=daemon
+# SyslogLevel=err
+# SyslogIdentifier=mysqld
+#
+# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/
+#
+
+[mysqld_safe]
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# especially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+socket		= {{ mariadb_socket }}
+nice		= 0
+skip_log_error
+syslog

templates/etc/mysql/mariadb.conf.d/50-server.cnf.j2

@@ -0,0 +1,163 @@
+#
+# {{ ansible_managed }}
+#
+
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+#
+# See the examples of server my.cnf files in /usr/share/mysql
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+
+#
+# * Basic Settings
+#
+user                    = mysql
+pid-file                = {{ mariadb_pid_file }}
+socket                  = {{ mariadb_socket }}
+port                    = {{ mariadb_port }}
+basedir                 = /usr
+datadir                 = {{ mariadb_datadir }}
+tmpdir                  = /tmp
+lc-messages-dir         = /usr/share/mysql
+#skip-external-locking
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = {{ mariadb_bind_address }}
+
+#
+# * Fine Tuning
+#
+key_buffer_size         = {{ mariadb_key_buffer_size }}
+max_allowed_packet      = {{ mariadb_max_allowed_packet }}
+#thread_stack           = 192K
+thread_cache_size       = {{ mariadb_thread_cache_size }}
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+#myisam_recover_options = BACKUP
+max_connections         = {{ mariadb_max_connections }}
+#table_cache            = 64
+thread_concurrency      = {{ mariadb_thread_concurrency }}
+
+# Other tuning setting
+table_open_cache        = {{ mariadb_table_open_cache }}
+sort_buffer_size        = {{ mariadb_sort_buffer_size }}
+read_buffer_size        = {{ mariadb_read_buffer_size }}
+read_rnd_buffer_size    = {{ mariadb_read_rnd_buffer_size }}
+myisam_sort_buffer_size = {{ mariadb_myisam_sort_buffer_size }}
+
+#
+# * Query Cache Configuration
+#
+query_cache_size        = {{ mariadb_query_cache_size }}
+
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# As of 5.1 you can enable the log at runtime!
+#general_log_file       = /var/log/mysql/mysql.log
+#general_log            = 1
+#
+# Error log - should be very few entries.
+#
+{% if mariadb_log_error == 'syslog' %}
+syslog
+syslog-tag = {{ mariadb_syslog_tag }}
+{% else %}
+log-error = {{ mariadb_log_error }}
+{% endif %}
+
+#
+# Enable the slow query log to see queries with especially long duration
+#slow_query_log_file    = /var/log/mysql/mariadb-slow.log
+#long_query_time        = 10
+#log_slow_rate_limit    = 1000
+#log_slow_verbosity     = query_plan
+#log-queries-not-using-indexes
+{% if mariadb_slow_query_log_enabled %}
+slow_query_log_file = {{ mariadb_slow_query_log_file }}
+long_query_time = {{ mariadb_slow_query_time }}
+slow_query_log = 1
+{% endif %}
+
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                = /var/log/mysql/mysql-bin.log
+#expire_logs_days       = 10
+#max_binlog_size        = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = exclude_database_name
+
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+#chroot = /var/lib/mysql/
+#
+# For generating SSL certificates you can use for example the GUI tool "tinyca".
+#
+#ssl-ca = /etc/mysql/cacert.pem
+#ssl-cert = /etc/mysql/server-cert.pem
+#ssl-key = /etc/mysql/server-key.pem
+#
+# Accept only connections using the latest and most secure TLS protocol version.
+# ..when MariaDB is compiled with OpenSSL:
+#ssl-cipher = TLSv1.2
+# ..when MariaDB is compiled with YaSSL (default in Debian):
+#ssl = on
+
+#
+# * Character sets
+#
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+#
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
+
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+innodb_file_per_table = 1
+innodb_buffer_pool_size = {{ mariadb_innodb_buffer_pool_size }}
+innodb_log_buffer_size = {{ mariadb_innodb_log_buffer_size }}
+innodb_flush_log_at_trx_commit = {{ mariadb_innodb_flush_log_at_trx_commit }}
+innodb_lock_wait_timeout = {{ mariadb_innodb_lock_wait_timeout }}
+innodb_log_file_size = {{ mariadb_innodb_log_file_size }}
+
+
+#
+# * Unix socket authentication plugin is built-in since 10.0.22-6
+#
+# Needed so the root database user can authenticate without a password but
+# only when running as the unix root user.
+#
+# Also available for other users if required.
+# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.3 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.3]
+

templates/etc/mysql/my.cnf

@@ -0,0 +1,23 @@
+# The MariaDB configuration file
+#
+# The MariaDB/MySQL tools read configuration files in the following order:
+# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
+# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
+# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
+# 4. "~/.my.cnf" to set user-specific options.
+#
+# If the same option is defined multiple times, the last one will apply.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+
+#
+# This group is read both both by the client and the server
+# use it for options that affect everything
+#
+[client-server]
+
+# Import all .cnf files from configuration directory
+!includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/

templates/etc/mysql/my.cnf.j2

@@ -1,81 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-
-[client]
-port = {{ mariadb_port }}
-socket = {{ mariadb_socket }}
-
-[mysqld]
-port = {{ mariadb_port }}
-bind-address = {{ mariadb_bind_address }}
-datadir = {{ mariadb_datadir }}
-socket = {{ mariadb_socket }}
-
-{# TODO: FIX later #}
-# Logging configuration.
-{% if mariadb_log_error == 'syslog' %}
-syslog
-syslog-tag = {{ mariadb_syslog_tag }}
-{% else %}
-log-error = {{ mariadb_log_error }}
-{% endif %}
-
-{% if mariadb_slow_query_log_enabled %}
-# Slow query log configuration.
-slow_query_log = 1
-slow_query_log_file = {{ mariadb_slow_query_log_file }}
-long_query_time = {{ mariadb_slow_query_time }}
-{% endif %}
-
-# Disabling symbolic-links is recommended to prevent assorted security risks
-symbolic-links = 0
-
-# User is ignored when systemd is used (fedora >= 15).
-user = mysql
-
-# http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html
-;performance_schema
-
-# Memory settings.
-key_buffer_size = {{ mariadb_key_buffer_size }}
-max_allowed_packet = {{ mariadb_max_allowed_packet }}
-table_open_cache = {{ mariadb_table_open_cache }}
-sort_buffer_size = {{ mariadb_sort_buffer_size }}
-read_buffer_size = {{ mariadb_read_buffer_size }}
-read_rnd_buffer_size = {{ mariadb_read_rnd_buffer_size }}
-myisam_sort_buffer_size = {{ mariadb_myisam_sort_buffer_size }}
-thread_cache_size = {{ mariadb_thread_cache_size }}
-query_cache_size = {{ mariadb_query_cache_size }}
-
-# Other settings.
-wait_timeout = {{ mariadb_wait_timeout }}
-
-# Try number of CPU's * 2 for thread_concurrency.
-thread_concurrency = {{ mariadb_thread_concurrency }}
-
-# InnoDB settings.
-innodb_file_per_table = {{ mariadb_innodb_file_per_table }}
-innodb_buffer_pool_size = {{ mariadb_innodb_buffer_pool_size }}
-innodb_log_buffer_size = {{ mariadb_innodb_log_buffer_size }}
-innodb_flush_log_at_trx_commit = {{ mariadb_innodb_flush_log_at_trx_commit }}
-innodb_lock_wait_timeout = {{ mariadb_innodb_lock_wait_timeout }}
-{# If this setting changes on a running system, you will break it! #}
-{# See how tho change it here: http://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html #}
-{# TODO FIX -> Maybe detect a change and fail, just to be safe? #}
-innodb_log_file_size = {{ mariadb_innodb_log_file_size }}
-
-[mysqldump]
-quick
-max_allowed_packet = {{ mariadb_mysqldump_max_allowed_packet }}
-
-[mysqld_safe]
-pid-file = {{ mariadb_pid_file }}
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-#   The files must end with '.cnf', otherwise they'll be ignored.
-#
-!includedir /etc/mysql/conf.d/
-
-# vim: set ft=dosini :