diff --git a/tasks/main.yml b/tasks/main.yml index 2082f1b..9c8e5f9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,6 +19,11 @@ - name: INCLUDE | Install ansible.builtin.import_tasks: install/main.yml +- name: SHELL | Get current mariadb version + ansible.builtin.shell: dpkg -l mariadb-common | awk '/^ii/ { print $3 }' | sed -r 's/^1://g; s/^([[:digit:]]+\.[[:digit:]]+).+$/\1/g' + register: __mariadb_version + changed_when: false + - name: TEMPLATE | Deploy config files ansible.builtin.template: src: "{{ item }}" @@ -28,11 +33,8 @@ group: root register: config loop: - - etc/mysql/my.cnf - etc/mysql/conf.d/mysqldump.cnf.j2 - etc/mysql/mariadb.conf.d/10-extra.cnf.j2 - - etc/mysql/mariadb.conf.d/50-client.cnf.j2 - - etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf.j2 - etc/mysql/mariadb.conf.d/50-server.cnf.j2 - name: FILE | Ensure log dir exists diff --git a/templates/etc/mysql/conf.d/mysqldump.cnf.j2 b/templates/etc/mysql/conf.d/mysqldump.cnf.j2 index 47fb08a..f341e99 100644 --- a/templates/etc/mysql/conf.d/mysqldump.cnf.j2 +++ b/templates/etc/mysql/conf.d/mysqldump.cnf.j2 @@ -1,3 +1,7 @@ +# ------------------------------------------- +# {{ ansible_managed }} +# ------------------------------------------- + [mysqldump] quick quote-names diff --git a/templates/etc/mysql/mariadb.conf.d/20-galera.cnf.j2 b/templates/etc/mysql/mariadb.conf.d/20-galera.cnf.j2 deleted file mode 100644 index fbd9885..0000000 --- a/templates/etc/mysql/mariadb.conf.d/20-galera.cnf.j2 +++ /dev/null @@ -1,31 +0,0 @@ -# -# {{ ansible_managed }} -# - -[mysqld] - -# -------------------- -# Galera config -# -------------------- - -# Global -wsrep_on=ON -wsrep_provider=/usr/lib/galera/libgalera_smm.so -wsrep_cluster_address=gcomm://{{ mariadb_galera_members | join(",") }} -wsrep_sst_method="{{ mariadb_wsrep_stt_method }}" -{% if mariadb_wsrep_cluster_name is defined %} -wsrep_cluster_name="{{ mariadb_wsrep_cluster_name }}" -{% endif %} - -# Node Configuration -wsrep_node_address="{{ mariadb_wsrep_node_address | default(ansible_default_ipv4.address if ansible_default_ipv4 is defined else '127.0.0.1') }}" -wsrep_node_name="{{ mariadb_wsrep_node_name | default(ansible_fqdn) }}" - - -# -------------------- -# Deps -# -------------------- -binlog_format=ROW -default_storage_engine=InnoDB -innodb_autoinc_lock_mode=2 -innodb_doublewrite=1 diff --git a/templates/etc/mysql/mariadb.conf.d/40-master.cnf.j2 b/templates/etc/mysql/mariadb.conf.d/40-master.cnf.j2 index 8a01bae..0206356 100644 --- a/templates/etc/mysql/mariadb.conf.d/40-master.cnf.j2 +++ b/templates/etc/mysql/mariadb.conf.d/40-master.cnf.j2 @@ -1,6 +1,6 @@ -# +# ------------------------------------------- # {{ ansible_managed }} -# +# ------------------------------------------- # Replication master diff --git a/templates/etc/mysql/mariadb.conf.d/40-slave.cnf.j2 b/templates/etc/mysql/mariadb.conf.d/40-slave.cnf.j2 index 9c26154..f6a94ad 100644 --- a/templates/etc/mysql/mariadb.conf.d/40-slave.cnf.j2 +++ b/templates/etc/mysql/mariadb.conf.d/40-slave.cnf.j2 @@ -1,8 +1,7 @@ -# +# ------------------------------------------- # {{ ansible_managed }} -# +# ------------------------------------------- -# # Replication slave [mysqld] diff --git a/templates/etc/mysql/mariadb.conf.d/50-client.cnf.j2 b/templates/etc/mysql/mariadb.conf.d/50-client.cnf.j2 deleted file mode 100644 index 2cda0b0..0000000 --- a/templates/etc/mysql/mariadb.conf.d/50-client.cnf.j2 +++ /dev/null @@ -1,29 +0,0 @@ -# -# {{ ansible_managed }} -# - -# -# This group is read by the client library -# Use it for options that affect all clients, but not the server -# - -[client] -# Default is Latin1, if you need UTF-8 set this (also in server section) -default-character-set = utf8mb4 - -# socket location -socket = {{ mariadb_socket }} - -# Example of client certificate usage -# ssl-cert=/etc/mysql/client-cert.pem -# ssl-key=/etc/mysql/client-key.pem -# -# Allow only TLS encrypted connections -# ssl-verify-server-cert=on - -# This group is *never* read by mysql client library, though this -# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL -# client anyway. -# If you use the same .cnf file for MySQL and MariaDB, -# use it for MariaDB-only client options -[client-mariadb] diff --git a/templates/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf.j2 b/templates/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf.j2 deleted file mode 100644 index 3af1f6c..0000000 --- a/templates/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf.j2 +++ /dev/null @@ -1,34 +0,0 @@ -# -# {{ ansible_managed }} -# - -# NOTE: This file is read only by the traditional SysV init script, not systemd. -# MariaDB systemd does _not_ utilize mysqld_safe nor read this file. -# -# For similar behaviour, systemd users should create the following file: -# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf -# -# To achieve the same result as the default 50-mysqld_safe.cnf, please create -# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf -# with the following contents: -# -# [Service] -# User=mysql -# StandardOutput=syslog -# StandardError=syslog -# SyslogFacility=daemon -# SyslogLevel=err -# SyslogIdentifier=mysqld -# -# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/ -# - -[mysqld_safe] -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# especially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -socket = {{ mariadb_socket }} -nice = 0 -skip_log_error -syslog diff --git a/templates/etc/mysql/mariadb.conf.d/50-server.cnf.j2 b/templates/etc/mysql/mariadb.conf.d/50-server.cnf.j2 index 4c35d49..4e18f0b 100644 --- a/templates/etc/mysql/mariadb.conf.d/50-server.cnf.j2 +++ b/templates/etc/mysql/mariadb.conf.d/50-server.cnf.j2 @@ -1,18 +1,16 @@ -# +# ------------------------------------------- # {{ ansible_managed }} -# +# ------------------------------------------- # # These groups are read by MariaDB server. # Use it for options that only the server (but not clients) should see -# -# See the examples of server my.cnf files in /usr/share/mysql # this is read by the standalone daemon and embedded servers [server] -# this is only for the mysqld standalone daemon -[mysqld] +# this is only for the mariadbd daemon +[mariadbd] # # * Basic Settings @@ -25,7 +23,10 @@ basedir = /usr datadir = {{ mariadb_datadir }} tmpdir = /tmp lc-messages-dir = /usr/share/mysql -#skip-external-locking + +# Broken reverse DNS slows down connections considerably and name resolve is +# safe to skip if there are no "host by domain name" access grants +#skip-name-resolve # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. @@ -34,6 +35,7 @@ bind-address = {{ mariadb_bind_address }} # # * Fine Tuning # + key_buffer_size = {{ mariadb_key_buffer_size }} max_allowed_packet = {{ mariadb_max_allowed_packet }} #thread_stack = 192K @@ -51,19 +53,22 @@ read_buffer_size = {{ mariadb_read_buffer_size }} read_rnd_buffer_size = {{ mariadb_read_rnd_buffer_size }} myisam_sort_buffer_size = {{ mariadb_myisam_sort_buffer_size }} -# -# * Query Cache Configuration -# -query_cache_size = {{ mariadb_query_cache_size }} # # * Logging and Replication # + +# Note: The configured log file or its directory need to be created +# and be writable by the mysql user, e.g.: +# $ sudo mkdir -m 2750 /var/log/mysql +# $ sudo chown mysql /var/log/mysql + # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! +# Recommend only changing this at runtime for short testing periods if needed! #general_log_file = /var/log/mysql/mysql.log #general_log = 1 + # # Error log - should be very few entries. # @@ -71,81 +76,56 @@ query_cache_size = {{ mariadb_query_cache_size }} syslog syslog-tag = {{ mariadb_syslog_tag }} {% else %} -log-error = {{ mariadb_log_error }} +log_error = {{ mariadb_log_error }} {% endif %} # # Enable the slow query log to see queries with especially long duration -#slow_query_log_file = /var/log/mysql/mariadb-slow.log -#long_query_time = 10 -#log_slow_rate_limit = 1000 -#log_slow_verbosity = query_plan #log-queries-not-using-indexes {% if mariadb_slow_query_log_enabled %} slow_query_log_file = {{ mariadb_slow_query_log_file }} long_query_time = {{ mariadb_slow_query_time }} slow_query_log = 1 +{% else %} +#slow_query_log_file = /var/log/mysql/mariadb-slow.log +#long_query_time = 10 +#log_slow_rate_limit = 1000 +#log_slow_verbosity = query_plan {% endif %} # -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. -#server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log -#expire_logs_days = 10 -#max_binlog_size = 100M -#binlog_do_db = include_database_name -#binlog_ignore_db = exclude_database_name +# * SSL/TLS +# -# -# * Security Features -# -# Read the manual, too, if you want chroot! -#chroot = /var/lib/mysql/ -# -# For generating SSL certificates you can use for example the GUI tool "tinyca". -# +# For documentation, please read +# https://mariadb.com/kb/en/securing-connections-for-client-and-server/ #ssl-ca = /etc/mysql/cacert.pem #ssl-cert = /etc/mysql/server-cert.pem #ssl-key = /etc/mysql/server-key.pem -# -# Accept only connections using the latest and most secure TLS protocol version. -# ..when MariaDB is compiled with OpenSSL: -#ssl-cipher = TLSv1.2 -# ..when MariaDB is compiled with YaSSL (default in Debian): -#ssl = on +#require-secure-transport = on # # * Character sets # -# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full + +# MariaDB default is Latin1, but in Debian we rather default to the full # utf8 4-byte character set. See also client.cnf -# -character-set-server = utf8mb4 -collation-server = utf8mb4_general_ci +character-set-server = utf8mb4 +character-set-collations = utf8mb4=uca1400_ai_ci # # * InnoDB # + # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! -innodb_file_per_table = 1 -innodb_buffer_pool_size = {{ mariadb_innodb_buffer_pool_size }} -innodb_log_buffer_size = {{ mariadb_innodb_log_buffer_size }} +# Most important is to give InnoDB 80 % of the system RAM for buffer use: +# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size +innodb_buffer_pool_size = {{ mariadb_innodb_buffer_pool_size }} +innodb_log_buffer_size = {{ mariadb_innodb_log_buffer_size }} innodb_flush_log_at_trx_commit = {{ mariadb_innodb_flush_log_at_trx_commit }} -innodb_lock_wait_timeout = {{ mariadb_innodb_lock_wait_timeout }} -innodb_log_file_size = {{ mariadb_innodb_log_file_size }} - - -# -# * Unix socket authentication plugin is built-in since 10.0.22-6 -# -# Needed so the root database user can authenticate without a password but -# only when running as the unix root user. -# -# Also available for other users if required. -# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/ +innodb_lock_wait_timeout = {{ mariadb_innodb_lock_wait_timeout }} +innodb_log_file_size = {{ mariadb_innodb_log_file_size }} # this is only for embedded server [embedded] @@ -153,10 +133,9 @@ innodb_log_file_size = {{ mariadb_innodb_log_file_size }} # This group is only read by MariaDB servers, not by MySQL. # If you use the same .cnf file for MySQL and MariaDB, # you can put MariaDB-only options here -[mariadb] +[mariadbd] -# This group is only read by MariaDB-10.3 servers. +# This group is only read by MariaDB-{{ __mariadb_version.stdout }} servers. # If you use the same .cnf file for MariaDB of different versions, # use this group for options that older servers don't understand -[mariadb-10.3] - +[mariadb-{{ __mariadb_version.stdout }}] diff --git a/templates/etc/mysql/mariadb.conf.d/60-galera.cnf.j2 b/templates/etc/mysql/mariadb.conf.d/60-galera.cnf.j2 new file mode 100644 index 0000000..e351c24 --- /dev/null +++ b/templates/etc/mysql/mariadb.conf.d/60-galera.cnf.j2 @@ -0,0 +1,29 @@ +# ------------------------------------------- +# {{ ansible_managed }} +# ------------------------------------------- + +# +# * Galera-related settings +# +# See the examples of server wsrep.cnf files in /usr/share/mariadb +# and read more at https://mariadb.com/kb/en/galera-cluster/ + +[galera] + +# Global +wsrep_on = ON +wsrep_cluster_address = gcomm://{{ mariadb_galera_members | join(",") }} +wsrep_sst_method = "{{ mariadb_wsrep_sst_method }}" +{% if mariadb_wsrep_cluster_name is defined %} +wsrep_cluster_name = "{{ mariadb_wsrep_cluster_name }}" +{% endif %} + +# Node Configuration +wsrep_node_address = "{{ mariadb_wsrep_node_address | default(ansible_default_ipv4.address if ansible_default_ipv4 is defined else '127.0.0.1') }}" +wsrep_node_name = "{{ mariadb_wsrep_node_name | default(ansible_fqdn) }}" + +# Deps +binlog_format = ROW +default_storage_engine = InnoDB +innodb_autoinc_lock_mode = 2 +innodb_doublewrite = 1 diff --git a/templates/etc/mysql/my.cnf b/templates/etc/mysql/my.cnf deleted file mode 100644 index 94d8f10..0000000 --- a/templates/etc/mysql/my.cnf +++ /dev/null @@ -1,23 +0,0 @@ -# The MariaDB configuration file -# -# The MariaDB/MySQL tools read configuration files in the following order: -# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults, -# 2. "/etc/mysql/conf.d/*.cnf" to set global options. -# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options. -# 4. "~/.my.cnf" to set user-specific options. -# -# If the same option is defined multiple times, the last one will apply. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. - -# -# This group is read both both by the client and the server -# use it for options that affect everything -# -[client-server] - -# Import all .cnf files from configuration directory -!includedir /etc/mysql/conf.d/ -!includedir /etc/mysql/mariadb.conf.d/