💚 Fix CI (#48)

- Drop Vagrant support
- Drop TravisCI
- Remove legacy tests

.config/ansible-lint.yml

@@ -0,0 +1,13 @@
+---
+
+warn_list:
+  - role-name
+  - schema[meta]
+
+skip_list: []
+
+exclude_paths:
+  - venv/
+  - .github/
+
+offline: false

.github/workflows/ci.yml

@@ -0,0 +1,49 @@
+---
+
+name: ci
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  yaml-lint:
+    name: YAML Lint
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  ansible-lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install lib dependencies
+        run: pip3 install netaddr
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@v24.7.0

.github/workflows/galaxy.yml

@@ -0,0 +1,18 @@
+---
+
+name: Deploy on Ansible Galaxy
+
+'on':
+  - push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: galaxy
+        uses: robertdebock/galaxy-action@1.2.0
+        with:
+          galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}

.github/workflows/molecule.yml

@@ -0,0 +1,41 @@
+---
+name: Molecule
+
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        scenario:
+          - debian12_galera
+          - debian12_master_slave
+          - debian12_upstream
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          path: "${{ github.repository }}"
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install lib dependencies
+        run: pip3 install netaddr
+
+      - name: Molecule
+        uses: gofrolist/molecule-action@v2
+        with:
+          molecule_options: --base-config molecule/_shared/base.yml
+          molecule_args: --scenario-name ${{ matrix.scenario }}
+        env:
+          ANSIBLE_FORCE_COLOR: '1'

.gitignore

@@ -1,3 +1,4 @@
-.vagrant*
 *.swp
 *.retry
+/.idea
+/venv

.travis.yml

@@ -1,38 +0,0 @@
-env:
-  - PLATFORM='docker-stretch-default-mariadb-master'   ANSIBLE_VERSION='ansible>=2.3,<2.4'
-  - PLATFORM='docker-stretch-upstream-mariadb-master'  ANSIBLE_VERSION='ansible>=2.3,<2.4'
-  - PLATFORM='docker-stretch-upstream-mariadbgalera-1' ANSIBLE_VERSION='ansible>=2.3,<2.4'
-
-matrix:
-  allow_failures:
-    - env: PLATFORM='docker-stretch-upstream-mariadbgalera-1' ANSIBLE_VERSION='ansible>=2.3,<2.4'
-  fast_finish: true
-
-sudo: required
-
-dist: trusty
-
-language: python
-
-services:
-  - docker
-
-before_install:
-  - wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb
-  - sudo dpkg -i vagrant_2.0.1_x86_64.deb
-  - vagrant plugin install vagrant-hostmanager 
-
-install:
-  - pip install "$ANSIBLE_VERSION"
-
-script:
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM
-  - >
-    VAGRANT_DEFAULT_PROVIDER=docker vagrant provision $PLATFORM
-    | grep -q 'changed=0.*failed=0'
-    && (echo 'Idempotence test: pass' && exit 0)
-    || (echo 'Idempotence test: fail' && exit 1)
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant status
-
-notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint.yml

@@ -0,0 +1,9 @@
+---
+
+extends: default
+
+rules:
+  line-length: disable
+
+ignore:
+  - /venv

README.md

@@ -1,38 +1,36 @@
 MariaDB (MySQL) Ansible role for Debian
 =======================================
 
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.mysql-blue.svg)](https://galaxy.ansible.com/HanXHX/mysql) [![Build Status](https://travis-ci.org/HanXHX/ansible-mysql.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-mysql)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.mysql-blue.svg)](https://galaxy.ansible.com/HanXHX/mysql) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-mysql/molecule.yml?branch=master)
 
 Install and configure MariaDB (Galera Cluster). Manage replication (master/slave). Create users and databases.
 
-| OS              | Vendor                  | Origin    | Managed versions          |
-| --------------- | ----------------------- | --------- | ------------------------- |
-| Debian Stretch  | MariaDB                 | Debian    | 10.1                      |
-| Debian Stretch  | MariaDB                 | Upstream  | 10.1 / 10.2 / 10.3        |
-| Debian Stretch  | MariaDB Galera Cluster  | Upstream  | 10.1 / 10.2               |
+|          OS          | Origin    | MariaDB versions |
+|:--------------------:|:----------|:-----------------|
+| Debian Bookworm (12) | Debian    | 10.11            |
+| Debian Bookworm (12) | Upstream  | From 10.11       |
+
+If you need to manage previous Debian versions, please use the [latest managed version](https://github.com/HanXHX/ansible-mysql/releases/tag/2.2.1).
+
 
 Notes
 -----
 
-* Galera Cluster is experimental
-* Due to Vagrant + Docker limitation (private network), replication/galera can't be checked with Travis
-* If you need to test this role with Vagrant, you must install hostmanager plugin: `vagrant plugin install vagrant-hostmanager`
+* Galera Cluster is experimental. Feel free to test it and report issues.
 
 Requirements
 ------------
 
-None.
+- Ansible - see [meta/main.yml](meta/main.yml)
+- Collections: see [requirements.yml](requirements.yml)
 
 Role Variables
 --------------
 
-- `mariadb_origin`: origin of the package ("default" or "upstream")
-- `mariadb_vendor`: "mariadb", "mariadb\_galera"
+- `mariadb_use_galera`: set true to configure and install Galera Cluster
 
 ### Configuration
 
-- `mariadb_root_password`: root password (should be protected with [vault](http://docs.ansible.com/playbooks_vault.html))
-
 If you need a feature you can't configure, you can use this list. These config will go to `/etc/mysql/conf.d/01-extra`.
 
 - `mariadb_extra_config`: key/value hash see [default vars file](defaults/main.yml)
@@ -47,32 +45,48 @@ Example:
 
 ```
 mariadb_users:
-  - name: 'kiki'
+  - name: 'lorem'
     password: '123'
-    priv: hihi.*:ALL
-    host: '%'
+    priv: lorem.*:ALL
+    host: 'localhost'
+  - name: 'ipsum'
+    password: '465'
+    priv: ipsum.*:ALL
+    host_all: yes
 ```
 
-Check "priv" syntax in [mysql\_user module documentation](http://docs.ansible.com/mysql_user_module.html)
+Check "priv" syntax in [mysql\_user module documentation](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_user_module.html)
 
 ### Packaging
 
-- `mariadb_version`: 10.0 / 10.1 / 10.2
-- `mariadb_repository`: MariaDB upstream APT repository (see: [MariaDB repositories tool](https://downloads.mariadb.org/mariadb/repositories))
-- `mariadb_percona_repository`: Percona upstream APT repository (see: [Percona APT doc](http://www.percona.com/doc/percona-server/5.5/installation/apt_repo.html))
-- `mariadb_use_percona_apt`: Force using Percona APT repository (useful when you want to use latest version of percona toolkits, xtrabackup... etc)
+- `mariadb_upstream_version`: depends Debian version
+
+### Other
+
+- `mariadb_debug_role`: boolean, set true to disable `no_log` hidding
 
 Dependencies
 ------------
 
 None.
 
+If you need to dev this role locally with molecule
+--------------------------------------------------
+
+Check available scenarios in [molecule](molecule) directory.
+
+With `debian12_master_slave` scenario:
+
+```commandline
+molecule -v -c molecule/_shared/base.yml verify -s debian12_master_slave
+```
+
 Example Playbook
 ----------------
 
     - hosts: servers
       roles:
-         - { role: HanXHX.mysql, mariadb_origin: 'upstream', mariadb_vendor: 'mariadb' }
+         - { role: hanxhx.mysql, mariadb_origin: 'upstream' }
 
 License
 -------

Vagrantfile

@@ -1,73 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-# vi: set tabstop=2 :
-# vi: set shiftwidth=2 :
-
-Vagrant.configure("2") do |config|
-
-  vbox_deb_stretch = 'debian/stretch64'
-  dk_deb_stretch = 'hanxhx/vagrant-ansible:debian9'
-
-  config.hostmanager.enabled = true
-  config.hostmanager.manage_host = false
-  config.hostmanager.manage_guest = true
-  config.hostmanager.ignore_private_ip = false
-  config.hostmanager.include_offline = false
-
-  cases = [
-    # Debian Stretch
-    { os_name: 'stretch', vbox: vbox_deb_stretch, docker: dk_deb_stretch, vars: {mariadb_origin: 'default',  mariadb_vendor: 'mariadb' }, groups: ['master'] },
-    { os_name: 'stretch', vbox: vbox_deb_stretch, docker: nil,            vars: {mariadb_origin: 'default',  mariadb_vendor: 'mariadb' }, groups: ['slave'] },
-    { os_name: 'stretch', vbox: vbox_deb_stretch, docker: dk_deb_stretch, vars: {mariadb_origin: 'upstream', mariadb_vendor: 'mariadb' }, groups: ['master'] },
-    { os_name: 'stretch', vbox: vbox_deb_stretch, docker: nil,            vars: {mariadb_origin: 'upstream', mariadb_vendor: 'mariadb' }, groups: ['slave'] },
-    { os_name: 'stretch', vbox: vbox_deb_stretch, docker: dk_deb_stretch, vars: {mariadb_origin: 'upstream' },                          groups: ['mariadbgalera', '1'] },
-    { os_name: 'stretch', vbox: vbox_deb_stretch, docker: nil,            vars: {mariadb_origin: 'upstream' },                          groups: ['mariadbgalera', '2'] },
-    { os_name: 'stretch', vbox: vbox_deb_stretch, docker: nil,            vars: {mariadb_origin: 'upstream' },                          groups: ['mariadbgalera', '3'] },
-  ]
-
-  cases.each_with_index do |opts,index|
-    name = 'docker-' + opts[:os_name] + '-' + opts[:vars].map{|k,v| "#{v}"}.join('-') + '-' +  opts[:groups].join('-')
-    iplsb = 10 + index
-    ip = '192.168.201.' + iplsb.to_s
-    next if opts[:docker].nil?
-
-    config.vm.synced_folder ".", "/vagrant", disabled: true
-    config.vm.define name do |m|
-      m.vm.network "private_network", ip: ip
-      m.vm.provider "docker" do |d|
-        d.image = opts[:docker]
-        d.remains_running = true
-        d.has_ssh = true
-      end
-      m.vm.provision "ansible" do |ansible|
-        ansible.playbook = "tests/test.yml"
-        ansible.verbose = 'vv'
-        ansible.become = true
-        ansible.extra_vars = opts[:vars].merge({ is_docker: true })
-        ansible.groups = { opts[:groups][0] => name }
-      end
-    end
-  end
-
-  cases.each_with_index do |opts,index|
-    name = 'vbox-' + opts[:os_name] + '-' + opts[:vars].map{|k,v| "#{v}"}.join('-') + '-' +  opts[:groups].join('-')
-    iplsb = 10 + index
-    ip = '192.168.200.' + iplsb.to_s
-    config.vm.define name do |m|
-      m.vm.hostname = name
-      m.vm.box = opts[:vbox]
-      m.vm.network "private_network", ip: ip
-      m.vm.provider "virtualbox" do |v|
-        v.cpus = 1
-        v.memory = 256
-      end
-      m.vm.provision "ansible" do |ansible|
-        ansible.playbook = "tests/test.yml"
-        ansible.verbose = 'vv'
-        ansible.become = true
-        ansible.extra_vars = opts[:vars].merge({ is_docker: false })
-        ansible.groups = { opts[:groups][0] => name }
-      end
-    end
-  end
-end

defaults/main.yml

@@ -4,25 +4,19 @@
 # Setup
 # -------------------------------------
 mariadb_origin: 'default'
-mariadb_vendor: 'mariadb'
-mariadb_root_password: 'change_me_NOW'
+mariadb_use_galera: false
 mariadb_notify_restart: true
-mariadb_upstream_apt_src: false
-mariadb_manage_logrotate: true
 
 # -------------------------------------
 # Configuration
 # -------------------------------------
 
-# MariaDB configuration template
-mariadb_config_template: 'etc/mysql/my.cnf.j2'
-
 # MariaDB connection settings.
 mariadb_port: "3306"
 mariadb_bind_address: '127.0.0.1'
 mariadb_datadir: '/var/lib/mysql'
-mariadb_pid_file: '/var/run/mysqld/mysqld.pid'
-mariadb_socket: '/var/run/mysqld/mysqld.sock'
+mariadb_pid_file: '/run/mysqld/mysqld.pid'
+mariadb_socket: '/run/mysqld/mysqld.sock'
 
 # Slow query log settings.
 mariadb_slow_query_log_enabled: false
@@ -30,37 +24,35 @@ mariadb_slow_query_log_file: '/var/log/mysql/mysql_slow.log'
 mariadb_slow_query_time: 2
 
 # Memory settings (default values optimized ~512MB RAM).
+# Fine Tuning
 mariadb_key_buffer_size: '256M'
 mariadb_max_allowed_packet: '64M'
-mariadb_table_open_cache: '256'
-mariadb_sort_buffer_size: '1M'
+mariadb_max_connections: 100
+
+mariadb_table_open_cache: '2000'
+mariadb_sort_buffer_size: '2M'
 mariadb_read_buffer_size: '1M'
-mariadb_read_rnd_buffer_size: '4M'
-mariadb_myisam_sort_buffer_size: '64M'
-mariadb_thread_cache_size: '8'
-mariadb_query_cache_size: '16M'
+mariadb_read_rnd_buffer_size: '2M'
+mariadb_myisam_sort_buffer_size: '128M'
+mariadb_thread_cache_size: '256'
 
 # Other settings.
 mariadb_wait_timeout: 28800
 
-# Try number of CPU's * 2 for thread_concurrency.
-mariadb_thread_concurrency: "{{ ansible_processor_cores * 2 }}"
-
 # InnoDB settings.
-mariadb_innodb_file_per_table: '1'
 mariadb_innodb_buffer_pool_size: "{{ (ansible_memtotal_mb * 0.2) | round | int }}M"
-mariadb_innodb_log_file_size: "64M" # If this setting changes on a running system, you will break it! http://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html
+mariadb_innodb_log_file_size: "64M"    # If this setting changes on a running system, you will break it! http://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html
 mariadb_innodb_log_buffer_size: '8M'
 mariadb_innodb_flush_log_at_trx_commit: '1'
 mariadb_innodb_lock_wait_timeout: 50
 
-# mysqldump settings.
-mariadb_mysqldump_max_allowed_packet: '64M'
-
 # Logging settings.
 mariadb_log_error: '/var/log/mysql/mysql_error.log'
 mariadb_syslog_tag: 'mysql'
 
+# mysqldump settings.
+mariadb_mysqldump_max_allowed_packet: '64M'
+
 # -------------------------------------
 # Extra configuration
 # -------------------------------------
@@ -68,16 +60,14 @@ mariadb_syslog_tag: 'mysql'
 mariadb_extra_configuration: {}
 
 # Example:
-#mariadb_extra_configuration:
-#  'innodb_awsome_feature': 1
-
+# mariadb_extra_configuration:
+#   'innodb_awsome_feature': 1
 
 # -------------------------------------
 # Replication
 # -------------------------------------
 mariadb_replication_master: false
 mariadb_replication_slave: false
-# This formula don't work with vagrant! All boxes have same default ip!
 mariadb_server_id: "{{ ansible_default_ipv4.address | ipaddr('int') }}"
 
 mariadb_replication_user: 'repl'
@@ -87,6 +77,8 @@ mariadb_replication_port: '3306'
 
 mariadb_backup_dir: '/var/backups/tmp-mysql'
 
+mariadb_service_name: '{{ mariadb_default_service_name if mariadb_origin == "default" else "mariadb" }}'
+
 # Master
 mariadb_max_binlog_size: "100M"
 mariadb_expire_logs_days: "10"
@@ -101,13 +93,11 @@ mariadb_slave_import_data: true
 mariadb_slave_import_from: "{{ mariadb_replication_host }}"
 # Delete dump after slave configuration (set false if you have many slaves to install, it avoids to create many dumps)
 mariadb_slave_import_flush_dump: true
-# Slave uses mysql database from master?
-mariadb_slave_replicate_mysqldb: true
 # Don't replicate these DBs/tables
 mariadb_slave_ignore_db: []
 mariadb_slave_ignore_table: []
 # SSH user used to copy data
-mariadb_backup_user: "{{ ansible_user_id }}" # TODO: change var name
+mariadb_backup_user: "{{ ansible_user_id }}"     # TODO: change var name
 ## If data is already imported, you can specify position
 mariadb_master_log_file: null
 mariadb_master_log_pos: null
@@ -122,26 +112,23 @@ mariadb_databases: []
 mariadb_users: []
 
 # -------------------------------------
-# MariaDB
+# MariaDB Upstream
 # -------------------------------------
-mariadb_version: '10.1'
-mariadb_mirror_domain: "ftp.igh.cnrs.fr"
-# See: https://downloads.mariadb.org/mariadb/repositories
-mariadb_repository: "http://{{ mariadb_mirror_domain }}/pub/mariadb/repo/{{ mariadb_version }}/debian"
-mariadb_key_server: "keyserver.ubuntu.com"
-mariadb_key_ids: ['0xcbcb082a1bb943db', '0xf1656f24c74cd1d8']
+mariadb_upstream_setup_script: 'https://r.mariadb.com/downloads/mariadb_repo_setup'
+mariadb_upstream_version: '11.4'
 
 # -------------------------------------
 # Galera
 # -------------------------------------
 mariadb_galera_resetup: false
+mariadb_wsrep_node_address: '{{ ansible_default_ipv4.address if ansible_default_ipv4 is defined else "127.0.0.1" }}'
 mariadb_galera_members: []
-mariadb_galera_primary_node: 'change_me' # See: https://github.com/ansible/ansible/issues/17453
+mariadb_galera_primary_node: 'change_me'    # See: https://github.com/ansible/ansible/issues/17453
+mariadb_wsrep_sst_method: 'rsync'
+
+mariadb_galera_package_name: 'galera-4'
 
 # -------------------------------------
-# Percona 
+# Debug
 # -------------------------------------
-mariadb_percona_repository: 'http://repo.percona.com/apt'
-mariadb_use_percona_apt: false
-mariadb_install_xtrabackup_package: false
-mariadb_xtrabackup_package: "{{ mariadb_default_xtrabackup_package }}"
+mariadb_debug_role: false

handlers/main.yml

@@ -1,7 +1,8 @@
 ---
 
-- name: restart mariadb 
-  service:
-    name: mysql
+- name: Restart mariadb
+  ansible.builtin.service:
+    name: "{{ mariadb_service_name }}"
     state: restarted
   when: mariadb_notify_restart
+  throttle: 1

meta/main.yml

@@ -1,24 +1,24 @@
 ---
 galaxy_info:
+  namespace: hanxhx
+  role_name: mysql
   author: Emilien Mantel
-  description: Install and configure MariaDB (and Galera Cluster) on Debian 
-  company: 
+  description: Install and configure MariaDB (and Galera Cluster) on Debian
+  company: TripleStack
   license: GPLv2
-  min_ansible_version: 2.3
+  min_ansible_version: '2.17'
   platforms:
-  - name: Debian
-    versions:
-    - stretch
+    - name: Debian
+      versions:
+        - bookworm
   galaxy_tags:
-  - database
-  - database:sql
-  - packaging
-  - mysql
-  - mariadb
-  - replication
-  - debian
-  - galera
-  - cluster
-  - stretch
+    - database
+    - packaging
+    - mysql
+    - mariadb
+    - replication
+    - debian
+    - galera
+    - cluster
+
 dependencies: []
-  

molecule/_shared/Dockerfile.j2

@@ -0,0 +1,19 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN apt-get update && \
+	apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
+	&& apt-get clean

molecule/_shared/base.yml

@@ -0,0 +1,39 @@
+---
+
+scenario:
+  test_sequence:
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - destroy
+dependency:
+  name: shell
+  command: "${MOLECULE_SCENARIO_DIRECTORY}/../_shared/tools/install-dependencies.sh"
+driver:
+  name: docker
+role_name_check: 1
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      deprecation_warnings: false
+      callback_whitelist: timer,profile_tasks
+      fact_caching: jsonfile
+      fact_caching_connection: ./cache
+      forks: 100
+    connection:
+      pipelining: true
+  playbooks:
+    prepare: ../_shared/prepare.yml
+  inventory:
+    group_vars:
+      all:
+        is_dev: true
+    links:
+      group_vars: ../_shared/inventory/group_vars/
+verifier:
+  name: ansible

molecule/_shared/files/import1.sql

@@ -9,4 +9,3 @@ INSERT IGNORE INTO `user` (`id`,`email`) VALUES (11,"vitae.dolor@rutrumnon.net")
 INSERT IGNORE INTO `user` (`id`,`email`) VALUES (21,"aliquam@atpretium.co.uk"),(22,"cursus@sapienmolestie.edu"),(23,"ornare.Fusce@pede.ca"),(24,"at@estac.co.uk"),(25,"sed@risusodioauctor.ca"),(26,"sit.amet.consectetuer@necorciDonec.com"),(27,"Nulla@infaucibus.co.uk"),(28,"tempus.scelerisque@utlacusNulla.com"),(29,"pellentesque.a@nostraper.com"),(30,"libero.et.tristique@Nunclaoreet.co.uk");
 INSERT IGNORE INTO `user` (`id`,`email`) VALUES (31,"dolor.sit.amet@Donecelementum.net"),(32,"ornare@massanonante.ca"),(33,"quam.elementum@semper.net"),(34,"Duis.ac.arcu@Integermollis.com"),(35,"magna.Sed.eu@magnaPraesent.co.uk"),(36,"Mauris.eu.turpis@mattis.ca"),(37,"ornare.facilisis.eget@urna.net"),(38,"Sed.diam.lorem@fringilla.co.uk"),(39,"pellentesque.Sed.dictum@Donec.edu"),(40,"faucibus.Morbi@nuncid.com");
 INSERT IGNORE INTO `user` (`id`,`email`) VALUES (41,"ullamcorper@at.co.uk"),(42,"nec.ante.blandit@utcursus.edu"),(43,"diam.vel.arcu@egestasFuscealiquet.com"),(44,"ridiculus@musAeneaneget.com"),(45,"ad@turpisvitaepurus.ca"),(46,"ultrices.posuere.cubilia@purusMaecenas.net"),(47,"luctus@libero.org"),(48,"mi@elitNulla.com"),(49,"elementum@ipsumdolorsit.edu"),(50,"orci@Donec.co.uk");
-

molecule/_shared/inventory/group_vars/all.yml

@@ -1,6 +1,9 @@
+---
+
 mariadb_bind_address: '0.0.0.0'
 mariadb_extra_configuration:
   innodb_commit_concurrency: 0
-mariadb_use_percona_apt: true
 mariadb_install_xtrabackup_package: true
 mariadb_slow_query_log_enabled: true
+mariadb_debug_role: true
+mariadb_innodb_buffer_pool_size: 128M

molecule/_shared/inventory/group_vars/galera.yml

@@ -0,0 +1,5 @@
+---
+
+mariadb_use_galera: true
+mariadb_galera_members: "{{ groups['galera'] }}"
+mariadb_galera_primary_node: "{{ mariadb_galera_members | first }}"

molecule/_shared/inventory/group_vars/master.yml

@@ -1,3 +1,5 @@
+---
+
 # Master durability
 mariadb_sync_binlog: '1'
 mariadb_innodb_flush_log_at_trx_commit: '1'
@@ -13,6 +15,5 @@ mariadb_users:
     host: '%'
 mariadb_replication_master: true
 mariadb_replication_slave: false
-mariadb_server_id: 1
 
 # vim: set ft=yaml :

molecule/_shared/inventory/group_vars/slave.yml

@@ -1,8 +1,11 @@
+---
+
 mariadb_replication_master: false
 mariadb_replication_slave: true
 mariadb_replication_user: 'replication'
 mariadb_replication_password: '1a2b3c'
-mariadb_server_id: 2
 mariadb_slave_ignore_db: ['norepl']
+mariadb_slave_import_from: "{{ groups['master'][0] }}"
+mariadb_replication_host: "{{ groups['master'][0] }}"
 
 # vim: set ft=yaml :

molecule/_shared/inventory/group_vars/upstream.yml

@@ -0,0 +1,3 @@
+---
+
+mariadb_origin: 'upstream'

molecule/_shared/prepare.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Prepare hosts
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: APT | Install some packages
+      ansible.builtin.apt:
+        name: "{{ p }}"
+        update_cache: true
+        cache_valid_time: 3600
+      vars:
+        p: ['ca-certificates', 'curl', 'rsync', 'rsyslog', 'ssh', 'strace', 'vim']
+
+    - name: SERVICE | Ensure daemon are started
+      ansible.builtin.service:
+        name: "{{ item }}"
+        state: started
+      loop:
+        - rsyslog
+        - ssh

molecule/_shared/tools/install-dependencies.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ -z "${IS_GITHUB_ACTIONS}" ]; then
+	echo "This script is run in GitHub Actions."
+	pip install netaddr
+fi
+
+ansible-galaxy collection install -r requirements.yml

molecule/debian12_galera/converge.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Converge
+  hosts: all
+  gather_facts: true
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.mysql"

molecule/debian12_galera/molecule.yml

@@ -0,0 +1,55 @@
+---
+
+platforms:
+  - name: debian12-galera1
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    groups:
+      - galera
+    networks:
+      - name: "00-molecule-d12-galera"
+        ipv4_address: '172.16.51.1'
+    docker_networks:
+      - name: "00-molecule-d12-galera"
+        ipam_config:
+          - subnet: "172.16.51.0/24"
+            gateway: "172.16.51.254"
+
+  - name: debian12-galera2
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    groups:
+      - galera
+    networks:
+      - name: "00-molecule-d12-galera"
+        ipv4_address: '172.16.51.2'
+
+  - name: debian12-galera3
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    groups:
+      - galera
+    networks:
+      - name: "00-molecule-d12-galera"
+        ipv4_address: '172.16.51.3'

molecule/debian12_galera/verify.yml

@@ -0,0 +1,31 @@
+---
+
+- name: Verify Galera
+  hosts: galera
+  gather_facts: false
+  tasks:
+    - name: MYSQL_QUERY | Check if Galera is running
+      community.mysql.mysql_query:
+        query: "SHOW GLOBAL STATUS LIKE 'wsrep_ready'"
+        login_unix_socket: /run/mysqld/mysqld.sock
+      register: wsrep_ready
+
+    - name: ASSERT | Fail if Galera is not running
+      ansible.builtin.assert:
+        that:
+          - wsrep_ready.query_result.0.0.Value == "ON"
+        fail_msg: "Galera is not running"
+        success_msg: "Galera is running"
+
+    - name: MYSQL_QUERY | Check Galera status
+      community.mysql.mysql_query:
+        query: "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment'"
+        login_unix_socket: /run/mysqld/mysqld.sock
+      register: wsrep_local_state_comment
+
+    - name: ASSERT | Fail if Galera is not on the right state
+      ansible.builtin.assert:
+        that:
+          - wsrep_local_state_comment.query_result.0.0.Value == "Synced"
+        fail_msg: "Galera is not expected state ({{ wsrep_local_state_comment.query_result.0.0.Value }})"
+        success_msg: "Galera is in expected state"

molecule/debian12_master_slave/converge.yml

@@ -0,0 +1,36 @@
+---
+
+# Note: master must be converged first
+- name: Converge master
+  hosts: master
+  gather_facts: true
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.mysql"
+
+    - name: COPY | Deploy first dump
+      ansible.builtin.copy:
+        src: ../_shared/files/import1.sql
+        dest: /tmp/import1.sql
+        mode: 0644
+        owner: root
+        group: root
+
+    - name: MYSQL_DB | Import first dump
+      community.mysql.mysql_db:
+        name: "{{ item }}"
+        state: import
+        target: /tmp/import1.sql
+        login_unix_socket: "/run/mysqld/mysqld.sock"
+      loop: "{{ mariadb_databases }}"
+      tags:
+        - molecule-idempotence-notest
+
+- name: Converge slave
+  hosts: slave
+  gather_facts: true
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.mysql"

molecule/debian12_master_slave/molecule.yml

@@ -0,0 +1,46 @@
+---
+
+platforms:
+  - name: debian12-master1
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    networks:
+      - name: "00-molecule-d12-ms"
+        ipv4_address: '172.16.50.1'
+    docker_networks:
+      - name: "00-molecule-d12-ms"
+        ipam_config:
+          - subnet: "172.16.50.0/24"
+            gateway: "172.16.50.254"
+    groups:
+      - master
+
+  - name: debian12-slave1
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    networks:
+      - name: "00-molecule-d12-ms"
+        ipv4_address: '172.16.50.2'
+    groups:
+      - slave
+
+provisioner:
+  inventory:
+    host_vars: ~
+    group_vars:
+      master: ~
+      slave: ~

molecule/debian12_master_slave/verify.yml

@@ -0,0 +1,32 @@
+---
+
+- name: Verify slave
+  hosts: slave
+  gather_facts: false
+  tasks:
+    - name: MYSQL_REPLICATION | Get slave infos
+      community.mysql.mysql_replication:
+        mode: getreplica
+      register: slave
+
+    - name: ASSERT | If slave threads are not running
+      ansible.builtin.assert:
+        that:
+          - slave.Slave_IO_Running == 'Yes'
+          - slave.Slave_SQL_Running == 'Yes'
+        fail_msg: "Slave issue, please check"
+        success_msg: "Slave is running"
+
+    - name: Check replication data
+      community.mysql.mysql_query:
+        login_db: testrepl
+        query: 'SELECT COUNT(*) AS c FROM user'
+        login_unix_socket: /run/mysqld/mysqld.sock
+      register: result
+
+    - name: ASSERT | Check replication data
+      ansible.builtin.assert:
+        that:
+          - result.query_result.0.0.c == 50
+        fail_msg: "Replication data is not correct"
+        success_msg: "Replication data is correct"

molecule/debian12_upstream/converge.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Converge
+  hosts: all
+  gather_facts: true
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.mysql"

molecule/debian12_upstream/molecule.yml

@@ -0,0 +1,15 @@
+---
+
+platforms:
+  - name: debian12-upstream1
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    groups:
+      - upstream

molecule/debian12_upstream/verify.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Verify slave
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: COMMAND | Check if mariadb is running  # noqa: command-instead-of-module
+      ansible.builtin.command: "systemctl is-active mariadb"
+      register: mariadb_is_running
+      changed_when: false
+      failed_when: mariadb_is_running.rc != 0

requirements.txt

@@ -0,0 +1,52 @@
+ansible==10.3.0
+ansible-compat==24.8.0
+ansible-core==2.17.3
+ansible-lint==24.7.0
+attrs==24.2.0
+black==24.8.0
+bracex==2.5
+certifi==2024.7.4
+cffi==1.17.0
+charset-normalizer==3.3.2
+click==8.1.7
+click-help-colors==0.9.4
+cryptography==43.0.0
+distro==1.9.0
+docker==6.1.3
+enrich==1.2.7
+filelock==3.15.4
+idna==3.8
+importlib_metadata==8.4.0
+Jinja2==3.1.4
+jsonschema==4.23.0
+jsonschema-specifications==2023.12.1
+markdown-it-py==3.0.0
+MarkupSafe==2.1.5
+mdurl==0.1.2
+molecule==24.8.0
+molecule-plugins==23.5.3
+mypy-extensions==1.0.0
+netaddr==1.3.0
+packaging==24.1
+pathspec==0.12.1
+platformdirs==4.2.2
+pluggy==1.5.0
+pycparser==2.22
+Pygments==2.18.0
+PyYAML==6.0.2
+referencing==0.35.1
+requests==2.31.0
+resolvelib==1.0.1
+rich==13.7.1
+rpds-py==0.20.0
+ruamel.yaml==0.18.6
+ruamel.yaml.clib==0.2.8
+selinux==0.3.0
+subprocess-tee==0.4.2
+tomli==2.0.1
+typing_extensions==4.12.2
+urllib3==2.2.2
+wcmatch==9.0
+websocket-client==1.8.0
+yamllint==1.35.1
+zipp==3.20.0

requirements.yml

@@ -0,0 +1,8 @@
+---
+
+collections:
+  - ansible.posix
+  - ansible.netcommon
+  - community.crypto
+  - community.general
+  - community.mysql

tasks/galera/bootstrap.yml

@@ -1,34 +1,40 @@
 ---
-- set_fact:
-    booboo: "{{ mariadb_datadir }}/.ansible_galera_boostrap"
+
+- name: SET_FACT | Prepare mark var
+  ansible.builtin.set_fact:
+    __mark: "{{ mariadb_datadir }}/.ansible_galera_boostrap"
 
 - name: STAT | Bootstrap mark
-  stat: path={{ booboo }}
+  ansible.builtin.stat:
+    path: "{{ __mark }}"
   register: s
 
-- block:
+- name: COMMAND | Setup galera cluster
+  when: not s.stat.exists or mariadb_galera_resetup
+  block:
     - name: SET_FACT | We must NOT restart after bootstrap!
-      set_fact:
+      ansible.builtin.set_fact:
         mariadb_notify_restart: false
 
     - name: SERVICE | Stop MariaDB
-      service: name=mysql state=stopped
+      ansible.builtin.service:
+        name: "{{ mariadb_service_name }}"
+        state: stopped
 
     - name: COMMAND | Bootstrap first node (systemd)
-      command: galera_new_cluster
+      ansible.builtin.command: galera_new_cluster
       when: ansible_service_mgr == 'systemd'
+      changed_when: true
 
     - name: SERVICE | Bootstrap first node (clean init)
-      service:
-        name: mysql
-        state: started
+      ansible.builtin.service:
+        name: "{{ mariadb_service_name }}"
+        state: "started"
         arguments: --wsrep-new-cluster
       register: bootstrap_run
       when: ansible_service_mgr != 'systemd'
 
-  when: not s.stat.exists or mariadb_galera_resetup
-
 - name: COMMAND | Create Bootstrap mark
-  command: "touch {{ booboo }}"
+  ansible.builtin.command: "touch {{ __mark }}"
   args:
-    creates: "{{ booboo }}"
+    creates: "{{ __mark }}"

tasks/galera/main.yml

@@ -1,25 +1,21 @@
 ---
 
+- name: APT | Install Galera
+  ansible.builtin.apt:
+    name: "{{ mariadb_galera_package_name }}"
+
 - name: TEMPLATE | Deploy Galera configuration
-  template:
-    src: etc/mysql/conf.d/09-galera.cnf.j2
-    dest: /etc/mysql/conf.d/09-galera.cnf
-  register: galeraconfig
+  ansible.builtin.template:
+    src: etc/mysql/mariadb.conf.d/60-galera.cnf.j2
+    dest: /etc/mysql/mariadb.conf.d/60-galera.cnf
+    mode: 0644
+    owner: root
+    group: root
+  notify: Restart mariadb
 
 - name: INCLUDE | Bootstrap first node
-  include: 'bootstrap.yml'
+  ansible.builtin.import_tasks: 'bootstrap.yml'
   when: inventory_hostname == mariadb_galera_primary_node
 
-- name: INCLUDE | Configure other nodes
-  include: 'nodes.yml'
-  when: inventory_hostname != mariadb_galera_primary_node
-
-- name: SERVICE | Restart MariaDB if needed
-  service:
-    name: mysql
-    state: restarted
-  when: >
-    ((galeraconfig or (p is defined and p.changed)) and
-    (bootstrap_run is not defined)) or
-    ((inventory_hostname != mariadb_galera_primary_node) and
-    (mariadb_galera_resetup))
+- name: META | Flush handlers
+  ansible.builtin.meta: flush_handlers

tasks/galera/nodes.yml

@@ -1,35 +0,0 @@
----
-
-- name: COMMAND | GET debian.cnf from primary node
-  command: cat /etc/mysql/debian.cnf
-  register: debiancnf
-  delegate_to: '{{ mariadb_galera_primary_node }}'
-  changed_when: false
-
-- name: COMMAND | Get current debian.cnf
-  command: cat /etc/mysql/debian.cnf
-  register: ondc
-  changed_when: false
-
-- block:
-
-  - name: SERVICE | Stop MariaDB
-    service:
-      name: mysql
-      state: stopped
-
-  - name: COPY | Paste primary node's debian.cnf
-    copy:
-      content: "{{ debiancnf.stdout }}"
-      dest: /etc/mysql/debian.cnf
-      mode: 0600
-      owner: root
-      group: root
-    register: paste
-
-  - name: SERVICE | Start MariaDB
-    service:
-      name: mysql
-      state: started
-
-  when: debiancnf.stdout != ondc.stdout

tasks/install/main.yml

@@ -1,24 +1,13 @@
 ---
 
-- name: INCLUDE | Use Percona repository
-  include: 'percona/apt.yml'
-  when: mariadb_use_percona_apt
-
-- name: INCLUDE | Install MariaDB from Debian repo
-  include: 'mariadb/default.yml'
-  when: mariadb_origin == 'default' and mariadb_vendor == 'mariadb'
-
-- name: INCLUDE | Install MariaDB from MariaDB repo
-  include: 'mariadb/upstream.yml'
+- name: INCLUDE | Setup MariaDB repository
+  ansible.builtin.import_tasks: 'mariadb/upstream.yml'
   when: mariadb_origin == 'upstream'
 
-- name: APT | Install few MariaDB related tools
-  apt:
-    pkg: "{{ item }}"
-    install_recommends: no
-  with_items: "{{ mariadb_tools }}"
+- name: INCLUDE | Install MariaDB
+  ansible.builtin.import_tasks: 'mariadb/default.yml'
 
-- name: APT | Install percona-xtrabackup if needed
-  apt:
-    pkg: "{{ mariadb_xtrabackup_package }}"
-  when: mariadb_install_xtrabackup_package
+- name: APT | Install few MariaDB related tools
+  ansible.builtin.apt:
+    pkg: "{{ mariadb_tools }}"
+    install_recommends: false

tasks/install/mariadb/default.yml

@@ -1,31 +1,5 @@
 ---
 
-- name: SHELL | Get MariaDB target version
-  shell: "LANG=C apt-cache depends mariadb-server | awk -F '-' '/Depends/ { print $NF }'"
-  register: apt_mariadb_version
-  changed_when: false
-
-- name: DEBCONF | Prepare MariaDB silent installation (root password)
-  debconf:
-    name: 'mariadb-server-{{ apt_mariadb_version.stdout }}'
-    question: 'mysql-server/root_password'
-    vtype: 'password'
-    value: '{{ mariadb_root_password }}'
-  when: not mariadb_exists.stat.exists
-
-- name: DEBCONF | Prepare MariaDB silent installation (root password again)
-  debconf:
-    name: 'mariadb-server-{{ apt_mariadb_version.stdout }}'
-    question: 'mysql-server/root_password_again'
-    vtype: 'password'
-    value: '{{ mariadb_root_password }}'
-  when: not mariadb_exists.stat.exists
-
 - name: APT | Install MariaDB server
-  apt:
+  ansible.builtin.apt:
     pkg: mariadb-server
-
-- name: APT | Install Galera
-  apt:
-    pkg: galera-3
-  when: mariadb_vendor == 'mariadb_galera'

tasks/install/mariadb/upstream.yml

@@ -1,24 +1,32 @@
 ---
 
-- name: APT_KEY | Install MariaDB key
-  apt_key:
-    keyserver: "{{ mariadb_key_server }}"
-    id: "{{ item }}"
-  with_items: "{{ mariadb_key_ids }}"
+- name: APT | Install GPG
+  ansible.builtin.apt:
+    name: gpg
 
-- name: TEMPLATE | Deploy APT pinning (prevent upgrades from Debian)
-  template:
-    src: etc/apt/preferences.d/95-mariadb.j2
-    dest: /etc/apt/preferences.d/95-mariadb
+- name: COMMAND | Check expected mariadb version
+  ansible.builtin.command: 'grep -q "{{ mariadb_upstream_version }}" /etc/apt/sources.list.d/mariadb.list'
+  register: check_version
+  failed_when: false
+  changed_when: false
 
-- name: APT_REPOSITORY | Add MariaDB repository
-  apt_repository:
-    repo: 'deb {{ mariadb_repository }} {{ ansible_distribution_release }} main'
+- name: APT | Add MariaDB upstream repository
+  when: check_version.rc > 0
+  block:
 
-- name: APT_REPOSITORY | Add MariaDB (src) repository
-  apt_repository:
-    repo: 'deb-src {{ mariadb_repository }} {{ ansible_distribution_release }} main'
-  when: mariadb_upstream_apt_src
+    - name: GET_URL | Download MariaDB setup script
+      ansible.builtin.get_url:
+        url: '{{ mariadb_upstream_setup_script }}'
+        dest: '/tmp/mariadb_repo_setup'
+        mode: 0755
+        owner: root
+        group: root
 
-- name: INCLUDE | Normal Install
-  include: default.yml
+    - name: COMMAND | Launch MariaDB upstream setup script
+      ansible.builtin.command: '/tmp/mariadb_repo_setup --mariadb-server-version={{ mariadb_upstream_version }}'
+      changed_when: true
+
+    - name: FILE | Remove setup script
+      ansible.builtin.file:
+        path: '/tmp/mariadb_repo_setup'
+        state: absent

tasks/install/percona/apt.yml

@@ -1,20 +0,0 @@
----
-
-- name: APT_KEY | Install Percona key
-  apt_key:
-    keyserver: "keyserver.ubuntu.com"
-    id: "8507EFA5"
-
-- name: TEMPLATE | Deploy APT pinning (prevent upgrades from Debian)
-  template:
-    src: etc/apt/preferences.d/95-percona.j2
-    dest: /etc/apt/preferences.d/95-percona
-
-- name: APT_REPOSITORY | Add Percona repository
-  apt_repository:
-    repo: 'deb {{ mariadb_percona_repository }} {{ ansible_distribution_release }} main'
-
-- name: APT_RESPOSITORY | Add Percona (src) repository
-  apt_repository:
-    repo: 'deb-src {{ mariadb_percona_repository }} {{ ansible_distribution_release }} main'
-  when: mariadb_upstream_apt_src

tasks/main.yml

@@ -1,79 +1,85 @@
 ---
 
-- name: INCLUDE_VARS | Related to OS version
-  include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
+- name: INCLUDE_VARS | Extra variables
+  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - '{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml'
+        - default.yml
+      paths:
+        - 'vars'
 
 - name: STAT | Check if mysql exists
-  stat:
+  ansible.builtin.stat:
     path: /usr/sbin/mysqld
   register: mariadb_exists
   changed_when: false
 
 - name: INCLUDE | Install
-  include: install/main.yml
+  ansible.builtin.import_tasks: install/main.yml
 
-- name: TEMPLATE | Deploy configuration
-  template:
-    src: "{{ mariadb_config_template }}"
-    dest: /etc/mysql/my.cnf
-  register: config
+- name: SHELL | Get current mariadb version  # noqa: risky-shell-pipe
+  ansible.builtin.shell: dpkg -l mariadb-common | awk '/^ii/ { print $3 }' | sed -r 's/^1://g; s/^([[:digit:]]+\.[[:digit:]]+).+$/\1/g'
+  register: __mariadb_version
+  changed_when: false
 
-- name: TEMPLATE | Deploy extra configuration
-  template:
-    src: etc/mysql/conf.d/10-extra.cnf.j2
-    dest: /etc/mysql/conf.d/10-extra.cnf
-  register: extraconfig
-
-- name: SERVICE | Restart now (prevent bugs)
-  service:
-    name: mysql
-    state: restarted
-  when: >
-    (config.changed or extraconfig.changed) and
-    not mariadb_galera_resetup
-
-- name: TEMPLATE Create .my.cnf for root
-  template:
-    src: root/my.cnf
-    dest: /root/.my.cnf
+- name: TEMPLATE | Deploy config files
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/{{ item | replace('.j2', '') }}"
+    mode: 0644
     owner: root
     group: root
-    mode: 0600
-    backup: yes
+  register: config
+  loop:
+    - etc/mysql/conf.d/mysqldump.cnf.j2
+    - etc/mysql/mariadb.conf.d/10-extra.cnf.j2
+    - etc/mysql/mariadb.conf.d/50-server.cnf.j2
+  notify: Restart mariadb
+
+- name: FILE | Ensure log dir exists
+  ansible.builtin.file:
+    path: "{{ mariadb_slow_query_log_file | dirname }}"
+    state: directory
+    mode: 0755
+    owner: mysql
+    group: mysql
+
+- name: META | Flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- name: SERVICE | Ensure service is started
+  ansible.builtin.service:
+    name: "{{ mariadb_service_name }}"
+    state: started
 
 - name: INCLUDE | Galera
-  include: galera/main.yml
-  when: mariadb_vendor == 'mariadb_galera'
+  ansible.builtin.import_tasks: galera/main.yml
+  when: mariadb_use_galera
 
 - name: INCLUDE | Replication
-  include: replication/main.yml
+  ansible.builtin.import_tasks: replication/main.yml
   when: mariadb_replication_master or mariadb_replication_slave
 
 - name: INCLUDE | Secure install
-  include: 'secure.yml'
-
-- name: SERVICE | Ensure service is started
-  service:
-    name: mysql
-    state: started
+  ansible.builtin.import_tasks: 'secure.yml'
 
 - name: MYSQL_DB | Create databases
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ item }}"
     state: present
-  with_items: "{{ mariadb_databases }}"
+    login_unix_socket: "{{ mariadb_socket }}"
+  loop: "{{ mariadb_databases }}"
 
 - name: MYSQL_USER | Manages users...
-  mysql_user:
+  community.mysql.mysql_user:
     name: "{{ item.name }}"
     password: "{{ item.password }}"
     priv: "{{ item.priv }}"
-    host: "{{ item.host | default('localhost') }}"
+    host: "{{ item.host | default(omit) }}"
+    host_all: "{{ item.host_all | default(omit) }}"
     state: present
-  with_items: "{{ mariadb_users }}"
-
-- name: TEMPLATE | Deploy logrotate configuration
-  template:
-    src: "etc/logrotate.d/mysql-server.j2"
-    dest: "/etc/logrotate.d/mysql-server"
-  when: mariadb_manage_logrotate
+    login_unix_socket: "{{ mariadb_socket }}"
+  loop: "{{ mariadb_users }}"
+  no_log: "{{ not mariadb_debug_role }}"

tasks/replication/main.yml

@@ -1,9 +1,9 @@
 ---
 
 - name: INCLUDE | Replication Master
-  include: master.yml
+  ansible.builtin.import_tasks: master.yml
   when: mariadb_replication_master
 
 - name: INCLUDE | Replication slave
-  include: slave.yml
+  ansible.builtin.import_tasks: slave.yml
   when: mariadb_replication_slave

tasks/replication/master.yml

@@ -1,7 +1,10 @@
 ---
 
 - name: TEMPLATE | Deploy master configuration
-  template:
-    src: etc/mysql/conf.d/50-master.cnf.j2
-    dest: /etc/mysql/conf.d/50-master.cnf
-  notify: restart mariadb
+  ansible.builtin.template:
+    src: etc/mysql/mariadb.conf.d/40-master.cnf.j2
+    dest: /etc/mysql/mariadb.conf.d/40-master.cnf
+    mode: 0644
+    owner: root
+    group: root
+  notify: Restart mariadb

tasks/replication/slave.yml

@@ -1,44 +1,39 @@
 ---
 
 - name: MYSQL_VARIABLES | Set read only
-  mysql_variables:
+  community.mysql.mysql_variables:
     variable: read_only
     value: 'ON'
+    login_unix_socket: "{{ mariadb_socket }}"
   when: mariadb_slave_readonly
 
 - name: TEMPLATE | Deploy slave configuration
-  template:
-    src: etc/mysql/conf.d/51-slave.cnf.j2
-    dest: /etc/mysql/conf.d/51-slave.cnf
-  notify: restart mariadb
+  ansible.builtin.template:
+    src: etc/mysql/mariadb.conf.d/40-slave.cnf.j2
+    dest: /etc/mysql/mariadb.conf.d/40-slave.cnf
+    mode: 0644
+    owner: root
+    group: root
+  notify: Restart mariadb
 
 - name: MYSQL_REPLICATION | Get slave status
-  mysql_replication:
-    mode: getslave
-  ignore_errors: yes
+  community.mysql.mysql_replication:
+    mode: getreplica
+    login_unix_socket: "{{ mariadb_socket }}"
+  ignore_errors: true
   register: slave_status
 
-- name: INCLUDE | Transfert /etc/mysql/debian.cnf from master
-  include: slave/ssh.yml
-  when: mariadb_slave_replicate_mysqldb or ((slave_status.failed is defined or not slave_status.Is_Slave) and mariadb_slave_import_data)
-
 - name: INCLUDE | Import data
-  include: slave/import_data.yml
-  when: (slave_status.failed is defined or not slave_status.Is_Slave) and mariadb_slave_import_data
+  ansible.builtin.import_tasks: slave/import_data.yml
+  when: (slave_status.failed or not slave_status.Is_Replica) and mariadb_slave_import_data
 
-- name: INCLUDE | Configure replication
-  include: slave/replication.yml
-  when: (slave_status.failed is defined or not slave_status.Is_Slave) or mariadb_slave_force_setup
-
-- name: INCLUDE | Transfert /etc/mysql/debian.cnf from master
-  include: slave/debiancnf.yml
-  when: mariadb_slave_replicate_mysqldb
+- name: Configure GTID Replication
+  ansible.builtin.import_tasks: slave/gtid.yml
+  when: slave_status.failed or not slave_status.Is_Replica or mariadb_slave_force_setup
 
 - name: MYSQL_REPLICATION | Get slave status
-  mysql_replication:
-    mode: getslave
-  ignore_errors: yes
+  community.mysql.mysql_replication:
+    mode: getreplica
+    login_unix_socket: "{{ mariadb_socket }}"
+  ignore_errors: true
   register: slave_status
-
-- name: Configure GTID
-  include: slave/gtid.yml

tasks/replication/slave/debiancnf.yml

@@ -1,22 +0,0 @@
----
-
-- name: FETCH | Get /etc/mysql/debian.cnf on master
-  fetch:
-    src: /etc/mysql/debian.cnf
-    dest: /tmp/{{ mariadb_slave_import_from }}/debian.cnf
-    flat: yes
-  changed_when: false
-  delegate_to: "{{ mariadb_slave_import_from }}"
-
-- name: LOCAL_ACTION FILE | Secure fetched file
-  local_action: file path=/tmp/{{ mariadb_slave_import_from }}/debian.cnf mode=0600
-  become: no
-
-- name: COPY | Fetched file to /etc/mysql/debian.cnf
-  copy:
-    src: "/tmp/{{ mariadb_slave_import_from }}/debian.cnf"
-    dest: /etc/mysql/debian.cnf
-    owner: root
-    group: root
-    mode: 0600
-  notify: restart mariadb

tasks/replication/slave/gtid.yml

@@ -1,16 +1,26 @@
 ---
 
-# Need this hack before:
-# - https://github.com/ansible/ansible/issues/29214
-# - https://mariadb.com/kb/en/mariadb/global-transaction-id/#switching-an-existing-old-style-slave-to-use-gtid
-
 - name: MYSQL_REPLICATION | Stop slave
-  mysql_replication:
-    mode: stopslave
+  community.mysql.mysql_replication:
+    mode: stopreplica
+    login_unix_socket: "{{ mariadb_socket }}"
 
-- name: COMMAND | Migrate to MariaDB GTID
-  command: mariadb -e "CHANGE MASTER TO master_use_gtid=current_pos";
+- name: MYSQL_REPLICATION | Configure master host
+  community.mysql.mysql_replication:
+    mode: changeprimary
+    master_host: "{{ mariadb_replication_host }}"
+    master_port: "{{ mariadb_replication_port }}"
+    master_user: "{{ mariadb_replication_user }}"
+    master_password: "{{ mariadb_replication_password }}"
+    login_unix_socket: "{{ mariadb_socket }}"
+  no_log: "{{ not mariadb_debug_role }}"
+
+- name: MYSQL_REPLICATION | Setup replication with GTID
+  community.mysql.mysql_replication:
+    primary_use_gtid: current_pos
+    login_unix_socket: "{{ mariadb_socket }}"
 
 - name: MYSQL_REPLICATION | Start slave
-  mysql_replication:
-    mode: startslave
+  community.mysql.mysql_replication:
+    mode: startreplica
+    login_unix_socket: "{{ mariadb_socket }}"

tasks/replication/slave/import_data.yml

@@ -1,79 +1,84 @@
 ---
 
-# Doc: https://www.percona.com/doc/percona-xtrabackup/2.1/howtos/recipes_ibkx_gtid.html
-- name: WAIT_FOR | source data (prevent rsync bug) - TODO find another hack
-  wait_for:
-    host: "{{ mariadb_slave_import_from }}"
-    port: 22
+- name: FILE | Create SSH client dir
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/.ssh"
+    state: directory
+    mode: 0700
 
-- name: COMMAND | Prepare backup another server
-  command: innobackupex --no-timestamp {{ mariadb_backup_dir }} creates={{ mariadb_backup_dir }}
-  delegate_to: "{{ mariadb_slave_import_from }}"
-  register: backup
+- name: OPENSSH_KEYPAIR | Create SSH key
+  community.crypto.openssh_keypair:
+    path: "{{ ansible_env.HOME }}/.ssh/id_rsa"
+  register: gen_ssh
 
-- name: SHELL | Dump
-  shell: "innobackupex --apply-log {{ mariadb_backup_dir }}"
+- name: BLOCK | Prepare backup
   delegate_to: "{{ mariadb_slave_import_from }}"
-  when: backup.changed
+  block:
 
-- name: FILE | Remove mysql db from backup
-  file:
-    path: "{{ mariadb_backup_dir }}/mysql"
-    state: absent
-  delegate_to: "{{ mariadb_slave_import_from }}"
-  when: backup.changed and not mariadb_slave_replicate_mysqldb
+    - name: AUTHORIZED_KEY | Auth slave to backup host
+      ansible.posix.authorized_key:
+        user: "{{ mariadb_backup_user }}"
+        state: present
+        key: "{{ gen_ssh.public_key }}"
+
+    - name: FILE | Create backup directory
+      ansible.builtin.file:
+        path: "{{ mariadb_backup_dir }}"
+        state: directory
+        mode: 0755
+        owner: root
+        group: root
+
+    - name: COMMAND | Prepare backup another server
+      ansible.builtin.command: "mariabackup --backup -u root --target-dir={{ mariadb_backup_dir }}"
+      args:
+        creates: "{{ mariadb_backup_dir }}/xtrabackup_info"
+      register: backup
+
+    - name: COMMAND | Dump  # noqa: no-handler
+      ansible.builtin.command: "mariabackup --prepare --target-dir={{ mariadb_backup_dir }}"
+      when: backup.changed
+      register: prep
+      changed_when: "'This target seems to be not prepared yet' in prep.stderr"
 
 - name: MYSQL_VARIABLES | Get datadir
-  mysql_variables: variable=datadir
+  community.mysql.mysql_variables:
+    variable: datadir
+    login_unix_socket: "{{ mariadb_socket }}"
   register: datadir
 
-- name: SET_FACT | related to mysql datadir
-  set_fact:
+- name: SET_FACT | Get MariaDB datadir
+  ansible.builtin.set_fact:
     mariadb_datadir: "{{ datadir.msg }}"
-    mariadb_binlog_info: "{{ datadir.msg }}/xtrabackup_binlog_info"
 
 - name: SERVICE | Stop MariaDB before importing data
-  service:
-    name: mysql
+  ansible.builtin.service:
+    name: "{{ mariadb_service_name }}"
     state: stopped
 
-# TODO: add an "ignore warning"
-- name: COMMAND | Sync backup to slave - TODO remove vagrant as static user (see why mariadb_backup_user is not working)
-  shell: "sudo -E rsync --rsync-path='sudo rsync' -a -e 'ssh -o StrictHostKeyChecking=no' {{ mariadb_backup_user }}@{{ mariadb_slave_import_from }}:{{ mariadb_backup_dir }}/ {{ mariadb_datadir }}/"
-  become: no
+- name: COMMAND | Sync backup to slave
+  ansible.builtin.command: "sudo -E rsync --rsync-path='sudo rsync' --delete -a -e 'ssh -o StrictHostKeyChecking=no' {{ mariadb_backup_user }}@{{ mariadb_slave_import_from }}:{{ mariadb_backup_dir }}/ {{ mariadb_datadir }}/"
+  become: false
+  tags:
+    - skip_ansible_lint
 
 - name: FILE | Re-apply owner
-  file:
+  ansible.builtin.file:
     path: "{{ mariadb_datadir }}"
     state: directory
+    mode: 0755
     owner: mysql
     group: mysql
-    recurse: yes
+    recurse: true
 
 - name: SERVICE | Start MariaDB
-  service:
-    name: mysql
+  ansible.builtin.service:
+    name: "{{ mariadb_service_name }}"
     state: started
 
-- name: SHELL | Get master_log_file
-  command: "awk '{ print $1 }' {{ mariadb_binlog_info }}"
-  register: master_log_file
-
-- name: SHELL | Get master_log_pos
-  command: "awk '{ print $2 }' {{ mariadb_binlog_info }}"
-  register: master_log_pos
-
-- name: SHELL | Get master GTID
-  command: "awk '{ print $3 }' {{ mariadb_binlog_info }}"
-  register: master_gtid
-
-- name: SET_FACT | master_log_file
-  set_fact:
-    mariadb_master_log_file: "{{ master_log_file.stdout }}"
-    mariadb_master_log_pos: "{{ master_log_pos.stdout }}"
-    mariadb_master_gtid: "{{ master_gtid.stdout }}"
-
 - name: FILE | Delete dump
-  file: path={{ mariadb_backup_dir }} state=absent
+  ansible.builtin.file:
+    path: "{{ mariadb_backup_dir }}"
+    state: absent
   delegate_to: "{{ mariadb_slave_import_from }}"
   when: mariadb_slave_import_flush_dump

tasks/replication/slave/replication.yml

@@ -1,24 +0,0 @@
----
-
-- name: MYSQL_REPLICATION | Stop slave
-  mysql_replication:
-    mode: stopslave
-
-- name: MYSQL_REPLICATION | Configure master host
-  mysql_replication:
-    mode: changemaster
-    master_host: "{{ mariadb_replication_host }}"
-    master_port: "{{ mariadb_replication_port }}"
-    master_user: "{{ mariadb_replication_user }}"
-    master_password: "{{ mariadb_replication_password }}"
-
-- name: MYSQL_REPLICATION | Change master
-  mysql_replication:
-    mode: changemaster
-    master_log_file: "{{ mariadb_master_log_file }}"
-    master_log_pos: "{{ mariadb_master_log_pos }}"
-  when: mariadb_master_log_file is defined and mariadb_master_log_pos is defined
-
-- name: MYSQL_REPLICATION | Start slave
-  mysql_replication:
-    mode: startslave

tasks/replication/slave/ssh.yml

@@ -1,19 +0,0 @@
----
-
-- name: SHELL | Create SSH key if needed on slave
-  shell: "ssh-keygen -b 2048 -t rsa -f {{ ansible_env.HOME }}/.ssh/id_rsa -q -N ''"
-  args:
-    creates: "{{ ansible_env.HOME }}/.ssh/id_rsa"
-
-- name: COMMAND | Get pub key
-  command: cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub
-  register: pub_key
-  changed_when: false
-
-- name: AUTHORIZED_KEY | Auth slave to backup host
-  authorized_key:
-    user: "{{ mariadb_backup_user }}"
-    state: present
-    key: "{{ pub_key.stdout }}"
-  delegate_to: "{{ mariadb_slave_import_from }}"
-  become: yes

tasks/secure.yml

@@ -1,28 +1,19 @@
 ---
 
-- name: MYSQL_USER | Update mysql root password for all root accounts
-  mysql_user:
-    name: root
-    host: "{{ item }}"
-    password: "{{ mariadb_root_password }}"
-  with_items:
-    - "{{ ansible_hostname }}"
-    - 127.0.0.1
-    - ::1
-    - localhost
-
 - name: MYSQL_USER | Remove all anonymous users
-  mysql_user:
+  community.mysql.mysql_user:
     name: ''
     host: "{{ item }}"
     state: absent
-  with_items:
+    login_unix_socket: "{{ mariadb_socket }}"
+  loop:
     - "{{ ansible_hostname }}"
     - 127.0.0.1
     - ::1
     - localhost
 
 - name: MYSQL_DB | Remove the test database
-  mysql_db:
+  community.mysql.mysql_db:
     name: test
     state: absent
+    login_unix_socket: "{{ mariadb_socket }}"

templates/etc/apt/preferences.d/95-percona.j2

@@ -1,6 +0,0 @@
-# {{ ansible_managed }}
-
-Explanation: Prevent Debian upgrades on percona packages
-Package: *
-Pin: release o=Percona Development Team
-Pin-Priority: 1001

templates/etc/mysql/conf.d/09-galera.cnf.j2

@@ -1,31 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-
-[mysqld]
-
-# --------------------
-# Galera config
-# --------------------
-
-# Global
-wsrep_on=ON
-wsrep_provider=/usr/lib/galera/libgalera_smm.so
-wsrep_cluster_address=gcomm://{{ mariadb_galera_members | join(",") }}
-# TODO: https://mariadb.com/kb/en/mariadb/galera-cluster-system-variables/#wsrep_sst_method
-wsrep_sst_method=rsync
-# TODO: wsrep_cluster_name="my_wsrep_cluster"
-
-# Node Configuration
-wsrep_node_address="{{ mariadb_wsrep_node_address | default(ansible_default_ipv4.address) }}"
-wsrep_node_name="{{ mariadb_wsrep_node_name | default(ansible_fqdn) }}"
-
-
-# --------------------
-# Deps
-# --------------------
-binlog_format=ROW
-default_storage_engine=InnoDB
-innodb_autoinc_lock_mode=2
-innodb_doublewrite=1
-query_cache_size=0

templates/etc/mysql/conf.d/mysqldump.cnf.j2

@@ -0,0 +1,8 @@
+# -------------------------------------------
+# {{ ansible_managed }}
+# -------------------------------------------
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet	= {{ mariadb_mysqldump_max_allowed_packet }} 

templates/etc/mysql/mariadb.conf.d/40-master.cnf.j2

@@ -1,8 +1,7 @@
-#
+# -------------------------------------------
 # {{ ansible_managed }}
-#
+# -------------------------------------------
 
-#
 # Replication master
 
 [mysqld]

templates/etc/mysql/mariadb.conf.d/40-slave.cnf.j2

@@ -1,8 +1,7 @@
-#
+# -------------------------------------------
 # {{ ansible_managed }}
-#
+# -------------------------------------------
 
-#
 # Replication slave
 
 [mysqld]
@@ -12,9 +11,6 @@ read-only
 {% endif %}
 
 # --> Ignore DB/tables
-{% if not mariadb_slave_replicate_mysqldb %}
-replicate-ignore-db=mysql
-{% endif %}
 {% for db in mariadb_slave_ignore_db %}
 replicate-ignore-db={{ db }}
 {% endfor %}

templates/etc/mysql/mariadb.conf.d/50-server.cnf.j2

@@ -0,0 +1,141 @@
+# -------------------------------------------
+# {{ ansible_managed }}
+# -------------------------------------------
+
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mariadbd daemon
+[mariadbd]
+
+#
+# * Basic Settings
+#
+user                    = mysql
+pid-file                = {{ mariadb_pid_file }}
+socket                  = {{ mariadb_socket }}
+port                    = {{ mariadb_port }}
+basedir                 = /usr
+datadir                 = {{ mariadb_datadir }}
+tmpdir                  = /tmp
+lc-messages-dir         = /usr/share/mysql
+
+# Broken reverse DNS slows down connections considerably and name resolve is
+# safe to skip if there are no "host by domain name" access grants
+#skip-name-resolve
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = {{ mariadb_bind_address }}
+
+#
+# * Fine Tuning
+#
+
+key_buffer_size         = {{ mariadb_key_buffer_size }}
+max_allowed_packet      = {{ mariadb_max_allowed_packet }}
+#thread_stack           = 192K
+thread_cache_size       = {{ mariadb_thread_cache_size }}
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+#myisam_recover_options = BACKUP
+max_connections         = {{ mariadb_max_connections }}
+#table_cache            = 64
+
+# Other tuning setting
+table_open_cache        = {{ mariadb_table_open_cache }}
+sort_buffer_size        = {{ mariadb_sort_buffer_size }}
+read_buffer_size        = {{ mariadb_read_buffer_size }}
+read_rnd_buffer_size    = {{ mariadb_read_rnd_buffer_size }}
+myisam_sort_buffer_size = {{ mariadb_myisam_sort_buffer_size }}
+
+
+#
+# * Logging and Replication
+#
+
+# Note: The configured log file or its directory need to be created
+# and be writable by the mysql user, e.g.:
+# $ sudo mkdir -m 2750 /var/log/mysql
+# $ sudo chown mysql /var/log/mysql
+
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# Recommend only changing this at runtime for short testing periods if needed!
+#general_log_file       = /var/log/mysql/mysql.log
+#general_log            = 1
+
+#
+# Error log - should be very few entries.
+#
+{% if mariadb_log_error == 'syslog' %}
+syslog
+syslog-tag = {{ mariadb_syslog_tag }}
+{% else %}
+log_error = {{ mariadb_log_error }}
+{% endif %}
+
+#
+# Enable the slow query log to see queries with especially long duration
+#log-queries-not-using-indexes
+{% if mariadb_slow_query_log_enabled %}
+slow_query_log_file = {{ mariadb_slow_query_log_file }}
+long_query_time = {{ mariadb_slow_query_time }}
+slow_query_log = 1
+{% else %}
+#slow_query_log_file    = /var/log/mysql/mariadb-slow.log
+#long_query_time        = 10
+#log_slow_rate_limit    = 1000
+#log_slow_verbosity     = query_plan
+{% endif %}
+
+#
+# * SSL/TLS
+#
+
+# For documentation, please read
+# https://mariadb.com/kb/en/securing-connections-for-client-and-server/
+#ssl-ca = /etc/mysql/cacert.pem
+#ssl-cert = /etc/mysql/server-cert.pem
+#ssl-key = /etc/mysql/server-key.pem
+#require-secure-transport = on
+
+#
+# * Character sets
+#
+
+# MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
+
+#
+# * InnoDB
+#
+
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# Most important is to give InnoDB 80 % of the system RAM for buffer use:
+# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size
+innodb_buffer_pool_size        = {{ mariadb_innodb_buffer_pool_size }}
+innodb_log_buffer_size         = {{ mariadb_innodb_log_buffer_size }}
+innodb_flush_log_at_trx_commit = {{ mariadb_innodb_flush_log_at_trx_commit }}
+innodb_lock_wait_timeout       = {{ mariadb_innodb_lock_wait_timeout }}
+innodb_log_file_size           = {{ mariadb_innodb_log_file_size }}
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadbd]
+
+# This group is only read by MariaDB-{{ __mariadb_version.stdout }} servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-{{ __mariadb_version.stdout }}]

templates/etc/mysql/mariadb.conf.d/60-galera.cnf.j2

@@ -0,0 +1,30 @@
+# -------------------------------------------
+# {{ ansible_managed }}
+# -------------------------------------------
+
+#
+# * Galera-related settings
+#
+# See the examples of server wsrep.cnf files in /usr/share/mariadb
+# and read more at https://mariadb.com/kb/en/galera-cluster/
+
+[galera]
+
+# Global
+wsrep_on              = ON
+wsrep_provider        = /usr/lib/galera/libgalera_smm.so
+wsrep_cluster_address = gcomm://{{ mariadb_galera_members | join(",") }}
+wsrep_sst_method      = "{{ mariadb_wsrep_sst_method }}"
+{% if mariadb_wsrep_cluster_name is defined %}
+wsrep_cluster_name    = "{{ mariadb_wsrep_cluster_name }}"
+{% endif %}
+
+# Node Configuration
+wsrep_node_address    = "{{ mariadb_wsrep_node_address }}"
+wsrep_node_name       = "{{ mariadb_wsrep_node_name | default(ansible_fqdn) }}"
+
+# Deps
+binlog_format            = ROW
+default_storage_engine   = InnoDB
+innodb_autoinc_lock_mode = 2
+innodb_doublewrite       = 1

templates/etc/mysql/my.cnf.j2

@@ -1,81 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-
-[client]
-port = {{ mariadb_port }}
-socket = {{ mariadb_socket }}
-
-[mysqld]
-port = {{ mariadb_port }}
-bind-address = {{ mariadb_bind_address }}
-datadir = {{ mariadb_datadir }}
-socket = {{ mariadb_socket }}
-
-{# TODO: FIX later #}
-# Logging configuration.
-{% if mariadb_log_error == 'syslog' %}
-syslog
-syslog-tag = {{ mariadb_syslog_tag }}
-{% else %}
-log-error = {{ mariadb_log_error }}
-{% endif %}
-
-{% if mariadb_slow_query_log_enabled %}
-# Slow query log configuration.
-slow_query_log = 1
-slow_query_log_file = {{ mariadb_slow_query_log_file }}
-long_query_time = {{ mariadb_slow_query_time }}
-{% endif %}
-
-# Disabling symbolic-links is recommended to prevent assorted security risks
-symbolic-links = 0
-
-# User is ignored when systemd is used (fedora >= 15).
-user = mysql
-
-# http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html
-;performance_schema
-
-# Memory settings.
-key_buffer_size = {{ mariadb_key_buffer_size }}
-max_allowed_packet = {{ mariadb_max_allowed_packet }}
-table_open_cache = {{ mariadb_table_open_cache }}
-sort_buffer_size = {{ mariadb_sort_buffer_size }}
-read_buffer_size = {{ mariadb_read_buffer_size }}
-read_rnd_buffer_size = {{ mariadb_read_rnd_buffer_size }}
-myisam_sort_buffer_size = {{ mariadb_myisam_sort_buffer_size }}
-thread_cache_size = {{ mariadb_thread_cache_size }}
-query_cache_size = {{ mariadb_query_cache_size }}
-
-# Other settings.
-wait_timeout = {{ mariadb_wait_timeout }}
-
-# Try number of CPU's * 2 for thread_concurrency.
-thread_concurrency = {{ mariadb_thread_concurrency }}
-
-# InnoDB settings.
-innodb_file_per_table = {{ mariadb_innodb_file_per_table }}
-innodb_buffer_pool_size = {{ mariadb_innodb_buffer_pool_size }}
-innodb_log_buffer_size = {{ mariadb_innodb_log_buffer_size }}
-innodb_flush_log_at_trx_commit = {{ mariadb_innodb_flush_log_at_trx_commit }}
-innodb_lock_wait_timeout = {{ mariadb_innodb_lock_wait_timeout }}
-{# If this setting changes on a running system, you will break it! #}
-{# See how tho change it here: http://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html #}
-{# TODO FIX -> Maybe detect a change and fail, just to be safe? #}
-innodb_log_file_size = {{ mariadb_innodb_log_file_size }}
-
-[mysqldump]
-quick
-max_allowed_packet = {{ mariadb_mysqldump_max_allowed_packet }}
-
-[mysqld_safe]
-pid-file = {{ mariadb_pid_file }}
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-#   The files must end with '.cnf', otherwise they'll be ignored.
-#
-!includedir /etc/mysql/conf.d/
-
-# vim: set ft=dosini :

templates/root/my.cnf

@@ -1,7 +0,0 @@
-# ------------------------------------------
-# {{ ansible_managed }}
-# ------------------------------------------
-
-[client]
-user=root
-password="{{ mariadb_root_password }}"

tests/README.md

@@ -1,23 +0,0 @@
-About tests
-===========
-
-IMPORTANT
----------
-
-- DO NOT `vagrant up`! My Vagrantfile provides many VMs...
-- Each slave communicate to his master. You can't mix mysql and mariadb.
-
-Tests
------
-
-- vagrant up the master
-- vagrant up the slave
-
-Wait master fully installed before run slave.
-
-Example:
-
-```
-vagrant up stretch-upstream-mariadb-master
-vagrant up stretch-upstream-mariadb-slave
-```

tests/group_vars/mariadbgalera

@@ -1,5 +0,0 @@
-mariadb_vendor: 'mariadb_galera'
-mariadb_galera_members:
-  - '{% if is_docker %}docker-{% else %}vbox-{% endif %}{{ ansible_distribution_release }}-upstream-mariadbgalera-1'
-  - '{% if is_docker %}docker-{% else %}vbox-{% endif %}{{ ansible_distribution_release }}-upstream-mariadbgalera-2'
-  - '{% if is_docker %}docker-{% else %}vbox-{% endif %}{{ ansible_distribution_release }}-upstream-mariadbgalera-3'

tests/group_vars/mysql

@@ -1 +0,0 @@
-mariadb_vendor: 'mysql'

tests/import2.sql

@@ -1,6 +0,0 @@
-INSERT IGNORE INTO `user` (`id`,`email`) VALUES (51,"vulputate.eu.odio@elitdictumeu.net"),(52,"Sed.eu@erosnec.edu"),(53,"magna@interdum.co.uk"),(54,"ornare.libero.at@Proin.net"),(55,"turpis@aneque.org"),(56,"ut.eros.non@Duisrisusodio.com"),(57,"Pellentesque.ultricies.dignissim@malesuada.edu"),(58,"vel.nisl@mifringilla.net"),(59,"dui@laoreet.com"),(60,"vitae@Suspendissedui.net");
-INSERT IGNORE INTO `user` (`id`,`email`) VALUES (61,"turpis@Curabituregestasnunc.co.uk"),(62,"arcu@enim.co.uk"),(63,"consectetuer.rhoncus.Nullam@dolordolortempus.co.uk"),(64,"sem@felisadipiscingfringilla.net"),(65,"aliquet.metus.urna@a.net"),(66,"Fusce.fermentum.fermentum@variusNam.com"),(67,"dolor@velnisl.ca"),(68,"et.netus@Duisrisusodio.edu"),(69,"malesuada@purus.edu"),(70,"gravida.sagittis@pulvinararcuet.ca");
-INSERT IGNORE INTO `user` (`id`,`email`) VALUES (71,"et.eros.Proin@Cras.co.uk"),(72,"eleifend.nunc.risus@metuseu.edu"),(73,"pede.Nunc@Phasellusnulla.net"),(74,"vitae.sodales.at@ipsumdolor.edu"),(75,"nunc.sed.pede@aliquetlobortisnisi.co.uk"),(76,"consectetuer@nonenim.ca"),(77,"ultrices@tinciduntvehicula.co.uk"),(78,"Nullam.enim.Sed@Morbiaccumsan.com"),(79,"auctor@Phasellus.net"),(80,"enim.Etiam@interdum.com");
-INSERT IGNORE INTO `user` (`id`,`email`) VALUES (81,"sapien.Cras.dolor@consectetuer.com"),(82,"malesuada.fames.ac@feugiattelluslorem.edu"),(83,"risus@vestibulum.co.uk"),(84,"Nunc@Duisgravida.ca"),(85,"ornare.egestas@sitamet.edu"),(86,"Proin.ultrices@senectus.ca"),(87,"ligula@magna.edu"),(88,"orci.tincidunt.adipiscing@sed.com"),(89,"et@venenatis.edu"),(90,"leo.Cras.vehicula@eteuismod.org");
-INSERT IGNORE INTO `user` (`id`,`email`) VALUES (91,"consequat.auctor.nunc@utsemNulla.net"),(92,"nec.leo@orci.com"),(93,"Nulla@atvelit.edu"),(94,"tempor.augue.ac@eleifend.edu"),(95,"fermentum.risus.at@penatibusetmagnis.edu"),(96,"id.erat.Etiam@porttitortellus.edu"),(97,"amet.metus.Aliquam@mus.co.uk"),(98,"dolor.tempus.non@risus.org"),(99,"vulputate.posuere.vulputate@purus.ca"),(100,"inceptos@pede.edu");
-

tests/inventory

@@ -1 +0,0 @@
-localhost

tests/test.yml

@@ -1,59 +0,0 @@
----
-
-- hosts: all
-  tasks:
-    - apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
-      with_items:
-        - ca-certificates
-        - curl
-        - strace
-        - vim
-
-- hosts: master
-  roles:
-    - ../../
-  tasks:
-    - copy: src=import1.sql dest=/tmp/import1.sql
-      register: c
-    - mysql_db: name={{ item }} state=import target=/tmp/import1.sql
-      with_items: ['testrepl', 'norepl']
-      when: c.changed
-
-- hosts: slave
-  pre_tasks:
-    - name: SHELL | Get master IP
-      shell: getent hosts {{ ansible_hostname | replace ('slave', 'master') }} | cut -d ' ' -f 1
-      register: ip
-      changed_when: false
-    - set_fact:
-        # MariaDB don't read /etc/hosts (from vagrant host plugin)
-        mariadb_replication_host: "{{ ip.stdout }}"
-        # Need this to use vagrant 'delegate_to'
-        mariadb_slave_import_from: "{{ ansible_hostname | replace ('slave', 'master') }}"
-  roles:
-    - ../../
-  tasks:
-    - copy: src=import2.sql dest=/tmp/import2.sql
-      delegate_to: "{{ mariadb_slave_import_from }}"
-      register: c
-    - mysql_db: name={{ item }} state=import target=/tmp/import2.sql
-      with_items: ['testrepl', 'norepl']
-      delegate_to: "{{ mariadb_slave_import_from }}"
-      when: c.changed
-    - mysql_replication: mode=getslave
-      register: slave
-    - fail: msg="Slave issue"
-      when: slave.Slave_IO_Running != 'Yes' or slave.Slave_SQL_Running != 'Yes'
-
-- hosts: mariadbgalera
-  vars:
-    mariadb_galera_primary_node: '{% if is_docker %}docker-{% else %}vbox-{% endif %}{{ ansible_distribution_release }}-upstream-mariadbgalera-1'
-    mariadb_wsrep_node_address: "{{ ansible_all_ipv4_addresses[0] }}"
-    mariadb_version: '10.1'
-  pre_tasks:
-    - set_fact:
-        mariadb_wsrep_node_address: "{{ ansible_eth1.ipv4.address }}"
-      when: not is_docker
-  roles:
-    - ../../
-

tests/travis.sh

@@ -1,21 +0,0 @@
-#!/bin/sh
-
-# Thanks to https://servercheck.in/blog/testing-ansible-roles-travis-ci-github
-
-DIR=$( dirname $0 )
-INVENTORY_FILE="localhost,"
-PLAYBOOK="$DIR/travis.yml"
-
-set -ev
-
-# Check syntax
-ansible-playbook -i $INVENTORY_FILE -c local --syntax-check -vv $PLAYBOOK
-
-# Check role
-ansible-playbook -i $INVENTORY_FILE -c local -e "{ mariadb_vendor: $VENDOR, mariadb_origin: $ORIGIN }" --sudo -vv $PLAYBOOK
-
-# Check indempotence
-ansible-playbook -i $INVENTORY_FILE -c local -e "{ mariadb_vendor: $VENDOR, mariadb_origin: $ORIGIN }" --sudo -vv $PLAYBOOK > idempot.txt
-grep -q 'changed=0.*failed=0' idempot.txt \
-&& (echo 'Idempotence test: pass' && exit 0) \
-|| (echo 'Idempotence test: FAIL' && cat idempot.txt && exit 1)

tests/travis.yml

@@ -1,15 +0,0 @@
----
-
-- hosts: all
-  vars:
-    mariadb_replication_master: true
-    mariadb_bind_address: '{{ ansible_eth0.ipv4.address }}'
-    mariadb_galera_members:
-      - '{{ ansible_eth0.ipv4.address }}'
-    mariadb_galera_primary_node: 'localhost'
-  roles:
-    - ../../
-  post_tasks:
-    - name: TEST | SHELL | Test mysql
-      shell: mysql -e "SHOW DATABASES;"
-      changed_when: false

vars/Debian-buster.yml

@@ -0,0 +1,3 @@
+---
+
+mariadb_default_service_name: 'mysql'

vars/Debian-stretch.yml

@@ -1,6 +0,0 @@
-mariadb_tools:
-  - percona-toolkit
-  - python-mysqldb
-  - mysqltuner
-
-mariadb_default_xtrabackup_package: 'percona-xtrabackup-24'

vars/default.yml

@@ -0,0 +1,3 @@
+---
+
+mariadb_default_service_name: 'mariadb'

vars/main.yml

@@ -0,0 +1,7 @@
+---
+
+mariadb_tools:
+  - mariadb-backup
+  - mysqltuner
+  - percona-toolkit
+  - python{% if ansible_python_version is version('3', '>=') %}3{% endif %}-mysqldb