Ansible Role mariadb_server

This role installs and configures a MariaDB server.

It also tunes the following Kernel settings:

fs.aio-max-nr: 1048576
vm.swapiness: 10

Note that this role does NOT let you specify a particular MariaDB server version. It simply installs the latest available MariaDB server version from the repos configured in the system. If you want or need to install a specific MariaDB server version, use the linuxfabrik.lfops.repo_mariadb beforehand.

This role is only compatible with the following MariaDB versions:

10.3
10.4
10.5
10.6 (preferred - long-term support MariaDB stable)

We will add the next long-term support release as soon as it’s available (therefore currently not implementing 10.7+).

Runs on

RHEL 8 (and compatible)

Mandatory Requirements

For some machines you might need to set ansible_python_interpreter: '/usr/bin/python3' to prevent the error message A MySQL module is required: for Python 2.7 either PyMySQL, or MySQL-python, or for Python 3.X mysqlclient or PyMySQL. Consider setting ansible_python_interpreter to use the intended Python version..
On RHEL-compatible systems, enable the EPEL repository. This can be done using the linuxfabrik.lfops.repo_epel role.
Install the python3-PyMySQL library. This can be done using the linuxfabrik.lfops.python role.

Optional Requirements

Enable the official MariaDB Package Repository. This can be done using the linuxfabrik.lfops.repo_mariadb role.
Enable the a repository for mydumper. This can be done using the linuxfabrik.lfops.repo_mydumper role.

Tags

Tag	What it does
`mariadb_server`	* `dnf -y install mariadb-server libzstd` * Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * `mkdir /var/log/mariadb` * `touch /var/log/mariadb/mariadb.log; chown mysql:mysql /var/log/mariadb/mariadb.log` * Deploy /etc/my.cnf.d/z00-linuxfabrik.cnf * `mkdir -p /etc/systemd/system/mariadb.service.d/` * Deploy /etc/systemd/system/mariadb.service.d/socket-selinux-workaround.conf * `systemctl daemon-reload` * Deploy /etc/logrotate.d/mariadb * `systemctl enable/disable mariadb.service` * `systemctl {{ mariadb_server__state[:-2] }} mariadb.service` * Create DBA „{{ mariadb_server__admin_user[„username“] }}“ * Remove all „root“ users * Secure installation: Remove anonymous users * Secure installation: Remove test database * Secure installation: Remove test database (privileges) * Secure installation: Reload privilege tables * `dnf -y install {{ mariadb_server__dump_mydumper_package }}` * Deploy /usr/local/bin/mariadb-dump * Deploy /etc/mariadb-dump.conf * Grant backup privileges on dbs.tables to {{ mariadb_server__dump_user[„username“] }}@localhost * Deploy /etc/systemd/system/mariadb-dump.service * Deploy /etc/systemd/system/mariadb-dump.timer * `systemctl enable mariadb-dump.timer --now` * Create or delete mariadb databases * Create, update or delete MariaDB users * Show databases * `wget https://github.com/FromDual/mariadb-sys/archive/refs/heads/master.tar.gz` * `mkdir /tmp/mariadb-sys-schema` * `tar xzvf /tmp/mariadb-sys-schema.tar.gz` * `mysql --user "{{ mariadb_server__admin_user["username"] }}" --password="..." < ./sys_10.sql` * `rm -rf /tmp/mariadb-sys-schema`
`mariadb_server:configure`	* `dnf -y install mariadb-server libzstd` * Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * `mkdir /var/log/mariadb` * `touch /var/log/mariadb/mariadb.log; chown mysql:mysql /var/log/mariadb/mariadb.log` * Deploy /etc/my.cnf.d/z00-linuxfabrik.cnf * `mkdir -p /etc/systemd/system/mariadb.service.d/<br> * Deploy /etc/systemd/system/mariadb.service.d/socket-selinux-workaround.conf<br> ` systemctl daemon-reload`<br> Deploy /etc/logrotate.d/mariadb` * `systemctl enable/disable mariadb.service` * `systemctl {{ mariadb_server__state[:-2] }} mariadb.service` * `dnf -y install {{ mariadb_server__dump_mydumper_package }}` * Deploy /usr/local/bin/mariadb-dump * Deploy /etc/mariadb-dump.conf * Grant backup privileges on dbs.tables to {{ mariadb_server__dump_user[„username“] }}@localhost * Deploy /etc/systemd/system/mariadb-dump.service * Deploy /etc/systemd/system/mariadb-dump.timer * `systemctl enable mariadb-dump.timer --now`
`mariadb_server:database`	* Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * Create or delete mariadb databases
`mariadb_server:dump`	* Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * `dnf -y install {{ mariadb_server__dump_mydumper_package }}` * Deploy /usr/local/bin/mariadb-dump * Deploy /etc/mariadb-dump.conf * Grant backup privileges on dbs.tables to {{ mariadb_server__dump_user[„username“] }}@localhost * Deploy /etc/systemd/system/mariadb-dump.service * Deploy /etc/systemd/system/mariadb-dump.timer * `systemctl enable mariadb-dump.timer --now`
`mariadb_server:secure_installation`	* Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * Remove all „root“ users * Secure installation: Remove anonymous users * Secure installation: Remove test database * Secure installation: Remove test database (privileges) * Secure installation: Reload privilege tables
`mariadb_server:state`	* Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * `systemctl enable/disable mariadb.service` * `systemctl {{ mariadb_server__state[:-2] }} mariadb.service`
`mariadb_server:sys_schema`	* Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * Show databases * `wget https://github.com/FromDual/mariadb-sys/archive/refs/heads/master.tar.gz` * `mkdir /tmp/mariadb-sys-schema` * `tar xzvf /tmp/mariadb-sys-schema.tar.gz` * `mysql --user "{{ mariadb_server__admin_user["username"] }}" --password="..." < ./sys_10.sql` * `rm -rf /tmp/mariadb-sys-schema`
`mariadb_server:user`	* Get the list of installed packages * Get mariadb-server version * Load default values for {{ mariadb_server__installed_version }} * `mkdir /var/log/mariadb` * `touch /var/log/mariadb/mariadb.log; chown mysql:mysql /var/log/mariadb/mariadb.log` * Create DBA „{{ mariadb_server__admin_user[„username“] }}“ * Create, update or delete MariaDB users

Mandatory Role Variables

Variable	Description
`mariadb_server__admin_user`	The main user account for the database administrator. To create additional ones, use the `mariadb_server__users__` variables. Subkeys: `username`: Username * `password`: Password * `host`: Optional, list. Defaults to `["localhost", "127.0.0.1", "::1"]`. Host-part(s).

Example:

# mandatory
mariadb_server__admin_user:
  username: 'mariadb-admin'
  password: 'linuxfabrik'

Recommended Role Variables

Variable	Description	Default Value
`mariadb_server__dump_user`	User to whom backup privileges are granted to. Setting this user automatically enables daily MariaDB-Dumps. Subkeys: * `username`: Username * `password`: Password * `priv`: Optional, list. Defaults to `[".:event,lock tables,reload,select,show view,super,trigger"]`. User privileges. * `state`: Optional, string. Defaults to `'present'`. Possible Options: `'present'`, `'absent'`	unset

# recommended
mariadb_server__dump_user:
  username: 'mariadb-backup'
  password: 'linuxfabrik'
  state: 'present'

Optional Role Variables - Specific to this role

Variable	Description	Default Value
`mariadb_server__databases__host_var` / `mariadb_server__databases__group_var`	List of dictionaries of databases to create. Subkeys: * `name`: Mandatory, string. Name of the databse schema. * `collation`: DB collation * `encoding`: DB encoding * `state`: `present` or `absent` For the usage in `host_vars` / `group_vars` (can only be used in one group at a time).	`[]`
`mariadb_server__dump_directory`	Dump output directory name.	`'/backup/mariadb-dump'`
`mariadb_server__dump_mydumper_package`	Name of the „mydumper“ package. Also takes an URL to GitHub if no repo server is available, see the example below.	`'mydumper'`
`mariadb_server__dump_on_calendar`	The `OnCalendar` definition for the systemd timer. Have a look at `man systemd.time(7)` for the format.	`'--* 21:{{ 59 \| random(start=0, seed=inventory_hostname) }}:00'`
`mariadb_server__dump_threads`	The number of threads to use for dumping data.	`4`
`mariadb_server__enabled`	Enables or disables the Systemd unit.	`true`
`mariadb_server__logrotate`	Number. Log files are rotated `count` days before being removed or mailed to the address specified in a `logrotate` mail directive. If count is `0`, old versions are removed rather than rotated. If count is `-1`, old logs are not removed at all (use with caution, may waste performance and disk space).	`{{ logrotate__rotate \| d(14) }}`
`mariadb_server__skip_sys_schema`	Skip the deployment of the MariaDB sys schema (a collection of views, functions and procedures to help MariaDB administrators get insight in to MariaDB Database usage). If a `sys` schema exists, it will never be overwritten.	`false`
`mariadb_server__state`	Controls the Systemd service. One of * `started` * `stopped` * `reloaded`	`'started'`
`mariadb_server__users__host_var` / `mariadb_server__users__group_var`	List of dictionaries of users to create (this is NOT used for the first DBA user - here, use `mariadb_server__admin_user`). Subkeys: * `username`: Mandatory, String. Username. * `host`: Mandatory, String. Host. * `password` * `priv` * `state` For the usage in `host_vars` / `group_vars` (can only be used in one group at a time). For the usage in `host_vars` / `group_vars` (can only be used in one group at a time).	`[]`

# optional - role variables
mariadb_server__databases__host_var:
  - name: 'mydb'
    collation: 'utf8mb4_unicode_ci'
    encoding: 'utf8mb4'
    state: 'present'
mariadb_server__dump_directory: '/backup/mariadb-dump'
mariadb_server__dump_mydumper_package: 'https://github.com/mydumper/mydumper/releases/download/v0.12.6-1/mydumper-0.12.6-1.el8.x86_64.rpm'
mariadb_server__dump_on_calendar: '*-*-* 21:{{ 59 | random(start=0, seed=inventory_hostname) }}:00'
mariadb_server__dump_threads: 4
mariadb_server__enabled: true
mariadb_server__logrotate: 7
mariadb_server__skip_sys_schema: false
mariadb_server__state: 'started'
mariadb_server__users__host_var:
  - username: 'user1'
    host: 'localhost'
    password: 'linuxfabrik'
    priv:
      - '{{ icingaweb2_db }}.*:SELECT,INSERT,UPDATE,DELETE,DROP,CREATE VIEW,INDEX,EXECUTE'
      - 'wiki.*:ALL'
    state: 'present'
  - username: 'mariadb-dump'
    host: '127.0.0.1'
    password: 'linuxfabrik'
    priv:
      - '*.*:event,lock tables,reload,select,show view,super,trigger'
    state: 'present'

Optional Role Variables - `mariadb_server__cnf_*` Config Directives

Variables for z00-linuxfabrik.cnf directives and their default values, defined and supported by this role.

Role Variable	Documentation	Default Value (v10.6)
`mariadb_server__cnf_bulk_insert_buffer_size__group_var` / `mariadb_server__cnf_bulk_insert_buffer_size__host_var`	mariadb.com	`28800`
`mariadb_server__cnf_character_set_server__group_var` / `mariadb_server__cnf_character_set_server__host_var`	mariadb.com	`'utf8mb4'`
`mariadb_server__cnf_collation_server__group_var` / `mariadb_server__cnf_collation_server__host_var`	mariadb.com	`'utf8mb4_unicode_ci'`
`mariadb_server__cnf_expire_logs_days__group_var` / `mariadb_server__cnf_expire_logs_days__host_var`	mariadb.com	`0.000000`
`mariadb_server__cnf_innodb_buffer_pool_size__group_var` / `mariadb_server__cnf_innodb_buffer_pool_size__host_var`	mariadb.com	`'128M'`
`mariadb_server__cnf_innodb_file_per_table__group_var` / `mariadb_server__cnf_innodb_file_per_table__host_var`	mariadb.com	`'ON'`
`mariadb_server__cnf_innodb_flush_log_at_trx_commit__group_var` / `mariadb_server__cnf_innodb_flush_log_at_trx_commit__host_var`	mariadb.com	`1`
`mariadb_server__cnf_innodb_io_capacity__group_var` / `mariadb_server__cnf_innodb_io_capacity__host_var`	mariadb.com	`200`
`mariadb_server__cnf_innodb_log_file_size__group_var` / `mariadb_server__cnf_innodb_log_file_size__host_var`	mariadb.com	`'96M'`
`mariadb_server__cnf_interactive_timeout__group_var` / `mariadb_server__cnf_interactive_timeout__host_var`	mariadb.com	`28800`
`mariadb_server__cnf_join_buffer_size__group_var` / `mariadb_server__cnf_join_buffer_size__host_var`	mariadb.com	`'256K'`
`mariadb_server__cnf_log_error__group_var` / `mariadb_server__cnf_log_error__host_var`	mariadb.com	`'/var/log/mariadb/mariadb.log'`
`mariadb_server__cnf_lower_case_table_names__group_var` / `mariadb_server__cnf_lower_case_table_names__host_var`	mariadb.com	`0`
`mariadb_server__cnf_max_allowed_packet__group_var` / `mariadb_server__cnf_max_allowed_packet__host_var`	mariadb.com	`'16M'`
`mariadb_server__cnf_max_connections__group_var` / `mariadb_server__cnf_max_connections__host_var`	mariadb.com	`64`
`mariadb_server__cnf_max_heap_table_size__group_var` / `mariadb_server__cnf_max_heap_table_size__host_var`	mariadb.com	`'16M'`
`mariadb_server__cnf_performance_schema__group_var` / `mariadb_server__cnf_performance_schema__host_var`	mariadb.com	`'ON'`
`mariadb_server__cnf_query_cache_limit__group_var` / `mariadb_server__cnf_query_cache_limit__host_var`	mariadb.com	`'1M'`
`mariadb_server__cnf_query_cache_size__group_var` / `mariadb_server__cnf_query_cache_size__host_var`	mariadb.com	`0`
`mariadb_server__cnf_query_cache_type__group_var` / `mariadb_server__cnf_query_cache_type__host_var`	mariadb.com	`'OFF'`
`mariadb_server__cnf_skip_name_resolve__group_var` / `mariadb_server__cnf_skip_name_resolve__host_var`	mariadb.com	`'ON'`
`mariadb_server__cnf_slow_query_log__group_var` / `mariadb_server__cnf_slow_query_log__host_var`	mariadb.com	`0`
`mariadb_server__cnf_slow_query_log_file__group_var` / `mariadb_server__cnf_slow_query_log_file__host_var`	mariadb.com	`'/var/log/mariadb/mariadb-slowquery.log'`
`mariadb_server__cnf_sql_mode__group_var` / `mariadb_server__cnf_sql_mode__host_var`	mariadb.com	`'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'`
`mariadb_server__cnf_table_definition_cache__group_var` / `mariadb_server__cnf_table_definition_cache__host_var`	mariadb.com	400
`mariadb_server__cnf_tmp_table_size__group_var` / `mariadb_server__cnf_tmp_table_size__host_var`	mariadb.com	`'16M'`
`mariadb_server__cnf_wait_timeout__group_var` / `mariadb_server__cnf_wait_timeout__host_var`	mariadb.com	`28800`

Example:

# optional - cnf directives
mariadb_server__cnf_bulk_insert_buffer_size__host_var: 8388608
mariadb_server__cnf_character_set_server__host_var: 'utf8mb4'
mariadb_server__cnf_collation_server__host_var: 'utf8mb4_unicode_ci'
mariadb_server__cnf_expire_logs_days__host_var: 0.000000
mariadb_server__cnf_innodb_buffer_pool_size__host_var: '128M'
mariadb_server__cnf_innodb_file_per_table__host_var: 'ON'
mariadb_server__cnf_innodb_flush_log_at_trx_commit__host_var: 1
mariadb_server__cnf_innodb_io_capacity__host_var: 200
mariadb_server__cnf_innodb_log_file_size__host_var: '96M'
mariadb_server__cnf_interactive_timeout__host_var: 28800
mariadb_server__cnf_join_buffer_size__host_var: '256K'
mariadb_server__cnf_log_error__host_var: '/var/log/mariadb/mariadb.log'
mariadb_server__cnf_lower_case_table_names__host_var: 0
mariadb_server__cnf_max_allowed_packet__host_var: '16M'
mariadb_server__cnf_max_connections__host_var: 64
mariadb_server__cnf_max_heap_table_size__host_var: '16M'
mariadb_server__cnf_performance_schema__host_var: 'ON'
mariadb_server__cnf_query_cache_limit__host_var: '1M'
mariadb_server__cnf_query_cache_size__host_var: 0
mariadb_server__cnf_query_cache_type__host_var: 'OFF'
mariadb_server__cnf_skip_name_resolve__host_var: 'ON'
mariadb_server__cnf_slow_query_log__host_var: 0
mariadb_server__cnf_slow_query_log_file__host_var: '/var/log/mariadb/mariadb-slowquery.log'
mariadb_server__cnf_sql_mode__host_var: 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
mariadb_server__cnf_table_definition_cache__host_var: 400
mariadb_server__cnf_tmp_table_size__host_var: '16M'
mariadb_server__cnf_wait_timeout__host_var: 28800

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich