Ansible-MariaDB-Cluster/roles/mariadb_cluster/tasks/main.yml

---
# file: roles/mariadb_cluster/tasks/main.yml

- name: Create variable of other members IPs to be included into the cluster
  set_fact: nodelist={%for host in groups['mariadb_cluster']|difference([inventory_hostname])%}{{hostvars[host].ansible_host}}{% if not loop.last %},{% endif %}{% endfor %}

- name: Install prereq packages
  package:
    name:
      - mariadb-server-galera
      - mariadb-server
      - galera
    state: latest
  tags: packages

- name: Update galera config
  template:
    src: "galera.cnf.j2"
    dest: "/etc/my.cnf.d/z-galera.cnf"
  notify: Bootstrap Galera

- name: Certificates tasks
  include_tasks: certificates.yml
  when: mariadb_cluster_ssl == true

- name: Update ssl config
  template:
    src: "ssl.cnf.j2"
    dest: "/etc/my.cnf.d/z-ssl.cnf"
  when: mariadb_cluster_ssl == true

- name: Enable firewall rule for MySQL access
  firewalld:
    port: 3306/tcp
    permanent: yes
    immediate: yes
    state: enabled
  notify: Reload firewalld
  when: mariadb_cluster_access_ip == ""

- name: "Enable firewall rule for MySQL access to Access IP"
  firewalld:
    rich_rule: 'rule family="ipv4" source address="{{ item }}" port port="3306" protocol="tcp" accept'
    permanent: yes
    state: enabled
    immediate: yes
  notify: Reload firewalld
  loop: "{{ mariadb_cluster_access_ip }}"
  when: mariadb_cluster_access_ip != ""

- name: Setup access for other servers
  include_tasks: setup-server.yml
  loop: "{{ groups['mariadb_cluster']|difference([inventory_hostname]) }}"
  loop_control:
    extended: yes

- name: Place mariadb-fail script
  template:
    src: "mariadb-fail.j2"
    dest: "/usr/local/sbin/mariadb-fail"
    owner: root
    mode: 755

- name: Deploy mariadb-fail service
  template:
    src: mariadb-fail.service.j2
    dest: /etc/systemd/system/mariadb-fail.service
  notify: Daemon Reload

- name: Create directory for mariadb override
  file: 
    path: "/etc/systemd/system/mariadb.service.d"
    state: directory

- name: Deploy mariadb override
  template:
    src: mariadb-override.conf.j2
    dest: /etc/systemd/system/mariadb.service.d/override.conf
  notify: Daemon Reload

- name: Set selinux nis_enabled
  seboolean:
    name: nis_enabled
    state: true
    persistent: true

- name: Flush handlers
  meta: flush_handlers

- name: Start and enable mariadb
  service:
    name: mariadb
    state: started
    enabled: yes
Initial commit 2023-02-03 10:59:47 -07:00			`---`
			`# file: roles/mariadb_cluster/tasks/main.yml`

			`- name: Create variable of other members IPs to be included into the cluster`
			`set_fact: nodelist={%for host in groups['mariadb_cluster']\|difference([inventory_hostname])%}{{hostvars[host].ansible_host}}{% if not loop.last %},{% endif %}{% endfor %}`

			`- name: Install prereq packages`
			`package:`
			`name:`
			`- mariadb-server-galera`
			`- mariadb-server`
			`- galera`
			`state: latest`
Adding SSL Support 2024-08-01 14:43:13 -06:00			`tags: packages`
Initial commit 2023-02-03 10:59:47 -07:00
			`- name: Update galera config`
			`template:`
			`src: "galera.cnf.j2"`
Adding SSL Support 2024-08-01 14:43:13 -06:00			`dest: "/etc/my.cnf.d/z-galera.cnf"`
Initial commit 2023-02-03 10:59:47 -07:00			`notify: Bootstrap Galera`

Adding SSL Support 2024-08-01 14:43:13 -06:00			`- name: Certificates tasks`
			`include_tasks: certificates.yml`
			`when: mariadb_cluster_ssl == true`

			`- name: Update ssl config`
			`template:`
			`src: "ssl.cnf.j2"`
			`dest: "/etc/my.cnf.d/z-ssl.cnf"`
			`when: mariadb_cluster_ssl == true`

Initial commit 2023-02-03 10:59:47 -07:00			`- name: Enable firewall rule for MySQL access`
			`firewalld:`
			`port: 3306/tcp`
			`permanent: yes`
			`immediate: yes`
			`state: enabled`
			`notify: Reload firewalld`
			`when: mariadb_cluster_access_ip == ""`

			`- name: "Enable firewall rule for MySQL access to Access IP"`
			`firewalld:`
Adding SSL Support 2024-08-01 14:43:13 -06:00			`rich_rule: 'rule family="ipv4" source address="{{ item }}" port port="3306" protocol="tcp" accept'`
Initial commit 2023-02-03 10:59:47 -07:00			`permanent: yes`
			`state: enabled`
			`immediate: yes`
			`notify: Reload firewalld`
Adding SSL Support 2024-08-01 14:43:13 -06:00			`loop: "{{ mariadb_cluster_access_ip }}"`
Initial commit 2023-02-03 10:59:47 -07:00			`when: mariadb_cluster_access_ip != ""`

			`- name: Setup access for other servers`
			`include_tasks: setup-server.yml`
			`loop: "{{ groups['mariadb_cluster']\|difference([inventory_hostname]) }}"`
			`loop_control:`
			`extended: yes`

			`- name: Place mariadb-fail script`
			`template:`
			`src: "mariadb-fail.j2"`
			`dest: "/usr/local/sbin/mariadb-fail"`
			`owner: root`
			`mode: 755`

			`- name: Deploy mariadb-fail service`
			`template:`
			`src: mariadb-fail.service.j2`
			`dest: /etc/systemd/system/mariadb-fail.service`
			`notify: Daemon Reload`

			`- name: Create directory for mariadb override`
			`file:`
			`path: "/etc/systemd/system/mariadb.service.d"`
			`state: directory`

			`- name: Deploy mariadb override`
			`template:`
			`src: mariadb-override.conf.j2`
			`dest: /etc/systemd/system/mariadb.service.d/override.conf`
			`notify: Daemon Reload`

Adding SSL Support 2024-08-01 14:43:13 -06:00			`- name: Set selinux nis_enabled`
			`seboolean:`
			`name: nis_enabled`
			`state: true`
			`persistent: true`

Initial commit 2023-02-03 10:59:47 -07:00			`- name: Flush handlers`
			`meta: flush_handlers`

			`- name: Start and enable mariadb`
			`service:`
			`name: mariadb`
			`state: started`
			`enabled: yes`