Updates to many roles, including main user role to allow setting an alternate home directory

db/mysql-percona/README.md

@@ -0,0 +1,26 @@
+This is the new role for MySQL percona.
+
+Do not use the deprecated mysql-percona-5.7 for new installations.
+
+This role is more advanced with tons of customizable variables.
+
+Example usage:
+
+- role: mysql-percona
+    vars:
+    mysql_version_major: 8
+    mysql_version_minor: 0
+    mysql_datadir: "/opt/mysql"
+    mysql_default_authentication_plugin: "mysql_native_password"
+    mysql_innodb_buffer_pool_size: "3G"
+    mysql_users:
+        - name: mreschke
+          pass: 'passhere'
+          host: '%'
+        - name: squaethem
+        - name: tableau
+
+See `defaults` for all variables.  See `tasks/users.yml` for all user options
+
+
+~mReschke 2022-03-09

db/mysql-percona/defaults/main.yml

@@ -0,0 +1,56 @@
+---
+
+# Version to install, defaulting to 5.6
+mysql_version_major: "8"
+mysql_version_minor: "0"
+mysql_version: "{{ mysql_version_major|int }}.{{ mysql_version_minor|int }}"
+
+# Basic settings
+mysql_root_password: "techie"
+mysql_port: "3306"
+mysql_bind_address: "127.0.0.1"
+mysql_language: "/usr/share/mysql/"
+mysql_datadir: "/var/lib/mysql"
+mysql_tempdir: "/tmp"
+
+# Fine tuning
+mysql_key_buffer: "16M"
+mysql_max_allowed_packet: "256M"
+mysql_thread_stack: "192K"
+mysql_cache_size: "8"
+mysql_myisam_recover: "BACKUP"
+mysql_max_connections: "500"
+mysql_table_cache: "64"
+mysql_thread_concurrency: "10"
+mysql_query_cache_limit: "1M"
+mysql_query_cache_size: "16M"
+mysql_character_set_server: "utf8mb4"
+mysql_collation_server: "utf8mb4_0900_ai_ci"
+mysql_mysqldump_max_allowed_packet: "128M"
+mysql_isamchk_key_buffer: "16M"
+mysql_sort_buffer_size: "256K"
+
+# InnoDB tuning
+mysql_innodb_file_per_table: "1"
+mysql_innodb_flush_method: "fdatasync"
+mysql_innodb_buffer_pool_size: "1G"
+mysql_innodb_flush_log_at_trx_commit: "1"
+mysql_innodb_lock_wait_timeout: "50"
+mysql_innodb_log_buffer_size: "1M"
+mysql_innodb_log_file_size: "64M"
+
+mysql_character_set_client_handshake: "FALSE"
+
+mysql_timezone_info: "false"
+
+mysql_databases: []
+mysql_users: []
+
+install_rpm_repositories: "true"
+
+# To disable log_bin in percona >=8, enabled by default
+mysql_disable_log_bin: "true"
+
+# Default Auth Plugin
+# used in templates when Percona Server >= 5.7
+mysql_default_authentication_plugin: "mysql_native_password"

db/mysql-percona/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: "Restart percona"
+  service: "name=mysql state=restarted"

db/mysql-percona/tasks/check-settings.yml

@@ -0,0 +1,20 @@
+---
+
+- name: "Check if percona-server is installed"
+  shell: dpkg -l | grep -i percona-server-server
+  ignore_errors: yes
+  register: percona_server_is_installed
+
+- name: "Check for innodb_log_file_size setting (Ubuntu)"
+  shell: 
+    cmd: grep -E ^innodb_log_file_size /etc/mysql/my.cnf | awk -F= '{ print $2}' | sed 's/\s//g'
+    removes: "/etc/mysql/my.cnf"
+  register: configured_innodb_log_file_size
+
+- name: "Abort when innodb_log_file_size changes"
+  fail:
+    msg: "The existing MySQL server has innodb_log_file_size={{ configured_innodb_log_file_size.stdout }}, but your are trying to set it to {{ mysql_innodb_log_file_size }}. Please, change this value for the variable in either ansible or the server itself. See: https://dev.mysql.com/doc/refman/5.6/en/innodb-redo-log.html"
+  when:
+    - percona_server_is_installed.stdout|trim != ""
+    - not configured_innodb_log_file_size.stdout | regex_search('^skipped')
+    - configured_innodb_log_file_size.stdout != mysql_innodb_log_file_size

db/mysql-percona/tasks/configure.yml

@@ -0,0 +1,26 @@
+---
+
+- name: "Update the my.cnf"
+  template: "src=etc_mysql_my.cnf.j2 dest=/etc/mysql/my.cnf owner=root mode=0644"
+  register: "config_file"
+  notify:
+    - "Restart percona"
+
+- name: "Ensure that percona is running and enabled"
+  service:
+    name: "mysql"
+    state: "started"
+    enabled: "yes"
+  register: mysql_service
+
+# This service restart is needed when changing default mysql_datadir, mysql_native_password
+# and other settings. So better restart when the my.cnf file changes
+# Restart when my.cnf has changed and it has not been restarted by the above task
+- name: "Restart mysql to apply changes done in my.cnf file"
+  service:
+    name: "mysql"
+    state: "restarted"
+  when:
+    - config_file.changed
+    - mysql_service is defined
+    - not mysql_service.changed

db/mysql-percona/tasks/install.yml

@@ -0,0 +1,92 @@
+---
+# (do not put quotes on key id, for some reason it won't work)
+- name: "Obtaining percona public key"
+  apt_key:
+    keyserver: "keyserver.ubuntu.com"
+    id: 9334A25F8507EFA5
+
+- name: "Adding percona repository"
+  apt_repository:
+    repo: "deb http://repo.percona.com/apt {{ ansible_distribution_release }} main"
+    state: "present"
+
+- name: "Update apt cache"
+  apt:
+    update_cache: yes
+    cache_valid_time: 300
+
+- name: "Install percona-release package (Percona version >= 8)"
+  apt:
+    deb: "https://repo.percona.com/apt/percona-release_latest.{{ ansible_distribution_release }}_all.deb"
+  when: mysql_version_major|int >= 8
+
+# https://www.percona.com/doc/percona-server/LATEST/installation/apt_repo.html
+- name: "Enable Percona repository (Percona version >= 8)"
+  command: "percona-release setup ps{{ mysql_version_major }}{{ mysql_version_minor }}"
+  when: mysql_version_major|int >= 8
+
+- name: "Install python-is-python3 (Ubuntu >= Focal/20.04)"
+  apt:
+    name: "python-is-python3"
+  when:
+    - ansible_distribution_version is version_compare('20.04', '>=')
+
+- name: "Get the major version of python used to run ansible"
+  command: "{{ ansible_python_interpreter | default('/usr/bin/python') }} -c 'import sys; print(sys.version_info.major)'"
+  register: ansible_python_major
+  changed_when: false
+
+- debug:
+    msg: "ansible_python_interpreter major version: {{ ansible_python_major.stdout }}"
+
+- name: "Install package dependencies for ansible MySQL modules (python 2)"
+  apt:
+    name: "python-mysqldb"
+  when:
+    - ansible_python_major.stdout == "2"
+
+- name: "Install package dependencies for ansible MySQL modules (python 3)"
+  apt:
+    name: "python3-mysqldb"
+  when:
+    - ansible_python_major.stdout == "3"
+
+- name: "Install percona packages and dependencies on Ubuntu (Percona version < 8)"
+  apt:
+    name:
+      - "percona-server-server-{{ mysql_version_major }}.{{ mysql_version_minor }}"
+      - "percona-server-client-{{ mysql_version_major }}.{{ mysql_version_minor }}"
+      - "percona-toolkit"
+      - "percona-xtrabackup"
+    state: "present"
+  when: mysql_version_major|int < 8
+
+- name: "Install | configure debconf for version 8.0 (Use Legacy Authentication Method)"
+  debconf:
+    name: 'percona-server-server'
+    question: 'percona-server-server/default-auth-override'
+    value: 'Use Legacy Authentication Method (Retain MySQL 5.x Compatibility)'
+    vtype: select
+  changed_when: false
+  when:
+    - mysql_version_major|int >= 8
+    - mysql_default_authentication_plugin is defined
+    - mysql_default_authentication_plugin == "mysql_native_password"
+
+- name: "Install percona packages and dependencies on Ubuntu (Percona version >= 8)"
+  apt:
+    name:
+      - "percona-server-server={{ mysql_version_major }}.{{ mysql_version_minor }}*"
+      - "percona-server-client={{ mysql_version_major }}.{{ mysql_version_minor }}*"
+      - "percona-toolkit"
+      - "percona-xtrabackup-80"
+    state: "present"
+  when: mysql_version_major|int >= 8
+
+- name: "Adjust permissions of datadir"
+  file:
+    path: "{{ mysql_datadir }}"
+    owner: "mysql"
+    group: "mysql"
+    mode: 0700
+    state: "directory"

db/mysql-percona/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- include: check-settings.yml
+- include: install.yml
+- include: configure.yml
+- include: secure.yml
+- include: users.yml

db/mysql-percona/tasks/secure.yml

@@ -0,0 +1,35 @@
+---
+- name: "Copy .my.cnf file into the root home folder"
+  template:
+    src: root-my-cnf.j2
+    dest: /root/.my.cnf
+    owner: root
+    group: root
+    mode: 0600
+
+- name: "Set the root password"
+  mysql_user:
+    name: root
+    host: "{{ item }}"
+    password: "{{ mysql_root_password }}"
+    check_implicit_admin: yes
+    state: present
+  with_items:
+    - "{{ ansible_hostname }}"
+    - "127.0.0.1"
+    - "::1"
+    - "localhost"
+
+- name: "Ensure anonymous users are not in the database"
+  mysql_user:
+    name: ''
+    host: "{{ item }}"
+    state: absent
+  with_items:
+    - "{{ ansible_hostname }}"
+    - "localhost"
+
+- name: "Remove the test database"
+  mysql_db:
+    name: test
+    state: absent

db/mysql-percona/tasks/users.yml

@@ -0,0 +1,11 @@
+---
+
+- name: "Make sure the MySQL users are present"
+  mysql_user:
+    name: "{{ item.name }}"
+    password: "{{ item.pass | default('techie') }}"
+    priv: "{{ item.priv | default('*.*:ALL') }}"
+    state: "present"
+    host: "{{ item.host | default('%') }}"
+  with_items: "{{ mysql_users }}"
+  no_log: "true"

db/mysql-percona/templates/etc_mysql_my.cnf.j2

@@ -0,0 +1,129 @@
+#
+# The MySQL database server configuration file.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+[client]
+port        = {{ mysql_port }}
+socket      = /var/run/mysqld/mysqld.sock
+
+[mysqld_safe]
+socket      = /var/run/mysqld/mysqld.sock
+nice        = 0
+open-files-limit = 16384
+
+[mysqld]
+# * Basic Settings
+user        = mysql
+pid-file    = /var/run/mysqld/mysqld.pid
+socket      = /var/run/mysqld/mysqld.sock
+port        = {{ mysql_port }}
+basedir     = /usr
+datadir     = {{ mysql_datadir }}
+tmpdir      = {{ mysql_tempdir }}
+{% if  mysql_version is version('8.0', '>=') and mysql_disable_log_bin|bool %}
+disable_log_bin
+{% endif %}
+{% if  mysql_version is version('5.7', '<') %}
+# language is for pre-5.5. In 5.5 it is an alias for lc_messages_dir.
+language = {{ mysql_language }}
+{% else %}
+lc_messages_dir = {{ mysql_language }}
+{% endif %}
+bind-address = {{ mysql_bind_address }}
+skip-external-locking
+{% if mysql_sql_mode is defined %}
+sql_mode={{ mysql_sql_mode }}
+{% endif %}
+{% if mysql_default_authentication_plugin is defined and mysql_version is version('5.7', '>=') %}
+default_authentication_plugin={{ mysql_default_authentication_plugin }}
+{% endif %}
+
+# * Fine Tuning
+key_buffer_size         = {{ mysql_key_buffer }}
+max_allowed_packet      = {{ mysql_max_allowed_packet }}
+thread_stack            = {{ mysql_thread_stack }}
+thread_cache_size       = {{ mysql_cache_size }}
+{% if  mysql_version is version('5.7', '<') %}
+myisam-recover          = {{ mysql_myisam_recover }}
+{% else %}
+myisam-recover-options  = {{ mysql_myisam_recover }}
+{% endif %}
+max_connections         = {{ mysql_max_connections }}
+table_open_cache        = {{ mysql_table_cache }}
+{% if  mysql_version is version('5.7', '<') %}
+thread_concurrency      = {{ mysql_thread_concurrency }}
+{% endif %}
+sort_buffer_size        = {{ mysql_sort_buffer_size }}
+
+# ** Query Cache Configuration, removed in MySQL >= 8.0
+{% if mysql_version_major|int < 8 %}
+query_cache_limit       = {{ mysql_query_cache_limit }}
+query_cache_size        = {{ mysql_query_cache_size }}
+{% endif %}
+
+# ** Logging and Replication
+log_error = /var/log/mysql/error.log
+{% if mysql_version_major|int < 8 %}
+log_warnings = 2
+{% else %}
+log_error_verbosity = 2
+{% endif %}
+#general_log_file        = /var/log/mysql/mysql.log
+#general_log             = 1
+#
+#log_slow_queries   = /var/log/mysql/mysql-slow.log
+#long_query_time = 2
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+#server-id      = 1
+#log_bin            = /var/log/mysql/mysql-bin.log
+expire_logs_days    = 10
+max_binlog_size     = 100M
+#binlog_do_db       = include_database_name
+#binlog_ignore_db   = include_database_name
+
+# ** InnoDB
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }}
+innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }}
+{% if mysql_innodb_flush_method != 'fdatasync': %}
+innodb_flush_method = {{ mysql_innodb_flush_method }}
+{% endif %}
+innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }}
+innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }}
+innodb_log_file_size = {{ mysql_innodb_log_file_size }}
+innodb_file_per_table = {{ mysql_innodb_file_per_table }}
+
+{% if mysql_optimizer_switch is defined %}
+# Check https://bugs.mysql.com/bug.php?id=69721 for more info
+optimizer_switch = {{ mysql_optimizer_switch }}
+{% endif %}
+
+# ** Security Features
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+
+character_set_server = {{ mysql_character_set_server }}
+collation_server = {{ mysql_collation_server }}
+character-set-client-handshake = {{ mysql_character_set_client_handshake }}
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet  = {{ mysql_mysqldump_max_allowed_packet }}
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer      = {{ mysql_isamchk_key_buffer }}
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+!includedir /etc/mysql/conf.d/

db/mysql-percona/templates/root-my-cnf.j2

@@ -0,0 +1,3 @@
+[client]
+user=root
+password="{{ mysql_root_password }}"