debops.mariadb default variables
Sections
MariaDB server configuration
- mariadb__server
FQDN hostname of the MariaDB server. If a local MariaDB server is detected, it will override this variable automatically. Only one server at a time is currently supported per host.
mariadb__server: ''
- mariadb__port
Port number on which to connect to the server. You usually don't need to change this.
mariadb__port: '3306'
- mariadb__client
When the database server is used remotely, this variable defines the "host"
part of the client username. If a local MariaDB server is detected, this
variable will be automatically changed to localhost
.
mariadb__client: '{{ ansible_fqdn }}'
- mariadb__delegate_to
When the MariaDB server is used remotely, Ansible needs to run tasks on the correct host. This variable controls the task delegation to the correct database server.
If the MariaDB server is run locally, this should point to the inventory name
of the current host, NOT localhost
because that would delegate the tasks
to the Ansible Controller.
mariadb__delegate_to: '{{ mariadb__server
if (mariadb__server | d() and
mariadb__server != "localhost")
else inventory_hostname }}'
MariaDB APT packages
- mariadb__flavor
Variable which defines what database engine to use:
mariadb
: default, use MariaDB engine from Debian repositorymariadb_upstream
: use MariaDB engine from upstream repositorymysql-5.6_galera-3
: use MySQL 5.6 engine with Galera from Codership repositorymysql-5.7_galera-3
: use MySQL 5.7 engine with Galera from Codership repositorypercona-8.0
: use Percona 8.0 from upstream repositorypercona-5.7
: use Percona 5.7 from upstream repository
The choice depends on availability of MariaDB packages in a distribution. Percona needs to be selected explicitly.
mariadb__flavor: '{{ ansible_local.mariadb.flavor | d("mariadb") }}'
- mariadb__apt_key
String or list of GPG keys which should be added to the APT key database to authenticate the external repositories. If this value is set to False no extra APT key will be added.
mariadb__apt_key: '{{ mariadb__apt_key_map[mariadb__flavor] | d() }}'
- mariadb__apt_key_map
A YAML dictionary map which keeps GPG key ids for APT repository keys of different MariaDB/MySQL/Percona APT repositories. These GPG keys will be downloaded if any of the listed flavors is selected.
mariadb__apt_key_map:
'mariadb': []
'mariadb_upstream':
- id: '199369E5404BD5FC7D2FE43BCBCB082A1BB943DB'
- id: '177F4010FE56CA3336300305F1656F24C74CD1D8'
- repo: 'deb {{ mariadb__upstream_mirror }} {{ ansible_distribution_release }} main'
'mysql-5.6_galera-3':
- id: '44B7345738EBDE52594DAD80D669017EBC19DDBA'
- repo: 'deb http://releases.galeracluster.com/mysql-wsrep-5.6/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
- repo: 'deb http://releases.galeracluster.com/galera-3/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
'mysql-5.7_galera-3':
- id: '44B7345738EBDE52594DAD80D669017EBC19DDBA'
- repo: 'deb http://releases.galeracluster.com/mysql-wsrep-5.7/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
- repo: 'deb http://releases.galeracluster.com/galera-3/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
'percona-8.0':
- id: '4D1BB29D63D98E422B2113B19334A25F8507EFA5'
- repo: 'deb http://repo.percona.com/ps-80/apt {{ ansible_distribution_release }} main'
- repo: 'deb http://repo.percona.com/tools/apt {{ ansible_distribution_release }} main'
'percona-5.7':
- id: '4D1BB29D63D98E422B2113B19334A25F8507EFA5'
- repo: 'deb http://repo.percona.com/ps-57/apt {{ ansible_distribution_release }} main'
- repo: 'deb http://repo.percona.com/tools/apt {{ ansible_distribution_release }} main'
- mariadb__upstream_version
Version of the MariaDB upstream.
mariadb__upstream_version: '10.1'
- mariadb__upstream_mirror
URL of the MariaDB upstream mirror.
mariadb__upstream_mirror: 'http://nyc2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb__upstream_version }}/{{ ansible_distribution | lower }}'
- mariadb__base_packages
List of APT packages that should be installed with any database engine selected.
mariadb__base_packages: []
- mariadb__packages
List of additional packages to install with the database client.
mariadb__packages: []
- mariadb__packages_map
Dictionary with list of packages that will be installed with a particular database engine.
mariadb__packages_map:
'mariadb': [ 'mariadb-client' ]
'mariadb_upstream': [ 'mariadb-client' ]
'mysql-5.6_galera-3': [ 'mysql-wsrep-client-5.6' ]
'mysql-5.7_galera-3': [ 'mysql-wsrep-client-5.7' ]
'percona-8.0': [ 'percona-server-client' ]
'percona-5.7': [ 'percona-server-client-5.7' ]
MariaDB client system-wide configuration
The MariaDB/MySQL client configuration is managed in
/etc/mysql/conf.d/client.cnf
configuration file, generated by an Ansible
template. Check mariadb__options for more details about the
syntax used to configure the server.
- mariadb__client_charset_options
Configuration options related to charset and string encoding on the client.
mariadb__client_charset_options:
'default_character_set': 'utf8mb4'
- mariadb__client_remote_host_options
These options will be enabled only if local MariaDB/MySQL server is not detected. The configuration will detect the presence of an SSL tunnel and configure the server connection details accordingly.
mariadb__client_remote_host_options:
- name: 'remote-host-options'
state: '{{ "present"
if (not mariadb__register_version.stdout | d(False))
else "absent" }}'
options:
- name: 'remote-host-not-tunnel'
state: '{{ "present"
if (mariadb__register_tunnel.rc | d() != 0)
else "absent" }}'
options:
'host': '{{ mariadb__server }}'
'port': '{{ mariadb__port }}'
- name: 'remote-host-tunnel'
state: '{{ "present"
if (mariadb__register_tunnel.rc | d() == 0)
else "absent" }}'
options:
'host': '127.0.0.1'
'port': '{{ mariadb__port }}'
- name: 'pki-options'
comment: 'Support for SSL connections'
state: '{{ "present" if mariadb__pki | bool else "absent" }}'
options:
'ssl':
'ssl_ca': '{{ mariadb__pki_path + "/" + mariadb__pki_realm + "/" + mariadb__pki_ca }}'
'ssl_cert': '{{ mariadb__pki_path + "/" + mariadb__pki_realm + "/" + mariadb__pki_crt }}'
'ssl_key': '{{ mariadb__pki_path + "/" + mariadb__pki_realm + "/" + mariadb__pki_key }}'
'ssl_cipher': '{{ mariadb__pki_cipher }}'
- mariadb__client_options
Configuration options set in /etc/mysql/conf.d/client.cnf
file. This is
a "master variable" for the rest of the configuration variables.
mariadb__client_options:
- section: 'client'
options:
- '{{ mariadb__client_charset_options }}'
- '{{ mariadb__client_remote_host_options }}'
- '{{ mariadb__options }}'
- mariadb__options
Dictionary or list with custom MariaDB client options.
mariadb__options: {}
- mariadb__client_cnf_file
Absolute path for the client configuration file managed by the
debops.mariadb
Ansible role.
mariadb__client_cnf_file: '{{ "/etc/mysql/mariadb.conf.d/90-client.cnf"
if (mariadb__register_confd.stat.exists | bool)
else "/etc/mysql/conf.d/zz-client.cnf" }}'
SSL configuration
- mariadb__pki
Enable or disable support for SSL in MariaDB (using debops.pki).
mariadb__pki: '{{ (True
if (ansible_local.pki.enabled | d() and
mariadb__pki_realm in ansible_local.pki.known_realms)
else False) | bool }}'
- mariadb__pki_path
Base path for PKI directory.
mariadb__pki_path: '{{ ansible_local.pki.base_path | d("/etc/pki") }}'
- mariadb__pki_realm
Default PKI realm used by MariaDB (Debian MariaDB packages do not support chained certificates, see https://bugs.debian.org/630625).
mariadb__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'
- mariadb__pki_ca
Root CA certificate used by MariaDB, relative to mariadb__pki_realm
.
mariadb__pki_ca: 'CA.crt'
- mariadb__pki_crt
Host certificate used by MariaDB, relative to mariadb__pki_realm
.
mariadb__pki_crt: 'default.crt'
- mariadb__pki_key
Host private key used by MariaDB, relative to mariadb__pki_realm
.
mariadb__pki_key: 'default.key'
- mariadb__pki_cipher
Cipher suite used for encrypted connections.
mariadb__pki_cipher: 'DHE-RSA-AES256-SHA'
User account privileges
- mariadb__default_privileges
Should debops.mariadb
automatically grant all privileges to a database
named the same as the username for a given user account? This is equivalent
to:
GRANT ALL PRIVILEGES ON `<user>`.* TO `<user>`@`<host>`;
mariadb__default_privileges: True
- mariadb__default_privileges_aux
Should debops.mariadb
automatically grant all privileges to databases
with the same prefix as the username for a given user account? This is
equivalent to:
GRANT ALL PRIVILEGES ON `<user>\_%`.* TO `<user>`@`<host>`;
mariadb__default_privileges_aux: True
- mariadb__default_privileges_grant
Default privileges granted automatically. See Ansible mysql_user
module
for list and format of privileges.
mariadb__default_privileges_grant: 'ALL'
Databases, user accounts
- mariadb__password_length
Length of automatically generated user accounts, saved in the secret/
directory. See debops.secret role for more details about passwords.
mariadb__password_length: '48'
- mariadb__databases
List of databases configured on the MariaDB server. See mariadb__databases for more details.
mariadb__databases: []
- mariadb__dependent_databases
List of databases configured on the MariaDB server, defined by another Ansible role.
mariadb__dependent_databases: []
- mariadb__users
List of user accounts configured on the MariaDB server. See mariadb__users for more details.
mariadb__users: []
- mariadb__dependent_users
List of user accounts configured on the MariaDB server, defined by another Ansible role.
mariadb__dependent_users: []
Configuration variables for other Ansible roles
- mariadb__keyring__dependent_apt_keys
Configuration for the debops.keyring Ansible role.
mariadb__keyring__dependent_apt_keys:
- '{{ mariadb__apt_key }}'
- mariadb__python__dependent_packages3
Configuration for the debops.python Ansible role.
mariadb__python__dependent_packages3:
- 'python3-mysqldb'
- mariadb__python__dependent_packages2
Configuration for the debops.python Ansible role.
mariadb__python__dependent_packages2:
- 'python-mysqldb'