debops.mariadb_server default variables
Sections
MariaDB Server APT packages
- mariadb_server__flavor
Variable which defines what database engine to use:
mariadb
: default, use MariaDB engine from Debian repositorymariadb_upstream
: use MariaDB engine from upstream repositorymysql-5.6_galera-3
: use MySQL 5.6 engine with Galera from Codership repositorymysql-5.7_galera-3
: use MySQL 5.7 engine with Galera from Codership repositorypercona-8.0
: use Percona 8.0 from its upstream repository, it includes XtraDB and optionally TokuDB and MyRocks enginespercona-5.7
: use Percona 5.7 from its upstream repository, it includes XtraDB and optionally TokuDB and MyRocks engines
Percona needs to be selected explicitly.
mariadb_server__flavor: '{{ ansible_local.mariadb.flavor | d("mariadb") }}'
- mariadb_server__apt_key
String or list of GPG keys which should be added to the APT key database to authenticate the external repositories.
mariadb_server__apt_key: '{{ mariadb_server__apt_key_map[mariadb_server__flavor] | d() }}'
- mariadb_server__apt_key_map
A YAML dictionary map which keeps GPG key ids for APT repository keys of different MariaDB/MySQL/Percona APT repositories. These GPG keys will be downloaded if any of the listed flavors is selected.
mariadb_server__apt_key_map:
'mariadb': []
'mariadb_upstream':
- id: '199369E5404BD5FC7D2FE43BCBCB082A1BB943DB'
- id: '177F4010FE56CA3336300305F1656F24C74CD1D8'
- repo: 'deb {{ mariadb_server__upstream_mirror }} {{ ansible_distribution_release }} main'
'mysql-5.6_galera-3':
- id: '44B7345738EBDE52594DAD80D669017EBC19DDBA'
- repo: 'deb http://releases.galeracluster.com/mysql-wsrep-5.6/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
- repo: 'deb http://releases.galeracluster.com/galera-3/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
'mysql-5.7_galera-3':
- id: '44B7345738EBDE52594DAD80D669017EBC19DDBA'
- repo: 'deb http://releases.galeracluster.com/mysql-wsrep-5.7/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
- repo: 'deb http://releases.galeracluster.com/galera-3/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
'percona-8.0':
- id: '4D1BB29D63D98E422B2113B19334A25F8507EFA5'
- repo: 'deb http://repo.percona.com/tools/apt {{ ansible_distribution_release }} main'
- repo: 'deb http://repo.percona.com/ps-80/apt {{ ansible_distribution_release }} main'
'percona-5.7':
- id: '4D1BB29D63D98E422B2113B19334A25F8507EFA5'
- repo: 'deb http://repo.percona.com/tools/apt {{ ansible_distribution_release }} main'
- repo: 'deb http://repo.percona.com/ps-57/apt {{ ansible_distribution_release }} main'
- mariadb_server__upstream_version
Version of the MariaDB upstream.
mariadb_server__upstream_version: '10.1'
- mariadb_server__upstream_mirror
URL of the MariaDB upstream mirror.
mariadb_server__upstream_mirror: 'http://nyc2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_server__upstream_version }}/{{ ansible_distribution | lower }}'
- mariadb_server__base_packages
List of APT packages that should be installed with any database engine selected.
mariadb_server__base_packages: [ 'ssl-cert' ]
- mariadb_server__packages
List of additional packages to install with the database server.
mariadb_server__packages: []
- mariadb_server__packages_map
Dictionary with list of packages that will be installed with a particular database engine.
mariadb_server__packages_map:
'mariadb': [ 'mariadb-server' ]
'mariadb_upstream': [ 'mariadb-server' ]
'mysql': [ 'mysql-server' ]
'mysql-5.6_galera-3': [ 'mysql-wsrep-server-5.6', 'galera-3', 'galera-arbitrator-3' ]
'mysql-5.7_galera-3': [ 'mysql-wsrep-server-5.7', 'galera-3', 'galera-arbitrator-3' ]
'percona-8.0': [ 'percona-server-server' ]
'percona-5.7': [ 'percona-server-server-5.7' ]
Network configuration
- mariadb_server__bind_address
IP address on which MariaDB server listens on for new connections. To allow
connections from remote hosts, you need to change this to 0.0.0.0
for IPv4
only connections, or ::
for IPv4 and IPv6 connections.
When bind address is changed, you need to restart the mysqld daemon to rebind it to new network interfaces, it won't be restarted automatically by Ansible.
mariadb_server__bind_address: 'localhost'
- mariadb_server__port
Port number on which this MariaDB server listens on.
mariadb_server__port: '3306'
- mariadb_server__allow
List of IP addresses or CIDR subnets which will be allowed to connect to the MariaDB server in ip(6)tables and TCP wrappers. If it's empty, remote connections are not allowed.
mariadb_server__allow: []
- mariadb_server__max_connections
Maximum number of allowed connections.
mariadb_server__max_connections: '100'
- mariadb_server__default_datadir
Default directory to store data
mariadb_server__default_datadir: '/var/lib/mysql'
- mariadb_server__datadir
Directory to store data
mariadb_server__datadir: '{{ mariadb_server__default_datadir }}'
- mariadb_server__delegate_to
Hostname of the server to which Ansible roles will delegate tasks. It should point to "this server", using a FQDN hostname known to Ansible.
mariadb_server__delegate_to: '{{ inventory_hostname }}'
Server configuration options
The MariaDB/MySQL server configuration is managed in
/etc/mysql/conf.d/mysqld.cnf
configuration file, generated by an Ansible
template. Check mariadb_server__options for more details about the
syntax used to configure the server.
- mariadb_server__mysqld_performance_options
Configuration options related to database performance and resource utilization.
mariadb_server__mysqld_performance_options:
'innodb_buffer_pool_instances': '{{ ansible_processor_vcpus | d(1) }}'
'innodb_buffer_pool_size': '{{ (ansible_memtotal_mb / 2) | int }}M'
'query_cache_type': '0'
- mariadb_server__local_infile
Enable or disable LOCAL capability for LOAD DATA INFILE.
mariadb_server__local_infile: False
- mariadb_server__mysqld_security_options
Configuration options related to the server security.
mariadb_server__mysqld_security_options:
'local_infile': '{{ "1" if mariadb_server__local_infile | bool else "0" }}'
- mariadb_server__mysqld_charset_options
Configuration options related to charset and string encoding on the server.
mariadb_server__mysqld_charset_options:
'character_set_server': 'utf8mb4'
'collation_server': 'utf8mb4_general_ci'
'init_connect': 'SET NAMES utf8mb4'
- mariadb_server__mysqld_network_options
Configuration options related to network access and network connections.
mariadb_server__mysqld_network_options:
'bind_address': '{{ mariadb_server__bind_address }}'
'port': '{{ mariadb_server__port }}'
'max_connections': '{{ mariadb_server__max_connections }}'
- mariadb_server__mysqld_pki_options
Configuration of SSL support in mysqld, managed by debops.pki role.
mariadb_server__mysqld_pki_options:
name: 'pki-options'
comment: 'Support for SSL connections'
state: '{{ "present" if mariadb_server__pki | bool else "absent" }}'
options:
'ssl':
'ssl_ca': '{{ mariadb_server__pki_path + "/" + mariadb_server__pki_realm + "/" + mariadb_server__pki_ca }}'
'ssl_cert': '{{ mariadb_server__pki_path + "/" + mariadb_server__pki_realm + "/" + mariadb_server__pki_crt }}'
'ssl_key': '{{ mariadb_server__pki_path + "/" + mariadb_server__pki_realm + "/" + mariadb_server__pki_key }}'
'ssl_cipher': '{{ mariadb_server__pki_cipher }}'
- mariadb_server__mysqld_cluster_options
Configuration options for mysqld required to operate in a MariaDB/MySQL cluster.
mariadb_server__mysqld_cluster_options:
name: 'cluster-options'
comment: 'Required for cluster operation'
state: '{{ "present" if mariadb_server__flavor in ["mysql-5.6_galera-3", "percona", "percona-5.7"] else "absent" }}'
options:
'binlog_format': 'ROW'
'default_storage_engine': 'InnoDB'
'innodb_autoinc_lock_mode': '2'
- mariadb_server__mysqld_directory_options
Configuration options related to directory (e.g. datadir)
mariadb_server__mysqld_directory_options:
'datadir': '{{ mariadb_server__datadir }}'
- mariadb_server__mysqld_options
Configuration options set in /etc/mysql/conf.d/mysqld.cnf
file. This is
a "master variable" for the rest of the configuration variables.
mariadb_server__mysqld_options:
- section: 'mysqld'
options:
- '{{ mariadb_server__mysqld_performance_options }}'
- '{{ mariadb_server__mysqld_charset_options }}'
- '{{ mariadb_server__mysqld_security_options }}'
- '{{ mariadb_server__mysqld_network_options }}'
- '{{ mariadb_server__mysqld_pki_options }}'
- '{{ mariadb_server__mysqld_cluster_options }}'
- '{{ mariadb_server__mysqld_directory_options }}'
- '{{ mariadb_server__options }}'
- mariadb_server__client_options
Configuration set in /etc/mysql/conf.d/client.cnf
at the installation
time. Afterwards you should use the debops.mariadb role to manage it.
mariadb_server__client_options:
- section: 'client'
options:
'default_character_set': 'utf8mb4'
- mariadb_server__options
Dictionary or list with custom mysqld options.
mariadb_server__options: {}
- mariadb_server__client_cnf_file
Absolute path for the client configuration file managed by the
debops.mariadb_server
Ansible role.
mariadb_server__client_cnf_file: '{{ "/etc/mysql/mariadb.conf.d/90-client.cnf"
if (mariadb_server__register_confd.stat.exists | bool)
else "/etc/mysql/conf.d/zz-client.cnf" }}'
- mariadb_server__mysqld_cnf_file
Absolute path for the server configuration file managed by the
debops.mariadb_server
Ansible role.
mariadb_server__mysqld_cnf_file: '{{ "/etc/mysql/mariadb.conf.d/90-mysqld.cnf"
if (mariadb_server__register_confd.stat.exists | bool)
else "/etc/mysql/conf.d/zz-mysqld.cnf" }}'
SSL configuration
- mariadb_server__append_groups
List of additional system groups to append to the MariaDB system user.
ssl-cert
group is required for access to certificate private keys.
mariadb_server__append_groups: [ 'ssl-cert' ]
- mariadb_server__pki
Enable or disable support for SSL in MariaDB (using debops.pki).
mariadb_server__pki: '{{ (True
if (ansible_local.pki.enabled | d() and
mariadb_server__pki_realm in ansible_local.pki.known_realms)
else False) | bool }}'
- mariadb_server__pki_path
Base path for PKI directory.
mariadb_server__pki_path: '{{ ansible_local.pki.base_path | d("/etc/pki") }}'
- mariadb_server__pki_realm
Default PKI realm used by MariaDB server.
mariadb_server__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'
- mariadb_server__pki_ca
Root CA certificate used by MariaDB, relative to mariadb_server__pki_realm
.
mariadb_server__pki_ca: 'CA.crt'
- mariadb_server__pki_crt
Host certificate used by MariaDB, relative to mariadb_server__pki_realm
.
mariadb_server__pki_crt: 'default.crt'
- mariadb_server__pki_key
Host private key used by MariaDB, relative to mariadb_server__pki_realm
.
mariadb_server__pki_key: 'default.key'
- mariadb_server__pki_cipher
Cipher suite used for encrypted connections.
mariadb_server__pki_cipher: 'DHE-RSA-AES256-SHA'
AutoMySQLBackup configuration
- mariadb_server__backup
Enable or disable support for daily, weekly and monthly snapshots of the database using automysqlbackup.
mariadb_server__backup: True
- mariadb_server__backup_mailaddr
Mail address to send messages to (account or alias name will be properly routed by the Postfix SMTP server).
mariadb_server__backup_mailaddr: 'backup'
- mariadb_server__backup_create_database
If the backup should contain a CREATE DATABASE statement or not.
mariadb_server__backup_create_database: True
- mariadb_server__backup_exclude_databases
List of database names to exclude (you can use regular expressions) Example: ['^.*_cache$']
mariadb_server__backup_exclude_databases: []
- mariadb_server__backup_doweekly
Specify the day of the week to create weekly backups (1 - Monday, 7 - Sunday).
mariadb_server__backup_doweekly: '6'
- mariadb_server__backup_latest
Don't keep copies of most recent backups by default.
mariadb_server__backup_latest: 'no'
- mariadb_server__backup_directory
Base directory where automysqlbackup stores the database backups. The directory will be created automatically by automysqlbackup, if it does not exist.
mariadb_server__backup_directory: '/var/lib/automysqlbackup'
- mariadb_server__backup_max_allowed_packet
Max allowed packet for backup.
mariadb_server__backup_max_allowed_packet: ''
Configuration for other Ansible roles
- mariadb_server__keyring__dependent_apt_keys
Configuration for the debops.keyring Ansible role.
mariadb_server__keyring__dependent_apt_keys:
- '{{ mariadb_server__apt_key }}'
- mariadb_server__etc_services__dependent_rules
Configuration for debops.etc_services Ansible role.
mariadb_server__etc_services__dependent_rules:
- name: 'galera-cluster-rep'
port: '4567'
protocols: [ 'tcp', 'udp' ]
comment: 'Galera Cluster Replication'
- name: 'galera-ist'
port: '4568'
protocols: [ 'tcp' ]
comment: 'Galera Incremental State Transfer'
- name: 'galera-sst'
port: '4444'
protocols: [ 'tcp' ]
comment: 'Galera State Snapshot Transfer'
- mariadb_server__ferm__dependent_rules
Configuration for debops.ferm Ansible role.
mariadb_server__ferm__dependent_rules:
- type: 'accept'
dport: [ 'mysql' ]
saddr: '{{ mariadb_server__allow }}'
accept_any: False
weight: '50'
role: 'mariadb_server'
- mariadb_server__tcpwrappers__dependent_allow
Configuration for debops.tcpwrappers Ansible role.
mariadb_server__tcpwrappers__dependent_allow:
- daemon: 'mysqld'
client: '{{ mariadb_server__allow }}'
accept_any: False
weight: '50'
filename: 'mariadb_server_allow'
comment: 'Allow remote connections to MariaDB / MySQL server'
- mariadb_server__python__dependent_packages3
Configuration for the debops.python Ansible role.
mariadb_server__python__dependent_packages3:
- 'python3-mysqldb'
- mariadb_server__python__dependent_packages2
Configuration for the debops.python Ansible role.
mariadb_server__python__dependent_packages2:
- 'python-mysqldb'