debops.mariadb default variables¶
Sections
MariaDB server configuration¶
-
mariadb__server
¶
FQDN hostname of the MariaDB server. If a local MariaDB server is detected, it will override this variable automatically. Only one server at a time is currently supported per host.
mariadb__server: ''
-
mariadb__port
¶
Port number on which to connect to the server. You usually don't need to change this.
mariadb__port: '3306'
-
mariadb__client
¶
When the database server is used remotely, this variable defines the "host"
part of the client username. If a local MariaDB server is detected, this
variable will be automatically changed to localhost
.
mariadb__client: '{{ ansible_fqdn }}'
-
mariadb__delegate_to
¶
When the MariaDB server is used remotely, Ansible needs to run tasks on the correct host. This variable controls the task delegation to the correct database server.
If the MariaDB server is run locally, this should point to the inventory name
of the current host, NOT localhost
because that would delegate the tasks
to the Ansible Controller.
mariadb__delegate_to: '{{ mariadb__server
if (mariadb__server|d() and
mariadb__server != "localhost")
else inventory_hostname }}'
MariaDB APT packages¶
-
mariadb__flavor
¶
Variable which defines what database engine to use:
mariadb
: default, use MariaDB engine from Debian repositorymariadb_upstream
: use MariaDB engine from upstream repositorymysql
: use MySQL engine from Debian repositorymysql-5.6_galera-3
: use MySQL 5.6 engine with Galera from Codership repositorymysql-5.7_galera-3
: use MySQL 5.7 engine with Galera from Codership repositorypercona-8.0
: use Percona 8.0 from upstream repositorypercona-5.7
: use Percona 5.7 from upstream repository
The choice depends on availability of MariaDB packages in a distribution. Percona needs to be selected explicitly.
mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
-
mariadb__flavor_map
¶
List of Linux distributions where the default MariaDB packages are not available and MySQL should be used instead.
mariadb__flavor_map:
'wheezy': 'mysql'
'precise': 'mysql'
-
mariadb__apt_key
¶
String or list of GPG keys which should be added to the APT key database to authenticate the external repositories. If this value is set to False no extra APT key will be added.
mariadb__apt_key: '{{ mariadb__apt_key_map[mariadb__flavor] | d() }}'
-
mariadb__apt_key_map
¶
A YAML dictionary map which keeps GPG key ids for APT repository keys of different MariaDB/MySQL/Percona APT repositories. These GPG keys will be downloaded if any of the listed flavors is selected.
mariadb__apt_key_map:
'mariadb': []
'mariadb_upstream':
- id: '199369E5404BD5FC7D2FE43BCBCB082A1BB943DB'
- id: '177F4010FE56CA3336300305F1656F24C74CD1D8'
- repo: 'deb {{ mariadb__upstream_mirror }} {{ ansible_distribution_release }} main'
'mysql-5.6_galera-3':
- id: '44B7345738EBDE52594DAD80D669017EBC19DDBA'
- repo: 'deb http://releases.galeracluster.com/mysql-wsrep-5.6/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
- repo: 'deb http://releases.galeracluster.com/galera-3/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
'mysql-5.7_galera-3':
- id: '44B7345738EBDE52594DAD80D669017EBC19DDBA'
- repo: 'deb http://releases.galeracluster.com/mysql-wsrep-5.7/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
- repo: 'deb http://releases.galeracluster.com/galera-3/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main'
'percona-8.0':
- id: '4D1BB29D63D98E422B2113B19334A25F8507EFA5'
- repo: 'deb http://repo.percona.com/ps-80/apt {{ ansible_distribution_release }} main'
- repo: 'deb http://repo.percona.com/tools/apt {{ ansible_distribution_release }} main'
'percona-5.7':
- id: '4D1BB29D63D98E422B2113B19334A25F8507EFA5'
- repo: 'deb http://repo.percona.com/ps-57/apt {{ ansible_distribution_release }} main'
- repo: 'deb http://repo.percona.com/tools/apt {{ ansible_distribution_release }} main'
-
mariadb__upstream_version
¶
Version of the MariaDB upstream.
mariadb__upstream_version: '10.1'
-
mariadb__upstream_mirror
¶
URL of the MariaDB upstream mirror.
mariadb__upstream_mirror: 'http://nyc2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb__upstream_version }}/{{ ansible_distribution | lower }}'
-
mariadb__base_packages
¶
List of APT packages that should be installed with any database engine selected.
mariadb__base_packages: []
-
mariadb__packages
¶
List of additional packages to install with the database client.
mariadb__packages: []
-
mariadb__packages_map
¶
Dictionary with list of packages that will be installed with a particular database engine.
mariadb__packages_map:
'mariadb': [ 'mariadb-client' ]
'mariadb_upstream': [ 'mariadb-client' ]
'mysql': [ 'mysql-client' ]
'mysql-5.6_galera-3': [ 'mysql-wsrep-client-5.6' ]
'mysql-5.7_galera-3': [ 'mysql-wsrep-client-5.7' ]
'percona-8.0': [ 'percona-server-client' ]
'percona-5.7': [ 'percona-server-client-5.7' ]
MariaDB client system-wide configuration¶
The MariaDB/MySQL client configuration is managed in
/etc/mysql/conf.d/client.cnf
configuration file, generated by an Ansible
template. Check mariadb__options for more details about the
syntax used to configure the server.
-
mariadb__client_charset_options
¶
Configuration options related to charset and string encoding on the client.
mariadb__client_charset_options:
'default_character_set': 'utf8mb4'
-
mariadb__client_remote_host_options
¶
These options will be enabled only if local MariaDB/MySQL server is not detected. The configuration will detect the presence of an SSL tunnel and configure the server connection details accordingly.
mariadb__client_remote_host_options:
- name: 'remote-host-options'
state: '{{ "present"
if (not mariadb__register_version.stdout|d(False))
else "absent" }}'
options:
- name: 'remote-host-not-tunnel'
state: '{{ "present"
if (mariadb__register_tunnel.rc|d() != 0)
else "absent" }}'
options:
'host': '{{ mariadb__server }}'
'port': '{{ mariadb__port }}'
- name: 'remote-host-tunnel'
state: '{{ "present"
if (mariadb__register_tunnel.rc|d() == 0)
else "absent" }}'
options:
'host': '127.0.0.1'
'port': '{{ mariadb__port }}'
- name: 'pki-options'
comment: 'Support for SSL connections'
state: '{{ "present" if mariadb__pki|bool else "absent" }}'
options:
'ssl':
'ssl_ca': '{{ mariadb__pki_path + "/" + mariadb__pki_realm + "/" + mariadb__pki_ca }}'
'ssl_cert': '{{ mariadb__pki_path + "/" + mariadb__pki_realm + "/" + mariadb__pki_crt }}'
'ssl_key': '{{ mariadb__pki_path + "/" + mariadb__pki_realm + "/" + mariadb__pki_key }}'
'ssl_cipher': '{{ mariadb__pki_cipher }}'
-
mariadb__client_options
¶
Configuration options set in /etc/mysql/conf.d/client.cnf
file. This is
a "master variable" for the rest of the configuration variables.
mariadb__client_options:
- section: 'client'
options:
- '{{ mariadb__client_charset_options }}'
- '{{ mariadb__client_remote_host_options }}'
- '{{ mariadb__options }}'
-
mariadb__options
¶
Dictionary or list with custom MariaDB client options.
mariadb__options: {}
-
mariadb__client_cnf_file
¶
Absolute path for the client configuration file managed by the
debops.mariadb
Ansible role.
mariadb__client_cnf_file: '{{ "/etc/mysql/mariadb.conf.d/90-client.cnf"
if (mariadb__register_confd.stat.exists|bool)
else "/etc/mysql/conf.d/zz-client.cnf" }}'
SSL configuration¶
-
mariadb__pki
¶
Enable or disable support for SSL in MariaDB (using debops.pki).
mariadb__pki: '{{ (True
if (ansible_local.pki.enabled|d() and
mariadb__pki_realm in ansible_local.pki.known_realms)
else False) | bool }}'
-
mariadb__pki_path
¶
Base path for PKI directory.
mariadb__pki_path: '{{ ansible_local.pki.base_path|d("/etc/pki") }}'
-
mariadb__pki_realm
¶
Default PKI realm used by MariaDB (Debian MariaDB packages do not support chained certificates, see https://bugs.debian.org/630625).
mariadb__pki_realm: '{{ ansible_local.pki.realm|d("domain") }}'
-
mariadb__pki_ca
¶
Root CA certificate used by MariaDB, relative to mariadb__pki_realm
.
mariadb__pki_ca: 'CA.crt'
-
mariadb__pki_crt
¶
Host certificate used by MariaDB, relative to mariadb__pki_realm
.
mariadb__pki_crt: 'default.crt'
-
mariadb__pki_key
¶
Host private key used by MariaDB, relative to mariadb__pki_realm
.
mariadb__pki_key: 'default.key'
-
mariadb__pki_cipher
¶
Cipher suite used for encrypted connections.
mariadb__pki_cipher: 'DHE-RSA-AES256-SHA'
User account privileges¶
-
mariadb__default_privileges
¶
Should debops.mariadb
automatically grant all privileges to a database
named the same as the username for a given user account? This is equivalent
to:
GRANT ALL PRIVILEGES ON `<user>`.* TO `<user>`@`<host>`;
mariadb__default_privileges: True
-
mariadb__default_privileges_aux
¶
Should debops.mariadb
automatically grant all privileges to databases
with the same prefix as the username for a given user account? This is
equivalent to:
GRANT ALL PRIVILEGES ON `<user>\_%`.* TO `<user>`@`<host>`;
mariadb__default_privileges_aux: True
-
mariadb__default_privileges_grant
¶
Default privileges granted automatically. See Ansible mysql_user
module
for list and format of privileges.
mariadb__default_privileges_grant: 'ALL'
Databases, user accounts¶
-
mariadb__password_length
¶
Length of automatically generated user accounts, saved in the secret/
directory. See debops.secret role for more details about passwords.
mariadb__password_length: '48'
-
mariadb__databases
¶
List of databases configured on the MariaDB server. See mariadb__databases for more details.
mariadb__databases: []
-
mariadb__dependent_databases
¶
List of databases configured on the MariaDB server, defined by another Ansible role.
mariadb__dependent_databases: []
-
mariadb__users
¶
List of user accounts configured on the MariaDB server. See mariadb__users for more details.
mariadb__users: []
-
mariadb__dependent_users
¶
List of user accounts configured on the MariaDB server, defined by another Ansible role.
mariadb__dependent_users: []
Configuration variables for other Ansible roles¶
-
mariadb__keyring__dependent_apt_keys
¶
Configuration for the debops.keyring Ansible role.
mariadb__keyring__dependent_apt_keys:
- '{{ mariadb__apt_key }}'
-
mariadb__python__dependent_packages3
¶
Configuration for the debops.python Ansible role.
mariadb__python__dependent_packages3:
- 'python3-mysqldb'
-
mariadb__python__dependent_packages2
¶
Configuration for the debops.python Ansible role.
mariadb__python__dependent_packages2:
- 'python-mysqldb'