roles/mariadb: use newer Ansible task syntax

roles/mariadb: remove sources.list template
roles/mariadb: install packages in single transaction
2022-09-12 10:16:42 +03:00 · 2022-09-12 10:13:27 +03:00 · 2022-09-12 10:12:07 +03:00 · 2022-09-12 10:09:41 +03:00 · 2022-09-12 10:05:12 +03:00 · 2022-09-12 09:25:46 +03:00
4 changed files with 99 additions and 21 deletions
--- a/roles/common/tasks/packages_Debian.yml
+++ b/roles/common/tasks/packages_Debian.yml
@ -2,6 +2,19 @@
 - name: Configure Debian packages
  block:
    # Create directory for third-party package signing keys. Required on distros
    # older than Debian 12 / Ubuntu 22.04.
    #
    # See: https://wiki.debian.org/DebianRepository/UseThirdParty
    - name: Create /etc/apt/keyrings
      file:
        path: /etc/apt/keyrings
        mode: 0755
        owner: root
        group: root
        state: directory
      when: ansible_distribution_major_version is version('12', '<')
    - name: Configure apt mirror
      ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
      when: ansible_architecture != 'armv7l'
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@ -2,6 +2,19 @@
 - name: Configure Ubuntu packages
  block:
    # Create directory for third-party package signing keys. Required on distros
    # older than Debian 12 / Ubuntu 22.04.
    #
    # See: https://wiki.debian.org/DebianRepository/UseThirdParty
    - name: Create /etc/apt/keyrings
      file:
        path: /etc/apt/keyrings
        mode: 0755
        owner: root
        group: root
        state: directory
      when: ansible_distribution_major_version is version('22.04', '<')
    - name: Configure apt mirror
      ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
      when: ansible_architecture != 'armv7l'
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@ -1,55 +1,110 @@
 ---
- name: Add GPG key for MariaDB repo
+- name: Remove MariaDB key from apt-key
-  ansible.builtin.apt_key: id=0x177F4010FE56CA3336300305F1656F24C74CD1D8 url=https://mariadb.org/mariadb_release_signing_key.asc
+  ansible.builtin.apt_key:
-  register: add_mariadb_apt_key
+    id: 0x177F4010FE56CA3336300305F1656F24C74CD1D8
-  tags: mariadb, packages
+    state: absent
  tags:
    - packages
    - mariadb
- name: Add MariaDB 10.5 repo
+- name: Check MariaDB package signing key
-  ansible.builtin.template: src=mariadb.list.j2 dest=/etc/apt/sources.list.d/mariadb.list owner=root group=root mode=0644
+  ansible.builtin.stat:
    path: /etc/apt/keyrings/mariadb_release_signing_key.asc
  register: mariadb_signing_key_stat
  tags:
    - packages
    - mariadb
 - name: Download MariaDB package signing key
  ansible.builtin.get_url:
    url: https://mariadb.org/mariadb_release_signing_key.asc
    dest: /etc/apt/keyrings/mariadb_release_signing_key.asc
    owner: root
    group: root
    mode: 0644
  register: download_mariadb_signing_key
  when: not mariadb_signing_key_stat.stat.exists
  tags:
    - packages
    - mariadb
 - name: Add MariaDB 10.6 repo
  ansible.builtin.apt_repository:
    repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/mariadb_release_signing_key.asc] https://dlm.mariadb.com/repo/mariadb-server/10.6/repo/debian {{ ansible_distribution_release }} main'
    filename: mariadb
    state: present
  register: add_mariadb_apt_repository
-  tags: mariadb, packages
+  tags:
    - packages
    - mariadb
 - name: Update apt cache
-  ansible.builtin.apt:
+  ansible.builtin.apt: # noqa no-handler
    update_cache: true
  when:
-    add_mariadb_apt_key is changed or
+    (download_mariadb_signing_key.status_code is defined and download_mariadb_signing_key.status_code == 200) or
    add_mariadb_apt_repository is changed
  tags:
    - packages
    - mariadb
 - name: Install mariadb-server
-  ansible.builtin.apt: name={{ item }} state=present cache_valid_time=3600
+  ansible.builtin.apt:
-  loop:
+    name: ['mariadb-server', 'python3-pymysql']
-    - mariadb-server
+    state: present
-    - python3-pymysql # for ansible
+    cache_valid_time: 3600
  tags: mariadb, packages
 - name: Create system my.cnf
-  ansible.builtin.template: src=my.cnf.j2 dest=/etc/mysql/my.cnf owner=root group=root mode=0644
+  ansible.builtin.template:
    src: my.cnf.j2
    dest: /etc/mysql/my.cnf
    owner: root
    group: root
    mode: 0644
  notify:
    - restart mariadb
  tags: mariadb
 # See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_user_module.html
 - name: Update MariaDB root password for all root accounts
-  community.mysql.mysql_user: name=root host={{ item }} password={{ mariadb_root_password }} login_unix_socket={{ mariadb_login_unix_socket }}
+  community.mysql.mysql_user:
    name: root
    host: "{{ item }}"
    password: "{{ mariadb_root_password }}"
    login_unix_socket: "{{ mariadb_login_unix_socket }}"
  loop:
    - 127.0.0.1
    - ::1
  tags: mariadb
 - name: Create .my.conf file with root credentials
-  ansible.builtin.template: src=.my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
+  ansible.builtin.template:
    src: .my.cnf.j2
    dest: /root/.my.cnf
    owner: root
    mode: 0600
  tags: mariadb
 # See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_db_module.html
 - name: Create MariaDB database(s)
-  community.mysql.mysql_db: db={{ item.name }} state=present encoding=utf8mb4 login_unix_socket={{ mariadb_login_unix_socket }}
+  community.mysql.mysql_db:
    db: "{{ item.name }}"
    state: present
    encoding: utf8mb4
    login_unix_socket: "{{ mariadb_login_unix_socket }}"
  loop: "{{ mariadb_databases }}"
  when: mariadb_databases is defined
  tags: mariadb
 - name: Create MariaDB user(s)
-  community.mysql.mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present login_unix_socket={{ mariadb_login_unix_socket }}
+  community.mysql.mysql_user:
    name: "{{ item.user }}"
    password: "{{ item.pass }}"
    priv: "{{ item.name }}.*:ALL"
    host: 127.0.0.1
    state: present
    login_unix_socket: "{{ mariadb_login_unix_socket }}"
  loop: "{{ mariadb_databases }}"
  when: mariadb_databases is defined
  tags: mariadb
--- a/roles/mariadb/templates/mariadb.list.j2
+++ b/roles/mariadb/templates/mariadb.list.j2
@ -1,3 +0,0 @@
 {{ ansible_managed | comment }}
 deb [arch=amd64] https://dlm.mariadb.com/repo/mariadb-server/10.5/repo/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main
Author	SHA1	Message	Date
Alan Orth	f4b32e516b	roles/mariadb: use newer Ansible task syntax	2022-09-12 10:16:42 +03:00
Alan Orth	fcb12ecee0	roles/mariadb: remove sources.list template	2022-09-12 10:13:27 +03:00
Alan Orth	5bc03ceacc	roles/mariadb: install packages in single transaction Using a list we can install these in a single apt transaction. Also use the newer task format.	2022-09-12 10:12:07 +03:00
Alan Orth	c317429f6d	roles/mariadb: rework package signing key and repo	2022-09-12 10:09:41 +03:00
Alan Orth	b512a7f765	roles/common: create /etc/apt/keyrings According the the Debian docs for third-party repositories we must create this manually on distros before Debian 12 and Ubuntu 22.04. This is due to changes in apt-secure and the deprecation of apt-key. See: https://wiki.debian.org/DebianRepository/UseThirdParty	2022-09-12 10:05:12 +03:00
Alan Orth	e3a87d4f79	roles/mariadb: MariaDB 10.6 See: https://mariadb.com/kb/en/mariadb-1069-release-notes/ See: https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/	2022-09-12 09:25:46 +03:00
		`@ -1,3 +0,0 @@`
			`{{ ansible_managed \| comment }}`

			`deb [arch=amd64] https://dlm.mariadb.com/repo/mariadb-server/10.5/repo/{{ ansible_distribution \| lower }} {{ ansible_distribution_release }} main`