-
Notifications
You must be signed in to change notification settings - Fork 0
/
databases.yml
104 lines (86 loc) · 3.21 KB
/
databases.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
---
# Provisioning taken from https://github.com/geerlingguy/ansible-role-mysql, but
# the configuration aspect would interfere with running operations.
- name: Provision the MySQL databases
hosts: db
remote_user: root
vars:
mysql_user_name: root
mysql_user_password: "{{ root_mysql_password }}"
mysql_root_password: "{{ root_mysql_password }}"
mysql_databases:
- name: "{{ shop_db.name }}"
encoding: utf8mb4
collation: utf8mb4_general_ci
- name: "{{ forum_db.name }}"
encoding: utf8mb4
collation: utf8mb4_general_ci
mysql_users:
- name: "{{ shop_db.user }}"
host: '%'
password: "{{ shop_db.password }}"
priv: "{{ shop_db.name }}.*:ALL"
- name: "{{ forum_db.user }}"
host: '%'
password: "{{ forum_db.password }}"
priv: "{{ forum_db.name }}.*:ALL"
mysql_bind_address: '0.0.0.0'
tasks:
- name: Ensure MySQL Python libraries are installed.
apt:
name: python3-mysqldb
state: present
- name: Ensure MySQL databases are present.
mysql_db:
name: "{{ item.name }}"
collation: "{{ item.collation | default('utf8_general_ci') }}"
encoding: "{{ item.encoding | default('utf8') }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ mysql_databases }}"
- name: Ensure MySQL users are present.
mysql_user:
name: "{{ item.name }}"
host: "{{ item.host | default('localhost') }}"
password: "{{ item.password }}"
priv: "{{ item.priv | default('*.*:USAGE') }}"
state: "{{ item.state | default('present') }}"
append_privs: "{{ item.append_privs | default('no') }}"
encrypted: "{{ item.encrypted | default('no') }}"
with_items: "{{ mysql_users }}"
no_log: true
- name: Allow incoming connections from docker0 to MySQL
community.general.ufw:
rule: allow
direction: in
interface: docker0
to_port: '3306'
src: 172.0.0.0/11
tags:
- firewall
- name: Privision the PostgreSQL databases
hosts: db
remote_user: root
vars:
postgresql_python_library: python3-psycopg2
postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: md5 }
- { type: host, database: all, user: zbx_monitor, address: '127.0.0.1/32', auth_method: trust}
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '172.0.0.0/11', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
- option: listen_addresses
value: localhost,172.17.0.1
- option: max_connections
value: 150
postgresql_databases:
- name: "{{ django_db.name }}"
owner: "{{ django_db.user }}"
postgresql_users:
- name: "{{ django_db.user }}"
password: "{{ django_db.password }}"
roles:
- role: geerlingguy.postgresql