Dev to main - 03092024 (#4)

* Add optional mysql db instance
v-kamerdinerov · Sep 3, 2024 · 5974bf7 · 5974bf7
1 parent 23d8a78
commit 5974bf7
Show file tree

Hide file tree

Showing 10 changed files with 98 additions and 9 deletions.
diff --git a/README-RU.md b/README-RU.md
@@ -130,7 +130,7 @@ ansible-playbook marzban-deploy.yml
 
 
 ### Сделать на будущее 
-* Добавить возможность использования отдельного инстанса СУБД MySQL/MariaDB
+* ~~Добавить возможность использования отдельного инстанса СУБД MySQL/MariaDB~~
 * Добавить возможность автоматической генерации сертификата Lets Encrypt при его отсутствии в инвентори
 * Добавить новые вариативные инбауды, Trojan, Vmess и так далее
 * Добавить автоматические скрипты бекапа

diff --git a/README.md b/README.md
@@ -123,7 +123,7 @@ ansible-playbook marzban-deploy.yml
 
 
 ### ToDo / Plans
-* Adding the ability to use a separate MySQL/MariaDB DB instance
+* ~~Adding the ability to use a separate MySQL/MariaDB DB instance~~
 * Adding possibility to automatically generate Lets Encrypt certificate if it is not present in the inventory
 * Adding new variate inbound like Trojan, Vmess etc
 * Adding automatic backup scripts

diff --git a/group_vars/marzban/marzban.yml b/group_vars/marzban/marzban.yml
@@ -30,6 +30,9 @@ marzban_warp: false
 # Flag for enabling API documentation at /docs and /redoc.
 marzban_docs: false
 
+# Flag for using mysql instance instead of sql-lite
+marzban_mysql_instance: true
+
 # List of DNS servers used
 marzban_dns_servers:
   - "8.8.8.8"

diff --git a/roles/marzban/defaults/main.yml b/roles/marzban/defaults/main.yml
@@ -2,6 +2,7 @@
 
 marzban_system_dirs:
   - base_dir: "/opt/marzban"
+  - vault_dir: "/opt/marzban/credentials"
   - work_dir: "/var/lib/marzban"
   - certs_dir: "/var/lib/marzban/certs"
 
@@ -41,7 +42,7 @@ marzban_sni: "discordapp.com"
 
 # If null role generate X25519 automatically at marzban_vless_private_key_path
 marzban_vless_private_key: ""
-marzban_vless_private_key_path: "{{ marzban_system_dirs | json_query('[*].work_dir') | first }}/x25519_key"
+marzban_vless_private_key_path: "{{ marzban_system_dirs | json_query('[*].vault_dir') | first }}/x25519_key"
 
 marzban_vless_shortids: ""
 
@@ -78,6 +79,20 @@ marzban_warp_domains:
 ### Swagger and docs /docs and /redoc
 marzban_docs: false
 
+### Mysql(mariadb) configuration
+
+marzban_mysql_instance: false
+marzban_mysql_image_tag: "lts"
+marzban_mysql_db_name: "marzban"
+marzban_mysql_user_name: "marzban"
+marzban_mysql_user_password: ""
+marzban_mysql_root_password: ""
+
+# tuning
+marzban_mysql_innodb_open_files: "1024"
+marzban_mysql_innodb_buffer_pool_size: "268435456"
+marzban_mysql_binlog_expire_logs_seconds: "5184000" # 60 days
+
 ### Node configuration
 
 marzban_ssl_node_path: "/var/lib/marzban-node/ssl_client_cert.pem"

diff --git a/roles/marzban/tasks/main.yml b/roles/marzban/tasks/main.yml
@@ -1,8 +1,7 @@
 ---
-- name: "Marzban | Get group name"
-  set_fact:
-    marzban_main_group_name: "marzban_main"
-    marzban_nodes_group_name: "marzban_nodes"
+
+- name: "Marzban | Prepare"
+  include_tasks: prepare.yml
 
 - name: "Marzban | Warp"
   include_tasks: warp.yml
@@ -22,3 +21,6 @@
   include_tasks: add-node.yml
   when:
     - marzban_nodes_group_name in groups
+
+- name: "Marzban | Post-deploy"
+  include_tasks: post-deploy.yml
diff --git a/roles/marzban/tasks/post-deploy.yml b/roles/marzban/tasks/post-deploy.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "Marzban | Post-deploy | Save MySQL passwords to credentials"
+  copy:
+    dest: "{{ item.path }}"
+    content: "{{ lookup('vars', item.name) }}"
+    owner: root
+    group: root
+    mode: '0644'
+  loop:
+    - { name: 'marzban_mysql_user_password', path: "{{ marzban_system_dirs | json_query('[*].vault_dir') | first }}/pass_marzban_mysql_user_password" }
+    - { name: 'marzban_mysql_root_password', path: "{{ marzban_system_dirs | json_query('[*].vault_dir') | first }}/pass_marzban_mysql_root_password" }
+  when: marzban_mysql_instance is defined and marzban_mysql_instance
diff --git a/roles/marzban/tasks/prepare.yml b/roles/marzban/tasks/prepare.yml
@@ -0,0 +1,19 @@
+---
+
+- name: "Marzban | Prepare | Get group name"
+  set_fact:
+    marzban_main_group_name: "marzban_main"
+    marzban_nodes_group_name: "marzban_nodes"
+
+- name: "Marzban | Prepare | Mysql"
+  block:
+    - name: "Marzban | Prepare | Set marzban_mysql_user_password if not defined or empty"
+      set_fact:
+        marzban_mysql_user_password: "{{ lookup('password', '/dev/null length=20') }}"
+      when: marzban_mysql_user_password is not defined or marzban_mysql_user_password == ''
+
+    - name: "Marzban | Prepare | Set marzban_mysql_root_password if not defined or empty"
+      set_fact:
+        marzban_mysql_root_password: "{{ lookup('password', '/dev/null length=20') }}"
+      when: marzban_mysql_root_password is not defined or marzban_mysql_root_password == ''
+  when: marzban_mysql_instance is defined and marzban_mysql_instance
diff --git a/roles/marzban/templates/docker-compose-node.yml.j2 b/roles/marzban/templates/docker-compose-node.yml.j2
@@ -3,7 +3,6 @@ services:
     image: haproxy:{{ marzban_haproxy_image_tag }}
     restart: always
     network_mode: host
-    # for NET_BIND_SERVICE, ToDo try more clean method
     user: root
     volumes:
       - {{ marzban_haproxy_dirs | json_query('[*].etc_dir') | first }}/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg

diff --git a/roles/marzban/templates/docker-compose.yml.j2 b/roles/marzban/templates/docker-compose.yml.j2
@@ -5,7 +5,6 @@ services:
     image: haproxy:{{ marzban_haproxy_image_tag }}
     restart: always
     network_mode: host
-    # for NET_BIND_SERVICE, ToDo try more clean method
     user: root
     volumes:
       - {{ marzban_haproxy_dirs | json_query('[*].etc_dir') | first }}/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
@@ -22,3 +21,34 @@ services:
     volumes:
       - {{ marzban_system_dirs | json_query('[*].work_dir') | first }}:/var/lib/marzban
       - /etc/localtime:/etc/localtime:ro
+{% if marzban_mysql_instance is defined and marzban_mysql_instance %}
+    depends_on:
+      mariadb:
+        condition: service_healthy
+
+  mariadb:
+    image: mariadb:{{ marzban_mysql_image_tag }}
+    restart: always
+    env_file: .env
+    network_mode: host
+    command:
+      - --bind-address=127.0.0.1
+      - --character_set_server=utf8mb4
+      - --collation_server=utf8mb4_unicode_ci
+      - --host-cache-size=0
+      - --innodb-open-files={{ marzban_mysql_innodb_open_files }}
+      - --innodb-buffer-pool-size={{ marzban_mysql_innodb_buffer_pool_size }}
+      - --binlog_expire_logs_seconds={{ marzban_mysql_binlog_expire_logs_seconds }}
+    volumes:
+      - mariadb_data:/var/lib/mysql
+    healthcheck:
+      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      start_period: 10s
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+volumes:
+  mariadb_data:
+    name: mariadb_data
+{% endif %}
diff --git a/roles/marzban/templates/env.j2 b/roles/marzban/templates/env.j2
@@ -1,5 +1,13 @@
 UVICORN_HOST = "0.0.0.0"
+{% if marzban_mysql_instance is defined and marzban_mysql_instance %}
+SQLALCHEMY_DATABASE_URL = "mysql+pymysql://{{ marzban_mysql_user_name }}:{{ marzban_mysql_user_password }}@127.0.0.1:3306/{{ marzban_mysql_db_name }}"
+MARIADB_ROOT_PASSWORD={{ marzban_mysql_root_password }}
+MARIADB_DATABASE={{ marzban_mysql_db_name }}
+MARIADB_USER={{ marzban_mysql_user_name }}
+MARIADB_PASSWORD={{ marzban_mysql_user_password }}
+{% elif marzban_mysql_instance is defined and not marzban_mysql_instance %}
 SQLALCHEMY_DATABASE_URL = "sqlite:////var/lib/marzban/db.sqlite3"
+{% endif %}
 UVICORN_PORT = {{ marzban_panel_port }}
 UVICORN_SSL_CERTFILE = "/var/lib/marzban/certs/{{ marzban_ssl_certfile }}"
 UVICORN_SSL_KEYFILE = "/var/lib/marzban/certs/{{ marzban_ssl_keyfile }}"