diff --git a/roles/mariadbdocker/defaults/main.yml b/roles/mariadbdocker/defaults/main.yml new file mode 100644 index 000000000..4a346be37 --- /dev/null +++ b/roles/mariadbdocker/defaults/main.yml @@ -0,0 +1,3 @@ +docker_mariadb_network_range: "172.21.21.0/24" +mysql_backup_user: backup_user +backup_node: True diff --git a/roles/mariadbdocker/tasks/main.yml b/roles/mariadbdocker/tasks/main.yml new file mode 100644 index 000000000..a50f3723a --- /dev/null +++ b/roles/mariadbdocker/tasks/main.yml @@ -0,0 +1,96 @@ +--- +- name: Create MariaDB volume + community.docker.docker_volume: + name: openconext_mariadb + state: present + +- name: Create MariaDB network + community.docker.docker_network: + name: openconext_mariadb + state: present + internal: false + ipam_config: + - subnet: "{{ docker_mariadb_network_range }}" + +- name: Create the MariaDB container + community.docker.docker_container: + name: openconext_mariadb + image: mariadb:10.6 + state: started + pull: true + restart_policy: "always" + ports: "127.0.0.1:3306:3306" + networks: + - name: "openconext_mariadb" + mounts: + - type: volume + source: openconext_mariadb + target: /var/lib/mysql + env: + MARIADB_ROOT_PASSWORD: "{{ mariadb_root_password }}" + +- name: Create database + community.mysql.mysql_db: + name: "{{ item }}" + state: present + login_user: root + login_host: localhost + login_password: "{{ mariadb_root_password }}" + with_items: + - "{{ databases.names }}" + +- name: Create database user + community.mysql.mysql_user: + name: "{{ item[0].name }}" + host: "{{ item[1] }}" + password: "{{ item[0].password }}" + priv: "{{ item[0].db_name }}.*:{{ item[0].privilege }}" + state: present + append_privs: true + login_user: root + login_host: localhost + login_password: "{{ mariadb_root_password }}" + # no_log: true + with_nested: + - "{{ databases.users }}" + - "{{ database_clients }}" + +- name: Add mariadb backup user + community.mysql.mysql_user: + name: "{{ mysql_backup_user }}" + password: "{{ mysql_backup_password }}" + login_user: root + login_password: "{{ mariadb_root_password }}" + login_host: localhost + priv: "*.*:SELECT,RELOAD,PROCESS,LOCK TABLES,BINLOG MONITOR,CONNECTION ADMIN,SHOW VIEW" + state: present + # no_log: true + +- name: Create the backup directory + ansible.builtin.file: + path: /home/backup + state: directory + owner: root + group: root + mode: "0700" + when: + - backup_node | bool + +- name: Put mariadb_backup script + ansible.builtin.template: + src: "mariadb_backup.sh.j2" + dest: "/usr/local/sbin/mariadb_backup.sh" + mode: "0700" + owner: root + when: + - backup_node | bool + +- name: Create cron symlink for backup script + file: + src: /usr/local/sbin/mariadb_backup.sh + dest: /etc/cron.daily/db_backup + state: link + mode: 0700 + owner: root + when: + - backup_node | bool diff --git a/roles/mariadbdocker/templates/mariadb_backup.sh.j2 b/roles/mariadbdocker/templates/mariadb_backup.sh.j2 new file mode 100644 index 000000000..43efffdea --- /dev/null +++ b/roles/mariadbdocker/templates/mariadb_backup.sh.j2 @@ -0,0 +1,49 @@ +#!/bin/bash + +umask 0077 + +declare -x PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin + +MYSQL_USER="{{ mysql_backup_user }}" +MYSQL_PASS="{{ mysql_backup_password }}" +FOLDER="/home/backup" + +DAY=$(/bin/date +'%a') + +echo "-- Remove old backups --" +find /home/backup/ -type f -ctime +2 -delete + +echo "-- START new backups --" + +echo "SET autocommit=0;SET unique_checks=0;SET foreign_key_checks=0;" > tmp_sqlhead.sql +echo "SET autocommit=1;SET unique_checks=1;SET foreign_key_checks=1;" > tmp_sqlend.sql + +if [ -z "$1" ] + then + echo "-- Dumping all DB ..." + for I in $(docker exec openconext_mariadb mariadb -u $MYSQL_USER --password=$MYSQL_PASS -e 'show databases' -s --skip-column-names); + do + if [ "$I" = information_schema ] || [ "$I" = mysql ] || [ "$I" = sys ] || [ "$I" = performance_schema ] # exclude this DB + then + echo "-- Skip $I ..." + continue + fi + echo "-- Dumping $I ..." + # Pipe compress and concat the head/end with the stoutput of mysqlump ( '-' cat argument) + docker exec openconext_mariadb mysqldump -u $MYSQL_USER --password=$MYSQL_PASS $I | cat tmp_sqlhead.sql - tmp_sqlend.sql | gzip -fc > "$FOLDER/$DAY-$I.sql.gz" + done + +else + I=$1; + echo "-- Dumping $I ..." + # Pipe compress and concat the head/end with the stoutput of mysqlump ( '-' cat argument) + docker exec openconext_mariadb mysqldump -u $MYSQL_USER --password=$MYSQL_PASS $I | cat tmp_sqlhead.sql - tmp_sqlend.sql | gzip -fc > "$FOLDER/$DAY-$I.sql.gz" +fi + +# remove tmp files +rm tmp_sqlhead.sql +rm tmp_sqlend.sql + +echo "-- FINISH —" + +umask 0022