Add 'roles/ensure_mariadb/' from commit '9db90c39bdcb2ac355f24de078f09bf6376b08b6'
git-subtree-dir: roles/ensure_mariadb git-subtree-mainline:a1a4d87dc1git-subtree-split:9db90c39bd
This commit is contained in:
@@ -0,0 +1,94 @@
|
||||
# ---> Linux
|
||||
*~
|
||||
|
||||
# temporary files which can be created if a process still has a handle open of a deleted file
|
||||
.fuse_hidden*
|
||||
|
||||
# KDE directory preferences
|
||||
.directory
|
||||
|
||||
# Linux trash folder which might appear on any partition or disk
|
||||
.Trash-*
|
||||
|
||||
# .nfs files are created when an open file is removed but is still being accessed
|
||||
.nfs*
|
||||
|
||||
# ---> Windows
|
||||
# Windows thumbnail cache files
|
||||
Thumbs.db
|
||||
ehthumbs.db
|
||||
ehthumbs_vista.db
|
||||
|
||||
# Dump file
|
||||
*.stackdump
|
||||
|
||||
# Folder config file
|
||||
[Dd]esktop.ini
|
||||
|
||||
# Recycle Bin used on file shares
|
||||
$RECYCLE.BIN/
|
||||
|
||||
# Windows Installer files
|
||||
*.cab
|
||||
*.msi
|
||||
*.msix
|
||||
*.msm
|
||||
*.msp
|
||||
|
||||
# Windows shortcuts
|
||||
*.lnk
|
||||
|
||||
# ---> macOS
|
||||
# General
|
||||
.DS_Store
|
||||
.AppleDouble
|
||||
.LSOverride
|
||||
|
||||
# Icon must end with two \r
|
||||
Icon
|
||||
|
||||
|
||||
# Thumbnails
|
||||
._*
|
||||
|
||||
# Files that might appear in the root of a volume
|
||||
.DocumentRevisions-V100
|
||||
.fseventsd
|
||||
.Spotlight-V100
|
||||
.TemporaryItems
|
||||
.Trashes
|
||||
.VolumeIcon.icns
|
||||
.com.apple.timemachine.donotpresent
|
||||
|
||||
# Directories potentially created on remote AFP share
|
||||
.AppleDB
|
||||
.AppleDesktop
|
||||
Network Trash Folder
|
||||
Temporary Items
|
||||
.apdisk
|
||||
|
||||
# ---> Vim
|
||||
# Swap
|
||||
[._]*.s[a-v][a-z]
|
||||
[._]*.sw[a-p]
|
||||
[._]s[a-rt-v][a-z]
|
||||
[._]ss[a-gi-z]
|
||||
[._]sw[a-p]
|
||||
|
||||
# Session
|
||||
Session.vim
|
||||
|
||||
# Temporary
|
||||
.netrwhist
|
||||
*~
|
||||
# Auto-generated tag files
|
||||
tags
|
||||
# Persistent undo
|
||||
[._]*.un~
|
||||
|
||||
# ---> VisualStudioCode
|
||||
.vscode/*
|
||||
!.vscode/settings.json
|
||||
!.vscode/tasks.json
|
||||
!.vscode/launch.json
|
||||
!.vscode/extensions.json
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,163 @@
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim copies of this license
|
||||
document, but changing it is not allowed.
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates the terms
|
||||
and conditions of version 3 of the GNU General Public License, supplemented
|
||||
by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser General
|
||||
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
|
||||
License.
|
||||
|
||||
|
||||
|
||||
"The Library" refers to a covered work governed by this License, other than
|
||||
an Application or a Combined Work as defined below.
|
||||
|
||||
|
||||
|
||||
An "Application" is any work that makes use of an interface provided by the
|
||||
Library, but which is not otherwise based on the Library. Defining a subclass
|
||||
of a class defined by the Library is deemed a mode of using an interface provided
|
||||
by the Library.
|
||||
|
||||
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an Application
|
||||
with the Library. The particular version of the Library with which the Combined
|
||||
Work was made is also called the "Linked Version".
|
||||
|
||||
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
|
||||
Source for the Combined Work, excluding any source code for portions of the
|
||||
Combined Work that, considered in isolation, are based on the Application,
|
||||
and not on the Linked Version.
|
||||
|
||||
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the object
|
||||
code and/or source code for the Application, including any data and utility
|
||||
programs needed for reproducing the Combined Work from the Application, but
|
||||
excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License without
|
||||
being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a facility
|
||||
refers to a function or data to be supplied by an Application that uses the
|
||||
facility (other than as an argument passed when the facility is invoked),
|
||||
then you may convey a copy of the modified version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to ensure
|
||||
that, in the event an Application does not supply the function or data, the
|
||||
facility still operates, and performs whatever part of its purpose remains
|
||||
meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of this License
|
||||
applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from a header
|
||||
file that is part of the Library. You may convey such object code under terms
|
||||
of your choice, provided that, if the incorporated material is not limited
|
||||
to numerical parameters, data structure layouts and accessors, or small macros,
|
||||
inline functions and templates (ten or fewer lines in length), you do both
|
||||
of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the Library
|
||||
is used in it and that the Library and its use are covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that, taken together,
|
||||
effectively do not restrict modification of the portions of the Library contained
|
||||
in the Combined Work and reverse engineering for debugging such modifications,
|
||||
if you also do each of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that the Library
|
||||
is used in it and that the Library and its use are covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during execution, include
|
||||
the copyright notice for the Library among these notices, as well as a reference
|
||||
directing the user to the copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this License,
|
||||
and the Corresponding Application Code in a form suitable for, and under terms
|
||||
that permit, the user to recombine or relink the Application with a modified
|
||||
version of the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the Library. A
|
||||
suitable mechanism is one that (a) uses at run time a copy of the Library
|
||||
already present on the user's computer system, and (b) will operate properly
|
||||
with a modified version of the Library that is interface-compatible with the
|
||||
Linked Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise be required
|
||||
to provide such information under section 6 of the GNU GPL, and only to the
|
||||
extent that such information is necessary to install and execute a modified
|
||||
version of the Combined Work produced by recombining or relinking the Application
|
||||
with a modified version of the Linked Version. (If you use option 4d0, the
|
||||
Installation Information must accompany the Minimal Corresponding Source and
|
||||
Corresponding Application Code. If you use option 4d1, you must provide the
|
||||
Installation Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the Library side
|
||||
by side in a single library together with other library facilities that are
|
||||
not Applications and are not covered by this License, and convey such a combined
|
||||
library under terms of your choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based on the
|
||||
Library, uncombined with any other library facilities, conveyed under the
|
||||
terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it is a work
|
||||
based on the Library, and explaining where to find the accompanying uncombined
|
||||
form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of the
|
||||
GNU Lesser General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to address
|
||||
new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Library as you
|
||||
received it specifies that a certain numbered version of the GNU Lesser General
|
||||
Public License "or any later version" applies to it, you have the option of
|
||||
following the terms and conditions either of that published version or of
|
||||
any later version published by the Free Software Foundation. If the Library
|
||||
as you received it does not specify a version number of the GNU Lesser General
|
||||
Public License, you may choose any version of the GNU Lesser General Public
|
||||
License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide whether
|
||||
future versions of the GNU Lesser General Public License shall apply, that
|
||||
proxy's public statement of acceptance of any version is permanent authorization
|
||||
for you to choose that version for the Library.
|
||||
@@ -0,0 +1,40 @@
|
||||
Role Name
|
||||
=========
|
||||
|
||||
A brief description of the role goes here.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
| variable | default | description |
|
||||
|-|-|-|
|
||||
| mariadb_vhost | inventory_hostname | What mod_md certificate should be used for MariaDB |
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||
|
||||
- hosts: servers
|
||||
roles:
|
||||
- { role: username.rolename, x: 42 }
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
BSD
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
# defaults file for ensure_mariadb
|
||||
mariadb_vhost: '{{ inventory_hostname }}'
|
||||
@@ -0,0 +1,28 @@
|
||||
---
|
||||
# handlers file for ensure_mariadb
|
||||
- name: 'ensure_mariadb.package_facts'
|
||||
ansible.builtin.package_facts:
|
||||
- name: 'ensure_mariadb.service_facts'
|
||||
ansible.builtin.service_facts:
|
||||
- name: 'ensure_mariadb.service_reload'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts["service_mgr"] == 'systemd'
|
||||
- ensure_mariadb is defined
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: 'yes'
|
||||
- name: 'ensure_mariadb.service_restart'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_mariadb is defined
|
||||
- ensure_mariadb.service_list is defined
|
||||
- ensure_mariadb.service_list is iterable
|
||||
- item.state == 'started'
|
||||
ansible.builtin.service:
|
||||
enabled: '{{ item.enabled }}'
|
||||
name: '{{ item.name }}'
|
||||
state: 'restarted'
|
||||
loop: '{{ ensure_mariadb.service_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be restarted'
|
||||
...
|
||||
@@ -0,0 +1,53 @@
|
||||
galaxy_info:
|
||||
author: Jason Rothstein
|
||||
description: Deploy MariaDB
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: LGPL-3.0-or-later
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
||||
@@ -0,0 +1,238 @@
|
||||
---
|
||||
# tasks file for ensure_mariadb
|
||||
- name: 'include variables'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
include_vars:
|
||||
file: '{{ lookup("first_found", findme ) }}'
|
||||
name: 'ensure_mariadb'
|
||||
vars:
|
||||
findme:
|
||||
files:
|
||||
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
|
||||
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
|
||||
- '{{ ansible_facts["distribution"] }}-default.yml'
|
||||
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
|
||||
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
|
||||
- '{{ ansible_facts["os_family"] }}-default.yml'
|
||||
- 'default.yml'
|
||||
paths:
|
||||
- '../vars/'
|
||||
errors: 'ignore'
|
||||
- name: 'package discovery'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts["packages"] is not defined
|
||||
ansible.builtin.package_facts:
|
||||
- name: 'service discovery'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts["services"] is not defined
|
||||
ansible.builtin.service_facts:
|
||||
- name: 'ensure sysctl'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_mariadb is defined
|
||||
- ensure_mariadb.sysctl_list is defined
|
||||
- ensure_mariadb.sysctl_list is iterable
|
||||
ansible.posix.sysctl:
|
||||
name: '{{ item.name }}'
|
||||
reload: '{{ item.reload | default(omit) }}'
|
||||
state: '{{ item.state }}'
|
||||
sysctl_file: '{{ item.sysctl_file | default(omit) }}'
|
||||
sysctl_set: '{{ item.sysctl_set | default(omit) }}'
|
||||
value: '{{ item.value | default(omit) }}'
|
||||
loop: '{{ ensure_mariadb.sysctl_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.value }}'
|
||||
notify:
|
||||
- 'ensure_mariadb.package_facts'
|
||||
- 'ensure_mariadb.service_facts'
|
||||
- 'ensure_mariadb.service_reload'
|
||||
- 'ensure_mariadb.service_restart'
|
||||
- name: 'ensure packages'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_mariadb is defined
|
||||
- ensure_mariadb.package_list is defined
|
||||
- ensure_mariadb.package_list is iterable
|
||||
ansible.builtin.package:
|
||||
name: '{{ item.name }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_mariadb.package_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_mariadb.package_facts'
|
||||
- 'ensure_mariadb.service_facts'
|
||||
- 'ensure_mariadb.service_reload'
|
||||
- 'ensure_mariadb.service_restart'
|
||||
- name: 'ensure seboolean'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_mariadb is defined
|
||||
- ensure_mariadb.seboolean_list is defined
|
||||
- ensure_mariadb.seboolean_list is iterable
|
||||
ansible.posix.seboolean:
|
||||
name: '{{ item.name }}'
|
||||
persistent: '{{ item.persistent }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_mariadb.seboolean_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_mariadb.package_facts'
|
||||
- 'ensure_mariadb.service_facts'
|
||||
- 'ensure_mariadb.service_reload'
|
||||
- 'ensure_mariadb.service_restart'
|
||||
- name: 'ensure configurations'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_mariadb is defined
|
||||
- ensure_mariadb.template_list is defined
|
||||
- ensure_mariadb.template_list is iterable
|
||||
ansible.builtin.template:
|
||||
backup: 'no'
|
||||
dest: '{{ item.dest }}'
|
||||
group: '{{ item.group | default(omit) }}'
|
||||
mode: '{{ item.mode | default(omit) }}'
|
||||
owner: '{{ item.owner | default(omit) }}'
|
||||
selevel: '{{ iteml.selevel | default(omit) }}'
|
||||
serole: '{{ item.serole | default(omit) }}'
|
||||
setype: '{{ item.setype | default(omit) }}'
|
||||
seuser: '{{ item.seuser | default(omit) }}'
|
||||
src: '{{ item.src }}'
|
||||
loop: '{{ ensure_mariadb.template_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.dest }} will be ensured'
|
||||
notify:
|
||||
- 'ensure_mariadb.package_facts'
|
||||
- 'ensure_mariadb.service_facts'
|
||||
- 'ensure_mariadb.service_reload'
|
||||
- 'ensure_mariadb.service_restart'
|
||||
- name: 'ensure firewall'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts.packages["firewalld"] is defined
|
||||
- ansible_facts.packages["python3-firewall"] is defined
|
||||
- ensure_mariadb is defined
|
||||
- ensure_mariadb.firewall_list is defined
|
||||
- ensure_mariadb.firewall_list is iterable
|
||||
ansible.posix.firewalld:
|
||||
permanent: '{{ item.permanent }}'
|
||||
service: '{{ item.service }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_mariadb.firewall_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.service }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_mariadb.package_facts'
|
||||
- 'ensure_mariadb.service_facts'
|
||||
- 'ensure_mariadb.service_reload'
|
||||
- 'ensure_mariadb.service_restart'
|
||||
- name: 'ensure services'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_mariadb is defined
|
||||
- ensure_mariadb.service_list is defined
|
||||
- ensure_mariadb.service_list is iterable
|
||||
ansible.builtin.service:
|
||||
enabled: '{{ item.enabled }}'
|
||||
name: '{{ item.name }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_mariadb.service_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_mariadb.package_facts'
|
||||
- 'ensure_mariadb.service_facts'
|
||||
- 'ensure_mariadb.service_reload'
|
||||
- 'ensure_mariadb.service_restart'
|
||||
- name: 'flush handlers'
|
||||
meta: 'flush_handlers'
|
||||
- name: 'ensure mariadb databases'
|
||||
when:
|
||||
- mariadb_db_list is defined
|
||||
- mariadb_db_list is iterable
|
||||
community.mysql.mysql_db:
|
||||
ca_cert: '{{ item.ca_cert | default(omit) }}'
|
||||
chdir: '{{ item.chdir | default(omit) }}'
|
||||
check_hostname: '{{ item.check_hostname | default(omit) }}'
|
||||
check_implicit_admin: '{{ item.check_implicit_admin | default(omit) }}'
|
||||
client_cert: '{{ item.client_cert | default(omit) }}'
|
||||
client_key: '{{ item.client_key | default(omit) }}'
|
||||
collation: '{{ item.collation | default(omit) }}'
|
||||
config_file: '{{ item.config_file | default(omit) }}'
|
||||
config_overrides_defaults: '{{ item.config_overrides_defaults | default(omit) }}'
|
||||
connect_timeout: '{{ item.connect_timeout | default(omit) }}'
|
||||
dump_extra_args: '{{ item.dump_extra_args | default(omit) }}'
|
||||
encoding: '{{ item.encoding | default(omit) }}'
|
||||
force: '{{ item.force | default(omit) }}'
|
||||
hex_blob: '{{ item.hex_blob | default(omit) }}'
|
||||
ignore_tables: '{{ item.ignore_tables | default(omit) }}'
|
||||
login_host: '{{ item.login_host | default(omit) }}'
|
||||
login_password: '{{ item.login_password | default(omit) }}'
|
||||
login_port: '{{ item.login_port | default(omit) }}'
|
||||
login_unix_socket: '{{ item.login_unix_socket | default(omit) }}'
|
||||
login_user: '{{ item.login_user | default(omit) }}'
|
||||
master_data: '{{ item.master_data | default(omit) }}'
|
||||
name: '{{ item.name }}'
|
||||
pipefail: '{{ item.pipefail | default(omit) }}'
|
||||
quick: '{{ item.quick | default(omit) }}'
|
||||
restrict_config_file: '{{ item.restrict_config_file | default(omit) }}'
|
||||
single_transaction: '{{ item.single_transaction | default(omit) }}'
|
||||
skip_lock_tables: '{{ item.skip_lock_tables | default(omit) }}'
|
||||
sql_log_bin: '{{ item.sql_log_bin | default(omit) }}'
|
||||
state: '{{ item.state }}'
|
||||
target: '{{ item.target | default(omit) }}'
|
||||
unsafe_login_password: '{{ item.unsafe_login_password | default(omit) }}'
|
||||
use_shell: '{{ item.use_shell | default(omit) }}'
|
||||
loop: '{{ mariadb_db_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
- name: 'ensure mariadb users'
|
||||
when:
|
||||
- mariadb_user_list is defined
|
||||
- mariadb_user_list is iterable
|
||||
community.mysql.mysql_user:
|
||||
append_privs: '{{ item.append_privs | default(omit) }}'
|
||||
attributes: '{{ item.attributes | default(omit) }}'
|
||||
ca_cert: '{{ item.ca_cert | default(omit) }}'
|
||||
check_hostname: '{{ item.check_hostname | default(omit) }}'
|
||||
check_implicit_admin: '{{ item.check_implicit_admin | default(omit) }}'
|
||||
client_cert: '{{ item.client_cert | default(omit) }}'
|
||||
client_key: '{{ item.client_key | default(omit) }}'
|
||||
column_case_sensitive: '{{ item.column_case_sensitive | default(omit) }}'
|
||||
config_file: '{{ item.config_file | default(omit) }}'
|
||||
connect_timeout: '{{ item.connect_timeout | default(omit) }}'
|
||||
encrypted: '{{ item.encrypted | default(omit) }}'
|
||||
force_context: '{{ item.force_context | default(omit) }}'
|
||||
host: '{{ item.host | default(omit) }}'
|
||||
host_all: '{{ item.host_all | default(omit) }}'
|
||||
locked: '{{ item.locked | default(omit) }}'
|
||||
login_host: '{{ item.login_host | default(omit) }}'
|
||||
login_password: '{{ item.login_password | default(omit) }}'
|
||||
login_port: '{{ item.login_port | default(omit) }}'
|
||||
login_unix_socket: '{{ item.login_unix_socket | default(omit) }}'
|
||||
login_user: '{{ item.login_user | default(omit) }}'
|
||||
name: '{{ item.name }}'
|
||||
password: '{{ item.password | default(omit) }}'
|
||||
password_expire: '{{ item.password_expire | default(omit) }}'
|
||||
password_expire_interval: '{{ item.password_expire_interval | default(omit) }}'
|
||||
plugin: '{{ item.plugin | default(omit) }}'
|
||||
plugin_auth_string: '{{ item.plugin_auth_string | default(omit) }}'
|
||||
plugin_hash_string: '{{ item.plugin_hash_string | default(omit) }}'
|
||||
priv: '{{ item.priv | default(omit) }}'
|
||||
resource_limits: '{{ item.resource_limits | default(omit) }}'
|
||||
salt: '{{ item.salt | default(omit) }}'
|
||||
session_vars: '{{ item.session_vars | default(omit) }}'
|
||||
sql_log_bin: '{{ item.sql_log_bin | default(omit) }}'
|
||||
state: '{{ item.state }}'
|
||||
subtract_privs: '{{ item.subtract_privs | default(omit) }}'
|
||||
tls_requires: '{{ item.tls_requires | default(omit) }}'
|
||||
update_password: '{{ item.update_password | default(omit) }}'
|
||||
loop: '{{ mariadb_user_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
...
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
# phpMyAdmin - Web based MySQL browser written in php
|
||||
#
|
||||
# Allows only localhost by default
|
||||
#
|
||||
# But allowing phpMyAdmin to anyone other than localhost should be considered
|
||||
# dangerous unless properly secured by SSL
|
||||
|
||||
Alias /phpMyAdmin /usr/share/phpMyAdmin
|
||||
Alias /phpmyadmin /usr/share/phpMyAdmin
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/>
|
||||
AddDefaultCharset UTF-8
|
||||
Require ssl
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/>
|
||||
Require local
|
||||
</Directory>
|
||||
|
||||
# These directories do not require access over HTTP - taken from the original
|
||||
# phpMyAdmin upstream tarball
|
||||
#
|
||||
<Directory /usr/share/phpMyAdmin/libraries/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/templates/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/lib/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/frames/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
# This configuration prevents mod_security at phpMyAdmin directories from
|
||||
# filtering SQL etc. This may break your mod_security implementation.
|
||||
#
|
||||
#<IfModule mod_security.c>
|
||||
# <Directory /usr/share/phpMyAdmin/>
|
||||
# SecRuleInheritance Off
|
||||
# </Directory>
|
||||
#</IfModule>
|
||||
@@ -0,0 +1,11 @@
|
||||
#
|
||||
# This group is read both both by the client and the server
|
||||
# use it for options that affect everything
|
||||
#
|
||||
[client-server]
|
||||
|
||||
#
|
||||
# include all files from the config directory
|
||||
#
|
||||
!includedir /etc/my.cnf.d
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
[mariadb]
|
||||
#plugin-load-add=auth_gssapi.so
|
||||
@@ -0,0 +1,14 @@
|
||||
#
|
||||
# These two groups are read by the client library
|
||||
# Use it for options that affect all clients, but not the server
|
||||
#
|
||||
[client]
|
||||
default-character-set = utf8mb4
|
||||
|
||||
# This group is not read by mysql client library,
|
||||
# If you use the same .cnf file for MySQL and MariaDB,
|
||||
# use it for MariaDB-only client options
|
||||
[client-mariadb]
|
||||
ssl
|
||||
# ssl-verify-server-cert
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
[mariadb]
|
||||
#plugin-load-add=cracklib_password_check.so
|
||||
@@ -0,0 +1,20 @@
|
||||
#
|
||||
# !include this file into your my.cnf (or any of *.cnf files in /etc/my.cnf.d)
|
||||
# and it will enable data at rest encryption. This is a simple way to
|
||||
# ensure that everything that can be encrypted will be and your
|
||||
# data will not leak unencrypted.
|
||||
#
|
||||
# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a
|
||||
# newer version and your edits will be lost. Instead, add your edits
|
||||
# to the .cnf file after the !include directive.
|
||||
#
|
||||
# NOTE that you also need to install an encryption plugin for the encryption
|
||||
# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management
|
||||
#
|
||||
[mariadb]
|
||||
aria-encrypt-tables
|
||||
encrypt-binlog
|
||||
encrypt-tmp-disk-tables
|
||||
encrypt-tmp-files
|
||||
loose-innodb-encrypt-log
|
||||
loose-innodb-encrypt-tables
|
||||
@@ -0,0 +1,117 @@
|
||||
# Copyright (C) 2019-2022 MariaDB Corporation
|
||||
#
|
||||
# This is a default configuration for the Hashicorp Vault plugin.
|
||||
# You can read more about the parameters of this plugin in the
|
||||
# hashicorp_key_management.txt file.
|
||||
#
|
||||
# NOTE THAT YOU MUST MANUALLY UNCOMMENT THE "plugin-load-add"
|
||||
# LINE AND ALL THE NECESSARY PARAMETERS BELOW, SETTING THEM
|
||||
# TO APPROPRIATE VALUES!
|
||||
#
|
||||
[mariadb]
|
||||
|
||||
#
|
||||
# To use Hashicorp Vault KMS, the plugin must be preloaded and
|
||||
# activated on the server:
|
||||
#
|
||||
#plugin-load-add=hashicorp_key_management.so
|
||||
|
||||
# Most of its parameters should not be changed during plugin
|
||||
# operation and therefore must be preconfigured as part of
|
||||
# the server configuration:
|
||||
|
||||
#
|
||||
# HTTP[s] URL that is used to connect to the Hashicorp Vault server.
|
||||
# It must include the name of the scheme ("https://" for a secure
|
||||
# connection) and, according to the API rules for storages of the
|
||||
# key-value type in Hashicorp Vault, after the server address, the
|
||||
# path must begin with the "/v1/" string (as prefix), for example:
|
||||
# "https://127.0.0.1:8200/v1/my_secrets"
|
||||
#
|
||||
#hashicorp-key-management-vault-url="<url>"
|
||||
|
||||
#
|
||||
# Authentication token that passed to the Hashicorp Vault
|
||||
# in the request header:
|
||||
#
|
||||
#hashicorp-key-management-token="<token>"
|
||||
|
||||
#
|
||||
# Optional path to the Certificate Authority (CA) bundle
|
||||
# (is a file that contains root and intermediate certificates):
|
||||
#
|
||||
#hashicorp-key-management-vault-ca="<path>"
|
||||
|
||||
#
|
||||
# Set the duration (in seconds) for the Hashicorp Vault server
|
||||
# connection timeout. The allowed range is from 1 to 86400 seconds.
|
||||
# The user can also specify a zero value, which means the default
|
||||
# timeout value set by the libcurl library (currently 300 seconds):
|
||||
#
|
||||
#hashicorp-key-management-timeout=15
|
||||
|
||||
#
|
||||
# Number of server request retries in case of timeout:
|
||||
#
|
||||
#hashicorp-key-management-retries=3
|
||||
|
||||
#
|
||||
# Enable key caching (storing key values received from
|
||||
# the Hashicorp Vault server in the local memory):
|
||||
#
|
||||
#hashicorp-key-management-caching-enabled="on"
|
||||
|
||||
#
|
||||
# This parameter instructs the plugin to use the key values
|
||||
# or version numbers taken from the cache in the event of a
|
||||
# timeout when accessing the vault server. By default this
|
||||
# option is disabled.
|
||||
#
|
||||
# Please note that key values or version numbers will be read
|
||||
# from the cache when the timeout expires only after the number
|
||||
# of attempts to read them from the storage server that specified
|
||||
# by the hashicorp-key-management-retries parameter has been
|
||||
# exhausted:
|
||||
#
|
||||
#hashicorp-key-management-use-cache-on-timeout="off"
|
||||
|
||||
#
|
||||
# The time (in milliseconds) after which the value of the key
|
||||
# stored in the cache becomes invalid and an attempt to read this
|
||||
# data causes a new request send to the vault server. By default,
|
||||
# cache entries become invalid after 60,000 milliseconds (after
|
||||
# one minute).
|
||||
#
|
||||
# If the value of this parameter is zero, then the keys will always
|
||||
# be considered invalid, but they still can be used if the vault
|
||||
# server is unavailable and the corresponding cache operating mode
|
||||
# (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
|
||||
# is enabled.
|
||||
#
|
||||
#hashicorp-key-management-cache-timeout=0
|
||||
|
||||
#
|
||||
# The time (in milliseconds) after which the information about
|
||||
# latest version number of the key (which stored in the cache)
|
||||
# becomes invalid and an attempt to read this information causes
|
||||
# a new request send to the vault server.
|
||||
#
|
||||
# If the value of this parameter is zero, then information abount
|
||||
# latest key version numbers always considered invalid, unless
|
||||
# there is no communication with the vault server and use of the
|
||||
# cache is allowed when the server is unavailable.
|
||||
#
|
||||
# By default, this parameter is zero, that is, the latest version
|
||||
# numbers for the keys stored in the cache are considered always
|
||||
# invalid, except when the vault server is unavailable and use
|
||||
# of the cache is allowed on server failures.
|
||||
#
|
||||
#hashicorp-key-management-cache-version-timeout=0
|
||||
|
||||
#
|
||||
# This parameter enables ("on", this is the default value) or disables
|
||||
# ("off") checking the kv storage version during plugin initialization.
|
||||
# The plugin requires storage to be version 2 or older in order for it
|
||||
# to work properly.
|
||||
#
|
||||
#hashicorp-key-management-check-kv-version=on
|
||||
@@ -0,0 +1,59 @@
|
||||
#
|
||||
# These groups are read by MariaDB server.
|
||||
# Use it for options that only the server (but not clients) should see
|
||||
#
|
||||
# See the examples of server my.cnf files in /usr/share/mysql/
|
||||
#
|
||||
|
||||
# this is read by the standalone daemon and embedded servers
|
||||
[server]
|
||||
|
||||
# this is only for the mysqld standalone daemon
|
||||
# Settings user and group are ignored when systemd is used.
|
||||
# If you need to run mysqld under a different user or group,
|
||||
# customize your systemd unit file for mysqld/mariadb according to the
|
||||
# instructions in http://fedoraproject.org/wiki/Systemd
|
||||
[mysqld]
|
||||
datadir=/var/lib/mysql
|
||||
socket=/var/lib/mysql/mysql.sock
|
||||
log-error=/var/log/mariadb/mariadb.log
|
||||
pid-file=/run/mariadb/mariadb.pid
|
||||
character-set-server = utf8mb4
|
||||
ssl-cert=/etc/my.cnf.d/certificates/pubcert.pem
|
||||
ssl-key=/etc/my.cnf.d/certificates/privkey.pem
|
||||
tls-version=TLSv1.3,TLSv1.2
|
||||
|
||||
|
||||
#
|
||||
# * Galera-related settings
|
||||
#
|
||||
[galera]
|
||||
# Mandatory settings
|
||||
#wsrep_on=ON
|
||||
#wsrep_provider=
|
||||
#wsrep_cluster_address=
|
||||
#binlog_format=row
|
||||
#default_storage_engine=InnoDB
|
||||
#innodb_autoinc_lock_mode=2
|
||||
#
|
||||
# Allow server to accept connections on all interfaces.
|
||||
#
|
||||
#bind-address=0.0.0.0
|
||||
#
|
||||
# Optional setting
|
||||
#wsrep_slave_threads=1
|
||||
#innodb_flush_log_at_trx_commit=0
|
||||
|
||||
# this is only for embedded server
|
||||
[embedded]
|
||||
|
||||
# This group is only read by MariaDB servers, not by MySQL.
|
||||
# If you use the same .cnf file for MySQL and MariaDB,
|
||||
# you can put MariaDB-only options here
|
||||
[mariadb]
|
||||
|
||||
# This group is only read by MariaDB-10.11 servers.
|
||||
# If you use the same .cnf file for MariaDB of different versions,
|
||||
# use this group for options that older servers don't understand
|
||||
[mariadb-10.11]
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
#
|
||||
# These groups are read by MariaDB command-line tools
|
||||
# Use it for options that affect only one utility
|
||||
#
|
||||
|
||||
[mysql]
|
||||
|
||||
[mysql_upgrade]
|
||||
|
||||
[mysqladmin]
|
||||
|
||||
[mysqlbinlog]
|
||||
|
||||
[mysqlcheck]
|
||||
|
||||
[mysqldump]
|
||||
|
||||
[mysqlimport]
|
||||
|
||||
[mysqlshow]
|
||||
|
||||
[mysqlslap]
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_bzip2
|
||||
provider_bzip2=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lz4
|
||||
provider_lz4=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lzma
|
||||
provider_lzma=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lzo
|
||||
provider_lzo=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_snappy
|
||||
provider_snappy=force_plus_permanent
|
||||
@@ -0,0 +1,7 @@
|
||||
[mariadb]
|
||||
#
|
||||
# Uncomment line to enable
|
||||
#
|
||||
#plugin-load-add = ha_spider
|
||||
|
||||
# Read more at https://mariadb.com/kb/en/spider/
|
||||
@@ -0,0 +1,160 @@
|
||||
<?php
|
||||
/**
|
||||
* phpMyAdmin sample configuration, you can use it as base for
|
||||
* manual configuration. For easier setup you can use setup/
|
||||
*
|
||||
* All directives are explained in documentation in the doc/ folder
|
||||
* or at <https://docs.phpmyadmin.net/>.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* This is needed for cookie based authentication to encrypt the cookie.
|
||||
* Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
|
||||
*/
|
||||
$cfg['blowfish_secret'] = '26227697261f24526e194bb441ff689e'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
|
||||
|
||||
/**
|
||||
* Servers configuration
|
||||
*/
|
||||
$i = 0;
|
||||
|
||||
/**
|
||||
* First server
|
||||
*/
|
||||
$i++;
|
||||
/* Authentication type */
|
||||
$cfg['Servers'][$i]['auth_type'] = 'cookie';
|
||||
/* Server parameters */
|
||||
$cfg['Servers'][$i]['host'] = 'localhost';
|
||||
$cfg['Servers'][$i]['compress'] = false;
|
||||
$cfg['Servers'][$i]['AllowNoPassword'] = false;
|
||||
|
||||
/**
|
||||
* phpMyAdmin configuration storage settings.
|
||||
*/
|
||||
|
||||
/* User used to manipulate with storage */
|
||||
// $cfg['Servers'][$i]['controlhost'] = '';
|
||||
// $cfg['Servers'][$i]['controlport'] = '';
|
||||
// $cfg['Servers'][$i]['controluser'] = 'pma';
|
||||
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
|
||||
|
||||
/* Storage database and tables */
|
||||
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
|
||||
// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
|
||||
// $cfg['Servers'][$i]['relation'] = 'pma__relation';
|
||||
// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
|
||||
// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
|
||||
// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
|
||||
// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
|
||||
// $cfg['Servers'][$i]['history'] = 'pma__history';
|
||||
// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
|
||||
// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
|
||||
// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
|
||||
// $cfg['Servers'][$i]['recent'] = 'pma__recent';
|
||||
// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
|
||||
// $cfg['Servers'][$i]['users'] = 'pma__users';
|
||||
// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
|
||||
// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
|
||||
// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
|
||||
// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
|
||||
// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
|
||||
// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
|
||||
|
||||
/**
|
||||
* End of servers configuration
|
||||
*/
|
||||
|
||||
/**
|
||||
* Directories for saving/loading files from server
|
||||
*/
|
||||
$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
|
||||
$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
|
||||
|
||||
/**
|
||||
* Whether to display icons or text or both icons and text in table row
|
||||
* action segment. Value can be either of 'icons', 'text' or 'both'.
|
||||
* default = 'both'
|
||||
*/
|
||||
//$cfg['RowActionType'] = 'icons';
|
||||
|
||||
/**
|
||||
* Defines whether a user should be displayed a "show all (records)"
|
||||
* button in browse mode or not.
|
||||
* default = false
|
||||
*/
|
||||
//$cfg['ShowAll'] = true;
|
||||
|
||||
/**
|
||||
* Number of rows displayed when browsing a result set. If the result
|
||||
* set contains more rows, "Previous" and "Next".
|
||||
* Possible values: 25, 50, 100, 250, 500
|
||||
* default = 25
|
||||
*/
|
||||
//$cfg['MaxRows'] = 50;
|
||||
|
||||
/**
|
||||
* Disallow editing of binary fields
|
||||
* valid values are:
|
||||
* false allow editing
|
||||
* 'blob' allow editing except for BLOB fields
|
||||
* 'noblob' disallow editing except for BLOB fields
|
||||
* 'all' disallow editing
|
||||
* default = 'blob'
|
||||
*/
|
||||
//$cfg['ProtectBinary'] = false;
|
||||
|
||||
/**
|
||||
* Default language to use, if not browser-defined or user-defined
|
||||
* (you find all languages in the locale folder)
|
||||
* uncomment the desired line:
|
||||
* default = 'en'
|
||||
*/
|
||||
//$cfg['DefaultLang'] = 'en';
|
||||
//$cfg['DefaultLang'] = 'de';
|
||||
|
||||
/**
|
||||
* How many columns should be used for table display of a database?
|
||||
* (a value larger than 1 results in some information being hidden)
|
||||
* default = 1
|
||||
*/
|
||||
//$cfg['PropertiesNumColumns'] = 2;
|
||||
|
||||
/**
|
||||
* Set to true if you want DB-based query history.If false, this utilizes
|
||||
* JS-routines to display query history (lost by window close)
|
||||
*
|
||||
* This requires configuration storage enabled, see above.
|
||||
* default = false
|
||||
*/
|
||||
//$cfg['QueryHistoryDB'] = true;
|
||||
|
||||
/**
|
||||
* When using DB-based query history, how many entries should be kept?
|
||||
* default = 25
|
||||
*/
|
||||
//$cfg['QueryHistoryMax'] = 100;
|
||||
|
||||
/**
|
||||
* Whether or not to query the user before sending the error report to
|
||||
* the phpMyAdmin team when a JavaScript error occurs
|
||||
*
|
||||
* Available options
|
||||
* ('ask' | 'always' | 'never')
|
||||
* default = 'ask'
|
||||
*/
|
||||
//$cfg['SendErrorReports'] = 'always';
|
||||
|
||||
/**
|
||||
* 'URLQueryEncryption' defines whether phpMyAdmin will encrypt sensitive data from the URL query string.
|
||||
* 'URLQueryEncryptionSecretKey' is a 32 bytes long secret key used to encrypt/decrypt the URL query string.
|
||||
*/
|
||||
//$cfg['URLQueryEncryption'] = true;
|
||||
//$cfg['URLQueryEncryptionSecretKey'] = '';
|
||||
|
||||
/**
|
||||
* You can find more configuration options in the documentation
|
||||
* in the doc/ folder or at <https://docs.phpmyadmin.net/>.
|
||||
*/
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=Copy TLS Certificates for Mariadb
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=mkdir -p /etc/my.cnf.d/certificates
|
||||
ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ mariadb_vhost }}/*.pem /etc/my.cnf.d/certificates/'
|
||||
ExecStartPost=chown -R mysql:mysql /etc/my.cnf.d/certificates
|
||||
|
||||
[Install]
|
||||
WantedBy=mariadb.service
|
||||
@@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=Copy TLS Certificates for Mariadb
|
||||
|
||||
[Timer]
|
||||
OnUnitActiveSec=5min
|
||||
|
||||
[Install]
|
||||
WantedBy=mariadb.service
|
||||
@@ -0,0 +1,83 @@
|
||||
# It's not recommended to modify this file in-place, because it will be
|
||||
# overwritten during package upgrades. If you want to customize, the
|
||||
# best way is to:
|
||||
#
|
||||
# root> systemctl edit mariadb.service
|
||||
#
|
||||
# Then add additonal directives under a section (probably [Service]).
|
||||
#
|
||||
# For more info about custom unit files, see systemd.unit(5) or
|
||||
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||
#
|
||||
# For example, if you want to increase MariaDB's open-files-limit to 10000,
|
||||
# you need to increase systemd's LimitNOFILE setting, use the contents below:
|
||||
#
|
||||
# [Service]
|
||||
# LimitNOFILE=10000
|
||||
#
|
||||
|
||||
[Unit]
|
||||
Description=MariaDB 10.11 database server
|
||||
Documentation=man:mariadbd(8)
|
||||
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mysql.service
|
||||
Alias=mysqld.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=mysql
|
||||
Group=mysql
|
||||
|
||||
# Use an environment file to pass variable _WSREP_NEW_CLUSTER
|
||||
EnvironmentFile=-/run/mariadb/wsrep-new-cluster
|
||||
# Use an environment file to pass variable _WSREP_START_POSITION
|
||||
EnvironmentFile=-/run/mariadb/wsrep-start-position
|
||||
|
||||
ExecStartPre=/usr/libexec/mariadb-check-socket
|
||||
# '%n' expands to 'Full unit name'; man systemd.unit
|
||||
ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n
|
||||
|
||||
# Perform automatic wsrep recovery. When server is started without wsrep,
|
||||
# galera_recovery simply returns an empty string. In any case, however,
|
||||
# the script is not expected to return with a non-zero status.
|
||||
# It is always safe to remove /run/mariadb/wsrep-start-position
|
||||
# environment file.
|
||||
# Do not panic if galera_recovery script is not available. (MDEV-10538)
|
||||
ExecStartPre=/bin/sh -c "[ ! -e /usr/bin/galera_recovery ] && VAR= || \
|
||||
VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] \
|
||||
&& echo _WSREP_START_POSITION=$VAR > /run/mariadb/wsrep-start-position || exit 1"
|
||||
|
||||
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
|
||||
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||
# per bug #547485
|
||||
ExecStart=/usr/libexec/mariadbd --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION
|
||||
ExecStartPost=/usr/libexec/mariadb-check-upgrade
|
||||
|
||||
# Unset _WSREP_START_POSITION environment variable.
|
||||
ExecStartPost=/bin/rm -f /run/mariadb/wsrep-start-position
|
||||
|
||||
# Setting this to true can break replication and the Type=notify settings
|
||||
# See also bind-address MariaDB option.
|
||||
PrivateNetwork=false
|
||||
|
||||
KillSignal=SIGTERM
|
||||
|
||||
# Don't want to see an automated SIGKILL ever
|
||||
SendSIGKILL=no
|
||||
|
||||
# Restart crashed server only, on-failure would also restart, for example, when
|
||||
# my.cnf contains unknown option
|
||||
Restart=on-abort
|
||||
RestartSec=5s
|
||||
|
||||
UMask=007
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec=300
|
||||
|
||||
# Place temp files in a secure directory, not /tmp
|
||||
PrivateTmp=true
|
||||
@@ -0,0 +1,104 @@
|
||||
# Multi instance version of MariaDB. For if you run mutiple verions at once.
|
||||
# Also used for mariadb@bootstrap to bootstrap Galera.
|
||||
#
|
||||
# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in
|
||||
# /etc/@my.cnf to change per instance settings. A minimumal necessary
|
||||
# configuration items to change to avoid conflicts between instances is:
|
||||
#
|
||||
# [mariadbd.instancename]
|
||||
# # TCP port to make available for clients
|
||||
# port=3306
|
||||
# # Socket to make available for clients
|
||||
# socket=/tmp/mariadb-instancename.sock
|
||||
# # Where MariaDB should store all its data
|
||||
# datadir=/usr/local/mariadb-instancename/data
|
||||
#
|
||||
# and start the service via:
|
||||
#
|
||||
# root> systemctl start mariadb@{instancename}.server
|
||||
#
|
||||
# It's not recommended to modify this file in-place, because it will be
|
||||
# overwritten during package upgrades. If you want to customize, for
|
||||
# all instances, the best way is:
|
||||
#
|
||||
# root> systemctl edit mariadb@.service
|
||||
#
|
||||
# Then add additonal directives under a section (probably [Service]).
|
||||
#
|
||||
# If you only want to change a specific instance:
|
||||
#
|
||||
# root> systemctl edit mariadb@{instancename}.server
|
||||
#
|
||||
# For more info about custom unit files, see systemd.unit(5) or
|
||||
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||
#
|
||||
# For example, if you want to increase MariaDB's open-files-limit to 10000,
|
||||
# you need to increase systemd's LimitNOFILE setting, use the contents below:
|
||||
#
|
||||
# [Service]
|
||||
# LimitNOFILE=10000
|
||||
|
||||
[Unit]
|
||||
Description=MariaDB 10.11 database server
|
||||
Documentation=man:mariadbd(8)
|
||||
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mysql.service
|
||||
Alias=mysqld.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=mysql
|
||||
Group=mysql
|
||||
|
||||
# Use an environment file to pass variable _WSREP_NEW_CLUSTER
|
||||
EnvironmentFile=-/run/mariadb/wsrep-new-cluster
|
||||
# Use an environment file to pass variable _WSREP_START_POSITION
|
||||
EnvironmentFile=-/run/mariadb/wsrep-start-position
|
||||
|
||||
ExecStartPre=/usr/libexec/mariadb-check-socket --defaults-group-suffix=.%I
|
||||
ExecStartPre=/usr/libexec/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n
|
||||
|
||||
# Perform automatic wsrep recovery. When server is started without wsrep,
|
||||
# galera_recovery simply returns an empty string. In any case, however,
|
||||
# the script is not expected to return with a non-zero status.
|
||||
# It is always safe to remove /run/mariadb/wsrep-start-position
|
||||
# environment file.
|
||||
# Do not panic if galera_recovery script is not available. (MDEV-10538)
|
||||
ExecStartPre=/bin/sh -c "[ ! -e /usr/bin/galera_recovery ] && VAR= || \
|
||||
VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] \
|
||||
&& echo _WSREP_START_POSITION=$VAR > /run/mariadb/wsrep-start-position || exit 1"
|
||||
|
||||
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
|
||||
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||
# per bug #547485
|
||||
ExecStart=/usr/libexec/mariadbd --defaults-group-suffix=.%I --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION
|
||||
ExecStartPost=/usr/libexec/mariadb-check-upgrade --defaults-group-suffix=.%I
|
||||
|
||||
# Unset _WSREP_START_POSITION environment variable.
|
||||
ExecStartPost=/bin/rm -f /run/mariadb/wsrep-start-position
|
||||
|
||||
# Setting this to true can break replication and the Type=notify settings
|
||||
# See also bind-address MariaDB option.
|
||||
PrivateNetwork=false
|
||||
|
||||
KillSignal=SIGTERM
|
||||
|
||||
# Don't want to see an automated SIGKILL ever
|
||||
SendSIGKILL=no
|
||||
|
||||
# Restart crashed server only, on-failure would also restart, for example, when
|
||||
# my.cnf contains unknown option
|
||||
Restart=on-abort
|
||||
RestartSec=5s
|
||||
|
||||
UMask=007
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec=300
|
||||
|
||||
# Place temp files in a secure directory, not /tmp
|
||||
PrivateTmp=true
|
||||
@@ -0,0 +1,46 @@
|
||||
# phpMyAdmin - Web based MySQL browser written in php
|
||||
#
|
||||
# Allows only localhost by default
|
||||
#
|
||||
# But allowing phpMyAdmin to anyone other than localhost should be considered
|
||||
# dangerous unless properly secured by SSL
|
||||
|
||||
Alias /phpMyAdmin /usr/share/phpMyAdmin
|
||||
Alias /phpmyadmin /usr/share/phpMyAdmin
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/>
|
||||
AddDefaultCharset UTF-8
|
||||
Require ssl
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/>
|
||||
Require local
|
||||
</Directory>
|
||||
|
||||
# These directories do not require access over HTTP - taken from the original
|
||||
# phpMyAdmin upstream tarball
|
||||
#
|
||||
<Directory /usr/share/phpMyAdmin/libraries/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/templates/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/lib/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/frames/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
# This configuration prevents mod_security at phpMyAdmin directories from
|
||||
# filtering SQL etc. This may break your mod_security implementation.
|
||||
#
|
||||
#<IfModule mod_security.c>
|
||||
# <Directory /usr/share/phpMyAdmin/>
|
||||
# SecRuleInheritance Off
|
||||
# </Directory>
|
||||
#</IfModule>
|
||||
@@ -0,0 +1,11 @@
|
||||
#
|
||||
# This group is read both both by the client and the server
|
||||
# use it for options that affect everything
|
||||
#
|
||||
[client-server]
|
||||
|
||||
#
|
||||
# include all files from the config directory
|
||||
#
|
||||
!includedir /etc/my.cnf.d
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
[mariadb]
|
||||
#plugin-load-add=auth_gssapi.so
|
||||
@@ -0,0 +1,14 @@
|
||||
#
|
||||
# These two groups are read by the client library
|
||||
# Use it for options that affect all clients, but not the server
|
||||
#
|
||||
[client]
|
||||
default-character-set = utf8mb4
|
||||
|
||||
# This group is not read by mysql client library,
|
||||
# If you use the same .cnf file for MySQL and MariaDB,
|
||||
# use it for MariaDB-only client options
|
||||
[client-mariadb]
|
||||
ssl
|
||||
# ssl-verify-server-cert
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
[mariadb]
|
||||
#plugin-load-add=cracklib_password_check.so
|
||||
@@ -0,0 +1,20 @@
|
||||
#
|
||||
# !include this file into your my.cnf (or any of *.cnf files in /etc/my.cnf.d)
|
||||
# and it will enable data at rest encryption. This is a simple way to
|
||||
# ensure that everything that can be encrypted will be and your
|
||||
# data will not leak unencrypted.
|
||||
#
|
||||
# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a
|
||||
# newer version and your edits will be lost. Instead, add your edits
|
||||
# to the .cnf file after the !include directive.
|
||||
#
|
||||
# NOTE that you also need to install an encryption plugin for the encryption
|
||||
# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management
|
||||
#
|
||||
[mariadb]
|
||||
aria-encrypt-tables
|
||||
encrypt-binlog
|
||||
encrypt-tmp-disk-tables
|
||||
encrypt-tmp-files
|
||||
loose-innodb-encrypt-log
|
||||
loose-innodb-encrypt-tables
|
||||
@@ -0,0 +1,117 @@
|
||||
# Copyright (C) 2019-2022 MariaDB Corporation
|
||||
#
|
||||
# This is a default configuration for the Hashicorp Vault plugin.
|
||||
# You can read more about the parameters of this plugin in the
|
||||
# hashicorp_key_management.txt file.
|
||||
#
|
||||
# NOTE THAT YOU MUST MANUALLY UNCOMMENT THE "plugin-load-add"
|
||||
# LINE AND ALL THE NECESSARY PARAMETERS BELOW, SETTING THEM
|
||||
# TO APPROPRIATE VALUES!
|
||||
#
|
||||
[mariadb]
|
||||
|
||||
#
|
||||
# To use Hashicorp Vault KMS, the plugin must be preloaded and
|
||||
# activated on the server:
|
||||
#
|
||||
#plugin-load-add=hashicorp_key_management.so
|
||||
|
||||
# Most of its parameters should not be changed during plugin
|
||||
# operation and therefore must be preconfigured as part of
|
||||
# the server configuration:
|
||||
|
||||
#
|
||||
# HTTP[s] URL that is used to connect to the Hashicorp Vault server.
|
||||
# It must include the name of the scheme ("https://" for a secure
|
||||
# connection) and, according to the API rules for storages of the
|
||||
# key-value type in Hashicorp Vault, after the server address, the
|
||||
# path must begin with the "/v1/" string (as prefix), for example:
|
||||
# "https://127.0.0.1:8200/v1/my_secrets"
|
||||
#
|
||||
#hashicorp-key-management-vault-url="<url>"
|
||||
|
||||
#
|
||||
# Authentication token that passed to the Hashicorp Vault
|
||||
# in the request header:
|
||||
#
|
||||
#hashicorp-key-management-token="<token>"
|
||||
|
||||
#
|
||||
# Optional path to the Certificate Authority (CA) bundle
|
||||
# (is a file that contains root and intermediate certificates):
|
||||
#
|
||||
#hashicorp-key-management-vault-ca="<path>"
|
||||
|
||||
#
|
||||
# Set the duration (in seconds) for the Hashicorp Vault server
|
||||
# connection timeout. The allowed range is from 1 to 86400 seconds.
|
||||
# The user can also specify a zero value, which means the default
|
||||
# timeout value set by the libcurl library (currently 300 seconds):
|
||||
#
|
||||
#hashicorp-key-management-timeout=15
|
||||
|
||||
#
|
||||
# Number of server request retries in case of timeout:
|
||||
#
|
||||
#hashicorp-key-management-retries=3
|
||||
|
||||
#
|
||||
# Enable key caching (storing key values received from
|
||||
# the Hashicorp Vault server in the local memory):
|
||||
#
|
||||
#hashicorp-key-management-caching-enabled="on"
|
||||
|
||||
#
|
||||
# This parameter instructs the plugin to use the key values
|
||||
# or version numbers taken from the cache in the event of a
|
||||
# timeout when accessing the vault server. By default this
|
||||
# option is disabled.
|
||||
#
|
||||
# Please note that key values or version numbers will be read
|
||||
# from the cache when the timeout expires only after the number
|
||||
# of attempts to read them from the storage server that specified
|
||||
# by the hashicorp-key-management-retries parameter has been
|
||||
# exhausted:
|
||||
#
|
||||
#hashicorp-key-management-use-cache-on-timeout="off"
|
||||
|
||||
#
|
||||
# The time (in milliseconds) after which the value of the key
|
||||
# stored in the cache becomes invalid and an attempt to read this
|
||||
# data causes a new request send to the vault server. By default,
|
||||
# cache entries become invalid after 60,000 milliseconds (after
|
||||
# one minute).
|
||||
#
|
||||
# If the value of this parameter is zero, then the keys will always
|
||||
# be considered invalid, but they still can be used if the vault
|
||||
# server is unavailable and the corresponding cache operating mode
|
||||
# (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
|
||||
# is enabled.
|
||||
#
|
||||
#hashicorp-key-management-cache-timeout=0
|
||||
|
||||
#
|
||||
# The time (in milliseconds) after which the information about
|
||||
# latest version number of the key (which stored in the cache)
|
||||
# becomes invalid and an attempt to read this information causes
|
||||
# a new request send to the vault server.
|
||||
#
|
||||
# If the value of this parameter is zero, then information abount
|
||||
# latest key version numbers always considered invalid, unless
|
||||
# there is no communication with the vault server and use of the
|
||||
# cache is allowed when the server is unavailable.
|
||||
#
|
||||
# By default, this parameter is zero, that is, the latest version
|
||||
# numbers for the keys stored in the cache are considered always
|
||||
# invalid, except when the vault server is unavailable and use
|
||||
# of the cache is allowed on server failures.
|
||||
#
|
||||
#hashicorp-key-management-cache-version-timeout=0
|
||||
|
||||
#
|
||||
# This parameter enables ("on", this is the default value) or disables
|
||||
# ("off") checking the kv storage version during plugin initialization.
|
||||
# The plugin requires storage to be version 2 or older in order for it
|
||||
# to work properly.
|
||||
#
|
||||
#hashicorp-key-management-check-kv-version=on
|
||||
@@ -0,0 +1,59 @@
|
||||
#
|
||||
# These groups are read by MariaDB server.
|
||||
# Use it for options that only the server (but not clients) should see
|
||||
#
|
||||
# See the examples of server my.cnf files in /usr/share/mysql/
|
||||
#
|
||||
|
||||
# this is read by the standalone daemon and embedded servers
|
||||
[server]
|
||||
|
||||
# this is only for the mysqld standalone daemon
|
||||
# Settings user and group are ignored when systemd is used.
|
||||
# If you need to run mysqld under a different user or group,
|
||||
# customize your systemd unit file for mysqld/mariadb according to the
|
||||
# instructions in http://fedoraproject.org/wiki/Systemd
|
||||
[mysqld]
|
||||
datadir=/var/lib/mysql
|
||||
socket=/var/lib/mysql/mysql.sock
|
||||
log-error=/var/log/mariadb/mariadb.log
|
||||
pid-file=/run/mariadb/mariadb.pid
|
||||
character-set-server = utf8mb4
|
||||
ssl-cert=/etc/my.cnf.d/certificates/pubcert.pem
|
||||
ssl-key=/etc/my.cnf.d/certificates/privkey.pem
|
||||
tls-version=TLSv1.3,TLSv1.2
|
||||
|
||||
|
||||
#
|
||||
# * Galera-related settings
|
||||
#
|
||||
[galera]
|
||||
# Mandatory settings
|
||||
#wsrep_on=ON
|
||||
#wsrep_provider=
|
||||
#wsrep_cluster_address=
|
||||
#binlog_format=row
|
||||
#default_storage_engine=InnoDB
|
||||
#innodb_autoinc_lock_mode=2
|
||||
#
|
||||
# Allow server to accept connections on all interfaces.
|
||||
#
|
||||
#bind-address=0.0.0.0
|
||||
#
|
||||
# Optional setting
|
||||
#wsrep_slave_threads=1
|
||||
#innodb_flush_log_at_trx_commit=0
|
||||
|
||||
# this is only for embedded server
|
||||
[embedded]
|
||||
|
||||
# This group is only read by MariaDB servers, not by MySQL.
|
||||
# If you use the same .cnf file for MySQL and MariaDB,
|
||||
# you can put MariaDB-only options here
|
||||
[mariadb]
|
||||
|
||||
# This group is only read by MariaDB-10.11 servers.
|
||||
# If you use the same .cnf file for MariaDB of different versions,
|
||||
# use this group for options that older servers don't understand
|
||||
[mariadb-10.11]
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
#
|
||||
# These groups are read by MariaDB command-line tools
|
||||
# Use it for options that affect only one utility
|
||||
#
|
||||
|
||||
[mysql]
|
||||
|
||||
[mysql_upgrade]
|
||||
|
||||
[mysqladmin]
|
||||
|
||||
[mysqlbinlog]
|
||||
|
||||
[mysqlcheck]
|
||||
|
||||
[mysqldump]
|
||||
|
||||
[mysqlimport]
|
||||
|
||||
[mysqlshow]
|
||||
|
||||
[mysqlslap]
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_bzip2
|
||||
provider_bzip2=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lz4
|
||||
provider_lz4=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lzma
|
||||
provider_lzma=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lzo
|
||||
provider_lzo=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_snappy
|
||||
provider_snappy=force_plus_permanent
|
||||
@@ -0,0 +1,7 @@
|
||||
[mariadb]
|
||||
#
|
||||
# Uncomment line to enable
|
||||
#
|
||||
#plugin-load-add = ha_spider
|
||||
|
||||
# Read more at https://mariadb.com/kb/en/spider/
|
||||
@@ -0,0 +1,160 @@
|
||||
<?php
|
||||
/**
|
||||
* phpMyAdmin sample configuration, you can use it as base for
|
||||
* manual configuration. For easier setup you can use setup/
|
||||
*
|
||||
* All directives are explained in documentation in the doc/ folder
|
||||
* or at <https://docs.phpmyadmin.net/>.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* This is needed for cookie based authentication to encrypt the cookie.
|
||||
* Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
|
||||
*/
|
||||
$cfg['blowfish_secret'] = '26227697261f24526e194bb441ff689e'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
|
||||
|
||||
/**
|
||||
* Servers configuration
|
||||
*/
|
||||
$i = 0;
|
||||
|
||||
/**
|
||||
* First server
|
||||
*/
|
||||
$i++;
|
||||
/* Authentication type */
|
||||
$cfg['Servers'][$i]['auth_type'] = 'cookie';
|
||||
/* Server parameters */
|
||||
$cfg['Servers'][$i]['host'] = 'localhost';
|
||||
$cfg['Servers'][$i]['compress'] = false;
|
||||
$cfg['Servers'][$i]['AllowNoPassword'] = false;
|
||||
|
||||
/**
|
||||
* phpMyAdmin configuration storage settings.
|
||||
*/
|
||||
|
||||
/* User used to manipulate with storage */
|
||||
// $cfg['Servers'][$i]['controlhost'] = '';
|
||||
// $cfg['Servers'][$i]['controlport'] = '';
|
||||
// $cfg['Servers'][$i]['controluser'] = 'pma';
|
||||
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
|
||||
|
||||
/* Storage database and tables */
|
||||
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
|
||||
// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
|
||||
// $cfg['Servers'][$i]['relation'] = 'pma__relation';
|
||||
// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
|
||||
// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
|
||||
// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
|
||||
// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
|
||||
// $cfg['Servers'][$i]['history'] = 'pma__history';
|
||||
// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
|
||||
// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
|
||||
// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
|
||||
// $cfg['Servers'][$i]['recent'] = 'pma__recent';
|
||||
// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
|
||||
// $cfg['Servers'][$i]['users'] = 'pma__users';
|
||||
// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
|
||||
// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
|
||||
// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
|
||||
// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
|
||||
// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
|
||||
// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
|
||||
|
||||
/**
|
||||
* End of servers configuration
|
||||
*/
|
||||
|
||||
/**
|
||||
* Directories for saving/loading files from server
|
||||
*/
|
||||
$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
|
||||
$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
|
||||
|
||||
/**
|
||||
* Whether to display icons or text or both icons and text in table row
|
||||
* action segment. Value can be either of 'icons', 'text' or 'both'.
|
||||
* default = 'both'
|
||||
*/
|
||||
//$cfg['RowActionType'] = 'icons';
|
||||
|
||||
/**
|
||||
* Defines whether a user should be displayed a "show all (records)"
|
||||
* button in browse mode or not.
|
||||
* default = false
|
||||
*/
|
||||
//$cfg['ShowAll'] = true;
|
||||
|
||||
/**
|
||||
* Number of rows displayed when browsing a result set. If the result
|
||||
* set contains more rows, "Previous" and "Next".
|
||||
* Possible values: 25, 50, 100, 250, 500
|
||||
* default = 25
|
||||
*/
|
||||
//$cfg['MaxRows'] = 50;
|
||||
|
||||
/**
|
||||
* Disallow editing of binary fields
|
||||
* valid values are:
|
||||
* false allow editing
|
||||
* 'blob' allow editing except for BLOB fields
|
||||
* 'noblob' disallow editing except for BLOB fields
|
||||
* 'all' disallow editing
|
||||
* default = 'blob'
|
||||
*/
|
||||
//$cfg['ProtectBinary'] = false;
|
||||
|
||||
/**
|
||||
* Default language to use, if not browser-defined or user-defined
|
||||
* (you find all languages in the locale folder)
|
||||
* uncomment the desired line:
|
||||
* default = 'en'
|
||||
*/
|
||||
//$cfg['DefaultLang'] = 'en';
|
||||
//$cfg['DefaultLang'] = 'de';
|
||||
|
||||
/**
|
||||
* How many columns should be used for table display of a database?
|
||||
* (a value larger than 1 results in some information being hidden)
|
||||
* default = 1
|
||||
*/
|
||||
//$cfg['PropertiesNumColumns'] = 2;
|
||||
|
||||
/**
|
||||
* Set to true if you want DB-based query history.If false, this utilizes
|
||||
* JS-routines to display query history (lost by window close)
|
||||
*
|
||||
* This requires configuration storage enabled, see above.
|
||||
* default = false
|
||||
*/
|
||||
//$cfg['QueryHistoryDB'] = true;
|
||||
|
||||
/**
|
||||
* When using DB-based query history, how many entries should be kept?
|
||||
* default = 25
|
||||
*/
|
||||
//$cfg['QueryHistoryMax'] = 100;
|
||||
|
||||
/**
|
||||
* Whether or not to query the user before sending the error report to
|
||||
* the phpMyAdmin team when a JavaScript error occurs
|
||||
*
|
||||
* Available options
|
||||
* ('ask' | 'always' | 'never')
|
||||
* default = 'ask'
|
||||
*/
|
||||
//$cfg['SendErrorReports'] = 'always';
|
||||
|
||||
/**
|
||||
* 'URLQueryEncryption' defines whether phpMyAdmin will encrypt sensitive data from the URL query string.
|
||||
* 'URLQueryEncryptionSecretKey' is a 32 bytes long secret key used to encrypt/decrypt the URL query string.
|
||||
*/
|
||||
//$cfg['URLQueryEncryption'] = true;
|
||||
//$cfg['URLQueryEncryptionSecretKey'] = '';
|
||||
|
||||
/**
|
||||
* You can find more configuration options in the documentation
|
||||
* in the doc/ folder or at <https://docs.phpmyadmin.net/>.
|
||||
*/
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=Copy TLS Certificates for Mariadb
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=mkdir -p /etc/my.cnf.d/certificates
|
||||
ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ mariadb_vhost }}/*.pem /etc/my.cnf.d/certificates/'
|
||||
ExecStartPost=chown -R mysql:mysql /etc/my.cnf.d/certificates
|
||||
|
||||
[Install]
|
||||
WantedBy=mariadb.service
|
||||
@@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=Copy TLS Certificates for Mariadb
|
||||
|
||||
[Timer]
|
||||
OnUnitActiveSec=5min
|
||||
|
||||
[Install]
|
||||
WantedBy=mariadb.service
|
||||
@@ -0,0 +1,83 @@
|
||||
# It's not recommended to modify this file in-place, because it will be
|
||||
# overwritten during package upgrades. If you want to customize, the
|
||||
# best way is to:
|
||||
#
|
||||
# root> systemctl edit mariadb.service
|
||||
#
|
||||
# Then add additonal directives under a section (probably [Service]).
|
||||
#
|
||||
# For more info about custom unit files, see systemd.unit(5) or
|
||||
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||
#
|
||||
# For example, if you want to increase MariaDB's open-files-limit to 10000,
|
||||
# you need to increase systemd's LimitNOFILE setting, use the contents below:
|
||||
#
|
||||
# [Service]
|
||||
# LimitNOFILE=10000
|
||||
#
|
||||
|
||||
[Unit]
|
||||
Description=MariaDB 10.11 database server
|
||||
Documentation=man:mariadbd(8)
|
||||
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mysql.service
|
||||
Alias=mysqld.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=mysql
|
||||
Group=mysql
|
||||
|
||||
# Use an environment file to pass variable _WSREP_NEW_CLUSTER
|
||||
EnvironmentFile=-/run/mariadb/wsrep-new-cluster
|
||||
# Use an environment file to pass variable _WSREP_START_POSITION
|
||||
EnvironmentFile=-/run/mariadb/wsrep-start-position
|
||||
|
||||
ExecStartPre=/usr/libexec/mariadb-check-socket
|
||||
# '%n' expands to 'Full unit name'; man systemd.unit
|
||||
ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n
|
||||
|
||||
# Perform automatic wsrep recovery. When server is started without wsrep,
|
||||
# galera_recovery simply returns an empty string. In any case, however,
|
||||
# the script is not expected to return with a non-zero status.
|
||||
# It is always safe to remove /run/mariadb/wsrep-start-position
|
||||
# environment file.
|
||||
# Do not panic if galera_recovery script is not available. (MDEV-10538)
|
||||
ExecStartPre=/bin/sh -c "[ ! -e /usr/bin/galera_recovery ] && VAR= || \
|
||||
VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] \
|
||||
&& echo _WSREP_START_POSITION=$VAR > /run/mariadb/wsrep-start-position || exit 1"
|
||||
|
||||
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
|
||||
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||
# per bug #547485
|
||||
ExecStart=/usr/libexec/mariadbd --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION
|
||||
ExecStartPost=/usr/libexec/mariadb-check-upgrade
|
||||
|
||||
# Unset _WSREP_START_POSITION environment variable.
|
||||
ExecStartPost=/bin/rm -f /run/mariadb/wsrep-start-position
|
||||
|
||||
# Setting this to true can break replication and the Type=notify settings
|
||||
# See also bind-address MariaDB option.
|
||||
PrivateNetwork=false
|
||||
|
||||
KillSignal=SIGTERM
|
||||
|
||||
# Don't want to see an automated SIGKILL ever
|
||||
SendSIGKILL=no
|
||||
|
||||
# Restart crashed server only, on-failure would also restart, for example, when
|
||||
# my.cnf contains unknown option
|
||||
Restart=on-abort
|
||||
RestartSec=5s
|
||||
|
||||
UMask=007
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec=300
|
||||
|
||||
# Place temp files in a secure directory, not /tmp
|
||||
PrivateTmp=true
|
||||
@@ -0,0 +1,104 @@
|
||||
# Multi instance version of MariaDB. For if you run mutiple verions at once.
|
||||
# Also used for mariadb@bootstrap to bootstrap Galera.
|
||||
#
|
||||
# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in
|
||||
# /etc/@my.cnf to change per instance settings. A minimumal necessary
|
||||
# configuration items to change to avoid conflicts between instances is:
|
||||
#
|
||||
# [mariadbd.instancename]
|
||||
# # TCP port to make available for clients
|
||||
# port=3306
|
||||
# # Socket to make available for clients
|
||||
# socket=/tmp/mariadb-instancename.sock
|
||||
# # Where MariaDB should store all its data
|
||||
# datadir=/usr/local/mariadb-instancename/data
|
||||
#
|
||||
# and start the service via:
|
||||
#
|
||||
# root> systemctl start mariadb@{instancename}.server
|
||||
#
|
||||
# It's not recommended to modify this file in-place, because it will be
|
||||
# overwritten during package upgrades. If you want to customize, for
|
||||
# all instances, the best way is:
|
||||
#
|
||||
# root> systemctl edit mariadb@.service
|
||||
#
|
||||
# Then add additonal directives under a section (probably [Service]).
|
||||
#
|
||||
# If you only want to change a specific instance:
|
||||
#
|
||||
# root> systemctl edit mariadb@{instancename}.server
|
||||
#
|
||||
# For more info about custom unit files, see systemd.unit(5) or
|
||||
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||
#
|
||||
# For example, if you want to increase MariaDB's open-files-limit to 10000,
|
||||
# you need to increase systemd's LimitNOFILE setting, use the contents below:
|
||||
#
|
||||
# [Service]
|
||||
# LimitNOFILE=10000
|
||||
|
||||
[Unit]
|
||||
Description=MariaDB 10.11 database server
|
||||
Documentation=man:mariadbd(8)
|
||||
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mysql.service
|
||||
Alias=mysqld.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=mysql
|
||||
Group=mysql
|
||||
|
||||
# Use an environment file to pass variable _WSREP_NEW_CLUSTER
|
||||
EnvironmentFile=-/run/mariadb/wsrep-new-cluster
|
||||
# Use an environment file to pass variable _WSREP_START_POSITION
|
||||
EnvironmentFile=-/run/mariadb/wsrep-start-position
|
||||
|
||||
ExecStartPre=/usr/libexec/mariadb-check-socket --defaults-group-suffix=.%I
|
||||
ExecStartPre=/usr/libexec/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n
|
||||
|
||||
# Perform automatic wsrep recovery. When server is started without wsrep,
|
||||
# galera_recovery simply returns an empty string. In any case, however,
|
||||
# the script is not expected to return with a non-zero status.
|
||||
# It is always safe to remove /run/mariadb/wsrep-start-position
|
||||
# environment file.
|
||||
# Do not panic if galera_recovery script is not available. (MDEV-10538)
|
||||
ExecStartPre=/bin/sh -c "[ ! -e /usr/bin/galera_recovery ] && VAR= || \
|
||||
VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] \
|
||||
&& echo _WSREP_START_POSITION=$VAR > /run/mariadb/wsrep-start-position || exit 1"
|
||||
|
||||
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
|
||||
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||
# per bug #547485
|
||||
ExecStart=/usr/libexec/mariadbd --defaults-group-suffix=.%I --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION
|
||||
ExecStartPost=/usr/libexec/mariadb-check-upgrade --defaults-group-suffix=.%I
|
||||
|
||||
# Unset _WSREP_START_POSITION environment variable.
|
||||
ExecStartPost=/bin/rm -f /run/mariadb/wsrep-start-position
|
||||
|
||||
# Setting this to true can break replication and the Type=notify settings
|
||||
# See also bind-address MariaDB option.
|
||||
PrivateNetwork=false
|
||||
|
||||
KillSignal=SIGTERM
|
||||
|
||||
# Don't want to see an automated SIGKILL ever
|
||||
SendSIGKILL=no
|
||||
|
||||
# Restart crashed server only, on-failure would also restart, for example, when
|
||||
# my.cnf contains unknown option
|
||||
Restart=on-abort
|
||||
RestartSec=5s
|
||||
|
||||
UMask=007
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec=300
|
||||
|
||||
# Place temp files in a secure directory, not /tmp
|
||||
PrivateTmp=true
|
||||
@@ -0,0 +1,46 @@
|
||||
# phpMyAdmin - Web based MySQL browser written in php
|
||||
#
|
||||
# Allows only localhost by default
|
||||
#
|
||||
# But allowing phpMyAdmin to anyone other than localhost should be considered
|
||||
# dangerous unless properly secured by SSL
|
||||
|
||||
Alias /phpMyAdmin /usr/share/phpMyAdmin
|
||||
Alias /phpmyadmin /usr/share/phpMyAdmin
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/>
|
||||
AddDefaultCharset UTF-8
|
||||
Require ssl
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/>
|
||||
Require local
|
||||
</Directory>
|
||||
|
||||
# These directories do not require access over HTTP - taken from the original
|
||||
# phpMyAdmin upstream tarball
|
||||
#
|
||||
<Directory /usr/share/phpMyAdmin/libraries/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/templates/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/lib/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/phpMyAdmin/setup/frames/>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
# This configuration prevents mod_security at phpMyAdmin directories from
|
||||
# filtering SQL etc. This may break your mod_security implementation.
|
||||
#
|
||||
#<IfModule mod_security.c>
|
||||
# <Directory /usr/share/phpMyAdmin/>
|
||||
# SecRuleInheritance Off
|
||||
# </Directory>
|
||||
#</IfModule>
|
||||
@@ -0,0 +1,11 @@
|
||||
#
|
||||
# This group is read both both by the client and the server
|
||||
# use it for options that affect everything
|
||||
#
|
||||
[client-server]
|
||||
|
||||
#
|
||||
# include all files from the config directory
|
||||
#
|
||||
!includedir /etc/my.cnf.d
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
[mariadb]
|
||||
#plugin-load-add=auth_gssapi.so
|
||||
@@ -0,0 +1,14 @@
|
||||
#
|
||||
# These two groups are read by the client library
|
||||
# Use it for options that affect all clients, but not the server
|
||||
#
|
||||
[client]
|
||||
default-character-set = utf8mb4
|
||||
|
||||
# This group is not read by mysql client library,
|
||||
# If you use the same .cnf file for MySQL and MariaDB,
|
||||
# use it for MariaDB-only client options
|
||||
[client-mariadb]
|
||||
ssl
|
||||
# ssl-verify-server-cert
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
[mariadb]
|
||||
#plugin-load-add=cracklib_password_check.so
|
||||
@@ -0,0 +1,20 @@
|
||||
#
|
||||
# !include this file into your my.cnf (or any of *.cnf files in /etc/my.cnf.d)
|
||||
# and it will enable data at rest encryption. This is a simple way to
|
||||
# ensure that everything that can be encrypted will be and your
|
||||
# data will not leak unencrypted.
|
||||
#
|
||||
# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a
|
||||
# newer version and your edits will be lost. Instead, add your edits
|
||||
# to the .cnf file after the !include directive.
|
||||
#
|
||||
# NOTE that you also need to install an encryption plugin for the encryption
|
||||
# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management
|
||||
#
|
||||
[mariadb]
|
||||
aria-encrypt-tables
|
||||
encrypt-binlog
|
||||
encrypt-tmp-disk-tables
|
||||
encrypt-tmp-files
|
||||
loose-innodb-encrypt-log
|
||||
loose-innodb-encrypt-tables
|
||||
@@ -0,0 +1,117 @@
|
||||
# Copyright (C) 2019-2022 MariaDB Corporation
|
||||
#
|
||||
# This is a default configuration for the Hashicorp Vault plugin.
|
||||
# You can read more about the parameters of this plugin in the
|
||||
# hashicorp_key_management.txt file.
|
||||
#
|
||||
# NOTE THAT YOU MUST MANUALLY UNCOMMENT THE "plugin-load-add"
|
||||
# LINE AND ALL THE NECESSARY PARAMETERS BELOW, SETTING THEM
|
||||
# TO APPROPRIATE VALUES!
|
||||
#
|
||||
[mariadb]
|
||||
|
||||
#
|
||||
# To use Hashicorp Vault KMS, the plugin must be preloaded and
|
||||
# activated on the server:
|
||||
#
|
||||
#plugin-load-add=hashicorp_key_management.so
|
||||
|
||||
# Most of its parameters should not be changed during plugin
|
||||
# operation and therefore must be preconfigured as part of
|
||||
# the server configuration:
|
||||
|
||||
#
|
||||
# HTTP[s] URL that is used to connect to the Hashicorp Vault server.
|
||||
# It must include the name of the scheme ("https://" for a secure
|
||||
# connection) and, according to the API rules for storages of the
|
||||
# key-value type in Hashicorp Vault, after the server address, the
|
||||
# path must begin with the "/v1/" string (as prefix), for example:
|
||||
# "https://127.0.0.1:8200/v1/my_secrets"
|
||||
#
|
||||
#hashicorp-key-management-vault-url="<url>"
|
||||
|
||||
#
|
||||
# Authentication token that passed to the Hashicorp Vault
|
||||
# in the request header:
|
||||
#
|
||||
#hashicorp-key-management-token="<token>"
|
||||
|
||||
#
|
||||
# Optional path to the Certificate Authority (CA) bundle
|
||||
# (is a file that contains root and intermediate certificates):
|
||||
#
|
||||
#hashicorp-key-management-vault-ca="<path>"
|
||||
|
||||
#
|
||||
# Set the duration (in seconds) for the Hashicorp Vault server
|
||||
# connection timeout. The allowed range is from 1 to 86400 seconds.
|
||||
# The user can also specify a zero value, which means the default
|
||||
# timeout value set by the libcurl library (currently 300 seconds):
|
||||
#
|
||||
#hashicorp-key-management-timeout=15
|
||||
|
||||
#
|
||||
# Number of server request retries in case of timeout:
|
||||
#
|
||||
#hashicorp-key-management-retries=3
|
||||
|
||||
#
|
||||
# Enable key caching (storing key values received from
|
||||
# the Hashicorp Vault server in the local memory):
|
||||
#
|
||||
#hashicorp-key-management-caching-enabled="on"
|
||||
|
||||
#
|
||||
# This parameter instructs the plugin to use the key values
|
||||
# or version numbers taken from the cache in the event of a
|
||||
# timeout when accessing the vault server. By default this
|
||||
# option is disabled.
|
||||
#
|
||||
# Please note that key values or version numbers will be read
|
||||
# from the cache when the timeout expires only after the number
|
||||
# of attempts to read them from the storage server that specified
|
||||
# by the hashicorp-key-management-retries parameter has been
|
||||
# exhausted:
|
||||
#
|
||||
#hashicorp-key-management-use-cache-on-timeout="off"
|
||||
|
||||
#
|
||||
# The time (in milliseconds) after which the value of the key
|
||||
# stored in the cache becomes invalid and an attempt to read this
|
||||
# data causes a new request send to the vault server. By default,
|
||||
# cache entries become invalid after 60,000 milliseconds (after
|
||||
# one minute).
|
||||
#
|
||||
# If the value of this parameter is zero, then the keys will always
|
||||
# be considered invalid, but they still can be used if the vault
|
||||
# server is unavailable and the corresponding cache operating mode
|
||||
# (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
|
||||
# is enabled.
|
||||
#
|
||||
#hashicorp-key-management-cache-timeout=0
|
||||
|
||||
#
|
||||
# The time (in milliseconds) after which the information about
|
||||
# latest version number of the key (which stored in the cache)
|
||||
# becomes invalid and an attempt to read this information causes
|
||||
# a new request send to the vault server.
|
||||
#
|
||||
# If the value of this parameter is zero, then information abount
|
||||
# latest key version numbers always considered invalid, unless
|
||||
# there is no communication with the vault server and use of the
|
||||
# cache is allowed when the server is unavailable.
|
||||
#
|
||||
# By default, this parameter is zero, that is, the latest version
|
||||
# numbers for the keys stored in the cache are considered always
|
||||
# invalid, except when the vault server is unavailable and use
|
||||
# of the cache is allowed on server failures.
|
||||
#
|
||||
#hashicorp-key-management-cache-version-timeout=0
|
||||
|
||||
#
|
||||
# This parameter enables ("on", this is the default value) or disables
|
||||
# ("off") checking the kv storage version during plugin initialization.
|
||||
# The plugin requires storage to be version 2 or older in order for it
|
||||
# to work properly.
|
||||
#
|
||||
#hashicorp-key-management-check-kv-version=on
|
||||
@@ -0,0 +1,59 @@
|
||||
#
|
||||
# These groups are read by MariaDB server.
|
||||
# Use it for options that only the server (but not clients) should see
|
||||
#
|
||||
# See the examples of server my.cnf files in /usr/share/mysql/
|
||||
#
|
||||
|
||||
# this is read by the standalone daemon and embedded servers
|
||||
[server]
|
||||
|
||||
# this is only for the mysqld standalone daemon
|
||||
# Settings user and group are ignored when systemd is used.
|
||||
# If you need to run mysqld under a different user or group,
|
||||
# customize your systemd unit file for mysqld/mariadb according to the
|
||||
# instructions in http://fedoraproject.org/wiki/Systemd
|
||||
[mysqld]
|
||||
datadir=/var/lib/mysql
|
||||
socket=/var/lib/mysql/mysql.sock
|
||||
log-error=/var/log/mariadb/mariadb.log
|
||||
pid-file=/run/mariadb/mariadb.pid
|
||||
character-set-server = utf8mb4
|
||||
ssl-cert=/etc/my.cnf.d/certificates/pubcert.pem
|
||||
ssl-key=/etc/my.cnf.d/certificates/privkey.pem
|
||||
tls-version=TLSv1.3,TLSv1.2
|
||||
|
||||
|
||||
#
|
||||
# * Galera-related settings
|
||||
#
|
||||
[galera]
|
||||
# Mandatory settings
|
||||
#wsrep_on=ON
|
||||
#wsrep_provider=
|
||||
#wsrep_cluster_address=
|
||||
#binlog_format=row
|
||||
#default_storage_engine=InnoDB
|
||||
#innodb_autoinc_lock_mode=2
|
||||
#
|
||||
# Allow server to accept connections on all interfaces.
|
||||
#
|
||||
#bind-address=0.0.0.0
|
||||
#
|
||||
# Optional setting
|
||||
#wsrep_slave_threads=1
|
||||
#innodb_flush_log_at_trx_commit=0
|
||||
|
||||
# this is only for embedded server
|
||||
[embedded]
|
||||
|
||||
# This group is only read by MariaDB servers, not by MySQL.
|
||||
# If you use the same .cnf file for MySQL and MariaDB,
|
||||
# you can put MariaDB-only options here
|
||||
[mariadb]
|
||||
|
||||
# This group is only read by MariaDB-10.11 servers.
|
||||
# If you use the same .cnf file for MariaDB of different versions,
|
||||
# use this group for options that older servers don't understand
|
||||
[mariadb-10.11]
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
#
|
||||
# These groups are read by MariaDB command-line tools
|
||||
# Use it for options that affect only one utility
|
||||
#
|
||||
|
||||
[mysql]
|
||||
|
||||
[mysql_upgrade]
|
||||
|
||||
[mysqladmin]
|
||||
|
||||
[mysqlbinlog]
|
||||
|
||||
[mysqlcheck]
|
||||
|
||||
[mysqldump]
|
||||
|
||||
[mysqlimport]
|
||||
|
||||
[mysqlshow]
|
||||
|
||||
[mysqlslap]
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_bzip2
|
||||
provider_bzip2=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lz4
|
||||
provider_lz4=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lzma
|
||||
provider_lzma=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_lzo
|
||||
provider_lzo=force_plus_permanent
|
||||
@@ -0,0 +1,3 @@
|
||||
[server]
|
||||
plugin_load_add=provider_snappy
|
||||
provider_snappy=force_plus_permanent
|
||||
@@ -0,0 +1,7 @@
|
||||
[mariadb]
|
||||
#
|
||||
# Uncomment line to enable
|
||||
#
|
||||
#plugin-load-add = ha_spider
|
||||
|
||||
# Read more at https://mariadb.com/kb/en/spider/
|
||||
@@ -0,0 +1,160 @@
|
||||
<?php
|
||||
/**
|
||||
* phpMyAdmin sample configuration, you can use it as base for
|
||||
* manual configuration. For easier setup you can use setup/
|
||||
*
|
||||
* All directives are explained in documentation in the doc/ folder
|
||||
* or at <https://docs.phpmyadmin.net/>.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* This is needed for cookie based authentication to encrypt the cookie.
|
||||
* Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
|
||||
*/
|
||||
$cfg['blowfish_secret'] = '26227697261f24526e194bb441ff689e'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
|
||||
|
||||
/**
|
||||
* Servers configuration
|
||||
*/
|
||||
$i = 0;
|
||||
|
||||
/**
|
||||
* First server
|
||||
*/
|
||||
$i++;
|
||||
/* Authentication type */
|
||||
$cfg['Servers'][$i]['auth_type'] = 'cookie';
|
||||
/* Server parameters */
|
||||
$cfg['Servers'][$i]['host'] = 'localhost';
|
||||
$cfg['Servers'][$i]['compress'] = false;
|
||||
$cfg['Servers'][$i]['AllowNoPassword'] = false;
|
||||
|
||||
/**
|
||||
* phpMyAdmin configuration storage settings.
|
||||
*/
|
||||
|
||||
/* User used to manipulate with storage */
|
||||
// $cfg['Servers'][$i]['controlhost'] = '';
|
||||
// $cfg['Servers'][$i]['controlport'] = '';
|
||||
// $cfg['Servers'][$i]['controluser'] = 'pma';
|
||||
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
|
||||
|
||||
/* Storage database and tables */
|
||||
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
|
||||
// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
|
||||
// $cfg['Servers'][$i]['relation'] = 'pma__relation';
|
||||
// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
|
||||
// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
|
||||
// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
|
||||
// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
|
||||
// $cfg['Servers'][$i]['history'] = 'pma__history';
|
||||
// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
|
||||
// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
|
||||
// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
|
||||
// $cfg['Servers'][$i]['recent'] = 'pma__recent';
|
||||
// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
|
||||
// $cfg['Servers'][$i]['users'] = 'pma__users';
|
||||
// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
|
||||
// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
|
||||
// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
|
||||
// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
|
||||
// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
|
||||
// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
|
||||
|
||||
/**
|
||||
* End of servers configuration
|
||||
*/
|
||||
|
||||
/**
|
||||
* Directories for saving/loading files from server
|
||||
*/
|
||||
$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
|
||||
$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
|
||||
|
||||
/**
|
||||
* Whether to display icons or text or both icons and text in table row
|
||||
* action segment. Value can be either of 'icons', 'text' or 'both'.
|
||||
* default = 'both'
|
||||
*/
|
||||
//$cfg['RowActionType'] = 'icons';
|
||||
|
||||
/**
|
||||
* Defines whether a user should be displayed a "show all (records)"
|
||||
* button in browse mode or not.
|
||||
* default = false
|
||||
*/
|
||||
//$cfg['ShowAll'] = true;
|
||||
|
||||
/**
|
||||
* Number of rows displayed when browsing a result set. If the result
|
||||
* set contains more rows, "Previous" and "Next".
|
||||
* Possible values: 25, 50, 100, 250, 500
|
||||
* default = 25
|
||||
*/
|
||||
//$cfg['MaxRows'] = 50;
|
||||
|
||||
/**
|
||||
* Disallow editing of binary fields
|
||||
* valid values are:
|
||||
* false allow editing
|
||||
* 'blob' allow editing except for BLOB fields
|
||||
* 'noblob' disallow editing except for BLOB fields
|
||||
* 'all' disallow editing
|
||||
* default = 'blob'
|
||||
*/
|
||||
//$cfg['ProtectBinary'] = false;
|
||||
|
||||
/**
|
||||
* Default language to use, if not browser-defined or user-defined
|
||||
* (you find all languages in the locale folder)
|
||||
* uncomment the desired line:
|
||||
* default = 'en'
|
||||
*/
|
||||
//$cfg['DefaultLang'] = 'en';
|
||||
//$cfg['DefaultLang'] = 'de';
|
||||
|
||||
/**
|
||||
* How many columns should be used for table display of a database?
|
||||
* (a value larger than 1 results in some information being hidden)
|
||||
* default = 1
|
||||
*/
|
||||
//$cfg['PropertiesNumColumns'] = 2;
|
||||
|
||||
/**
|
||||
* Set to true if you want DB-based query history.If false, this utilizes
|
||||
* JS-routines to display query history (lost by window close)
|
||||
*
|
||||
* This requires configuration storage enabled, see above.
|
||||
* default = false
|
||||
*/
|
||||
//$cfg['QueryHistoryDB'] = true;
|
||||
|
||||
/**
|
||||
* When using DB-based query history, how many entries should be kept?
|
||||
* default = 25
|
||||
*/
|
||||
//$cfg['QueryHistoryMax'] = 100;
|
||||
|
||||
/**
|
||||
* Whether or not to query the user before sending the error report to
|
||||
* the phpMyAdmin team when a JavaScript error occurs
|
||||
*
|
||||
* Available options
|
||||
* ('ask' | 'always' | 'never')
|
||||
* default = 'ask'
|
||||
*/
|
||||
//$cfg['SendErrorReports'] = 'always';
|
||||
|
||||
/**
|
||||
* 'URLQueryEncryption' defines whether phpMyAdmin will encrypt sensitive data from the URL query string.
|
||||
* 'URLQueryEncryptionSecretKey' is a 32 bytes long secret key used to encrypt/decrypt the URL query string.
|
||||
*/
|
||||
//$cfg['URLQueryEncryption'] = true;
|
||||
//$cfg['URLQueryEncryptionSecretKey'] = '';
|
||||
|
||||
/**
|
||||
* You can find more configuration options in the documentation
|
||||
* in the doc/ folder or at <https://docs.phpmyadmin.net/>.
|
||||
*/
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=Copy TLS Certificates for Mariadb
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=mkdir -p /etc/my.cnf.d/certificates
|
||||
ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ mariadb_vhost }}/*.pem /etc/my.cnf.d/certificates/'
|
||||
ExecStartPost=chown -R mysql:mysql /etc/my.cnf.d/certificates
|
||||
|
||||
[Install]
|
||||
WantedBy=mariadb.service
|
||||
@@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=Copy TLS Certificates for Mariadb
|
||||
|
||||
[Timer]
|
||||
OnUnitActiveSec=5min
|
||||
|
||||
[Install]
|
||||
WantedBy=mariadb.service
|
||||
@@ -0,0 +1,83 @@
|
||||
# It's not recommended to modify this file in-place, because it will be
|
||||
# overwritten during package upgrades. If you want to customize, the
|
||||
# best way is to:
|
||||
#
|
||||
# root> systemctl edit mariadb.service
|
||||
#
|
||||
# Then add additonal directives under a section (probably [Service]).
|
||||
#
|
||||
# For more info about custom unit files, see systemd.unit(5) or
|
||||
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||
#
|
||||
# For example, if you want to increase MariaDB's open-files-limit to 10000,
|
||||
# you need to increase systemd's LimitNOFILE setting, use the contents below:
|
||||
#
|
||||
# [Service]
|
||||
# LimitNOFILE=10000
|
||||
#
|
||||
|
||||
[Unit]
|
||||
Description=MariaDB 10.11 database server
|
||||
Documentation=man:mariadbd(8)
|
||||
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mysql.service
|
||||
Alias=mysqld.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=mysql
|
||||
Group=mysql
|
||||
|
||||
# Use an environment file to pass variable _WSREP_NEW_CLUSTER
|
||||
EnvironmentFile=-/run/mariadb/wsrep-new-cluster
|
||||
# Use an environment file to pass variable _WSREP_START_POSITION
|
||||
EnvironmentFile=-/run/mariadb/wsrep-start-position
|
||||
|
||||
ExecStartPre=/usr/libexec/mariadb-check-socket
|
||||
# '%n' expands to 'Full unit name'; man systemd.unit
|
||||
ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n
|
||||
|
||||
# Perform automatic wsrep recovery. When server is started without wsrep,
|
||||
# galera_recovery simply returns an empty string. In any case, however,
|
||||
# the script is not expected to return with a non-zero status.
|
||||
# It is always safe to remove /run/mariadb/wsrep-start-position
|
||||
# environment file.
|
||||
# Do not panic if galera_recovery script is not available. (MDEV-10538)
|
||||
ExecStartPre=/bin/sh -c "[ ! -e /usr/bin/galera_recovery ] && VAR= || \
|
||||
VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] \
|
||||
&& echo _WSREP_START_POSITION=$VAR > /run/mariadb/wsrep-start-position || exit 1"
|
||||
|
||||
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
|
||||
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||
# per bug #547485
|
||||
ExecStart=/usr/libexec/mariadbd --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION
|
||||
ExecStartPost=/usr/libexec/mariadb-check-upgrade
|
||||
|
||||
# Unset _WSREP_START_POSITION environment variable.
|
||||
ExecStartPost=/bin/rm -f /run/mariadb/wsrep-start-position
|
||||
|
||||
# Setting this to true can break replication and the Type=notify settings
|
||||
# See also bind-address MariaDB option.
|
||||
PrivateNetwork=false
|
||||
|
||||
KillSignal=SIGTERM
|
||||
|
||||
# Don't want to see an automated SIGKILL ever
|
||||
SendSIGKILL=no
|
||||
|
||||
# Restart crashed server only, on-failure would also restart, for example, when
|
||||
# my.cnf contains unknown option
|
||||
Restart=on-abort
|
||||
RestartSec=5s
|
||||
|
||||
UMask=007
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec=300
|
||||
|
||||
# Place temp files in a secure directory, not /tmp
|
||||
PrivateTmp=true
|
||||
@@ -0,0 +1,104 @@
|
||||
# Multi instance version of MariaDB. For if you run mutiple verions at once.
|
||||
# Also used for mariadb@bootstrap to bootstrap Galera.
|
||||
#
|
||||
# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in
|
||||
# /etc/@my.cnf to change per instance settings. A minimumal necessary
|
||||
# configuration items to change to avoid conflicts between instances is:
|
||||
#
|
||||
# [mariadbd.instancename]
|
||||
# # TCP port to make available for clients
|
||||
# port=3306
|
||||
# # Socket to make available for clients
|
||||
# socket=/tmp/mariadb-instancename.sock
|
||||
# # Where MariaDB should store all its data
|
||||
# datadir=/usr/local/mariadb-instancename/data
|
||||
#
|
||||
# and start the service via:
|
||||
#
|
||||
# root> systemctl start mariadb@{instancename}.server
|
||||
#
|
||||
# It's not recommended to modify this file in-place, because it will be
|
||||
# overwritten during package upgrades. If you want to customize, for
|
||||
# all instances, the best way is:
|
||||
#
|
||||
# root> systemctl edit mariadb@.service
|
||||
#
|
||||
# Then add additonal directives under a section (probably [Service]).
|
||||
#
|
||||
# If you only want to change a specific instance:
|
||||
#
|
||||
# root> systemctl edit mariadb@{instancename}.server
|
||||
#
|
||||
# For more info about custom unit files, see systemd.unit(5) or
|
||||
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||
#
|
||||
# For example, if you want to increase MariaDB's open-files-limit to 10000,
|
||||
# you need to increase systemd's LimitNOFILE setting, use the contents below:
|
||||
#
|
||||
# [Service]
|
||||
# LimitNOFILE=10000
|
||||
|
||||
[Unit]
|
||||
Description=MariaDB 10.11 database server
|
||||
Documentation=man:mariadbd(8)
|
||||
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mysql.service
|
||||
Alias=mysqld.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=mysql
|
||||
Group=mysql
|
||||
|
||||
# Use an environment file to pass variable _WSREP_NEW_CLUSTER
|
||||
EnvironmentFile=-/run/mariadb/wsrep-new-cluster
|
||||
# Use an environment file to pass variable _WSREP_START_POSITION
|
||||
EnvironmentFile=-/run/mariadb/wsrep-start-position
|
||||
|
||||
ExecStartPre=/usr/libexec/mariadb-check-socket --defaults-group-suffix=.%I
|
||||
ExecStartPre=/usr/libexec/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n
|
||||
|
||||
# Perform automatic wsrep recovery. When server is started without wsrep,
|
||||
# galera_recovery simply returns an empty string. In any case, however,
|
||||
# the script is not expected to return with a non-zero status.
|
||||
# It is always safe to remove /run/mariadb/wsrep-start-position
|
||||
# environment file.
|
||||
# Do not panic if galera_recovery script is not available. (MDEV-10538)
|
||||
ExecStartPre=/bin/sh -c "[ ! -e /usr/bin/galera_recovery ] && VAR= || \
|
||||
VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] \
|
||||
&& echo _WSREP_START_POSITION=$VAR > /run/mariadb/wsrep-start-position || exit 1"
|
||||
|
||||
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
|
||||
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||
# per bug #547485
|
||||
ExecStart=/usr/libexec/mariadbd --defaults-group-suffix=.%I --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION
|
||||
ExecStartPost=/usr/libexec/mariadb-check-upgrade --defaults-group-suffix=.%I
|
||||
|
||||
# Unset _WSREP_START_POSITION environment variable.
|
||||
ExecStartPost=/bin/rm -f /run/mariadb/wsrep-start-position
|
||||
|
||||
# Setting this to true can break replication and the Type=notify settings
|
||||
# See also bind-address MariaDB option.
|
||||
PrivateNetwork=false
|
||||
|
||||
KillSignal=SIGTERM
|
||||
|
||||
# Don't want to see an automated SIGKILL ever
|
||||
SendSIGKILL=no
|
||||
|
||||
# Restart crashed server only, on-failure would also restart, for example, when
|
||||
# my.cnf contains unknown option
|
||||
Restart=on-abort
|
||||
RestartSec=5s
|
||||
|
||||
UMask=007
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec=300
|
||||
|
||||
# Place temp files in a secure directory, not /tmp
|
||||
PrivateTmp=true
|
||||
@@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- ensure_mariadb
|
||||
@@ -0,0 +1,134 @@
|
||||
---
|
||||
# vars file for ensure_mariadb
|
||||
package_list:
|
||||
- name: 'mariadb'
|
||||
state: 'present'
|
||||
- name: 'mariadb-server'
|
||||
state: 'present'
|
||||
- name: 'phpMyAdmin'
|
||||
state: 'present'
|
||||
- name: 'python3-PyMySQL'
|
||||
state: 'present'
|
||||
firewall_list:
|
||||
- permanent: 'yes'
|
||||
service: 'mysql'
|
||||
state: 'enabled'
|
||||
service_list:
|
||||
- name: 'httpd.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'httpd-reload.timer'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'php-fpm.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'mariadb-copytls.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'mariadb.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
template_list:
|
||||
- dest: '/etc/my.cnf.d/client.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/client.cnf'
|
||||
- dest: '/etc/my.cnf.d/mariadb-server.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/mariadb-server.cnf'
|
||||
- dest: '/etc/my.cnf.d/mysql-clients.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/mysql-clients.cnf'
|
||||
- dest: '/etc/my.cnf.d/spider.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/spider.cnf'
|
||||
- dest: '/etc/my.cnf.d/enable_encryption.preset'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/enable_encryption.preset'
|
||||
- dest: '/etc/my.cnf.d/cracklib_password_check.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/cracklib_password_check.cnf'
|
||||
- dest: '/etc/my.cnf.d/auth_gssapi.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/auth_gssapi.cnf'
|
||||
- dest: '/etc/my.cnf.d/hashicorp_key_management.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/hashicorp_key_management.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_bzip2.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_bzip2.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lz4.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lz4.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lzma.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lzma.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lzo.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lzo.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_snappy.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_snappy.cnf'
|
||||
- dest: '/etc/phpMyAdmin/config.inc.php'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/phpMyAdmin/config.inc.php'
|
||||
- dest: '/etc/my.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf'
|
||||
- dest: '/etc/httpd/conf.d/phpMyAdmin.conf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/phpMyAdmin.conf'
|
||||
- dest: '/usr/lib/systemd/system/mariadb.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb.service'
|
||||
- dest: '/usr/lib/systemd/system/mariadb@.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb@.service'
|
||||
- dest: '/usr/lib/systemd/system/mariadb-copytls.timer'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb-copytls.timer'
|
||||
- dest: '/usr/lib/systemd/system/mariadb-copytls.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb-copytls.service'
|
||||
...
|
||||
|
||||
@@ -0,0 +1,134 @@
|
||||
---
|
||||
# vars file for ensure_mariadb
|
||||
package_list:
|
||||
- name: 'mariadb'
|
||||
state: 'present'
|
||||
- name: 'mariadb-server'
|
||||
state: 'present'
|
||||
- name: 'phpMyAdmin'
|
||||
state: 'present'
|
||||
- name: 'python3-PyMySQL'
|
||||
state: 'present'
|
||||
firewall_list:
|
||||
- permanent: 'yes'
|
||||
service: 'mysql'
|
||||
state: 'enabled'
|
||||
service_list:
|
||||
- name: 'httpd.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'httpd-reload.timer'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'php-fpm.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'mariadb-copytls.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'mariadb.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
template_list:
|
||||
- dest: '/etc/my.cnf.d/client.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/client.cnf'
|
||||
- dest: '/etc/my.cnf.d/mariadb-server.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/mariadb-server.cnf'
|
||||
- dest: '/etc/my.cnf.d/mysql-clients.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/mysql-clients.cnf'
|
||||
- dest: '/etc/my.cnf.d/spider.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/spider.cnf'
|
||||
- dest: '/etc/my.cnf.d/enable_encryption.preset'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/enable_encryption.preset'
|
||||
- dest: '/etc/my.cnf.d/cracklib_password_check.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/cracklib_password_check.cnf'
|
||||
- dest: '/etc/my.cnf.d/auth_gssapi.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/auth_gssapi.cnf'
|
||||
- dest: '/etc/my.cnf.d/hashicorp_key_management.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/hashicorp_key_management.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_bzip2.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_bzip2.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lz4.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lz4.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lzma.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lzma.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lzo.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lzo.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_snappy.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_snappy.cnf'
|
||||
- dest: '/etc/phpMyAdmin/config.inc.php'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/phpMyAdmin/config.inc.php'
|
||||
- dest: '/etc/my.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf'
|
||||
- dest: '/etc/httpd/conf.d/phpMyAdmin.conf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/phpMyAdmin.conf'
|
||||
- dest: '/usr/lib/systemd/system/mariadb.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb.service'
|
||||
- dest: '/usr/lib/systemd/system/mariadb@.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb@.service'
|
||||
- dest: '/usr/lib/systemd/system/mariadb-copytls.timer'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb-copytls.timer'
|
||||
- dest: '/usr/lib/systemd/system/mariadb-copytls.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb-copytls.service'
|
||||
...
|
||||
|
||||
@@ -0,0 +1,134 @@
|
||||
---
|
||||
# vars file for ensure_mariadb
|
||||
package_list:
|
||||
- name: 'mariadb'
|
||||
state: 'present'
|
||||
- name: 'mariadb-server'
|
||||
state: 'present'
|
||||
- name: 'phpMyAdmin'
|
||||
state: 'present'
|
||||
- name: 'python3-PyMySQL'
|
||||
state: 'present'
|
||||
firewall_list:
|
||||
- permanent: 'yes'
|
||||
service: 'mysql'
|
||||
state: 'enabled'
|
||||
service_list:
|
||||
- name: 'httpd.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'httpd-reload.timer'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'php-fpm.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'mariadb-copytls.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
- name: 'mariadb.service'
|
||||
state: 'started'
|
||||
enabled: 'yes'
|
||||
template_list:
|
||||
- dest: '/etc/my.cnf.d/client.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/client.cnf'
|
||||
- dest: '/etc/my.cnf.d/mariadb-server.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/mariadb-server.cnf'
|
||||
- dest: '/etc/my.cnf.d/mysql-clients.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/mysql-clients.cnf'
|
||||
- dest: '/etc/my.cnf.d/spider.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/spider.cnf'
|
||||
- dest: '/etc/my.cnf.d/enable_encryption.preset'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/enable_encryption.preset'
|
||||
- dest: '/etc/my.cnf.d/cracklib_password_check.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/cracklib_password_check.cnf'
|
||||
- dest: '/etc/my.cnf.d/auth_gssapi.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/auth_gssapi.cnf'
|
||||
- dest: '/etc/my.cnf.d/hashicorp_key_management.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/hashicorp_key_management.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_bzip2.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_bzip2.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lz4.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lz4.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lzma.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lzma.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_lzo.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_lzo.cnf'
|
||||
- dest: '/etc/my.cnf.d/provider_snappy.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf.d/provider_snappy.cnf'
|
||||
- dest: '/etc/phpMyAdmin/config.inc.php'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/phpMyAdmin/config.inc.php'
|
||||
- dest: '/etc/my.cnf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/my.cnf'
|
||||
- dest: '/etc/httpd/conf.d/phpMyAdmin.conf'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/phpMyAdmin.conf'
|
||||
- dest: '/usr/lib/systemd/system/mariadb.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb.service'
|
||||
- dest: '/usr/lib/systemd/system/mariadb@.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb@.service'
|
||||
- dest: '/usr/lib/systemd/system/mariadb-copytls.timer'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb-copytls.timer'
|
||||
- dest: '/usr/lib/systemd/system/mariadb-copytls.service'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/mariadb-copytls.service'
|
||||
...
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for ensure_mariadb
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for ensure_mariadb
|
||||
Reference in New Issue
Block a user