Merge pull request 'refs #8414 - Refactor rol' (!66) from 8414_Fix_Permission_Denied_bacula_after_sh into main

Reviewed-on: #66 Reviewed-by: Juan Ferrer <juan@verdnatura.es>
2025-02-07 14:25:31 +00:00 · 2025-02-07 14:25:31 +00:00 · 644e67db87
parent c8b81ea9a5 c7d89c0043
commit 644e67db87
3 changed files with 56 additions and 54 deletions
--- a/roles/db/defaults/main.yaml
+++ b/roles/db/defaults/main.yaml
@ -9,15 +9,16 @@ certificates:
  - { content: '{{ ca_company_deprecated }}', dest: '/etc/mysql/ca.pem', mode: 'u=rw,g=r,o=r' }
  - { content: '{{ cert_mysql }}', dest: '/etc/mysql/cert.pem', mode: 'u=rw,g=r,o=r' }
  - { content: '{{ cert_mysql_key }}', dest: '/etc/mysql/key.pem', mode: 'u=rw,g=,o=' }
-required_directories:
+required_directories_master:
  - { path: /mnt/local-backup, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
  - { path: /mnt/mysqlbin, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
+  - { path: /mnt/mysqlbin/binlog, owner: mysql, group: mysql, mode: 'u=rwx,g=,o=' }    
+required_directories:
  - { path: /mnt/mysqltmp, owner: root, group: root, mode: 'u=rwx,g=rwx,o=rwxt' }
-  - { path: /mnt/mysqlbin/binlog, owner: mysql, group: mysql, mode: 'u=rwx,g=,o=' }
  - { path: /root/scripts, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
  - { path: /root/mariabackup, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
  - { path: /mnt/mysqldata/mysql, owner: mysql, group: mysql, mode: 'u=rwx,g=rx,o=rx' }
-  - { path: /etc/systemd/system/mariadb.service.d, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }  
+  - { path: /etc/systemd/system/mariadb.service.d, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
 required_files_and_mariabackup_files_and_root_scripts:
  - { src: "mariadb_override.conf", dest: "/etc/systemd/system/mariadb.service.d/override.conf", mode: "u=rw,g=r,o=r" }
  - { src: "mysql-flush.sh", dest: "/etc/qemu/fsfreeze-hook.d/mysql-flush.sh", mode: "u=rwx,g=rx,o=rx" }  
@ -33,11 +34,9 @@ required_files_and_mariabackup_files_and_root_scripts:
  - { src: "files/scripts/README.md", dest: "/root/scripts/README.md", mode: "u=rw,g=r,o=r" }
  - { src: "files/scripts/scheduler-log.sh", dest: "/root/scripts/scheduler-log.sh", mode: "u=rwx,g=rx,o=rx" }
  - { src: "files/marianrpe/95-mariadb.cfg", dest: "/etc/nagios/nrpe.d/95-mariadb.cfg", mode: "u=rw,g=r,o=r" }
-
 mariabackup_test_dev_files:
  - { src: "mariabackuptest/apply.sql", dest: "/root/mariabackup/", mode: "u=rw,g=r,o=r" }
  - { src: "mariabackuptest/bacula-after.sh", dest: "/root/mariabackup/", mode: "u=rwx,g=rx,o=rx" }
-
 downloads:
  - { url: "https://r.mariadb.com/downloads/mariadb_repo_setup", dest: "/tmp/mariadb_repo_setup", mode: "u=rwx,g=rx,o=rx" }
  - { url: "https://repo.percona.com/apt/percona-release_latest.generic_all.deb", dest: "/tmp/percona-release_latest.generic_all.deb", mode: "u=rw,g=r,o=r" }
--- a/roles/db/tasks/main.yml
+++ b/roles/db/tasks/main.yml
@ -1 +1,2 @@
 - import_tasks: mariadb.yml
+  tags: service
--- a/roles/db/tasks/mariadb.yml
+++ b/roles/db/tasks/mariadb.yml
@ -25,31 +25,16 @@
    state: present
    install_recommends: no

+- name: Update apt cache
+  apt:
+   update_cache: yes
+
 - name: Install MariaDB packages
  apt:
    name: "{{ mariadb_base_packages }}"
    state: present
    install_recommends: no

- name: Ensure required directories exist
-  file:
-    path: "{{ item.path }}"
-    state: directory
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode }}"
-  loop: "{{ required_directories }}"
-
- name: Ensure required custom and Mariabackup files are copied to their destinations and root scripts
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: "{{ item.mode }}"
-  loop: "{{ required_files_and_mariabackup_files_and_root_scripts }}"
-  notify: reload-systemd
-
 - name: Add tmpfs in /etc/fstab
  blockinfile:
    path: /etc/fstab
@ -58,11 +43,7 @@
      tmpfs /mnt/mysqltmp         tmpfs rw,size={{ mysqltmpsize }}         0 0
  register: fstab

- name: Mount all filesystems from /etc/fstab
-  command: mount -a
-  when: fstab.changed
-
- name: Configure MariaDB check memory CRON
+- name: Set MariaDB Cron to /etc/cron.d
  template:
    src: check-memory.cron
    dest: /etc/cron.d/vn-check-memory
@ -89,8 +70,27 @@
  loop: "{{ certificates }}"
  notify: restart-mariadb

+- name: Ensure required directories exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ required_directories }}"
+
 - when: db.branch == 'master'
  block:
+
+  - name: Ensure required directories exist in Production
+    file:
+      path: "{{ item.path }}"
+      state: directory
+      owner: "{{ item.owner }}"
+      group: "{{ item.group }}"
+      mode: "{{ item.mode }}"
+    loop: "{{ required_directories_master }}"
+  
  - name: Set MariaDB custom configuration Production
    copy:
      src: "{{ item }}"
@ -115,18 +115,6 @@
 - when: db.branch == 'test'

  block:
-  - name: Set MariaDB custom configuration TestDB
-    copy:
-      src: "{{ item }}"
-      dest: /etc/mysql/mariadb.conf.d/
-      owner: root
-      group: root
-      mode: u=rw,g=r,o=r
-    with_items:
-      - "files/mariaconfigfiles/z90-vn.cnf"
-      - "files/mariaconfigfiles/z92-testing_dev.cnf"
-    notify: restart-mariadb
-
  - name: Set MariaBackup custom template configuration TestDB
    template:
      src: test-db_dev/apply.config.sh
@ -145,18 +133,6 @@
 - when: db.branch == 'dev'

  block:
-  - name: Set MariaDB custom configuration DevDB
-    copy:
-      src: "{{ item }}"
-      dest: /etc/mysql/mariadb.conf.d/
-      owner: root
-      group: root
-      mode: u=rw,g=r,o=r
-    with_items:
-      - "files/mariaconfigfiles/z90-vn.cnf"
-      - "files/mariaconfigfiles/z92-testing_dev.cnf"
-    notify: restart-mariadb
-
  - name: Set MariaBackup custom template configuration DevDB
    template:
      src: test-db_dev/apply.config.sh
@ -174,7 +150,19 @@

 - when: db.branch == 'dev' or db.branch == 'test'

-  block:  
+  block:
+  - name: Set MariaDB custom configuration TestDB or DevDB
+    copy:
+      src: "{{ item }}"
+      dest: /etc/mysql/mariadb.conf.d/
+      owner: root
+      group: root
+      mode: u=rw,g=r,o=r
+    with_items:
+      - "files/mariaconfigfiles/z90-vn.cnf"
+      - "files/mariaconfigfiles/z92-testing_dev.cnf"
+    notify: restart-mariadb
+
  - name: Set Mariabackup files for TestDB or DevDB
    copy:
      src: "{{ item.src }}"
@ -221,3 +209,17 @@
    file:
      path: /var/lib/mysql/
      state: absent
+
+- name: Ensure required custom and Mariabackup files are copied to their destinations and root scripts
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
+  loop: "{{ required_files_and_mariabackup_files_and_root_scripts }}"
+  notify: reload-systemd
+
+- name: Mount all filesystems from /etc/fstab
+  command: mount -a
+  when: fstab.changed