Default variables

MariaDB server configuration

mariadb_server_flavor

Variable which defines what database engine to use:

  • mariadb: default, use MariaDB engine from Debian repository
  • mariadb_upstream: use MariaDB engine from upstream repository
  • mysql: use MySQL engine from Debian repository
  • percona: use Percona XtraDB engine from upstream repository

The choice depends on availability of MariaDB packages in a distribution. Percona needs to be selected explicitly.

mariadb_server_flavor: '{{ (ansible_local.mariadb.flavor
                            if (ansible_local|d() and ansible_local.mariadb|d() and
                                ansible_local.mariadb.flavor|d())
                            else (mariadb_server_flavor_map[ansible_distribution_release] | default("mariadb"))) }}'
mariadb_server_upstream_key

APT GPG key fingerprint used to sign the upstream MariaDB packages.

mariadb_server_upstream_key: '199369E5404BD5FC7D2FE43BCBCB082A1BB943DB'
mariadb_server_upstream_version

Version of the MariaDB upstream.

mariadb_server_upstream_version: '10.1'
mariadb_server_upstream_mirror

URL of the MariaDB upstream mirror.

mariadb_server_upstream_mirror: 'http://nyc2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_server_upstream_version }}/{{ ansible_distribution | lower }}'
mariadb_server_upstream_repository

Address of the MariaDB upstream APT repository.

mariadb_server_upstream_repository: 'deb {{ mariadb_server_upstream_mirror }} {{ ansible_distribution_release }} main'
mariadb_server_base_packages

List of APT packages that should be installed with any database engine selected.

mariadb_server_base_packages: [ 'python-mysqldb', 'ssl-cert' ]
mariadb_server_packages

List of additional packages to install with the database server.

mariadb_server_packages: []
mariadb_server_packages_map

Dictionary with list of packages that will be installed with a particular database engine.

mariadb_server_packages_map:
  'mariadb': [ 'mariadb-server' ]
  'mariadb_upstream': [ 'mariadb-server' ]
  'mysql': [ 'mysql-server' ]
  'percona': [ 'percona-server-server' ]
mariadb_server_bind_address

IP address on which MariaDB server listens on for new connections. To allow connections from remote hosts, you need to change this to 0.0.0.0 for IPv4 only connections, or :: for IPv4 and IPv6 connections.

When bind address is changed, you need to restart the mysqld daemon to rebind it to new network interfaces, it won’t be restarted automatically by Ansible.

mariadb_server_bind_address: 'localhost'
mariadb_server_port

Port number on which this MariaDB server listens on.

mariadb_server_port: '3306'
mariadb_server_allow

List of IP addresses or CIDR subnets which will be allowed to connect to the MariaDB server in ip(6)tables and TCP wrappers. If it’s empty, remote connections are not allowed.

mariadb_server_allow: []
mariadb_server_max_connections

Maximum number of allowed connections.

mariadb_server_max_connections: '100'
mariadb_server_delegate_to

Hostname of the server to which Ansible roles will delegate tasks. It should point to “this server”, using a FQDN hostname known to Ansible.

mariadb_server_delegate_to: '{{ ansible_fqdn }}'
mariadb_server_options

Dict with additional MariaDB options, option names as keys and their values as values, added to /etc/mysql/conf.d/mysqld.cnf. Options without specific values should be defined with empty values. Examples:

mariadb_server_options:
  'key_buffer': '16M'
  'skip-name-resolve':
mariadb_server_options: {}
mariadb_erver_append_groups

List of additional system groups to append to the MariaDB system user. ssl-cert group is required for access to certificate private keys.

mariadb_server_append_groups: [ 'ssl-cert' ]

SSL configuration

mariadb_server_pki

Enable or disable support for SSL in MariaDB (using debops.pki).

mariadb_server_pki: '{{ (True
                     if (ansible_local|d() and ansible_local.pki|d() and
                         ansible_local.pki.enabled|d())
                     else False) | bool }}'
mariadb_server_pki_path

Base path for PKI directory.

mariadb_server_pki_path: '{{ (ansible_local.pki.base_path
                          if (ansible_local|d() and ansible_local.pki|d() and
                              ansible_local.pki.base_path|d())
                          else "/etc/pki") }}'
mariadb_server_pki_realm

Default PKI realm used by MariaDB (Debian MariaDB packages do not support chained certificates, see https://bugs.debian.org/630625).

mariadb_server_pki_realm: 'service'
mariadb_server_pki_ca

Root CA certificate used by MariaDB, relative to mariadb_server_pki_realm.

mariadb_server_pki_ca: 'CA.crt'
mariadb_server_pki_crt

Host certificate used by MariaDB, relative to mariadb_server_pki_realm.

mariadb_server_pki_crt: 'default.crt'
mariadb_server_pki_key

Host private key used by MariaDB, relative to mariadb_server_pki_realm.

mariadb_server_pki_key: 'default.key'
mariadb_server_pki_cipher

Cipher suite used for encrypted connections.

mariadb_server_pki_cipher: 'DHE-RSA-AES256-SHA'

AutoMySQLBackup configuration

mariadb_server_backup

Enable or disable support for daily, weekly and monthly snapshots of the database using automysqlbackup.

mariadb_server_backup: True
mariadb_server_backup_mailaddr

Mail address to send messages to (account or alias name will be properly routed by the Postfix SMTP server).

mariadb_server_backup_mailaddr: 'backup'
mariadb_server_backup_doweekly

Specify the day of the week to create weekly backups (1 - Monday, 7 - Sunday).

mariadb_server_backup_doweekly: '6'
mariadb_server_backup_latest

Don’t keep copies of most recent backups by default.

mariadb_server_backup_latest: 'no'
mariadb_server_backup_directory

Base directory where automysqlbackup stores the database backups. The directory will be created automatically by automysqlbackup, if it does not exist.

mariadb_server_backup_directory: '/var/lib/automysqlbackup'

MariaDB root account

mariadb_server_password_length

Length of randomly generated passwords.

mariadb_server_password_length: '48'
mariadb_server_root_password

Randomized password for MariaDB root account.

mariadb_server_root_password: '{{ lookup("password", secret +
                                  "/credentials/" + ansible_fqdn +
                                  "/mariadb/localhost/root/password " +
                                  "length=" + mariadb_server_password_length) }}'