add MariaDB role

db.yml

@@ -3,4 +3,5 @@
   hosts: DB
   roles:
     - postgresql
+    - mariadb
   become: true

group_vars/all.yml

@@ -49,6 +49,8 @@ reverse_proxy_ip: "10.0.0.2"
 nextcloud_server_ip: "{{ reverse_proxy_ip }}"
 pgsql_server_ip: "10.0.0.3"
 pgsql_server_port: 5432
+mariadb_server_ip: "10.0.0.3"
+mariadb_server_port: 3306
 smtp_hostname: "smtp.ionos.de"
 smtp_port: 465
 turn_server: "turn.ows.cx"

roles/mariadb/handlers/main.yml

@@ -0,0 +1,17 @@
+---
+- name: restart mariadb
+  systemd:
+    name: mariadb.service
+    state: restarted
+
+- name: reload mariadb
+  systemd:
+    name: mariadb.service
+    state: reloaded
+
+- name: restart mysqld_exporter
+  systemd:
+    daemon_reload: true
+    enabled: true
+    name: mysqld_exporter.service
+    state: restarted

roles/mariadb/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  # - role: rclone  # for backup

roles/mariadb/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Install mariadb
+  import_tasks: mariadb.yml
+
+- name: Install mysqld exporter
+  import_tasks: mysqld_exporter.yml

roles/mariadb/tasks/mariadb.yml

@@ -0,0 +1,36 @@
+---
+- name: Add MariaDB GPG apt key
+  apt_key:
+    url: https://mariadb.org/mariadb_release_signing_key.asc
+    keyring: /usr/share/keyrings/mariadb_release_signing_key.gpg
+    state: present
+
+- name: Add MariaDB Repository
+  apt_repository:
+    repo: "deb [arch={{ deb_architecture }} signed-by=/usr/share/keyrings/mariadb_release_signing_key.gpg] \
+          https://mirrors.n-ix.net/mariadb/repo/{{ mariadb_server_version }}/ubuntu {{ ansible_distribution_release }} main/debug"
+    state: present
+    update_cache: true
+
+- name: Install MariaDB
+  apt:
+    name: mariadb-server
+    state: latest
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: Install required system packages
+  apt:
+    name: python3-mysqldb  # needed for mariadb ansible module
+    state: latest
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: Copy configuration file
+  template:
+    src: my.cnf.j2
+    dest: /etc/mysql/my.cnf
+    owner: mysql
+    group: mysql
+    mode: 0600
+  notify: restart mariadb

roles/mariadb/tasks/mysqld_exporter.yml

@@ -0,0 +1,50 @@
+---
+
+- name: Get latest mysqld_exporter version
+  github_release:
+    user: prometheus
+    repo: mysqld_exporter
+    action: latest_release
+    token: "{{ vault_github_token }}"
+  delegate_to: localhost
+  run_once: true
+  register: mysqld_exporter_version
+- name: "{{ mysqld_exporter_version }}"
+  set_fact:
+    mysqld_exporter_version: "{{ mysqld_exporter_version | replace ('v', '', 1) | trim }}"
+  run_once: true
+
+- name: download mysqld_exporter {{ mysqld_exporter_version.tag }} from GitHub
+  get_url:
+    url: "https://github.com/prometheus/mysqld_exporter/releases/download/\
+          v{{ mysqld_exporter_version.tag }}/mysqld_exporter-{{ mysqld_exporter_version.tag }}\
+          .linux-{{ deb_architecture }}.tar.gz"
+    dest: "/tmp/mysqld_exporter-{{ mysqld_exporter_version.tag }}.linux-{{ deb_architecture }}.tar.gz"
+  register: _download_archive
+  until: _download_archive is succeeded
+  retries: 3
+  delay: 5
+
+- name: unpack mysqld_exporter binaries
+  unarchive:
+    src: "/tmp/mysqld_exporter-{{ mysqld_exporter_version.tag }}.linux-{{ deb_architecture }}.tar.gz"
+    dest: "/tmp"
+    creates: "/tmp/mysqld_exporter-{{ mysqld_exporter_version.tag }}.linux-{{ deb_architecture }}"
+    remote_src: true
+
+- name: Copy mysqld_exporter
+  copy:
+    src: "/tmp/mysqld_exporter-{{ mysqld_exporter_version.tag }}.linux-{{ deb_architecture }}/mysqld_exporter"
+    dest: "{{ mysqld_exporter_install_dir }}/mysqld_exporter"
+    remote_src: true
+    mode: 0755
+  notify: restart mysqld_exporter
+
+- name: Copy the mysqld_exporter systemd service file
+  template:
+    src: mysqld_exporter.service.j2
+    dest: /etc/systemd/system/mysqld_exporter.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart mysqld_exporter

roles/mariadb/templates/my.cnf.j2

@@ -0,0 +1,34 @@
+## Managed by Ansible ##
+#
+# The MariaDB configuration file
+#
+# The MariaDB/MySQL tools read configuration files in the following order:
+# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read.
+# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
+# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
+# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
+# 4. "~/.my.cnf" to set user-specific options.
+#
+# If the same option is defined multiple times, the last one will apply.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/
+
+#
+# This group is read both by the client and the server
+# use it for options that affect everything
+#
+[client-server]
+# Port or socket location where to connect
+# port = 3306
+socket = /run/mysqld/mysqld.sock
+
+# Import all .cnf files from configuration directory
+!includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/
+
+[mysqld]
+bind-address = 0.0.0.0

roles/mariadb/templates/mysqld_exporter.service.j2

@@ -0,0 +1,15 @@
+## Managed by Ansible ##
+
+[Unit]
+Description=MariaDB Exporter
+After=network-online.target
+
+[Service]
+User={{ mysqld_exporter_user }}
+Type=simple
+ExecStart=mysqld_exporter
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

roles/mariadb/vars/main.yml

@@ -0,0 +1,45 @@
+---
+# MariaDB
+
+mariadb_server_version: "10.10"
+mariadb_config:
+  # - name: unix_socket_directories
+  #   value: default  # comma-separated list of directories. default: "/var/run/mariadb"
+  - name: listen_addresses
+    value: "{{ mariadb_server_ip }}"  # what IP address(es) to listen on;
+  - name: password_encryption
+    value: default  # default scram-sha-256
+  - name: max_connections
+    value: "200"  # default 100
+  - name: shared_buffers
+    value: "1GB"  # min 128kB, default 128MB
+  - name: effective_cache_size
+    value: "3GB"  # default 4GB
+  - name: maintenance_work_mem
+    value: "256MB"  # min 1MB, default 64MB
+  - name: checkpoint_completion_target
+    value: "0.9"  # checkpoint target duration, 0.0 - 1.0, default 0.9
+  - name: wal_buffers
+    value: "16MB"  # min 32kB, default -1 sets based on shared_buffers
+  - name: random_page_cost
+    value: "1.1"  # how long it take to seek to a random disk page, default 4.0
+  - name: effective_io_concurrency
+    value: "200"  # 1-1000; 0 disables prefetching, default 1
+  - name: work_mem
+    value: "2621kB"  # min 64kB, default 4MB
+  - name: min_wal_size
+    value: "1GB"  # default 80MB
+  - name: max_wal_size
+    value: "4GB"  # default 1GB
+
+mariadb_client_auth:
+  - comment: nextcloud
+    databases: nextcloud_db
+    users: nextcloud_db_user
+    address: "{{ nextcloud_server_ip }}/32"
+    method: scram-sha-256
+
+# MariaDB exporter
+
+mysqld_exporter_install_dir: "/usr/local/bin"
+mysqld_exporter_user: "mysql"