clase 17/02/23

ansible.cfg

@@ -1,6 +1,6 @@
 [defaults]
 inventory: inventory
-remote_user: automation
+remote_user: devops
 forks: 50
 
 [privilege_escalation]

apache.yml

@@ -0,0 +1,5 @@
+- name:
+  hosts: webservers
+  become: true
+  roles:
+    - sample-apache

facts.yml

@@ -0,0 +1,6 @@
+- name: print facts
+  hosts: all
+  tasks:
+    - name: print
+      debug:
+        var: ansible_facts

haproxy.yml

@@ -0,0 +1,31 @@
+- name: haproxy role test
+  become: true
+  hosts: proxy
+  vars:
+    haproxy_frontend_mode: 'http'
+    haproxy_front_end_port: 80
+    haproxy_backend_mode: 'http'
+    haproxy_backend_balance_method: 'roundrobin'
+    haproxy_backend_servers:
+      - name: node1
+        address: serverb.lab.example.com:80
+      - name: node2
+        address: serverc.lab.example.com:80
+  roles:
+    - geerlingguy.haproxy
+  tasks:
+    - name: install firewalld
+      yum:
+        name: firewalld
+        state: latest
+    - name: start and enable firewalld
+      service:
+        name: firewalld
+        state: started
+        enabled: yes
+    - name: open port 80
+      firewalld:
+        port: 80/tcp
+        state: enabled
+        immediate: yes
+        permanent: yes

mysql.yml

@@ -0,0 +1,5 @@
+- name: mysql role test
+  hosts: database
+  become: true
+  roles:
+    - sample-mysql

roles/geerlingguy.haproxy/.ansible-lint

@@ -0,0 +1,3 @@
+skip_list:
+  - 'yaml'
+  - 'role-name'

roles/geerlingguy.haproxy/.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+---
+github: geerlingguy
+patreon: geerlingguy

roles/geerlingguy.haproxy/.github/stale.yml

@@ -0,0 +1,57 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 90
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 30
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - bug
+  - pinned
+  - security
+  - planned
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: false
+
+# Label to use when marking as stale
+staleLabel: stale
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+pulls:
+  markComment: |-
+    This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
+
+    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
+
+  unmarkComment: >-
+    This pull request is no longer marked for closure.
+
+  closeComment: >-
+    This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
+
+issues:
+  markComment: |-
+    This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+
+    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+
+  unmarkComment: >-
+    This issue is no longer marked for closure.
+
+  closeComment: >-
+    This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

roles/geerlingguy.haproxy/.github/workflows/ci.yml

@@ -0,0 +1,66 @@
+---
+name: CI
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: "30 5 * * 2"
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.haproxy'
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+        with:
+          path: 'geerlingguy.haproxy'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  molecule:
+    name: Molecule
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - rockylinux8
+          - ubuntu2004
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+        with:
+          path: 'geerlingguy.haproxy'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install ansible molecule[docker] docker
+
+      - name: Run Molecule tests.
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.distro }}

roles/geerlingguy.haproxy/.github/workflows/release.yml

@@ -0,0 +1,40 @@
+---
+# This workflow requires a GALAXY_API_KEY secret present in the GitHub
+# repository or organization.
+#
+# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
+# See: https://github.com/ansible/galaxy/issues/46
+
+name: Release
+'on':
+  push:
+    tags:
+      - '*'
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.haproxy'
+
+jobs:
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+        with:
+          path: 'geerlingguy.haproxy'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install Ansible.
+        run: pip3 install ansible-core
+
+      - name: Trigger a new import on Galaxy.
+        run: >-
+          ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
+          $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

roles/geerlingguy.haproxy/.gitignore

@@ -0,0 +1,5 @@
+*.retry
+*/__pycache__
+*.pyc
+.cache
+

roles/geerlingguy.haproxy/.yamllint

@@ -0,0 +1,10 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+
+ignore: |
+  .github/stale.yml

roles/geerlingguy.haproxy/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

roles/geerlingguy.haproxy/README.md

@@ -0,0 +1,81 @@
+# Ansible Role: HAProxy
+
+[![CI](https://github.com/geerlingguy/ansible-role-haproxy/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-haproxy/actions?query=workflow%3ACI)
+
+Installs HAProxy on RedHat/CentOS and Debian/Ubuntu Linux servers.
+
+**Note**: This role _officially_ supports HAProxy versions 1.4 or 1.5. Future versions may require some rework.
+
+## Requirements
+
+None.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+    haproxy_socket: /var/lib/haproxy/stats
+
+The socket through which HAProxy can communicate (for admin purposes or statistics). To disable/remove this directive, set `haproxy_socket: ''` (an empty string).
+
+    haproxy_chroot: /var/lib/haproxy
+
+The jail directory where chroot() will be performed before dropping privileges. To disable/remove this directive, set `haproxy_chroot: ''` (an empty string). Only change this if you know what you're doing!
+
+    haproxy_user: haproxy
+    haproxy_group: haproxy
+
+The user and group under which HAProxy should run. Only change this if you know what you're doing!
+
+    haproxy_frontend_name: 'hafrontend'
+    haproxy_frontend_bind_address: '*'
+    haproxy_frontend_port: 80
+    haproxy_frontend_mode: 'http'
+
+HAProxy frontend configuration directives.
+
+    haproxy_backend_name: 'habackend'
+    haproxy_backend_mode: 'http'
+    haproxy_backend_balance_method: 'roundrobin'
+    haproxy_backend_httpchk: 'HEAD / HTTP/1.1\r\nHost:localhost'
+
+HAProxy backend configuration directives.
+
+    haproxy_backend_servers:
+      - name: app1
+        address: 192.168.0.1:80
+      - name: app2
+        address: 192.168.0.2:80
+
+A list of backend servers (name and address) to which HAProxy will distribute requests.
+
+    haproxy_connect_timeout: 5000
+    haproxy_client_timeout: 50000
+    haproxy_server_timeout: 50000
+
+HAProxy default timeout configurations.
+
+    haproxy_global_vars:
+      - 'ssl-default-bind-ciphers ABCD+KLMJ:...'
+      - 'ssl-default-bind-options no-sslv3'
+
+A list of extra global variables to add to the global configuration section inside `haproxy.cfg`.
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+    - hosts: balancer
+      sudo: yes
+      roles:
+        - { role: geerlingguy.haproxy }
+
+## License
+
+MIT / BSD
+
+## Author Information
+
+This role was created in 2015 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

roles/geerlingguy.haproxy/defaults/main.yml

@@ -0,0 +1,32 @@
+---
+haproxy_socket: /var/lib/haproxy/stats
+haproxy_chroot: /var/lib/haproxy
+haproxy_user: haproxy
+haproxy_group: haproxy
+
+# Frontend settings.
+haproxy_frontend_name: 'hafrontend'
+haproxy_frontend_bind_address: '*'
+haproxy_frontend_port: 80
+haproxy_frontend_mode: 'http'
+
+# Backend settings.
+haproxy_backend_name: 'habackend'
+haproxy_backend_mode: 'http'
+haproxy_backend_balance_method: 'roundrobin'
+haproxy_backend_httpchk: 'HEAD / HTTP/1.1\r\nHost:localhost'
+
+# List of backend servers.
+haproxy_backend_servers: []
+# - name: app1
+#   address: 192.168.0.1:80
+# - name: app2
+#   address: 192.168.0.2:80
+
+# Extra global vars (see README for example usage).
+haproxy_global_vars: []
+
+# Default haproxy timeouts
+haproxy_connect_timeout: 5000
+haproxy_client_timeout: 50000
+haproxy_server_timeout: 50000

roles/geerlingguy.haproxy/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart haproxy
+  service: name=haproxy state=restarted

roles/geerlingguy.haproxy/meta/.galaxy_install_info

@@ -0,0 +1 @@
+{install_date: 'Fri Feb 17 12:15:44 2023', version: 1.3.1}

roles/geerlingguy.haproxy/meta/main.yml

@@ -0,0 +1,27 @@
+---
+dependencies: []
+
+galaxy_info:
+  role_name: haproxy
+  author: geerlingguy
+  description: HAProxy installation and configuration.
+  company: "Midwestern Mac, LLC"
+  license: "license (BSD, MIT)"
+  min_ansible_version: 2.2
+  platforms:
+    - name: EL
+      versions:
+        - 7
+        - 8
+    - name: Ubuntu
+      versions:
+        - precise
+        - trusty
+        - xenial
+  galaxy_tags:
+    - web
+    - networking
+    - cloud
+    - haproxy
+    - loadbalancer
+    - http

roles/geerlingguy.haproxy/molecule/default/converge.yml

@@ -0,0 +1,22 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  vars:
+    haproxy_socket: ''
+    haproxy_chroot: ''
+    haproxy_user: root
+    haproxy_group: root
+
+    haproxy_backend_servers:
+      - name: app1
+        address: 127.0.0.1:8080
+
+  pre_tasks:
+    - name: Update apt cache.
+      apt: update_cache=yes cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+
+  roles:
+    - role: geerlingguy.haproxy

roles/geerlingguy.haproxy/molecule/default/molecule.yml

@@ -0,0 +1,19 @@
+---
+role_name_check: 1
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}

roles/geerlingguy.haproxy/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Ensure HAProxy is installed.
+  package: name=haproxy state=present
+
+- name: Ensure HAProxy is enabled (so init script will start it on Debian).
+  lineinfile:
+    dest: /etc/default/haproxy
+    regexp: "^ENABLED.+$"
+    line: "ENABLED=1"
+    state: present
+  when: ansible_os_family == 'Debian'
+
+- name: Get HAProxy version.
+  command: haproxy -v
+  register: haproxy_version_result
+  changed_when: false
+  check_mode: false
+
+- name: Set HAProxy version.
+  set_fact:
+    haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HA-?Proxy version (\d+(\.\d+)*).*$", "\1") }}'
+
+- name: Copy HAProxy configuration in place.
+  template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+    mode: 0644
+    validate: haproxy -f %s -c -q
+  notify: restart haproxy
+
+- name: Ensure HAProxy is started and enabled on boot.
+  service: name=haproxy state=started enabled=yes

roles/geerlingguy.haproxy/templates/haproxy.cfg.j2

@@ -0,0 +1,56 @@
+global
+  log /dev/log  local0
+  log /dev/log  local1 notice
+{% if haproxy_socket != '' %}
+  stats socket {{ haproxy_socket }} level admin
+{% endif %}
+{% if haproxy_chroot != '' %}
+  chroot {{ haproxy_chroot }}
+{% endif %}
+  user {{ haproxy_user }}
+  group {{ haproxy_group }}
+  daemon
+{% for global_var in haproxy_global_vars %}
+  {{ global_var }}
+{% endfor %}
+
+defaults
+  log global
+  mode  http
+  option  httplog
+  option  dontlognull
+{% if haproxy_version is version('1.4', '<=') %}
+        contimeout {{ haproxy_connect_timeout }}
+        clitimeout {{ haproxy_client_timeout }}
+        srvtimeout {{ haproxy_server_timeout }}
+{% else %}
+        timeout connect {{ haproxy_connect_timeout }}
+        timeout client {{ haproxy_client_timeout }}
+        timeout server {{ haproxy_server_timeout }}
+{% endif %}
+{% if ansible_os_family == 'Debian' %}
+  errorfile 400 /etc/haproxy/errors/400.http
+  errorfile 403 /etc/haproxy/errors/403.http
+  errorfile 408 /etc/haproxy/errors/408.http
+  errorfile 500 /etc/haproxy/errors/500.http
+  errorfile 502 /etc/haproxy/errors/502.http
+  errorfile 503 /etc/haproxy/errors/503.http
+  errorfile 504 /etc/haproxy/errors/504.http
+{% endif %}
+
+frontend {{ haproxy_frontend_name }}
+    bind {{ haproxy_frontend_bind_address }}:{{ haproxy_frontend_port }}
+    mode {{ haproxy_frontend_mode }}
+    default_backend {{ haproxy_backend_name }}
+
+backend {{ haproxy_backend_name }}
+    mode {{ haproxy_backend_mode }}
+    balance {{ haproxy_backend_balance_method }}
+    option forwardfor
+{% if haproxy_backend_httpchk != '' %}
+    option httpchk {{ haproxy_backend_httpchk }}
+{% endif %}
+    cookie SERVERID insert indirect
+{% for backend in haproxy_backend_servers %}
+    server {{ backend.name }} {{ backend.address }} cookie {{ backend.name }} check
+{% endfor %}

roles/sample-apache/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/sample-apache/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/sample-apache/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for sample-apache

roles/sample-apache/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart httpd
+  service:
+    name: "{{ apache.service }}"
+    state: restarted

roles/sample-apache/meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  

roles/sample-apache/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: install packages
+  yum:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ apache.packages }}"
+- name: start and enable apache
+  service:
+    name: "{{ apache.service }}"
+    state: started
+    enabled: yes
+- name: open ports
+  firewalld:
+    port: "{{ item }}"
+    state: enabled
+    permanent: yes
+    immediate: yes
+  loop: "{{ apache.ports }}"
+- name: template index.html
+  template:
+    src: index.html.j2
+    dest: /var/www/html/index.html
+    owner: root
+    group: root
+    setype: httpd_sys_content_t
+  notify: restart httpd

roles/sample-apache/templates/index.html.j2

@@ -0,0 +1,4 @@
+-----------------------------------------------------------
+	The address of the server is: {{ ansible_facts.default_ipv4.address }}
+-----------------------------------------------------------
+

roles/sample-apache/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/sample-apache/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - sample-apache

roles/sample-apache/vars/main.yml

@@ -0,0 +1,9 @@
+apache:
+  packages:
+    - httpd
+    - mod_ssl
+  service: httpd
+  ports:
+    - "80/tcp"
+    - "443/tcp"
+

roles/sample-mysql/tasks/main.yml

@@ -1,44 +1,61 @@
 - name: ensure partition exists
-    parted:
-      label: gpt
-      device: /dev/sdb
-      number: 1
-      part_start: 2MB
-      part_end: 800MB
-      part_type: primary
+  parted:
+    label: gpt
+    device: "{{ partition.device }}"
+    number: "{{ partition.number }}"
+    part_start: "{{ partition.start }}"
+    part_end: "{{ partition.end }}"
+    part_type: "{{ partition.type }}"
+    state: present
 - name: volume group exists
   lvg:
-    vg: vg_database
-    pvs: /dev/sdb1
+    vg: "{{ volume_group.name }}"
+    pvs: "{{ volume_group.partition }}"
     state: present
 - name: logical volume exists
   lvol:
-    vg: vg_database
-    lv: lv_mysql
-    size: 512MB
+    vg: "{{ volume_group.name }}"
+    lv: "{{ logical_volume.name }}"
+    size: "{{ logical_volume.size }}"
 - name: filesystem exists
-    filesystem:
-      fstype: xfs
-      dev: /dev/vg_database/lv_mysql
-      state: present
+  filesystem:
+    fstype: "{{ filesystem.type }}"
+    dev: "/dev/{{ volume_group.name }}/{{ logical_volume.name }}"
+#    state: present
 - name:
-    mount:
-      src: /dev/vg_database/lv_mysql
-      fstype: xfs
-      mount_path: /mnt/mysql_backups
-      state: mounted
+  mount:
+    src: "/dev/{{ volume_group.name }}/{{ logical_volume.name }}"
+    fstype: "{{ filesystem.type }}"
+    path: "{{ filesystem.path }}"
+    state: mounted
 - name: open firewall for mysql
-    firewalld:
-      port: 3306/tcp
-      state: enabled
-      permanent: yes
-      immediate: yes
+  firewalld:
+    port: 3306/tcp
+    state: enabled
+    permanent: yes
+    immediate: yes
+- name: install mysql
+  yum:
+    name: 
+      - mysql-server
+      - python3-PyMySQL
+    state: latest
 - name: start and enable mysql
-    service:
-      name: mysql
-
-- name: change sql root passwd
-    mysql_user:
-      check_implicit_admin: yes
-      login_user: root
-      login_password: "{{ database_password }}"
+  service:
+    name: mysqld
+    state: started
+    enabled: yes
+- name: Set MySQL root Password
+  mysql_user:
+    login_host: 'localhost'
+    login_user: 'root'
+    login_password: ''
+    name: 'root'
+    password: '{{ mysql.password }}'
+    state: present
+#- name: change sql root passwd
+#  mysql_user:
+#    check_implicit_admin: yes
+#    login_user: root
+#    user: root
+#    login_password: "{{ mysql.password }}"

roles/sample-mysql/templates/my.cnf.j2

@@ -0,0 +1,16 @@
+----------------------------------------------
+[mysqld]
+bind_address = {{ ansible_default_ipv4.address }}
+skip_name_resolve
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+
+symbolic-links=0
+sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
+validate_password.policy=LOW
+validate_password.length=5
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
+----------------------------------------------

roles/sample-mysql/vars/main.yml

@@ -1,2 +1,22 @@
----
-# vars file for sample-mysql
+partition:
+  number: 1
+  start: 2MB
+  end: "800MB"
+  device: /dev/vdb
+  type: primary
+
+volume_group:
+  name: vg_database
+  partition: /dev/vdb1
+
+logical_volume:
+  name: lv_mysql
+  size: "512M"
+
+filesystem:
+  type: xfs
+  path: /mnt/mysql_backups
+
+mysql:
+  port: 3306/tcp
+  password: redhat