singleplatform-eng
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.travis.yml‎
Lines changed: 18 additions & 39 deletions b/‎.travis.yml‎
Lines changed: 18 additions & 39 deletions
diff --git a/‎LICENSE‎
Lines changed: 20 additions & 0 deletions b/‎LICENSE‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 32 additions & 3 deletions b/‎README.md‎
Lines changed: 32 additions & 3 deletions
diff --git a/‎defaults/main.yml‎
Lines changed: 14 additions & 1 deletion b/‎defaults/main.yml‎
Lines changed: 14 additions & 1 deletion
diff --git a/‎meta/main.yml‎
Lines changed: 4 additions & 1 deletion b/‎meta/main.yml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎tasks/configure.yml‎
Lines changed: 8 additions & 2 deletions b/‎tasks/configure.yml‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎tasks/main.yml‎
Lines changed: 7 additions & 1 deletion b/‎tasks/main.yml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎tasks/replication.yml‎
Lines changed: 5 additions & 2 deletions b/‎tasks/replication.yml‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎tasks/secure-installation.yml‎
Lines changed: 27 additions & 7 deletions b/‎tasks/secure-installation.yml‎
Lines changed: 27 additions & 7 deletions
@@ -0,0 +1,2 @@
+*.retry
+tests/test.sh
@@ -3,73 +3,52 @@ services: docker
 
 env:
   - distro: centos7
-    init: /usr/lib/systemd/systemd
-    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
     playbook: centos-7-test.yml
   - distro: centos6
-    init: /sbin/init
-    run_opts: ""
+    playbook: test.yml
+  - distro: debian8
     playbook: test.yml
   - distro: ubuntu1604
-    init: /lib/systemd/systemd
-    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
     playbook: test.yml
   - distro: ubuntu1404
-    init: /sbin/init
-    run_opts: ""
     playbook: test.yml
 
-services:
-  - docker
-
-before_install:
-  # Pull container
-  - 'docker pull geerlingguy/docker-${distro}-ansible:latest'
-
 script:
-  - container_id=$(mktemp)
-  # Run container in detached state.
-  - 'docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} geerlingguy/docker-${distro}-ansible:latest "${init}" > "${container_id}"'
+  # Configure test script so we can run extra tests after playbook is run.
+  - export container_id=$(date +%s)
+  - export cleanup=false
 
-  # Ansible syntax check.
-  - 'docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} --syntax-check'
+  # Download test shim.
+  - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
+  - chmod +x ${PWD}/tests/test.sh
 
-  # Test role.
-  - 'docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}'
-
-  # Test role idempotence.
-  - idempotence=$(mktemp)
-  - docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} | tee -a ${idempotence}
-  - >
-    tail ${idempotence}
-    | grep -q 'changed=0.*failed=0'
-    && (echo 'Idempotence test: pass' && exit 0)
-    || (echo 'Idempotence test: fail' && exit 1)
+  # Run tests.
+  - ${PWD}/tests/test.sh
 
   # Some MySQL debugging (show all the logs).
-  - docker exec --tty "$(cat ${container_id})" env TERM=xterm ls -lah /var/log
-  - docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql/error.log || true
-  - docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql.err || true
+  - docker exec --tty ${container_id} env TERM=xterm ls -lah /var/log
+  - docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql/error.log || true
+  - docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql.err || true
 
   # Check to make sure we can connect to MySQL via Unix socket.
   - >
-    sudo docker exec "$(cat ${container_id})" mysql -u root -proot -e 'show databases;'
+    sudo docker exec ${container_id} mysql -u root -proot -e 'show databases;'
     | grep -q 'information_schema'
     && (echo 'MySQL running normally' && exit 0)
     || (echo 'MySQL not running' && exit 1)
 
   # Check to make sure we can connect to MySQL via TCP.
   - >
-    sudo docker exec "$(cat ${container_id})" mysql -u root -proot -h 127.0.0.1 -e 'show databases;'
+    sudo docker exec ${container_id} mysql -u root -proot -h 127.0.0.1 -e 'show databases;'
     | grep -q 'information_schema'
     && (echo 'MySQL running normally' && exit 0)
     || (echo 'MySQL not running' && exit 1)
 
 after_failure:
   # Check MySQL settings.
-  - 'docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql/error.log'
-  - 'docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql.err'
-  - 'docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql.log'
+  - 'docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql/error.log'
+  - 'docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql.err'
+  - 'docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql.log'
 
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -18,19 +18,25 @@ No special requirements; note that this role requires root access, so either run
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
     mysql_user_home: /root
+    mysql_user_name: root
+    mysql_user_password: root
 
-The home directory inside which Python MySQL settings will be stored, which Ansible will use when connecting to MySQL. This should be the home directory of the user which runs this Ansible role.
+The home directory inside which Python MySQL settings will be stored, which Ansible will use when connecting to MySQL. This should be the home directory of the user which runs this Ansible role. The `mysql_user_name` and `mysql_user_password` can be set if you are running this role under a non-root user account and want to set a non-root user.
 
+    mysql_root_home: /root
+    mysql_root_username: root
     mysql_root_password: root
 
-The MySQL root user account password.
+The MySQL root user account details.
 
     mysql_root_password_update: no
 
 Whether to force update the MySQL root user's password. By default, this role will only change the root user's password when MySQL is first configured. You can force an update by setting this to `yes`.
 
 > Note: If you get an error like `ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)` after a failed or interrupted playbook run, this usually means the root password wasn't originally updated to begin with. Try either removing  the `.my.cnf` file inside the configured `mysql_user_home` or updating it and setting `password=''` (the insecure default password). Run the playbook again, with `mysql_root_password_update` set to `yes`, and the setup should complete.
 
+> Note: If you get an error like `ERROR 1698 (28000): Access denied for user 'root'@'localhost' (using password: YES)` when trying to log in from the CLI you might need to run as root or sudoer.
+
     mysql_enabled_on_startup: yes
 
 Whether MySQL should be enabled on startup.
@@ -103,6 +109,29 @@ The rest of the settings in `defaults/main.yml` control MySQL's memory usage and
 
 Replication settings. Set `mysql_server_id` and `mysql_replication_role` by server (e.g. the master would be ID `1`, with the `mysql_replication_role` of `master`, and the slave would be ID `2`, with the `mysql_replication_role` of `slave`). The `mysql_replication_user` uses the same keys as `mysql_users`, and is created on master servers, and used to replicate on all the slaves.
 
+### Later versions of MySQL on CentOS 7
+
+If you want to install MySQL from the official repository instead of installing the system default MariaDB equivalents, you can add the following `pre_tasks` task in your playbook:
+
+```yaml
+  pre_tasks:
+    - name: Install the MySQL repo.
+      yum:
+        name: http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
+        state: present
+      when: ansible_os_family == "RedHat"
+  
+    - name: Override variables for MySQL (RedHat).
+      set_fact:
+        mysql_daemon: mysqld
+        mysql_packages: ['mysql-server']
+        mysql_log_error: /var/log/mysqld.err
+        mysql_syslog_tag: mysqld
+        mysql_pid_file: /var/run/mysqld/mysqld.pid
+        mysql_socket: /var/lib/mysql/mysql.sock
+      when: ansible_os_family == "RedHat"
+```
+
 ### MariaDB usage
 
 This role works with either MySQL or a compatible version of MariaDB. On RHEL/CentOS 7+, the mariadb database engine was substituted as the default MySQL replacement package. No modifications are necessary though all of the variables still reference 'mysql' instead of mariadb.
@@ -148,4 +177,4 @@ MIT / BSD
 
 ## Author Information
 
-This role was created in 2014 by [Jeff Geerling](http://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
+This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
@@ -1,10 +1,18 @@
 ---
+# Set this to the user ansible is logging in as - should have root
+# or sudo access
 mysql_user_home: /root
+mysql_user_name: root
+mysql_user_password: root
+
+# The default root user installed by mysql - almost always root
+mysql_root_home: /root
 mysql_root_username: root
 mysql_root_password: root
 
 # Set this to `yes` to forcibly update the root password.
 mysql_root_password_update: no
+mysql_user_password_update: no
 
 mysql_enabled_on_startup: yes
 
@@ -31,6 +39,7 @@ mysql_port: "3306"
 mysql_bind_address: '0.0.0.0'
 mysql_skip_name_resolve: no
 mysql_datadir: /var/lib/mysql
+mysql_sql_mode: ''
 # The following variables have a default value depending on operating system.
 # mysql_pid_file: /var/run/mysqld/mysqld.pid
 # mysql_socket: /var/lib/mysql/mysql.sock
@@ -50,15 +59,19 @@ mysql_read_buffer_size: "1M"
 mysql_read_rnd_buffer_size: "4M"
 mysql_myisam_sort_buffer_size: "64M"
 mysql_thread_cache_size: "8"
+mysql_query_cache_type: "0"
 mysql_query_cache_size: "16M"
 mysql_query_cache_limit: "1M"
 mysql_max_connections: "151"
 mysql_tmp_table_size: "16M"
 mysql_max_heap_table_size: "16M"
+mysql_group_concat_max_len: "1024"
+mysql_join_buffer_size: "262144"
 
 # Other settings.
 mysql_lower_case_table_names: "0"
 mysql_wait_timeout: "28800"
+mysql_event_scheduler_state: "OFF"
 
 # InnoDB settings.
 mysql_innodb_file_per_table: "1"
@@ -80,7 +93,7 @@ mysql_mysqldump_max_allowed_packet: "64M"
 # Logging settings.
 mysql_log: ""
 # The following variables have a default value depending on operating system.
-# mysql_log_error: /var/log/mysql.err
+# mysql_log_error: /var/log/mysql/mysql.err
 # mysql_syslog_tag: mysql
 
 mysql_config_include_files: []
 
@@ -6,7 +6,7 @@ galaxy_info:
   description: MySQL server for RHEL/CentOS and Debian/Ubuntu.
   company: "Midwestern Mac, LLC"
   license: "license (BSD, MIT)"
-  min_ansible_version: 1.9
+  min_ansible_version: 2.2
   platforms:
     - name: EL
       versions:
@@ -18,5 +18,8 @@ galaxy_info:
     - name: Debian
       versions:
       - all
+    - name: Archlinux
+      versions:
+      - all
   galaxy_tags:
     - database
@@ -30,7 +30,10 @@
   notify: restart mysql
 
 - name: Create slow query log file (if configured).
-  shell: "touch {{ mysql_slow_query_log_file }} creates={{ mysql_slow_query_log_file }}"
+  command: "touch {{ mysql_slow_query_log_file }}"
+  args:
+    creates: "{{ mysql_slow_query_log_file }}"
+    warn: no
   when: mysql_slow_query_log_enabled
 
 - name: Create datadir if it does not exist
@@ -52,7 +55,10 @@
   when: mysql_slow_query_log_enabled
 
 - name: Create error log file (if configured).
-  shell: "touch {{ mysql_log_error }} creates={{ mysql_log_error }}"
+  command: "touch {{ mysql_log_error }}"
+  args:
+    creates: "{{ mysql_log_error }}"
+    warn: no
   when: mysql_log == "" and mysql_log_error != ""
 
 - name: Set ownership on error log file (if configured).
 
@@ -11,9 +11,15 @@
   when: ansible_os_family == 'Debian'
   static: no
 
+- include: setup-Archlinux.yml
+  when: ansible_os_family == 'Archlinux'
+  static: no
+
 - name: Check if MySQL packages were installed.
   set_fact:
-    mysql_install_packages: "{{ (rh_mysql_install_packages is defined and rh_mysql_install_packages.changed) or (deb_mysql_install_packages is defined and deb_mysql_install_packages.changed) }}"
+    mysql_install_packages: "{{ (rh_mysql_install_packages is defined and rh_mysql_install_packages.changed)
+      or (deb_mysql_install_packages is defined and deb_mysql_install_packages.changed)
+      or (arch_mysql_install_packages is defined and arch_mysql_install_packages.changed) }}"
 
 # Configure MySQL.
 - include: configure.yml
 
@@ -4,15 +4,18 @@
     name: "{{ mysql_replication_user.name }}"
     host: "{{ mysql_replication_user.host | default('%') }}"
     password: "{{ mysql_replication_user.password }}"
-    priv: "{{ mysql_replication_user.priv | default('*.*:REPLICATION SLAVE') }}"
+    priv: "{{ mysql_replication_user.priv | default('*.*:REPLICATION SLAVE,REPLICATION CLIENT') }}"
     state: present
   when: >
     (mysql_replication_role == 'master')
     and mysql_replication_user
     and (mysql_replication_master != '')
 
 - name: Check slave replication status.
-  mysql_replication: mode=getslave
+  mysql_replication:
+    mode: getslave
+    login_user: "{{ mysql_replication_user.name }}"
+    login_password: "{{ mysql_replication_user.password }}"
   ignore_errors: true
   register: slave
   when: >
 
@@ -4,17 +4,36 @@
   register: mysql_cli_version
   changed_when: false
 
+- name: Ensure default user is present.
+  mysql_user:
+    name: "{{ mysql_user_name }}"
+    host: 'localhost'
+    password: "{{ mysql_user_password }}"
+    priv: '*.*:ALL,GRANT'
+    state: present
+  when: mysql_user_name != mysql_root_username
+
+# Has to be after the password assignment, for idempotency.
+- name: Copy user-my.cnf file with password credentials.
+  template:
+    src: "user-my.cnf.j2"
+    dest: "{{ mysql_user_home }}/.my.cnf"
+    owner: "{{ mysql_user_name }}"
+    mode: 0600
+  when: mysql_user_name != mysql_root_username and (mysql_install_packages | bool or mysql_user_password_update)
+
 - name: Disallow root login remotely
   command: 'mysql -NBe "{{ item }}"'
   with_items:
-    - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
+    - DELETE FROM mysql.user WHERE User='{{ mysql_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
   changed_when: false
 
 - name: Get list of hosts for the root user.
-  command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC'
+  command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = '{{ mysql_root_username }}' ORDER BY (Host='localhost') ASC"
   register: mysql_root_hosts
   changed_when: false
-  always_run: true
+  check_mode: no
+  when: mysql_install_packages | bool or mysql_root_password_update
 
 # Note: We do not use mysql_user for this operation, as it doesn't always update
 # the root password correctly. See: https://goo.gl/MSOejW
@@ -29,25 +48,26 @@
 # Set root password for MySQL < 5.7.x.
 - name: Update MySQL root password for localhost root account (< 5.7.x).
   shell: >
-    mysql -u root -NBe
+    mysql -NBe
     'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");'
   with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
   when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' not in mysql_cli_version.stdout)
 
 # Has to be after the root password assignment, for idempotency.
 - name: Copy .my.cnf file with root password credentials.
   template:
-    src: "user-my.cnf.j2"
-    dest: "{{ mysql_user_home }}/.my.cnf"
+    src: "root-my.cnf.j2"
+    dest: "{{ mysql_root_home }}/.my.cnf"
     owner: root
     group: root
     mode: 0600
+  when: mysql_install_packages | bool or mysql_root_password_update
 
 - name: Get list of hosts for the anonymous user.
   command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""'
   register: mysql_anonymous_hosts
   changed_when: false
-  always_run: true
+  check_mode: no
 
 - name: Remove anonymous MySQL users.
   mysql_user: