This playbook installs MariaDB using distro-aware package handling and applies a minimal service baseline. Updated for current best practices with MariaDB 11.4+.
- name: Install MariaDB
hosts: mariadb
become: true
vars:
# MariaDB version considerations
mariadb_version: "11.4" # Specify version if needed
app_packages_debian:
- mariadb-server
app_packages_redhat:
- mariadb-server
tasks:
- name: Install packages on Debian family
apt:
name: "{{ app_packages_debian }}"
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install packages on RedHat family
dnf:
name: "{{ app_packages_redhat }}"
state: present
when: ansible_os_family == "RedHat"
- name: Enable and start service
service:
name: mariadb
state: started
enabled: true
- name: Wait for MariaDB to be ready
wait_for:
port: 3306
host: "{{ ansible_default_ipv4.address }}"
delay: 5
timeout: 30
- name: Validate binary availability
command: mariadb --version
register: app_version
changed_when: false
failed_when: false
- name: Show version/check output
debug:
var: app_version.stdout
- name: Run mysql_secure_installation equivalent tasks
block:
# Remove anonymous users
- name: Remove anonymous users
mysql_user:
name: ""
host_all: yes
state: absent
login_unix_socket: /run/mysqld/mysqld.sock
when: ansible_os_family == "Debian"
- name: Remove anonymous users (RHEL)
mysql_user:
name: ""
host_all: yes
state: absent
login_unix_socket: /var/lib/mysql/mysql.sock
when: ansible_os_family == "RedHat"
# Remove test database
- name: Remove test database
mysql_db:
name: test
state: absent
# Disallow root login remotely (optional)
- name: Remove remote root access
mysql_user:
name: root
host: "{{ item }}"
state: absent
loop:
- '%'
- '127.0.0.1'
- '::1'
when: inventory_hostname not in item
For production deployments, consider this enhanced playbook that includes basic configuration:
- name: Install and configure MariaDB
hosts: mariadb
become: true
vars:
mariadb_config_file: "/etc/mysql/mariadb.conf.d/50-server.cnf"
bind_address: "127.0.0.1" # Adjust as needed for your network
max_connections: 100
tasks:
- name: Install MariaDB packages
package:
name:
- mariadb-server
- python3-mysqldb # For mysql_* modules
state: present
notify: restart mariadb
- name: Configure MariaDB
template:
src: server.cnf.j2
dest: "{{ mariadb_config_file }}"
owner: root
group: root
mode: '0644'
notify: restart mariadb
- name: Enable and start MariaDB service
service:
name: mariadb
state: started
enabled: true
- name: Secure MariaDB installation
import_tasks: mariadb-security.yml
handlers:
- name: restart mariadb
service:
name: mariadb
state: restarted
Consider using community-maintained roles for more MariaDB management:
# requirements.yml
roles:
- name: geerlingguy.mariadb
version: "3.1.0"
Install with:
ansible-galaxy install -r requirements.yml
--ssl-verify-server-cert enabledmysql_* Ansible modules for database/user management tasks