4 files changed, 23 insertions, 153 deletions
diff --git a/roles/common-SQL/files/etc/mysql/mariadb.conf.d/99-user.cnf b/roles/common-SQL/files/etc/mysql/mariadb.conf.d/99-user.cnf
new file mode 100644
index 0000000..f3323f9
--- /dev/null
+++ b/roles/common-SQL/files/etc/mysql/mariadb.conf.d/99-user.cnf
@@ -0,0 +1,4 @@
+[mysqld]
+skip-networking
+innodb_file_per_table
+innodb_flush_method = O_DIRECT
diff --git a/roles/common-SQL/files/etc/mysql/my.cnf b/roles/common-SQL/files/etc/mysql/my.cnf
deleted file mode 100644
index 909236d..0000000
--- a/roles/common-SQL/files/etc/mysql/my.cnf
+++ /dev/null
@@ -1,129 +0,0 @@
-#
-# The MySQL database server configuration file.
-#
-# You can copy this to one of:
-# - "/etc/mysql/my.cnf" to set global options,
-# - "~/.my.cnf" to set user-specific options.
-# 
-# One can use all long options that the program supports.
-# Run program with --help to get a list of available options and with
-# --print-defaults to see which it would actually understand and use.
-#
-# For explanations see
-# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
-
-# This will be passed to all mysql clients
-# It has been reported that passwords should be enclosed with ticks/quotes
-# escpecially if they contain "#" chars...
-# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
-[client]
-port		= 3306
-socket		= /var/run/mysqld/mysqld.sock
-
-# Here is entries for some specific programs
-# The following values assume you have at least 32M ram
-
-# This was formally known as [safe_mysqld]. Both versions are currently parsed.
-[mysqld_safe]
-socket		= /var/run/mysqld/mysqld.sock
-nice		= 0
-
-[mysqld]
-#
-# * Basic Settings
-#
-user		= mysql
-pid-file	= /var/run/mysqld/mysqld.pid
-socket		= /var/run/mysqld/mysqld.sock
-plugin-load = auth_socket=auth_socket.so
-port		= 3306
-basedir		= /usr
-datadir		= /var/lib/mysql
-tmpdir		= /tmp
-lc-messages-dir		 = /usr/share/mysql
-character_set_server = utf8
-collation_server	 = utf8_unicode_ci
-skip-external-locking
-#
-# Instead of skip-networking the default is now to listen only on
-# localhost which is more compatible and is not less secure.
-#bind-address		= 127.0.0.1
-skip-networking
-#
-# * Fine Tuning
-#
-key_buffer_size		= 16M
-max_allowed_packet	= 16M
-thread_stack		= 192K
-thread_cache_size	= 8
-# This replaces the startup script and checks MyISAM tables if needed
-# the first time they are touched
-myisam-recover		= BACKUP
-#max_connections	= 100
-#table_cache		= 64
-#thread_concurrency	= 10
-#
-# * Query Cache Configuration
-#
-query_cache_limit	= 1M
-query_cache_size	= 16M
-#
-# * Logging and Replication
-#
-# Both location gets rotated by the cronjob.
-# Be aware that this log type is a performance killer.
-# As of 5.1 you can enable the log at runtime!
-#general_log_file	= /var/log/mysql/mysql.log
-#general_log		= 1
-#
-# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf.
-#
-# Here you can see queries with especially long duration
-#log_slow_queries	= /var/log/mysql/mysql-slow.log
-#long_query_time = 2
-#log-queries-not-using-indexes
-#
-# The following can be used as easy to replay backup logs or for replication.
-# note: if you are setting up a replication slave, see README.Debian about
-#		other settings you may need to change.
-#server-id			= 1
-#log_bin			= /var/log/mysql/mysql-bin.log
-expire_logs_days	= 10
-max_binlog_size		= 100M
-#binlog_do_db		= include_database_name
-#binlog_ignore_db	= include_database_name
-#
-# * InnoDB
-#
-# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
-# Read the manual for more InnoDB related options. There are many!
-#
-# * Security Features
-#
-# Read the manual, too, if you want chroot!
-# chroot = /var/lib/mysql/
-#
-# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
-#
-# ssl-ca=/etc/mysql/cacert.pem
-# ssl-cert=/etc/mysql/server-cert.pem
-# ssl-key=/etc/mysql/server-key.pem
-
-
-
-[mysqldump]
-quick
-quote-names
-max_allowed_packet	= 16M
-
-[mysql]
-#no-auto-rehash	# faster start of mysql but no tab completition
-
-[isamchk]
-key_buffer_size		= 16M
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-#	The files must end with '.cnf', otherwise they'll be ignored.
-#
-!includedir /etc/mysql/conf.d/
diff --git a/roles/common-SQL/handlers/main.yml b/roles/common-SQL/handlers/main.yml
index d1d355f..eae5efd 100644
--- a/roles/common-SQL/handlers/main.yml
+++ b/roles/common-SQL/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
-- name: Restart MySQL
-  service: name=mysql state=restarted
+- name: Restart MariaDB
+  service: name=mariadb state=restarted
 
 - name: Restart munin-node
   service: name=munin-node state=restarted
diff --git a/roles/common-SQL/tasks/main.yml b/roles/common-SQL/tasks/main.yml
index 9064a68..7e59f60 100644
--- a/roles/common-SQL/tasks/main.yml
+++ b/roles/common-SQL/tasks/main.yml
@@ -1,67 +1,62 @@
-# XXX If #742046 gets fixed, we should preseed mysql-server to use
-# auth_socket as auth_plugin once the fix enters stable.
-- name: Install MySQL
-  apt: pkg={{ item }}
-  with_items:
-    # XXX: In non-interactive mode apt-get doesn't put a password on
-    # MySQL's root user; we fix that on the next task, but an intruder
-    # could exploit the race condition and for instance create dummy
-    # users.
-    - mysql-common
-    - mysql-server
-    - python-mysqldb
+- name: Install MariaDB
+  apt: pkg={{ packages }}
+  vars:
+    packages:
+    - mariadb-common
+    - mariadb-server
+    - python3-mysqldb
     # for the 'mysql_' munin plugin
     - libcache-cache-perl
 
-- name: Copy MySQL's configuration
-  copy: src=etc/mysql/my.cnf
-        dest=/etc/mysql/my.cnf
+- name: Copy MySQL/MariaDB configuration
+  copy: src=etc/mysql/mariadb.conf.d/99-user.cnf
+        dest=/etc/mysql/mariadb.conf.d/99-user.cnf
         owner=root group=root
         mode=0644
   register: r
   notify:
-    - Restart MySQL
+    - Restart MariaDB
 
 # We need to restart now and load the relevant authplugin before we
 # connect to the database.
 - meta: flush_handlers
 
 # XXX Dirty fix for #742046
 - name: Force root to use UNIX permissions
-  mysql_user2: name=root password= auth_plugin=auth_socket
-               state=present
+  mysql_user: name=root password="" plugin=unix_socket
+              state=present
 
 - name: Disallow anonymous and TCP/IP root login
-  mysql_user2: name={{ item.name|default('') }} host={{ item.host }}
-               state=absent
+  mysql_user: name={{ item.name|default('') }} host={{ item.host }}
+              state=absent
   with_items:
     - {             host: '{{ inventory_hostname_short }}' }
     - {             host: 'localhost' }
     - {             host: '127.0.0.1'}
     - {             host: '::1'}
     - { name: root, host: '{{ inventory_hostname_short }}' }
     - { name: root, host: '127.0.0.1'}
     - { name: root, host: '::1'}
 
-- name: Start MySQL
-  service: name=mysql state=started
+- name: Start MariaDB
+  service: name=mariadb state=started
 
 
 - name: Install 'mysql_' Munin wildcard plugin
   file: src=/usr/share/munin/plugins/mysql_
         dest=/etc/munin/plugins/mysql_{{ item }}
         owner=root group=root
         state=link force=yes
   with_items:
     # sudo /usr/share/munin/plugins/mysql_ suggest
     - bin_relay_log
     - commands
     - connections
     - files_tables
     - innodb_bpool
     - innodb_bpool_act
     - innodb_io
     - innodb_log
     - innodb_rows
     - innodb_semaphores
     - innodb_tnx