---
# file: roles/mysql/tasks/main.yml

- name: ensure mysql packages are installed
  apt:
    name:
      - mariadb-server
      - python3-pymysql
    state: present
  tags:
    - packages
    - mysql

- name: ensure mysql is started
  service:
    name: mysql
    state: started
    enabled: true

- name: ensure the mysql root user exists and has the correct password
  mysql_user:
    name: root
    password: "{{ mysql_root_password }}"
    login_user: root
    login_password: "{{ mysql_root_password }}"
  register: mysql_root_creation_result
  no_log: true
  ignore_errors: true

- name: initialize the mysql root user
  mysql_user:
    name: root
    password: "{{ mysql_root_password }}"
  no_log: true
  when: mysql_root_creation_result is failed

- name: ensure a read-only mysql user for backups exists
  mysql_user:
    name: "{{ mysql_backup_user }}"
    password: "{{ mysql_backup_password }}"
    login_user: root
    login_password: "{{ mysql_root_password }}"
    priv: "*.*:SELECT,LOCK TABLES"

- name: ensure the backup procedure can access the backup password
  template:
    src: my.cnf
    dest: "/root/.mysql-{{mysql_backup_user}}.cnf"
    owner: root
    group: root
    mode: '0600'

- name: deploy the mysql backup script
  template:
    src: mysqlbackup.sh
    dest: /usr/local/bin/
    owner: root
    group: root
    mode: '0755'

- name: ensure we backup all the mysql databases with rsnapshot
  copy:
    src: rsnapshot.conf
    dest: /etc/rsnapshot.d/mysql.conf
    owner: root
    group: root
    mode: '0644'

- name: remove obsolete crontab
  file:
    path: /etc/cron.d/mysql-snapshot
    state: absent