From 902503f4be4c3e465a81f6ff3a3b591656c8e160 Mon Sep 17 00:00:00 2001 From: Jason Rothstein Date: Sun, 5 Jun 2022 18:27:57 -0500 Subject: [PATCH] Enable Fedora 36 --- .../36/etc/httpd/conf.d/phpMyAdmin.conf | 46 ++++++ templates/Fedora/36/etc/my.cnf | 11 ++ .../Fedora/36/etc/my.cnf.d/auth_gssapi.cnf | 2 + templates/Fedora/36/etc/my.cnf.d/client.cnf | 14 ++ .../etc/my.cnf.d/cracklib_password_check.cnf | 2 + .../36/etc/my.cnf.d/enable_encryption.preset | 20 +++ .../Fedora/36/etc/my.cnf.d/mariadb-server.cnf | 59 +++++++ .../Fedora/36/etc/my.cnf.d/mysql-clients.cnf | 23 +++ templates/Fedora/36/etc/my.cnf.d/spider.cnf | 7 + .../Fedora/36/etc/phpMyAdmin/config.inc.php | 153 ++++++++++++++++++ .../systemd/system/mariadb-copytls.service | 11 ++ .../lib/systemd/system/mariadb-copytls.timer | 8 + .../36/usr/lib/systemd/system/mariadb.service | 64 ++++++++ .../usr/lib/systemd/system/mariadb@.service | 85 ++++++++++ vars/Fedora-36-default.yml | 100 ++++++++++++ 15 files changed, 605 insertions(+) create mode 100644 templates/Fedora/36/etc/httpd/conf.d/phpMyAdmin.conf create mode 100644 templates/Fedora/36/etc/my.cnf create mode 100644 templates/Fedora/36/etc/my.cnf.d/auth_gssapi.cnf create mode 100644 templates/Fedora/36/etc/my.cnf.d/client.cnf create mode 100644 templates/Fedora/36/etc/my.cnf.d/cracklib_password_check.cnf create mode 100644 templates/Fedora/36/etc/my.cnf.d/enable_encryption.preset create mode 100644 templates/Fedora/36/etc/my.cnf.d/mariadb-server.cnf create mode 100644 templates/Fedora/36/etc/my.cnf.d/mysql-clients.cnf create mode 100644 templates/Fedora/36/etc/my.cnf.d/spider.cnf create mode 100644 templates/Fedora/36/etc/phpMyAdmin/config.inc.php create mode 100644 templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.service create mode 100644 templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.timer create mode 100644 templates/Fedora/36/usr/lib/systemd/system/mariadb.service create mode 100644 templates/Fedora/36/usr/lib/systemd/system/mariadb@.service create mode 100644 vars/Fedora-36-default.yml diff --git a/templates/Fedora/36/etc/httpd/conf.d/phpMyAdmin.conf b/templates/Fedora/36/etc/httpd/conf.d/phpMyAdmin.conf new file mode 100644 index 0000000..98738c7 --- /dev/null +++ b/templates/Fedora/36/etc/httpd/conf.d/phpMyAdmin.conf @@ -0,0 +1,46 @@ +# phpMyAdmin - Web based MySQL browser written in php +# +# Allows only localhost by default +# +# But allowing phpMyAdmin to anyone other than localhost should be considered +# dangerous unless properly secured by SSL + +Alias /phpMyAdmin /usr/share/phpMyAdmin +Alias /phpmyadmin /usr/share/phpMyAdmin + + + AddDefaultCharset UTF-8 + Require ssl + + + + Require local + + +# These directories do not require access over HTTP - taken from the original +# phpMyAdmin upstream tarball +# + + Require all denied + + + + Require all denied + + + + Require all denied + + + + Require all denied + + +# This configuration prevents mod_security at phpMyAdmin directories from +# filtering SQL etc. This may break your mod_security implementation. +# +# +# +# SecRuleInheritance Off +# +# diff --git a/templates/Fedora/36/etc/my.cnf b/templates/Fedora/36/etc/my.cnf new file mode 100644 index 0000000..913b88f --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf @@ -0,0 +1,11 @@ +# +# This group is read both both by the client and the server +# use it for options that affect everything +# +[client-server] + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d + diff --git a/templates/Fedora/36/etc/my.cnf.d/auth_gssapi.cnf b/templates/Fedora/36/etc/my.cnf.d/auth_gssapi.cnf new file mode 100644 index 0000000..c7cbc78 --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf.d/auth_gssapi.cnf @@ -0,0 +1,2 @@ +[mariadb] +#plugin-load-add=auth_gssapi.so diff --git a/templates/Fedora/36/etc/my.cnf.d/client.cnf b/templates/Fedora/36/etc/my.cnf.d/client.cnf new file mode 100644 index 0000000..05442bf --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf.d/client.cnf @@ -0,0 +1,14 @@ +# +# These two groups are read by the client library +# Use it for options that affect all clients, but not the server +# +[client] +default-character-set = utf8mb4 + +# This group is not read by mysql client library, +# If you use the same .cnf file for MySQL and MariaDB, +# use it for MariaDB-only client options +[client-mariadb] +ssl +ssl-verify-server-cert + diff --git a/templates/Fedora/36/etc/my.cnf.d/cracklib_password_check.cnf b/templates/Fedora/36/etc/my.cnf.d/cracklib_password_check.cnf new file mode 100644 index 0000000..72cbcb1 --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf.d/cracklib_password_check.cnf @@ -0,0 +1,2 @@ +[mariadb] +#plugin-load-add=cracklib_password_check.so diff --git a/templates/Fedora/36/etc/my.cnf.d/enable_encryption.preset b/templates/Fedora/36/etc/my.cnf.d/enable_encryption.preset new file mode 100644 index 0000000..722db7e --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf.d/enable_encryption.preset @@ -0,0 +1,20 @@ +# +# !include this file into your my.cnf (or any of *.cnf files in /etc/my.cnf.d) +# and it will enable data at rest encryption. This is a simple way to +# ensure that everything that can be encrypted will be and your +# data will not leak unencrypted. +# +# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a +# newer version and your edits will be lost. Instead, add your edits +# to the .cnf file after the !include directive. +# +# NOTE that you also need to install an encryption plugin for the encryption +# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management +# +[mariadb] +aria-encrypt-tables +encrypt-binlog +encrypt-tmp-disk-tables +encrypt-tmp-files +loose-innodb-encrypt-log +loose-innodb-encrypt-tables diff --git a/templates/Fedora/36/etc/my.cnf.d/mariadb-server.cnf b/templates/Fedora/36/etc/my.cnf.d/mariadb-server.cnf new file mode 100644 index 0000000..7239135 --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf.d/mariadb-server.cnf @@ -0,0 +1,59 @@ +# +# These groups are read by MariaDB server. +# Use it for options that only the server (but not clients) should see +# +# See the examples of server my.cnf files in /usr/share/mysql/ +# + +# this is read by the standalone daemon and embedded servers +[server] + +# this is only for the mysqld standalone daemon +# Settings user and group are ignored when systemd is used. +# If you need to run mysqld under a different user or group, +# customize your systemd unit file for mysqld/mariadb according to the +# instructions in http://fedoraproject.org/wiki/Systemd +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +log-error=/var/log/mariadb/mariadb.log +pid-file=/run/mariadb/mariadb.pid +character-set-server = utf8mb4 +ssl-cert=/etc/my.cnf.d/certificates/pubcert.epm +ssl-key=/etc/my.cnf.d/certificates/privkey.epm +tls-version=TLSv1.2,TLSv1.3 + + +# +# * Galera-related settings +# +[galera] +# Mandatory settings +#wsrep_on=ON +#wsrep_provider= +#wsrep_cluster_address= +#binlog_format=row +#default_storage_engine=InnoDB +#innodb_autoinc_lock_mode=2 +# +# Allow server to accept connections on all interfaces. +# +#bind-address=0.0.0.0 +# +# Optional setting +#wsrep_slave_threads=1 +#innodb_flush_log_at_trx_commit=0 + +# this is only for embedded server +[embedded] + +# This group is only read by MariaDB servers, not by MySQL. +# If you use the same .cnf file for MySQL and MariaDB, +# you can put MariaDB-only options here +[mariadb] + +# This group is only read by MariaDB-10.5 servers. +# If you use the same .cnf file for MariaDB of different versions, +# use this group for options that older servers don't understand +[mariadb-10.5] + diff --git a/templates/Fedora/36/etc/my.cnf.d/mysql-clients.cnf b/templates/Fedora/36/etc/my.cnf.d/mysql-clients.cnf new file mode 100644 index 0000000..3df9b7b --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf.d/mysql-clients.cnf @@ -0,0 +1,23 @@ +# +# These groups are read by MariaDB command-line tools +# Use it for options that affect only one utility +# + +[mysql] + +[mysql_upgrade] + +[mysqladmin] + +[mysqlbinlog] + +[mysqlcheck] + +[mysqldump] + +[mysqlimport] + +[mysqlshow] + +[mysqlslap] + diff --git a/templates/Fedora/36/etc/my.cnf.d/spider.cnf b/templates/Fedora/36/etc/my.cnf.d/spider.cnf new file mode 100644 index 0000000..ebc9968 --- /dev/null +++ b/templates/Fedora/36/etc/my.cnf.d/spider.cnf @@ -0,0 +1,7 @@ +[mariadb] +# +# Uncomment line to enable +# +#plugin-load-add = ha_spider + +# Read more at https://mariadb.com/kb/en/spider/ diff --git a/templates/Fedora/36/etc/phpMyAdmin/config.inc.php b/templates/Fedora/36/etc/phpMyAdmin/config.inc.php new file mode 100644 index 0000000..b973a14 --- /dev/null +++ b/templates/Fedora/36/etc/phpMyAdmin/config.inc.php @@ -0,0 +1,153 @@ +. + */ + +declare(strict_types=1); + +/** + * This is needed for cookie based authentication to encrypt password in + * cookie. Needs to be 32 chars long. + */ +$cfg['blowfish_secret'] = '22ba7cd24c092bec00a83751012d0082'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ + +/** + * Servers configuration + */ +$i = 0; + +/** + * First server + */ +$i++; +/* Authentication type */ +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +/* Server parameters */ +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['AllowNoPassword'] = false; + +/** + * phpMyAdmin configuration storage settings. + */ + +/* User used to manipulate with storage */ +// $cfg['Servers'][$i]['controlhost'] = ''; +// $cfg['Servers'][$i]['controlport'] = ''; +// $cfg['Servers'][$i]['controluser'] = 'pma'; +// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; + +/* Storage database and tables */ +// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +// $cfg['Servers'][$i]['relation'] = 'pma__relation'; +// $cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; +// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +// $cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +// $cfg['Servers'][$i]['history'] = 'pma__history'; +// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +// $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +// $cfg['Servers'][$i]['recent'] = 'pma__recent'; +// $cfg['Servers'][$i]['favorite'] = 'pma__favorite'; +// $cfg['Servers'][$i]['users'] = 'pma__users'; +// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; +// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; +// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; + +/** + * End of servers configuration + */ + +/** + * Directories for saving/loading files from server + */ +$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload'; +$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save'; + +/** + * Whether to display icons or text or both icons and text in table row + * action segment. Value can be either of 'icons', 'text' or 'both'. + * default = 'both' + */ +//$cfg['RowActionType'] = 'icons'; + +/** + * Defines whether a user should be displayed a "show all (records)" + * button in browse mode or not. + * default = false + */ +//$cfg['ShowAll'] = true; + +/** + * Number of rows displayed when browsing a result set. If the result + * set contains more rows, "Previous" and "Next". + * Possible values: 25, 50, 100, 250, 500 + * default = 25 + */ +//$cfg['MaxRows'] = 50; + +/** + * Disallow editing of binary fields + * valid values are: + * false allow editing + * 'blob' allow editing except for BLOB fields + * 'noblob' disallow editing except for BLOB fields + * 'all' disallow editing + * default = 'blob' + */ +//$cfg['ProtectBinary'] = false; + +/** + * Default language to use, if not browser-defined or user-defined + * (you find all languages in the locale folder) + * uncomment the desired line: + * default = 'en' + */ +//$cfg['DefaultLang'] = 'en'; +//$cfg['DefaultLang'] = 'de'; + +/** + * How many columns should be used for table display of a database? + * (a value larger than 1 results in some information being hidden) + * default = 1 + */ +//$cfg['PropertiesNumColumns'] = 2; + +/** + * Set to true if you want DB-based query history.If false, this utilizes + * JS-routines to display query history (lost by window close) + * + * This requires configuration storage enabled, see above. + * default = false + */ +//$cfg['QueryHistoryDB'] = true; + +/** + * When using DB-based query history, how many entries should be kept? + * default = 25 + */ +//$cfg['QueryHistoryMax'] = 100; + +/** + * Whether or not to query the user before sending the error report to + * the phpMyAdmin team when a JavaScript error occurs + * + * Available options + * ('ask' | 'always' | 'never') + * default = 'ask' + */ +//$cfg['SendErrorReports'] = 'always'; + +/** + * You can find more configuration options in the documentation + * in the doc/ folder or at . + */ diff --git a/templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.service b/templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.service new file mode 100644 index 0000000..3f63078 --- /dev/null +++ b/templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.service @@ -0,0 +1,11 @@ +[Unit] +Description=Copy TLS Certificates for Mariadb + +[Service] +Type=oneshot +ExecStartPre=mkdir -p /etc/my.cnf.d/certificates +ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ mariadb_vhost }}/*.pem /etc/my.cnf.d/certificates/' +ExecStartPost=chown -R mysql:mysql /etc/my.cnf.d/certificates + +[Install] +WantedBy=mariadb.service diff --git a/templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.timer b/templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.timer new file mode 100644 index 0000000..8e5ad7b --- /dev/null +++ b/templates/Fedora/36/usr/lib/systemd/system/mariadb-copytls.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Copy TLS Certificates for Mariadb + +[Timer] +OnUnitActiveSec=5min + +[Install] +WantedBy=mariadb.service diff --git a/templates/Fedora/36/usr/lib/systemd/system/mariadb.service b/templates/Fedora/36/usr/lib/systemd/system/mariadb.service new file mode 100644 index 0000000..d61fd82 --- /dev/null +++ b/templates/Fedora/36/usr/lib/systemd/system/mariadb.service @@ -0,0 +1,64 @@ +# It's not recommended to modify this file in-place, because it will be +# overwritten during package upgrades. If you want to customize, the +# best way is to: +# +# root> systemctl edit mariadb.service +# +# Then add additonal directives under a section (probably [Service]). +# +# For more info about custom unit files, see systemd.unit(5) or +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F +# +# For example, if you want to increase MariaDB's open-files-limit to 10000, +# you need to increase systemd's LimitNOFILE setting, use the contents below: +# +# [Service] +# LimitNOFILE=10000 +# + +[Unit] +Description=MariaDB 10.5 database server +Documentation=man:mariadbd(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ +After=network.target + +[Install] +WantedBy=multi-user.target +Alias=mysql.service +Alias=mysqld.service + +[Service] +Type=notify +User=mysql +Group=mysql + +ExecStartPre=/usr/libexec/mariadb-check-socket +# '%n' expands to 'Full unit name'; man systemd.unit +ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n +# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf +# Note: we set --basedir to prevent probes that might trigger SELinux alarms, +# per bug #547485 +ExecStart=/usr/libexec/mariadbd --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER +ExecStartPost=/usr/libexec/mariadb-check-upgrade + +# Setting this to true can break replication and the Type=notify settings +# See also bind-address MariaDB option. +PrivateNetwork=false + +KillSignal=SIGTERM + +# Don't want to see an automated SIGKILL ever +SendSIGKILL=no + +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s + +UMask=007 + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 + +# Place temp files in a secure directory, not /tmp +PrivateTmp=true diff --git a/templates/Fedora/36/usr/lib/systemd/system/mariadb@.service b/templates/Fedora/36/usr/lib/systemd/system/mariadb@.service new file mode 100644 index 0000000..10ca8fd --- /dev/null +++ b/templates/Fedora/36/usr/lib/systemd/system/mariadb@.service @@ -0,0 +1,85 @@ +# Multi instance version of MariaDB. For if you run mutiple verions at once. +# Also used for mariadb@bootstrap to bootstrap Galera. +# +# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in +# /etc/@my.cnf to change per instance settings. A minimumal necessary +# configuration items to change to avoid conflicts between instances is: +# +# [mariadbd.instancename] +# # TCP port to make available for clients +# port=3306 +# # Socket to make available for clients +# socket=/tmp/mariadb-instancename.sock +# # Where MariaDB should store all its data +# datadir=/usr/local/mariadb-instancename/data +# +# and start the service via: +# +# root> systemctl start mariadb@{instancename}.server +# +# It's not recommended to modify this file in-place, because it will be +# overwritten during package upgrades. If you want to customize, for +# all instances, the best way is: +# +# root> systemctl edit mariadb@.service +# +# Then add additonal directives under a section (probably [Service]). +# +# If you only want to change a specific instance: +# +# root> systemctl edit mariadb@{instancename}.server +# +# For more info about custom unit files, see systemd.unit(5) or +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F +# +# For example, if you want to increase MariaDB's open-files-limit to 10000, +# you need to increase systemd's LimitNOFILE setting, use the contents below: +# +# [Service] +# LimitNOFILE=10000 + +[Unit] +Description=MariaDB 10.5 database server +Documentation=man:mariadbd(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ +After=network.target + +[Install] +WantedBy=multi-user.target +Alias=mysql.service +Alias=mysqld.service + +[Service] +Type=notify +User=mysql +Group=mysql + +ExecStartPre=/usr/libexec/mariadb-check-socket --defaults-group-suffix=.%I +ExecStartPre=/usr/libexec/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n +# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf +# Note: we set --basedir to prevent probes that might trigger SELinux alarms, +# per bug #547485 +ExecStart=/usr/libexec/mariadbd --defaults-group-suffix=.%I --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER +ExecStartPost=/usr/libexec/mariadb-check-upgrade --defaults-group-suffix=.%I + +# Setting this to true can break replication and the Type=notify settings +# See also bind-address MariaDB option. +PrivateNetwork=false + +KillSignal=SIGTERM + +# Don't want to see an automated SIGKILL ever +SendSIGKILL=no + +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s + +UMask=007 + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 + +# Place temp files in a secure directory, not /tmp +PrivateTmp=true diff --git a/vars/Fedora-36-default.yml b/vars/Fedora-36-default.yml new file mode 100644 index 0000000..be65d9f --- /dev/null +++ b/vars/Fedora-36-default.yml @@ -0,0 +1,100 @@ +--- +# vars file for ensure_mariadb +package_list: + - name: 'mariadb' + state: 'present' + - name: 'mariadb-server' + state: 'present' + - name: 'phpMyAdmin' + state: 'present' +firewall_list: + - permanent: 'yes' + service: 'mysql' + state: 'enabled' +service_list: + - name: 'httpd.service' + state: 'started' + enabled: 'yes' + - name: 'httpd-reload.timer' + state: 'started' + enabled: 'yes' + - name: 'php-fpm.service' + state: 'started' + enabled: 'yes' + - name: 'mariadb-copytls.service' + state: 'started' + enabled: 'yes' + - name: 'mariadb.service' + state: 'started' + enabled: 'yes' +template_list: + - dest: '/etc/my.cnf.d/client.cnf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/client.cnf' + - dest: '/etc/my.cnf.d/mariadb-server.cnf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/mariadb-server.cnf' + - dest: '/etc/my.cnf.d/mysql-clients.cnf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/mysql-clients.cnf' + - dest: '/etc/my.cnf.d/spider.cnf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/spider.cnf' + - dest: '/etc/my.cnf.d/enable_encryption.preset' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/enable_encryption.preset' + - dest: '/etc/my.cnf.d/cracklib_password_check.cnf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/cracklib_password_check.cnf' + - dest: '/etc/my.cnf.d/auth_gssapi.cnf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/auth_gssapi.cnf' + - dest: '/etc/phpMyAdmin/config.inc.php' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/phpMyAdmin/config.inc.php' + - dest: '/etc/my.cnf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf' + - dest: '/etc/httpd/conf.d/phpMyAdmin.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/httpd/conf.d/phpMyAdmin.conf' + - dest: '/usr/lib/systemd/system/mariadb.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb.service' + - dest: '/usr/lib/systemd/system/mariadb@.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb@.service' + - dest: '/usr/lib/systemd/system/mariadb-copytls.timer' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb-copytls.timer' + - dest: '/usr/lib/systemd/system/mariadb-copytls.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb-copytls.service'