Fedora 41

Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2024-12-28 19:40:17 -06:00 · 2024-12-28 19:40:17 -06:00 · e10559639a
commit e10559639a
parent 4f03179cc9
8 changed files with 164 additions and 2 deletions
--- a/templates/Fedora/41/etc/my.cnf.d/hashicorp_key_management.cnf
+++ b/templates/Fedora/41/etc/my.cnf.d/hashicorp_key_management.cnf
@ -0,0 +1,117 @@
+# Copyright (C) 2019-2022 MariaDB Corporation
+#
+# This is a default configuration for the Hashicorp Vault plugin.
+# You can read more about the parameters of this plugin in the
+# hashicorp_key_management.txt file.
+#
+# NOTE THAT YOU MUST MANUALLY UNCOMMENT THE "plugin-load-add"
+# LINE AND ALL THE NECESSARY PARAMETERS BELOW, SETTING THEM
+# TO APPROPRIATE VALUES!
+#
+[mariadb]
+
+#
+# To use Hashicorp Vault KMS, the plugin must be preloaded and
+# activated on the server:
+#
+#plugin-load-add=hashicorp_key_management.so
+
+# Most of its parameters should not be changed during plugin
+# operation and therefore must be preconfigured as part of
+# the server configuration:
+
+#
+# HTTP[s] URL that is used to connect to the Hashicorp Vault server.
+# It must include the name of the scheme ("https://" for a secure
+# connection) and, according to the API rules for storages of the
+# key-value type in Hashicorp Vault, after the server address, the
+# path must begin with the "/v1/" string (as prefix), for example:
+# "https://127.0.0.1:8200/v1/my_secrets"
+#
+#hashicorp-key-management-vault-url="<url>"
+
+#
+# Authentication token that passed to the Hashicorp Vault
+# in the request header:
+#
+#hashicorp-key-management-token="<token>"
+
+#
+# Optional path to the Certificate Authority (CA) bundle
+# (is a file that contains root and intermediate certificates):
+#
+#hashicorp-key-management-vault-ca="<path>"
+
+#
+# Set the duration (in seconds) for the Hashicorp Vault server
+# connection timeout. The allowed range is from 1 to 86400 seconds.
+# The user can also specify a zero value, which means the default
+# timeout value set by the libcurl library (currently 300 seconds):
+#
+#hashicorp-key-management-timeout=15
+
+#
+# Number of server request retries in case of timeout:
+#
+#hashicorp-key-management-retries=3
+
+#
+# Enable key caching (storing key values received from
+# the Hashicorp Vault server in the local memory):
+#
+#hashicorp-key-management-caching-enabled="on"
+
+#
+# This parameter instructs the plugin to use the key values
+# or version numbers taken from the cache in the event of a
+# timeout when accessing the vault server. By default this
+# option is disabled.
+#
+# Please note that key values or version numbers will be read
+# from the cache when the timeout expires only after the number
+# of attempts to read them from the storage server that specified
+# by the hashicorp-key-management-retries parameter has been
+# exhausted:
+#
+#hashicorp-key-management-use-cache-on-timeout="off"
+
+#
+# The time (in milliseconds) after which the value of the key
+# stored in the cache becomes invalid and an attempt to read this
+# data causes a new request send to the vault server. By default,
+# cache entries become invalid after 60,000 milliseconds (after
+# one minute).
+#
+# If the value of this parameter is zero, then the keys will always
+# be considered invalid, but they still can be used if the vault
+# server is unavailable and the corresponding cache operating mode
+# (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
+# is enabled.
+#
+#hashicorp-key-management-cache-timeout=0
+
+#
+# The time (in milliseconds) after which the information about
+# latest version number of the key (which stored in the cache)
+# becomes invalid and an attempt to read this information causes
+# a new request send to the vault server.
+#
+# If the value of this parameter is zero, then information abount
+# latest key version numbers always considered invalid, unless
+# there is no communication with the vault server and use of the
+# cache is allowed when the server is unavailable.
+#
+# By default, this parameter is zero, that is, the latest version
+# numbers for the keys stored in the cache are considered always
+# invalid, except when the vault server is unavailable and use
+# of the cache is allowed on server failures.
+#
+#hashicorp-key-management-cache-version-timeout=0
+
+#
+# This parameter enables ("on", this is the default value) or disables
+# ("off") checking the kv storage version during plugin initialization.
+# The plugin requires storage to be version 2 or older in order for it
+# to work properly.
+#
+#hashicorp-key-management-check-kv-version=on
--- a/templates/Fedora/41/etc/my.cnf.d/mariadb-server.cnf
+++ b/templates/Fedora/41/etc/my.cnf.d/mariadb-server.cnf
@ -52,8 +52,8 @@ tls-version=TLSv1.2,TLSv1.3
 # you can put MariaDB-only options here
 [mariadb]

-# This group is only read by MariaDB-10.5 servers.
+# This group is only read by MariaDB-10.11 servers.
 # If you use the same .cnf file for MariaDB of different versions,
 # use this group for options that older servers don't understand
-[mariadb-10.5]
+[mariadb-10.11]

--- a/templates/Fedora/41/etc/my.cnf.d/provider_bzip2.cnf
+++ b/templates/Fedora/41/etc/my.cnf.d/provider_bzip2.cnf
@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_bzip2
+provider_bzip2=force_plus_permanent
--- a/templates/Fedora/41/etc/my.cnf.d/provider_lz4.cnf
+++ b/templates/Fedora/41/etc/my.cnf.d/provider_lz4.cnf
@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_lz4
+provider_lz4=force_plus_permanent
--- a/templates/Fedora/41/etc/my.cnf.d/provider_lzma.cnf
+++ b/templates/Fedora/41/etc/my.cnf.d/provider_lzma.cnf
@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_lzma
+provider_lzma=force_plus_permanent
--- a/templates/Fedora/41/etc/my.cnf.d/provider_lzo.cnf
+++ b/templates/Fedora/41/etc/my.cnf.d/provider_lzo.cnf
@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_lzo
+provider_lzo=force_plus_permanent
--- a/templates/Fedora/41/etc/my.cnf.d/provider_snappy.cnf
+++ b/templates/Fedora/41/etc/my.cnf.d/provider_snappy.cnf
@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_snappy
+provider_snappy=force_plus_permanent
--- a/vars/Fedora-41-default.yml
+++ b/vars/Fedora-41-default.yml
@ -63,6 +63,36 @@ template_list:
    mode: '0644'
    owner: 'root'
    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/auth_gssapi.cnf'
+  - dest: '/etc/my.cnf.d/hashicorp_key_management.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/hashicorp_key_management.cnf'
+  - dest: '/etc/my.cnf.d/provider_bzip2.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_bzip2.cnf'
+  - dest: '/etc/my.cnf.d/provider_lz4.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_lz4.cnf'
+  - dest: '/etc/my.cnf.d/provider_lzma.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_lzma.cnf'
+  - dest: '/etc/my.cnf.d/provider_lzo.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_lzo.cnf'
+  - dest: '/etc/my.cnf.d/provider_snappy.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_snappy.cnf'
  - dest: '/etc/phpMyAdmin/config.inc.php'
    group: 'root'
    mode: '0644'