From: Hamatoma Date: Mon, 19 May 2025 13:15:16 +0000 (+0200) Subject: Improvements X-Git-Url: https://gitweb.hamatoma.de/?a=commitdiff_plain;h=1baea8aaa3090bafd2dad40d2ee090961ca26208;p=ansknife.git Improvements --- diff --git a/docu/de/70_postgresql.md b/docu/de/70_postgresql.md index d385320..78ec962 100644 --- a/docu/de/70_postgresql.md +++ b/docu/de/70_postgresql.md @@ -48,4 +48,20 @@ CREATE ROLE mydb WITH CREATEDB CREATEROLE NOLOGIN; CREATE DATABASE mydb OWNER = mydb; # Zugriff von Benutzer Jonny auf mydb: GRANT mydb TO jonny; +``` + +### Dump und Restore +- effizent, aber nicht abwärtskompatibel: -F c +- ab- und aufwärtskompatibel: -F p +``` +pg_dump -U postgres -d datenbankname -F p -f backup.sql + +# Auf dem alten Server (PostgreSQL 13): +pg_dump -U postgres -F c -f meine_db.dump meine_db + +# Datei auf neuen Server kopieren + +# Auf dem neuen Server (PostgreSQL 15): +createdb -U postgres meine_db +pg_restore -U postgres -d meine_db meine_db.dump ``` \ No newline at end of file diff --git a/docu/de/71_mysql.md b/docu/de/71_mysql.md new file mode 100644 index 0000000..349efea --- /dev/null +++ b/docu/de/71_mysql.md @@ -0,0 +1,26 @@ +# MySql + +## Zielsetzung +Hier wird beschrieben, wie die Datenbank- und Rechteverwaltung unter Maraiadb bzw. MySql funktioniert. + +## Rechtemanagement +Benutzer werden in der DB mysql definiert: +``` +mysql -u root -p mysql +``` + +## Einrichten eines Superusers mit Zugriff auf alles +``` +CREATE USER 'dba'@'localhost' IDENTIFIED BY 'topsecret'; +GRANT ALL PRIVILEGES ON *.* TO 'dba'@'localhost' WITH GRANT OPTION; + +CREATE USER 'dba'@'10.10.100.171' IDENTIFIED BY 'topsecret'; +GRANT ALL PRIVILEGES ON *.* TO 'dba'@'10.10.100.171' WITH GRANT OPTION; +FLUSH PRIVILEGES; +``` + +# Abfrage der Benutzer und Rechte +``` +select host, user from user; +show grants for 'dba'@'localhost'; +``` diff --git a/playbooks.templates/i_17_configuration.yaml b/playbooks.templates/i_17_configuration.yaml index 76bbe09..afbe9c9 100644 --- a/playbooks.templates/i_17_configuration.yaml +++ b/playbooks.templates/i_17_configuration.yaml @@ -19,8 +19,22 @@ line: SystemMaxFileSize={{ systemd_journal_system_max_file_size }} notify: - restart systemd-journald + - name: Avoid SSH session timeout + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^#?{{ item.key }}" + line: "{{ item.key }} {{ item.value }}" + notify: + - restart sshd + with_dict: + ClientAliveInterval: "{{ ssh_alive_interval }}" + ClientAliveCountMax: "{{ ssh_alive_max_count }}" handlers: - name: restart systemd-journald ansible.builtin.systemd: name: systemd-journald + state: restarted + - name: restart sshd + ansible.builtin.systemd: + name: sshd state: restarted \ No newline at end of file diff --git a/playbooks.templates/mysql_users.yaml b/playbooks.templates/mysql_users.yaml index d38294e..d538936 100644 --- a/playbooks.templates/mysql_users.yaml +++ b/playbooks.templates/mysql_users.yaml @@ -10,6 +10,7 @@ name: "{{ item.name }}" password: "{{ item.password }}" host: "{{ item.host }}" + priv: "{{ item.db }}.*:ALL,GRANT" state: present login_user: "{{ dba_name }}" login_password: "{{ dba_password }}" @@ -20,6 +21,7 @@ ansible.builtin.mysql_user: name: "{{ item.name }}" host: "{{ item.host }}" + priv: "{{ item.db }}.*:ALL,GRANT" state: present login_user: "{{ dba_name }}" login_password: "{{ dba_password }}" diff --git a/templates.vars/common.yaml b/templates.vars/common.yaml index 1a8c9c1..1a50880 100644 --- a/templates.vars/common.yaml +++ b/templates.vars/common.yaml @@ -5,6 +5,8 @@ remote_www_directory: "/home/www" # the system log files have maximal that size systemd_journal_system_max_use: 200M systemd_journal_system_max_file_size: 50M +ssh_alive_interval: 60 +ssh_alive_max_count: 3 postfix_host: "mail.example.com" postfix_domain: "example.com" postfix_mode: send_only