add database & users creation

README.md

@@ -7,6 +7,7 @@ An Ansible role for installing and configuring MariaDB on Debian-based systems u
 - ✅ Official MariaDB repository setup
 - ✅ Flexible version management (major and minor versions)
 - ✅ Automatic upgrade capabilities
+- ✅ Database and user management
 - ✅ Idempotent operations
 - ✅ Support for MariaDB versions 10, 11, and 12
 - ✅ Proper service management during upgrades
@@ -29,6 +30,8 @@ None. The role works with sensible defaults.
 | `mariadb_major_version` | `"12"` | Major version for repository setup (10, 11, or 12) |
 | `mariadb_minor_version` | `undefined` | Minor version for specific version install (e.g., "8" for 11.8.x) |
 | `mariadb_force_upgrade` | `false` | Force repository update and package upgrade |
+| `mariadb_databases` | `[]` | List of databases to create |
+| `mariadb_users` | `[]` | List of users to create |
 
 ### Variable Details
 
@@ -48,6 +51,24 @@ None. The role works with sensible defaults.
 - **Purpose**: Forces repository reconfiguration and package upgrades
 - **Use case**: Required when upgrading between major versions
 
+#### `mariadb_databases`
+- **Type**: List of dictionaries
+- **Purpose**: Databases to create automatically
+- **Structure**:
+  - `name` (required): Database name
+  - `encoding` (optional): Character encoding (default: `utf8mb4`)
+  - `collation` (optional): Collation (default: `utf8mb4_unicode_ci`)
+
+#### `mariadb_users`
+- **Type**: List of dictionaries  
+- **Purpose**: Users to create automatically
+- **Structure**:
+  - `name` (required): Username
+  - `password` (optional): Plain text password
+  - `encrypted_password` (optional): Pre-encrypted password hash
+  - `host` (required): List of allowed hosts/IPs
+  - `priv` (optional): List of privileges
+
 ## Dependencies
 
 None.
@@ -94,6 +115,38 @@ None.
         mariadb_force_upgrade: true
 ```
 
+### Complete Setup with Databases and Users
+
+```yaml
+- hosts: servers
+  roles:
+    - role: mariadb
+      vars:
+        mariadb_major_version: "12"
+        mariadb_databases:
+          - name: myapp_prod
+            encoding: utf8mb4
+            collation: utf8mb4_unicode_ci
+          - name: myapp_test
+            encoding: utf8
+            collation: utf8_general_ci
+        mariadb_users:
+          - name: app_user
+            password: "secure_password"
+            host:
+              - "localhost"
+              - "10.0.1.%"
+            priv:
+              - "myapp_prod.*:ALL"
+              - "myapp_test.*:ALL"
+          - name: backup_user
+            encrypted_password: "*8566479B619631314D83F27113F840A82191AB82"
+            host:
+              - "127.0.0.1"
+            priv:
+              - "*.*:SELECT,LOCK TABLES,SHOW VIEW,EVENT,TRIGGER"
+```
+
 ## Usage Scenarios
 
 ### Fresh Installation
@@ -166,7 +219,8 @@ mariadb/
 ├── tasks/
 │   ├── main.yml          # Main task inclusion
 │   ├── install.yml       # Installation tasks
-│   └── upgrade.yml       # Upgrade-specific tasks
+│   ├── upgrade.yml       # Upgrade-specific tasks
+│   └── database.yml      # Database and user management
 └── handlers/
     └── main.yml          # Service handlers
 ```

defaults/main.yml

@@ -10,4 +10,7 @@ mariadb_major_version: "12"
 
 # Force repository update (useful when upgrading major versions)
 # Set to true to force recreation of repository configuration
-mariadb_force_upgrade: false
+mariadb_force_upgrade: false
+
+mariadb_databases: []
+mariadb_users: []

tasks/database.yml

@@ -0,0 +1,47 @@
+---
+- name: mariadb | create databases
+  mysql_db:
+    name: "{{ item.name }}"
+    encoding: "{{ item.encoding | default('utf8mb4') }}"
+    collation: "{{ item.collation | default('utf8mb4_unicode_ci') }}"
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  loop: "{{ mariadb_databases }}"
+  when: mariadb_databases is defined and mariadb_databases | length > 0
+
+- name: mariadb | create users with password
+  mysql_user:
+    name: "{{ item.0.name }}"
+    password: "{{ item.0.password }}"
+    host: "{{ item.1 }}"
+    priv: "{{ (item.0.priv | join('/')) if (item.0.priv is defined and (item.0.priv is sequence) and (item.0.priv is not string)) else (item.0.priv if item.0.priv is defined else omit) }}"
+    append_privs: "{{ item.0.append_privs | default(true) }}"
+    state: '{{ item.0.state|default("present") }}'
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  with_subelements :
+    - "{{ mariadb_users | default([]) }}"
+    - host
+  when: 
+    - mariadb_users is defined and mariadb_users | length > 0
+    - item.0.password is defined
+    - item.0.encrypted_password is not defined
+  no_log: true
+
+- name: mariadb | create users with encrypted password
+  mysql_user:
+    name: '{{ item.0.name }}'
+    encrypted: true
+    password: '{{ item.0.encrypted_password }}'
+    host: '{{ item.1 }}'
+    priv: "{{ (item.0.priv | join('/')) if (item.0.priv is defined and (item.0.priv is sequence) and (item.0.priv is not string)) else (item.0.priv if item.0.priv is defined else omit) }}"
+    append_privs: "{{ item.0.append_privs | default(true) }}"
+    state: '{{ item.0.state|default("present") }}'
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  with_subelements :
+    - "{{ mariadb_users | default([]) }}"
+    - host
+  when: 
+    - mariadb_users is defined and mariadb_users | length > 0
+    - item.0.encrypted_password is defined
+    - item.0.password is not defined
+  no_log: true

tasks/main.yml

@@ -8,4 +8,10 @@
 
 - name: mariadb | installation
   include_tasks: install.yml
-  when: not mariadb_force_upgrade | bool
+  when: not mariadb_force_upgrade | bool
+
+- name: mariadb | database and user management
+  include_tasks: database.yml
+  when: 
+    - mariadb_databases is defined and mariadb_databases | length > 0
+    - mariadb_users is defined and mariadb_users | length > 0

tasks/requirements.yml

@@ -13,3 +13,7 @@
       - curl
     state: present
 
+- name: mariadb | install python3-pymysql for database management
+  ansible.builtin.apt:
+    name: python3-pymysql
+    state: present