From 550685075d14f9ece9760cc4a1ef15b6c26d1007 Mon Sep 17 00:00:00 2001
From: Webster Mudge <wmudge@cloudera.com>
Date: Mon, 9 Sep 2024 17:03:26 -0400
Subject: [PATCH] Copy cloudera.exe.rdbms.server to cloudera.exe.rdbms_server

Signed-off-by: Webster Mudge <wmudge@cloudera.com>
---
 roles/rdbms_server/README.md                  | 17 +++++
 roles/rdbms_server/defaults/main.yml          | 29 +++++++
 roles/rdbms_server/handlers/main.yml          | 18 +++++
 roles/rdbms_server/meta/argument_specs.yml    | 75 +++++++++++++++++++
 roles/rdbms_server/meta/main.yml              | 22 ++++++
 roles/rdbms_server/tasks/main.yml             | 33 ++++++++
 roles/rdbms_server/tasks/mariadb/Debian.yml   | 29 +++++++
 roles/rdbms_server/tasks/mariadb/RedHat.yml   | 31 ++++++++
 roles/rdbms_server/tasks/mysql/RedHat.yml     | 37 +++++++++
 .../rdbms_server/tasks/postgresql/Debian.yml  | 43 +++++++++++
 .../rdbms_server/tasks/postgresql/RedHat.yml  | 58 ++++++++++++++
 .../tasks/postgresql/template_fix.yml         | 44 +++++++++++
 roles/rdbms_server/templates/cloudera.cnf     | 26 +++++++
 roles/rdbms_server/vars/mariadb/Debian.yml    | 20 +++++
 roles/rdbms_server/vars/mariadb/RedHat-7.yml  | 22 ++++++
 roles/rdbms_server/vars/mariadb/RedHat-8.yml  | 22 ++++++
 roles/rdbms_server/vars/mariadb/RedHat-9.yml  | 22 ++++++
 roles/rdbms_server/vars/mariadb/common.yml    | 27 +++++++
 roles/rdbms_server/vars/mysql/Debian.yml      | 21 ++++++
 roles/rdbms_server/vars/mysql/RedHat-7.yml    | 21 ++++++
 roles/rdbms_server/vars/mysql/RedHat-8.yml    | 22 ++++++
 roles/rdbms_server/vars/mysql/RedHat-9.yml    | 22 ++++++
 roles/rdbms_server/vars/mysql/common.yml      | 28 +++++++
 roles/rdbms_server/vars/postgresql/Debian.yml | 24 ++++++
 roles/rdbms_server/vars/postgresql/RedHat.yml | 28 +++++++
 roles/rdbms_server/vars/postgresql/common.yml | 38 ++++++++++
 26 files changed, 779 insertions(+)
 create mode 100644 roles/rdbms_server/README.md
 create mode 100644 roles/rdbms_server/defaults/main.yml
 create mode 100644 roles/rdbms_server/handlers/main.yml
 create mode 100644 roles/rdbms_server/meta/argument_specs.yml
 create mode 100644 roles/rdbms_server/meta/main.yml
 create mode 100644 roles/rdbms_server/tasks/main.yml
 create mode 100644 roles/rdbms_server/tasks/mariadb/Debian.yml
 create mode 100644 roles/rdbms_server/tasks/mariadb/RedHat.yml
 create mode 100644 roles/rdbms_server/tasks/mysql/RedHat.yml
 create mode 100644 roles/rdbms_server/tasks/postgresql/Debian.yml
 create mode 100644 roles/rdbms_server/tasks/postgresql/RedHat.yml
 create mode 100644 roles/rdbms_server/tasks/postgresql/template_fix.yml
 create mode 100644 roles/rdbms_server/templates/cloudera.cnf
 create mode 100644 roles/rdbms_server/vars/mariadb/Debian.yml
 create mode 100644 roles/rdbms_server/vars/mariadb/RedHat-7.yml
 create mode 100644 roles/rdbms_server/vars/mariadb/RedHat-8.yml
 create mode 100644 roles/rdbms_server/vars/mariadb/RedHat-9.yml
 create mode 100644 roles/rdbms_server/vars/mariadb/common.yml
 create mode 100644 roles/rdbms_server/vars/mysql/Debian.yml
 create mode 100644 roles/rdbms_server/vars/mysql/RedHat-7.yml
 create mode 100644 roles/rdbms_server/vars/mysql/RedHat-8.yml
 create mode 100644 roles/rdbms_server/vars/mysql/RedHat-9.yml
 create mode 100644 roles/rdbms_server/vars/mysql/common.yml
 create mode 100644 roles/rdbms_server/vars/postgresql/Debian.yml
 create mode 100644 roles/rdbms_server/vars/postgresql/RedHat.yml
 create mode 100644 roles/rdbms_server/vars/postgresql/common.yml

diff --git a/roles/rdbms_server/README.md b/roles/rdbms_server/README.md
new file mode 100644
index 00000000..8aa8bdf4
--- /dev/null
+++ b/roles/rdbms_server/README.md
@@ -0,0 +1,17 @@
+<!--
+ Copyright 2024 Cloudera, Inc.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+# rdbms server
diff --git a/roles/rdbms_server/defaults/main.yml b/roles/rdbms_server/defaults/main.yml
new file mode 100644
index 00000000..2fc38626
--- /dev/null
+++ b/roles/rdbms_server/defaults/main.yml
@@ -0,0 +1,29 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+database_tls: false
+database_type: postgresql
+database_version: 14
+
+skip_rdbms_repo_setup: false
+
+# MYSQL
+mysql_require_secure_transport: "OFF"  # If TLS-enabled, honor or not
+
+base_dir_security_pki: "/opt/cloudera/security/pki"
+tls_chain_path: "{{ base_dir_security_pki }}/chain.pem"
+tls_cert_path_generic: "{{ base_dir_security_pki }}/host.pem"
+tls_key_path_plaintext_generic: "{{ base_dir_security_pki }}/host.key.unenc"
diff --git a/roles/rdbms_server/handlers/main.yml b/roles/rdbms_server/handlers/main.yml
new file mode 100644
index 00000000..034c8b04
--- /dev/null
+++ b/roles/rdbms_server/handlers/main.yml
@@ -0,0 +1,18 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+- name: yum clean metadata
+  ansible.builtin.command: yum clean metadata
diff --git a/roles/rdbms_server/meta/argument_specs.yml b/roles/rdbms_server/meta/argument_specs.yml
new file mode 100644
index 00000000..48ded70c
--- /dev/null
+++ b/roles/rdbms_server/meta/argument_specs.yml
@@ -0,0 +1,75 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+argument_specs:
+  main:
+    short_description: Install standalone RDBMS instance
+    description:
+      - Install and configure a standalone RDBMS instance for use with Cloudera Manager.
+      - Database options include PostgreSQL, MySQL, and MariaDB.
+      - Supports TLS connections.
+    options:
+      database_tls:
+        description: Flag to enable TLS configuration.
+        type: bool
+        default: false
+      database_type:
+        description: Database product to install.
+        type: str
+        required: false
+        default: postgresql
+        choices:
+          - postgresql
+          - mysql
+          - mariadb
+      database_version:
+        description: Database product version to install.
+        type: str
+        required: false
+        default: 14
+      skip_rdbms_repo_setup:
+        description: Flag to enable RDBMS repository set up on target host.
+        type: bool
+        required: false
+        default: false
+      mysql_require_secure_transport:
+        description: Value for the C(require_secure_transport) parameter in the C([mysqld]) configuration. (MySQL only)
+        type: str
+        required: false
+        default: "OFF"
+      base_dir_security_pki:
+        description:
+          - Directory on target host housing typical PKI files.
+          - Used to establish a base directory for the other TLS options.
+        type: path
+        required: false
+        default: "/opt/cloudera/security/pki"
+      tls_chain_path:
+        description: File on the target host consisting of an ordered list of certificates, including TLS certificates and Certificate Authority (CA) certificates.
+        type: path
+        required: false
+        default: "C(base_dir_security_pki)/chain.pem"
+      tls_cert_path_generic:
+        description: File on the target host consisting of the TLS certificate for the server.
+        type: path
+        required: false
+        default: "C(base_dir_security_pki)/host.pem"
+      tls_key_path_plaintext_generic:
+        description: File on the target host consisting of the unencrypted TLS private key for the server.
+        type: path
+        required: false
+        default: "C(base_dir_security_pki)/host.key.unenc"
+    
\ No newline at end of file
diff --git a/roles/rdbms_server/meta/main.yml b/roles/rdbms_server/meta/main.yml
new file mode 100644
index 00000000..5dabd83b
--- /dev/null
+++ b/roles/rdbms_server/meta/main.yml
@@ -0,0 +1,22 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+galaxy_info:
+  description: >
+    Set up single database to support Cloudera Data Platform (CDP) Private Cloud
+    deployments.
+  company: Cloudera
+  license: Apache-2.0
diff --git a/roles/rdbms_server/tasks/main.yml b/roles/rdbms_server/tasks/main.yml
new file mode 100644
index 00000000..77fdce52
--- /dev/null
+++ b/roles/rdbms_server/tasks/main.yml
@@ -0,0 +1,33 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+- name: Include database type variables
+  ansible.builtin.include_vars:
+    file: "{{ database_type }}/common.yml"
+
+- name: Include database type and OS specific variables
+  ansible.builtin.include_vars:
+    file: "{{ item }}"
+  with_first_found:
+      - "{{ database_type }}/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+      - "{{ database_type }}/{{ ansible_os_family }}.yml"
+
+- name: Install database
+  ansible.builtin.include_tasks:
+    file: "{{ item }}"
+  with_first_found:
+    - "{{ database_type }}/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ database_type }}/{{ ansible_os_family }}.yml"
diff --git a/roles/rdbms_server/tasks/mariadb/Debian.yml b/roles/rdbms_server/tasks/mariadb/Debian.yml
new file mode 100644
index 00000000..f14ad6a3
--- /dev/null
+++ b/roles/rdbms_server/tasks/mariadb/Debian.yml
@@ -0,0 +1,29 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install MariaDB apt key
+  ansible.builtin.apt_key:
+    url: https://mariadb.org/mariadb_release_signing_key.asc
+    state: present
+  when: not skip_rdbms_repo_setup
+
+- name: Install MariaDB apt repository
+  ansible.builtin.apt_repository:
+    repo: deb [arch=amd64,arm64,ppc64el] https://downloads.mariadb.com/MariaDB/mariadb-{{ database_version }}/repo/ubuntu/ bionic main
+    state: present
+  when: not skip_rdbms_repo_setup
+
+- name: Install MariaDB
+  ansible.builtin.include_role:
+    name: ansible-role-mysql
diff --git a/roles/rdbms_server/tasks/mariadb/RedHat.yml b/roles/rdbms_server/tasks/mariadb/RedHat.yml
new file mode 100644
index 00000000..07a8f8bc
--- /dev/null
+++ b/roles/rdbms_server/tasks/mariadb/RedHat.yml
@@ -0,0 +1,31 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install MariaDB repository
+  ansible.builtin.yum_repository:
+    name: MariaDB
+    description: MariaDB {{ database_version }} repository for RHEL
+    baseurl: https://yum.mariadb.org/{{ database_version }}/rhel{{ ansible_distribution_major_version }}-amd64
+    gpgkey: https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
+  when: not skip_rdbms_repo_setup
+
+- name: Disable modularity appstream, when RHEL 8
+  ansible.builtin.command: yum -y module disable mysql mariadb
+  when:
+    - not skip_rdbms_repo_setup
+    - ansible_distribution_major_version == "8"
+
+- name: Install Mariadb
+  ansible.builtin.include_role:
+    name: ansible-role-mysql
diff --git a/roles/rdbms_server/tasks/mysql/RedHat.yml b/roles/rdbms_server/tasks/mysql/RedHat.yml
new file mode 100644
index 00000000..5bcfb60c
--- /dev/null
+++ b/roles/rdbms_server/tasks/mysql/RedHat.yml
@@ -0,0 +1,37 @@
+# Copyright 2024 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Import MySQL repository GPG Key
+  ansible.builtin.rpm_key:
+    key: "{{ mysql_repo_key }}"
+    state: present
+  when: not skip_rdbms_repo_setup
+
+- name: Install MySQL repository
+  ansible.builtin.yum:
+    name: "{{ mysql_repo }}"
+    update_cache: true
+    lock_timeout: 180
+    state: present
+  when: not skip_rdbms_repo_setup
+
+- name: Disable modularity appstream, when RHEL 8
+  ansible.builtin.command: yum -y module disable mysql mariadb
+  when:
+    - not skip_rdbms_repo_setup
+    - ansible_distribution_major_version == "8"
+
+- name: Install MySQL
+  ansible.builtin.include_role:
+    name: ansible-role-mysql
diff --git a/roles/rdbms_server/tasks/postgresql/Debian.yml b/roles/rdbms_server/tasks/postgresql/Debian.yml
new file mode 100644
index 00000000..5bdca9d7
--- /dev/null
+++ b/roles/rdbms_server/tasks/postgresql/Debian.yml
@@ -0,0 +1,43 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+
+- name: Install PostgreSQL repository key
+  ansible.builtin.get_url:
+    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
+    dest: /etc/apt/keyrings/postgresql.asc
+  when: not skip_rdbms_repo_setup
+
+- name: Install PostgreSQL repository
+  ansible.builtin.apt_repository:
+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/postgresql.asc] https://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main"
+    state: present
+  when: not skip_rdbms_repo_setup
+
+- name: Install PostgreSQL
+  ansible.builtin.include_role:
+    name: geerlingguy.postgresql
+
+- name: Install python-psycopg2
+  ansible.builtin.pip:
+    name: psycopg2-binary
+    state: latest
+
+- name: Fix UTF-8 template
+  ansible.builtin.include_tasks:
+    file: template_fix.yml
diff --git a/roles/rdbms_server/tasks/postgresql/RedHat.yml b/roles/rdbms_server/tasks/postgresql/RedHat.yml
new file mode 100644
index 00000000..404d96a6
--- /dev/null
+++ b/roles/rdbms_server/tasks/postgresql/RedHat.yml
@@ -0,0 +1,58 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install PostgreSQL common repository
+  ansible.builtin.yum_repository:
+    name: pgdg-common
+    description: PostgreSQL common for RHEL/CentOS
+    baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch
+    gpgkey: https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL
+  when: not skip_rdbms_repo_setup
+
+- name: Install PostgreSQL version repository
+  ansible.builtin.yum_repository:
+    name: pgdg
+    description: PostgreSQL {{ postgresql_version }} for RHEL/CentOS
+    baseurl: https://download.postgresql.org/pub/repos/yum/{{ postgresql_version }}/redhat/rhel-$releasever-$basearch
+    gpgkey: https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL
+  when: not skip_rdbms_repo_setup
+
+- name: Disable default Postgres module in RHEL 8 or greater
+  ansible.builtin.command: dnf module disable -y postgresql
+  register: __postgres_module_result
+  changed_when:
+    - '"Disabling modules" in __postgres_module_result.stdout'
+  failed_when:
+    - __postgres_module_result.rc != 0 and __postgres_module_result.rc != 1
+  when:
+    - ansible_os_family == 'RedHat'
+    - ansible_distribution_major_version | int >= 8
+
+- name: Install PostgreSQL
+  ansible.builtin.include_role:
+    name: geerlingguy.postgresql
+
+- name: Fix UTF-8 template
+  ansible.builtin.include_tasks:
+    file: postgresql/template_fix.yml
+
+- name: Remove repositories and clean metadata
+  ansible.builtin.yum_repository:
+    name: "{{ item }}"
+    state: absent
+  with_items:
+    - pgdg-common
+    - pgdg
+  when: not skip_rdbms_repo_setup
+  notify: yum clean metadata
diff --git a/roles/rdbms_server/tasks/postgresql/template_fix.yml b/roles/rdbms_server/tasks/postgresql/template_fix.yml
new file mode 100644
index 00000000..6be8d86c
--- /dev/null
+++ b/roles/rdbms_server/tasks/postgresql/template_fix.yml
@@ -0,0 +1,44 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create a temporary SQL directory
+  ansible.builtin.tempfile:
+    state: directory
+    suffix: "-sql"
+  register: __sql
+
+- name: Enable access for the postgres user
+  ansible.builtin.file:
+    path: "{{ __sql.path }}"
+    owner: postgres
+    group: postgres
+
+- name: Copy SQL to change template to UTF-8
+  ansible.builtin.copy:
+    src: files/utf8-template.sql
+    dest: "{{ __sql.path }}/utf8-template.sql"
+    owner: postgres
+    group: postgres
+    mode: 0660
+
+- name: Run SQL to change template to UTF-8
+  ansible.builtin.command: "psql -f {{ __sql.path }}/utf8-template.sql"
+  become: yes
+  become_user: postgres
+
+- name: Remove temporary SQL directory
+  ansible.builtin.file:
+    path: "{{ __sql.path }}"
+    state: absent
+  become: yes
diff --git a/roles/rdbms_server/templates/cloudera.cnf b/roles/rdbms_server/templates/cloudera.cnf
new file mode 100644
index 00000000..19ae1a11
--- /dev/null
+++ b/roles/rdbms_server/templates/cloudera.cnf
@@ -0,0 +1,26 @@
+[mysqld]
+log_bin_trust_function_creators = 1
+{% if database_tls %}
+# SSL configuration
+ssl_ca = {{ tls_chain_path }}
+ssl_cert = {{ tls_cert_path_generic }}
+ssl_key = {{ tls_key_path_plaintext_generic }}
+  {% if database_version is version('8.0','>=') %} {# This doesn't make any sense with the check below... is this for MariaDB vs MySQL? #}
+require_secure_transport = {{ mysql_require_secure_transport }}
+  {% endif %}
+  {% if database_version is version('10.5.2','>=') %}
+require_secure_transport = {{ mysql_require_secure_transport }}
+  {% endif %}
+  {% if mysql_ssl_cipher is defined  %}
+ssl_cipher = {{ mysql_ssl_cipher }}
+  {% endif %}
+  {% if mysql_ssl_crl is defined %}
+ssl_crl = {{ mysql_ssl_crl }}
+  {% endif %}
+  {% if mysql_ssl_crlpath is defined  %}
+ssl_crlpath = {{ mysql_ssl_crlpath  }}
+  {% endif %}
+  {% if mysql_tls_version is defined %}
+tls_version = {{ mysql_tls_version }}
+  {% endif %}
+{% endif %}
diff --git a/roles/rdbms_server/vars/mariadb/Debian.yml b/roles/rdbms_server/vars/mariadb/Debian.yml
new file mode 100644
index 00000000..8cdde6fb
--- /dev/null
+++ b/roles/rdbms_server/vars/mariadb/Debian.yml
@@ -0,0 +1,20 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+mysql_packages:
+  - mariadb-client
+  - mariadb-server
+  - python-mysqldb
diff --git a/roles/rdbms_server/vars/mariadb/RedHat-7.yml b/roles/rdbms_server/vars/mariadb/RedHat-7.yml
new file mode 100644
index 00000000..49b945bc
--- /dev/null
+++ b/roles/rdbms_server/vars/mariadb/RedHat-7.yml
@@ -0,0 +1,22 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+mysql_packages:
+  - mariadb
+  - mariadb-server
+  - mariadb-libs
+  - MySQL-python
+  - perl-DBD-MySQL
diff --git a/roles/rdbms_server/vars/mariadb/RedHat-8.yml b/roles/rdbms_server/vars/mariadb/RedHat-8.yml
new file mode 100644
index 00000000..ff292dcf
--- /dev/null
+++ b/roles/rdbms_server/vars/mariadb/RedHat-8.yml
@@ -0,0 +1,22 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+mysql_packages:
+  - mariadb
+  - mariadb-server
+  - mariadb-connector-c
+  - python3-PyMySQL
+  - perl-DBD-MySQL
diff --git a/roles/rdbms_server/vars/mariadb/RedHat-9.yml b/roles/rdbms_server/vars/mariadb/RedHat-9.yml
new file mode 100644
index 00000000..ff292dcf
--- /dev/null
+++ b/roles/rdbms_server/vars/mariadb/RedHat-9.yml
@@ -0,0 +1,22 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+mysql_packages:
+  - mariadb
+  - mariadb-server
+  - mariadb-connector-c
+  - python3-PyMySQL
+  - perl-DBD-MySQL
diff --git a/roles/rdbms_server/vars/mariadb/common.yml b/roles/rdbms_server/vars/mariadb/common.yml
new file mode 100644
index 00000000..c877c9cb
--- /dev/null
+++ b/roles/rdbms_server/vars/mariadb/common.yml
@@ -0,0 +1,27 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+mysql_daemon: mariadb
+mysql_slow_query_log_file: /var/log/mysql-slow.log
+mysql_log_error: /var/log/mariadb/mariadb.log
+mysql_syslog_tag: mariadb
+mysql_pid_file: /var/run/mariadb/mariadb.pid
+mysql_config_file: /etc/my.cnf
+mysql_config_include_dir: /etc/my.cnf.d
+mysql_socket: /var/lib/mysql/mysql.sock
+mysql_config_include_files:
+  - src: "cloudera.cnf"
+    force: true
diff --git a/roles/rdbms_server/vars/mysql/Debian.yml b/roles/rdbms_server/vars/mysql/Debian.yml
new file mode 100644
index 00000000..7f40a4b5
--- /dev/null
+++ b/roles/rdbms_server/vars/mysql/Debian.yml
@@ -0,0 +1,21 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+mysql_repo: https://repo.mysql.com/mysql-apt-config_0.8.29-1_all.deb
+mysql_packages:
+  - mariadb-client
+  - mariadb-server
+  - python-mysqldb
diff --git a/roles/rdbms_server/vars/mysql/RedHat-7.yml b/roles/rdbms_server/vars/mysql/RedHat-7.yml
new file mode 100644
index 00000000..a6922c2a
--- /dev/null
+++ b/roles/rdbms_server/vars/mysql/RedHat-7.yml
@@ -0,0 +1,21 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+mysql_repo: https://repo.mysql.com/mysql80-community-release-el7.rpm
+
+mysql_packages:
+  - mysql
+  - mysql-server
+  - MySQL-python
+  - perl-DBD-MySQL
diff --git a/roles/rdbms_server/vars/mysql/RedHat-8.yml b/roles/rdbms_server/vars/mysql/RedHat-8.yml
new file mode 100644
index 00000000..593a61e6
--- /dev/null
+++ b/roles/rdbms_server/vars/mysql/RedHat-8.yml
@@ -0,0 +1,22 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+mysql_repo: https://repo.mysql.com/mysql80-community-release-el8.rpm
+
+mysql_packages:
+  - mysql
+  - mysql-server
+  - mysql-connector-c++
+  - python3-PyMySQL
+  - perl-DBD-MySQL
diff --git a/roles/rdbms_server/vars/mysql/RedHat-9.yml b/roles/rdbms_server/vars/mysql/RedHat-9.yml
new file mode 100644
index 00000000..c2c1d673
--- /dev/null
+++ b/roles/rdbms_server/vars/mysql/RedHat-9.yml
@@ -0,0 +1,22 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+mysql_repo: https://repo.mysql.com/mysql80-community-release-el9.rpm
+
+mysql_packages:
+  - mysql
+  - mysql-server
+  - mysql-connector-c++
+  - python3-PyMySQL
+  - perl-DBD-MySQL
diff --git a/roles/rdbms_server/vars/mysql/common.yml b/roles/rdbms_server/vars/mysql/common.yml
new file mode 100644
index 00000000..44a3faba
--- /dev/null
+++ b/roles/rdbms_server/vars/mysql/common.yml
@@ -0,0 +1,28 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+mysql_repo_key: https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
+
+mysql_root_password: 'Super$ecret1'
+mysql_user_password: 'Super$ecret1'
+mysql_daemon: mysqld
+mysql_log_error: /var/log/mysqld.log
+mysql_syslog_tag: mysqld
+mysql_pid_file: /var/run/mysqld/mysqld.pid
+mysql_socket: /var/lib/mysql/mysql.sock
+mysql_config_include_files:
+  - src: "cloudera.cnf"
+    force: true
diff --git a/roles/rdbms_server/vars/postgresql/Debian.yml b/roles/rdbms_server/vars/postgresql/Debian.yml
new file mode 100644
index 00000000..2034df95
--- /dev/null
+++ b/roles/rdbms_server/vars/postgresql/Debian.yml
@@ -0,0 +1,24 @@
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+postgresql_version: "{{ database_version }}"
+postgresql_data_dir: "/var/lib/postgresql/{{ postgresql_version }}/main"
+postgresql_bin_path: "/usr/lib/postgresql/{{ postgresql_version }}/bin"
+postgresql_config_path: "/etc/postgresql/{{ postgresql_version }}/main"
+postgresql_packages:
+  - "postgresql-{{ postgresql_version }}"
+  - "postgresql-contrib-{{ postgresql_version }}"
+  - "postgresql-server-dev-{{ postgresql_version }}"
diff --git a/roles/rdbms_server/vars/postgresql/RedHat.yml b/roles/rdbms_server/vars/postgresql/RedHat.yml
new file mode 100644
index 00000000..68da0859
--- /dev/null
+++ b/roles/rdbms_server/vars/postgresql/RedHat.yml
@@ -0,0 +1,28 @@
+# Copyright 2024 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+postgresql_version: "{{ database_version }}"
+postgresql_data_dir: /var/lib/pgsql/{{ postgresql_version }}/data
+postgresql_bin_path: /usr/pgsql-{{ postgresql_version }}/bin
+postgresql_config_path: /var/lib/pgsql/{{ postgresql_version }}/data
+postgresql_daemon: postgresql-{{ postgresql_version }}.service
+# Removed devel package as avoids dependency on perl-IPC-run in pg 12+
+postgresql_packages:
+  - postgresql{{ postgresql_version | regex_replace('\.','') }}
+  - postgresql{{ postgresql_version | regex_replace('\.','') }}-server
+  - postgresql{{ postgresql_version | regex_replace('\.','') }}-libs
+  - postgresql{{ postgresql_version | regex_replace('\.','') }}-contrib
+#  - postgresql{{ postgresql_version | regex_replace('\.','') }}-devel
+postgresql_python_library: python-psycopg2
diff --git a/roles/rdbms_server/vars/postgresql/common.yml b/roles/rdbms_server/vars/postgresql/common.yml
new file mode 100644
index 00000000..ca130954
--- /dev/null
+++ b/roles/rdbms_server/vars/postgresql/common.yml
@@ -0,0 +1,38 @@
+# Copyright 2024 Cloudera, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+postgresql_global_config_options:
+  - option: log_directory
+    value: 'log'
+  - option: listen_addresses
+    value: '*'
+  - option: max_connections
+    value: 300
+  - option: ssl
+    value: "{{ database_tls | bool | ternary('on', 'off') }}"
+  - option: ssl_cert_file
+    value: "{{ database_tls | bool | ternary(tls_cert_path_generic, None) }}"
+  - option: ssl_key_file
+    value: "{{ database_tls | bool | ternary(tls_key_path_plaintext_generic, None) }}"
+  - option: ssl_ca_file
+    value: "{{ database_tls | bool | ternary(tls_chain_path, None) }}"
+
+postgresql_hba_entries:
+  - {type: local, database: all, user: postgres, auth_method: peer}
+  - {type: local, database: all, user: all, auth_method: peer}
+  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
+  - {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
+  - {type: host, database: all, user: all, address: '0.0.0.0/0', auth_method: md5}