Added the SSO bug fixing part for maria_db with different checks and error...

Added the SSO bug fixing part for maria_db with different checks and error handling in ansible. With that, the mariadb side of things should be ready for matomo migration and SSO integration.

defaults/main.yml

@@ -3,3 +3,4 @@
 fqdn: "{{inventory_hostname}}"
 domain_name: "{{fqdn|replace((ansible_hostname + '.'),'')}}"
 matomo_urls: [ "stats.{{domain_name}}" ]
+mariadb_name: matomo
\ No newline at end of file

tasks/db.yml

 ---
 
-- name: database block
+########## MATOMO BEGINNING ############
+### Matomo database creation
+- name: Matomo database creation block
   block:
     - name: mysql database
       mysql_db:
@@ -14,38 +16,61 @@
         login_unix_socket: /run/mysqld/mysqld.sock
         priv:
           'matomo.*': 'ALL,GRANT'
+  when: mariadb_matomo
   tags: db_conf
+###
 
-# ### CREATE AN ADMIN USER FROM REMOTE USE
-# - name: Template the SQL script for creating admin user
-#   template:
-#     src: create_admin_user.sql.j2
-#     dest: /tmp/create_admin_user.sql
-#   tags: db_conf
-# - name: Execute the SQL script to create admin user
-#   shell: mysql -u root < /tmp/create_admin_user.sql
-#   args:
-#     executable: /bin/bash
-#   ignore_errors: yes
-#   tags: db_conf
-# ###
+### Solving SSO plugin issue with the database
+- name: Check for the presence of any table at all in 'matomo' database
+  mysql_query:
+    login_unix_socket: /run/mysqld/mysqld.sock
+    login_user: matomo
+    login_password: "{{ matomo_passwd }}"
+    query: SHOW TABLES IN matomo;
+  register: matomo_tables
 
-# - name: Create matomo database
-#   mysql_db:
-#     name: matomo
-#     state: present
-#     login_user: 'admin'
-#     login_password: "{{ mariadb_admin_password }}"
-#   tags: db_conf
+- name: Debug matomo tables
+  debug:
+    var: matomo_tables.query_result
 
-# - name: Create matomo user with privileges
-#   mysql_user:
-#     name: matomo
-#     host: '%'
-#     password: "{{ matomo_passwd }}"
-#     priv: 'matomo.*:ALL,GRANT'
-#     state: present
-#     login_user: 'admin'
-#     login_password: "{{ mariadb_admin_password }}"
-#   tags: db_conf
+- name: Fail if no tables are present in 'matomo'
+  fail:
+    msg: "Please import the *.sql backup from the previous matomo server before going further."
+  when: matomo_tables.query_result[0] | length == 0
+### If there is no table at all, ask to import the backup into the DB and stop there
 
+### Now check if there is the problematic table at all
+- name: Check for 'piwik_loginoidc_provider' table if SSO is enabled
+  mysql_query:
+    login_unix_socket: /run/mysqld/mysqld.sock
+    login_user: matomo
+    login_password: "{{ matomo_passwd }}"
+    query: SHOW TABLES IN matomo LIKE 'piwik_loginoidc_provider';
+  register: piwik_oidc_table
+  when: matomo_sso and mariadb_matomo
+###
+
+- name: Debug piwik_oidc_table tables
+  debug:
+    var: piwik_oidc_table.query_result
+
+### If it's not there, create it
+- name: Create 'piwik_loginoidc_provider' table if not exists
+  mysql_query:
+    login_unix_socket: /run/mysqld/mysqld.sock
+    login_user: matomo
+    login_password: "{{ matomo_passwd }}"
+    login_db: matomo
+    query: >
+      CREATE TABLE piwik_loginoidc_provider (
+        user VARCHAR(100) NOT NULL,
+        provider_user VARCHAR(255) NOT NULL,
+        provider VARCHAR(255) NOT NULL,
+        date_connected TIMESTAMP NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+        PRIMARY KEY (provider_user, provider),
+        UNIQUE KEY user_provider (user, provider),
+        FOREIGN KEY (user) REFERENCES piwik_user (login) ON DELETE CASCADE
+      ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
+  when: (piwik_oidc_table.query_result[0] | length == 0) and matomo_sso and mariadb_matomo
+### SSO should be able to work with that trick
+########## MATOMO END############
\ No newline at end of file

templates/create_admin_user.sql.j2

-CREATE USER 'admin'@'%' IDENTIFIED BY '{{ mariadb_admin_password }}';
-GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' WITH GRANT OPTION;
-FLUSH PRIVILEGES;
\ No newline at end of file