Compare commits
	
		
			1 Commits
		
	
	
		
			0.1.2
			...
			e7af228f06
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| e7af228f06 | 
| @@ -1,13 +1,12 @@ | |||||||
| namespace: finallycoffee | namespace: finallycoffee | ||||||
| name: databases | name: databases | ||||||
| version: 0.1.2 | version: 0.1.1 | ||||||
| readme: README.md | readme: README.md | ||||||
| authors: | authors: | ||||||
| - transcaffeine <transcaffeine@finally.coffee> | - transcaffeine <transcaffeine@finally.coffee> | ||||||
| description: Collection for deploying and configuring databases | description: Collection for deploying and configuring databases | ||||||
| dependencies: | dependencies: | ||||||
|   "community.docker": "^4.0.0" |   "community.docker": "^3.0.0" | ||||||
|   "community.postgresql": "^3.9.0" |  | ||||||
| license_file: LICENSE.md | license_file: LICENSE.md | ||||||
| build_ignore: | build_ignore: | ||||||
| - '*.tar.gz' | - '*.tar.gz' | ||||||
|   | |||||||
| @@ -2,26 +2,3 @@ | |||||||
|  |  | ||||||
| PostgreSQL is the self proclaimed "world's most advanced" open source relational | PostgreSQL is the self proclaimed "world's most advanced" open source relational | ||||||
| database. This ansible role can deploy and configure postgresql. | database. This ansible role can deploy and configure postgresql. | ||||||
|  |  | ||||||
| By default, the role configures the remote's effective ansible user with |  | ||||||
| peer authentication for the (postgresql) role `postgres` on all databases (with all grants). |  | ||||||
|  |  | ||||||
| ## Required configuration |  | ||||||
|  |  | ||||||
| Set `postgresql_superuser_password` to your superusers desired password. |  | ||||||
|  |  | ||||||
| ## Optional configuration |  | ||||||
|  |  | ||||||
| Set `postgresql_major_version` to your desired postgresql major version, |  | ||||||
| for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6). |  | ||||||
|  |  | ||||||
| This role can be executed multiple times with different |  | ||||||
| `postgresql_major_version` values to provide new database versions for up-to- |  | ||||||
| date applications and older versions for software which does not yet support |  | ||||||
| them. Container name and host mounts encode the major version to prevent |  | ||||||
| accidental usage of the 'wrong' `PGDATA` directory. |  | ||||||
|  |  | ||||||
| ## Requirements |  | ||||||
|  |  | ||||||
| - `psycopg2` (pip) package |  | ||||||
| - `docker` (pip) package |  | ||||||
|   | |||||||
| @@ -1,17 +0,0 @@ | |||||||
| --- |  | ||||||
| postgresql_config_connect_socket: true |  | ||||||
| postgresql_config_unix_socket_directories: |  | ||||||
|   - "/var/run/postgresql" |  | ||||||
| postgresql_config_listen_addresses: |  | ||||||
|   - '*' |  | ||||||
| postgresql_config_port: 5432 |  | ||||||
|  |  | ||||||
| postgresql_base_config: |  | ||||||
|   listen_addresses: "{{ postgresql_config_listen_addresses }}" |  | ||||||
|   unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}" |  | ||||||
|   port: "{{ postgresql_config_port }}" |  | ||||||
| postgresql_merged_config: >-2 |  | ||||||
|   {{ postgresql_base_config | combine( |  | ||||||
|     postgresql_config | default({}, true), |  | ||||||
|     recursive=True |  | ||||||
|   ) }} |  | ||||||
| @@ -34,40 +34,6 @@ postgresql_container_ports: ~ | |||||||
| postgresql_container_labels: ~ | postgresql_container_labels: ~ | ||||||
| postgresql_container_networks: ~ | postgresql_container_networks: ~ | ||||||
| postgresql_container_recreate: ~ | postgresql_container_recreate: ~ | ||||||
| postgresql_container_etc_hosts: ~ |  | ||||||
| postgresql_container_restart_policy: "on-failure" | postgresql_container_restart_policy: "on-failure" | ||||||
| postgresql_container_state: >-2 | postgresql_container_state: >-2 | ||||||
|   {{ (postgresql_state == 'present') | ternary('started', 'absent') }} |   {{ (postgresql_state == 'present') | ternary('started', 'absent') }} | ||||||
| postgresql_container_volumes: ~ |  | ||||||
| postgresql_container_unix_socket_path: >-2 |  | ||||||
|   {{ postgresql_config_unix_socket_directories | first }} |  | ||||||
| postgresql_container_base_volumes: |  | ||||||
|   - "{{ postgresql_container_passwd_file }}:/etc/passwd:ro" |  | ||||||
|   - "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:Z" |  | ||||||
| postgresql_container_config_volumes: |  | ||||||
|   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro" |  | ||||||
|   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro" |  | ||||||
| postgresql_container_unix_socket_volumes: |  | ||||||
|   - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared" |  | ||||||
| postgresql_container_initdb_volumes: >-2 |  | ||||||
|   {{ postgresql_container_base_volumes |  | ||||||
|     + postgresql_container_unix_socket_volumes |  | ||||||
|     + (postgresql_container_volumes | default([], true)) }} |  | ||||||
| postgresql_container_merged_volumes: >-2 |  | ||||||
|   {{ postgresql_container_base_volumes |  | ||||||
|     + postgresql_container_config_volumes |  | ||||||
|     + (postgresql_container_unix_socket_volumes if postgresql_config_connect_socket else []) |  | ||||||
|     + (postgresql_container_volumes | default([], true)) }} |  | ||||||
| postgresql_systemd_tmpfile_socket_correction_unit_name: >-2 |  | ||||||
|   {{ postgresql_container_unix_socket_path | split('/') | reject('eq', '') | join('-') }} |  | ||||||
|  |  | ||||||
| # (Memory) performance tuning |  | ||||||
| postgresql_container_memory: ~ |  | ||||||
| postgresql_container_memory_reservation: ~ |  | ||||||
| postgresql_container_shm_size: ~ |  | ||||||
| postgresql_container_oom_kill: ~ |  | ||||||
| postgresql_container_oom_score_adj: ~ |  | ||||||
| postgresql_container_ulimits: ~ |  | ||||||
|  |  | ||||||
| postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd" |  | ||||||
| postgresql_container_data_dir: "/var/lib/postgresql/data" |  | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| --- | --- | ||||||
| postgresql_user: postgresql | postgresql_user: postgresql | ||||||
| postgresql_version: >-2 | postgresql_version: >-2 | ||||||
|   {{ postgresql_versions[postgresql_major_version | string] }} |   {{ postgresql_version[postgres_major_version | string] }} | ||||||
| postgresql_major_version: 16 | postgresql_major_version: 16 | ||||||
| postgresql_versions: | postgresql_versions: | ||||||
|   "17": "17.2" |   "17": "17.2" | ||||||
| @@ -13,21 +13,6 @@ postgresql_config_path: >-2 | |||||||
|   /etc/postgresql/{{ postgresql_major_version }} |   /etc/postgresql/{{ postgresql_major_version }} | ||||||
| postgresql_data_path: >-2 | postgresql_data_path: >-2 | ||||||
|   /var/lib/postgresql/{{ postgresql_major_version }} |   /var/lib/postgresql/{{ postgresql_major_version }} | ||||||
| postgresql_pg_ident_conf_file: >-2 |  | ||||||
|   {{ postgresql_config_path }}/pg_ident.conf |  | ||||||
| postgresql_pg_hba_conf_file: >-2 |  | ||||||
|   {{ postgresql_config_path }}/pg_hba.conf |  | ||||||
| postgresql_admin_role: "postgres" |  | ||||||
| postgresql_admin_role_contype: local |  | ||||||
| postgresql_admin_role_method: peer |  | ||||||
| postgresql_admin_local_user: >-2 |  | ||||||
|   {{ ansible_facts['user_id'] }} |  | ||||||
| postgresql_admin_role_mapping_name: >-2 |  | ||||||
|   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }} |  | ||||||
| postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}" |  | ||||||
| postgresql_admin_pg_hba_conf_options: >-2 |  | ||||||
|   map={{ postgresql_admin_role_mapping_name }} |  | ||||||
| postgresql_superuser_password: ~ |  | ||||||
|  |  | ||||||
| postgresql_state: present | postgresql_state: present | ||||||
| postgresql_deployment_method: docker | postgresql_deployment_method: docker | ||||||
|   | |||||||
| @@ -1,12 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Restart postgresql container '{{ postgresql_container_name }}' (docker) |  | ||||||
|   community.docker.docker_container: |  | ||||||
|     name: "{{ postgresql_container_name }}" |  | ||||||
|     state: "{{ postgresql_container_state }}" |  | ||||||
|     restart: true |  | ||||||
|     comparisons: |  | ||||||
|       '*': "ignore" |  | ||||||
|   when: |  | ||||||
|     - postgresql_deployment_method == 'docker' |  | ||||||
|     - postgresql_container_state not in ['absent', 'stopped'] |  | ||||||
|   listen: postgresql_restart |  | ||||||
| @@ -1,60 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Configure postgresql |  | ||||||
|   block: |  | ||||||
|     - name: Ensure postgresql superuser is set |  | ||||||
|       community.postgresql.postgresql_user: |  | ||||||
|         name: "{{ postgresql_admin_role }}" |  | ||||||
|         password: "{{ postgresql_superuser_password }}" |  | ||||||
|         login_host: "{{ postgresql_login_host }}" |  | ||||||
|       register: postgresql_superuser_password_result |  | ||||||
|       until: "postgresql_superuser_password_result is succeeded" |  | ||||||
|       retries: 10 |  | ||||||
|       delay: 2 |  | ||||||
|  |  | ||||||
|     - name: Ensure postgresql configuration is set |  | ||||||
|       community.postgresql.postgresql_set: |  | ||||||
|         name: "{{ option.key }}" |  | ||||||
|         value: "{{ pg_option_value }}" |  | ||||||
|         login_host: "{{ postgresql_login_host }}" |  | ||||||
|         login_port: "{{ postgresql_config_port }}" |  | ||||||
|         login_password: "{{ postgresql_superuser_password }}" |  | ||||||
|       loop: "{{ postgresql_merged_config | dict2items }}" |  | ||||||
|       loop_control: |  | ||||||
|         loop_var: option |  | ||||||
|       vars: |  | ||||||
|         pg_option_value: >-2 |  | ||||||
|           {{ |  | ||||||
|             (option.value | join(' ')) |  | ||||||
|             if (option.value is iterable |  | ||||||
|               and option.value is not string |  | ||||||
|               and option.value is not mapping) |  | ||||||
|             else option.value |  | ||||||
|           }} |  | ||||||
|       register: postgresql_config_results |  | ||||||
|  |  | ||||||
|     - name: Ensure postgresql configuration is reloaded |  | ||||||
|       community.postgresql.postgresql_query: |  | ||||||
|         db: "postgres" |  | ||||||
|         query: "SELECT pg_reload_conf();" |  | ||||||
|         login_host: "{{ postgresql_login_host }}" |  | ||||||
|         login_port: "{{ postgresql_config_port }}" |  | ||||||
|         login_password: "{{ postgresql_superuser_password }}" |  | ||||||
|  |  | ||||||
|     - name: Ensure restart handler is fired if required |  | ||||||
|       debug: |  | ||||||
|         msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}" |  | ||||||
|       when: result.changed |  | ||||||
|       changed_when: "{{ result.restart_required }}" |  | ||||||
|       notify: postgresql_restart |  | ||||||
|       loop: "{{ postgresql_config_results.results }}" |  | ||||||
|       loop_control: |  | ||||||
|         loop_var: result |  | ||||||
|         label: "{{ result.option.key }}" |  | ||||||
|   when: postgresql_state == 'present' |  | ||||||
|   vars: |  | ||||||
|     postgresql_login_host: >-2 |  | ||||||
|       {{ |  | ||||||
|         (postgresql_config_unix_socket_directories | first) |  | ||||||
|         if postgresql_config_connect_socket else  |  | ||||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) |  | ||||||
|       }} |  | ||||||
| @@ -10,69 +10,6 @@ | |||||||
|   retries: 5 |   retries: 5 | ||||||
|   delay: 4 |   delay: 4 | ||||||
|  |  | ||||||
| - name: Ensure /etc/passwd for container is {{ postgresql_state }} |  | ||||||
|   ansible.builtin.template: |  | ||||||
|     src: "postgresql-passwd.j2" |  | ||||||
|     dest: "{{ postgresql_container_passwd_file }}" |  | ||||||
|     owner: "{{ postgresql_user_id }}" |  | ||||||
|     group: "{{ postgresql_user_group_id }}" |  | ||||||
|     mode: "0640" |  | ||||||
|   when: postgresql_state == 'present' |  | ||||||
|  |  | ||||||
| - name: Ensure systemd unit to correct path permissions is {{ postgresql_state }} |  | ||||||
|   ansible.builtin.copy: |  | ||||||
|     dest: "/etc/systemd/system/{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" |  | ||||||
|     content: |+2 |  | ||||||
|       [Unit] |  | ||||||
|       Description="Ensure permissions on {{ postgresql_container_unix_socket_path }}" |  | ||||||
|       After=systemd-tmpfiles-setup.service |  | ||||||
|       Before=docker.service |  | ||||||
|        |  | ||||||
|       [Service] |  | ||||||
|       Type=exec |  | ||||||
|       RemainAfterExit=yes |  | ||||||
|       ExecStart=/bin/bash -c 'mkdir {{ postgresql_container_unix_socket_path }} ||:; chown {{ postgresql_user }}:{{ postgresql_user }} {{ postgresql_container_unix_socket_path }}' |  | ||||||
|        |  | ||||||
|       [Install] |  | ||||||
|       WantedBy=multi-user.target |  | ||||||
|   when: |  | ||||||
|     - ansible_facts['service_mgr'] == 'systemd' |  | ||||||
|     - postgresql_state == 'present' |  | ||||||
|   register: postgresql_systemd_tmpfile_correction_unit_info |  | ||||||
|  |  | ||||||
| - name: Ensure systemd is reloaded |  | ||||||
|   ansible.builtin.systemd: |  | ||||||
|     daemon_reload: true |  | ||||||
|   when: |  | ||||||
|     - postgresql_systemd_tmpfile_correction_unit_info.changed |  | ||||||
|  |  | ||||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} |  | ||||||
|   ansible.builtin.systemd: |  | ||||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" |  | ||||||
|     state: "{{ postgresql_container_state }}" |  | ||||||
|   when: ansible_facts['service_mgr'] == 'systemd' |  | ||||||
|  |  | ||||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} |  | ||||||
|   ansible.builtin.systemd: |  | ||||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" |  | ||||||
|     enabled: "{{ postgresql_state == 'present' }}" |  | ||||||
|   when: ansible_facts['service_mgr'] == 'systemd' |  | ||||||
|  |  | ||||||
| - name: Lookup {{ postgresql_data_path }}/global |  | ||||||
|   ansible.builtin.stat: |  | ||||||
|     path: "{{ postgresql_data_path }}/global" |  | ||||||
|     get_checksum: false |  | ||||||
|   register: postgresql_global_data_info |  | ||||||
|  |  | ||||||
| - name: Initialize database if empty |  | ||||||
|   ansible.builtin.include_tasks: |  | ||||||
|     file: "initialize-docker.yml" |  | ||||||
|   when: |  | ||||||
|     - postgresql_state == 'present' |  | ||||||
|     - not postgresql_global_data_info.stat.exists |  | ||||||
|     - postgresql_global_data_info.stat.isdir is defined |  | ||||||
|     - not postgresql_global_data_info.stat.isdir |  | ||||||
|  |  | ||||||
| - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | ||||||
|   community.docker.docker_container: |   community.docker.docker_container: | ||||||
|     name: "{{ postgresql_container_name }}" |     name: "{{ postgresql_container_name }}" | ||||||
| @@ -81,15 +18,6 @@ | |||||||
|     user: "{{ postgresql_container_user | default(omit, true) }}" |     user: "{{ postgresql_container_user | default(omit, true) }}" | ||||||
|     ports: "{{ postgresql_container_ports | default(omit, true) }}" |     ports: "{{ postgresql_container_ports | default(omit, true) }}" | ||||||
|     labels: "{{ postgresql_container_labels | default(omit, true) }}" |     labels: "{{ postgresql_container_labels | default(omit, true) }}" | ||||||
|     volumes: "{{ postgresql_container_merged_volumes }}" |  | ||||||
|     recreate: "{{ postgresql_container_recreate | default(omit, true) }}" |  | ||||||
|     networks: "{{ postgresql_container_networks | default(omit, true) }}" |     networks: "{{ postgresql_container_networks | default(omit, true) }}" | ||||||
|     etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}" |  | ||||||
|     memory: "{{ postgresql_container_memory | default(omit, true) }}" |  | ||||||
|     memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}" |  | ||||||
|     oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}" |  | ||||||
|     oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}" |  | ||||||
|     shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}" |  | ||||||
|     ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}" |  | ||||||
|     restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}" |     restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}" | ||||||
|     state: "{{ postgresql_container_state }}" |     state: "{{ postgresql_container_state }}" | ||||||
|   | |||||||
| @@ -1,47 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Ensure container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} to initialise the database |  | ||||||
|   community.docker.docker_container: |  | ||||||
|     name: "{{ postgresql_container_name }}" |  | ||||||
|     image: "{{ postgresql_container_image }}" |  | ||||||
|     env: >-2 |  | ||||||
|       {{ postgresql_container_env | default({}, true) |  | ||||||
|          | combine({'POSTGRES_PASSWORD': postgresql_superuser_password}) }} |  | ||||||
|     user: "{{ postgresql_container_user | default(omit, true) }}" |  | ||||||
|     ports: "{{ postgresql_container_ports | default(omit, true) }}" |  | ||||||
|     labels: "{{ postgresql_container_labels | default(omit, true) }}" |  | ||||||
|     volumes: "{{ postgresql_container_initdb_volumes }}" |  | ||||||
|     recreate: "{{ postgresql_container_recreate | default(omit, true) }}" |  | ||||||
|     networks: "{{ postgresql_container_networks | default(omit, true) }}" |  | ||||||
|     etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}" |  | ||||||
|     memory: "{{ postgresql_container_memory | default(omit, true) }}" |  | ||||||
|     memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}" |  | ||||||
|     oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}" |  | ||||||
|     oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}" |  | ||||||
|     shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}" |  | ||||||
|     ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}" |  | ||||||
|     restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}" |  | ||||||
|     state: "{{ postgresql_container_state }}" |  | ||||||
|   register: postgresql_container_info |  | ||||||
|  |  | ||||||
| - name: Wait for container startup |  | ||||||
|   block: |  | ||||||
|     - name: Wait for container startup (socket) |  | ||||||
|       ansible.builtin.wait_for: |  | ||||||
|         path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}" |  | ||||||
|       when: "postgresql_config_connect_socket | bool" |  | ||||||
|     - name: Wait for container startup (port) |  | ||||||
|       ansible.builtin.wait_for: |  | ||||||
|         host: >-2 |  | ||||||
|           {{ (pg_addresses == '*') | ternary( |  | ||||||
|                  omit, |  | ||||||
|                  postgresql_config_listen_addresses | first |  | ||||||
|              ) }} |  | ||||||
|         port: "{{ postgresql_config_port }}" |  | ||||||
|       when: "not postgresql_config_connect_socket | bool" |  | ||||||
|       vars: |  | ||||||
|         pg_addresses: "{{ postgresql_config_listen_addresses | join(',') }}" |  | ||||||
|  |  | ||||||
| - name: Ensure init container '{{ postgresql_container_name }}' is removed |  | ||||||
|   community.docker.docker_container: |  | ||||||
|     name: "{{ postgresql_container_name }}" |  | ||||||
|     state: absent |  | ||||||
| @@ -33,7 +33,6 @@ | |||||||
|   loop: |   loop: | ||||||
|     - name: "{{ postgresql_config_path }}" |     - name: "{{ postgresql_config_path }}" | ||||||
|     - name: "{{ postgresql_data_path }}" |     - name: "{{ postgresql_data_path }}" | ||||||
|       mode: "0700" |  | ||||||
|   loop_control: |   loop_control: | ||||||
|     loop_var: path |     loop_var: path | ||||||
|     label: "{{ path.name }}" |     label: "{{ path.name }}" | ||||||
| @@ -57,16 +56,8 @@ | |||||||
|       Aborting... |       Aborting... | ||||||
|   when: |   when: | ||||||
|     - postgresql_data_dir_version_info.stat.exists |     - postgresql_data_dir_version_info.stat.exists | ||||||
|     - "(postgresql_data_dir_version_content.content | b64decode | int) != (postgresql_major_version | int)" |     - "(postgresql_data_dir_version_content | b64decode | int) != (postgresql_major_version | int)" | ||||||
|  |  | ||||||
| - name: Prepare authentication and authorization for database admin role |  | ||||||
|   ansible.builtin.include_tasks: |  | ||||||
|     file: "prepare.yml" |  | ||||||
|  |  | ||||||
| - name: Deploy postgresql using {{ postgresql_deployment_method }} | - name: Deploy postgresql using {{ postgresql_deployment_method }} | ||||||
|   ansible.builtin.include_tasks: |   ansible.builtin.include_tasks: | ||||||
|     file: "deploy-{{ postgresql_deployment_method }}.yml" |     file: "deploy-{{ postgresql_deployment_method }}.yml" | ||||||
|  |  | ||||||
| - name: Configure postgresql |  | ||||||
|   ansible.builtin.include_tasks: |  | ||||||
|     file: "configure.yml" |  | ||||||
|   | |||||||
| @@ -1,35 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Ensure postgresql config files are {{ postgresql_state }} |  | ||||||
|   ansible.builtin.lineinfile: |  | ||||||
|     path: "{{ file.name }}" |  | ||||||
|     insertafter: "{{ file.insert_after | default(omit) }}" |  | ||||||
|     insertbefore: "{{ file.insert_before | default(omit) }}" |  | ||||||
|     line: "{{ file.line }}" |  | ||||||
|     owner: "{{ postgresql_user_id }}" |  | ||||||
|     group: "{{ postgresql_user_group_id }}" |  | ||||||
|     create: true |  | ||||||
|   loop_control: |  | ||||||
|     loop_var: file |  | ||||||
|     label: "{{ file.name }}" |  | ||||||
|   loop: |  | ||||||
|     - name: "{{ postgresql_pg_hba_conf_file }}" |  | ||||||
|       insert_before: "BOF" |  | ||||||
|       line: "# Ansible managed" |  | ||||||
|     - name: "{{ postgresql_pg_ident_conf_file }}" |  | ||||||
|       insert_before: "BOF" |  | ||||||
|       line: "# Ansible managed" |  | ||||||
|     - name: "{{ postgresql_pg_ident_conf_file }}" |  | ||||||
|       insert_after: "# Ansible managed" |  | ||||||
|       line: "{{ postgresql_admin_pg_ident_conf }}" |  | ||||||
|   when: postgresql_state == 'present' |  | ||||||
|   notify: postgresql_restart |  | ||||||
|  |  | ||||||
| - name: Configure permissions for postgresql admin role |  | ||||||
|   community.postgresql.postgresql_pg_hba: |  | ||||||
|     dest: "{{ postgresql_pg_hba_conf_file }}" |  | ||||||
|     contype: "{{ postgresql_admin_role_contype }}" |  | ||||||
|     users: "{{ postgresql_admin_role }}" |  | ||||||
|     method: "{{ postgresql_admin_role_method }}" |  | ||||||
|     options: "{{ postgresql_admin_pg_hba_conf_options }}" |  | ||||||
|   when: postgresql_state == 'present' |  | ||||||
|   notify: postgresql_restart |  | ||||||
| @@ -1,19 +0,0 @@ | |||||||
| root:x:0:0:root:/root:/bin/bash |  | ||||||
| daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin |  | ||||||
| bin:x:2:2:bin:/bin:/usr/sbin/nologin |  | ||||||
| sys:x:3:3:sys:/dev:/usr/sbin/nologin |  | ||||||
| sync:x:4:65534:sync:/bin:/bin/sync |  | ||||||
| games:x:5:60:games:/usr/games:/usr/sbin/nologin |  | ||||||
| man:x:6:12:man:/var/cache/man:/usr/sbin/nologin |  | ||||||
| lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin |  | ||||||
| mail:x:8:8:mail:/var/mail:/usr/sbin/nologin |  | ||||||
| news:x:9:9:news:/var/spool/news:/usr/sbin/nologin |  | ||||||
| uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin |  | ||||||
| proxy:x:13:13:proxy:/bin:/usr/sbin/nologin |  | ||||||
| www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin |  | ||||||
| backup:x:34:34:backup:/var/backups:/usr/sbin/nologin |  | ||||||
| list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin |  | ||||||
| irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin |  | ||||||
| _apt:x:42:65534::/nonexistent:/usr/sbin/nologin |  | ||||||
| nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin |  | ||||||
| postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash |  | ||||||
		Reference in New Issue
	
	Block a user