Compare commits
	
		
			1 Commits
		
	
	
		
			0.1.2
			...
			edf40eb375
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| edf40eb375 | 
| @@ -1,13 +1,12 @@ | |||||||
| namespace: finallycoffee | namespace: finallycoffee | ||||||
| name: databases | name: databases | ||||||
| version: 0.1.2 | version: 0.1.1 | ||||||
| readme: README.md | readme: README.md | ||||||
| authors: | authors: | ||||||
| - transcaffeine <transcaffeine@finally.coffee> | - transcaffeine <transcaffeine@finally.coffee> | ||||||
| description: Collection for deploying and configuring databases | description: Collection for deploying and configuring databases | ||||||
| dependencies: | dependencies: | ||||||
|   "community.docker": "^4.0.0" |   "community.docker": "^3.0.0" | ||||||
|   "community.postgresql": "^3.9.0" |  | ||||||
| license_file: LICENSE.md | license_file: LICENSE.md | ||||||
| build_ignore: | build_ignore: | ||||||
| - '*.tar.gz' | - '*.tar.gz' | ||||||
|   | |||||||
| @@ -2,26 +2,3 @@ | |||||||
|  |  | ||||||
| PostgreSQL is the self proclaimed "world's most advanced" open source relational | PostgreSQL is the self proclaimed "world's most advanced" open source relational | ||||||
| database. This ansible role can deploy and configure postgresql. | database. This ansible role can deploy and configure postgresql. | ||||||
|  |  | ||||||
| By default, the role configures the remote's effective ansible user with |  | ||||||
| peer authentication for the (postgresql) role `postgres` on all databases (with all grants). |  | ||||||
|  |  | ||||||
| ## Required configuration |  | ||||||
|  |  | ||||||
| Set `postgresql_superuser_password` to your superusers desired password. |  | ||||||
|  |  | ||||||
| ## Optional configuration |  | ||||||
|  |  | ||||||
| Set `postgresql_major_version` to your desired postgresql major version, |  | ||||||
| for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6). |  | ||||||
|  |  | ||||||
| This role can be executed multiple times with different |  | ||||||
| `postgresql_major_version` values to provide new database versions for up-to- |  | ||||||
| date applications and older versions for software which does not yet support |  | ||||||
| them. Container name and host mounts encode the major version to prevent |  | ||||||
| accidental usage of the 'wrong' `PGDATA` directory. |  | ||||||
|  |  | ||||||
| ## Requirements |  | ||||||
|  |  | ||||||
| - `psycopg2` (pip) package |  | ||||||
| - `docker` (pip) package |  | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ postgresql_config_port: 5432 | |||||||
|  |  | ||||||
| postgresql_base_config: | postgresql_base_config: | ||||||
|   listen_addresses: "{{ postgresql_config_listen_addresses }}" |   listen_addresses: "{{ postgresql_config_listen_addresses }}" | ||||||
|   unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}" |   connect_socket: "{{ postgresql_config_connect_socket }}" | ||||||
|   port: "{{ postgresql_config_port }}" |   port: "{{ postgresql_config_port }}" | ||||||
| postgresql_merged_config: >-2 | postgresql_merged_config: >-2 | ||||||
|   {{ postgresql_base_config | combine( |   {{ postgresql_base_config | combine( | ||||||
|   | |||||||
| @@ -17,14 +17,15 @@ postgresql_pg_ident_conf_file: >-2 | |||||||
|   {{ postgresql_config_path }}/pg_ident.conf |   {{ postgresql_config_path }}/pg_ident.conf | ||||||
| postgresql_pg_hba_conf_file: >-2 | postgresql_pg_hba_conf_file: >-2 | ||||||
|   {{ postgresql_config_path }}/pg_hba.conf |   {{ postgresql_config_path }}/pg_hba.conf | ||||||
| postgresql_admin_role: "postgres" | postgresql_admin_role: "{{ postgresql_user }}" | ||||||
| postgresql_admin_role_contype: local | postgresql_admin_role_contype: local | ||||||
| postgresql_admin_role_method: peer | postgresql_admin_role_method: peer | ||||||
| postgresql_admin_local_user: >-2 | postgresql_admin_local_user: >-2 | ||||||
|   {{ ansible_facts['user_id'] }} |   {{ ansible_facts['user_id'] }} | ||||||
| postgresql_admin_role_mapping_name: >-2 | postgresql_admin_role_mapping_name: >-2 | ||||||
|   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }} |   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }} | ||||||
| postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}" | postgresql_admin_pg_ident_conf: >-2 | ||||||
|  |   {{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }} | ||||||
| postgresql_admin_pg_hba_conf_options: >-2 | postgresql_admin_pg_hba_conf_options: >-2 | ||||||
|   map={{ postgresql_admin_role_mapping_name }} |   map={{ postgresql_admin_role_mapping_name }} | ||||||
| postgresql_superuser_password: ~ | postgresql_superuser_password: ~ | ||||||
|   | |||||||
| @@ -1,60 +1,49 @@ | |||||||
| --- | --- | ||||||
| - name: Configure postgresql | - name: Ensure postgresql superuser is set | ||||||
|   block: |  | ||||||
|     - name: Ensure postgresql superuser is set |  | ||||||
|   community.postgresql.postgresql_user: |   community.postgresql.postgresql_user: | ||||||
|     name: "{{ postgresql_admin_role }}" |     name: "{{ postgresql_admin_role }}" | ||||||
|     password: "{{ postgresql_superuser_password }}" |     password: "{{ postgresql_superuser_password }}" | ||||||
|         login_host: "{{ postgresql_login_host }}" |     login_host: >-2 | ||||||
|       register: postgresql_superuser_password_result |  | ||||||
|       until: "postgresql_superuser_password_result is succeeded" |  | ||||||
|       retries: 10 |  | ||||||
|       delay: 2 |  | ||||||
|  |  | ||||||
|     - name: Ensure postgresql configuration is set |  | ||||||
|       community.postgresql.postgresql_set: |  | ||||||
|         name: "{{ option.key }}" |  | ||||||
|         value: "{{ pg_option_value }}" |  | ||||||
|         login_host: "{{ postgresql_login_host }}" |  | ||||||
|         login_port: "{{ postgresql_config_port }}" |  | ||||||
|         login_password: "{{ postgresql_superuser_password }}" |  | ||||||
|       loop: "{{ postgresql_merged_config | dict2items }}" |  | ||||||
|       loop_control: |  | ||||||
|         loop_var: option |  | ||||||
|       vars: |  | ||||||
|         pg_option_value: >-2 |  | ||||||
|           {{ |  | ||||||
|             (option.value | join(' ')) |  | ||||||
|             if (option.value is iterable |  | ||||||
|               and option.value is not string |  | ||||||
|               and option.value is not mapping) |  | ||||||
|             else option.value |  | ||||||
|           }} |  | ||||||
|       register: postgresql_config_results |  | ||||||
|  |  | ||||||
|     - name: Ensure postgresql configuration is reloaded |  | ||||||
|       community.postgresql.postgresql_query: |  | ||||||
|         db: "postgres" |  | ||||||
|         query: "SELECT pg_reload_conf();" |  | ||||||
|         login_host: "{{ postgresql_login_host }}" |  | ||||||
|         login_port: "{{ postgresql_config_port }}" |  | ||||||
|         login_password: "{{ postgresql_superuser_password }}" |  | ||||||
|  |  | ||||||
|     - name: Ensure restart handler is fired if required |  | ||||||
|       debug: |  | ||||||
|         msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}" |  | ||||||
|       when: result.changed |  | ||||||
|       changed_when: "{{ result.restart_required }}" |  | ||||||
|       notify: postgresql_restart |  | ||||||
|       loop: "{{ postgresql_config_results.results }}" |  | ||||||
|       loop_control: |  | ||||||
|         loop_var: result |  | ||||||
|         label: "{{ result.option.key }}" |  | ||||||
|   when: postgresql_state == 'present' |  | ||||||
|   vars: |  | ||||||
|     postgresql_login_host: >-2 |  | ||||||
|       {{ |       {{ | ||||||
|         (postgresql_config_unix_socket_directories | first) |         (postgresql_config_unix_socket_directories | first) | ||||||
|         if postgresql_config_connect_socket else  |         if postgresql_config_connect_socket else  | ||||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) |         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||||
|       }} |       }} | ||||||
|  |   register: postgresql_superuser_password_result | ||||||
|  |   until: "postgresql_superuser_password_result is succeeded" | ||||||
|  |   retries: 10 | ||||||
|  |   delay: 2 | ||||||
|  |  | ||||||
|  | - name: Ensure postgresql configuration is set | ||||||
|  |   community.postgresql.postgresql_set: | ||||||
|  |     name: "{{ option.key }}" | ||||||
|  |     value: "{{ option.value }}" | ||||||
|  |     login_host: >-2 | ||||||
|  |       {{ | ||||||
|  |         (postgresql_config_unix_socket_directories | first) | ||||||
|  |         if postgresql_config_connect_socket else  | ||||||
|  |         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||||
|  |       }} | ||||||
|  |     login_port: "{{ postgresql_config_port }}" | ||||||
|  |     login_password: #TODO | ||||||
|  |   loop: "{{ postgresql_merged_options | dict2items }}" | ||||||
|  |   loop_control: | ||||||
|  |     loop_var: option | ||||||
|  |  | ||||||
|  | - name: Ensure postgresql configuration is reloaded | ||||||
|  |   community.postgresql.postgresql_query: | ||||||
|  |     query: "SELECT pg_reload_conf();" | ||||||
|  |     login_host: #TODO | ||||||
|  |     login_port: #TODO | ||||||
|  |     login_password: #TODO | ||||||
|  |  | ||||||
|  | - name: Ensure restart handler is fired if required | ||||||
|  |   debug: | ||||||
|  |     msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}" | ||||||
|  |   when: result.changed | ||||||
|  |   changed_when: "{{ result.restart_required }}" | ||||||
|  |   notify: postgresql_restart | ||||||
|  |   loop: "{{ postgresql_config_results }}" | ||||||
|  |   loop_control: | ||||||
|  |     loop_var: result | ||||||
|  |     label: "{{ result.option.name }}" | ||||||
|   | |||||||
| @@ -38,13 +38,12 @@ | |||||||
|   when: |   when: | ||||||
|     - ansible_facts['service_mgr'] == 'systemd' |     - ansible_facts['service_mgr'] == 'systemd' | ||||||
|     - postgresql_state == 'present' |     - postgresql_state == 'present' | ||||||
|   register: postgresql_systemd_tmpfile_correction_unit_info |  | ||||||
|  |  | ||||||
| - name: Ensure systemd is reloaded | - name: Ensure systemd is reloaded | ||||||
|   ansible.builtin.systemd: |   ansible.builtin.systemd: | ||||||
|     daemon_reload: true |     daemon_reload: true | ||||||
|   when: |   when: | ||||||
|     - postgresql_systemd_tmpfile_correction_unit_info.changed |     - postgresql_systemd_tmpfile_correction_unit.changed | ||||||
|  |  | ||||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | ||||||
|   ansible.builtin.systemd: |   ansible.builtin.systemd: | ||||||
| @@ -58,20 +57,12 @@ | |||||||
|     enabled: "{{ postgresql_state == 'present' }}" |     enabled: "{{ postgresql_state == 'present' }}" | ||||||
|   when: ansible_facts['service_mgr'] == 'systemd' |   when: ansible_facts['service_mgr'] == 'systemd' | ||||||
|  |  | ||||||
| - name: Lookup {{ postgresql_data_path }}/global |  | ||||||
|   ansible.builtin.stat: |  | ||||||
|     path: "{{ postgresql_data_path }}/global" |  | ||||||
|     get_checksum: false |  | ||||||
|   register: postgresql_global_data_info |  | ||||||
|  |  | ||||||
| - name: Initialize database if empty | - name: Initialize database if empty | ||||||
|   ansible.builtin.include_tasks: |   ansible.builtin.include_tasks: | ||||||
|     file: "initialize-docker.yml" |     file: "initialize-docker.yml" | ||||||
|   when: |   when: | ||||||
|     - postgresql_state == 'present' |     - postgresql_state == 'present' | ||||||
|     - not postgresql_global_data_info.stat.exists |     # TODO: determine if initialization is needed | ||||||
|     - postgresql_global_data_info.stat.isdir is defined |  | ||||||
|     - not postgresql_global_data_info.stat.isdir |  | ||||||
|  |  | ||||||
| - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | ||||||
|   community.docker.docker_container: |   community.docker.docker_container: | ||||||
|   | |||||||
| @@ -27,7 +27,7 @@ | |||||||
|   block: |   block: | ||||||
|     - name: Wait for container startup (socket) |     - name: Wait for container startup (socket) | ||||||
|       ansible.builtin.wait_for: |       ansible.builtin.wait_for: | ||||||
|         path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}" |         path: "{{ postgresql_config_unix_socket_directories | first  }}.s.PGSQL.{{ postgresql_config_port }}" | ||||||
|       when: "postgresql_config_connect_socket | bool" |       when: "postgresql_config_connect_socket | bool" | ||||||
|     - name: Wait for container startup (port) |     - name: Wait for container startup (port) | ||||||
|       ansible.builtin.wait_for: |       ansible.builtin.wait_for: | ||||||
| @@ -45,3 +45,4 @@ | |||||||
|   community.docker.docker_container: |   community.docker.docker_container: | ||||||
|     name: "{{ postgresql_container_name }}" |     name: "{{ postgresql_container_name }}" | ||||||
|     state: absent |     state: absent | ||||||
|  |  | ||||||
|   | |||||||
| @@ -33,7 +33,6 @@ | |||||||
|   loop: |   loop: | ||||||
|     - name: "{{ postgresql_config_path }}" |     - name: "{{ postgresql_config_path }}" | ||||||
|     - name: "{{ postgresql_data_path }}" |     - name: "{{ postgresql_data_path }}" | ||||||
|       mode: "0700" |  | ||||||
|   loop_control: |   loop_control: | ||||||
|     loop_var: path |     loop_var: path | ||||||
|     label: "{{ path.name }}" |     label: "{{ path.name }}" | ||||||
|   | |||||||
| @@ -20,9 +20,8 @@ | |||||||
|       line: "# Ansible managed" |       line: "# Ansible managed" | ||||||
|     - name: "{{ postgresql_pg_ident_conf_file }}" |     - name: "{{ postgresql_pg_ident_conf_file }}" | ||||||
|       insert_after: "# Ansible managed" |       insert_after: "# Ansible managed" | ||||||
|       line: "{{ postgresql_admin_pg_ident_conf }}" |       line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}" | ||||||
|   when: postgresql_state == 'present' |   when: postgresql_state == 'present' | ||||||
|   notify: postgresql_restart |  | ||||||
|  |  | ||||||
| - name: Configure permissions for postgresql admin role | - name: Configure permissions for postgresql admin role | ||||||
|   community.postgresql.postgresql_pg_hba: |   community.postgresql.postgresql_pg_hba: | ||||||
| @@ -30,6 +29,5 @@ | |||||||
|     contype: "{{ postgresql_admin_role_contype }}" |     contype: "{{ postgresql_admin_role_contype }}" | ||||||
|     users: "{{ postgresql_admin_role }}" |     users: "{{ postgresql_admin_role }}" | ||||||
|     method: "{{ postgresql_admin_role_method }}" |     method: "{{ postgresql_admin_role_method }}" | ||||||
|     options: "{{ postgresql_admin_pg_hba_conf_options }}" |     options: "map={{ ansible_user }}_{{ postgresql_admin_role }}" | ||||||
|   when: postgresql_state == 'present' |   when: postgresql_state == 'present' | ||||||
|   notify: postgresql_restart |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user