Compare commits
	
		
			1 Commits
		
	
	
		
			0.1.3
			...
			83a0f219b3
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 83a0f219b3 | 
| @@ -1,13 +1,12 @@ | ||||
| namespace: finallycoffee | ||||
| name: databases | ||||
| version: 0.1.3 | ||||
| version: 0.1.1 | ||||
| readme: README.md | ||||
| authors: | ||||
| - transcaffeine <transcaffeine@finally.coffee> | ||||
| description: Collection for deploying and configuring databases | ||||
| dependencies: | ||||
|   "community.docker": "^4.0.0" | ||||
|   "community.postgresql": "^3.9.0" | ||||
|   "community.docker": "^3.0.0" | ||||
| license_file: LICENSE.md | ||||
| build_ignore: | ||||
| - '*.tar.gz' | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| elasticsearch_version: "8.17.2" | ||||
| elasticsearch_version: "8.17.0" | ||||
| elasticsearch_state: present | ||||
|  | ||||
| elasticsearch_base_path: /opt/elasticsearch | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| mariadb_version: "10.11.11" | ||||
| mariadb_version: "10.11.10" | ||||
| mariadb_base_path: /var/lib/mariadb | ||||
| mariadb_data_path: >-2 | ||||
|   {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }} | ||||
|   | ||||
| @@ -2,26 +2,3 @@ | ||||
|  | ||||
| PostgreSQL is the self proclaimed "world's most advanced" open source relational | ||||
| database. This ansible role can deploy and configure postgresql. | ||||
|  | ||||
| By default, the role configures the remote's effective ansible user with | ||||
| peer authentication for the (postgresql) role `postgres` on all databases (with all grants). | ||||
|  | ||||
| ## Required configuration | ||||
|  | ||||
| Set `postgresql_superuser_password` to your superusers desired password. | ||||
|  | ||||
| ## Optional configuration | ||||
|  | ||||
| Set `postgresql_major_version` to your desired postgresql major version, | ||||
| for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6). | ||||
|  | ||||
| This role can be executed multiple times with different | ||||
| `postgresql_major_version` values to provide new database versions for up-to- | ||||
| date applications and older versions for software which does not yet support | ||||
| them. Container name and host mounts encode the major version to prevent | ||||
| accidental usage of the 'wrong' `PGDATA` directory. | ||||
|  | ||||
| ## Requirements | ||||
|  | ||||
| - `psycopg2` (pip) package | ||||
| - `docker` (pip) package | ||||
|   | ||||
| @@ -8,7 +8,7 @@ postgresql_config_port: 5432 | ||||
|  | ||||
| postgresql_base_config: | ||||
|   listen_addresses: "{{ postgresql_config_listen_addresses }}" | ||||
|   unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}" | ||||
|   connect_socket: "{{ postgresql_config_connect_socket }}" | ||||
|   port: "{{ postgresql_config_port }}" | ||||
| postgresql_merged_config: >-2 | ||||
|   {{ postgresql_base_config | combine( | ||||
|   | ||||
| @@ -38,28 +38,6 @@ postgresql_container_etc_hosts: ~ | ||||
| postgresql_container_restart_policy: "on-failure" | ||||
| postgresql_container_state: >-2 | ||||
|   {{ (postgresql_state == 'present') | ternary('started', 'absent') }} | ||||
| postgresql_container_volumes: ~ | ||||
| postgresql_container_unix_socket_path: >-2 | ||||
|   {{ postgresql_config_unix_socket_directories | first }} | ||||
| postgresql_container_base_volumes: | ||||
|   - "{{ postgresql_container_passwd_file }}:/etc/passwd:ro" | ||||
|   - "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:Z" | ||||
| postgresql_container_config_volumes: | ||||
|   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro" | ||||
|   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro" | ||||
| postgresql_container_unix_socket_volumes: | ||||
|   - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared" | ||||
| postgresql_container_initdb_volumes: >-2 | ||||
|   {{ postgresql_container_base_volumes | ||||
|     + postgresql_container_unix_socket_volumes | ||||
|     + (postgresql_container_volumes | default([], true)) }} | ||||
| postgresql_container_merged_volumes: >-2 | ||||
|   {{ postgresql_container_base_volumes | ||||
|     + postgresql_container_config_volumes | ||||
|     + (postgresql_container_unix_socket_volumes if postgresql_config_connect_socket else []) | ||||
|     + (postgresql_container_volumes | default([], true)) }} | ||||
| postgresql_systemd_tmpfile_socket_correction_unit_name: >-2 | ||||
|   {{ postgresql_container_unix_socket_path | split('/') | reject('eq', '') | join('-') }} | ||||
|  | ||||
| # (Memory) performance tuning | ||||
| postgresql_container_memory: ~ | ||||
| @@ -69,5 +47,4 @@ postgresql_container_oom_kill: ~ | ||||
| postgresql_container_oom_score_adj: ~ | ||||
| postgresql_container_ulimits: ~ | ||||
|  | ||||
| postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd" | ||||
| postgresql_container_data_dir: "/var/lib/postgresql/data" | ||||
| postgresql_container_passwd_file: "/etc/postgresql/{{ postgresql_major_version }}/passwd" | ||||
|   | ||||
| @@ -1,7 +1,7 @@ | ||||
| --- | ||||
| postgresql_user: postgresql | ||||
| postgresql_version: >-2 | ||||
|   {{ postgresql_versions[postgresql_major_version | string] }} | ||||
|   {{ postgresql_version[postgres_major_version | string] }} | ||||
| postgresql_major_version: 16 | ||||
| postgresql_versions: | ||||
|   "17": "17.2" | ||||
| @@ -14,19 +14,12 @@ postgresql_config_path: >-2 | ||||
| postgresql_data_path: >-2 | ||||
|   /var/lib/postgresql/{{ postgresql_major_version }} | ||||
| postgresql_pg_ident_conf_file: >-2 | ||||
|   {{ postgresql_config_path }}/pg_ident.conf | ||||
|   {{ postgresql_data_path }}/pg_ident.conf | ||||
| postgresql_pg_hba_conf_file: >-2 | ||||
|   {{ postgresql_config_path }}/pg_hba.conf | ||||
| postgresql_admin_role: "postgres" | ||||
|   {{ postgresql_data_path }}/pg_hba.conf | ||||
| postgresql_admin_role: "{{ postgresql_user }}" | ||||
| postgresql_admin_role_contype: local | ||||
| postgresql_admin_role_method: peer | ||||
| postgresql_admin_local_user: >-2 | ||||
|   {{ ansible_facts['user_id'] }} | ||||
| postgresql_admin_role_mapping_name: >-2 | ||||
|   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }} | ||||
| postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}" | ||||
| postgresql_admin_pg_hba_conf_options: >-2 | ||||
|   map={{ postgresql_admin_role_mapping_name }} | ||||
| postgresql_superuser_password: ~ | ||||
|  | ||||
| postgresql_state: present | ||||
|   | ||||
| @@ -1,11 +1,14 @@ | ||||
| --- | ||||
| - name: Configure postgresql | ||||
|   block: | ||||
| - name: Ensure postgresql superuser is set | ||||
|   community.postgresql.postgresql_user: | ||||
|     name: "{{ postgresql_admin_role }}" | ||||
|     password: "{{ postgresql_superuser_password }}" | ||||
|         login_host: "{{ postgresql_login_host }}" | ||||
|     login_host: >-2 | ||||
|       {{ | ||||
|         (postgresql_config_unix_socket_directories | first) | ||||
|         if postgresql_config_connect_socket else  | ||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||
|       }} | ||||
|   register: postgresql_superuser_password_result | ||||
|   until: "postgresql_superuser_password_result is succeeded" | ||||
|   retries: 10 | ||||
| @@ -14,31 +17,25 @@ | ||||
| - name: Ensure postgresql configuration is set | ||||
|   community.postgresql.postgresql_set: | ||||
|     name: "{{ option.key }}" | ||||
|         value: "{{ pg_option_value }}" | ||||
|         login_host: "{{ postgresql_login_host }}" | ||||
|     value: "{{ option.value }}" | ||||
|     login_host: >-2 | ||||
|       {{ | ||||
|         (postgresql_config_unix_socket_directories | first) | ||||
|         if postgresql_config_connect_socket else  | ||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||
|       }} | ||||
|     login_port: "{{ postgresql_config_port }}" | ||||
|         login_password: "{{ postgresql_superuser_password }}" | ||||
|       loop: "{{ postgresql_merged_config | dict2items }}" | ||||
|     login_password: #TODO | ||||
|   loop: "{{ postgresql_merged_options | dict2items }}" | ||||
|   loop_control: | ||||
|     loop_var: option | ||||
|       vars: | ||||
|         pg_option_value: >-2 | ||||
|           {{ | ||||
|             (option.value | join(' ')) | ||||
|             if (option.value is iterable | ||||
|               and option.value is not string | ||||
|               and option.value is not mapping) | ||||
|             else option.value | ||||
|           }} | ||||
|       register: postgresql_config_results | ||||
|  | ||||
| - name: Ensure postgresql configuration is reloaded | ||||
|   community.postgresql.postgresql_query: | ||||
|         db: "postgres" | ||||
|     query: "SELECT pg_reload_conf();" | ||||
|         login_host: "{{ postgresql_login_host }}" | ||||
|         login_port: "{{ postgresql_config_port }}" | ||||
|         login_password: "{{ postgresql_superuser_password }}" | ||||
|     login_host: #TODO | ||||
|     login_port: #TODO | ||||
|     login_password: #TODO | ||||
|  | ||||
| - name: Ensure restart handler is fired if required | ||||
|   debug: | ||||
| @@ -46,15 +43,7 @@ | ||||
|   when: result.changed | ||||
|   changed_when: "{{ result.restart_required }}" | ||||
|   notify: postgresql_restart | ||||
|       loop: "{{ postgresql_config_results.results }}" | ||||
|   loop: "{{ postgresql_config_results }}" | ||||
|   loop_control: | ||||
|     loop_var: result | ||||
|         label: "{{ result.option.key }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   vars: | ||||
|     postgresql_login_host: >-2 | ||||
|       {{ | ||||
|         (postgresql_config_unix_socket_directories | first) | ||||
|         if postgresql_config_connect_socket else  | ||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||
|       }} | ||||
|     label: "{{ result.option.name }}" | ||||
|   | ||||
| @@ -19,59 +19,11 @@ | ||||
|     mode: "0640" | ||||
|   when: postgresql_state == 'present' | ||||
|  | ||||
| - name: Ensure systemd unit to correct path permissions is {{ postgresql_state }} | ||||
|   ansible.builtin.copy: | ||||
|     dest: "/etc/systemd/system/{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" | ||||
|     content: |+2 | ||||
|       [Unit] | ||||
|       Description="Ensure permissions on {{ postgresql_container_unix_socket_path }}" | ||||
|       After=systemd-tmpfiles-setup.service | ||||
|       Before=docker.service | ||||
|        | ||||
|       [Service] | ||||
|       Type=exec | ||||
|       RemainAfterExit=yes | ||||
|       ExecStart=/bin/bash -c 'mkdir {{ postgresql_container_unix_socket_path }} ||:; chown {{ postgresql_user }}:{{ postgresql_user }} {{ postgresql_container_unix_socket_path }}' | ||||
|        | ||||
|       [Install] | ||||
|       WantedBy=multi-user.target | ||||
|   when: | ||||
|     - ansible_facts['service_mgr'] == 'systemd' | ||||
|     - postgresql_state == 'present' | ||||
|   register: postgresql_systemd_tmpfile_correction_unit_info | ||||
|  | ||||
| - name: Ensure systemd is reloaded | ||||
|   ansible.builtin.systemd: | ||||
|     daemon_reload: true | ||||
|   when: | ||||
|     - postgresql_systemd_tmpfile_correction_unit_info.changed | ||||
|  | ||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | ||||
|   ansible.builtin.systemd: | ||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" | ||||
|     state: "{{ postgresql_container_state }}" | ||||
|   when: ansible_facts['service_mgr'] == 'systemd' | ||||
|  | ||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | ||||
|   ansible.builtin.systemd: | ||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" | ||||
|     enabled: "{{ postgresql_state == 'present' }}" | ||||
|   when: ansible_facts['service_mgr'] == 'systemd' | ||||
|  | ||||
| - name: Lookup {{ postgresql_data_path }}/global | ||||
|   ansible.builtin.stat: | ||||
|     path: "{{ postgresql_data_path }}/global" | ||||
|     get_checksum: false | ||||
|   register: postgresql_global_data_info | ||||
|  | ||||
| - name: Initialize database if empty | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "initialize-docker.yml" | ||||
|     file: "docker-initialize.yml" | ||||
|   when: | ||||
|     - postgresql_state == 'present' | ||||
|     - not postgresql_global_data_info.stat.exists | ||||
|     - postgresql_global_data_info.stat.isdir is defined | ||||
|     - not postgresql_global_data_info.stat.isdir | ||||
|  | ||||
| - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | ||||
|   community.docker.docker_container: | ||||
| @@ -81,7 +33,6 @@ | ||||
|     user: "{{ postgresql_container_user | default(omit, true) }}" | ||||
|     ports: "{{ postgresql_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ postgresql_container_labels | default(omit, true) }}" | ||||
|     volumes: "{{ postgresql_container_merged_volumes }}" | ||||
|     recreate: "{{ postgresql_container_recreate | default(omit, true) }}" | ||||
|     networks: "{{ postgresql_container_networks | default(omit, true) }}" | ||||
|     etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}" | ||||
| @@ -93,3 +44,5 @@ | ||||
|     ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}" | ||||
|     restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}" | ||||
|     state: "{{ postgresql_container_state }}" | ||||
|  | ||||
| -  | ||||
|   | ||||
| @@ -1,34 +1,21 @@ | ||||
| --- | ||||
| - name: Ensure container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} to initialise the database | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ postgresql_container_name }}" | ||||
|     user: "{{ postgresql_container_user }}" | ||||
|     image: "{{ postgresql_container_image }}" | ||||
|     env: >-2 | ||||
|       {{ postgresql_container_env | default({}, true) | ||||
|          | combine({'POSTGRES_PASSWORD': postgresql_superuser_password}) }} | ||||
|     user: "{{ postgresql_container_user | default(omit, true) }}" | ||||
|     ports: "{{ postgresql_container_ports | default(omit, true) }}" | ||||
|     ports: "{{ postgresql_container_ports }}" | ||||
|     labels: "{{ postgresql_container_labels | default(omit, true) }}" | ||||
|     volumes: "{{ postgresql_container_initdb_volumes }}" | ||||
|     recreate: "{{ postgresql_container_recreate | default(omit, true) }}" | ||||
|     networks: "{{ postgresql_container_networks | default(omit, true) }}" | ||||
|     etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}" | ||||
|     memory: "{{ postgresql_container_memory | default(omit, true) }}" | ||||
|     memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}" | ||||
|     oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}" | ||||
|     oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}" | ||||
|     shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}" | ||||
|     ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}" | ||||
|     restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}" | ||||
|     state: "{{ postgresql_container_state }}" | ||||
|     state: started | ||||
|   register: postgresql_container_info | ||||
|  | ||||
| - name: Wait for container startup | ||||
|   block: | ||||
|     - name: Wait for container startup (socket) | ||||
|       ansible.builtin.wait_for: | ||||
|         path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}" | ||||
|       when: "postgresql_config_connect_socket | bool" | ||||
|         path: "{{ postgresql_config_unix_socket_directories | first  }}.s.PGSQL.{{ postgresql_config_port }}" | ||||
|       when: "{{ postgresql_config_connect_socket }}" | ||||
|     - name: Wait for container startup (port) | ||||
|       ansible.builtin.wait_for: | ||||
|         host: >-2 | ||||
| @@ -37,7 +24,7 @@ | ||||
|                  postgresql_config_listen_addresses | first | ||||
|              ) }} | ||||
|         port: "{{ postgresql_config_port }}" | ||||
|       when: "not postgresql_config_connect_socket | bool" | ||||
|       when: "{{ not postgresql_config_connect_socket }}" | ||||
|       vars: | ||||
|         pg_addresses: "{{ postgresql_config_listen_addresses | join(',') }}" | ||||
|  | ||||
| @@ -45,3 +32,4 @@ | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ postgresql_container_name }}" | ||||
|     state: absent | ||||
|  | ||||
|   | ||||
| @@ -33,7 +33,6 @@ | ||||
|   loop: | ||||
|     - name: "{{ postgresql_config_path }}" | ||||
|     - name: "{{ postgresql_data_path }}" | ||||
|       mode: "0700" | ||||
|   loop_control: | ||||
|     loop_var: path | ||||
|     label: "{{ path.name }}" | ||||
| @@ -57,7 +56,7 @@ | ||||
|       Aborting... | ||||
|   when: | ||||
|     - postgresql_data_dir_version_info.stat.exists | ||||
|     - "(postgresql_data_dir_version_content.content | b64decode | int) != (postgresql_major_version | int)" | ||||
|     - "(postgresql_data_dir_version_content | b64decode | int) != (postgresql_major_version | int)" | ||||
|  | ||||
| - name: Prepare authentication and authorization for database admin role | ||||
|   ansible.builtin.include_tasks: | ||||
| @@ -66,7 +65,3 @@ | ||||
| - name: Deploy postgresql using {{ postgresql_deployment_method }} | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "deploy-{{ postgresql_deployment_method }}.yml" | ||||
|  | ||||
| - name: Configure postgresql | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "configure.yml" | ||||
|   | ||||
| @@ -20,9 +20,8 @@ | ||||
|       line: "# Ansible managed" | ||||
|     - name: "{{ postgresql_pg_ident_conf_file }}" | ||||
|       insert_after: "# Ansible managed" | ||||
|       line: "{{ postgresql_admin_pg_ident_conf }}" | ||||
|       line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   notify: postgresql_restart | ||||
|  | ||||
| - name: Configure permissions for postgresql admin role | ||||
|   community.postgresql.postgresql_pg_hba: | ||||
| @@ -30,6 +29,5 @@ | ||||
|     contype: "{{ postgresql_admin_role_contype }}" | ||||
|     users: "{{ postgresql_admin_role }}" | ||||
|     method: "{{ postgresql_admin_role_method }}" | ||||
|     options: "{{ postgresql_admin_pg_hba_conf_options }}" | ||||
|     options: "map={{ ansible_user }}_{{ postgresql_admin_role }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   notify: postgresql_restart | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| valkey_version: "8.0.2" | ||||
| valkey_version: "8.0.1" | ||||
| valkey_state: "present" | ||||
| valkey_instance: ~ | ||||
| valkey_instance_suffix: >-2 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user