1 Commits

13 changed files with 67 additions and 198 deletions

View File

@@ -1,13 +1,12 @@
namespace: finallycoffee
name: databases
version: 0.1.3
version: 0.1.1
readme: README.md
authors:
- transcaffeine <transcaffeine@finally.coffee>
description: Collection for deploying and configuring databases
dependencies:
"community.docker": "^4.0.0"
"community.postgresql": "^3.9.0"
"community.docker": "^3.0.0"
license_file: LICENSE.md
build_ignore:
- '*.tar.gz'

View File

@@ -1,5 +1,5 @@
---
elasticsearch_version: "8.17.2"
elasticsearch_version: "8.17.0"
elasticsearch_state: present
elasticsearch_base_path: /opt/elasticsearch

View File

@@ -1,5 +1,5 @@
---
mariadb_version: "10.11.11"
mariadb_version: "10.11.10"
mariadb_base_path: /var/lib/mariadb
mariadb_data_path: >-2
{{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }}

View File

@@ -2,26 +2,3 @@
PostgreSQL is the self proclaimed "world's most advanced" open source relational
database. This ansible role can deploy and configure postgresql.
By default, the role configures the remote's effective ansible user with
peer authentication for the (postgresql) role `postgres` on all databases (with all grants).
## Required configuration
Set `postgresql_superuser_password` to your superusers desired password.
## Optional configuration
Set `postgresql_major_version` to your desired postgresql major version,
for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6).
This role can be executed multiple times with different
`postgresql_major_version` values to provide new database versions for up-to-
date applications and older versions for software which does not yet support
them. Container name and host mounts encode the major version to prevent
accidental usage of the 'wrong' `PGDATA` directory.
## Requirements
- `psycopg2` (pip) package
- `docker` (pip) package

View File

@@ -8,7 +8,7 @@ postgresql_config_port: 5432
postgresql_base_config:
listen_addresses: "{{ postgresql_config_listen_addresses }}"
unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}"
connect_socket: "{{ postgresql_config_connect_socket }}"
port: "{{ postgresql_config_port }}"
postgresql_merged_config: >-2
{{ postgresql_base_config | combine(

View File

@@ -38,28 +38,6 @@ postgresql_container_etc_hosts: ~
postgresql_container_restart_policy: "on-failure"
postgresql_container_state: >-2
{{ (postgresql_state == 'present') | ternary('started', 'absent') }}
postgresql_container_volumes: ~
postgresql_container_unix_socket_path: >-2
{{ postgresql_config_unix_socket_directories | first }}
postgresql_container_base_volumes:
- "{{ postgresql_container_passwd_file }}:/etc/passwd:ro"
- "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:Z"
postgresql_container_config_volumes:
- "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
- "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
postgresql_container_unix_socket_volumes:
- "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
postgresql_container_initdb_volumes: >-2
{{ postgresql_container_base_volumes
+ postgresql_container_unix_socket_volumes
+ (postgresql_container_volumes | default([], true)) }}
postgresql_container_merged_volumes: >-2
{{ postgresql_container_base_volumes
+ postgresql_container_config_volumes
+ (postgresql_container_unix_socket_volumes if postgresql_config_connect_socket else [])
+ (postgresql_container_volumes | default([], true)) }}
postgresql_systemd_tmpfile_socket_correction_unit_name: >-2
{{ postgresql_container_unix_socket_path | split('/') | reject('eq', '') | join('-') }}
# (Memory) performance tuning
postgresql_container_memory: ~
@@ -69,5 +47,4 @@ postgresql_container_oom_kill: ~
postgresql_container_oom_score_adj: ~
postgresql_container_ulimits: ~
postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
postgresql_container_data_dir: "/var/lib/postgresql/data"
postgresql_container_passwd_file: "/etc/postgresql/{{ postgresql_major_version }}/passwd"

View File

@@ -1,7 +1,7 @@
---
postgresql_user: postgresql
postgresql_version: >-2
{{ postgresql_versions[postgresql_major_version | string] }}
{{ postgresql_version[postgres_major_version | string] }}
postgresql_major_version: 16
postgresql_versions:
"17": "17.2"
@@ -14,19 +14,12 @@ postgresql_config_path: >-2
postgresql_data_path: >-2
/var/lib/postgresql/{{ postgresql_major_version }}
postgresql_pg_ident_conf_file: >-2
{{ postgresql_config_path }}/pg_ident.conf
{{ postgresql_data_path }}/pg_ident.conf
postgresql_pg_hba_conf_file: >-2
{{ postgresql_config_path }}/pg_hba.conf
postgresql_admin_role: "postgres"
{{ postgresql_data_path }}/pg_hba.conf
postgresql_admin_role: "{{ postgresql_user }}"
postgresql_admin_role_contype: local
postgresql_admin_role_method: peer
postgresql_admin_local_user: >-2
{{ ansible_facts['user_id'] }}
postgresql_admin_role_mapping_name: >-2
{{ postgresql_admin_local_user }}_{{ postgresql_admin_role }}
postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}"
postgresql_admin_pg_hba_conf_options: >-2
map={{ postgresql_admin_role_mapping_name }}
postgresql_superuser_password: ~
postgresql_state: present

View File

@@ -1,60 +1,49 @@
---
- name: Configure postgresql
block:
- name: Ensure postgresql superuser is set
- name: Ensure postgresql superuser is set
community.postgresql.postgresql_user:
name: "{{ postgresql_admin_role }}"
password: "{{ postgresql_superuser_password }}"
login_host: "{{ postgresql_login_host }}"
register: postgresql_superuser_password_result
until: "postgresql_superuser_password_result is succeeded"
retries: 10
delay: 2
- name: Ensure postgresql configuration is set
community.postgresql.postgresql_set:
name: "{{ option.key }}"
value: "{{ pg_option_value }}"
login_host: "{{ postgresql_login_host }}"
login_port: "{{ postgresql_config_port }}"
login_password: "{{ postgresql_superuser_password }}"
loop: "{{ postgresql_merged_config | dict2items }}"
loop_control:
loop_var: option
vars:
pg_option_value: >-2
{{
(option.value | join(' '))
if (option.value is iterable
and option.value is not string
and option.value is not mapping)
else option.value
}}
register: postgresql_config_results
- name: Ensure postgresql configuration is reloaded
community.postgresql.postgresql_query:
db: "postgres"
query: "SELECT pg_reload_conf();"
login_host: "{{ postgresql_login_host }}"
login_port: "{{ postgresql_config_port }}"
login_password: "{{ postgresql_superuser_password }}"
- name: Ensure restart handler is fired if required
debug:
msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
when: result.changed
changed_when: "{{ result.restart_required }}"
notify: postgresql_restart
loop: "{{ postgresql_config_results.results }}"
loop_control:
loop_var: result
label: "{{ result.option.key }}"
when: postgresql_state == 'present'
vars:
postgresql_login_host: >-2
login_host: >-2
{{
(postgresql_config_unix_socket_directories | first)
if postgresql_config_connect_socket else
(postgresql_container_info.container.NetworkSettings.IPAddress)
}}
register: postgresql_superuser_password_result
until: "postgresql_superuser_password_result is succeeded"
retries: 10
delay: 2
- name: Ensure postgresql configuration is set
community.postgresql.postgresql_set:
name: "{{ option.key }}"
value: "{{ option.value }}"
login_host: >-2
{{
(postgresql_config_unix_socket_directories | first)
if postgresql_config_connect_socket else
(postgresql_container_info.container.NetworkSettings.IPAddress)
}}
login_port: "{{ postgresql_config_port }}"
login_password: #TODO
loop: "{{ postgresql_merged_options | dict2items }}"
loop_control:
loop_var: option
- name: Ensure postgresql configuration is reloaded
community.postgresql.postgresql_query:
query: "SELECT pg_reload_conf();"
login_host: #TODO
login_port: #TODO
login_password: #TODO
- name: Ensure restart handler is fired if required
debug:
msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
when: result.changed
changed_when: "{{ result.restart_required }}"
notify: postgresql_restart
loop: "{{ postgresql_config_results }}"
loop_control:
loop_var: result
label: "{{ result.option.name }}"

View File

@@ -19,59 +19,11 @@
mode: "0640"
when: postgresql_state == 'present'
- name: Ensure systemd unit to correct path permissions is {{ postgresql_state }}
ansible.builtin.copy:
dest: "/etc/systemd/system/{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
content: |+2
[Unit]
Description="Ensure permissions on {{ postgresql_container_unix_socket_path }}"
After=systemd-tmpfiles-setup.service
Before=docker.service
[Service]
Type=exec
RemainAfterExit=yes
ExecStart=/bin/bash -c 'mkdir {{ postgresql_container_unix_socket_path }} ||:; chown {{ postgresql_user }}:{{ postgresql_user }} {{ postgresql_container_unix_socket_path }}'
[Install]
WantedBy=multi-user.target
when:
- ansible_facts['service_mgr'] == 'systemd'
- postgresql_state == 'present'
register: postgresql_systemd_tmpfile_correction_unit_info
- name: Ensure systemd is reloaded
ansible.builtin.systemd:
daemon_reload: true
when:
- postgresql_systemd_tmpfile_correction_unit_info.changed
- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
ansible.builtin.systemd:
name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
state: "{{ postgresql_container_state }}"
when: ansible_facts['service_mgr'] == 'systemd'
- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
ansible.builtin.systemd:
name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
enabled: "{{ postgresql_state == 'present' }}"
when: ansible_facts['service_mgr'] == 'systemd'
- name: Lookup {{ postgresql_data_path }}/global
ansible.builtin.stat:
path: "{{ postgresql_data_path }}/global"
get_checksum: false
register: postgresql_global_data_info
- name: Initialize database if empty
ansible.builtin.include_tasks:
file: "initialize-docker.yml"
file: "docker-initialize.yml"
when:
- postgresql_state == 'present'
- not postgresql_global_data_info.stat.exists
- postgresql_global_data_info.stat.isdir is defined
- not postgresql_global_data_info.stat.isdir
- name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }}
community.docker.docker_container:
@@ -81,7 +33,6 @@
user: "{{ postgresql_container_user | default(omit, true) }}"
ports: "{{ postgresql_container_ports | default(omit, true) }}"
labels: "{{ postgresql_container_labels | default(omit, true) }}"
volumes: "{{ postgresql_container_merged_volumes }}"
recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
networks: "{{ postgresql_container_networks | default(omit, true) }}"
etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
@@ -93,3 +44,5 @@
ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}"
restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}"
state: "{{ postgresql_container_state }}"
-

View File

@@ -1,34 +1,21 @@
---
- name: Ensure container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} to initialise the database
community.docker.docker_container:
name: "{{ postgresql_container_name }}"
user: "{{ postgresql_container_user }}"
image: "{{ postgresql_container_image }}"
env: >-2
{{ postgresql_container_env | default({}, true)
| combine({'POSTGRES_PASSWORD': postgresql_superuser_password}) }}
user: "{{ postgresql_container_user | default(omit, true) }}"
ports: "{{ postgresql_container_ports | default(omit, true) }}"
ports: "{{ postgresql_container_ports }}"
labels: "{{ postgresql_container_labels | default(omit, true) }}"
volumes: "{{ postgresql_container_initdb_volumes }}"
recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
networks: "{{ postgresql_container_networks | default(omit, true) }}"
etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
memory: "{{ postgresql_container_memory | default(omit, true) }}"
memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}"
oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}"
oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}"
shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}"
ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}"
restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}"
state: "{{ postgresql_container_state }}"
state: started
register: postgresql_container_info
- name: Wait for container startup
block:
- name: Wait for container startup (socket)
ansible.builtin.wait_for:
path: "{{ postgresql_config_unix_socket_directories | first }}/.s.PGSQL.{{ postgresql_config_port }}"
when: "postgresql_config_connect_socket | bool"
path: "{{ postgresql_config_unix_socket_directories | first }}.s.PGSQL.{{ postgresql_config_port }}"
when: "{{ postgresql_config_connect_socket }}"
- name: Wait for container startup (port)
ansible.builtin.wait_for:
host: >-2
@@ -37,7 +24,7 @@
postgresql_config_listen_addresses | first
) }}
port: "{{ postgresql_config_port }}"
when: "not postgresql_config_connect_socket | bool"
when: "{{ not postgresql_config_connect_socket }}"
vars:
pg_addresses: "{{ postgresql_config_listen_addresses | join(',') }}"
@@ -45,3 +32,4 @@
community.docker.docker_container:
name: "{{ postgresql_container_name }}"
state: absent

View File

@@ -33,7 +33,6 @@
loop:
- name: "{{ postgresql_config_path }}"
- name: "{{ postgresql_data_path }}"
mode: "0700"
loop_control:
loop_var: path
label: "{{ path.name }}"
@@ -57,7 +56,7 @@
Aborting...
when:
- postgresql_data_dir_version_info.stat.exists
- "(postgresql_data_dir_version_content.content | b64decode | int) != (postgresql_major_version | int)"
- "(postgresql_data_dir_version_content | b64decode | int) != (postgresql_major_version | int)"
- name: Prepare authentication and authorization for database admin role
ansible.builtin.include_tasks:
@@ -66,7 +65,3 @@
- name: Deploy postgresql using {{ postgresql_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ postgresql_deployment_method }}.yml"
- name: Configure postgresql
ansible.builtin.include_tasks:
file: "configure.yml"

View File

@@ -20,9 +20,8 @@
line: "# Ansible managed"
- name: "{{ postgresql_pg_ident_conf_file }}"
insert_after: "# Ansible managed"
line: "{{ postgresql_admin_pg_ident_conf }}"
line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}"
when: postgresql_state == 'present'
notify: postgresql_restart
- name: Configure permissions for postgresql admin role
community.postgresql.postgresql_pg_hba:
@@ -30,6 +29,5 @@
contype: "{{ postgresql_admin_role_contype }}"
users: "{{ postgresql_admin_role }}"
method: "{{ postgresql_admin_role_method }}"
options: "{{ postgresql_admin_pg_hba_conf_options }}"
options: "map={{ ansible_user }}_{{ postgresql_admin_role }}"
when: postgresql_state == 'present'
notify: postgresql_restart

View File

@@ -1,5 +1,5 @@
---
valkey_version: "8.0.2"
valkey_version: "8.0.1"
valkey_state: "present"
valkey_instance: ~
valkey_instance_suffix: >-2