Compare commits
	
		
			1 Commits
		
	
	
		
			0.1.4
			...
			4bab5cd2e8
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 4bab5cd2e8 | 
| @@ -1,14 +1,12 @@ | |||||||
| namespace: finallycoffee | namespace: finallycoffee | ||||||
| name: databases | name: databases | ||||||
| version: 0.1.4 | version: 0.1.1 | ||||||
| readme: README.md | readme: README.md | ||||||
| authors: | authors: | ||||||
| - transcaffeine <transcaffeine@finally.coffee> | - transcaffeine <transcaffeine@finally.coffee> | ||||||
| description: Collection for deploying and configuring databases | description: Collection for deploying and configuring databases | ||||||
| dependencies: | dependencies: | ||||||
|   "community.docker": "^4.0.0" |   "community.docker": "^3.0.0" | ||||||
|   "community.postgresql": "^3.9.0" |  | ||||||
|   "containers.podman": "^1.16.0" |  | ||||||
| license_file: LICENSE.md | license_file: LICENSE.md | ||||||
| build_ignore: | build_ignore: | ||||||
| - '*.tar.gz' | - '*.tar.gz' | ||||||
|   | |||||||
| @@ -1,24 +0,0 @@ | |||||||
| --- |  | ||||||
| - import_playbook: finallycoffee.databases.postgresql_user |  | ||||||
|   vars: |  | ||||||
|     postgresql_users: |  | ||||||
|       - name: "{{ postgresql_client_username }}" |  | ||||||
|         password: "{{ postgresql_client_password }}" |  | ||||||
| - import_playbook: finallycoffee.databases.postgresql_database |  | ||||||
|   vars: |  | ||||||
|     postgresql_databases: |  | ||||||
|       - name: "{{ postgresql_client_database }}" |  | ||||||
|         owner: "{{ postgresql_client_username }}" |  | ||||||
|         encoding: "{{ postgresql_client_database_encoding | default('UTF8', true) }}" |  | ||||||
|         lc_ctype: "{{ postgresql_client_database_lc_ctype | default('en_US.UTF-8', true) }}" |  | ||||||
|         lc_collate: "{{ postgresql_client_database_lc_collate | default('en_US.UTF-8', true) }}" |  | ||||||
| - import_playbook: finallycoffee.databases.postgresql_host_based_authentication |  | ||||||
|   vars: |  | ||||||
|     postgresql_authentications: |  | ||||||
|       - users: "{{ postgresql_client_username }}" |  | ||||||
|         databases: "{{ postgresql_client_database }}" |  | ||||||
|         contype: "{{ postgresql_client_database_contype | default('local') }}" |  | ||||||
|         method: "{{ postgresql_client_database_auth_method | default('md5') }}" |  | ||||||
|         options: "{{ postgresql_client_options | default(false, true) }}" |  | ||||||
|         address: "{{ postgresql_client_address | default(false, true) }}" |  | ||||||
|         netmask: "{{ postgresql_client_netmask | default(false, true) }}" |  | ||||||
| @@ -1,4 +0,0 @@ | |||||||
| --- |  | ||||||
| - import_playbook: finallycoffee.databases.postgresql_user |  | ||||||
| - import_playbook: finallycoffee.databases.postgresql_database |  | ||||||
| - import_playbook: finallycoffee.databases.postgresql_host_based_authentication |  | ||||||
| @@ -1,26 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Configure postgresql databases |  | ||||||
|   hosts: "{{ postgresql_hosts | default('postgresql', true) }}" |  | ||||||
|   become: "{{ postgresql_become | default(false, true) }}" |  | ||||||
|   gather_facts: "{{ postgresql_gather_facts | default(false, true) }}" |  | ||||||
|   tasks: |  | ||||||
|     - name: Configure individual postgresql database |  | ||||||
|       community.postgresql.postgresql_db: |  | ||||||
|         name: "{{ postgresql_database.name }}" |  | ||||||
|         owner: "{{ postgresql_database.owner | default(omit) }}" |  | ||||||
|         state: "{{ postgresql_database_state }}" |  | ||||||
|         template: "{{ postgresql_database.template | default(omit, true) }}" |  | ||||||
|         encoding: "{{ postgresql_database.encoding | default(omit, true) }}" |  | ||||||
|         lc_ctype: "{{ postgresql_database.lc_ctype | default(omit, true) }}" |  | ||||||
|         lc_collate: "{{ postgresql_database.lc_collate | default(omit, true) }}" |  | ||||||
|         login_host: "{{ postgresql_connection_host | default(omit, true) }}" |  | ||||||
|         login_port: "{{ postgresql_connection_port | default(omit, true) }}" |  | ||||||
|         login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}" |  | ||||||
|         login_user: "{{ postgresql_connection_user | default(omit, true) }}" |  | ||||||
|         login_password: "{{ postgresql_connection_password | default(omit, true) }}" |  | ||||||
|       vars: |  | ||||||
|         postgresql_database_state: "{{ postgresql_database.state | default('present', true) }}" |  | ||||||
|       loop: "{{ postgresql_databases | default([]) }}" |  | ||||||
|       loop_control: |  | ||||||
|         loop_var: postgresql_database |  | ||||||
|         label: "{{ postgresql_database.name }}" |  | ||||||
| @@ -1,23 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Configure postgresql host based authentications |  | ||||||
|   hosts: "{{ postgresql_hosts | default('postgresql', true) }}" |  | ||||||
|   become: "{{ postgresql_become | default(false, true) }}" |  | ||||||
|   gather_facts: "{{ postgresql_gather_facts | default(false, true) }}" |  | ||||||
|   tasks: |  | ||||||
|     - name: Configure individual postgresql host based authentication |  | ||||||
|       community.postgresql.postgresql_pg_hba: |  | ||||||
|         dest: "{{ postgresql_pg_hba_conf_file }}" |  | ||||||
|         users: "{{ postgresql_auth.users | default(omit) }}" |  | ||||||
|         databases: "{{ postgresql_auth.databases | default(omit) }}" |  | ||||||
|         contype: "{{ postgresql_auth.contype }}" |  | ||||||
|         state: "{{ postgresql_auth_state }}" |  | ||||||
|         method: "{{ postgresql_auth.method | default(omit, true) }}" |  | ||||||
|         options: "{{ postgresql_auth.options | default(omit, true) }}" |  | ||||||
|         address: "{{ postgresql_auth.address | default(omit, true) }}" |  | ||||||
|         netmask: "{{ postgresql_auth.netmask | default(omit, true) }}" |  | ||||||
|       vars: |  | ||||||
|         postgresql_auth_state: "{{ postgresql_auth.state | default('present', true) }}" |  | ||||||
|       loop: "{{ postgresql_authentications | default([]) }}" |  | ||||||
|       loop_control: |  | ||||||
|         loop_var: postgresql_auth |  | ||||||
|         label: "{{ postgresql_auth.users }}@{{ postgresql_auth.databases }}" |  | ||||||
| @@ -1,24 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Configure postgresql users |  | ||||||
|   hosts: "{{ postgresql_hosts | default('postgresql', true) }}" |  | ||||||
|   become: "{{ postgresql_become | default(false, true) }}" |  | ||||||
|   gather_facts: "{{ postgresql_gather_facts | default(false, true) }}" |  | ||||||
|   tasks: |  | ||||||
|     - name: Configure individual postgresql user |  | ||||||
|       community.postgresql.postgresql_user: |  | ||||||
|         name: "{{ postgresql_user.name }}" |  | ||||||
|         state: "{{ postgresql_user_state }}" |  | ||||||
|         password: "{{ postgresql_user_password }}" |  | ||||||
|         login_host: "{{ postgresql_connection_host | default(omit, true) }}" |  | ||||||
|         login_port: "{{ postgresql_connection_port | default(omit, true) }}" |  | ||||||
|         login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}" |  | ||||||
|         login_user: "{{ postgresql_connection_user | default(omit, true) }}" |  | ||||||
|         login_password: "{{ postgresql_connection_password | default(omit, true) }}" |  | ||||||
|       vars: |  | ||||||
|         postgresql_user_state: "{{ postgresql_user.state | default('present', true) }}" |  | ||||||
|         postgresql_user_password: >-2 |  | ||||||
|           {{ (postgresql_user_state != 'absent') | ternary(postgresql_user.password, omit) }} |  | ||||||
|       loop: "{{ postgresql_users | default([]) }}" |  | ||||||
|       loop_control: |  | ||||||
|         loop_var: postgresql_user |  | ||||||
|         label: "{{ postgresql_user.name }}" |  | ||||||
| @@ -1,5 +1,5 @@ | |||||||
| --- | --- | ||||||
| elasticsearch_version: "8.18.0" | elasticsearch_version: "8.17.0" | ||||||
| elasticsearch_state: present | elasticsearch_state: present | ||||||
|  |  | ||||||
| elasticsearch_base_path: /opt/elasticsearch | elasticsearch_base_path: /opt/elasticsearch | ||||||
|   | |||||||
| @@ -1,10 +1,9 @@ | |||||||
| --- | --- | ||||||
| mariadb_version: "10.11.11" | mariadb_version: "10.11.10" | ||||||
| mariadb_base_path: /var/lib/mariadb | mariadb_base_path: /var/lib/mariadb | ||||||
| mariadb_data_path: >-2 | mariadb_data_path: >-2 | ||||||
|   {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }} |   {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }} | ||||||
| mariadb_state: present | mariadb_state: present | ||||||
| mariadb_deployment_method: docker |  | ||||||
|  |  | ||||||
| mariadb_root_password: ~ | mariadb_root_password: ~ | ||||||
| mariadb_database: ~ | mariadb_database: ~ | ||||||
|   | |||||||
| @@ -1,20 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }} |  | ||||||
|   community.docker.docker_image: |  | ||||||
|     name: "{{ mariadb_container_image }}" |  | ||||||
|     state: "{{ mariadb_state }}" |  | ||||||
|     source: "{{ mariadb_container_image_source }}" |  | ||||||
|     force_source: "{{ mariadb_container_image_force_source }}" |  | ||||||
|  |  | ||||||
| - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }} |  | ||||||
|   community.docker.docker_container: |  | ||||||
|     name: "{{ mariadb_container_name }}" |  | ||||||
|     image: "{{ mariadb_container_image }}" |  | ||||||
|     env: "{{ mariadb_container_environment }}" |  | ||||||
|     ports: "{{ mariadb_container_ports | default(omit, true) }}" |  | ||||||
|     labels: "{{ mariadb_container_labels | default(omit, true) }}" |  | ||||||
|     volumes: "{{ mariadb_container_volumes }}" |  | ||||||
|     networks: "{{ mariadb_container_networks | default(omit, true) }}" |  | ||||||
|     etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}" |  | ||||||
|     restart_policy: "{{ mariadb_container_restart_policy }}" |  | ||||||
|     state: "{{ mariadb_container_state }}" |  | ||||||
| @@ -1,20 +0,0 @@ | |||||||
| --- |  | ||||||
| - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }} |  | ||||||
|   containers.podman.podman_image: |  | ||||||
|     name: "{{ mariadb_container_image }}" |  | ||||||
|     state: "{{ mariadb_state }}" |  | ||||||
|     pull: "{{ (mariadb_container_image_source == 'pull') | bool }}" |  | ||||||
|     force: "{{ mariadb_container_image_force_source }}" |  | ||||||
|  |  | ||||||
| - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }} |  | ||||||
|   containers.podman.podman_container: |  | ||||||
|     name: "{{ mariadb_container_name }}" |  | ||||||
|     image: "{{ mariadb_container_image }}" |  | ||||||
|     env: "{{ mariadb_container_environment }}" |  | ||||||
|     ports: "{{ mariadb_container_ports | default(omit, true) }}" |  | ||||||
|     labels: "{{ mariadb_container_labels | default(omit, true) }}" |  | ||||||
|     volumes: "{{ mariadb_container_volumes }}" |  | ||||||
|     network: "{{ mariadb_container_networks | default(omit, true) }}" |  | ||||||
|     etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}" |  | ||||||
|     restart_policy: "{{ mariadb_container_restart_policy }}" |  | ||||||
|     state: "{{ mariadb_container_state }}" |  | ||||||
| @@ -1,19 +1,20 @@ | |||||||
| --- | --- | ||||||
| - name: Ensure mariadb state parameter is valid | - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }} | ||||||
|   ansible.builtin.fail: |   community.docker.docker_image: | ||||||
|     msg: >-2 |     name: "{{ mariadb_container_image }}" | ||||||
|       Unknown state '{{ mariadb_state }}'! |     state: "{{ mariadb_state }}" | ||||||
|       Supported states are {{ mariadb_states | join(', ') }} |     source: "{{ mariadb_container_image_source }}" | ||||||
|   when: mariadb_state not in mariadb_states |     force_source: "{{ mariadb_container_image_force_source }}" | ||||||
|  |  | ||||||
| - name: Ensure deployment method is valid |  | ||||||
|   ansible.builtin.fail: |  | ||||||
|     msg: >-2 |  | ||||||
|       Unknown deployment method '{{ mariadb_deployment_method }}'! |  | ||||||
|       Supported deployment methods are {{ mariadb_deployment_methods | join(', ') }} |  | ||||||
|   when: mariadb_deployment_method not in mariadb_deployment_methods |  | ||||||
|  |  | ||||||
| - name: Ensure mariadb is deployed using {{ mariadb_deployment_method }} |  | ||||||
|   ansible.builtin.include_tasks: |  | ||||||
|     file: "deploy-{{ mariadb_deployment_method }}.yml" |  | ||||||
|  |  | ||||||
|  | - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }} | ||||||
|  |   community.docker.docker_container: | ||||||
|  |     name: "{{ mariadb_container_name }}" | ||||||
|  |     image: "{{ mariadb_container_image }}" | ||||||
|  |     env: "{{ mariadb_container_environment }}" | ||||||
|  |     ports: "{{ mariadb_container_ports | default(omit, true) }}" | ||||||
|  |     labels: "{{ mariadb_container_labels | default(omit, true) }}" | ||||||
|  |     volumes: "{{ mariadb_container_volumes }}" | ||||||
|  |     networks: "{{ mariadb_container_networks | default(omit, true) }}" | ||||||
|  |     etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}" | ||||||
|  |     restart_policy: "{{ mariadb_container_restart_policy }}" | ||||||
|  |     state: "{{ mariadb_container_state }}" | ||||||
|   | |||||||
| @@ -1,10 +1,4 @@ | |||||||
| --- | --- | ||||||
| mariadb_states: |  | ||||||
|   - present |  | ||||||
|   - absent |  | ||||||
| mariadb_deployment_methods: |  | ||||||
|   - docker |  | ||||||
|   - podman |  | ||||||
|  |  | ||||||
| mariadb_container_database_environment: | mariadb_container_database_environment: | ||||||
|   MARIADB_DATABASE: "{{ mariadb_database }}" |   MARIADB_DATABASE: "{{ mariadb_database }}" | ||||||
|   | |||||||
| @@ -2,26 +2,3 @@ | |||||||
|  |  | ||||||
| PostgreSQL is the self proclaimed "world's most advanced" open source relational | PostgreSQL is the self proclaimed "world's most advanced" open source relational | ||||||
| database. This ansible role can deploy and configure postgresql. | database. This ansible role can deploy and configure postgresql. | ||||||
|  |  | ||||||
| By default, the role configures the remote's effective ansible user with |  | ||||||
| peer authentication for the (postgresql) role `postgres` on all databases (with all grants). |  | ||||||
|  |  | ||||||
| ## Required configuration |  | ||||||
|  |  | ||||||
| Set `postgresql_superuser_password` to your superusers desired password. |  | ||||||
|  |  | ||||||
| ## Optional configuration |  | ||||||
|  |  | ||||||
| Set `postgresql_major_version` to your desired postgresql major version, |  | ||||||
| for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6). |  | ||||||
|  |  | ||||||
| This role can be executed multiple times with different |  | ||||||
| `postgresql_major_version` values to provide new database versions for up-to- |  | ||||||
| date applications and older versions for software which does not yet support |  | ||||||
| them. Container name and host mounts encode the major version to prevent |  | ||||||
| accidental usage of the 'wrong' `PGDATA` directory. |  | ||||||
|  |  | ||||||
| ## Requirements |  | ||||||
|  |  | ||||||
| - `psycopg2` (pip) package |  | ||||||
| - `docker` (pip) package |  | ||||||
|   | |||||||
| @@ -1,15 +1,14 @@ | |||||||
| --- | --- | ||||||
| postgresql_config_connect_socket: true | postgresql_config_connect_socket: true | ||||||
| postgresql_config_unix_socket: "/var/run/postgresql" |  | ||||||
| postgresql_config_unix_socket_directories: | postgresql_config_unix_socket_directories: | ||||||
|   - "{{ postgresql_config_unix_socket }}" |   - "/var/run/postgresql" | ||||||
| postgresql_config_listen_addresses: | postgresql_config_listen_addresses: | ||||||
|   - '*' |   - '*' | ||||||
| postgresql_config_port: 5432 | postgresql_config_port: 5432 | ||||||
|  |  | ||||||
| postgresql_base_config: | postgresql_base_config: | ||||||
|   listen_addresses: "{{ postgresql_config_listen_addresses }}" |   listen_addresses: "{{ postgresql_config_listen_addresses }}" | ||||||
|   unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}" |   connect_socket: "{{ postgresql_config_connect_socket }}" | ||||||
|   port: "{{ postgresql_config_port }}" |   port: "{{ postgresql_config_port }}" | ||||||
| postgresql_merged_config: >-2 | postgresql_merged_config: >-2 | ||||||
|   {{ postgresql_base_config | combine( |   {{ postgresql_base_config | combine( | ||||||
|   | |||||||
| @@ -18,7 +18,7 @@ postgresql_container_image: >-2 | |||||||
|         ((postgresql_container_image_flavour is string) |         ((postgresql_container_image_flavour is string) | ||||||
|           and (postgresql_container_image_flavour | length > 0)) |           and (postgresql_container_image_flavour | length > 0)) | ||||||
|         | ternary( |         | ternary( | ||||||
|           '-' + postgresql_container_image_flavour | default('', true), |           '_' + postgresql_container_image_flavour | default('', true), | ||||||
|           '', |           '', | ||||||
|         ) |         ) | ||||||
|       ), |       ), | ||||||
| @@ -48,7 +48,7 @@ postgresql_container_config_volumes: | |||||||
|   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro" |   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro" | ||||||
|   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro" |   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro" | ||||||
| postgresql_container_unix_socket_volumes: | postgresql_container_unix_socket_volumes: | ||||||
|   - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared" |   - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared" | ||||||
| postgresql_container_initdb_volumes: >-2 | postgresql_container_initdb_volumes: >-2 | ||||||
|   {{ postgresql_container_base_volumes |   {{ postgresql_container_base_volumes | ||||||
|     + postgresql_container_unix_socket_volumes |     + postgresql_container_unix_socket_volumes | ||||||
| @@ -69,7 +69,5 @@ postgresql_container_oom_kill: ~ | |||||||
| postgresql_container_oom_score_adj: ~ | postgresql_container_oom_score_adj: ~ | ||||||
| postgresql_container_ulimits: ~ | postgresql_container_ulimits: ~ | ||||||
|  |  | ||||||
| postgresql_container_user_name: "postgres" |  | ||||||
| postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}" |  | ||||||
| postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd" | postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd" | ||||||
| postgresql_container_data_dir: "/var/lib/postgresql/data" | postgresql_container_data_dir: "/var/lib/postgresql/data" | ||||||
|   | |||||||
| @@ -17,14 +17,15 @@ postgresql_pg_ident_conf_file: >-2 | |||||||
|   {{ postgresql_config_path }}/pg_ident.conf |   {{ postgresql_config_path }}/pg_ident.conf | ||||||
| postgresql_pg_hba_conf_file: >-2 | postgresql_pg_hba_conf_file: >-2 | ||||||
|   {{ postgresql_config_path }}/pg_hba.conf |   {{ postgresql_config_path }}/pg_hba.conf | ||||||
| postgresql_admin_role: "postgres" | postgresql_admin_role: "{{ postgresql_user }}" | ||||||
| postgresql_admin_role_contype: local | postgresql_admin_role_contype: local | ||||||
| postgresql_admin_role_method: peer | postgresql_admin_role_method: peer | ||||||
| postgresql_admin_local_user: >-2 | postgresql_admin_local_user: >-2 | ||||||
|   {{ ansible_facts['user_id'] }} |   {{ ansible_facts['user_id'] }} | ||||||
| postgresql_admin_role_mapping_name: >-2 | postgresql_admin_role_mapping_name: >-2 | ||||||
|   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }} |   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }} | ||||||
| postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}" | postgresql_admin_pg_ident_conf: >-2 | ||||||
|  |   {{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }} | ||||||
| postgresql_admin_pg_hba_conf_options: >-2 | postgresql_admin_pg_hba_conf_options: >-2 | ||||||
|   map={{ postgresql_admin_role_mapping_name }} |   map={{ postgresql_admin_role_mapping_name }} | ||||||
| postgresql_superuser_password: ~ | postgresql_superuser_password: ~ | ||||||
|   | |||||||
| @@ -1,66 +1,49 @@ | |||||||
| --- | --- | ||||||
| - name: Configure postgresql | - name: Ensure postgresql superuser is set | ||||||
|   block: |  | ||||||
|     - name: Ensure postgresql superuser is set |  | ||||||
|   community.postgresql.postgresql_user: |   community.postgresql.postgresql_user: | ||||||
|     name: "{{ postgresql_admin_role }}" |     name: "{{ postgresql_admin_role }}" | ||||||
|     password: "{{ postgresql_superuser_password }}" |     password: "{{ postgresql_superuser_password }}" | ||||||
|         login_host: "{{ postgresql_login_host }}" |     login_host: >-2 | ||||||
|  |       {{ | ||||||
|  |         (postgresql_config_unix_socket_directories | first) | ||||||
|  |         if postgresql_config_connect_socket else  | ||||||
|  |         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||||
|  |       }} | ||||||
|   register: postgresql_superuser_password_result |   register: postgresql_superuser_password_result | ||||||
|   until: "postgresql_superuser_password_result is succeeded" |   until: "postgresql_superuser_password_result is succeeded" | ||||||
|   retries: 10 |   retries: 10 | ||||||
|   delay: 2 |   delay: 2 | ||||||
|  |  | ||||||
|     - name: Ensure postgresql configuration is set | - name: Ensure postgresql configuration is set | ||||||
|   community.postgresql.postgresql_set: |   community.postgresql.postgresql_set: | ||||||
|     name: "{{ option.key }}" |     name: "{{ option.key }}" | ||||||
|         value: "{{ pg_option_value }}" |     value: "{{ option.value }}" | ||||||
|         login_host: "{{ postgresql_login_host }}" |     login_host: >-2 | ||||||
|  |       {{ | ||||||
|  |         (postgresql_config_unix_socket_directories | first) | ||||||
|  |         if postgresql_config_connect_socket else  | ||||||
|  |         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||||
|  |       }} | ||||||
|     login_port: "{{ postgresql_config_port }}" |     login_port: "{{ postgresql_config_port }}" | ||||||
|         login_password: "{{ postgresql_superuser_password }}" |     login_password: #TODO | ||||||
|       loop: "{{ postgresql_merged_config | dict2items }}" |   loop: "{{ postgresql_merged_options | dict2items }}" | ||||||
|   loop_control: |   loop_control: | ||||||
|     loop_var: option |     loop_var: option | ||||||
|       vars: |  | ||||||
|         pg_option_value: >-2 |  | ||||||
|           {{ |  | ||||||
|             (option.value | join(' ')) |  | ||||||
|             if (option.value is iterable |  | ||||||
|               and option.value is not string |  | ||||||
|               and option.value is not mapping) |  | ||||||
|             else option.value |  | ||||||
|           }} |  | ||||||
|       register: postgresql_config_results |  | ||||||
|  |  | ||||||
|     - name: Ensure postgresql configuration is reloaded | - name: Ensure postgresql configuration is reloaded | ||||||
|   community.postgresql.postgresql_query: |   community.postgresql.postgresql_query: | ||||||
|         db: "postgres" |  | ||||||
|     query: "SELECT pg_reload_conf();" |     query: "SELECT pg_reload_conf();" | ||||||
|         login_host: "{{ postgresql_login_host }}" |     login_host: #TODO | ||||||
|         login_port: "{{ postgresql_config_port }}" |     login_port: #TODO | ||||||
|         login_password: "{{ postgresql_superuser_password }}" |     login_password: #TODO | ||||||
|  |  | ||||||
|     - name: Ensure restart handler is fired if required | - name: Ensure restart handler is fired if required | ||||||
|   debug: |   debug: | ||||||
|     msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}" |     msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}" | ||||||
|   when: result.changed |   when: result.changed | ||||||
|   changed_when: "{{ result.restart_required }}" |   changed_when: "{{ result.restart_required }}" | ||||||
|   notify: postgresql_restart |   notify: postgresql_restart | ||||||
|       loop: "{{ postgresql_config_results.results }}" |   loop: "{{ postgresql_config_results }}" | ||||||
|   loop_control: |   loop_control: | ||||||
|     loop_var: result |     loop_var: result | ||||||
|         label: "{{ result.option.key }}" |     label: "{{ result.option.name }}" | ||||||
|   when: postgresql_state == 'present' |  | ||||||
|   vars: |  | ||||||
|     postgresql_login_host: >-2 |  | ||||||
|       {{ |  | ||||||
|         ( |  | ||||||
|           (postgresql_deployment_method in ['docker']) |  | ||||||
|           | ternary( |  | ||||||
|             postgresql_unix_socket_path, |  | ||||||
|             (postgresql_config_unix_socket_directories | first) |  | ||||||
|           ) |  | ||||||
|         ) |  | ||||||
|         if postgresql_config_connect_socket else  |  | ||||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) |  | ||||||
|       }} |  | ||||||
|   | |||||||
| @@ -38,42 +38,31 @@ | |||||||
|   when: |   when: | ||||||
|     - ansible_facts['service_mgr'] == 'systemd' |     - ansible_facts['service_mgr'] == 'systemd' | ||||||
|     - postgresql_state == 'present' |     - postgresql_state == 'present' | ||||||
|   register: postgresql_systemd_tmpfile_correction_unit_info |  | ||||||
|  |  | ||||||
| - name: Ensure systemd is reloaded | - name: Ensure systemd is reloaded | ||||||
|   ansible.builtin.systemd: |   ansible.builtin.systemd: | ||||||
|     daemon_reload: true |     daemon_reload: true | ||||||
|   when: |   when: | ||||||
|     - postgresql_systemd_tmpfile_correction_unit_info.changed |     - postgresql_systemd_tmpfile_correction_unit.changed | ||||||
|  |  | ||||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | ||||||
|   ansible.builtin.systemd: |   ansible.builtin.systemd: | ||||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" |     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" | ||||||
|     state: "{{ postgresql_container_state }}" |     state: "{{ postgresql_container_state }}" | ||||||
|   when: ansible_facts['service_mgr'] == 'systemd' |   when: ansible_facts['service_mgr'] == 'systemd' | ||||||
|   ignore_errors: "{{ ansible_check_mode }}" |  | ||||||
|  |  | ||||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | ||||||
|   ansible.builtin.systemd: |   ansible.builtin.systemd: | ||||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" |     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" | ||||||
|     enabled: "{{ postgresql_state == 'present' }}" |     enabled: "{{ postgresql_state == 'present' }}" | ||||||
|   when: ansible_facts['service_mgr'] == 'systemd' |   when: ansible_facts['service_mgr'] == 'systemd' | ||||||
|   ignore_errors: "{{ ansible_check_mode }}" |  | ||||||
|  |  | ||||||
| - name: Lookup {{ postgresql_data_path }}/global |  | ||||||
|   ansible.builtin.stat: |  | ||||||
|     path: "{{ postgresql_data_path }}/global" |  | ||||||
|     get_checksum: false |  | ||||||
|   register: postgresql_global_data_info |  | ||||||
|  |  | ||||||
| - name: Initialize database if empty | - name: Initialize database if empty | ||||||
|   ansible.builtin.include_tasks: |   ansible.builtin.include_tasks: | ||||||
|     file: "initialize-docker.yml" |     file: "initialize-docker.yml" | ||||||
|   when: |   when: | ||||||
|     - postgresql_state == 'present' |     - postgresql_state == 'present' | ||||||
|     - not postgresql_global_data_info.stat.exists |     # TODO: determine if initialization is needed | ||||||
|     - postgresql_global_data_info.stat.isdir is defined |  | ||||||
|     - not postgresql_global_data_info.stat.isdir |  | ||||||
|  |  | ||||||
| - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | ||||||
|   community.docker.docker_container: |   community.docker.docker_container: | ||||||
|   | |||||||
| @@ -27,7 +27,7 @@ | |||||||
|   block: |   block: | ||||||
|     - name: Wait for container startup (socket) |     - name: Wait for container startup (socket) | ||||||
|       ansible.builtin.wait_for: |       ansible.builtin.wait_for: | ||||||
|         path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}" |         path: "{{ postgresql_config_unix_socket_directories | first  }}.s.PGSQL.{{ postgresql_config_port }}" | ||||||
|       when: "postgresql_config_connect_socket | bool" |       when: "postgresql_config_connect_socket | bool" | ||||||
|     - name: Wait for container startup (port) |     - name: Wait for container startup (port) | ||||||
|       ansible.builtin.wait_for: |       ansible.builtin.wait_for: | ||||||
| @@ -45,3 +45,4 @@ | |||||||
|   community.docker.docker_container: |   community.docker.docker_container: | ||||||
|     name: "{{ postgresql_container_name }}" |     name: "{{ postgresql_container_name }}" | ||||||
|     state: absent |     state: absent | ||||||
|  |  | ||||||
|   | |||||||
| @@ -33,7 +33,6 @@ | |||||||
|   loop: |   loop: | ||||||
|     - name: "{{ postgresql_config_path }}" |     - name: "{{ postgresql_config_path }}" | ||||||
|     - name: "{{ postgresql_data_path }}" |     - name: "{{ postgresql_data_path }}" | ||||||
|       mode: "0700" |  | ||||||
|   loop_control: |   loop_control: | ||||||
|     loop_var: path |     loop_var: path | ||||||
|     label: "{{ path.name }}" |     label: "{{ path.name }}" | ||||||
| @@ -66,7 +65,3 @@ | |||||||
| - name: Deploy postgresql using {{ postgresql_deployment_method }} | - name: Deploy postgresql using {{ postgresql_deployment_method }} | ||||||
|   ansible.builtin.include_tasks: |   ansible.builtin.include_tasks: | ||||||
|     file: "deploy-{{ postgresql_deployment_method }}.yml" |     file: "deploy-{{ postgresql_deployment_method }}.yml" | ||||||
|  |  | ||||||
| - name: Configure postgresql |  | ||||||
|   ansible.builtin.include_tasks: |  | ||||||
|     file: "configure.yml" |  | ||||||
|   | |||||||
| @@ -20,9 +20,8 @@ | |||||||
|       line: "# Ansible managed" |       line: "# Ansible managed" | ||||||
|     - name: "{{ postgresql_pg_ident_conf_file }}" |     - name: "{{ postgresql_pg_ident_conf_file }}" | ||||||
|       insert_after: "# Ansible managed" |       insert_after: "# Ansible managed" | ||||||
|       line: "{{ postgresql_admin_pg_ident_conf }}" |       line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}" | ||||||
|   when: postgresql_state == 'present' |   when: postgresql_state == 'present' | ||||||
|   notify: postgresql_restart |  | ||||||
|  |  | ||||||
| - name: Configure permissions for postgresql admin role | - name: Configure permissions for postgresql admin role | ||||||
|   community.postgresql.postgresql_pg_hba: |   community.postgresql.postgresql_pg_hba: | ||||||
| @@ -30,6 +29,5 @@ | |||||||
|     contype: "{{ postgresql_admin_role_contype }}" |     contype: "{{ postgresql_admin_role_contype }}" | ||||||
|     users: "{{ postgresql_admin_role }}" |     users: "{{ postgresql_admin_role }}" | ||||||
|     method: "{{ postgresql_admin_role_method }}" |     method: "{{ postgresql_admin_role_method }}" | ||||||
|     options: "{{ postgresql_admin_pg_hba_conf_options }}" |     options: "map={{ ansible_user }}_{{ postgresql_admin_role }}" | ||||||
|   when: postgresql_state == 'present' |   when: postgresql_state == 'present' | ||||||
|   notify: postgresql_restart |  | ||||||
|   | |||||||
| @@ -16,4 +16,4 @@ list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin | |||||||
| irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin | irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin | ||||||
| _apt:x:42:65534::/nonexistent:/usr/sbin/nologin | _apt:x:42:65534::/nonexistent:/usr/sbin/nologin | ||||||
| nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin | nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin | ||||||
| {{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash | postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash | ||||||
|   | |||||||
| @@ -1,5 +1,5 @@ | |||||||
| --- | --- | ||||||
| valkey_version: "8.1.1" | valkey_version: "8.0.1" | ||||||
| valkey_state: "present" | valkey_state: "present" | ||||||
| valkey_instance: ~ | valkey_instance: ~ | ||||||
| valkey_instance_suffix: >-2 | valkey_instance_suffix: >-2 | ||||||
| @@ -9,8 +9,6 @@ valkey_user: >-2 | |||||||
|   valkey{{ valkey_instance_suffix }} |   valkey{{ valkey_instance_suffix }} | ||||||
|  |  | ||||||
| valkey_config_path: "/etc/valkey" | valkey_config_path: "/etc/valkey" | ||||||
| valkey_config_path_owner: "root" |  | ||||||
| valkey_config_path_group: "root" |  | ||||||
| valkey_config_file: >-2 | valkey_config_file: >-2 | ||||||
|   {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf |   {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf | ||||||
| valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}" | valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}" | ||||||
|   | |||||||
| @@ -39,8 +39,6 @@ | |||||||
|     mode: "{{ path.mode | default('0755') }}" |     mode: "{{ path.mode | default('0755') }}" | ||||||
|   loop: |   loop: | ||||||
|     - name: "{{ valkey_config_path }}" |     - name: "{{ valkey_config_path }}" | ||||||
|       owner: "{{ valkey_config_path_owner }}" |  | ||||||
|       group: "{{ valkey_config_path_group }}" |  | ||||||
|     - name: "{{ valkey_data_path }}" |     - name: "{{ valkey_data_path }}" | ||||||
|   loop_control: |   loop_control: | ||||||
|     loop_var: "path" |     loop_var: "path" | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user