feat(postgresql): add ansible role for postgresql deployment

roles/postgresql/defaults/main/config.yml

@@ -1,17 +0,0 @@
----
-postgresql_config_connect_socket: true
-postgresql_config_unix_socket_directories:
-  - "/var/run/postgresql"
-postgresql_config_listen_addresses:
-  - '*'
-postgresql_config_port: 5432
-
-postgresql_base_config:
-  listen_addresses: "{{ postgresql_config_listen_addresses }}"
-  connect_socket: "{{ postgresql_config_connect_socket }}"
-  port: "{{ postgresql_config_port }}"
-postgresql_merged_config: >-2
-  {{ postgresql_base_config | combine(
-    postgresql_config | default({}, true),
-    recursive=True
-  ) }}

roles/postgresql/defaults/main/container.yml

@@ -34,17 +34,6 @@ postgresql_container_ports: ~
 postgresql_container_labels: ~
 postgresql_container_networks: ~
 postgresql_container_recreate: ~
-postgresql_container_etc_hosts: ~
 postgresql_container_restart_policy: "on-failure"
 postgresql_container_state: >-2
   {{ (postgresql_state == 'present') | ternary('started', 'absent') }}
-
-# (Memory) performance tuning
-postgresql_container_memory: ~
-postgresql_container_memory_reservation: ~
-postgresql_container_shm_size: ~
-postgresql_container_oom_kill: ~
-postgresql_container_oom_score_adj: ~
-postgresql_container_ulimits: ~
-
-postgresql_container_passwd_file: "/etc/postgresql/{{ postgresql_major_version }}/passwd"

roles/postgresql/defaults/main/main.yml

@@ -13,14 +13,6 @@ postgresql_config_path: >-2
   /etc/postgresql/{{ postgresql_major_version }}
 postgresql_data_path: >-2
   /var/lib/postgresql/{{ postgresql_major_version }}
-postgresql_pg_ident_conf_file: >-2
-  {{ postgresql_data_path }}/pg_ident.conf
-postgresql_pg_hba_conf_file: >-2
-  {{ postgresql_data_path }}/pg_hba.conf
-postgresql_admin_role: "{{ postgresql_user }}"
-postgresql_admin_role_contype: local
-postgresql_admin_role_method: peer
-postgresql_superuser_password: ~
 
 postgresql_state: present
 postgresql_deployment_method: docker

roles/postgresql/handlers/main.yml

@@ -1,12 +0,0 @@
----
-- name: Restart postgresql container '{{ postgresql_container_name }}' (docker)
-  community.docker.docker_container:
-    name: "{{ postgresql_container_name }}"
-    state: "{{ postgresql_container_state }}"
-    restart: true
-    comparisons:
-      '*': "ignore"
-  when:
-    - postgresql_deployment_method == 'docker'
-    - postgresql_container_state not in ['absent', 'stopped']
-  listen: postgresql_restart

roles/postgresql/tasks/configure.yml

@@ -1,49 +0,0 @@
----
-- name: Ensure postgresql superuser is set
-  community.postgresql.postgresql_user:
-    name: "{{ postgresql_admin_role }}"
-    password: "{{ postgresql_superuser_password }}"
-    login_host: >-2
-      {{
-        (postgresql_config_unix_socket_directories | first)
-        if postgresql_config_connect_socket else 
-        (postgresql_container_info.container.NetworkSettings.IPAddress)
-      }}
-  register: postgresql_superuser_password_result
-  until: "postgresql_superuser_password_result is succeeded"
-  retries: 10
-  delay: 2
-
-- name: Ensure postgresql configuration is set
-  community.postgresql.postgresql_set:
-    name: "{{ option.key }}"
-    value: "{{ option.value }}"
-    login_host: >-2
-      {{
-        (postgresql_config_unix_socket_directories | first)
-        if postgresql_config_connect_socket else 
-        (postgresql_container_info.container.NetworkSettings.IPAddress)
-      }}
-    login_port: "{{ postgresql_config_port }}"
-    login_password: #TODO
-  loop: "{{ postgresql_merged_options | dict2items }}"
-  loop_control:
-    loop_var: option
-
-- name: Ensure postgresql configuration is reloaded
-  community.postgresql.postgresql_query:
-    query: "SELECT pg_reload_conf();"
-    login_host: #TODO
-    login_port: #TODO
-    login_password: #TODO
-
-- name: Ensure restart handler is fired if required
-  debug:
-    msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
-  when: result.changed
-  changed_when: "{{ result.restart_required }}"
-  notify: postgresql_restart
-  loop: "{{ postgresql_config_results }}"
-  loop_control:
-    loop_var: result
-    label: "{{ result.option.name }}"

roles/postgresql/tasks/deploy-docker.yml

@@ -10,21 +10,6 @@
   retries: 5
   delay: 4
 
-- name: Ensure /etc/passwd for container is {{ postgresql_state }}
-  ansible.builtin.template:
-    src: "postgresql-passwd.j2"
-    dest: "{{ postgresql_container_passwd_file }}"
-    owner: "{{ postgresql_user_id }}"
-    group: "{{ postgresql_user_group_id }}"
-    mode: "0640"
-  when: postgresql_state == 'present'
-
-- name: Initialize database if empty
-  ansible.builtin.include_tasks:
-    file: "docker-initialize.yml"
-  when:
-    - postgresql_state == 'present'
-
 - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }}
   community.docker.docker_container:
     name: "{{ postgresql_container_name }}"
@@ -33,16 +18,6 @@
     user: "{{ postgresql_container_user | default(omit, true) }}"
     ports: "{{ postgresql_container_ports | default(omit, true) }}"
     labels: "{{ postgresql_container_labels | default(omit, true) }}"
-    recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
     networks: "{{ postgresql_container_networks | default(omit, true) }}"
-    etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
-    memory: "{{ postgresql_container_memory | default(omit, true) }}"
-    memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}"
-    oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}"
-    oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}"
-    shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}"
-    ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}"
     restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}"
     state: "{{ postgresql_container_state }}"
-
-- 

roles/postgresql/tasks/initialize-docker.yml

@@ -1,35 +0,0 @@
-- name: Ensure container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} to initialise the database
-  community.docker.docker_container:
-    name: "{{ postgresql_container_name }}"
-    user: "{{ postgresql_container_user }}"
-    image: "{{ postgresql_container_image }}"
-    ports: "{{ postgresql_container_ports }}"
-    labels: "{{ postgresql_container_labels | default(omit, true) }}"
-    networks: "{{ postgresql_container_networks | default(omit, true) }}"
-    etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
-    state: started
-  register: postgresql_container_info
-
-- name: Wait for container startup
-  block:
-    - name: Wait for container startup (socket)
-      ansible.builtin.wait_for:
-        path: "{{ postgresql_config_unix_socket_directories | first  }}.s.PGSQL.{{ postgresql_config_port }}"
-      when: "{{ postgresql_config_connect_socket }}"
-    - name: Wait for container startup (port)
-      ansible.builtin.wait_for:
-        host: >-2
-          {{ (pg_addresses == '*') | ternary(
-                 omit,
-                 postgresql_config_listen_addresses | first
-             ) }}
-        port: "{{ postgresql_config_port }}"
-      when: "{{ not postgresql_config_connect_socket }}"
-      vars:
-        pg_addresses: "{{ postgresql_config_listen_addresses | join(',') }}"
-
-- name: Ensure init container '{{ postgresql_container_name }}' is removed
-  community.docker.docker_container:
-    name: "{{ postgresql_container_name }}"
-    state: absent
-

roles/postgresql/tasks/main.yml

@@ -58,10 +58,6 @@
     - postgresql_data_dir_version_info.stat.exists
     - "(postgresql_data_dir_version_content | b64decode | int) != (postgresql_major_version | int)"
 
-- name: Prepare authentication and authorization for database admin role
-  ansible.builtin.include_tasks:
-    file: "prepare.yml"
-
 - name: Deploy postgresql using {{ postgresql_deployment_method }}
   ansible.builtin.include_tasks:
     file: "deploy-{{ postgresql_deployment_method }}.yml"

roles/postgresql/tasks/prepare.yml

@@ -1,33 +0,0 @@
----
-- name: Ensure postgresql config files are {{ postgresql_state }}
-  ansible.builtin.lineinfile:
-    path: "{{ file.name }}"
-    insertafter: "{{ file.insert_after | default(omit) }}"
-    insertbefore: "{{ file.insert_before | default(omit) }}"
-    line: "{{ file.line }}"
-    owner: "{{ postgresql_user_id }}"
-    group: "{{ postgresql_user_group_id }}"
-    create: true
-  loop_control:
-    loop_var: file
-    label: "{{ file.name }}"
-  loop:
-    - name: "{{ postgresql_pg_hba_conf_file }}"
-      insert_before: "BOF"
-      line: "# Ansible managed"
-    - name: "{{ postgresql_pg_ident_conf_file }}"
-      insert_before: "BOF"
-      line: "# Ansible managed"
-    - name: "{{ postgresql_pg_ident_conf_file }}"
-      insert_after: "# Ansible managed"
-      line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}"
-  when: postgresql_state == 'present'
-
-- name: Configure permissions for postgresql admin role
-  community.postgresql.postgresql_pg_hba:
-    dest: "{{ postgresql_pg_hba_conf_file }}"
-    contype: "{{ postgresql_admin_role_contype }}"
-    users: "{{ postgresql_admin_role }}"
-    method: "{{ postgresql_admin_role_method }}"
-    options: "map={{ ansible_user }}_{{ postgresql_admin_role }}"
-  when: postgresql_state == 'present'

roles/postgresql/templates/postgresql-passwd.j2

@@ -1,19 +0,0 @@
-root:x:0:0:root:/root:/bin/bash
-daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
-bin:x:2:2:bin:/bin:/usr/sbin/nologin
-sys:x:3:3:sys:/dev:/usr/sbin/nologin
-sync:x:4:65534:sync:/bin:/bin/sync
-games:x:5:60:games:/usr/games:/usr/sbin/nologin
-man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
-lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
-mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
-news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
-uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
-proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
-www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
-backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
-list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
-irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
-_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
-nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash