WIP: feat(postgresql): deploy directly (bare-metal)

galaxy.yml

@@ -1,12 +1,13 @@
 namespace: finallycoffee
 name: databases
-version: 0.1.1
+version: 0.1.2
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Collection for deploying and configuring databases
 dependencies:
-  "community.docker": "^3.0.0"
+  "community.docker": "^4.0.0"
+  "community.postgresql": "^3.9.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'

roles/postgresql/README.md

@@ -2,3 +2,26 @@
 
 PostgreSQL is the self proclaimed "world's most advanced" open source relational
 database. This ansible role can deploy and configure postgresql.
+
+By default, the role configures the remote's effective ansible user with
+peer authentication for the (postgresql) role `postgres` on all databases (with all grants).
+
+## Required configuration
+
+Set `postgresql_superuser_password` to your superusers desired password.
+
+## Optional configuration
+
+Set `postgresql_major_version` to your desired postgresql major version,
+for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6).
+
+This role can be executed multiple times with different
+`postgresql_major_version` values to provide new database versions for up-to-
+date applications and older versions for software which does not yet support
+them. Container name and host mounts encode the major version to prevent
+accidental usage of the 'wrong' `PGDATA` directory.
+
+## Requirements
+
+- `psycopg2` (pip) package
+- `docker` (pip) package

roles/postgresql/defaults/main/config.yml

@@ -8,7 +8,7 @@ postgresql_config_port: 5432
 
 postgresql_base_config:
   listen_addresses: "{{ postgresql_config_listen_addresses }}"
-  connect_socket: "{{ postgresql_config_connect_socket }}"
+  unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}"
   port: "{{ postgresql_config_port }}"
 postgresql_merged_config: >-2
   {{ postgresql_base_config | combine(

roles/postgresql/defaults/main/main.yml

@@ -17,15 +17,14 @@ postgresql_pg_ident_conf_file: >-2
   {{ postgresql_config_path }}/pg_ident.conf
 postgresql_pg_hba_conf_file: >-2
   {{ postgresql_config_path }}/pg_hba.conf
-postgresql_admin_role: "{{ postgresql_user }}"
+postgresql_admin_role: "postgres"
 postgresql_admin_role_contype: local
 postgresql_admin_role_method: peer
 postgresql_admin_local_user: >-2
   {{ ansible_facts['user_id'] }}
 postgresql_admin_role_mapping_name: >-2
   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }}
-postgresql_admin_pg_ident_conf: >-2
+postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}"
-  {{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}
 postgresql_admin_pg_hba_conf_options: >-2
   map={{ postgresql_admin_role_mapping_name }}
 postgresql_superuser_password: ~

roles/postgresql/tasks/configure.yml

@@ -1,49 +1,60 @@
 ---
-- name: Ensure postgresql superuser is set
+- name: Configure postgresql
-  community.postgresql.postgresql_user:
+  block:
-    name: "{{ postgresql_admin_role }}"
+    - name: Ensure postgresql superuser is set
-    password: "{{ postgresql_superuser_password }}"
+      community.postgresql.postgresql_user:
-    login_host: >-2
+        name: "{{ postgresql_admin_role }}"
+        password: "{{ postgresql_superuser_password }}"
+        login_host: "{{ postgresql_login_host }}"
+      register: postgresql_superuser_password_result
+      until: "postgresql_superuser_password_result is succeeded"
+      retries: 10
+      delay: 2
+
+    - name: Ensure postgresql configuration is set
+      community.postgresql.postgresql_set:
+        name: "{{ option.key }}"
+        value: "{{ pg_option_value }}"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+      loop: "{{ postgresql_merged_config | dict2items }}"
+      loop_control:
+        loop_var: option
+      vars:
+        pg_option_value: >-2
+          {{
+            (option.value | join(' '))
+            if (option.value is iterable
+              and option.value is not string
+              and option.value is not mapping)
+            else option.value
+          }}
+      register: postgresql_config_results
+
+    - name: Ensure postgresql configuration is reloaded
+      community.postgresql.postgresql_query:
+        db: "postgres"
+        query: "SELECT pg_reload_conf();"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+
+    - name: Ensure restart handler is fired if required
+      debug:
+        msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
+      when: result.changed
+      changed_when: "{{ result.restart_required }}"
+      notify: postgresql_restart
+      loop: "{{ postgresql_config_results.results }}"
+      loop_control:
+        loop_var: result
+        label: "{{ result.option.key }}"
+  when: postgresql_state == 'present'
+  vars:
+    postgresql_login_host: >-2
       {{
         (postgresql_config_unix_socket_directories | first)
         if postgresql_config_connect_socket else 
         (postgresql_container_info.container.NetworkSettings.IPAddress)
       }}
-  register: postgresql_superuser_password_result
-  until: "postgresql_superuser_password_result is succeeded"
-  retries: 10
-  delay: 2
-
-- name: Ensure postgresql configuration is set
-  community.postgresql.postgresql_set:
-    name: "{{ option.key }}"
-    value: "{{ option.value }}"
-    login_host: >-2
-      {{
-        (postgresql_config_unix_socket_directories | first)
-        if postgresql_config_connect_socket else 
-        (postgresql_container_info.container.NetworkSettings.IPAddress)
-      }}
-    login_port: "{{ postgresql_config_port }}"
-    login_password: #TODO
-  loop: "{{ postgresql_merged_options | dict2items }}"
-  loop_control:
-    loop_var: option
-
-- name: Ensure postgresql configuration is reloaded
-  community.postgresql.postgresql_query:
-    query: "SELECT pg_reload_conf();"
-    login_host: #TODO
-    login_port: #TODO
-    login_password: #TODO
-
-- name: Ensure restart handler is fired if required
-  debug:
-    msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
-  when: result.changed
-  changed_when: "{{ result.restart_required }}"
-  notify: postgresql_restart
-  loop: "{{ postgresql_config_results }}"
-  loop_control:
-    loop_var: result
-    label: "{{ result.option.name }}"

roles/postgresql/tasks/deploy-docker.yml

@@ -38,12 +38,13 @@
   when:
     - ansible_facts['service_mgr'] == 'systemd'
     - postgresql_state == 'present'
+  register: postgresql_systemd_tmpfile_correction_unit_info
 
 - name: Ensure systemd is reloaded
   ansible.builtin.systemd:
     daemon_reload: true
   when:
-    - postgresql_systemd_tmpfile_correction_unit.changed
+    - postgresql_systemd_tmpfile_correction_unit_info.changed
 
 - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
   ansible.builtin.systemd:
@@ -57,12 +58,20 @@
     enabled: "{{ postgresql_state == 'present' }}"
   when: ansible_facts['service_mgr'] == 'systemd'
 
+- name: Lookup {{ postgresql_data_path }}/global
+  ansible.builtin.stat:
+    path: "{{ postgresql_data_path }}/global"
+    get_checksum: false
+  register: postgresql_global_data_info
+
 - name: Initialize database if empty
   ansible.builtin.include_tasks:
     file: "initialize-docker.yml"
   when:
     - postgresql_state == 'present'
-    # TODO: determine if initialization is needed
+    - not postgresql_global_data_info.stat.exists
+    - postgresql_global_data_info.stat.isdir is defined
+    - not postgresql_global_data_info.stat.isdir
 
 - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }}
   community.docker.docker_container:

roles/postgresql/tasks/deploy-local.yml

@@ -0,0 +1,11 @@
+---
+- name: Ensure postgresql package is {{ postgresql_state }}
+  ansible.builtin.package:
+    name: "{{ postgresql_os_package_name }}"
+    state: "{{ postgresql_state }}"
+
+- name: Ensure postgresql systemd unit is {{ (postgresql_state == 'present') | ternary('enabled', 'disabled') }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_service_name }}"
+    enabled: "{{ (postgresql_state == 'present') }}"
+  when: ansible_facts['service_mgr'] == 'systemd'

roles/postgresql/tasks/initialize-docker.yml

@@ -27,7 +27,7 @@
   block:
     - name: Wait for container startup (socket)
       ansible.builtin.wait_for:
-        path: "{{ postgresql_config_unix_socket_directories | first  }}.s.PGSQL.{{ postgresql_config_port }}"
+        path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}"
       when: "postgresql_config_connect_socket | bool"
     - name: Wait for container startup (port)
       ansible.builtin.wait_for:
@@ -45,4 +45,3 @@
   community.docker.docker_container:
     name: "{{ postgresql_container_name }}"
     state: absent
-

roles/postgresql/tasks/main.yml

@@ -33,6 +33,7 @@
   loop:
     - name: "{{ postgresql_config_path }}"
     - name: "{{ postgresql_data_path }}"
+      mode: "0700"
   loop_control:
     loop_var: path
     label: "{{ path.name }}"
@@ -65,3 +66,7 @@
 - name: Deploy postgresql using {{ postgresql_deployment_method }}
   ansible.builtin.include_tasks:
     file: "deploy-{{ postgresql_deployment_method }}.yml"
+
+- name: Configure postgresql
+  ansible.builtin.include_tasks:
+    file: "configure.yml"

roles/postgresql/tasks/prepare.yml

@@ -20,8 +20,9 @@
       line: "# Ansible managed"
     - name: "{{ postgresql_pg_ident_conf_file }}"
       insert_after: "# Ansible managed"
-      line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}"
+      line: "{{ postgresql_admin_pg_ident_conf }}"
   when: postgresql_state == 'present'
+  notify: postgresql_restart
 
 - name: Configure permissions for postgresql admin role
   community.postgresql.postgresql_pg_hba:
@@ -29,5 +30,6 @@
     contype: "{{ postgresql_admin_role_contype }}"
     users: "{{ postgresql_admin_role }}"
     method: "{{ postgresql_admin_role_method }}"
-    options: "map={{ ansible_user }}_{{ postgresql_admin_role }}"
+    options: "{{ postgresql_admin_pg_hba_conf_options }}"
   when: postgresql_state == 'present'
+  notify: postgresql_restart

roles/postgresql/vars/main.yml

@@ -4,3 +4,4 @@ postgresql_states:
   - absent
 postgresql_deployment_methods:
   - docker
+  - local