Compare commits
	
		
			1 Commits
		
	
	
		
			main
			...
			2b315cdb9d
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 2b315cdb9d | 
| @@ -1,15 +1,12 @@ | ||||
| namespace: finallycoffee | ||||
| name: databases | ||||
| version: 0.1.4 | ||||
| version: 0.1.1 | ||||
| readme: README.md | ||||
| authors: | ||||
| - transcaffeine <transcaffeine@finally.coffee> | ||||
| description: Collection for deploying and configuring databases | ||||
| dependencies: | ||||
|   "community.docker": "^4.0.0" | ||||
|   "community.general": "^10.6.0" | ||||
|   "community.postgresql": "^3.9.0" | ||||
|   "containers.podman": "^1.16.0" | ||||
|   "community.docker": "^3.0.0" | ||||
| license_file: LICENSE.md | ||||
| build_ignore: | ||||
| - '*.tar.gz' | ||||
|   | ||||
| @@ -1,24 +0,0 @@ | ||||
| --- | ||||
| - import_playbook: finallycoffee.databases.postgresql_user | ||||
|   vars: | ||||
|     postgresql_users: | ||||
|       - name: "{{ postgresql_client_username }}" | ||||
|         password: "{{ postgresql_client_password }}" | ||||
| - import_playbook: finallycoffee.databases.postgresql_database | ||||
|   vars: | ||||
|     postgresql_databases: | ||||
|       - name: "{{ postgresql_client_database }}" | ||||
|         owner: "{{ postgresql_client_username }}" | ||||
|         encoding: "{{ postgresql_client_database_encoding | default('UTF8', true) }}" | ||||
|         lc_ctype: "{{ postgresql_client_database_lc_ctype | default('en_US.UTF-8', true) }}" | ||||
|         lc_collate: "{{ postgresql_client_database_lc_collate | default('en_US.UTF-8', true) }}" | ||||
| - import_playbook: finallycoffee.databases.postgresql_host_based_authentication | ||||
|   vars: | ||||
|     postgresql_authentications: | ||||
|       - users: "{{ postgresql_client_username }}" | ||||
|         databases: "{{ postgresql_client_database }}" | ||||
|         contype: "{{ postgresql_client_database_contype | default('local') }}" | ||||
|         method: "{{ postgresql_client_database_auth_method | default('md5') }}" | ||||
|         options: "{{ postgresql_client_options | default(false, true) }}" | ||||
|         address: "{{ postgresql_client_address | default(false, true) }}" | ||||
|         netmask: "{{ postgresql_client_netmask | default(false, true) }}" | ||||
| @@ -1,4 +0,0 @@ | ||||
| --- | ||||
| - import_playbook: finallycoffee.databases.postgresql_user | ||||
| - import_playbook: finallycoffee.databases.postgresql_database | ||||
| - import_playbook: finallycoffee.databases.postgresql_host_based_authentication | ||||
| @@ -1,26 +0,0 @@ | ||||
| --- | ||||
| - name: Configure postgresql databases | ||||
|   hosts: "{{ postgresql_hosts | default('postgresql', true) }}" | ||||
|   become: "{{ postgresql_become | default(false, true) }}" | ||||
|   gather_facts: "{{ postgresql_gather_facts | default(false, true) }}" | ||||
|   tasks: | ||||
|     - name: Configure individual postgresql database | ||||
|       community.postgresql.postgresql_db: | ||||
|         name: "{{ postgresql_database.name }}" | ||||
|         owner: "{{ postgresql_database.owner | default(omit) }}" | ||||
|         state: "{{ postgresql_database_state }}" | ||||
|         template: "{{ postgresql_database.template | default(omit, true) }}" | ||||
|         encoding: "{{ postgresql_database.encoding | default(omit, true) }}" | ||||
|         lc_ctype: "{{ postgresql_database.lc_ctype | default(omit, true) }}" | ||||
|         lc_collate: "{{ postgresql_database.lc_collate | default(omit, true) }}" | ||||
|         login_host: "{{ postgresql_connection_host | default(omit, true) }}" | ||||
|         login_port: "{{ postgresql_connection_port | default(omit, true) }}" | ||||
|         login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}" | ||||
|         login_user: "{{ postgresql_connection_user | default(omit, true) }}" | ||||
|         login_password: "{{ postgresql_connection_password | default(omit, true) }}" | ||||
|       vars: | ||||
|         postgresql_database_state: "{{ postgresql_database.state | default('present', true) }}" | ||||
|       loop: "{{ postgresql_databases | default([]) }}" | ||||
|       loop_control: | ||||
|         loop_var: postgresql_database | ||||
|         label: "{{ postgresql_database.name }}" | ||||
| @@ -1,23 +0,0 @@ | ||||
| --- | ||||
| - name: Configure postgresql host based authentications | ||||
|   hosts: "{{ postgresql_hosts | default('postgresql', true) }}" | ||||
|   become: "{{ postgresql_become | default(false, true) }}" | ||||
|   gather_facts: "{{ postgresql_gather_facts | default(false, true) }}" | ||||
|   tasks: | ||||
|     - name: Configure individual postgresql host based authentication | ||||
|       community.postgresql.postgresql_pg_hba: | ||||
|         dest: "{{ postgresql_pg_hba_conf_file }}" | ||||
|         users: "{{ postgresql_auth.users | default(omit) }}" | ||||
|         databases: "{{ postgresql_auth.databases | default(omit) }}" | ||||
|         contype: "{{ postgresql_auth.contype }}" | ||||
|         state: "{{ postgresql_auth_state }}" | ||||
|         method: "{{ postgresql_auth.method | default(omit, true) }}" | ||||
|         options: "{{ postgresql_auth.options | default(omit, true) }}" | ||||
|         address: "{{ postgresql_auth.address | default(omit, true) }}" | ||||
|         netmask: "{{ postgresql_auth.netmask | default(omit, true) }}" | ||||
|       vars: | ||||
|         postgresql_auth_state: "{{ postgresql_auth.state | default('present', true) }}" | ||||
|       loop: "{{ postgresql_authentications | default([]) }}" | ||||
|       loop_control: | ||||
|         loop_var: postgresql_auth | ||||
|         label: "{{ postgresql_auth.users }}@{{ postgresql_auth.databases }}" | ||||
| @@ -1,24 +0,0 @@ | ||||
| --- | ||||
| - name: Configure postgresql users | ||||
|   hosts: "{{ postgresql_hosts | default('postgresql', true) }}" | ||||
|   become: "{{ postgresql_become | default(false, true) }}" | ||||
|   gather_facts: "{{ postgresql_gather_facts | default(false, true) }}" | ||||
|   tasks: | ||||
|     - name: Configure individual postgresql user | ||||
|       community.postgresql.postgresql_user: | ||||
|         name: "{{ postgresql_user.name }}" | ||||
|         state: "{{ postgresql_user_state }}" | ||||
|         password: "{{ postgresql_user_password }}" | ||||
|         login_host: "{{ postgresql_connection_host | default(omit, true) }}" | ||||
|         login_port: "{{ postgresql_connection_port | default(omit, true) }}" | ||||
|         login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}" | ||||
|         login_user: "{{ postgresql_connection_user | default(omit, true) }}" | ||||
|         login_password: "{{ postgresql_connection_password | default(omit, true) }}" | ||||
|       vars: | ||||
|         postgresql_user_state: "{{ postgresql_user.state | default('present', true) }}" | ||||
|         postgresql_user_password: >-2 | ||||
|           {{ (postgresql_user_state != 'absent') | ternary(postgresql_user.password, omit) }} | ||||
|       loop: "{{ postgresql_users | default([]) }}" | ||||
|       loop_control: | ||||
|         loop_var: postgresql_user | ||||
|         label: "{{ postgresql_user.name }}" | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| elasticsearch_version: "9.1.5" | ||||
| elasticsearch_version: "8.17.0" | ||||
| elasticsearch_state: present | ||||
|  | ||||
| elasticsearch_base_path: /opt/elasticsearch | ||||
|   | ||||
| @@ -1,10 +1,9 @@ | ||||
| --- | ||||
| mariadb_version: "10.11.13" | ||||
| mariadb_version: "10.11.10" | ||||
| mariadb_base_path: /var/lib/mariadb | ||||
| mariadb_data_path: >-2 | ||||
|   {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }} | ||||
| mariadb_state: present | ||||
| mariadb_deployment_method: docker | ||||
|  | ||||
| mariadb_root_password: ~ | ||||
| mariadb_database: ~ | ||||
|   | ||||
| @@ -1,20 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }} | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ mariadb_container_image }}" | ||||
|     state: "{{ mariadb_state }}" | ||||
|     source: "{{ mariadb_container_image_source }}" | ||||
|     force_source: "{{ mariadb_container_image_force_source }}" | ||||
|  | ||||
| - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }} | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ mariadb_container_name }}" | ||||
|     image: "{{ mariadb_container_image }}" | ||||
|     env: "{{ mariadb_container_environment }}" | ||||
|     ports: "{{ mariadb_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ mariadb_container_labels | default(omit, true) }}" | ||||
|     volumes: "{{ mariadb_container_volumes }}" | ||||
|     networks: "{{ mariadb_container_networks | default(omit, true) }}" | ||||
|     etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}" | ||||
|     restart_policy: "{{ mariadb_container_restart_policy }}" | ||||
|     state: "{{ mariadb_container_state }}" | ||||
| @@ -1,20 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }} | ||||
|   containers.podman.podman_image: | ||||
|     name: "{{ mariadb_container_image }}" | ||||
|     state: "{{ mariadb_state }}" | ||||
|     pull: "{{ (mariadb_container_image_source == 'pull') | bool }}" | ||||
|     force: "{{ mariadb_container_image_force_source }}" | ||||
|  | ||||
| - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }} | ||||
|   containers.podman.podman_container: | ||||
|     name: "{{ mariadb_container_name }}" | ||||
|     image: "{{ mariadb_container_image }}" | ||||
|     env: "{{ mariadb_container_environment }}" | ||||
|     ports: "{{ mariadb_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ mariadb_container_labels | default(omit, true) }}" | ||||
|     volumes: "{{ mariadb_container_volumes }}" | ||||
|     network: "{{ mariadb_container_networks | default(omit, true) }}" | ||||
|     etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}" | ||||
|     restart_policy: "{{ mariadb_container_restart_policy }}" | ||||
|     state: "{{ mariadb_container_state }}" | ||||
| @@ -1,19 +1,20 @@ | ||||
| --- | ||||
| - name: Ensure mariadb state parameter is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unknown state '{{ mariadb_state }}'! | ||||
|       Supported states are {{ mariadb_states | join(', ') }} | ||||
|   when: mariadb_state not in mariadb_states | ||||
|  | ||||
| - name: Ensure deployment method is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unknown deployment method '{{ mariadb_deployment_method }}'! | ||||
|       Supported deployment methods are {{ mariadb_deployment_methods | join(', ') }} | ||||
|   when: mariadb_deployment_method not in mariadb_deployment_methods | ||||
|  | ||||
| - name: Ensure mariadb is deployed using {{ mariadb_deployment_method }} | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "deploy-{{ mariadb_deployment_method }}.yml" | ||||
| - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }} | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ mariadb_container_image }}" | ||||
|     state: "{{ mariadb_state }}" | ||||
|     source: "{{ mariadb_container_image_source }}" | ||||
|     force_source: "{{ mariadb_container_image_force_source }}" | ||||
|  | ||||
| - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }} | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ mariadb_container_name }}" | ||||
|     image: "{{ mariadb_container_image }}" | ||||
|     env: "{{ mariadb_container_environment }}" | ||||
|     ports: "{{ mariadb_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ mariadb_container_labels | default(omit, true) }}" | ||||
|     volumes: "{{ mariadb_container_volumes }}" | ||||
|     networks: "{{ mariadb_container_networks | default(omit, true) }}" | ||||
|     etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}" | ||||
|     restart_policy: "{{ mariadb_container_restart_policy }}" | ||||
|     state: "{{ mariadb_container_state }}" | ||||
|   | ||||
| @@ -1,10 +1,4 @@ | ||||
| --- | ||||
| mariadb_states: | ||||
|   - present | ||||
|   - absent | ||||
| mariadb_deployment_methods: | ||||
|   - docker | ||||
|   - podman | ||||
|  | ||||
| mariadb_container_database_environment: | ||||
|   MARIADB_DATABASE: "{{ mariadb_database }}" | ||||
|   | ||||
| @@ -3,24 +3,6 @@ | ||||
| PostgreSQL is the self proclaimed "world's most advanced" open source relational | ||||
| database. This ansible role can deploy and configure postgresql. | ||||
|  | ||||
| By default, the role configures the remote's effective ansible user with | ||||
| peer authentication for the (postgresql) role `postgres` on all databases (with all grants). | ||||
|  | ||||
| ## Required configuration | ||||
|  | ||||
| Set `postgresql_superuser_password` to your superusers desired password. | ||||
|  | ||||
| ## Optional configuration | ||||
|  | ||||
| Set `postgresql_major_version` to your desired postgresql major version, | ||||
| for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6). | ||||
|  | ||||
| This role can be executed multiple times with different | ||||
| `postgresql_major_version` values to provide new database versions for up-to- | ||||
| date applications and older versions for software which does not yet support | ||||
| them. Container name and host mounts encode the major version to prevent | ||||
| accidental usage of the 'wrong' `PGDATA` directory. | ||||
|  | ||||
| ## Requirements | ||||
|  | ||||
| - `psycopg2` (pip) package | ||||
|   | ||||
| @@ -1,8 +1,7 @@ | ||||
| --- | ||||
| postgresql_config_connect_socket: true | ||||
| postgresql_config_unix_socket: "/var/run/postgresql" | ||||
| postgresql_config_unix_socket_directories: | ||||
|   - "{{ postgresql_config_unix_socket }}" | ||||
|   - "/var/run/postgresql" | ||||
| postgresql_config_listen_addresses: | ||||
|   - '*' | ||||
| postgresql_config_port: 5432 | ||||
|   | ||||
| @@ -18,7 +18,7 @@ postgresql_container_image: >-2 | ||||
|         ((postgresql_container_image_flavour is string) | ||||
|           and (postgresql_container_image_flavour | length > 0)) | ||||
|         | ternary( | ||||
|           '-' + postgresql_container_image_flavour | default('', true), | ||||
|           '_' + postgresql_container_image_flavour | default('', true), | ||||
|           '', | ||||
|         ) | ||||
|       ), | ||||
| @@ -48,7 +48,7 @@ postgresql_container_config_volumes: | ||||
|   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro" | ||||
|   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro" | ||||
| postgresql_container_unix_socket_volumes: | ||||
|   - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared" | ||||
|   - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared" | ||||
| postgresql_container_initdb_volumes: >-2 | ||||
|   {{ postgresql_container_base_volumes | ||||
|     + postgresql_container_unix_socket_volumes | ||||
| @@ -69,7 +69,5 @@ postgresql_container_oom_kill: ~ | ||||
| postgresql_container_oom_score_adj: ~ | ||||
| postgresql_container_ulimits: ~ | ||||
|  | ||||
| postgresql_container_user_name: "postgres" | ||||
| postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}" | ||||
| postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd" | ||||
| postgresql_container_data_dir: "/var/lib/postgresql/data" | ||||
|   | ||||
| @@ -4,12 +4,10 @@ postgresql_version: >-2 | ||||
|   {{ postgresql_versions[postgresql_major_version | string] }} | ||||
| postgresql_major_version: 16 | ||||
| postgresql_versions: | ||||
|   "18": "18rc1" | ||||
|   "17": "17.6" | ||||
|   "16": "16.10" | ||||
|   "15": "15.14" | ||||
|   "14": "14.19" | ||||
|   "13": "13.22" | ||||
|   "17": "17.2" | ||||
|   "16": "16.6" | ||||
|   "15": "15.10" | ||||
|   "14": "14.15" | ||||
|  | ||||
| postgresql_config_path: >-2 | ||||
|   /etc/postgresql/{{ postgresql_major_version }} | ||||
|   | ||||
| @@ -50,17 +50,10 @@ | ||||
|       loop_control: | ||||
|         loop_var: result | ||||
|         label: "{{ result.option.key }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   vars: | ||||
|     postgresql_login_host: >-2 | ||||
|       {{ | ||||
|         ( | ||||
|           (postgresql_deployment_method in ['docker']) | ||||
|           | ternary( | ||||
|             postgresql_unix_socket_path, | ||||
|             (postgresql_config_unix_socket_directories | first) | ||||
|           ) | ||||
|         ) | ||||
|         (postgresql_config_unix_socket_directories | first) | ||||
|         if postgresql_config_connect_socket else  | ||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||
|       }} | ||||
|   | ||||
| @@ -51,14 +51,12 @@ | ||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" | ||||
|     state: "{{ postgresql_container_state }}" | ||||
|   when: ansible_facts['service_mgr'] == 'systemd' | ||||
|   ignore_errors: "{{ ansible_check_mode }}" | ||||
|  | ||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | ||||
|   ansible.builtin.systemd: | ||||
|     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service" | ||||
|     enabled: "{{ postgresql_state == 'present' }}" | ||||
|   when: ansible_facts['service_mgr'] == 'systemd' | ||||
|   ignore_errors: "{{ ansible_check_mode }}" | ||||
|  | ||||
| - name: Lookup {{ postgresql_data_path }}/global | ||||
|   ansible.builtin.stat: | ||||
|   | ||||
| @@ -33,7 +33,6 @@ | ||||
|   loop: | ||||
|     - name: "{{ postgresql_config_path }}" | ||||
|     - name: "{{ postgresql_data_path }}" | ||||
|       mode: "0700" | ||||
|   loop_control: | ||||
|     loop_var: path | ||||
|     label: "{{ path.name }}" | ||||
|   | ||||
| @@ -22,7 +22,6 @@ | ||||
|       insert_after: "# Ansible managed" | ||||
|       line: "{{ postgresql_admin_pg_ident_conf }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   notify: postgresql_restart | ||||
|  | ||||
| - name: Configure permissions for postgresql admin role | ||||
|   community.postgresql.postgresql_pg_hba: | ||||
| @@ -32,4 +31,3 @@ | ||||
|     method: "{{ postgresql_admin_role_method }}" | ||||
|     options: "{{ postgresql_admin_pg_hba_conf_options }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   notify: postgresql_restart | ||||
|   | ||||
| @@ -16,4 +16,4 @@ list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin | ||||
| irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin | ||||
| _apt:x:42:65534::/nonexistent:/usr/sbin/nologin | ||||
| nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin | ||||
| {{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash | ||||
| postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| redis_version: "8.2.1" | ||||
| redis_version: "7.2.4" | ||||
| redis_state: "present" | ||||
| redis_instance: ~ | ||||
| redis_instance_suffix: >-2 | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| valkey_version: "8.1.4" | ||||
| valkey_version: "8.0.1" | ||||
| valkey_state: "present" | ||||
| valkey_instance: ~ | ||||
| valkey_instance_suffix: >-2 | ||||
| @@ -9,8 +9,6 @@ valkey_user: >-2 | ||||
|   valkey{{ valkey_instance_suffix }} | ||||
|  | ||||
| valkey_config_path: "/etc/valkey" | ||||
| valkey_config_path_owner: "root" | ||||
| valkey_config_path_group: "root" | ||||
| valkey_config_file: >-2 | ||||
|   {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf | ||||
| valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}" | ||||
|   | ||||
| @@ -39,8 +39,6 @@ | ||||
|     mode: "{{ path.mode | default('0755') }}" | ||||
|   loop: | ||||
|     - name: "{{ valkey_config_path }}" | ||||
|       owner: "{{ valkey_config_path_owner }}" | ||||
|       group: "{{ valkey_config_path_group }}" | ||||
|     - name: "{{ valkey_data_path }}" | ||||
|   loop_control: | ||||
|     loop_var: "path" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user