feat(postgresql): add ansible role for postgresql deployment

2025-01-04 09:55:52 +01:00
22 changed files with 28 additions and 215 deletions
--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,15 +1,12 @@
 namespace: finallycoffee
 name: databases
-version: 0.1.4
+version: 0.1.1
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Collection for deploying and configuring databases
 dependencies:
-  "community.docker": "^4.0.0"
+  "community.docker": "^3.0.0"
  "community.general": "^10.6.0"
  "community.postgresql": "^3.9.0"
  "containers.podman": "^1.16.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'
--- a/playbooks/postgresql_client.yml
+++ b/playbooks/postgresql_client.yml
@ -1,24 +0,0 @@
 ---
 - import_playbook: finallycoffee.databases.postgresql_user
  vars:
    postgresql_users:
      - name: "{{ postgresql_client_username }}"
        password: "{{ postgresql_client_password }}"
 - import_playbook: finallycoffee.databases.postgresql_database
  vars:
    postgresql_databases:
      - name: "{{ postgresql_client_database }}"
        owner: "{{ postgresql_client_username }}"
        encoding: "{{ postgresql_client_database_encoding | default('UTF8', true) }}"
        lc_ctype: "{{ postgresql_client_database_lc_ctype | default('en_US.UTF-8', true) }}"
        lc_collate: "{{ postgresql_client_database_lc_collate | default('en_US.UTF-8', true) }}"
 - import_playbook: finallycoffee.databases.postgresql_host_based_authentication
  vars:
    postgresql_authentications:
      - users: "{{ postgresql_client_username }}"
        databases: "{{ postgresql_client_database }}"
        contype: "{{ postgresql_client_database_contype | default('local') }}"
        method: "{{ postgresql_client_database_auth_method | default('md5') }}"
        options: "{{ postgresql_client_options | default(false, true) }}"
        address: "{{ postgresql_client_address | default(false, true) }}"
        netmask: "{{ postgresql_client_netmask | default(false, true) }}"
--- a/playbooks/postgresql_clients.yml
+++ b/playbooks/postgresql_clients.yml
@ -1,4 +0,0 @@
 ---
 - import_playbook: finallycoffee.databases.postgresql_user
 - import_playbook: finallycoffee.databases.postgresql_database
 - import_playbook: finallycoffee.databases.postgresql_host_based_authentication
--- a/playbooks/postgresql_database.yml
+++ b/playbooks/postgresql_database.yml
@ -1,26 +0,0 @@
 ---
 - name: Configure postgresql databases
  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
  become: "{{ postgresql_become | default(false, true) }}"
  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
  tasks:
    - name: Configure individual postgresql database
      community.postgresql.postgresql_db:
        name: "{{ postgresql_database.name }}"
        owner: "{{ postgresql_database.owner | default(omit) }}"
        state: "{{ postgresql_database_state }}"
        template: "{{ postgresql_database.template | default(omit, true) }}"
        encoding: "{{ postgresql_database.encoding | default(omit, true) }}"
        lc_ctype: "{{ postgresql_database.lc_ctype | default(omit, true) }}"
        lc_collate: "{{ postgresql_database.lc_collate | default(omit, true) }}"
        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
      vars:
        postgresql_database_state: "{{ postgresql_database.state | default('present', true) }}"
      loop: "{{ postgresql_databases | default([]) }}"
      loop_control:
        loop_var: postgresql_database
        label: "{{ postgresql_database.name }}"
--- a/playbooks/postgresql_host_based_authentication.yml
+++ b/playbooks/postgresql_host_based_authentication.yml
@ -1,23 +0,0 @@
 ---
 - name: Configure postgresql host based authentications
  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
  become: "{{ postgresql_become | default(false, true) }}"
  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
  tasks:
    - name: Configure individual postgresql host based authentication
      community.postgresql.postgresql_pg_hba:
        dest: "{{ postgresql_pg_hba_conf_file }}"
        users: "{{ postgresql_auth.users | default(omit) }}"
        databases: "{{ postgresql_auth.databases | default(omit) }}"
        contype: "{{ postgresql_auth.contype }}"
        state: "{{ postgresql_auth_state }}"
        method: "{{ postgresql_auth.method | default(omit, true) }}"
        options: "{{ postgresql_auth.options | default(omit, true) }}"
        address: "{{ postgresql_auth.address | default(omit, true) }}"
        netmask: "{{ postgresql_auth.netmask | default(omit, true) }}"
      vars:
        postgresql_auth_state: "{{ postgresql_auth.state | default('present', true) }}"
      loop: "{{ postgresql_authentications | default([]) }}"
      loop_control:
        loop_var: postgresql_auth
        label: "{{ postgresql_auth.users }}@{{ postgresql_auth.databases }}"
--- a/playbooks/postgresql_user.yml
+++ b/playbooks/postgresql_user.yml
@ -1,24 +0,0 @@
 ---
 - name: Configure postgresql users
  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
  become: "{{ postgresql_become | default(false, true) }}"
  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
  tasks:
    - name: Configure individual postgresql user
      community.postgresql.postgresql_user:
        name: "{{ postgresql_user.name }}"
        state: "{{ postgresql_user_state }}"
        password: "{{ postgresql_user_password }}"
        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
      vars:
        postgresql_user_state: "{{ postgresql_user.state | default('present', true) }}"
        postgresql_user_password: >-2
          {{ (postgresql_user_state != 'absent') | ternary(postgresql_user.password, omit) }}
      loop: "{{ postgresql_users | default([]) }}"
      loop_control:
        loop_var: postgresql_user
        label: "{{ postgresql_user.name }}"
--- a/roles/elasticsearch/defaults/main.yml
+++ b/roles/elasticsearch/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-elasticsearch_version: "9.0.2"
+elasticsearch_version: "8.17.0"
 elasticsearch_state: present
 elasticsearch_base_path: /opt/elasticsearch
--- a/roles/mariadb/defaults/main.yml
+++ b/roles/mariadb/defaults/main.yml
@ -1,10 +1,9 @@
 ---
-mariadb_version: "10.11.11"
+mariadb_version: "10.11.10"
 mariadb_base_path: /var/lib/mariadb
 mariadb_data_path: >-2
  {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }}
 mariadb_state: present
 mariadb_deployment_method: docker
 mariadb_root_password: ~
 mariadb_database: ~
--- a/roles/mariadb/tasks/deploy-docker.yml
+++ b/roles/mariadb/tasks/deploy-docker.yml
@ -1,20 +0,0 @@
 ---
 - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
  community.docker.docker_image:
    name: "{{ mariadb_container_image }}"
    state: "{{ mariadb_state }}"
    source: "{{ mariadb_container_image_source }}"
    force_source: "{{ mariadb_container_image_force_source }}"
 - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
  community.docker.docker_container:
    name: "{{ mariadb_container_name }}"
    image: "{{ mariadb_container_image }}"
    env: "{{ mariadb_container_environment }}"
    ports: "{{ mariadb_container_ports | default(omit, true) }}"
    labels: "{{ mariadb_container_labels | default(omit, true) }}"
    volumes: "{{ mariadb_container_volumes }}"
    networks: "{{ mariadb_container_networks | default(omit, true) }}"
    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
    restart_policy: "{{ mariadb_container_restart_policy }}"
    state: "{{ mariadb_container_state }}"
--- a/roles/mariadb/tasks/deploy-podman.yml
+++ b/roles/mariadb/tasks/deploy-podman.yml
@ -1,20 +0,0 @@
 ---
 - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
  containers.podman.podman_image:
    name: "{{ mariadb_container_image }}"
    state: "{{ mariadb_state }}"
    pull: "{{ (mariadb_container_image_source == 'pull') | bool }}"
    force: "{{ mariadb_container_image_force_source }}"
 - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
  containers.podman.podman_container:
    name: "{{ mariadb_container_name }}"
    image: "{{ mariadb_container_image }}"
    env: "{{ mariadb_container_environment }}"
    ports: "{{ mariadb_container_ports | default(omit, true) }}"
    labels: "{{ mariadb_container_labels | default(omit, true) }}"
    volumes: "{{ mariadb_container_volumes }}"
    network: "{{ mariadb_container_networks | default(omit, true) }}"
    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
    restart_policy: "{{ mariadb_container_restart_policy }}"
    state: "{{ mariadb_container_state }}"
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@ -1,19 +1,20 @@
 ---
- name: Ensure mariadb state parameter is valid
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
-  ansible.builtin.fail:
+  community.docker.docker_image:
-    msg: >-2
+    name: "{{ mariadb_container_image }}"
-      Unknown state '{{ mariadb_state }}'!
+    state: "{{ mariadb_state }}"
-      Supported states are {{ mariadb_states | join(', ') }}
+    source: "{{ mariadb_container_image_source }}"
-  when: mariadb_state not in mariadb_states
+    force_source: "{{ mariadb_container_image_force_source }}"
 - name: Ensure deployment method is valid
  ansible.builtin.fail:
    msg: >-2
      Unknown deployment method '{{ mariadb_deployment_method }}'!
      Supported deployment methods are {{ mariadb_deployment_methods | join(', ') }}
  when: mariadb_deployment_method not in mariadb_deployment_methods
 - name: Ensure mariadb is deployed using {{ mariadb_deployment_method }}
  ansible.builtin.include_tasks:
    file: "deploy-{{ mariadb_deployment_method }}.yml"
 - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
  community.docker.docker_container:
    name: "{{ mariadb_container_name }}"
    image: "{{ mariadb_container_image }}"
    env: "{{ mariadb_container_environment }}"
    ports: "{{ mariadb_container_ports | default(omit, true) }}"
    labels: "{{ mariadb_container_labels | default(omit, true) }}"
    volumes: "{{ mariadb_container_volumes }}"
    networks: "{{ mariadb_container_networks | default(omit, true) }}"
    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
    restart_policy: "{{ mariadb_container_restart_policy }}"
    state: "{{ mariadb_container_state }}"
--- a/roles/mariadb/vars/main.yml
+++ b/roles/mariadb/vars/main.yml
@ -1,10 +1,4 @@
 ---
 mariadb_states:
  - present
  - absent
 mariadb_deployment_methods:
  - docker
  - podman
 mariadb_container_database_environment:
  MARIADB_DATABASE: "{{ mariadb_database }}"
--- a/roles/postgresql/README.md
+++ b/roles/postgresql/README.md
@ -3,24 +3,6 @@
 PostgreSQL is the self proclaimed "world's most advanced" open source relational
 database. This ansible role can deploy and configure postgresql.
 By default, the role configures the remote's effective ansible user with
 peer authentication for the (postgresql) role `postgres` on all databases (with all grants).
 ## Required configuration
 Set `postgresql_superuser_password` to your superusers desired password.
 ## Optional configuration
 Set `postgresql_major_version` to your desired postgresql major version,
 for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6).
 This role can be executed multiple times with different
 `postgresql_major_version` values to provide new database versions for up-to-
 date applications and older versions for software which does not yet support
 them. Container name and host mounts encode the major version to prevent
 accidental usage of the 'wrong' `PGDATA` directory.
 ## Requirements
 - `psycopg2` (pip) package
--- a/roles/postgresql/defaults/main/config.yml
+++ b/roles/postgresql/defaults/main/config.yml
@ -1,8 +1,7 @@
 ---
 postgresql_config_connect_socket: true
 postgresql_config_unix_socket: "/var/run/postgresql"
 postgresql_config_unix_socket_directories:
-  - "{{ postgresql_config_unix_socket }}"
+  - "/var/run/postgresql"
 postgresql_config_listen_addresses:
  - '*'
 postgresql_config_port: 5432
--- a/roles/postgresql/defaults/main/container.yml
+++ b/roles/postgresql/defaults/main/container.yml
@ -18,7 +18,7 @@ postgresql_container_image: >-2
        ((postgresql_container_image_flavour is string)
          and (postgresql_container_image_flavour | length > 0))
        | ternary(
-          '-' + postgresql_container_image_flavour | default('', true),
+          '_' + postgresql_container_image_flavour | default('', true),
          '',
        )
      ),
@ -48,7 +48,7 @@ postgresql_container_config_volumes:
  - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
  - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
 postgresql_container_unix_socket_volumes:
-  - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
 postgresql_container_initdb_volumes: >-2
  {{ postgresql_container_base_volumes
    + postgresql_container_unix_socket_volumes
@ -69,7 +69,5 @@ postgresql_container_oom_kill: ~
 postgresql_container_oom_score_adj: ~
 postgresql_container_ulimits: ~
 postgresql_container_user_name: "postgres"
 postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}"
 postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
 postgresql_container_data_dir: "/var/lib/postgresql/data"
--- a/roles/postgresql/tasks/configure.yml
+++ b/roles/postgresql/tasks/configure.yml
@ -50,17 +50,10 @@
      loop_control:
        loop_var: result
        label: "{{ result.option.key }}"
  when: postgresql_state == 'present'
  vars:
    postgresql_login_host: >-2
      {{
-        (
+        (postgresql_config_unix_socket_directories | first)
          (postgresql_deployment_method in ['docker'])
          | ternary(
            postgresql_unix_socket_path,
            (postgresql_config_unix_socket_directories | first)
          )
        )
        if postgresql_config_connect_socket else 
        (postgresql_container_info.container.NetworkSettings.IPAddress)
      }}
--- a/roles/postgresql/tasks/deploy-docker.yml
+++ b/roles/postgresql/tasks/deploy-docker.yml
@ -51,14 +51,12 @@
    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
    state: "{{ postgresql_container_state }}"
  when: ansible_facts['service_mgr'] == 'systemd'
  ignore_errors: "{{ ansible_check_mode }}"
 - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
  ansible.builtin.systemd:
    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
    enabled: "{{ postgresql_state == 'present' }}"
  when: ansible_facts['service_mgr'] == 'systemd'
  ignore_errors: "{{ ansible_check_mode }}"
 - name: Lookup {{ postgresql_data_path }}/global
  ansible.builtin.stat:
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -33,7 +33,6 @@
  loop:
    - name: "{{ postgresql_config_path }}"
    - name: "{{ postgresql_data_path }}"
      mode: "0700"
  loop_control:
    loop_var: path
    label: "{{ path.name }}"
--- a/roles/postgresql/tasks/prepare.yml
+++ b/roles/postgresql/tasks/prepare.yml
@ -22,7 +22,6 @@
      insert_after: "# Ansible managed"
      line: "{{ postgresql_admin_pg_ident_conf }}"
  when: postgresql_state == 'present'
  notify: postgresql_restart
 - name: Configure permissions for postgresql admin role
  community.postgresql.postgresql_pg_hba:
@ -32,4 +31,3 @@
    method: "{{ postgresql_admin_role_method }}"
    options: "{{ postgresql_admin_pg_hba_conf_options }}"
  when: postgresql_state == 'present'
  notify: postgresql_restart
--- a/roles/postgresql/templates/postgresql-passwd.j2
+++ b/roles/postgresql/templates/postgresql-passwd.j2
@ -16,4 +16,4 @@ list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
 _apt:x:42:65534::/nonexistent:/usr/sbin/nologin
 nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-{{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash
+postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash
--- a/roles/valkey/defaults/main/main.yml
+++ b/roles/valkey/defaults/main/main.yml
@ -1,5 +1,5 @@
 ---
-valkey_version: "8.1.2"
+valkey_version: "8.0.1"
 valkey_state: "present"
 valkey_instance: ~
 valkey_instance_suffix: >-2
@ -9,8 +9,6 @@ valkey_user: >-2
  valkey{{ valkey_instance_suffix }}
 valkey_config_path: "/etc/valkey"
 valkey_config_path_owner: "root"
 valkey_config_path_group: "root"
 valkey_config_file: >-2
  {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf
 valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}"
--- a/roles/valkey/tasks/main.yml
+++ b/roles/valkey/tasks/main.yml
@ -39,8 +39,6 @@
    mode: "{{ path.mode | default('0755') }}"
  loop:
    - name: "{{ valkey_config_path }}"
      owner: "{{ valkey_config_path_owner }}"
      group: "{{ valkey_config_path_group }}"
    - name: "{{ valkey_data_path }}"
  loop_control:
    loop_var: "path"