WIP: feat(postgresql): deploy directly (bare-metal)

2025-01-07 19:56:40 +01:00
21 changed files with 39 additions and 190 deletions
--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: databases
-version: 0.1.4
+version: 0.1.2
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
@ -8,7 +8,6 @@ description: Collection for deploying and configuring databases
 dependencies:
  "community.docker": "^4.0.0"
  "community.postgresql": "^3.9.0"
  "containers.podman": "^1.16.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'
--- a/playbooks/postgresql_client.yml
+++ b/playbooks/postgresql_client.yml
@ -1,24 +0,0 @@
 ---
 - import_playbook: finallycoffee.databases.postgresql_user
  vars:
    postgresql_users:
      - name: "{{ postgresql_client_username }}"
        password: "{{ postgresql_client_password }}"
 - import_playbook: finallycoffee.databases.postgresql_database
  vars:
    postgresql_databases:
      - name: "{{ postgresql_client_database }}"
        owner: "{{ postgresql_client_username }}"
        encoding: "{{ postgresql_client_database_encoding | default('UTF8', true) }}"
        lc_ctype: "{{ postgresql_client_database_lc_ctype | default('en_US.UTF-8', true) }}"
        lc_collate: "{{ postgresql_client_database_lc_collate | default('en_US.UTF-8', true) }}"
 - import_playbook: finallycoffee.databases.postgresql_host_based_authentication
  vars:
    postgresql_authentications:
      - users: "{{ postgresql_client_username }}"
        databases: "{{ postgresql_client_database }}"
        contype: "{{ postgresql_client_database_contype | default('local') }}"
        method: "{{ postgresql_client_database_auth_method | default('md5') }}"
        options: "{{ postgresql_client_options | default(false, true) }}"
        address: "{{ postgresql_client_address | default(false, true) }}"
        netmask: "{{ postgresql_client_netmask | default(false, true) }}"
--- a/playbooks/postgresql_clients.yml
+++ b/playbooks/postgresql_clients.yml
@ -1,4 +0,0 @@
 ---
 - import_playbook: finallycoffee.databases.postgresql_user
 - import_playbook: finallycoffee.databases.postgresql_database
 - import_playbook: finallycoffee.databases.postgresql_host_based_authentication
--- a/playbooks/postgresql_database.yml
+++ b/playbooks/postgresql_database.yml
@ -1,26 +0,0 @@
 ---
 - name: Configure postgresql databases
  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
  become: "{{ postgresql_become | default(false, true) }}"
  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
  tasks:
    - name: Configure individual postgresql database
      community.postgresql.postgresql_db:
        name: "{{ postgresql_database.name }}"
        owner: "{{ postgresql_database.owner | default(omit) }}"
        state: "{{ postgresql_database_state }}"
        template: "{{ postgresql_database.template | default(omit, true) }}"
        encoding: "{{ postgresql_database.encoding | default(omit, true) }}"
        lc_ctype: "{{ postgresql_database.lc_ctype | default(omit, true) }}"
        lc_collate: "{{ postgresql_database.lc_collate | default(omit, true) }}"
        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
      vars:
        postgresql_database_state: "{{ postgresql_database.state | default('present', true) }}"
      loop: "{{ postgresql_databases | default([]) }}"
      loop_control:
        loop_var: postgresql_database
        label: "{{ postgresql_database.name }}"
--- a/playbooks/postgresql_host_based_authentication.yml
+++ b/playbooks/postgresql_host_based_authentication.yml
@ -1,23 +0,0 @@
 ---
 - name: Configure postgresql host based authentications
  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
  become: "{{ postgresql_become | default(false, true) }}"
  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
  tasks:
    - name: Configure individual postgresql host based authentication
      community.postgresql.postgresql_pg_hba:
        dest: "{{ postgresql_pg_hba_conf_file }}"
        users: "{{ postgresql_auth.users | default(omit) }}"
        databases: "{{ postgresql_auth.databases | default(omit) }}"
        contype: "{{ postgresql_auth.contype }}"
        state: "{{ postgresql_auth_state }}"
        method: "{{ postgresql_auth.method | default(omit, true) }}"
        options: "{{ postgresql_auth.options | default(omit, true) }}"
        address: "{{ postgresql_auth.address | default(omit, true) }}"
        netmask: "{{ postgresql_auth.netmask | default(omit, true) }}"
      vars:
        postgresql_auth_state: "{{ postgresql_auth.state | default('present', true) }}"
      loop: "{{ postgresql_authentications | default([]) }}"
      loop_control:
        loop_var: postgresql_auth
        label: "{{ postgresql_auth.users }}@{{ postgresql_auth.databases }}"
--- a/playbooks/postgresql_user.yml
+++ b/playbooks/postgresql_user.yml
@ -1,24 +0,0 @@
 ---
 - name: Configure postgresql users
  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
  become: "{{ postgresql_become | default(false, true) }}"
  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
  tasks:
    - name: Configure individual postgresql user
      community.postgresql.postgresql_user:
        name: "{{ postgresql_user.name }}"
        state: "{{ postgresql_user_state }}"
        password: "{{ postgresql_user_password }}"
        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
      vars:
        postgresql_user_state: "{{ postgresql_user.state | default('present', true) }}"
        postgresql_user_password: >-2
          {{ (postgresql_user_state != 'absent') | ternary(postgresql_user.password, omit) }}
      loop: "{{ postgresql_users | default([]) }}"
      loop_control:
        loop_var: postgresql_user
        label: "{{ postgresql_user.name }}"
--- a/roles/elasticsearch/defaults/main.yml
+++ b/roles/elasticsearch/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-elasticsearch_version: "8.18.0"
+elasticsearch_version: "8.17.0"
 elasticsearch_state: present
 elasticsearch_base_path: /opt/elasticsearch
--- a/roles/mariadb/defaults/main.yml
+++ b/roles/mariadb/defaults/main.yml
@ -1,10 +1,9 @@
 ---
-mariadb_version: "10.11.11"
+mariadb_version: "10.11.10"
 mariadb_base_path: /var/lib/mariadb
 mariadb_data_path: >-2
  {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }}
 mariadb_state: present
 mariadb_deployment_method: docker
 mariadb_root_password: ~
 mariadb_database: ~
--- a/roles/mariadb/tasks/deploy-docker.yml
+++ b/roles/mariadb/tasks/deploy-docker.yml
@ -1,20 +0,0 @@
 ---
 - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
  community.docker.docker_image:
    name: "{{ mariadb_container_image }}"
    state: "{{ mariadb_state }}"
    source: "{{ mariadb_container_image_source }}"
    force_source: "{{ mariadb_container_image_force_source }}"
 - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
  community.docker.docker_container:
    name: "{{ mariadb_container_name }}"
    image: "{{ mariadb_container_image }}"
    env: "{{ mariadb_container_environment }}"
    ports: "{{ mariadb_container_ports | default(omit, true) }}"
    labels: "{{ mariadb_container_labels | default(omit, true) }}"
    volumes: "{{ mariadb_container_volumes }}"
    networks: "{{ mariadb_container_networks | default(omit, true) }}"
    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
    restart_policy: "{{ mariadb_container_restart_policy }}"
    state: "{{ mariadb_container_state }}"
--- a/roles/mariadb/tasks/deploy-podman.yml
+++ b/roles/mariadb/tasks/deploy-podman.yml
@ -1,20 +0,0 @@
 ---
 - name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
  containers.podman.podman_image:
    name: "{{ mariadb_container_image }}"
    state: "{{ mariadb_state }}"
    pull: "{{ (mariadb_container_image_source == 'pull') | bool }}"
    force: "{{ mariadb_container_image_force_source }}"
 - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
  containers.podman.podman_container:
    name: "{{ mariadb_container_name }}"
    image: "{{ mariadb_container_image }}"
    env: "{{ mariadb_container_environment }}"
    ports: "{{ mariadb_container_ports | default(omit, true) }}"
    labels: "{{ mariadb_container_labels | default(omit, true) }}"
    volumes: "{{ mariadb_container_volumes }}"
    network: "{{ mariadb_container_networks | default(omit, true) }}"
    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
    restart_policy: "{{ mariadb_container_restart_policy }}"
    state: "{{ mariadb_container_state }}"
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@ -1,19 +1,20 @@
 ---
- name: Ensure mariadb state parameter is valid
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
-  ansible.builtin.fail:
+  community.docker.docker_image:
-    msg: >-2
+    name: "{{ mariadb_container_image }}"
-      Unknown state '{{ mariadb_state }}'!
+    state: "{{ mariadb_state }}"
-      Supported states are {{ mariadb_states | join(', ') }}
+    source: "{{ mariadb_container_image_source }}"
-  when: mariadb_state not in mariadb_states
+    force_source: "{{ mariadb_container_image_force_source }}"
 - name: Ensure deployment method is valid
  ansible.builtin.fail:
    msg: >-2
      Unknown deployment method '{{ mariadb_deployment_method }}'!
      Supported deployment methods are {{ mariadb_deployment_methods | join(', ') }}
  when: mariadb_deployment_method not in mariadb_deployment_methods
 - name: Ensure mariadb is deployed using {{ mariadb_deployment_method }}
  ansible.builtin.include_tasks:
    file: "deploy-{{ mariadb_deployment_method }}.yml"
 - name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
  community.docker.docker_container:
    name: "{{ mariadb_container_name }}"
    image: "{{ mariadb_container_image }}"
    env: "{{ mariadb_container_environment }}"
    ports: "{{ mariadb_container_ports | default(omit, true) }}"
    labels: "{{ mariadb_container_labels | default(omit, true) }}"
    volumes: "{{ mariadb_container_volumes }}"
    networks: "{{ mariadb_container_networks | default(omit, true) }}"
    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
    restart_policy: "{{ mariadb_container_restart_policy }}"
    state: "{{ mariadb_container_state }}"
--- a/roles/mariadb/vars/main.yml
+++ b/roles/mariadb/vars/main.yml
@ -1,10 +1,4 @@
 ---
 mariadb_states:
  - present
  - absent
 mariadb_deployment_methods:
  - docker
  - podman
 mariadb_container_database_environment:
  MARIADB_DATABASE: "{{ mariadb_database }}"
--- a/roles/postgresql/defaults/main/config.yml
+++ b/roles/postgresql/defaults/main/config.yml
@ -1,8 +1,7 @@
 ---
 postgresql_config_connect_socket: true
 postgresql_config_unix_socket: "/var/run/postgresql"
 postgresql_config_unix_socket_directories:
-  - "{{ postgresql_config_unix_socket }}"
+  - "/var/run/postgresql"
 postgresql_config_listen_addresses:
  - '*'
 postgresql_config_port: 5432
--- a/roles/postgresql/defaults/main/container.yml
+++ b/roles/postgresql/defaults/main/container.yml
@ -18,7 +18,7 @@ postgresql_container_image: >-2
        ((postgresql_container_image_flavour is string)
          and (postgresql_container_image_flavour | length > 0))
        | ternary(
-          '-' + postgresql_container_image_flavour | default('', true),
+          '_' + postgresql_container_image_flavour | default('', true),
          '',
        )
      ),
@ -48,7 +48,7 @@ postgresql_container_config_volumes:
  - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
  - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
 postgresql_container_unix_socket_volumes:
-  - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
 postgresql_container_initdb_volumes: >-2
  {{ postgresql_container_base_volumes
    + postgresql_container_unix_socket_volumes
@ -69,7 +69,5 @@ postgresql_container_oom_kill: ~
 postgresql_container_oom_score_adj: ~
 postgresql_container_ulimits: ~
 postgresql_container_user_name: "postgres"
 postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}"
 postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
 postgresql_container_data_dir: "/var/lib/postgresql/data"
--- a/roles/postgresql/tasks/configure.yml
+++ b/roles/postgresql/tasks/configure.yml
@ -54,13 +54,7 @@
  vars:
    postgresql_login_host: >-2
      {{
        (
          (postgresql_deployment_method in ['docker'])
          | ternary(
            postgresql_unix_socket_path,
        (postgresql_config_unix_socket_directories | first)
          )
        )
        if postgresql_config_connect_socket else 
        (postgresql_container_info.container.NetworkSettings.IPAddress)
      }}
--- a/roles/postgresql/tasks/deploy-docker.yml
+++ b/roles/postgresql/tasks/deploy-docker.yml
@ -51,14 +51,12 @@
    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
    state: "{{ postgresql_container_state }}"
  when: ansible_facts['service_mgr'] == 'systemd'
  ignore_errors: "{{ ansible_check_mode }}"
 - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
  ansible.builtin.systemd:
    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
    enabled: "{{ postgresql_state == 'present' }}"
  when: ansible_facts['service_mgr'] == 'systemd'
  ignore_errors: "{{ ansible_check_mode }}"
 - name: Lookup {{ postgresql_data_path }}/global
  ansible.builtin.stat:
--- a/roles/postgresql/tasks/deploy-local.yml
+++ b/roles/postgresql/tasks/deploy-local.yml
@ -0,0 +1,11 @@
 ---
 - name: Ensure postgresql package is {{ postgresql_state }}
  ansible.builtin.package:
    name: "{{ postgresql_os_package_name }}"
    state: "{{ postgresql_state }}"
 - name: Ensure postgresql systemd unit is {{ (postgresql_state == 'present') | ternary('enabled', 'disabled') }}
  ansible.builtin.systemd:
    name: "{{ postgresql_systemd_service_name }}"
    enabled: "{{ (postgresql_state == 'present') }}"
  when: ansible_facts['service_mgr'] == 'systemd'
--- a/roles/postgresql/templates/postgresql-passwd.j2
+++ b/roles/postgresql/templates/postgresql-passwd.j2
@ -16,4 +16,4 @@ list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
 _apt:x:42:65534::/nonexistent:/usr/sbin/nologin
 nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-{{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash
+postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash
--- a/roles/postgresql/vars/main.yml
+++ b/roles/postgresql/vars/main.yml
@ -4,3 +4,4 @@ postgresql_states:
  - absent
 postgresql_deployment_methods:
  - docker
  - local
--- a/roles/valkey/defaults/main/main.yml
+++ b/roles/valkey/defaults/main/main.yml
@ -1,5 +1,5 @@
 ---
-valkey_version: "8.1.1"
+valkey_version: "8.0.1"
 valkey_state: "present"
 valkey_instance: ~
 valkey_instance_suffix: >-2
@ -9,8 +9,6 @@ valkey_user: >-2
  valkey{{ valkey_instance_suffix }}
 valkey_config_path: "/etc/valkey"
 valkey_config_path_owner: "root"
 valkey_config_path_group: "root"
 valkey_config_file: >-2
  {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf
 valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}"
--- a/roles/valkey/tasks/main.yml
+++ b/roles/valkey/tasks/main.yml
@ -39,8 +39,6 @@
    mode: "{{ path.mode | default('0755') }}"
  loop:
    - name: "{{ valkey_config_path }}"
      owner: "{{ valkey_config_path_owner }}"
      group: "{{ valkey_config_path_group }}"
    - name: "{{ valkey_data_path }}"
  loop_control:
    loop_var: "path"