WIP: feat(postgresql): deploy directly (bare-metal)

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: databases
-version: 0.1.4
+version: 0.1.2
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
@@ -8,7 +8,6 @@ description: Collection for deploying and configuring databases
 dependencies:
   "community.docker": "^4.0.0"
   "community.postgresql": "^3.9.0"
-  "containers.podman": "^1.16.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'

playbooks/postgresql_client.yml

@@ -1,24 +0,0 @@
----
-- import_playbook: finallycoffee.databases.postgresql_user
-  vars:
-    postgresql_users:
-      - name: "{{ postgresql_client_username }}"
-        password: "{{ postgresql_client_password }}"
-- import_playbook: finallycoffee.databases.postgresql_database
-  vars:
-    postgresql_databases:
-      - name: "{{ postgresql_client_database }}"
-        owner: "{{ postgresql_client_username }}"
-        encoding: "{{ postgresql_client_database_encoding | default('UTF8', true) }}"
-        lc_ctype: "{{ postgresql_client_database_lc_ctype | default('en_US.UTF-8', true) }}"
-        lc_collate: "{{ postgresql_client_database_lc_collate | default('en_US.UTF-8', true) }}"
-- import_playbook: finallycoffee.databases.postgresql_host_based_authentication
-  vars:
-    postgresql_authentications:
-      - users: "{{ postgresql_client_username }}"
-        databases: "{{ postgresql_client_database }}"
-        contype: "{{ postgresql_client_database_contype | default('local') }}"
-        method: "{{ postgresql_client_database_auth_method | default('md5') }}"
-        options: "{{ postgresql_client_options | default(false, true) }}"
-        address: "{{ postgresql_client_address | default(false, true) }}"
-        netmask: "{{ postgresql_client_netmask | default(false, true) }}"

playbooks/postgresql_clients.yml

@@ -1,4 +0,0 @@
----
-- import_playbook: finallycoffee.databases.postgresql_user
-- import_playbook: finallycoffee.databases.postgresql_database
-- import_playbook: finallycoffee.databases.postgresql_host_based_authentication

playbooks/postgresql_database.yml

@@ -1,26 +0,0 @@
----
-- name: Configure postgresql databases
-  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
-  become: "{{ postgresql_become | default(false, true) }}"
-  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
-  tasks:
-    - name: Configure individual postgresql database
-      community.postgresql.postgresql_db:
-        name: "{{ postgresql_database.name }}"
-        owner: "{{ postgresql_database.owner | default(omit) }}"
-        state: "{{ postgresql_database_state }}"
-        template: "{{ postgresql_database.template | default(omit, true) }}"
-        encoding: "{{ postgresql_database.encoding | default(omit, true) }}"
-        lc_ctype: "{{ postgresql_database.lc_ctype | default(omit, true) }}"
-        lc_collate: "{{ postgresql_database.lc_collate | default(omit, true) }}"
-        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
-        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
-        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
-        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
-        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
-      vars:
-        postgresql_database_state: "{{ postgresql_database.state | default('present', true) }}"
-      loop: "{{ postgresql_databases | default([]) }}"
-      loop_control:
-        loop_var: postgresql_database
-        label: "{{ postgresql_database.name }}"

playbooks/postgresql_host_based_authentication.yml

@@ -1,23 +0,0 @@
----
-- name: Configure postgresql host based authentications
-  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
-  become: "{{ postgresql_become | default(false, true) }}"
-  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
-  tasks:
-    - name: Configure individual postgresql host based authentication
-      community.postgresql.postgresql_pg_hba:
-        dest: "{{ postgresql_pg_hba_conf_file }}"
-        users: "{{ postgresql_auth.users | default(omit) }}"
-        databases: "{{ postgresql_auth.databases | default(omit) }}"
-        contype: "{{ postgresql_auth.contype }}"
-        state: "{{ postgresql_auth_state }}"
-        method: "{{ postgresql_auth.method | default(omit, true) }}"
-        options: "{{ postgresql_auth.options | default(omit, true) }}"
-        address: "{{ postgresql_auth.address | default(omit, true) }}"
-        netmask: "{{ postgresql_auth.netmask | default(omit, true) }}"
-      vars:
-        postgresql_auth_state: "{{ postgresql_auth.state | default('present', true) }}"
-      loop: "{{ postgresql_authentications | default([]) }}"
-      loop_control:
-        loop_var: postgresql_auth
-        label: "{{ postgresql_auth.users }}@{{ postgresql_auth.databases }}"

playbooks/postgresql_user.yml

@@ -1,24 +0,0 @@
----
-- name: Configure postgresql users
-  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
-  become: "{{ postgresql_become | default(false, true) }}"
-  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
-  tasks:
-    - name: Configure individual postgresql user
-      community.postgresql.postgresql_user:
-        name: "{{ postgresql_user.name }}"
-        state: "{{ postgresql_user_state }}"
-        password: "{{ postgresql_user_password }}"
-        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
-        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
-        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
-        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
-        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
-      vars:
-        postgresql_user_state: "{{ postgresql_user.state | default('present', true) }}"
-        postgresql_user_password: >-2
-          {{ (postgresql_user_state != 'absent') | ternary(postgresql_user.password, omit) }}
-      loop: "{{ postgresql_users | default([]) }}"
-      loop_control:
-        loop_var: postgresql_user
-        label: "{{ postgresql_user.name }}"

roles/elasticsearch/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-elasticsearch_version: "8.18.0"
+elasticsearch_version: "8.17.0"
 elasticsearch_state: present
 
 elasticsearch_base_path: /opt/elasticsearch

roles/mariadb/defaults/main.yml

@@ -1,10 +1,9 @@
 ---
-mariadb_version: "10.11.11"
+mariadb_version: "10.11.10"
 mariadb_base_path: /var/lib/mariadb
 mariadb_data_path: >-2
   {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }}
 mariadb_state: present
-mariadb_deployment_method: docker
 
 mariadb_root_password: ~
 mariadb_database: ~

roles/mariadb/tasks/deploy-docker.yml

@@ -1,20 +0,0 @@
----
-- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
-  community.docker.docker_image:
-    name: "{{ mariadb_container_image }}"
-    state: "{{ mariadb_state }}"
-    source: "{{ mariadb_container_image_source }}"
-    force_source: "{{ mariadb_container_image_force_source }}"
-
-- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
-  community.docker.docker_container:
-    name: "{{ mariadb_container_name }}"
-    image: "{{ mariadb_container_image }}"
-    env: "{{ mariadb_container_environment }}"
-    ports: "{{ mariadb_container_ports | default(omit, true) }}"
-    labels: "{{ mariadb_container_labels | default(omit, true) }}"
-    volumes: "{{ mariadb_container_volumes }}"
-    networks: "{{ mariadb_container_networks | default(omit, true) }}"
-    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
-    restart_policy: "{{ mariadb_container_restart_policy }}"
-    state: "{{ mariadb_container_state }}"

roles/mariadb/tasks/deploy-podman.yml

@@ -1,20 +0,0 @@
----
-- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
-  containers.podman.podman_image:
-    name: "{{ mariadb_container_image }}"
-    state: "{{ mariadb_state }}"
-    pull: "{{ (mariadb_container_image_source == 'pull') | bool }}"
-    force: "{{ mariadb_container_image_force_source }}"
-
-- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
-  containers.podman.podman_container:
-    name: "{{ mariadb_container_name }}"
-    image: "{{ mariadb_container_image }}"
-    env: "{{ mariadb_container_environment }}"
-    ports: "{{ mariadb_container_ports | default(omit, true) }}"
-    labels: "{{ mariadb_container_labels | default(omit, true) }}"
-    volumes: "{{ mariadb_container_volumes }}"
-    network: "{{ mariadb_container_networks | default(omit, true) }}"
-    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
-    restart_policy: "{{ mariadb_container_restart_policy }}"
-    state: "{{ mariadb_container_state }}"

roles/mariadb/tasks/main.yml

@@ -1,19 +1,20 @@
 ---
-- name: Ensure mariadb state parameter is valid
-  ansible.builtin.fail:
-    msg: >-2
-      Unknown state '{{ mariadb_state }}'!
-      Supported states are {{ mariadb_states | join(', ') }}
-  when: mariadb_state not in mariadb_states
-
-- name: Ensure deployment method is valid
-  ansible.builtin.fail:
-    msg: >-2
-      Unknown deployment method '{{ mariadb_deployment_method }}'!
-      Supported deployment methods are {{ mariadb_deployment_methods | join(', ') }}
-  when: mariadb_deployment_method not in mariadb_deployment_methods
-
-- name: Ensure mariadb is deployed using {{ mariadb_deployment_method }}
-  ansible.builtin.include_tasks:
-    file: "deploy-{{ mariadb_deployment_method }}.yml"
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
+  community.docker.docker_image:
+    name: "{{ mariadb_container_image }}"
+    state: "{{ mariadb_state }}"
+    source: "{{ mariadb_container_image_source }}"
+    force_source: "{{ mariadb_container_image_force_source }}"
 
+- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
+  community.docker.docker_container:
+    name: "{{ mariadb_container_name }}"
+    image: "{{ mariadb_container_image }}"
+    env: "{{ mariadb_container_environment }}"
+    ports: "{{ mariadb_container_ports | default(omit, true) }}"
+    labels: "{{ mariadb_container_labels | default(omit, true) }}"
+    volumes: "{{ mariadb_container_volumes }}"
+    networks: "{{ mariadb_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ mariadb_container_restart_policy }}"
+    state: "{{ mariadb_container_state }}"

roles/mariadb/vars/main.yml

@@ -1,10 +1,4 @@
 ---
-mariadb_states:
-  - present
-  - absent
-mariadb_deployment_methods:
-  - docker
-  - podman
 
 mariadb_container_database_environment:
   MARIADB_DATABASE: "{{ mariadb_database }}"

roles/postgresql/defaults/main/config.yml

@@ -1,8 +1,7 @@
 ---
 postgresql_config_connect_socket: true
-postgresql_config_unix_socket: "/var/run/postgresql"
 postgresql_config_unix_socket_directories:
-  - "{{ postgresql_config_unix_socket }}"
+  - "/var/run/postgresql"
 postgresql_config_listen_addresses:
   - '*'
 postgresql_config_port: 5432

roles/postgresql/defaults/main/container.yml

@@ -18,7 +18,7 @@ postgresql_container_image: >-2
         ((postgresql_container_image_flavour is string)
           and (postgresql_container_image_flavour | length > 0))
         | ternary(
-          '-' + postgresql_container_image_flavour | default('', true),
+          '_' + postgresql_container_image_flavour | default('', true),
           '',
         )
       ),
@@ -48,7 +48,7 @@ postgresql_container_config_volumes:
   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
 postgresql_container_unix_socket_volumes:
-  - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
 postgresql_container_initdb_volumes: >-2
   {{ postgresql_container_base_volumes
     + postgresql_container_unix_socket_volumes
@@ -69,7 +69,5 @@ postgresql_container_oom_kill: ~
 postgresql_container_oom_score_adj: ~
 postgresql_container_ulimits: ~
 
-postgresql_container_user_name: "postgres"
-postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}"
 postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
 postgresql_container_data_dir: "/var/lib/postgresql/data"

roles/postgresql/tasks/configure.yml

@@ -54,13 +54,7 @@
   vars:
     postgresql_login_host: >-2
       {{
-        (
-          (postgresql_deployment_method in ['docker'])
-          | ternary(
-            postgresql_unix_socket_path,
         (postgresql_config_unix_socket_directories | first)
-          )
-        )
         if postgresql_config_connect_socket else 
         (postgresql_container_info.container.NetworkSettings.IPAddress)
       }}

roles/postgresql/tasks/deploy-docker.yml

@@ -51,14 +51,12 @@
     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
     state: "{{ postgresql_container_state }}"
   when: ansible_facts['service_mgr'] == 'systemd'
-  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
   ansible.builtin.systemd:
     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
     enabled: "{{ postgresql_state == 'present' }}"
   when: ansible_facts['service_mgr'] == 'systemd'
-  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Lookup {{ postgresql_data_path }}/global
   ansible.builtin.stat:

roles/postgresql/tasks/deploy-local.yml

@@ -0,0 +1,11 @@
+---
+- name: Ensure postgresql package is {{ postgresql_state }}
+  ansible.builtin.package:
+    name: "{{ postgresql_os_package_name }}"
+    state: "{{ postgresql_state }}"
+
+- name: Ensure postgresql systemd unit is {{ (postgresql_state == 'present') | ternary('enabled', 'disabled') }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_service_name }}"
+    enabled: "{{ (postgresql_state == 'present') }}"
+  when: ansible_facts['service_mgr'] == 'systemd'

roles/postgresql/templates/postgresql-passwd.j2

@@ -16,4 +16,4 @@ list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
 _apt:x:42:65534::/nonexistent:/usr/sbin/nologin
 nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-{{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash
+postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash

roles/postgresql/vars/main.yml

@@ -4,3 +4,4 @@ postgresql_states:
   - absent
 postgresql_deployment_methods:
   - docker
+  - local

roles/valkey/defaults/main/main.yml

@@ -1,5 +1,5 @@
 ---
-valkey_version: "8.1.1"
+valkey_version: "8.0.1"
 valkey_state: "present"
 valkey_instance: ~
 valkey_instance_suffix: >-2
@@ -9,8 +9,6 @@ valkey_user: >-2
   valkey{{ valkey_instance_suffix }}
 
 valkey_config_path: "/etc/valkey"
-valkey_config_path_owner: "root"
-valkey_config_path_group: "root"
 valkey_config_file: >-2
   {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf
 valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}"

roles/valkey/tasks/main.yml

@@ -39,8 +39,6 @@
     mode: "{{ path.mode | default('0755') }}"
   loop:
     - name: "{{ valkey_config_path }}"
-      owner: "{{ valkey_config_path_owner }}"
-      group: "{{ valkey_config_path_group }}"
     - name: "{{ valkey_data_path }}"
   loop_control:
     loop_var: "path"