Compare commits
	
		
			1 Commits
		
	
	
		
			transcaffe
			...
			4bab5cd2e8
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 4bab5cd2e8 | 
| @@ -1,13 +1,12 @@ | ||||
| namespace: finallycoffee | ||||
| name: databases | ||||
| version: 0.1.2 | ||||
| version: 0.1.1 | ||||
| readme: README.md | ||||
| authors: | ||||
| - transcaffeine <transcaffeine@finally.coffee> | ||||
| description: Collection for deploying and configuring databases | ||||
| dependencies: | ||||
|   "community.docker": "^4.0.0" | ||||
|   "community.postgresql": "^3.9.0" | ||||
|   "community.docker": "^3.0.0" | ||||
| license_file: LICENSE.md | ||||
| build_ignore: | ||||
| - '*.tar.gz' | ||||
|   | ||||
| @@ -2,26 +2,3 @@ | ||||
|  | ||||
| PostgreSQL is the self proclaimed "world's most advanced" open source relational | ||||
| database. This ansible role can deploy and configure postgresql. | ||||
|  | ||||
| By default, the role configures the remote's effective ansible user with | ||||
| peer authentication for the (postgresql) role `postgres` on all databases (with all grants). | ||||
|  | ||||
| ## Required configuration | ||||
|  | ||||
| Set `postgresql_superuser_password` to your superusers desired password. | ||||
|  | ||||
| ## Optional configuration | ||||
|  | ||||
| Set `postgresql_major_version` to your desired postgresql major version, | ||||
| for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6). | ||||
|  | ||||
| This role can be executed multiple times with different | ||||
| `postgresql_major_version` values to provide new database versions for up-to- | ||||
| date applications and older versions for software which does not yet support | ||||
| them. Container name and host mounts encode the major version to prevent | ||||
| accidental usage of the 'wrong' `PGDATA` directory. | ||||
|  | ||||
| ## Requirements | ||||
|  | ||||
| - `psycopg2` (pip) package | ||||
| - `docker` (pip) package | ||||
|   | ||||
| @@ -8,7 +8,7 @@ postgresql_config_port: 5432 | ||||
|  | ||||
| postgresql_base_config: | ||||
|   listen_addresses: "{{ postgresql_config_listen_addresses }}" | ||||
|   unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}" | ||||
|   connect_socket: "{{ postgresql_config_connect_socket }}" | ||||
|   port: "{{ postgresql_config_port }}" | ||||
| postgresql_merged_config: >-2 | ||||
|   {{ postgresql_base_config | combine( | ||||
|   | ||||
| @@ -17,14 +17,15 @@ postgresql_pg_ident_conf_file: >-2 | ||||
|   {{ postgresql_config_path }}/pg_ident.conf | ||||
| postgresql_pg_hba_conf_file: >-2 | ||||
|   {{ postgresql_config_path }}/pg_hba.conf | ||||
| postgresql_admin_role: "postgres" | ||||
| postgresql_admin_role: "{{ postgresql_user }}" | ||||
| postgresql_admin_role_contype: local | ||||
| postgresql_admin_role_method: peer | ||||
| postgresql_admin_local_user: >-2 | ||||
|   {{ ansible_facts['user_id'] }} | ||||
| postgresql_admin_role_mapping_name: >-2 | ||||
|   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }} | ||||
| postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}" | ||||
| postgresql_admin_pg_ident_conf: >-2 | ||||
|   {{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }} | ||||
| postgresql_admin_pg_hba_conf_options: >-2 | ||||
|   map={{ postgresql_admin_role_mapping_name }} | ||||
| postgresql_superuser_password: ~ | ||||
|   | ||||
| @@ -1,11 +1,14 @@ | ||||
| --- | ||||
| - name: Configure postgresql | ||||
|   block: | ||||
| - name: Ensure postgresql superuser is set | ||||
|   community.postgresql.postgresql_user: | ||||
|     name: "{{ postgresql_admin_role }}" | ||||
|     password: "{{ postgresql_superuser_password }}" | ||||
|         login_host: "{{ postgresql_login_host }}" | ||||
|     login_host: >-2 | ||||
|       {{ | ||||
|         (postgresql_config_unix_socket_directories | first) | ||||
|         if postgresql_config_connect_socket else  | ||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||
|       }} | ||||
|   register: postgresql_superuser_password_result | ||||
|   until: "postgresql_superuser_password_result is succeeded" | ||||
|   retries: 10 | ||||
| @@ -14,31 +17,25 @@ | ||||
| - name: Ensure postgresql configuration is set | ||||
|   community.postgresql.postgresql_set: | ||||
|     name: "{{ option.key }}" | ||||
|         value: "{{ pg_option_value }}" | ||||
|         login_host: "{{ postgresql_login_host }}" | ||||
|     value: "{{ option.value }}" | ||||
|     login_host: >-2 | ||||
|       {{ | ||||
|         (postgresql_config_unix_socket_directories | first) | ||||
|         if postgresql_config_connect_socket else  | ||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||
|       }} | ||||
|     login_port: "{{ postgresql_config_port }}" | ||||
|         login_password: "{{ postgresql_superuser_password }}" | ||||
|       loop: "{{ postgresql_merged_config | dict2items }}" | ||||
|     login_password: #TODO | ||||
|   loop: "{{ postgresql_merged_options | dict2items }}" | ||||
|   loop_control: | ||||
|     loop_var: option | ||||
|       vars: | ||||
|         pg_option_value: >-2 | ||||
|           {{ | ||||
|             (option.value | join(' ')) | ||||
|             if (option.value is iterable | ||||
|               and option.value is not string | ||||
|               and option.value is not mapping) | ||||
|             else option.value | ||||
|           }} | ||||
|       register: postgresql_config_results | ||||
|  | ||||
| - name: Ensure postgresql configuration is reloaded | ||||
|   community.postgresql.postgresql_query: | ||||
|         db: "postgres" | ||||
|     query: "SELECT pg_reload_conf();" | ||||
|         login_host: "{{ postgresql_login_host }}" | ||||
|         login_port: "{{ postgresql_config_port }}" | ||||
|         login_password: "{{ postgresql_superuser_password }}" | ||||
|     login_host: #TODO | ||||
|     login_port: #TODO | ||||
|     login_password: #TODO | ||||
|  | ||||
| - name: Ensure restart handler is fired if required | ||||
|   debug: | ||||
| @@ -46,15 +43,7 @@ | ||||
|   when: result.changed | ||||
|   changed_when: "{{ result.restart_required }}" | ||||
|   notify: postgresql_restart | ||||
|       loop: "{{ postgresql_config_results.results }}" | ||||
|   loop: "{{ postgresql_config_results }}" | ||||
|   loop_control: | ||||
|     loop_var: result | ||||
|         label: "{{ result.option.key }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   vars: | ||||
|     postgresql_login_host: >-2 | ||||
|       {{ | ||||
|         (postgresql_config_unix_socket_directories | first) | ||||
|         if postgresql_config_connect_socket else  | ||||
|         (postgresql_container_info.container.NetworkSettings.IPAddress) | ||||
|       }} | ||||
|     label: "{{ result.option.name }}" | ||||
|   | ||||
| @@ -38,13 +38,12 @@ | ||||
|   when: | ||||
|     - ansible_facts['service_mgr'] == 'systemd' | ||||
|     - postgresql_state == 'present' | ||||
|   register: postgresql_systemd_tmpfile_correction_unit_info | ||||
|  | ||||
| - name: Ensure systemd is reloaded | ||||
|   ansible.builtin.systemd: | ||||
|     daemon_reload: true | ||||
|   when: | ||||
|     - postgresql_systemd_tmpfile_correction_unit_info.changed | ||||
|     - postgresql_systemd_tmpfile_correction_unit.changed | ||||
|  | ||||
| - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }} | ||||
|   ansible.builtin.systemd: | ||||
| @@ -58,20 +57,12 @@ | ||||
|     enabled: "{{ postgresql_state == 'present' }}" | ||||
|   when: ansible_facts['service_mgr'] == 'systemd' | ||||
|  | ||||
| - name: Lookup {{ postgresql_data_path }}/global | ||||
|   ansible.builtin.stat: | ||||
|     path: "{{ postgresql_data_path }}/global" | ||||
|     get_checksum: false | ||||
|   register: postgresql_global_data_info | ||||
|  | ||||
| - name: Initialize database if empty | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "initialize-docker.yml" | ||||
|   when: | ||||
|     - postgresql_state == 'present' | ||||
|     - not postgresql_global_data_info.stat.exists | ||||
|     - postgresql_global_data_info.stat.isdir is defined | ||||
|     - not postgresql_global_data_info.stat.isdir | ||||
|     # TODO: determine if initialization is needed | ||||
|  | ||||
| - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} | ||||
|   community.docker.docker_container: | ||||
|   | ||||
| @@ -1,11 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure postgresql package is {{ postgresql_state }} | ||||
|   ansible.builtin.package: | ||||
|     name: "{{ postgresql_os_package_name }}" | ||||
|     state: "{{ postgresql_state }}" | ||||
|  | ||||
| - name: Ensure postgresql systemd unit is {{ (postgresql_state == 'present') | ternary('enabled', 'disabled') }} | ||||
|   ansible.builtin.systemd: | ||||
|     name: "{{ postgresql_systemd_service_name }}" | ||||
|     enabled: "{{ (postgresql_state == 'present') }}" | ||||
|   when: ansible_facts['service_mgr'] == 'systemd' | ||||
| @@ -27,7 +27,7 @@ | ||||
|   block: | ||||
|     - name: Wait for container startup (socket) | ||||
|       ansible.builtin.wait_for: | ||||
|         path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}" | ||||
|         path: "{{ postgresql_config_unix_socket_directories | first  }}.s.PGSQL.{{ postgresql_config_port }}" | ||||
|       when: "postgresql_config_connect_socket | bool" | ||||
|     - name: Wait for container startup (port) | ||||
|       ansible.builtin.wait_for: | ||||
| @@ -45,3 +45,4 @@ | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ postgresql_container_name }}" | ||||
|     state: absent | ||||
|  | ||||
|   | ||||
| @@ -33,7 +33,6 @@ | ||||
|   loop: | ||||
|     - name: "{{ postgresql_config_path }}" | ||||
|     - name: "{{ postgresql_data_path }}" | ||||
|       mode: "0700" | ||||
|   loop_control: | ||||
|     loop_var: path | ||||
|     label: "{{ path.name }}" | ||||
| @@ -66,7 +65,3 @@ | ||||
| - name: Deploy postgresql using {{ postgresql_deployment_method }} | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "deploy-{{ postgresql_deployment_method }}.yml" | ||||
|  | ||||
| - name: Configure postgresql | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "configure.yml" | ||||
|   | ||||
| @@ -20,9 +20,8 @@ | ||||
|       line: "# Ansible managed" | ||||
|     - name: "{{ postgresql_pg_ident_conf_file }}" | ||||
|       insert_after: "# Ansible managed" | ||||
|       line: "{{ postgresql_admin_pg_ident_conf }}" | ||||
|       line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   notify: postgresql_restart | ||||
|  | ||||
| - name: Configure permissions for postgresql admin role | ||||
|   community.postgresql.postgresql_pg_hba: | ||||
| @@ -30,6 +29,5 @@ | ||||
|     contype: "{{ postgresql_admin_role_contype }}" | ||||
|     users: "{{ postgresql_admin_role }}" | ||||
|     method: "{{ postgresql_admin_role_method }}" | ||||
|     options: "{{ postgresql_admin_pg_hba_conf_options }}" | ||||
|     options: "map={{ ansible_user }}_{{ postgresql_admin_role }}" | ||||
|   when: postgresql_state == 'present' | ||||
|   notify: postgresql_restart | ||||
|   | ||||
| @@ -4,4 +4,3 @@ postgresql_states: | ||||
|   - absent | ||||
| postgresql_deployment_methods: | ||||
|   - docker | ||||
|   - local | ||||
|   | ||||
		Reference in New Issue
	
	Block a user