ISTI-ansible-roles
/
ansible-role-postgresql
4
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Add support for CentOS.

This commit is contained in:
Andrea Dell'Amico 2020-07-30 14:14:39 +02:00
parent 517d48484c
commit dcff05b8e1
18 changed files with 550 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
defaults/main.yml
View File

@ -1,26 +1,58 @@
---
psql_enabled: True
pg_use_postgresql_org_repo: True
psql_postgresql_install: True
psql_pkg_state: present
postgresql_enabled: True
psql_pgpool_install: False
psql_pgpool_service_install: False
psql_pgpool_pkg_state: installed
psql_pgpool_pkg_state: present
# I prefer to use the postgresql.org repositories
#
# See the features matrix here: http://www.postgresql.org/about/featurematrix/
#
psql_version: 11
psql_version: 12
psql_db_host: localhost
psql_db_port: 5432
psql_db_size_w: 150000000
psql_db_size_c: 170000000
psql_listen_on_ext_int: False
psql_use_alternate_data_dir: False
# Deb/Ubuntu
psql_data_dir: '/var/lib/postgresql/{{ psql_version }}'
psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main'
psql_log_dir: /var/log/postgresql
# Debian/Ubuntu
postgresql_pkgs:
- 'postgresql-{{ psql_version }}'
- 'postgresql-contrib-{{ psql_version }}'
- 'postgresql-client-{{ psql_version }}'
- pgtop
- python-psycopg2
psql_el_install_scl_version: False
psql_el_install_from_pgdg_repo: True
psql_el_pgdg_repo_url: "https://ftp.postgresql.org/pub/repos/yum/{{ psql_version }}/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm"
psql_scl_base_dir: '/var/opt/rh/rh-postgresql{{ psql_version }}/lib/pgsql'
psql_el_base_dir: '/var/lib/pgsql/{{ psql_version }}'
psql_el_data_dir: '{{ psql_el_base_dir }}/data'
psql_el_conf_dir: '{{ psql_el_data_dir }}'
psql_el_pgdg_packages:
- 'postgresql{{ psql_version }}-server'
- 'postgresql{{ psql_version }}-contrib'
- 'pg_top{{ psql_version }}'
- pgcluu
- python-psycopg2
psql_el_scl_packages:
- rh-postgresql'{{ psql_version }}'-runtime
- rh-postgresql'{{ psql_version }}'-postgresql
- rh-postgresql'{{ psql_version }}'-postgresql-server
- rh-postgresql'{{ psql_version }}'-postgresql-contrib
- python-psycopg2
psql_conf_parameters:
- { name: 'max_connections', value: '100', set: 'False' }
- { name: 'shared_buffers', value: '24MB', set: 'False' }
@ -81,15 +113,6 @@ psql_sysctl_kernel_sharedmem_parameters:
- { name: 'kernel.shmmax', value: '33554432' }
- { name: 'kernel.shmall', value: '2097152' }
postgresql_pkgs:
- 'postgresql-{{ psql_version }}'
- 'postgresql-contrib-{{ psql_version }}'
- 'postgresql-client-{{ psql_version }}'
- pgtop
psql_ansible_needed_pkgs:
- python-psycopg2
psql_db_name: db_name
psql_db_user: db_user
psql_db_pwd: "We cannot save the password into the repository. Use another variable and change pgpass.j2 accordingly. Encrypt the file that contains the variable with ansible-vault"
@ -112,6 +135,10 @@ pgpool_pkgs:
- pgpool2
- iputils-arping
pgpool_el_pkgs:
- 'pgpool-II-{{ psql_version }}'
- 'pgpool-II-{{ psql_version }}-extensions'
pgpool_enabled: True
pgpool_listen_addresses: 'localhost'
pgpool_port: 5433
@ -209,11 +236,18 @@ psql_wal_files_conf:
# postgis
postgres_install_gis_extensions: False
postgres_gis_version: 2.5
postgres_gis_shortver: 25
postgres_gis_pkgs:
- 'postgresql-{{ psql_version }}-postgis-{{ postgres_gis_version }}'
postgres_el_gis_pkgs:
- 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}'
- 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}-client'
# Local backup
pg_backup_enabled: True
pg_el_backup_conf_dir: /etc/sysconfig
pg_backup_conf_dir: /etc/default
pg_backup_bin: /usr/local/sbin/postgresql-backup
pg_backup_pgdump_bin: /usr/bin/pg_dump
pg_backup_retain_copies: 2

33
handlers/main.yml
View File

@ -1,23 +1,46 @@
---
- name: Restart postgresql
service: name=postgresql state=restarted
when: postgresql_enabled
when: ansible_distribution_file_variety == "Debian"
- name: Reload postgresql
service: name=postgresql state=reloaded
when: postgresql_enabled
when: ansible_distribution_file_variety == "Debian"
- name: Reload pgpool2
service: name=pgpool2 state=reloaded
when: pgpool_enabled
when: ansible_distribution_file_variety == "Debian"
ignore_errors: True
- name: Restart pgpool2
service: name=pgpool2 state=restarted
when: pgpool_enabled
when: ansible_distribution_file_variety == "Debian"
- name: Restart postgresql with pgpool config
service: name=postgresql state=restarted
when:
- postgresql_enabled
- ansible_distribution_file_variety == "Debian"
- psql_restart_after_wal_enabling
- name: Restart postgresql
service: name='postgresql-{{ psql_version }}' state=restarted
when: ansible_distribution_file_variety == "RedHat"
- name: Reload postgresql
service: name='postgresql-{{ psql_version }}' state=reloaded
when: ansible_distribution_file_variety == "RedHat"
- name: Reload pgpool2
service: name='pgpool2-{{ psql_version }}' state=reloaded
when: ansible_distribution_file_variety == "RedHat"
ignore_errors: True
- name: Restart pgpool2
service: name='pgpool2-{{ psql_version }}' state=restarted
when: ansible_distribution_file_variety == "RedHat"
- name: Restart postgresql with pgpool config
service: name='postgresql-{{ psql_version }}' state=restarted
when:
- ansible_distribution_file_variety == "RedHat"
- psql_restart_after_wal_enabling

249
tasks/configure-access.yml
View File

@ -1,91 +1,182 @@
---
- name: Open the postgresql service to a specific zone.
firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
when:
- psql_listen_on_ext_int | bool
- firewalld_enabled | bool
- ansible_distribution_file_variety == "RedHat"
- name: Configure accesses on Deb/Ubuntu
block:
- name: Give access to the remote postgresql client
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int | bool
- psql_db_data is defined
- item.1 is defined
- not psql_force_ssl_client_connection | bool
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Give access to the remote postgresql client
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int | bool
- psql_db_data is defined
- item.1 is defined
- not psql_force_ssl_client_connection | bool
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Give access to the remote postgresql client, force ssl
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int | bool
- psql_db_data is defined
- item.1 is defined
- psql_force_ssl_client_connection | bool
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Give access to the remote postgresql client, force ssl
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int | bool
- psql_db_data is defined
- item.1 is defined
- psql_force_ssl_client_connection | bool
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
# No conditionals, it is needed to perform base backups when the WAL archive is active
- name: Give local access with replication privileges to the postgres user
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
# No conditionals, it is needed to perform base backups when the WAL archive is active
- name: Give local access with replication privileges to the postgres user
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Set the postgresql listen port
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
register: restart_postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the postgresql listen port
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
register: restart_postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: We want postgres listen on the public IP
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
register: restart_postgresql
when:
- psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: We want postgres listen on the public IP
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
register: restart_postgresql
when:
- psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
register: restart_postgresql
when:
- not psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
register: restart_postgresql
when:
- not psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the connections
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the connections
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the disconnections
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the disconnections
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the hostnames
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on"
register: restart_postgresql
when:
- psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the hostnames
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on"
register: restart_postgresql
when:
- psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the correct permissions to the postgresql files
file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
with_items:
- pg_hba.conf
- postgresql.conf
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
- name: Set the correct permissions to the postgresql files
file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
with_items:
- pg_hba.conf
- postgresql.conf
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
- name: Restart the postgresql server after changing parameters that need a restart
service: name=postgresql state=restarted
when:
- restart_postgresql is changed
ignore_errors: True
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
- name: Restart the postgresql server after changing parameters that need a restart
service: name=postgresql state=restarted
when:
- restart_postgresql is changed
ignore_errors: True
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
when: ansible_distribution_file_variety == "Debian"
- name: Configure accesses on EL
block:
- name: Open the postgresql service to a specific zone.
firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
when:
- psql_listen_on_ext_int | bool
- firewalld_enabled | bool
- name: Give access to the remote postgresql client
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int | bool
- psql_db_data is defined
- item.1 is defined
- not psql_force_ssl_client_connection | bool
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Give access to the remote postgresql client, force ssl
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int | bool
- psql_db_data is defined
- item.1 is defined
- psql_force_ssl_client_connection | bool
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
# No conditionals, it is needed to perform base backups when the WAL archive is active
- name: Give local access with replication privileges to the postgres user
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Set the postgresql listen port
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
register: restart_postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: We want postgres listen on the public IP
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
register: restart_postgresql
when:
- psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
register: restart_postgresql
when:
- not psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the connections
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_connections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the disconnections
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_disconnections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the hostnames
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_hostname value="on"
register: restart_postgresql
when:
- psql_listen_on_ext_int | bool
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the correct permissions to the postgresql files
file: dest={{ psql_el_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
with_items:
- pg_hba.conf
- postgresql.conf
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
- name: Restart the postgresql server after changing parameters that need a restart
service: name='postgresql-{{ psql_version }}' state=restarted
when:
- restart_postgresql is changed
ignore_errors: True
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
when: ansible_distribution_file_variety == "RedHat"

8
tasks/main.yml
View File

@ -1,6 +1,5 @@
---
- import_tasks: postgresql_org_repo.yml
when: pg_use_postgresql_org_repo
- import_tasks: packages.yml
when: psql_postgresql_install
- import_tasks: postgis.yml
@ -26,15 +25,14 @@
- psql_postgresql_install
- psql_db_data is defined
- import_tasks: postgresql-backup.yml
when:
- psql_postgresql_install
when: psql_postgresql_install
- import_tasks: pgpool-ii.yml
when: psql_pgpool_service_install
- import_tasks: postgresql-letsencrypt-acmetool.yml
when:
- letsencrypt_acme_install is defined
- letsencrypt_acme_install is defined and letsencrypt_acme_install
- import_tasks: pgpool-letsencrypt-acmetool.yml
when:
- letsencrypt_acme_install is defined
- letsencrypt_acme_install is defined and letsencrypt_acme_install

33
tasks/packages.yml
View File

@ -1,11 +1,38 @@
---
- block:
- name: Install the packages that ansible needs to manage the postgresql users and databases
apt: pkg={{ psql_ansible_needed_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
- name: install the postgresql packages
apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres' ]
- name: EL
block:
- name: install the postgresql packages from the pgdg repository
yum: pkg={{ psql_el_pgdg_packages }} state={{ psql_pkg_state }}
- name: Init the db if needed
command: /usr/pgsql-{{ psql_version }}/bin/postgresql-{{ psql_version }}-setup initdb
args:
creates: '{{ psql_data_dir }}/postgresql.conf'
when:
- not psql_install_scl_version
- ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres' ]
- name: EL from SCL
block:
- name: install the postgresql scl packages
yum: pkg={{ psql_el_scl_packages }} state={{ psql_pkg_state }}
- name: Init the db if needed
command: /opt/rh/rh-postgresql{{ psql_version }}/root/usr/bin/postgresql-setup --initdb
args:
creates: '{{ psql_data_dir }}/postgresql.conf'
when:
- psql_install_scl_version
- ansible_distribution_file_variety == "RedHat"
tags: [ 'scl', 'postgresql', 'postgres' ]

8
tasks/pgpool-ii.yml
View File

@ -49,7 +49,9 @@
- name: Start and enable pgpool2
service: name=pgpool2 state=started enabled=yes
when: pgpool_enabled
when:
- pgpool_enabled
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'pgpool', 'pcp_conf', 'pgpool_conf' ]
@ -72,7 +74,9 @@
- /sbin/ip_script
- /usr/local/bin/arping_script
when: not pgpool_enabled
when:
- not pgpool_enabled
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'pgpool' ]

2
tasks/pgpool-letsencrypt-acmetool.yml
View File

@ -4,7 +4,7 @@
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
template: src=pgpool-letsencrypt-acme.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
when:
- psql_pgpool_service_install

9
tasks/postgis.yml
View File

@ -1,6 +1,13 @@
---
- name: install the postgresql GIS packages
- name: install the postgresql GIS packages on deb/ubuntu
apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'postgis' ]
- name: install the postgresql GIS packages on EL
yum: pkg={{ postgres_el_gis_pkgs }} state={{ psql_pkg_state }}
notify: Restart postgresql
when: ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres', 'postgis' ]

133
tasks/postgres_pgpool.yml
View File

@ -1,75 +1,74 @@
---
- name: Install the packages needed by postgres when running behind a pgpool server
apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
when: psql_pgpool_install
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pgpool' ]
- name: Add the postgres user that will manage the recovery, if not postgres
become: True
become_user: postgres
postgresql_user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd }} role_attr_flags=REPLICATION port={{ psql_db_port }}
when:
- ('{{ pgpool_recovery_user }}' != 'postgres')
- pgpool_recovery_user_pwd is defined
- psql_pgpool_install
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'pgpool' ]
- name: Give access to the pgpool recovery user, if it is not postgres
lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_db_data is defined
- item.1 is defined
- pgpool_recovery_user_pwd is defined
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pgpool' ]
- name: Add the system user that will manage the recovery, if not postgres
user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd | password_hash('sha512') }} groups=postgres shell=/bin/bash system=yes
when:
- ('{{ pgpool_recovery_user }}' != 'postgres')
- pgpool_recovery_user_pwd is defined
tags: [ 'postgresql', 'postgres', 'pgpool' ]
- name: Create the ssh keys for the recovery user
user: user={{ pgpool_recovery_user }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa ssh_key_type=rsa
tags: [ 'postgresql', 'postgres', 'pgpool' ]
- name: Install the pgpool recovery and remote restart scripts. They assume that the postgresql hosts can talk to each other
template: src={{ item.1 }}.j2 dest={{ item.0.backend_data_directory }}/main/{{ item.1 }} owner=postgres group=postgres mode=0500
with_nested:
- '{{ pgpool_backends | default([]) }}'
- [ '{{ pgpool_recovery_stage1_script }}', '{{ pgpool_recovery_stage2_script }}', '{{ pgpool_remote_start_script }}' ]
tags: [ 'postgresql', 'postgres', 'pgpool' ]
- name: Set the postgresql configuration parameters needed by pgpool
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_wal_files_conf }}'
when:
- item.set
- psql_wal_files_archiving_enabled
notify: Restart postgresql with pgpool config
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]
- name: Add the pgpool postgres extensions to the template1 dbs
become: True
become_user: postgres
postgresql_ext: name={{ item }} db=template1 port={{ psql_db_port }}
with_items:
- pgpool_regclass
- pgpool_recovery
tags: [ 'postgresql', 'postgres', 'pg_extensions' ]
- name: Install the sudoers config that permits the postgres user to restart the service after a recovery
template: src=postgresql-sudoers.j2 dest=/etc/sudoers.d/postgres-pgpool owner=root group=root mode=0440
tags: [ 'postgres', 'postgresql', 'sudo', 'pgpool' ]
- name: Install a script that cleans up the wal log archives
template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=root mode=0755
tags: [ 'postgresql', 'postgres', 'pgpool' ]
- name: Install a cron job to cleanup the wal log archives
cron: name="Clean up the postgresql WAL log archives" user=postgres job="/usr/local/sbin/postgresql_wal_backup_and_removal > {{ psql_log_dir }}/wal_removal.log 2>&1" special_time=daily
- name: PgPool II configuration
block:
- name: Add the postgres user that will manage the recovery, if not postgres
become: True
become_user: postgres
postgresql_user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd }} role_attr_flags=REPLICATION port={{ psql_db_port }}
when:
- ('{{ pgpool_recovery_user }}' != 'postgres')
- pgpool_recovery_user_pwd is defined
- name: Give access to the pgpool recovery user, if it is not postgres
lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }} md5"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_db_data is defined
- item.1 is defined
- pgpool_recovery_user_pwd is defined
notify: Reload postgresql
- name: Add the system user that will manage the recovery, if not postgres
user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd | password_hash('sha512') }} groups=postgres shell=/bin/bash system=yes
when:
- ('{{ pgpool_recovery_user }}' != 'postgres')
- pgpool_recovery_user_pwd is defined
- name: Create the ssh keys for the recovery user
user: user={{ pgpool_recovery_user }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa ssh_key_type=rsa
- name: Install the pgpool recovery and remote restart scripts. They assume that the postgresql hosts can talk to each other
template: src={{ item.1 }}.j2 dest={{ item.0.backend_data_directory }}/main/{{ item.1 }} owner=postgres group=postgres mode=0500
with_nested:
- '{{ pgpool_backends | default([]) }}'
- [ '{{ pgpool_recovery_stage1_script }}', '{{ pgpool_recovery_stage2_script }}', '{{ pgpool_remote_start_script }}' ]
- name: Set the postgresql configuration parameters needed by pgpool
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_wal_files_conf }}'
when:
- item.set
- psql_wal_files_archiving_enabled
notify: Restart postgresql with pgpool config
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]
- name: Add the pgpool postgres extensions to the template1 dbs
become: True
become_user: postgres
postgresql_ext: name={{ item }} db=template1 port={{ psql_db_port }}
with_items:
- pgpool_regclass
- pgpool_recovery
tags: [ 'postgresql', 'postgres', 'pg_extensions' ]
- name: Install the sudoers config that permits the postgres user to restart the service after a recovery
template: src=postgresql-sudoers.j2 dest=/etc/sudoers.d/postgres-pgpool owner=root group=root mode=0440
tags: [ 'postgres', 'postgresql', 'sudo', 'pgpool' ]
- name: Install a script that cleans up the wal log archives
template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=root mode=0755
- name: Install a cron job to cleanup the wal log archives
cron: name="Clean up the postgresql WAL log archives" user=postgres job="/usr/local/sbin/postgresql_wal_backup_and_removal > {{ psql_log_dir }}/wal_removal.log 2>&1" special_time=daily
tags: [ 'postgresql', 'postgres', 'pgpool' ]

12
tasks/postgresql-backup.yml
View File

@ -1,6 +1,6 @@
---
- name: Backup script for the postgresql database(s)
copy: src=postgresql-backup.sh dest=/usr/local/sbin/postgresql-backup owner=root mode=0744
template: src=postgresql-backup.sh.j2 dest=/usr/local/sbin/postgresql-backup owner=root mode=0744
tags: [ 'pgbackup_cron', 'pg_backup', 'postgresql', 'postgres' ]
- name: daily cron job for the postgresql database(s) backup
@ -21,8 +21,14 @@
pgbackup_cron_step <= 12
tags: [ 'pgbackup_cron', 'pg_backup', 'postgresql', 'postgres' ]
- name: postgresql backup defaults
template: src=pg_backup-default.j2 dest=/etc/default/pg_backup owner=root mode=0744
- name: postgresql backup defaults on deb/Ubuntu
template: src=pg_backup-default.j2 dest={{ pg_backup_conf_dir }}/pg_backup owner=root mode=0744
when: ansible_distribution_file_variety == "Debian"
tags: [ 'pg_backup', 'postgresql', 'postgres', 'pg_db' ]
- name: postgresql backup defaults on EL
template: src=pg_backup-default.j2 dest={{ pg_el_backup_conf_dir }}/pg_backup owner=root mode=0744
when: ansible_distribution_file_variety == "RedHat"
tags: [ 'pg_backup', 'postgresql', 'postgres', 'pg_db' ]
- name: Create the postgresql backups data directory

123
tasks/postgresql-config.yml
View File

@ -1,5 +1,6 @@
---
- block:
- name: Data directory for Deb/Ubuntu
block:
- name: Check if the new postgresql data directory exists
stat: path={{ psql_data_dir }}
register: postgresql_data_dir
@ -26,33 +27,105 @@
service: name=postgresql state=started
when: postgresql_data_dir.stat.isdir is not defined
when: psql_use_alternate_data_dir
when:
- psql_use_alternate_data_dir
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set some postgresql configuration parameters that require a db restart
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_conf_parameters }}'
when: item.set == 'True'
notify: Restart postgresql
- name: Configuration of Deb/Ubuntu systems
block:
- name: Set some postgresql configuration parameters that require a db restart
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_conf_parameters }}'
when: item.set == 'True'
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the postgresql logging configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_log_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
- name: Set the postgresql autovacuum configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_autovacuum_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
when: ansible_distribution_file_variety == "Debian"
- name: Data directory for EL
block:
- name: Check if the new postgresql data directory exists
stat: path={{ psql_el_data_dir }}
register: postgresql_data_dir
- name: Stop the postgresql service while reconfiguring the data directory
service: name='postgresql-{{ psql_version }}' state=stopped
when: postgresql_data_dir.stat.isdir is not defined
- name: Create the postgresql data directory if it is not in the default place
file: dest={{ psql_el_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
- name: Set the postgresql data dir if it is different from the default
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_el_data_dir }}'"
- name: Copy the postgresql data directory into the new place
shell: '[ "/var/lib/pgsql/{{ psql_version }}/data" != "{{ psql_el_data_dir }}" ] && cp -a /var/lib/pgsql/{{ psql_version }}/data/* {{ psql_el_data_dir }}'
args:
creates: '{{ psql_el_data_dir }}/base'
when: postgresql_data_dir.stat.isdir is not defined
- name: Fix the SELinux rules
shell: semanage fcontext -a -a -t postgresql_db_t "{{ psql_el_base_dir }}(/.*)?" && restorecon -vR {{ psql_el_base_dir }}
- name: Start the postgresql service that will use the new data directory
service: name='postgresql-{{ psql_version }}' state=started
when: postgresql_data_dir.stat.isdir is not defined
when:
- psql_use_alternate_data_dir
- ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the postgresql logging configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_log_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
- name: Configuration of EL systems
block:
- name: Set some postgresql configuration parameters that require a db restart
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_conf_parameters }}'
when: item.set == 'True'
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the postgresql autovacuum configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_autovacuum_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
- name: Set the postgresql logging configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_log_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
- name: Set the postgresql autovacuum configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_autovacuum_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
when: ansible_distribution_file_variety == "RedHat"

2
tasks/postgresql-letsencrypt-acmetool.yml
View File

@ -4,7 +4,7 @@
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
template: src=postgresql-letsencrypt-acme.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
when:
- postgresql_letsencrypt_managed

22
tasks/postgresql-service-status.yml
View File

@ -1,11 +1,29 @@
---
- name: Ensure that the postgresql server is started
service: name=postgresql state=started enabled=yes
when: postgresql_enabled
when:
- postgresql_enabled
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres' ]
- name: Ensure that the postgresql server is stopped and disabled
service: name=postgresql state=stopped enabled=no
when: not postgresql_enabled
when:
- not postgresql_enabled
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres' ]
- name: Ensure that the postgresql server is started
service: name='postgresql-{{ psql_version }}' state=started enabled=yes
when:
- postgresql_enabled
- ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres' ]
- name: Ensure that the postgresql server is stopped and disabled
service: name='postgresql-{{ psql_version }}' state=stopped enabled=no
when:
- not postgresql_enabled
- ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres' ]

22
tasks/postgresql-ssl-config.yml
View File

@ -3,9 +3,18 @@
- name: Setup SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_ssl_parameters }}'
notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian"
- name: Setup SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_ssl_parameters }}'
notify: Restart postgresql
when: ansible_distribution_file_variety == "RedHat"
- name: Create the pki directory to store the postgresql key
file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750
@ -21,9 +30,18 @@
- name: Disable SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_disable_ssl_parameters }}'
notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian"
- name: Disable SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_disable_ssl_parameters }}'
notify: Restart postgresql
when: ansible_distribution_file_variety == "RedHat"
when: not psql_enable_ssl
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]

40
tasks/postgresql_org_repo.yml
View File

@ -1,15 +1,31 @@
---
- name: Get the signing key for the postgresql.org repository
apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present
when: pg_use_postgresql_org_repo
tags:
- postgresql
- postgresql_repo
- name: Debian or Ubuntu
block:
- name: Get the signing key for the postgresql.org repository
apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present
- name: Setup the postgresql.org repository
apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes
when: pg_use_postgresql_org_repo
tags:
- postgresql
- postgresql_repo
- name: Setup the postgresql.org repository
apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes
when:
- pg_use_postgresql_org_repo
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgresql_repo' ]
- name: EL
block:
- name: Install the pgsql pgdg repository
yum: name={{ psql_el_pgdg_repo_url }} state={{ psql_pkg_state }}
- name: install the postgresql packages from the pgdg repository
yum: pkg={{ psql_el_pgdg_packages }} state={{ psql_pkg_state }}
- name: Init the db if needed
command: /usr/pgsql-{{ psql_version }}/bin/postgresql{{ psql_version }}-setup initdb
args:
creates: '{{ psql_data_dir }}/postgresql.conf'
when:
- pg_use_postgresql_org_repo
- ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgresql_repo' ]

4
files/pgpool-letsencrypt-acme.sh → templates/pgpool-letsencrypt-acme.sh.j2
View File

@ -26,7 +26,11 @@ chgrp postgres ${PGPOOL2_KEYFILE}
echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log
if [ -x /bin/systemctl ] ; then
{% if ansible_distribution_file_variety == "Debian" %}
systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1
{% else %}
systemctl reload pgpool2-{{ psql_version }} >> $LE_LOG_DIR/pgpool2.log 2>&1
{% endif %}
else
service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1
fi

9
files/postgresql-backup.sh → templates/postgresql-backup.sh.j2
View File

@ -2,8 +2,13 @@
# Set up the environment
if [ -f /etc/default/pg_backup ] ; then
. /etc/default/pg_backup
{% if ansible_distribution_file_variety == "Debian" %}
if [ -f {{ pg_backup_conf_dir }}/pg_backup ] ; then
. {{ pg_backup_conf_dir }}/pg_backup
{% elif ansible_distribution_file_variety == "RedHat" %}
if [ -f {{ pg_el_backup_conf_dir }}/pg_backup ] ; then
. {{ pg_el_backup_conf_dir }}/pg_backup
{% endif %}
else
N_DAYS_TO_SPARE=7
USE_NAGIOS=no

6
files/postgresql-letsencrypt-acme.sh → templates/postgresql-letsencrypt-acme.sh.j2
View File

@ -26,7 +26,11 @@ chgrp postgres ${POSTGRESQL_KEYFILE}
echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log
if [ -x /bin/systemctl ] ; then
systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
{% if ansible_distribution_file_variety == "Debian" %}
systemctl reload postgresql >> $LE_LOG_DIR/pgpool2.log 2>&1
{% else %}
systemctl reload postgresql-{{ psql_version }} >> $LE_LOG_DIR/pgpool2.log 2>&1
{% endif %}
else
service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1
fi