2015-05-28 11:32:57 +02:00
---
2015-06-22 14:49:59 +02:00
pg_use_postgresql_org_repo : True
2015-05-28 11:32:57 +02:00
2016-10-05 15:25:49 +02:00
psql_postgresql_install : False
2016-03-01 18:43:30 +01:00
psql_pkg_state : installed
2016-03-01 18:01:41 +01:00
postgresql_enabled : True
psql_pgpool_install : False
2016-03-07 17:43:37 +01:00
psql_pgpool_service_install : False
2016-03-01 18:43:30 +01:00
psql_pgpool_pkg_state : installed
2015-05-28 11:32:57 +02:00
# 9.3 is the default version for Ubuntu trusty
# It is highly recommended to use the postgresql.org repositories
#
# See the features matrix here: http://www.postgresql.org/about/featurematrix/
#
2017-08-23 13:15:43 +02:00
psql_version : 9.6
2015-05-28 11:32:57 +02:00
psql_db_host : localhost
psql_db_port : 5432
psql_db_size_w : 150000000
psql_db_size_c : 170000000
psql_listen_on_ext_int : False
psql_use_alternate_data_dir : False
psql_data_dir : '/var/lib/postgresql/{{ psql_version }}'
2016-12-18 19:12:51 +01:00
psql_conf_dir : '/etc/postgresql/{{ psql_version }}/main'
2016-06-07 18:26:14 +02:00
psql_log_dir : /var/log/postgresql
2015-05-28 11:32:57 +02:00
psql_conf_parameters :
- { name: 'max_connections', value: '100', set : 'False' }
- { name: 'shared_buffers', value: '24MB', set : 'False' }
- { name: 'temp_buffers', value: '8MB', set : 'False' }
- { name: 'work_mem', value: '1MB', set : 'False' }
- { name: 'maintenance_work_mem', value: '16MB', set : 'False' }
- { name: 'max_stack_depth', value: '2MB', set : 'False' }
- { name: 'max_files_per_process', value: '1000', set : 'False' }
2017-08-23 14:06:58 +02:00
# logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters
psql_log_configuration :
- { name: 'log_destination', value: 'stderr', set : 'True' }
- { name: 'logging_collector', value: 'off', set : 'False' }
2017-08-23 16:41:17 +02:00
- { name: 'log_directory', value : "'{{ psql_log_dir }}'" , set : 'True' }
2017-08-23 14:06:58 +02:00
- { name: 'log_rotation_age', value: '1d', set : 'True' }
- { name: 'log_rotation_size', value: '10MB', set : 'True' }
- { name: 'client_min_messages', value: 'notice', set : 'True' }
- { name: 'log_min_messages', value: 'warning', set : 'True' }
- { name: 'log_min_error_statement', value: 'error', set : 'True' }
- { name: 'log_min_duration_statement', value: '-1', set : 'True' }
- { name: 'log_checkpoints', value: 'off', set : 'True' }
- { name: 'log_connections', value: 'on', set : 'True' }
- { name: 'log_disconnections', value: 'off', set : 'True' }
- { name: 'log_duration', value: 'off', set : 'True' }
- { name: 'log_error_verbosity', value: 'default', set : 'True' }
- { name: 'log_hostname', value: 'on', set : 'True' }
# Treat vacuum separately. Important: the parameters that need a restart must be listed in psql_conf_parameters
psql_autovacuum_configuration :
- { name: 'track_counts', value: 'on', set : 'True' }
- { name: 'autovacuum', value: 'on', set : 'True' }
- { name: 'log_autovacuum_min_duration', value: '-1', set : 'True' }
- { name: 'autovacuum_vacuum_threshold', value: '50', set : 'True' }
- { name: 'autovacuum_analyze_threshold', value: '50', set : 'True' }
- { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set : 'True' }
- { name: 'autovacuum_vacuum_cost_limit', value: '1000', set : 'True' }
2016-06-21 19:58:26 +02:00
# SSL as a special case
psql_enable_ssl : False
2016-07-12 16:19:48 +02:00
psql_force_ssl_client_connection : False
2017-11-21 18:06:23 +01:00
postgresql_letsencrypt_managed : '{{ psql_enable_ssl }}'
psql_ssl_privkey_global_file : '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
psql_ssl_privkey_file : /etc/pki/postgresql/postgresql.key
psql_ssl_cert_file : '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
psql_ssl_ca_file : '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
psql_conf_ssl_parameters :
2016-06-21 20:11:37 +02:00
- { name: 'ssl', value : 'true' }
2017-11-21 18:06:23 +01:00
- { name: 'ssl_cert_file', value : '{{ psql_ssl_cert_file }}' }
- { name: 'ssl_key_file', value : '{{ psql_ssl_privkey_path }}' }
- { name: 'ssl_ca_file', value : '{{ psql_ssl_ca_file }}' }
psql_conf_disable_ssl_parameters :
- { name: 'ssl', value : 'false' }
2016-06-21 19:58:26 +02:00
2015-05-28 11:32:57 +02:00
psql_set_shared_memory : False
psql_sysctl_file : 30 -postgresql-shm.conf
psql_sysctl_kernel_sharedmem_parameters :
- { name: 'kernel.shmmax', value : '33554432' }
- { name: 'kernel.shmall', value : '2097152' }
postgresql_pkgs :
2016-03-01 18:49:38 +01:00
- 'postgresql-{{ psql_version }}'
- 'postgresql-contrib-{{ psql_version }}'
- 'postgresql-client-{{ psql_version }}'
2015-05-28 11:32:57 +02:00
- pgtop
2016-03-07 17:43:37 +01:00
psql_ansible_needed_pkgs :
- python-psycopg2
2016-10-20 17:10:17 +02:00
2015-05-28 11:32:57 +02:00
psql_db_name : db_name
psql_db_user : db_user
psql_db_pwd : "We cannot save the password into the repository. Use another variable and change pgpass.j2 accordingly. Encrypt the file that contains the variable with ansible-vault"
2016-03-04 12:58:49 +01:00
# Those need to be installed on the postgresql server.
postgresql_pgpool_pkgs :
- 'postgresql-{{ psql_version }}-pgpool2'
2016-03-08 14:40:38 +01:00
#psql_db_data:
# Example of line needed to create a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory.
2016-09-13 16:34:08 +02:00
#- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: True }
2016-03-08 14:40:38 +01:00
# Example of line needed to manage the db accesses (used by iptables too), without creating the db and the user. Useful, for example, to give someone access to the postgresql db
2016-09-13 16:34:08 +02:00
#- { name: '{{ psql_db_name }}', user: '{{ psql_db_user }}', allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: False }
# Example of line needed to remove a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory.
#- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', managedb: True, roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], state=absent }
2016-03-08 14:40:38 +01:00
2016-03-02 17:47:05 +01:00
# pgpool-II
pgpool_pkgs :
- pgpool2
2016-10-20 17:10:17 +02:00
- iputils-arping
2015-05-28 11:32:57 +02:00
2016-03-08 14:40:38 +01:00
pgpool_enabled : True
pgpool_listen_addresses : 'localhost'
pgpool_port : 5433
pgpool_listen_backlog_multiplier : 2
2016-03-07 19:18:46 +01:00
pgpool_pcp_user : admin
# Define pcp_pwd in a vault file
2016-03-08 14:40:38 +01:00
pgpool_pcp_listen_addresses : '*'
pgpool_pcp_port : 9898
#pgpool_backends:
# - { id: 0, hostname: 'backend0', backend_port: '{{ psql_db_port }}', backend_weight: 1, backend_data_directory: '{{ psql_data_dir }}', backend_flag: 'ALLOW_TO_FAILOVER' }
pgpool_enable_pool_hba : 'on'
pgpool_pool_passwd : 'pool_passwd'
pgpool_num_init_children : 32
pgpool_max_pool : 4
pgpool_child_life_time : 300
pgpool_child_max_connections : 0
pgpool_connection_life_time : 0
pgpool_client_idle_limit : 0
pgpool_log_destination : syslog
pgpool_log_connections : 'on'
pgpool_log_hostname : 'on'
pgpool_log_statement : 'off'
pgpool_log_per_node_statement : 'off'
pgpool_debug_level : 0
pgpool_replication_mode : 'on'
pgpool_replicate_select : 'off'
pgpool_insert_lock : 'on'
pgpool_lobj_lock_table : ''
2016-04-07 18:12:21 +02:00
pgpool_replication_stop_on_mismatch : 'on'
2016-03-08 14:40:38 +01:00
pgpool_failover_if_affected_tuples_mismatch : 'off'
2016-06-07 18:26:14 +02:00
pgpool_recovery_timeout : 30
pgpool_client_idle_limit_in_recovery : -1
2016-03-08 14:40:38 +01:00
pgpool_load_balance_mode : 'on'
pgpool_ignore_leading_white_space : 'on'
2016-04-07 18:12:21 +02:00
pgpool_recovery_user : postgres
# pgpool_recovery_user_pwd: use a vault file for this one
pgpool_recovery_stage1_script : pgpool_recovery_stage_1
pgpool_recovery_stage2_script : pgpool_recovery_stage_2
2016-06-07 18:26:14 +02:00
pgpool_remote_start_script : pgpool_remote_start
2016-03-08 14:40:38 +01:00
pgpool_white_function_list : ''
pgpool_black_function_list : 'nextval,setval'
pgpool_allow_sql_comments : 'on'
pgpool_fail_over_on_backend_error : 'on'
pgpool_relcache_expire : 3600
pgpool_memory_cache_enabled : 'off'
pgpool_memqcache_method : memcached
pgpool_memqcache_memcached_host : localhost
pgpool_memqcache_memcached_port : 11211
pgpool_memqcache_expire : 0
pgpool_memqcache_auto_cache_invalidation : 'on'
2016-11-09 18:40:42 +01:00
pgpool_serialize_accept : 'off'
2016-10-20 17:10:17 +02:00
# HA and watchdog
pgpool_use_watchdog : 'off'
pgpool_wd_trusted_servers : 'localhost,localhost'
pgpool_wd_port : 9000
pgpool_wd_priority : 1
# Warning: setting pgpool_wd_heartbeat_mode to False enables
# the 'query mode' that is untested and not working without manual intervention
pgpool_wd_heartbeat_mode : True
pgpool_wd_heartbeat_port : 9694
pgpool_wd_heartbeat_keepalive_int : 3
pgpool_wd_heartbeat_deadtime : 30
pgpool_wd_heartbeat_dest0 : 'localhost'
pgpool_wd_heartbeat_dest0_port : '{{ pgpool_wd_heartbeat_port }}'
#pgpool_wd_authkey: 'set it inside a vault file'
2016-03-07 19:18:46 +01:00
2016-07-12 16:19:48 +02:00
# SSL as a special case
pgpool_enable_ssl : False
pgpool_letsencrypt_managed : True
pgpool_ssl_key : /etc/pki/pgpool2/pgpool2.key
pgpool_ssl_cert : '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
pgpool_ssl_ca : '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
pgpool_ssl_ca_dir : /etc/ssl/certs
2016-10-20 17:10:17 +02:00
pgpool_virtual_ip : 127.0 .0 .1
pgpool_virtual_netmask : 24
2016-07-12 16:19:48 +02:00
2016-06-07 18:26:14 +02:00
# WAL files archiving is mandatory for pgpool recovery
psql_wal_files_archiving_enabled : '{{ psql_pgpool_install }}'
psql_restart_after_wal_enabling : True
psql_wal_archiving_log_dir : '{{ psql_data_dir }}/archive_log'
psql_base_backup_dir : '{{ pg_backup_base_dir }}/base_backup'
psql_wal_files_conf :
- { name: 'wal_level', value: 'archive', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'wal_sync_method', value: 'fdatasync', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'full_page_writes', value: 'on', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'wal_log_hints', value: 'on', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'archive_mode', value: 'on', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'archive_command', value : "'test ! -f {{ psql_wal_archiving_log_dir }}/%f && cp %p {{ psql_wal_archiving_log_dir }}/%f'" , set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'archive_timeout', value: '120', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'max_wal_senders', value: '5', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'wal_sender_timeout', value: '60s', set : '{{ psql_wal_files_archiving_enabled }}' }
- { name: 'max_replication_slots', value: '5', set : '{{ psql_wal_files_archiving_enabled }}' }
2016-03-07 19:18:46 +01:00
2016-03-02 17:47:05 +01:00
# postgis
2015-05-28 11:32:57 +02:00
postgres_install_gis_extensions : False
2016-10-26 20:08:28 +02:00
postgres_gis_version : 2.3
2015-05-28 11:32:57 +02:00
postgres_gis_pkgs :
2016-03-01 18:49:38 +01:00
- 'postgresql-{{ psql_version }}-postgis-{{ postgres_gis_version }}'
2015-05-28 11:32:57 +02:00
2016-03-07 17:43:37 +01:00
# Local backup
2016-01-11 17:43:50 +01:00
pg_backup_enabled : True
2015-05-28 11:32:57 +02:00
pg_backup_bin : /usr/local/sbin/postgresql-backup
pg_backup_pgdump_bin : /usr/bin/pg_dump
2016-11-28 17:58:23 +01:00
pg_backup_retain_copies : 1
2015-05-28 11:32:57 +02:00
pg_backup_build_db_list : "no"
2016-01-11 17:43:50 +01:00
# Dynamically created from psql_db_data if pg_backup_db_list is not set
#pg_backup_db_list: '{{ psql_db_name}}'
2016-06-07 18:26:14 +02:00
pg_backup_base_dir : /var/lib/pgsql
pg_backup_destdir : '{{ pg_backup_base_dir }}/backups'
2015-05-28 11:32:57 +02:00
pg_backup_logdir : /var/log/postgresql
pg_backup_logfile : '{{ pg_backup_logdir }}/postgresql-backup.log'
pg_backup_use_auth : "yes"
pg_backup_pass_file : /root/.pgpass
pg_backup_use_nagios : "yes"