From 66caef7db143c8b75e444aa3c461f14cecde5a62 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 21 Jun 2016 23:24:48 +0200 Subject: [PATCH] library/roles/ckan/ckan: Lot of modifications so that the playbooks are able to install CKAN with the services distributed on different machines. library/roles/postgresql/tasks: Fix the SSL certificates paths. --- ckan/ckan/tasks/ckan.yml | 10 ++++++++-- ckan/ckan/tasks/enable-ckan.yml | 2 +- ckan/ckan/templates/pgpass.j2 | 8 ++++++++ postgresql/defaults/main.yml | 6 +++--- postgresql/tasks/postgresql-backup.yml | 4 ---- postgresql/tasks/postgresql-config.yml | 3 +++ postgresql/tasks/postgresql-ssl-config.yml | 2 +- 7 files changed, 24 insertions(+), 11 deletions(-) create mode 100644 ckan/ckan/templates/pgpass.j2 diff --git a/ckan/ckan/tasks/ckan.yml b/ckan/ckan/tasks/ckan.yml index 773a71a..2eaf0ea 100644 --- a/ckan/ckan/tasks/ckan.yml +++ b/ckan/ckan/tasks/ckan.yml @@ -17,10 +17,16 @@ - name: Create the base directory for the CKAN file storage file: dest={{ ckan_file_storage_dir }} state=directory owner={{ apache_user }} mode=0700 tags: ckan - + +- name: authorization file for the psql command, if the database is on a remote server + template: src=pgpass.j2 dest={{ pg_backup_pass_file }} owner=root mode=0600 + when: "'{{ psql_db_host }}' != 'localhost'" + tags: [ 'pg_backup', 'postgresql', 'postgres' ] + - name: Initialize the CKAN databases - shell: ckan db init ; ckan datastore set-permissions | su - postgres -c 'psql --set ON_ERROR_STOP=1' + shell: ckan db init ; ckan datastore set-permissions | psql --set ON_ERROR_STOP=1 -h {{ psql_db_host }} -U {{ ckan_db_user }} -w {{ ckan_datastore_db_name }} when: ( ckan_install | changed ) + ignore_errors: True tags: ckan - name: Create the pip cache directory with the right permissions diff --git a/ckan/ckan/tasks/enable-ckan.yml b/ckan/ckan/tasks/enable-ckan.yml index 7fe8e2d..07112c3 100644 --- a/ckan/ckan/tasks/enable-ckan.yml +++ b/ckan/ckan/tasks/enable-ckan.yml @@ -1,6 +1,6 @@ --- - name: Restart apache - service: name=apache state=restarted enabled=yes + service: name=apache2 state=restarted enabled=yes when: ( ckan_install | changed ) tags: ckan diff --git a/ckan/ckan/templates/pgpass.j2 b/ckan/ckan/templates/pgpass.j2 new file mode 100644 index 0000000..1586807 --- /dev/null +++ b/ckan/ckan/templates/pgpass.j2 @@ -0,0 +1,8 @@ +# Loop psql_db_data to add multiple databases +{% if psql_db_data is defined %} +{% for db in psql_db_data %} +{%if db.pwd is defined %} +{{ psql_db_host }}:{{ psql_db_port }}:{{ db.name }}:{{ db.user }}:{{ db.pwd }} +{% endif %} +{% endfor %} +{% endif %} diff --git a/postgresql/defaults/main.yml b/postgresql/defaults/main.yml index d4ec8a7..32e10d5 100644 --- a/postgresql/defaults/main.yml +++ b/postgresql/defaults/main.yml @@ -36,9 +36,9 @@ psql_enable_ssl: False postgresql_letsencrypt_managed: True psql_conf_ssl_parameters: - { name: 'ssl', value: 'true' } - - { name: 'ssl_cert_file', value: "'/var/lib/acme/live/{{ ansible_fqdn }}/cert'" } - - { name: 'ssl_key_file', value: "'/etc/pki/postgresql/postgresql.key'" } - - { name: 'ssl_ca_file', value: "'/var/lib/acme/live/{{ ansible_fqdn }}/chain'" } + - { name: 'ssl_cert_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' } + - { name: 'ssl_key_file', value: '/etc/pki/postgresql/postgresql.key' } + - { name: 'ssl_ca_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' } psql_set_shared_memory: False psql_sysctl_file: 30-postgresql-shm.conf diff --git a/postgresql/tasks/postgresql-backup.yml b/postgresql/tasks/postgresql-backup.yml index 3cda498..4e3dd81 100644 --- a/postgresql/tasks/postgresql-backup.yml +++ b/postgresql/tasks/postgresql-backup.yml @@ -11,10 +11,6 @@ template: src=pg_backup-default.j2 dest=/etc/default/pg_backup owner=root mode=0744 tags: [ 'pg_backup', 'postgresql', 'postgres' ] -- name: authorization file for the database backup - template: src=pgpass.j2 dest={{ pg_backup_pass_file }} owner=root mode=0600 - tags: [ 'pg_backup', 'postgresql', 'postgres' ] - - name: Create the postgresql backups data directory file: dest={{ pg_backup_destdir }} owner=postgres group=postgres mode=700 recurse=yes state=directory tags: [ 'pg_backup', 'postgresql', 'postgres' ] diff --git a/postgresql/tasks/postgresql-config.yml b/postgresql/tasks/postgresql-config.yml index b16ad51..35b6c10 100644 --- a/postgresql/tasks/postgresql-config.yml +++ b/postgresql/tasks/postgresql-config.yml @@ -17,3 +17,6 @@ notify: Restart postgresql tags: [ 'postgresql', 'postgres', 'pg_conf' ] +- name: authorization file for the psql command + template: src=pgpass.j2 dest={{ pg_backup_pass_file }} owner=root mode=0600 + tags: [ 'pg_backup', 'postgresql', 'postgres' ] diff --git a/postgresql/tasks/postgresql-ssl-config.yml b/postgresql/tasks/postgresql-ssl-config.yml index 9c76f06..d7b0986 100644 --- a/postgresql/tasks/postgresql-ssl-config.yml +++ b/postgresql/tasks/postgresql-ssl-config.yml @@ -1,6 +1,6 @@ --- - name: Setup ssl in the postgresql configuration - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}" + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" with_items: '{{ psql_conf_ssl_parameters }}' when: psql_enable_ssl notify: Restart postgresql