From 62766b201d868d93e4b0167ac0f549e2a6662690 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Sun, 18 Dec 2016 19:12:51 +0100 Subject: [PATCH] library/roles/postgresql: The conf directory is now a variable. --- postgresql/defaults/main.yml | 1 + postgresql/tasks/configure-access.yml | 26 ++++++++++---------------- postgresql/tasks/postgresql-config.yml | 4 ++-- 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/postgresql/defaults/main.yml b/postgresql/defaults/main.yml index 496de592..e3f85fc5 100644 --- a/postgresql/defaults/main.yml +++ b/postgresql/defaults/main.yml @@ -20,6 +20,7 @@ psql_db_size_c: 170000000 psql_listen_on_ext_int: False psql_use_alternate_data_dir: False psql_data_dir: '/var/lib/postgresql/{{ psql_version }}' +psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main' psql_log_dir: /var/log/postgresql psql_conf_parameters: - { name: 'max_connections', value: '100', set: 'False' } diff --git a/postgresql/tasks/configure-access.yml b/postgresql/tasks/configure-access.yml index ca4ff1fc..89e481b9 100644 --- a/postgresql/tasks/configure-access.yml +++ b/postgresql/tasks/configure-access.yml @@ -1,12 +1,6 @@ --- -# -# To give postgresql access to remote clients you need to define something like that: -# -# psql_db_data: -# - { name: 'db_name', user: 'db_user', pwd: 'db_pwd', allowed_hosts: [ '146.48.123.17/32', '146.48.122.110/32' ] } -# - name: Give access to the remote postgresql client - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" with_subelements: - '{{ psql_db_data | default([]) }}' - allowed_hosts @@ -19,7 +13,7 @@ tags: [ 'postgresql', 'postgres', 'pg_hba' ] - name: Give access to the remote postgresql client, force ssl - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" with_subelements: - '{{ psql_db_data | default([]) }}' - allowed_hosts @@ -33,17 +27,17 @@ # No conditionals, it is needed to perform base backups when the WAL archive is active - name: Give local access with replication privileges to the postgres user - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" + lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" notify: Reload postgresql tags: [ 'postgresql', 'postgres', 'pg_hba' ] - name: Set the postgresql listen port - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=port value="{{ psql_db_port }}" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}" register: restart_postgresql tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: We want postgres listen on the public IP - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=listen_addresses value="'*'" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'" register: restart_postgresql when: - psql_listen_on_ext_int @@ -51,7 +45,7 @@ tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: If postgresql is only accessed from localhost make it listen only on the localhost interface - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=listen_addresses value="'localhost'" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'" register: restart_postgresql when: - not psql_listen_on_ext_int @@ -59,19 +53,19 @@ tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: Log the connections - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_connections value="on" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on" register: restart_postgresql when: psql_db_data is defined tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: Log the disconnections - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_disconnections value="on" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on" register: restart_postgresql when: psql_db_data is defined tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: Log the hostnames - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_hostname value="on" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on" register: restart_postgresql when: - psql_listen_on_ext_int @@ -79,7 +73,7 @@ tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: Set the correct permissions to the postgresql files - file: dest=/etc/postgresql/{{ psql_version }}/main/{{ item }} owner=root group=postgres mode=0640 + file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640 with_items: - pg_hba.conf - postgresql.conf diff --git a/postgresql/tasks/postgresql-config.yml b/postgresql/tasks/postgresql-config.yml index b16ad51c..b415d31c 100644 --- a/postgresql/tasks/postgresql-config.yml +++ b/postgresql/tasks/postgresql-config.yml @@ -5,13 +5,13 @@ tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: Set the postgresql data dir if it is different from the default - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'" notify: Restart postgresql when: psql_use_alternate_data_dir tags: [ 'postgresql', 'postgres', 'pg_conf' ] - name: Set some postgresql configuration parameters - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" with_items: '{{ psql_conf_parameters }}' when: item.set == 'True' notify: Restart postgresql