From a61da112efcb5c300b9f49bde5d7788e45c21543 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 23 Mar 2021 15:21:20 +0100 Subject: [PATCH] Better defaults. Additional tag for the firewalld task. --- defaults/main.yml | 18 ++++++++++++------ tasks/configure-access.yml | 1 + 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index f319b0f..a77959c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -55,13 +55,17 @@ psql_el_scl_packages: - python-psycopg2 psql_conf_parameters: - - { name: 'max_connections', value: '100', set: 'False' } - - { name: 'shared_buffers', value: '24MB', set: 'False' } - - { name: 'temp_buffers', value: '8MB', set: 'False' } - - { name: 'work_mem', value: '1MB', set: 'False' } - - { name: 'maintenance_work_mem', value: '16MB', set: 'False' } + - { name: 'max_connections', value: '100', set: 'True' } + - { name: 'shared_buffers', value: '{{ (ansible_memtotal_mb / 4) | int }}MB', set: 'True' } + - { name: 'work_mem', value: '{{ ((ansible_memtotal_mb * 1024) / (400 * ansible_processor_vcpus)) | int }}kB', set: 'True' } + - { name: 'maintenance_work_mem', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' } + - { name: 'temp_buffers', value: '{{ ansible_memtotal_mb }}kB', set: 'True' } + - { name: 'wal_buffers', value: '{{ (ansible_memtotal_mb / 1024 * 2) | int }}MB', set: 'True' } + - { name: 'min_wal_size', value: '{{ (ansible_memtotal_mb / 16) | int }}MB', set: 'True' } + - { name: 'max_wal_size', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' } + - { name: 'effective_cache_size', value: '{{ (ansible_memtotal_mb / 1.3) | int }}MB', set: 'True' } - { name: 'max_stack_depth', value: '2MB', set: 'False' } - - { name: 'max_files_per_process', value: '1000', set: 'False' } + - { name: 'max_files_per_process', value: '8192', set: 'False' } # logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters psql_log_configuration: @@ -90,6 +94,8 @@ psql_autovacuum_configuration: - { name: 'autovacuum_analyze_threshold', value: '50', set: 'True' } - { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'True' } - { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'True' } + - { name: 'autovacuum_max_workers', value: '10', set: 'True' } + - { name: 'autovacuum_naptime', value: '10', set: 'True' } # SSL as a special case psql_enable_ssl: False diff --git a/tasks/configure-access.yml b/tasks/configure-access.yml index 80e51fe..b45000c 100644 --- a/tasks/configure-access.yml +++ b/tasks/configure-access.yml @@ -42,6 +42,7 @@ when: - psql_listen_on_ext_int - firewalld_enabled + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db', 'firewall', 'iptables_rules' ] - name: Give access to the remote postgresql client lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'