Better defaults. Additional tag for the firewalld task.

This commit is contained in:
Andrea Dell'Amico 2021-03-23 15:21:20 +01:00
parent c314c2f192
commit a61da112ef
2 changed files with 13 additions and 6 deletions

View File

@ -55,13 +55,17 @@ psql_el_scl_packages:
- python-psycopg2 - python-psycopg2
psql_conf_parameters: psql_conf_parameters:
- { name: 'max_connections', value: '100', set: 'False' } - { name: 'max_connections', value: '100', set: 'True' }
- { name: 'shared_buffers', value: '24MB', set: 'False' } - { name: 'shared_buffers', value: '{{ (ansible_memtotal_mb / 4) | int }}MB', set: 'True' }
- { name: 'temp_buffers', value: '8MB', set: 'False' } - { name: 'work_mem', value: '{{ ((ansible_memtotal_mb * 1024) / (400 * ansible_processor_vcpus)) | int }}kB', set: 'True' }
- { name: 'work_mem', value: '1MB', set: 'False' } - { name: 'maintenance_work_mem', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' }
- { name: 'maintenance_work_mem', value: '16MB', set: 'False' } - { name: 'temp_buffers', value: '{{ ansible_memtotal_mb }}kB', set: 'True' }
- { name: 'wal_buffers', value: '{{ (ansible_memtotal_mb / 1024 * 2) | int }}MB', set: 'True' }
- { name: 'min_wal_size', value: '{{ (ansible_memtotal_mb / 16) | int }}MB', set: 'True' }
- { name: 'max_wal_size', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' }
- { name: 'effective_cache_size', value: '{{ (ansible_memtotal_mb / 1.3) | int }}MB', set: 'True' }
- { name: 'max_stack_depth', value: '2MB', set: 'False' } - { name: 'max_stack_depth', value: '2MB', set: 'False' }
- { name: 'max_files_per_process', value: '1000', set: 'False' } - { name: 'max_files_per_process', value: '8192', set: 'False' }
# logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters # logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters
psql_log_configuration: psql_log_configuration:
@ -90,6 +94,8 @@ psql_autovacuum_configuration:
- { name: 'autovacuum_analyze_threshold', value: '50', set: 'True' } - { name: 'autovacuum_analyze_threshold', value: '50', set: 'True' }
- { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'True' } - { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'True' }
- { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'True' } - { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'True' }
- { name: 'autovacuum_max_workers', value: '10', set: 'True' }
- { name: 'autovacuum_naptime', value: '10', set: 'True' }
# SSL as a special case # SSL as a special case
psql_enable_ssl: False psql_enable_ssl: False

View File

@ -42,6 +42,7 @@
when: when:
- psql_listen_on_ext_int - psql_listen_on_ext_int
- firewalld_enabled - firewalld_enabled
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db', 'firewall', 'iptables_rules' ]
- name: Give access to the remote postgresql client - name: Give access to the remote postgresql client
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440' lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'