Add support for CentOS.
This commit is contained in:
parent
517d48484c
commit
dcff05b8e1
|
@ -1,26 +1,58 @@
|
|||
---
|
||||
psql_enabled: True
|
||||
pg_use_postgresql_org_repo: True
|
||||
|
||||
psql_postgresql_install: True
|
||||
psql_pkg_state: present
|
||||
postgresql_enabled: True
|
||||
psql_pgpool_install: False
|
||||
psql_pgpool_service_install: False
|
||||
psql_pgpool_pkg_state: installed
|
||||
psql_pgpool_pkg_state: present
|
||||
# I prefer to use the postgresql.org repositories
|
||||
#
|
||||
# See the features matrix here: http://www.postgresql.org/about/featurematrix/
|
||||
#
|
||||
psql_version: 11
|
||||
psql_version: 12
|
||||
psql_db_host: localhost
|
||||
psql_db_port: 5432
|
||||
psql_db_size_w: 150000000
|
||||
psql_db_size_c: 170000000
|
||||
psql_listen_on_ext_int: False
|
||||
psql_use_alternate_data_dir: False
|
||||
# Deb/Ubuntu
|
||||
psql_data_dir: '/var/lib/postgresql/{{ psql_version }}'
|
||||
psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main'
|
||||
psql_log_dir: /var/log/postgresql
|
||||
|
||||
# Debian/Ubuntu
|
||||
postgresql_pkgs:
|
||||
- 'postgresql-{{ psql_version }}'
|
||||
- 'postgresql-contrib-{{ psql_version }}'
|
||||
- 'postgresql-client-{{ psql_version }}'
|
||||
- pgtop
|
||||
- python-psycopg2
|
||||
|
||||
psql_el_install_scl_version: False
|
||||
psql_el_install_from_pgdg_repo: True
|
||||
psql_el_pgdg_repo_url: "https://ftp.postgresql.org/pub/repos/yum/{{ psql_version }}/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm"
|
||||
psql_scl_base_dir: '/var/opt/rh/rh-postgresql{{ psql_version }}/lib/pgsql'
|
||||
psql_el_base_dir: '/var/lib/pgsql/{{ psql_version }}'
|
||||
psql_el_data_dir: '{{ psql_el_base_dir }}/data'
|
||||
psql_el_conf_dir: '{{ psql_el_data_dir }}'
|
||||
|
||||
psql_el_pgdg_packages:
|
||||
- 'postgresql{{ psql_version }}-server'
|
||||
- 'postgresql{{ psql_version }}-contrib'
|
||||
- 'pg_top{{ psql_version }}'
|
||||
- pgcluu
|
||||
- python-psycopg2
|
||||
|
||||
psql_el_scl_packages:
|
||||
- rh-postgresql'{{ psql_version }}'-runtime
|
||||
- rh-postgresql'{{ psql_version }}'-postgresql
|
||||
- rh-postgresql'{{ psql_version }}'-postgresql-server
|
||||
- rh-postgresql'{{ psql_version }}'-postgresql-contrib
|
||||
- python-psycopg2
|
||||
|
||||
psql_conf_parameters:
|
||||
- { name: 'max_connections', value: '100', set: 'False' }
|
||||
- { name: 'shared_buffers', value: '24MB', set: 'False' }
|
||||
|
@ -81,15 +113,6 @@ psql_sysctl_kernel_sharedmem_parameters:
|
|||
- { name: 'kernel.shmmax', value: '33554432' }
|
||||
- { name: 'kernel.shmall', value: '2097152' }
|
||||
|
||||
postgresql_pkgs:
|
||||
- 'postgresql-{{ psql_version }}'
|
||||
- 'postgresql-contrib-{{ psql_version }}'
|
||||
- 'postgresql-client-{{ psql_version }}'
|
||||
- pgtop
|
||||
|
||||
psql_ansible_needed_pkgs:
|
||||
- python-psycopg2
|
||||
|
||||
psql_db_name: db_name
|
||||
psql_db_user: db_user
|
||||
psql_db_pwd: "We cannot save the password into the repository. Use another variable and change pgpass.j2 accordingly. Encrypt the file that contains the variable with ansible-vault"
|
||||
|
@ -112,6 +135,10 @@ pgpool_pkgs:
|
|||
- pgpool2
|
||||
- iputils-arping
|
||||
|
||||
pgpool_el_pkgs:
|
||||
- 'pgpool-II-{{ psql_version }}'
|
||||
- 'pgpool-II-{{ psql_version }}-extensions'
|
||||
|
||||
pgpool_enabled: True
|
||||
pgpool_listen_addresses: 'localhost'
|
||||
pgpool_port: 5433
|
||||
|
@ -209,11 +236,18 @@ psql_wal_files_conf:
|
|||
# postgis
|
||||
postgres_install_gis_extensions: False
|
||||
postgres_gis_version: 2.5
|
||||
postgres_gis_shortver: 25
|
||||
postgres_gis_pkgs:
|
||||
- 'postgresql-{{ psql_version }}-postgis-{{ postgres_gis_version }}'
|
||||
|
||||
postgres_el_gis_pkgs:
|
||||
- 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}'
|
||||
- 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}-client'
|
||||
|
||||
# Local backup
|
||||
pg_backup_enabled: True
|
||||
pg_el_backup_conf_dir: /etc/sysconfig
|
||||
pg_backup_conf_dir: /etc/default
|
||||
pg_backup_bin: /usr/local/sbin/postgresql-backup
|
||||
pg_backup_pgdump_bin: /usr/bin/pg_dump
|
||||
pg_backup_retain_copies: 2
|
||||
|
|
|
@ -1,23 +1,46 @@
|
|||
---
|
||||
- name: Restart postgresql
|
||||
service: name=postgresql state=restarted
|
||||
when: postgresql_enabled
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Reload postgresql
|
||||
service: name=postgresql state=reloaded
|
||||
when: postgresql_enabled
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Reload pgpool2
|
||||
service: name=pgpool2 state=reloaded
|
||||
when: pgpool_enabled
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
ignore_errors: True
|
||||
|
||||
- name: Restart pgpool2
|
||||
service: name=pgpool2 state=restarted
|
||||
when: pgpool_enabled
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Restart postgresql with pgpool config
|
||||
service: name=postgresql state=restarted
|
||||
when:
|
||||
- postgresql_enabled
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
- psql_restart_after_wal_enabling
|
||||
|
||||
- name: Restart postgresql
|
||||
service: name='postgresql-{{ psql_version }}' state=restarted
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Reload postgresql
|
||||
service: name='postgresql-{{ psql_version }}' state=reloaded
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Reload pgpool2
|
||||
service: name='pgpool2-{{ psql_version }}' state=reloaded
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
ignore_errors: True
|
||||
|
||||
- name: Restart pgpool2
|
||||
service: name='pgpool2-{{ psql_version }}' state=restarted
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Restart postgresql with pgpool config
|
||||
service: name='postgresql-{{ psql_version }}' state=restarted
|
||||
when:
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
- psql_restart_after_wal_enabling
|
||||
|
|
|
@ -1,91 +1,182 @@
|
|||
---
|
||||
- name: Open the postgresql service to a specific zone.
|
||||
firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- firewalld_enabled | bool
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
- name: Configure accesses on Deb/Ubuntu
|
||||
block:
|
||||
- name: Give access to the remote postgresql client
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- not psql_force_ssl_client_connection | bool
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
- name: Give access to the remote postgresql client
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- not psql_force_ssl_client_connection | bool
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
- name: Give access to the remote postgresql client, force ssl
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- psql_force_ssl_client_connection | bool
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
- name: Give access to the remote postgresql client, force ssl
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- psql_force_ssl_client_connection | bool
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
# No conditionals, it is needed to perform base backups when the WAL archive is active
|
||||
- name: Give local access with replication privileges to the postgres user
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
# No conditionals, it is needed to perform base backups when the WAL archive is active
|
||||
- name: Give local access with replication privileges to the postgres user
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
- name: Set the postgresql listen port
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
|
||||
register: restart_postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Set the postgresql listen port
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
|
||||
register: restart_postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
- name: We want postgres listen on the public IP
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: We want postgres listen on the public IP
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- not psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- not psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
- name: Log the connections
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on"
|
||||
register: restart_postgresql
|
||||
when: psql_db_data is defined
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Log the connections
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on"
|
||||
register: restart_postgresql
|
||||
when: psql_db_data is defined
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
- name: Log the disconnections
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on"
|
||||
register: restart_postgresql
|
||||
when: psql_db_data is defined
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Log the disconnections
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on"
|
||||
register: restart_postgresql
|
||||
when: psql_db_data is defined
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
- name: Log the hostnames
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Log the hostnames
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
- name: Set the correct permissions to the postgresql files
|
||||
file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
|
||||
with_items:
|
||||
- pg_hba.conf
|
||||
- postgresql.conf
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|
||||
|
||||
- name: Set the correct permissions to the postgresql files
|
||||
file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
|
||||
with_items:
|
||||
- pg_hba.conf
|
||||
- postgresql.conf
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|
||||
- name: Restart the postgresql server after changing parameters that need a restart
|
||||
service: name=postgresql state=restarted
|
||||
when:
|
||||
- restart_postgresql is changed
|
||||
ignore_errors: True
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|
||||
|
||||
- name: Restart the postgresql server after changing parameters that need a restart
|
||||
service: name=postgresql state=restarted
|
||||
when:
|
||||
- restart_postgresql is changed
|
||||
ignore_errors: True
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Configure accesses on EL
|
||||
block:
|
||||
- name: Open the postgresql service to a specific zone.
|
||||
firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- firewalld_enabled | bool
|
||||
|
||||
- name: Give access to the remote postgresql client
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- not psql_force_ssl_client_connection | bool
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
- name: Give access to the remote postgresql client, force ssl
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- psql_force_ssl_client_connection | bool
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
# No conditionals, it is needed to perform base backups when the WAL archive is active
|
||||
- name: Give local access with replication privileges to the postgres user
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
- name: Set the postgresql listen port
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
|
||||
register: restart_postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: We want postgres listen on the public IP
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- not psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Log the connections
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_connections value="on"
|
||||
register: restart_postgresql
|
||||
when: psql_db_data is defined
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Log the disconnections
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_disconnections value="on"
|
||||
register: restart_postgresql
|
||||
when: psql_db_data is defined
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Log the hostnames
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_hostname value="on"
|
||||
register: restart_postgresql
|
||||
when:
|
||||
- psql_listen_on_ext_int | bool
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Set the correct permissions to the postgresql files
|
||||
file: dest={{ psql_el_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
|
||||
with_items:
|
||||
- pg_hba.conf
|
||||
- postgresql.conf
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|
||||
|
||||
- name: Restart the postgresql server after changing parameters that need a restart
|
||||
service: name='postgresql-{{ psql_version }}' state=restarted
|
||||
when:
|
||||
- restart_postgresql is changed
|
||||
ignore_errors: True
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|
||||
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
- import_tasks: postgresql_org_repo.yml
|
||||
when: pg_use_postgresql_org_repo
|
||||
- import_tasks: packages.yml
|
||||
when: psql_postgresql_install
|
||||
- import_tasks: postgis.yml
|
||||
|
@ -26,15 +25,14 @@
|
|||
- psql_postgresql_install
|
||||
- psql_db_data is defined
|
||||
- import_tasks: postgresql-backup.yml
|
||||
when:
|
||||
- psql_postgresql_install
|
||||
when: psql_postgresql_install
|
||||
- import_tasks: pgpool-ii.yml
|
||||
when: psql_pgpool_service_install
|
||||
- import_tasks: postgresql-letsencrypt-acmetool.yml
|
||||
when:
|
||||
- letsencrypt_acme_install is defined
|
||||
- letsencrypt_acme_install is defined and letsencrypt_acme_install
|
||||
- import_tasks: pgpool-letsencrypt-acmetool.yml
|
||||
when:
|
||||
- letsencrypt_acme_install is defined
|
||||
- letsencrypt_acme_install is defined and letsencrypt_acme_install
|
||||
|
||||
|
||||
|
|
|
@ -1,11 +1,38 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the packages that ansible needs to manage the postgresql users and databases
|
||||
apt: pkg={{ psql_ansible_needed_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
|
||||
|
||||
- name: install the postgresql packages
|
||||
apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
|
||||
notify: Restart postgresql
|
||||
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
- name: EL
|
||||
block:
|
||||
- name: install the postgresql packages from the pgdg repository
|
||||
yum: pkg={{ psql_el_pgdg_packages }} state={{ psql_pkg_state }}
|
||||
|
||||
- name: Init the db if needed
|
||||
command: /usr/pgsql-{{ psql_version }}/bin/postgresql-{{ psql_version }}-setup initdb
|
||||
args:
|
||||
creates: '{{ psql_data_dir }}/postgresql.conf'
|
||||
|
||||
when:
|
||||
- not psql_install_scl_version
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
- name: EL from SCL
|
||||
block:
|
||||
- name: install the postgresql scl packages
|
||||
yum: pkg={{ psql_el_scl_packages }} state={{ psql_pkg_state }}
|
||||
|
||||
- name: Init the db if needed
|
||||
command: /opt/rh/rh-postgresql{{ psql_version }}/root/usr/bin/postgresql-setup --initdb
|
||||
args:
|
||||
creates: '{{ psql_data_dir }}/postgresql.conf'
|
||||
|
||||
when:
|
||||
- psql_install_scl_version
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'scl', 'postgresql', 'postgres' ]
|
||||
|
|
|
@ -49,7 +49,9 @@
|
|||
- name: Start and enable pgpool2
|
||||
service: name=pgpool2 state=started enabled=yes
|
||||
|
||||
when: pgpool_enabled
|
||||
when:
|
||||
- pgpool_enabled
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool', 'pcp_conf', 'pgpool_conf' ]
|
||||
|
||||
|
||||
|
@ -72,7 +74,9 @@
|
|||
- /sbin/ip_script
|
||||
- /usr/local/bin/arping_script
|
||||
|
||||
when: not pgpool_enabled
|
||||
when:
|
||||
- not pgpool_enabled
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
||||
|
||||
- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
|
||||
copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
|
||||
template: src=pgpool-letsencrypt-acme.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
|
||||
|
||||
when:
|
||||
- psql_pgpool_service_install
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
---
|
||||
- name: install the postgresql GIS packages
|
||||
- name: install the postgresql GIS packages on deb/ubuntu
|
||||
apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
|
||||
notify: Restart postgresql
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres', 'postgis' ]
|
||||
|
||||
- name: install the postgresql GIS packages on EL
|
||||
yum: pkg={{ postgres_el_gis_pkgs }} state={{ psql_pkg_state }}
|
||||
notify: Restart postgresql
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'postgresql', 'postgres', 'postgis' ]
|
||||
|
||||
|
|
|
@ -1,75 +1,74 @@
|
|||
---
|
||||
- name: Install the packages needed by postgres when running behind a pgpool server
|
||||
apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
|
||||
when: psql_pgpool_install
|
||||
notify: Restart postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
- name: Add the postgres user that will manage the recovery, if not postgres
|
||||
become: True
|
||||
become_user: postgres
|
||||
postgresql_user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd }} role_attr_flags=REPLICATION port={{ psql_db_port }}
|
||||
when:
|
||||
- ('{{ pgpool_recovery_user }}' != 'postgres')
|
||||
- pgpool_recovery_user_pwd is defined
|
||||
- psql_pgpool_install
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
- name: Give access to the pgpool recovery user, if it is not postgres
|
||||
lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- pgpool_recovery_user_pwd is defined
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
- name: Add the system user that will manage the recovery, if not postgres
|
||||
user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd | password_hash('sha512') }} groups=postgres shell=/bin/bash system=yes
|
||||
when:
|
||||
- ('{{ pgpool_recovery_user }}' != 'postgres')
|
||||
- pgpool_recovery_user_pwd is defined
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
- name: Create the ssh keys for the recovery user
|
||||
user: user={{ pgpool_recovery_user }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa ssh_key_type=rsa
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
- name: Install the pgpool recovery and remote restart scripts. They assume that the postgresql hosts can talk to each other
|
||||
template: src={{ item.1 }}.j2 dest={{ item.0.backend_data_directory }}/main/{{ item.1 }} owner=postgres group=postgres mode=0500
|
||||
with_nested:
|
||||
- '{{ pgpool_backends | default([]) }}'
|
||||
- [ '{{ pgpool_recovery_stage1_script }}', '{{ pgpool_recovery_stage2_script }}', '{{ pgpool_remote_start_script }}' ]
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
- name: Set the postgresql configuration parameters needed by pgpool
|
||||
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_wal_files_conf }}'
|
||||
when:
|
||||
- item.set
|
||||
- psql_wal_files_archiving_enabled
|
||||
notify: Restart postgresql with pgpool config
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]
|
||||
|
||||
- name: Add the pgpool postgres extensions to the template1 dbs
|
||||
become: True
|
||||
become_user: postgres
|
||||
postgresql_ext: name={{ item }} db=template1 port={{ psql_db_port }}
|
||||
with_items:
|
||||
- pgpool_regclass
|
||||
- pgpool_recovery
|
||||
tags: [ 'postgresql', 'postgres', 'pg_extensions' ]
|
||||
|
||||
- name: Install the sudoers config that permits the postgres user to restart the service after a recovery
|
||||
template: src=postgresql-sudoers.j2 dest=/etc/sudoers.d/postgres-pgpool owner=root group=root mode=0440
|
||||
tags: [ 'postgres', 'postgresql', 'sudo', 'pgpool' ]
|
||||
|
||||
- name: Install a script that cleans up the wal log archives
|
||||
template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=root mode=0755
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
||||
- name: Install a cron job to cleanup the wal log archives
|
||||
cron: name="Clean up the postgresql WAL log archives" user=postgres job="/usr/local/sbin/postgresql_wal_backup_and_removal > {{ psql_log_dir }}/wal_removal.log 2>&1" special_time=daily
|
||||
- name: PgPool II configuration
|
||||
block:
|
||||
- name: Add the postgres user that will manage the recovery, if not postgres
|
||||
become: True
|
||||
become_user: postgres
|
||||
postgresql_user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd }} role_attr_flags=REPLICATION port={{ psql_db_port }}
|
||||
when:
|
||||
- ('{{ pgpool_recovery_user }}' != 'postgres')
|
||||
- pgpool_recovery_user_pwd is defined
|
||||
|
||||
- name: Give access to the pgpool recovery user, if it is not postgres
|
||||
lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }} md5"
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
when:
|
||||
- psql_db_data is defined
|
||||
- item.1 is defined
|
||||
- pgpool_recovery_user_pwd is defined
|
||||
notify: Reload postgresql
|
||||
|
||||
- name: Add the system user that will manage the recovery, if not postgres
|
||||
user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd | password_hash('sha512') }} groups=postgres shell=/bin/bash system=yes
|
||||
when:
|
||||
- ('{{ pgpool_recovery_user }}' != 'postgres')
|
||||
- pgpool_recovery_user_pwd is defined
|
||||
|
||||
- name: Create the ssh keys for the recovery user
|
||||
user: user={{ pgpool_recovery_user }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa ssh_key_type=rsa
|
||||
|
||||
- name: Install the pgpool recovery and remote restart scripts. They assume that the postgresql hosts can talk to each other
|
||||
template: src={{ item.1 }}.j2 dest={{ item.0.backend_data_directory }}/main/{{ item.1 }} owner=postgres group=postgres mode=0500
|
||||
with_nested:
|
||||
- '{{ pgpool_backends | default([]) }}'
|
||||
- [ '{{ pgpool_recovery_stage1_script }}', '{{ pgpool_recovery_stage2_script }}', '{{ pgpool_remote_start_script }}' ]
|
||||
|
||||
- name: Set the postgresql configuration parameters needed by pgpool
|
||||
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_wal_files_conf }}'
|
||||
when:
|
||||
- item.set
|
||||
- psql_wal_files_archiving_enabled
|
||||
notify: Restart postgresql with pgpool config
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]
|
||||
|
||||
- name: Add the pgpool postgres extensions to the template1 dbs
|
||||
become: True
|
||||
become_user: postgres
|
||||
postgresql_ext: name={{ item }} db=template1 port={{ psql_db_port }}
|
||||
with_items:
|
||||
- pgpool_regclass
|
||||
- pgpool_recovery
|
||||
tags: [ 'postgresql', 'postgres', 'pg_extensions' ]
|
||||
|
||||
- name: Install the sudoers config that permits the postgres user to restart the service after a recovery
|
||||
template: src=postgresql-sudoers.j2 dest=/etc/sudoers.d/postgres-pgpool owner=root group=root mode=0440
|
||||
tags: [ 'postgres', 'postgresql', 'sudo', 'pgpool' ]
|
||||
|
||||
- name: Install a script that cleans up the wal log archives
|
||||
template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=root mode=0755
|
||||
|
||||
- name: Install a cron job to cleanup the wal log archives
|
||||
cron: name="Clean up the postgresql WAL log archives" user=postgres job="/usr/local/sbin/postgresql_wal_backup_and_removal > {{ psql_log_dir }}/wal_removal.log 2>&1" special_time=daily
|
||||
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: Backup script for the postgresql database(s)
|
||||
copy: src=postgresql-backup.sh dest=/usr/local/sbin/postgresql-backup owner=root mode=0744
|
||||
template: src=postgresql-backup.sh.j2 dest=/usr/local/sbin/postgresql-backup owner=root mode=0744
|
||||
tags: [ 'pgbackup_cron', 'pg_backup', 'postgresql', 'postgres' ]
|
||||
|
||||
- name: daily cron job for the postgresql database(s) backup
|
||||
|
@ -21,8 +21,14 @@
|
|||
pgbackup_cron_step <= 12
|
||||
tags: [ 'pgbackup_cron', 'pg_backup', 'postgresql', 'postgres' ]
|
||||
|
||||
- name: postgresql backup defaults
|
||||
template: src=pg_backup-default.j2 dest=/etc/default/pg_backup owner=root mode=0744
|
||||
- name: postgresql backup defaults on deb/Ubuntu
|
||||
template: src=pg_backup-default.j2 dest={{ pg_backup_conf_dir }}/pg_backup owner=root mode=0744
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'pg_backup', 'postgresql', 'postgres', 'pg_db' ]
|
||||
|
||||
- name: postgresql backup defaults on EL
|
||||
template: src=pg_backup-default.j2 dest={{ pg_el_backup_conf_dir }}/pg_backup owner=root mode=0744
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'pg_backup', 'postgresql', 'postgres', 'pg_db' ]
|
||||
|
||||
- name: Create the postgresql backups data directory
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
- block:
|
||||
- name: Data directory for Deb/Ubuntu
|
||||
block:
|
||||
- name: Check if the new postgresql data directory exists
|
||||
stat: path={{ psql_data_dir }}
|
||||
register: postgresql_data_dir
|
||||
|
@ -26,33 +27,105 @@
|
|||
service: name=postgresql state=started
|
||||
when: postgresql_data_dir.stat.isdir is not defined
|
||||
|
||||
when: psql_use_alternate_data_dir
|
||||
when:
|
||||
- psql_use_alternate_data_dir
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Set some postgresql configuration parameters that require a db restart
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_conf_parameters }}'
|
||||
when: item.set == 'True'
|
||||
notify: Restart postgresql
|
||||
- name: Configuration of Deb/Ubuntu systems
|
||||
block:
|
||||
- name: Set some postgresql configuration parameters that require a db restart
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_conf_parameters }}'
|
||||
when: item.set == 'True'
|
||||
notify: Restart postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Set the postgresql logging configuration parameters
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_log_configuration }}'
|
||||
when: item.set == 'True'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
|
||||
|
||||
- name: Set the postgresql autovacuum configuration parameters
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_autovacuum_configuration }}'
|
||||
when: item.set == 'True'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
|
||||
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Data directory for EL
|
||||
block:
|
||||
- name: Check if the new postgresql data directory exists
|
||||
stat: path={{ psql_el_data_dir }}
|
||||
register: postgresql_data_dir
|
||||
|
||||
- name: Stop the postgresql service while reconfiguring the data directory
|
||||
service: name='postgresql-{{ psql_version }}' state=stopped
|
||||
when: postgresql_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: Create the postgresql data directory if it is not in the default place
|
||||
file: dest={{ psql_el_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
|
||||
|
||||
- name: Set the postgresql data dir if it is different from the default
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_el_data_dir }}'"
|
||||
|
||||
- name: Copy the postgresql data directory into the new place
|
||||
shell: '[ "/var/lib/pgsql/{{ psql_version }}/data" != "{{ psql_el_data_dir }}" ] && cp -a /var/lib/pgsql/{{ psql_version }}/data/* {{ psql_el_data_dir }}'
|
||||
args:
|
||||
creates: '{{ psql_el_data_dir }}/base'
|
||||
when: postgresql_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: Fix the SELinux rules
|
||||
shell: semanage fcontext -a -a -t postgresql_db_t "{{ psql_el_base_dir }}(/.*)?" && restorecon -vR {{ psql_el_base_dir }}
|
||||
|
||||
- name: Start the postgresql service that will use the new data directory
|
||||
service: name='postgresql-{{ psql_version }}' state=started
|
||||
when: postgresql_data_dir.stat.isdir is not defined
|
||||
|
||||
when:
|
||||
- psql_use_alternate_data_dir
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Set the postgresql logging configuration parameters
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_log_configuration }}'
|
||||
when: item.set == 'True'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
|
||||
- name: Configuration of EL systems
|
||||
block:
|
||||
- name: Set some postgresql configuration parameters that require a db restart
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_conf_parameters }}'
|
||||
when: item.set == 'True'
|
||||
notify: Restart postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Set the postgresql autovacuum configuration parameters
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_autovacuum_configuration }}'
|
||||
when: item.set == 'True'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
|
||||
- name: Set the postgresql logging configuration parameters
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_log_configuration }}'
|
||||
when: item.set == 'True'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
|
||||
|
||||
- name: Set the postgresql autovacuum configuration parameters
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
|
||||
with_items: '{{ psql_autovacuum_configuration }}'
|
||||
when: item.set == 'True'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
|
||||
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
||||
|
||||
- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
|
||||
copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
|
||||
template: src=postgresql-letsencrypt-acme.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
|
||||
|
||||
when:
|
||||
- postgresql_letsencrypt_managed
|
||||
|
|
|
@ -1,11 +1,29 @@
|
|||
---
|
||||
- name: Ensure that the postgresql server is started
|
||||
service: name=postgresql state=started enabled=yes
|
||||
when: postgresql_enabled
|
||||
when:
|
||||
- postgresql_enabled
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
- name: Ensure that the postgresql server is stopped and disabled
|
||||
service: name=postgresql state=stopped enabled=no
|
||||
when: not postgresql_enabled
|
||||
when:
|
||||
- not postgresql_enabled
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
- name: Ensure that the postgresql server is started
|
||||
service: name='postgresql-{{ psql_version }}' state=started enabled=yes
|
||||
when:
|
||||
- postgresql_enabled
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
- name: Ensure that the postgresql server is stopped and disabled
|
||||
service: name='postgresql-{{ psql_version }}' state=stopped enabled=no
|
||||
when:
|
||||
- not postgresql_enabled
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
|
|
|
@ -3,9 +3,18 @@
|
|||
- name: Setup SSL in the postgresql configuration
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
with_items: '{{ psql_conf_ssl_parameters }}'
|
||||
notify: Restart postgresql
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Setup SSL in the postgresql configuration
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
with_items: '{{ psql_conf_ssl_parameters }}'
|
||||
notify: Restart postgresql
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Create the pki directory to store the postgresql key
|
||||
file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750
|
||||
|
@ -21,9 +30,18 @@
|
|||
- name: Disable SSL in the postgresql configuration
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
with_items: '{{ psql_conf_disable_ssl_parameters }}'
|
||||
notify: Restart postgresql
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Disable SSL in the postgresql configuration
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
with_items: '{{ psql_conf_disable_ssl_parameters }}'
|
||||
notify: Restart postgresql
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
when: not psql_enable_ssl
|
||||
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]
|
||||
|
|
|
@ -1,15 +1,31 @@
|
|||
---
|
||||
- name: Get the signing key for the postgresql.org repository
|
||||
apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present
|
||||
when: pg_use_postgresql_org_repo
|
||||
tags:
|
||||
- postgresql
|
||||
- postgresql_repo
|
||||
- name: Debian or Ubuntu
|
||||
block:
|
||||
- name: Get the signing key for the postgresql.org repository
|
||||
apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present
|
||||
|
||||
- name: Setup the postgresql.org repository
|
||||
apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes
|
||||
when: pg_use_postgresql_org_repo
|
||||
tags:
|
||||
- postgresql
|
||||
- postgresql_repo
|
||||
- name: Setup the postgresql.org repository
|
||||
apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes
|
||||
|
||||
when:
|
||||
- pg_use_postgresql_org_repo
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'postgresql', 'postgresql_repo' ]
|
||||
|
||||
- name: EL
|
||||
block:
|
||||
- name: Install the pgsql pgdg repository
|
||||
yum: name={{ psql_el_pgdg_repo_url }} state={{ psql_pkg_state }}
|
||||
|
||||
- name: install the postgresql packages from the pgdg repository
|
||||
yum: pkg={{ psql_el_pgdg_packages }} state={{ psql_pkg_state }}
|
||||
|
||||
- name: Init the db if needed
|
||||
command: /usr/pgsql-{{ psql_version }}/bin/postgresql{{ psql_version }}-setup initdb
|
||||
args:
|
||||
creates: '{{ psql_data_dir }}/postgresql.conf'
|
||||
|
||||
when:
|
||||
- pg_use_postgresql_org_repo
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'postgresql', 'postgresql_repo' ]
|
||||
|
|
|
@ -26,7 +26,11 @@ chgrp postgres ${PGPOOL2_KEYFILE}
|
|||
|
||||
echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log
|
||||
if [ -x /bin/systemctl ] ; then
|
||||
{% if ansible_distribution_file_variety == "Debian" %}
|
||||
systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1
|
||||
{% else %}
|
||||
systemctl reload pgpool2-{{ psql_version }} >> $LE_LOG_DIR/pgpool2.log 2>&1
|
||||
{% endif %}
|
||||
else
|
||||
service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1
|
||||
fi
|
|
@ -2,8 +2,13 @@
|
|||
|
||||
|
||||
# Set up the environment
|
||||
if [ -f /etc/default/pg_backup ] ; then
|
||||
. /etc/default/pg_backup
|
||||
{% if ansible_distribution_file_variety == "Debian" %}
|
||||
if [ -f {{ pg_backup_conf_dir }}/pg_backup ] ; then
|
||||
. {{ pg_backup_conf_dir }}/pg_backup
|
||||
{% elif ansible_distribution_file_variety == "RedHat" %}
|
||||
if [ -f {{ pg_el_backup_conf_dir }}/pg_backup ] ; then
|
||||
. {{ pg_el_backup_conf_dir }}/pg_backup
|
||||
{% endif %}
|
||||
else
|
||||
N_DAYS_TO_SPARE=7
|
||||
USE_NAGIOS=no
|
|
@ -26,7 +26,11 @@ chgrp postgres ${POSTGRESQL_KEYFILE}
|
|||
|
||||
echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log
|
||||
if [ -x /bin/systemctl ] ; then
|
||||
systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
|
||||
{% if ansible_distribution_file_variety == "Debian" %}
|
||||
systemctl reload postgresql >> $LE_LOG_DIR/pgpool2.log 2>&1
|
||||
{% else %}
|
||||
systemctl reload postgresql-{{ psql_version }} >> $LE_LOG_DIR/pgpool2.log 2>&1
|
||||
{% endif %}
|
||||
else
|
||||
service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1
|
||||
fi
|
Loading…
Reference in New Issue