From dcff05b8e1821fb85cd6857be88284119117b3f0 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 30 Jul 2020 14:14:39 +0200 Subject: [PATCH] Add support for CentOS. --- defaults/main.yml | 58 +++- handlers/main.yml | 33 ++- tasks/configure-access.yml | 249 ++++++++++++------ tasks/main.yml | 8 +- tasks/packages.yml | 33 ++- tasks/pgpool-ii.yml | 8 +- tasks/pgpool-letsencrypt-acmetool.yml | 2 +- tasks/postgis.yml | 9 +- tasks/postgres_pgpool.yml | 133 +++++----- tasks/postgresql-backup.yml | 12 +- tasks/postgresql-config.yml | 123 +++++++-- tasks/postgresql-letsencrypt-acmetool.yml | 2 +- tasks/postgresql-service-status.yml | 22 +- tasks/postgresql-ssl-config.yml | 22 +- tasks/postgresql_org_repo.yml | 40 ++- .../pgpool-letsencrypt-acme.sh.j2 | 4 + .../postgresql-backup.sh.j2 | 9 +- .../postgresql-letsencrypt-acme.sh.j2 | 6 +- 18 files changed, 550 insertions(+), 223 deletions(-) rename files/pgpool-letsencrypt-acme.sh => templates/pgpool-letsencrypt-acme.sh.j2 (86%) rename files/postgresql-backup.sh => templates/postgresql-backup.sh.j2 (92%) rename files/postgresql-letsencrypt-acme.sh => templates/postgresql-letsencrypt-acme.sh.j2 (81%) diff --git a/defaults/main.yml b/defaults/main.yml index a604053..69d0f89 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,26 +1,58 @@ --- +psql_enabled: True pg_use_postgresql_org_repo: True - psql_postgresql_install: True psql_pkg_state: present postgresql_enabled: True psql_pgpool_install: False psql_pgpool_service_install: False -psql_pgpool_pkg_state: installed +psql_pgpool_pkg_state: present # I prefer to use the postgresql.org repositories # # See the features matrix here: http://www.postgresql.org/about/featurematrix/ # -psql_version: 11 +psql_version: 12 psql_db_host: localhost psql_db_port: 5432 psql_db_size_w: 150000000 psql_db_size_c: 170000000 psql_listen_on_ext_int: False psql_use_alternate_data_dir: False +# Deb/Ubuntu psql_data_dir: '/var/lib/postgresql/{{ psql_version }}' psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main' psql_log_dir: /var/log/postgresql + +# Debian/Ubuntu +postgresql_pkgs: + - 'postgresql-{{ psql_version }}' + - 'postgresql-contrib-{{ psql_version }}' + - 'postgresql-client-{{ psql_version }}' + - pgtop + - python-psycopg2 + +psql_el_install_scl_version: False +psql_el_install_from_pgdg_repo: True +psql_el_pgdg_repo_url: "https://ftp.postgresql.org/pub/repos/yum/{{ psql_version }}/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm" +psql_scl_base_dir: '/var/opt/rh/rh-postgresql{{ psql_version }}/lib/pgsql' +psql_el_base_dir: '/var/lib/pgsql/{{ psql_version }}' +psql_el_data_dir: '{{ psql_el_base_dir }}/data' +psql_el_conf_dir: '{{ psql_el_data_dir }}' + +psql_el_pgdg_packages: + - 'postgresql{{ psql_version }}-server' + - 'postgresql{{ psql_version }}-contrib' + - 'pg_top{{ psql_version }}' + - pgcluu + - python-psycopg2 + +psql_el_scl_packages: + - rh-postgresql'{{ psql_version }}'-runtime + - rh-postgresql'{{ psql_version }}'-postgresql + - rh-postgresql'{{ psql_version }}'-postgresql-server + - rh-postgresql'{{ psql_version }}'-postgresql-contrib + - python-psycopg2 + psql_conf_parameters: - { name: 'max_connections', value: '100', set: 'False' } - { name: 'shared_buffers', value: '24MB', set: 'False' } @@ -81,15 +113,6 @@ psql_sysctl_kernel_sharedmem_parameters: - { name: 'kernel.shmmax', value: '33554432' } - { name: 'kernel.shmall', value: '2097152' } -postgresql_pkgs: - - 'postgresql-{{ psql_version }}' - - 'postgresql-contrib-{{ psql_version }}' - - 'postgresql-client-{{ psql_version }}' - - pgtop - -psql_ansible_needed_pkgs: - - python-psycopg2 - psql_db_name: db_name psql_db_user: db_user psql_db_pwd: "We cannot save the password into the repository. Use another variable and change pgpass.j2 accordingly. Encrypt the file that contains the variable with ansible-vault" @@ -112,6 +135,10 @@ pgpool_pkgs: - pgpool2 - iputils-arping +pgpool_el_pkgs: + - 'pgpool-II-{{ psql_version }}' + - 'pgpool-II-{{ psql_version }}-extensions' + pgpool_enabled: True pgpool_listen_addresses: 'localhost' pgpool_port: 5433 @@ -209,11 +236,18 @@ psql_wal_files_conf: # postgis postgres_install_gis_extensions: False postgres_gis_version: 2.5 +postgres_gis_shortver: 25 postgres_gis_pkgs: - 'postgresql-{{ psql_version }}-postgis-{{ postgres_gis_version }}' +postgres_el_gis_pkgs: + - 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}' + - 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}-client' + # Local backup pg_backup_enabled: True +pg_el_backup_conf_dir: /etc/sysconfig +pg_backup_conf_dir: /etc/default pg_backup_bin: /usr/local/sbin/postgresql-backup pg_backup_pgdump_bin: /usr/bin/pg_dump pg_backup_retain_copies: 2 diff --git a/handlers/main.yml b/handlers/main.yml index 54aa620..1e3ff73 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,23 +1,46 @@ --- - name: Restart postgresql service: name=postgresql state=restarted - when: postgresql_enabled + when: ansible_distribution_file_variety == "Debian" - name: Reload postgresql service: name=postgresql state=reloaded - when: postgresql_enabled + when: ansible_distribution_file_variety == "Debian" - name: Reload pgpool2 service: name=pgpool2 state=reloaded - when: pgpool_enabled + when: ansible_distribution_file_variety == "Debian" ignore_errors: True - name: Restart pgpool2 service: name=pgpool2 state=restarted - when: pgpool_enabled + when: ansible_distribution_file_variety == "Debian" - name: Restart postgresql with pgpool config service: name=postgresql state=restarted when: - - postgresql_enabled + - ansible_distribution_file_variety == "Debian" + - psql_restart_after_wal_enabling + +- name: Restart postgresql + service: name='postgresql-{{ psql_version }}' state=restarted + when: ansible_distribution_file_variety == "RedHat" + +- name: Reload postgresql + service: name='postgresql-{{ psql_version }}' state=reloaded + when: ansible_distribution_file_variety == "RedHat" + +- name: Reload pgpool2 + service: name='pgpool2-{{ psql_version }}' state=reloaded + when: ansible_distribution_file_variety == "RedHat" + ignore_errors: True + +- name: Restart pgpool2 + service: name='pgpool2-{{ psql_version }}' state=restarted + when: ansible_distribution_file_variety == "RedHat" + +- name: Restart postgresql with pgpool config + service: name='postgresql-{{ psql_version }}' state=restarted + when: + - ansible_distribution_file_variety == "RedHat" - psql_restart_after_wal_enabling diff --git a/tasks/configure-access.yml b/tasks/configure-access.yml index c7403ef..962537a 100644 --- a/tasks/configure-access.yml +++ b/tasks/configure-access.yml @@ -1,91 +1,182 @@ --- -- name: Open the postgresql service to a specific zone. - firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True - when: - - psql_listen_on_ext_int | bool - - firewalld_enabled | bool - - ansible_distribution_file_variety == "RedHat" +- name: Configure accesses on Deb/Ubuntu + block: + - name: Give access to the remote postgresql client + lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + with_subelements: + - '{{ psql_db_data | default([]) }}' + - allowed_hosts + when: + - psql_listen_on_ext_int | bool + - psql_db_data is defined + - item.1 is defined + - not psql_force_ssl_client_connection | bool + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] -- name: Give access to the remote postgresql client - lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" - with_subelements: - - '{{ psql_db_data | default([]) }}' - - allowed_hosts - when: - - psql_listen_on_ext_int | bool - - psql_db_data is defined - - item.1 is defined - - not psql_force_ssl_client_connection | bool - notify: Reload postgresql - tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] + - name: Give access to the remote postgresql client, force ssl + lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + with_subelements: + - '{{ psql_db_data | default([]) }}' + - allowed_hosts + when: + - psql_listen_on_ext_int | bool + - psql_db_data is defined + - item.1 is defined + - psql_force_ssl_client_connection | bool + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] -- name: Give access to the remote postgresql client, force ssl - lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" - with_subelements: - - '{{ psql_db_data | default([]) }}' - - allowed_hosts - when: - - psql_listen_on_ext_int | bool - - psql_db_data is defined - - item.1 is defined - - psql_force_ssl_client_connection | bool - notify: Reload postgresql - tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] + # No conditionals, it is needed to perform base backups when the WAL archive is active + - name: Give local access with replication privileges to the postgres user + lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] -# No conditionals, it is needed to perform base backups when the WAL archive is active -- name: Give local access with replication privileges to the postgres user - lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" - notify: Reload postgresql - tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] + - name: Set the postgresql listen port + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}" + register: restart_postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: Set the postgresql listen port - action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}" - register: restart_postgresql - tags: [ 'postgresql', 'postgres', 'pg_conf' ] + - name: We want postgres listen on the public IP + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'" + register: restart_postgresql + when: + - psql_listen_on_ext_int | bool + tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: We want postgres listen on the public IP - action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'" - register: restart_postgresql - when: - - psql_listen_on_ext_int | bool - tags: [ 'postgresql', 'postgres', 'pg_conf' ] + - name: If postgresql is only accessed from localhost make it listen only on the localhost interface + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'" + register: restart_postgresql + when: + - not psql_listen_on_ext_int | bool + tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: If postgresql is only accessed from localhost make it listen only on the localhost interface - action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'" - register: restart_postgresql - when: - - not psql_listen_on_ext_int | bool - tags: [ 'postgresql', 'postgres', 'pg_conf' ] + - name: Log the connections + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on" + register: restart_postgresql + when: psql_db_data is defined + tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: Log the connections - action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on" - register: restart_postgresql - when: psql_db_data is defined - tags: [ 'postgresql', 'postgres', 'pg_conf' ] + - name: Log the disconnections + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on" + register: restart_postgresql + when: psql_db_data is defined + tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: Log the disconnections - action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on" - register: restart_postgresql - when: psql_db_data is defined - tags: [ 'postgresql', 'postgres', 'pg_conf' ] + - name: Log the hostnames + action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on" + register: restart_postgresql + when: + - psql_listen_on_ext_int | bool + tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: Log the hostnames - action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on" - register: restart_postgresql - when: - - psql_listen_on_ext_int | bool - tags: [ 'postgresql', 'postgres', 'pg_conf' ] + - name: Set the correct permissions to the postgresql files + file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640 + with_items: + - pg_hba.conf + - postgresql.conf + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ] -- name: Set the correct permissions to the postgresql files - file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640 - with_items: - - pg_hba.conf - - postgresql.conf - tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ] + - name: Restart the postgresql server after changing parameters that need a restart + service: name=postgresql state=restarted + when: + - restart_postgresql is changed + ignore_errors: True + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ] -- name: Restart the postgresql server after changing parameters that need a restart - service: name=postgresql state=restarted - when: - - restart_postgresql is changed - ignore_errors: True - tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ] + when: ansible_distribution_file_variety == "Debian" + +- name: Configure accesses on EL + block: + - name: Open the postgresql service to a specific zone. + firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True + when: + - psql_listen_on_ext_int | bool + - firewalld_enabled | bool + + - name: Give access to the remote postgresql client + lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + with_subelements: + - '{{ psql_db_data | default([]) }}' + - allowed_hosts + when: + - psql_listen_on_ext_int | bool + - psql_db_data is defined + - item.1 is defined + - not psql_force_ssl_client_connection | bool + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] + + - name: Give access to the remote postgresql client, force ssl + lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + with_subelements: + - '{{ psql_db_data | default([]) }}' + - allowed_hosts + when: + - psql_listen_on_ext_int | bool + - psql_db_data is defined + - item.1 is defined + - psql_force_ssl_client_connection | bool + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] + + # No conditionals, it is needed to perform base backups when the WAL archive is active + - name: Give local access with replication privileges to the postgres user + lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] + + - name: Set the postgresql listen port + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}" + register: restart_postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf' ] + + - name: We want postgres listen on the public IP + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'*'" + register: restart_postgresql + when: + - psql_listen_on_ext_int | bool + tags: [ 'postgresql', 'postgres', 'pg_conf' ] + + - name: If postgresql is only accessed from localhost make it listen only on the localhost interface + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'" + register: restart_postgresql + when: + - not psql_listen_on_ext_int | bool + tags: [ 'postgresql', 'postgres', 'pg_conf' ] + + - name: Log the connections + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_connections value="on" + register: restart_postgresql + when: psql_db_data is defined + tags: [ 'postgresql', 'postgres', 'pg_conf' ] + + - name: Log the disconnections + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_disconnections value="on" + register: restart_postgresql + when: psql_db_data is defined + tags: [ 'postgresql', 'postgres', 'pg_conf' ] + + - name: Log the hostnames + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_hostname value="on" + register: restart_postgresql + when: + - psql_listen_on_ext_int | bool + tags: [ 'postgresql', 'postgres', 'pg_conf' ] + + - name: Set the correct permissions to the postgresql files + file: dest={{ psql_el_conf_dir }}/{{ item }} owner=root group=postgres mode=0640 + with_items: + - pg_hba.conf + - postgresql.conf + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ] + + - name: Restart the postgresql server after changing parameters that need a restart + service: name='postgresql-{{ psql_version }}' state=restarted + when: + - restart_postgresql is changed + ignore_errors: True + tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ] + + when: ansible_distribution_file_variety == "RedHat" diff --git a/tasks/main.yml b/tasks/main.yml index 51b98e9..f8fc8f3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,5 @@ --- - import_tasks: postgresql_org_repo.yml - when: pg_use_postgresql_org_repo - import_tasks: packages.yml when: psql_postgresql_install - import_tasks: postgis.yml @@ -26,15 +25,14 @@ - psql_postgresql_install - psql_db_data is defined - import_tasks: postgresql-backup.yml - when: - - psql_postgresql_install + when: psql_postgresql_install - import_tasks: pgpool-ii.yml when: psql_pgpool_service_install - import_tasks: postgresql-letsencrypt-acmetool.yml when: - - letsencrypt_acme_install is defined + - letsencrypt_acme_install is defined and letsencrypt_acme_install - import_tasks: pgpool-letsencrypt-acmetool.yml when: - - letsencrypt_acme_install is defined + - letsencrypt_acme_install is defined and letsencrypt_acme_install diff --git a/tasks/packages.yml b/tasks/packages.yml index 1e5c610..08e07f5 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,11 +1,38 @@ --- - block: - - name: Install the packages that ansible needs to manage the postgresql users and databases - apt: pkg={{ psql_ansible_needed_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600 - - name: install the postgresql packages apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600 notify: Restart postgresql + when: ansible_distribution_file_variety == "Debian" tags: [ 'postgresql', 'postgres' ] +- name: EL + block: + - name: install the postgresql packages from the pgdg repository + yum: pkg={{ psql_el_pgdg_packages }} state={{ psql_pkg_state }} + + - name: Init the db if needed + command: /usr/pgsql-{{ psql_version }}/bin/postgresql-{{ psql_version }}-setup initdb + args: + creates: '{{ psql_data_dir }}/postgresql.conf' + + when: + - not psql_install_scl_version + - ansible_distribution_file_variety == "RedHat" + tags: [ 'postgresql', 'postgres' ] + +- name: EL from SCL + block: + - name: install the postgresql scl packages + yum: pkg={{ psql_el_scl_packages }} state={{ psql_pkg_state }} + + - name: Init the db if needed + command: /opt/rh/rh-postgresql{{ psql_version }}/root/usr/bin/postgresql-setup --initdb + args: + creates: '{{ psql_data_dir }}/postgresql.conf' + + when: + - psql_install_scl_version + - ansible_distribution_file_variety == "RedHat" + tags: [ 'scl', 'postgresql', 'postgres' ] diff --git a/tasks/pgpool-ii.yml b/tasks/pgpool-ii.yml index b6e31f5..2a843da 100644 --- a/tasks/pgpool-ii.yml +++ b/tasks/pgpool-ii.yml @@ -49,7 +49,9 @@ - name: Start and enable pgpool2 service: name=pgpool2 state=started enabled=yes - when: pgpool_enabled + when: + - pgpool_enabled + - ansible_distribution_file_variety == "Debian" tags: [ 'postgresql', 'postgres', 'pgpool', 'pcp_conf', 'pgpool_conf' ] @@ -72,7 +74,9 @@ - /sbin/ip_script - /usr/local/bin/arping_script - when: not pgpool_enabled + when: + - not pgpool_enabled + - ansible_distribution_file_variety == "Debian" tags: [ 'postgresql', 'postgres', 'pgpool' ] diff --git a/tasks/pgpool-letsencrypt-acmetool.yml b/tasks/pgpool-letsencrypt-acmetool.yml index 627e6e6..dff1db7 100644 --- a/tasks/pgpool-letsencrypt-acmetool.yml +++ b/tasks/pgpool-letsencrypt-acmetool.yml @@ -4,7 +4,7 @@ file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root - name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service - copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555 + template: src=pgpool-letsencrypt-acme.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555 when: - psql_pgpool_service_install diff --git a/tasks/postgis.yml b/tasks/postgis.yml index 4de1363..e9a5087 100644 --- a/tasks/postgis.yml +++ b/tasks/postgis.yml @@ -1,6 +1,13 @@ --- -- name: install the postgresql GIS packages +- name: install the postgresql GIS packages on deb/ubuntu apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600 notify: Restart postgresql + when: ansible_distribution_file_variety == "Debian" + tags: [ 'postgresql', 'postgres', 'postgis' ] + +- name: install the postgresql GIS packages on EL + yum: pkg={{ postgres_el_gis_pkgs }} state={{ psql_pkg_state }} + notify: Restart postgresql + when: ansible_distribution_file_variety == "RedHat" tags: [ 'postgresql', 'postgres', 'postgis' ] diff --git a/tasks/postgres_pgpool.yml b/tasks/postgres_pgpool.yml index 3756e9c..7d12342 100644 --- a/tasks/postgres_pgpool.yml +++ b/tasks/postgres_pgpool.yml @@ -1,75 +1,74 @@ --- - name: Install the packages needed by postgres when running behind a pgpool server apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600 - when: psql_pgpool_install notify: Restart postgresql - tags: [ 'postgresql', 'postgres', 'pgpool' ] - -- name: Add the postgres user that will manage the recovery, if not postgres - become: True - become_user: postgres - postgresql_user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd }} role_attr_flags=REPLICATION port={{ psql_db_port }} when: - - ('{{ pgpool_recovery_user }}' != 'postgres') - - pgpool_recovery_user_pwd is defined + - psql_pgpool_install + - ansible_distribution_file_variety == "Debian" tags: [ 'postgresql', 'postgres', 'pgpool' ] -- name: Give access to the pgpool recovery user, if it is not postgres - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }} md5" - with_subelements: - - '{{ psql_db_data | default([]) }}' - - allowed_hosts - when: - - psql_db_data is defined - - item.1 is defined - - pgpool_recovery_user_pwd is defined - notify: Reload postgresql - tags: [ 'postgresql', 'postgres', 'pgpool' ] - -- name: Add the system user that will manage the recovery, if not postgres - user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd | password_hash('sha512') }} groups=postgres shell=/bin/bash system=yes - when: - - ('{{ pgpool_recovery_user }}' != 'postgres') - - pgpool_recovery_user_pwd is defined - tags: [ 'postgresql', 'postgres', 'pgpool' ] - -- name: Create the ssh keys for the recovery user - user: user={{ pgpool_recovery_user }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa ssh_key_type=rsa - tags: [ 'postgresql', 'postgres', 'pgpool' ] - -- name: Install the pgpool recovery and remote restart scripts. They assume that the postgresql hosts can talk to each other - template: src={{ item.1 }}.j2 dest={{ item.0.backend_data_directory }}/main/{{ item.1 }} owner=postgres group=postgres mode=0500 - with_nested: - - '{{ pgpool_backends | default([]) }}' - - [ '{{ pgpool_recovery_stage1_script }}', '{{ pgpool_recovery_stage2_script }}', '{{ pgpool_remote_start_script }}' ] - tags: [ 'postgresql', 'postgres', 'pgpool' ] - -- name: Set the postgresql configuration parameters needed by pgpool - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}" - with_items: '{{ psql_wal_files_conf }}' - when: - - item.set - - psql_wal_files_archiving_enabled - notify: Restart postgresql with pgpool config - tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ] - -- name: Add the pgpool postgres extensions to the template1 dbs - become: True - become_user: postgres - postgresql_ext: name={{ item }} db=template1 port={{ psql_db_port }} - with_items: - - pgpool_regclass - - pgpool_recovery - tags: [ 'postgresql', 'postgres', 'pg_extensions' ] - -- name: Install the sudoers config that permits the postgres user to restart the service after a recovery - template: src=postgresql-sudoers.j2 dest=/etc/sudoers.d/postgres-pgpool owner=root group=root mode=0440 - tags: [ 'postgres', 'postgresql', 'sudo', 'pgpool' ] - -- name: Install a script that cleans up the wal log archives - template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=root mode=0755 - tags: [ 'postgresql', 'postgres', 'pgpool' ] - -- name: Install a cron job to cleanup the wal log archives - cron: name="Clean up the postgresql WAL log archives" user=postgres job="/usr/local/sbin/postgresql_wal_backup_and_removal > {{ psql_log_dir }}/wal_removal.log 2>&1" special_time=daily +- name: PgPool II configuration + block: + - name: Add the postgres user that will manage the recovery, if not postgres + become: True + become_user: postgres + postgresql_user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd }} role_attr_flags=REPLICATION port={{ psql_db_port }} + when: + - ('{{ pgpool_recovery_user }}' != 'postgres') + - pgpool_recovery_user_pwd is defined + + - name: Give access to the pgpool recovery user, if it is not postgres + lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }} md5" + with_subelements: + - '{{ psql_db_data | default([]) }}' + - allowed_hosts + when: + - psql_db_data is defined + - item.1 is defined + - pgpool_recovery_user_pwd is defined + notify: Reload postgresql + + - name: Add the system user that will manage the recovery, if not postgres + user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd | password_hash('sha512') }} groups=postgres shell=/bin/bash system=yes + when: + - ('{{ pgpool_recovery_user }}' != 'postgres') + - pgpool_recovery_user_pwd is defined + + - name: Create the ssh keys for the recovery user + user: user={{ pgpool_recovery_user }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa ssh_key_type=rsa + + - name: Install the pgpool recovery and remote restart scripts. They assume that the postgresql hosts can talk to each other + template: src={{ item.1 }}.j2 dest={{ item.0.backend_data_directory }}/main/{{ item.1 }} owner=postgres group=postgres mode=0500 + with_nested: + - '{{ pgpool_backends | default([]) }}' + - [ '{{ pgpool_recovery_stage1_script }}', '{{ pgpool_recovery_stage2_script }}', '{{ pgpool_remote_start_script }}' ] + + - name: Set the postgresql configuration parameters needed by pgpool + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}" + with_items: '{{ psql_wal_files_conf }}' + when: + - item.set + - psql_wal_files_archiving_enabled + notify: Restart postgresql with pgpool config + tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ] + + - name: Add the pgpool postgres extensions to the template1 dbs + become: True + become_user: postgres + postgresql_ext: name={{ item }} db=template1 port={{ psql_db_port }} + with_items: + - pgpool_regclass + - pgpool_recovery + tags: [ 'postgresql', 'postgres', 'pg_extensions' ] + + - name: Install the sudoers config that permits the postgres user to restart the service after a recovery + template: src=postgresql-sudoers.j2 dest=/etc/sudoers.d/postgres-pgpool owner=root group=root mode=0440 + tags: [ 'postgres', 'postgresql', 'sudo', 'pgpool' ] + + - name: Install a script that cleans up the wal log archives + template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=root mode=0755 + + - name: Install a cron job to cleanup the wal log archives + cron: name="Clean up the postgresql WAL log archives" user=postgres job="/usr/local/sbin/postgresql_wal_backup_and_removal > {{ psql_log_dir }}/wal_removal.log 2>&1" special_time=daily + tags: [ 'postgresql', 'postgres', 'pgpool' ] diff --git a/tasks/postgresql-backup.yml b/tasks/postgresql-backup.yml index 874193e..e55fba4 100644 --- a/tasks/postgresql-backup.yml +++ b/tasks/postgresql-backup.yml @@ -1,6 +1,6 @@ --- - name: Backup script for the postgresql database(s) - copy: src=postgresql-backup.sh dest=/usr/local/sbin/postgresql-backup owner=root mode=0744 + template: src=postgresql-backup.sh.j2 dest=/usr/local/sbin/postgresql-backup owner=root mode=0744 tags: [ 'pgbackup_cron', 'pg_backup', 'postgresql', 'postgres' ] - name: daily cron job for the postgresql database(s) backup @@ -21,8 +21,14 @@ pgbackup_cron_step <= 12 tags: [ 'pgbackup_cron', 'pg_backup', 'postgresql', 'postgres' ] -- name: postgresql backup defaults - template: src=pg_backup-default.j2 dest=/etc/default/pg_backup owner=root mode=0744 +- name: postgresql backup defaults on deb/Ubuntu + template: src=pg_backup-default.j2 dest={{ pg_backup_conf_dir }}/pg_backup owner=root mode=0744 + when: ansible_distribution_file_variety == "Debian" + tags: [ 'pg_backup', 'postgresql', 'postgres', 'pg_db' ] + +- name: postgresql backup defaults on EL + template: src=pg_backup-default.j2 dest={{ pg_el_backup_conf_dir }}/pg_backup owner=root mode=0744 + when: ansible_distribution_file_variety == "RedHat" tags: [ 'pg_backup', 'postgresql', 'postgres', 'pg_db' ] - name: Create the postgresql backups data directory diff --git a/tasks/postgresql-config.yml b/tasks/postgresql-config.yml index a70ea5a..22be74f 100644 --- a/tasks/postgresql-config.yml +++ b/tasks/postgresql-config.yml @@ -1,5 +1,6 @@ --- -- block: +- name: Data directory for Deb/Ubuntu + block: - name: Check if the new postgresql data directory exists stat: path={{ psql_data_dir }} register: postgresql_data_dir @@ -26,33 +27,105 @@ service: name=postgresql state=started when: postgresql_data_dir.stat.isdir is not defined - when: psql_use_alternate_data_dir + when: + - psql_use_alternate_data_dir + - ansible_distribution_file_variety == "Debian" tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: Set some postgresql configuration parameters that require a db restart - become: True - become_user: postgres - action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" - with_items: '{{ psql_conf_parameters }}' - when: item.set == 'True' - notify: Restart postgresql +- name: Configuration of Deb/Ubuntu systems + block: + - name: Set some postgresql configuration parameters that require a db restart + become: True + become_user: postgres + action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" + with_items: '{{ psql_conf_parameters }}' + when: item.set == 'True' + notify: Restart postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf' ] + + - name: Set the postgresql logging configuration parameters + become: True + become_user: postgres + action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" + with_items: '{{ psql_log_configuration }}' + when: item.set == 'True' + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ] + + - name: Set the postgresql autovacuum configuration parameters + become: True + become_user: postgres + action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" + with_items: '{{ psql_autovacuum_configuration }}' + when: item.set == 'True' + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ] + + when: ansible_distribution_file_variety == "Debian" + +- name: Data directory for EL + block: + - name: Check if the new postgresql data directory exists + stat: path={{ psql_el_data_dir }} + register: postgresql_data_dir + + - name: Stop the postgresql service while reconfiguring the data directory + service: name='postgresql-{{ psql_version }}' state=stopped + when: postgresql_data_dir.stat.isdir is not defined + + - name: Create the postgresql data directory if it is not in the default place + file: dest={{ psql_el_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory + + - name: Set the postgresql data dir if it is different from the default + become: True + become_user: postgres + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_el_data_dir }}'" + + - name: Copy the postgresql data directory into the new place + shell: '[ "/var/lib/pgsql/{{ psql_version }}/data" != "{{ psql_el_data_dir }}" ] && cp -a /var/lib/pgsql/{{ psql_version }}/data/* {{ psql_el_data_dir }}' + args: + creates: '{{ psql_el_data_dir }}/base' + when: postgresql_data_dir.stat.isdir is not defined + + - name: Fix the SELinux rules + shell: semanage fcontext -a -a -t postgresql_db_t "{{ psql_el_base_dir }}(/.*)?" && restorecon -vR {{ psql_el_base_dir }} + + - name: Start the postgresql service that will use the new data directory + service: name='postgresql-{{ psql_version }}' state=started + when: postgresql_data_dir.stat.isdir is not defined + + when: + - psql_use_alternate_data_dir + - ansible_distribution_file_variety == "RedHat" tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: Set the postgresql logging configuration parameters - become: True - become_user: postgres - action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" - with_items: '{{ psql_log_configuration }}' - when: item.set == 'True' - notify: Reload postgresql - tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ] +- name: Configuration of EL systems + block: + - name: Set some postgresql configuration parameters that require a db restart + become: True + become_user: postgres + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" + with_items: '{{ psql_conf_parameters }}' + when: item.set == 'True' + notify: Restart postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf' ] -- name: Set the postgresql autovacuum configuration parameters - become: True - become_user: postgres - action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" - with_items: '{{ psql_autovacuum_configuration }}' - when: item.set == 'True' - notify: Reload postgresql - tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ] + - name: Set the postgresql logging configuration parameters + become: True + become_user: postgres + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" + with_items: '{{ psql_log_configuration }}' + when: item.set == 'True' + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ] + - name: Set the postgresql autovacuum configuration parameters + become: True + become_user: postgres + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}" + with_items: '{{ psql_autovacuum_configuration }}' + when: item.set == 'True' + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ] + + when: ansible_distribution_file_variety == "RedHat" diff --git a/tasks/postgresql-letsencrypt-acmetool.yml b/tasks/postgresql-letsencrypt-acmetool.yml index 8531a46..d16d986 100644 --- a/tasks/postgresql-letsencrypt-acmetool.yml +++ b/tasks/postgresql-letsencrypt-acmetool.yml @@ -4,7 +4,7 @@ file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root - name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service - copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555 + template: src=postgresql-letsencrypt-acme.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555 when: - postgresql_letsencrypt_managed diff --git a/tasks/postgresql-service-status.yml b/tasks/postgresql-service-status.yml index 0980378..18705af 100644 --- a/tasks/postgresql-service-status.yml +++ b/tasks/postgresql-service-status.yml @@ -1,11 +1,29 @@ --- - name: Ensure that the postgresql server is started service: name=postgresql state=started enabled=yes - when: postgresql_enabled + when: + - postgresql_enabled + - ansible_distribution_file_variety == "Debian" tags: [ 'postgresql', 'postgres' ] - name: Ensure that the postgresql server is stopped and disabled service: name=postgresql state=stopped enabled=no - when: not postgresql_enabled + when: + - not postgresql_enabled + - ansible_distribution_file_variety == "Debian" + tags: [ 'postgresql', 'postgres' ] + +- name: Ensure that the postgresql server is started + service: name='postgresql-{{ psql_version }}' state=started enabled=yes + when: + - postgresql_enabled + - ansible_distribution_file_variety == "RedHat" + tags: [ 'postgresql', 'postgres' ] + +- name: Ensure that the postgresql server is stopped and disabled + service: name='postgresql-{{ psql_version }}' state=stopped enabled=no + when: + - not postgresql_enabled + - ansible_distribution_file_variety == "RedHat" tags: [ 'postgresql', 'postgres' ] diff --git a/tasks/postgresql-ssl-config.yml b/tasks/postgresql-ssl-config.yml index d7fbfb3..f642fc5 100644 --- a/tasks/postgresql-ssl-config.yml +++ b/tasks/postgresql-ssl-config.yml @@ -3,9 +3,18 @@ - name: Setup SSL in the postgresql configuration become: True become_user: postgres - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" with_items: '{{ psql_conf_ssl_parameters }}' notify: Restart postgresql + when: ansible_distribution_file_variety == "Debian" + + - name: Setup SSL in the postgresql configuration + become: True + become_user: postgres + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" + with_items: '{{ psql_conf_ssl_parameters }}' + notify: Restart postgresql + when: ansible_distribution_file_variety == "RedHat" - name: Create the pki directory to store the postgresql key file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750 @@ -21,9 +30,18 @@ - name: Disable SSL in the postgresql configuration become: True become_user: postgres - action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" + action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" with_items: '{{ psql_conf_disable_ssl_parameters }}' notify: Restart postgresql + when: ansible_distribution_file_variety == "Debian" + + - name: Disable SSL in the postgresql configuration + become: True + become_user: postgres + action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" + with_items: '{{ psql_conf_disable_ssl_parameters }}' + notify: Restart postgresql + when: ansible_distribution_file_variety == "RedHat" when: not psql_enable_ssl tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ] diff --git a/tasks/postgresql_org_repo.yml b/tasks/postgresql_org_repo.yml index cc6e811..fec464b 100644 --- a/tasks/postgresql_org_repo.yml +++ b/tasks/postgresql_org_repo.yml @@ -1,15 +1,31 @@ --- -- name: Get the signing key for the postgresql.org repository - apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present - when: pg_use_postgresql_org_repo - tags: - - postgresql - - postgresql_repo +- name: Debian or Ubuntu + block: + - name: Get the signing key for the postgresql.org repository + apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present -- name: Setup the postgresql.org repository - apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes - when: pg_use_postgresql_org_repo - tags: - - postgresql - - postgresql_repo + - name: Setup the postgresql.org repository + apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes + when: + - pg_use_postgresql_org_repo + - ansible_distribution_file_variety == "Debian" + tags: [ 'postgresql', 'postgresql_repo' ] + +- name: EL + block: + - name: Install the pgsql pgdg repository + yum: name={{ psql_el_pgdg_repo_url }} state={{ psql_pkg_state }} + + - name: install the postgresql packages from the pgdg repository + yum: pkg={{ psql_el_pgdg_packages }} state={{ psql_pkg_state }} + + - name: Init the db if needed + command: /usr/pgsql-{{ psql_version }}/bin/postgresql{{ psql_version }}-setup initdb + args: + creates: '{{ psql_data_dir }}/postgresql.conf' + + when: + - pg_use_postgresql_org_repo + - ansible_distribution_file_variety == "RedHat" + tags: [ 'postgresql', 'postgresql_repo' ] diff --git a/files/pgpool-letsencrypt-acme.sh b/templates/pgpool-letsencrypt-acme.sh.j2 similarity index 86% rename from files/pgpool-letsencrypt-acme.sh rename to templates/pgpool-letsencrypt-acme.sh.j2 index 38ac48b..aa73e99 100644 --- a/files/pgpool-letsencrypt-acme.sh +++ b/templates/pgpool-letsencrypt-acme.sh.j2 @@ -26,7 +26,11 @@ chgrp postgres ${PGPOOL2_KEYFILE} echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log if [ -x /bin/systemctl ] ; then +{% if ansible_distribution_file_variety == "Debian" %} systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1 +{% else %} + systemctl reload pgpool2-{{ psql_version }} >> $LE_LOG_DIR/pgpool2.log 2>&1 +{% endif %} else service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1 fi diff --git a/files/postgresql-backup.sh b/templates/postgresql-backup.sh.j2 similarity index 92% rename from files/postgresql-backup.sh rename to templates/postgresql-backup.sh.j2 index 1b7c890..ad19c58 100755 --- a/files/postgresql-backup.sh +++ b/templates/postgresql-backup.sh.j2 @@ -2,8 +2,13 @@ # Set up the environment -if [ -f /etc/default/pg_backup ] ; then - . /etc/default/pg_backup +{% if ansible_distribution_file_variety == "Debian" %} +if [ -f {{ pg_backup_conf_dir }}/pg_backup ] ; then + . {{ pg_backup_conf_dir }}/pg_backup +{% elif ansible_distribution_file_variety == "RedHat" %} +if [ -f {{ pg_el_backup_conf_dir }}/pg_backup ] ; then + . {{ pg_el_backup_conf_dir }}/pg_backup +{% endif %} else N_DAYS_TO_SPARE=7 USE_NAGIOS=no diff --git a/files/postgresql-letsencrypt-acme.sh b/templates/postgresql-letsencrypt-acme.sh.j2 similarity index 81% rename from files/postgresql-letsencrypt-acme.sh rename to templates/postgresql-letsencrypt-acme.sh.j2 index a3c227e..def31c8 100644 --- a/files/postgresql-letsencrypt-acme.sh +++ b/templates/postgresql-letsencrypt-acme.sh.j2 @@ -26,7 +26,11 @@ chgrp postgres ${POSTGRESQL_KEYFILE} echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log if [ -x /bin/systemctl ] ; then - systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1 +{% if ansible_distribution_file_variety == "Debian" %} + systemctl reload postgresql >> $LE_LOG_DIR/pgpool2.log 2>&1 +{% else %} + systemctl reload postgresql-{{ psql_version }} >> $LE_LOG_DIR/pgpool2.log 2>&1 +{% endif %} else service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1 fi