--- psql_enabled: True pg_use_postgresql_org_repo: True psql_postgresql_install: True psql_pkg_state: present postgresql_enabled: True psql_pgpool_install: False psql_pgpool_service_install: False psql_pgpool_pkg_state: present # I prefer to use the postgresql.org repositories # # See the features matrix here: http://www.postgresql.org/about/featurematrix/ # psql_version: 12 psql_db_host: localhost psql_db_port: 5432 psql_db_size_w: 150000000 psql_db_size_c: 170000000 psql_listen_on_ext_int: False psql_use_alternate_data_dir: False # Deb/Ubuntu psql_data_dir: '/var/lib/postgresql/{{ psql_version }}' psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main' psql_log_dir: /var/log/postgresql # Debian/Ubuntu postgresql_pkgs: - 'postgresql-{{ psql_version }}' - 'postgresql-contrib-{{ psql_version }}' - 'postgresql-client-{{ psql_version }}' - pgtop - python-psycopg2 psql_el_install_scl_version: False psql_el_install_from_pgdg_repo: True psql_el_pgdg_repo_url: "https://ftp.postgresql.org/pub/repos/yum/{{ psql_version }}/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm" psql_scl_base_dir: '/var/opt/rh/rh-postgresql{{ psql_version }}/lib/pgsql' psql_el_base_dir: '/var/lib/pgsql/{{ psql_version }}' psql_el_data_dir: '{{ psql_el_base_dir }}/data' psql_el_conf_dir: '{{ psql_el_data_dir }}' psql_el_pgdg_packages: - 'postgresql{{ psql_version }}-server' - 'postgresql{{ psql_version }}-contrib' - 'pg_top{{ psql_version }}' - pgcluu - python-psycopg2 psql_el_scl_packages: - rh-postgresql'{{ psql_version }}'-runtime - rh-postgresql'{{ psql_version }}'-postgresql - rh-postgresql'{{ psql_version }}'-postgresql-server - rh-postgresql'{{ psql_version }}'-postgresql-contrib - python-psycopg2 psql_conf_parameters: - { name: 'max_connections', value: '100', set: 'False' } - { name: 'shared_buffers', value: '24MB', set: 'False' } - { name: 'temp_buffers', value: '8MB', set: 'False' } - { name: 'work_mem', value: '1MB', set: 'False' } - { name: 'maintenance_work_mem', value: '16MB', set: 'False' } - { name: 'max_stack_depth', value: '2MB', set: 'False' } - { name: 'max_files_per_process', value: '1000', set: 'False' } # logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters psql_log_configuration: - { name: 'log_destination', value: 'stderr', set: 'True' } - { name: 'logging_collector', value: 'off', set: 'False' } - { name: 'log_directory', value: "'{{ psql_log_dir }}'", set: 'True' } - { name: 'log_rotation_age', value: '1d', set: 'True' } - { name: 'log_rotation_size', value: '10MB', set: 'True' } - { name: 'client_min_messages', value: 'notice', set: 'True' } - { name: 'log_min_messages', value: 'warning', set: 'True' } - { name: 'log_min_error_statement', value: 'error', set: 'True' } - { name: 'log_min_duration_statement', value: '-1', set: 'True' } - { name: 'log_checkpoints', value: 'off', set: 'True' } - { name: 'log_connections', value: 'on', set: 'True' } - { name: 'log_disconnections', value: 'off', set: 'True' } - { name: 'log_duration', value: 'off', set: 'True' } - { name: 'log_error_verbosity', value: 'default', set: 'True' } - { name: 'log_hostname', value: 'on', set: 'True' } # Treat vacuum separately. Important: the parameters that need a restart must be listed in psql_conf_parameters psql_autovacuum_configuration: - { name: 'track_counts', value: 'on', set: 'True' } - { name: 'autovacuum', value: 'on', set: 'True' } - { name: 'log_autovacuum_min_duration', value: '-1', set: 'True' } - { name: 'autovacuum_vacuum_threshold', value: '50', set: 'True' } - { name: 'autovacuum_analyze_threshold', value: '50', set: 'True' } - { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'True' } - { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'True' } # SSL as a special case psql_enable_ssl: False psql_force_ssl_client_connection: False postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}' psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey' psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain' psql_conf_ssl_parameters: - { name: 'ssl', value: 'true' } - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' } - { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_file }}' } - { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}' } psql_conf_disable_ssl_parameters: - { name: 'ssl', value: 'false' } psql_set_shared_memory: False psql_sysctl_file: 30-postgresql-shm.conf psql_sysctl_kernel_sharedmem_parameters: - { name: 'kernel.shmmax', value: '33554432' } - { name: 'kernel.shmall', value: '2097152' } psql_db_name: db_name psql_db_user: db_user psql_db_pwd: "We cannot save the password into the repository. Use another variable and change pgpass.j2 accordingly. Encrypt the file that contains the variable with ansible-vault" # Those need to be installed on the postgresql server. postgresql_pgpool_pkgs: - 'postgresql-{{ psql_version }}-pgpool2' #psql_db_data: # Example of line needed to create a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory. #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: True } # Example of line needed to manage the db accesses (used by iptables too), without creating the db and the user. Useful, for example, to give someone access to the postgresql db #- { name: '{{ psql_db_name }}', user: '{{ psql_db_user }}', allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: False } # Example of line needed to remove a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory. #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', managedb: True, roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], state=absent } # pgpool-II pgpool_pkgs: - pgpool2 - iputils-arping pgpool_el_pkgs: - 'pgpool-II-{{ psql_version }}' - 'pgpool-II-{{ psql_version }}-extensions' pgpool_enabled: True pgpool_listen_addresses: 'localhost' pgpool_port: 5433 pgpool_listen_backlog_multiplier: 2 pgpool_pcp_user: admin # Define pcp_pwd in a vault file pgpool_pcp_listen_addresses: '*' pgpool_pcp_port: 9898 #pgpool_backends: # - { id: 0, hostname: 'backend0', backend_port: '{{ psql_db_port }}', backend_weight: 1, backend_data_directory: '{{ psql_data_dir }}', backend_flag: 'ALLOW_TO_FAILOVER' } pgpool_enable_pool_hba: 'on' pgpool_pool_passwd: 'pool_passwd' pgpool_num_init_children: 32 pgpool_max_pool: 4 pgpool_child_life_time: 300 pgpool_child_max_connections: 0 pgpool_connection_life_time: 0 pgpool_client_idle_limit: 0 pgpool_log_destination: syslog pgpool_log_connections: 'on' pgpool_log_hostname: 'on' pgpool_log_statement: 'off' pgpool_log_per_node_statement: 'off' pgpool_debug_level: 0 pgpool_replication_mode: 'on' pgpool_replicate_select: 'off' pgpool_insert_lock: 'on' pgpool_lobj_lock_table: '' pgpool_replication_stop_on_mismatch: 'on' pgpool_failover_if_affected_tuples_mismatch: 'off' pgpool_recovery_timeout: 30 pgpool_client_idle_limit_in_recovery: -1 pgpool_load_balance_mode: 'on' pgpool_ignore_leading_white_space: 'on' pgpool_recovery_user: postgres # pgpool_recovery_user_pwd: use a vault file for this one pgpool_recovery_stage1_script: pgpool_recovery_stage_1 pgpool_recovery_stage2_script: pgpool_recovery_stage_2 pgpool_remote_start_script: pgpool_remote_start pgpool_white_function_list: '' pgpool_black_function_list: 'nextval,setval' pgpool_allow_sql_comments: 'on' pgpool_fail_over_on_backend_error: 'on' pgpool_relcache_expire: 3600 pgpool_memory_cache_enabled: 'off' pgpool_memqcache_method: memcached pgpool_memqcache_memcached_host: localhost pgpool_memqcache_memcached_port: 11211 pgpool_memqcache_expire: 0 pgpool_memqcache_auto_cache_invalidation: 'on' pgpool_serialize_accept: 'off' # HA and watchdog pgpool_use_watchdog: 'off' pgpool_wd_trusted_servers: 'localhost,localhost' pgpool_wd_port: 9000 pgpool_wd_priority: 1 # Warning: setting pgpool_wd_heartbeat_mode to False enables # the 'query mode' that is untested and not working without manual intervention pgpool_wd_heartbeat_mode: True pgpool_wd_heartbeat_port: 9694 pgpool_wd_heartbeat_keepalive_int: 3 pgpool_wd_heartbeat_deadtime: 30 pgpool_wd_heartbeat_dest0: 'localhost' pgpool_wd_heartbeat_dest0_port: '{{ pgpool_wd_heartbeat_port }}' #pgpool_wd_authkey: 'set it inside a vault file' # SSL as a special case pgpool_enable_ssl: False pgpool_letsencrypt_managed: True pgpool_ssl_key: /etc/pki/pgpool2/pgpool2.key pgpool_ssl_cert: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' pgpool_ssl_ca: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain' pgpool_ssl_ca_dir: /etc/ssl/certs pgpool_virtual_ip: 127.0.0.1 pgpool_virtual_netmask: 24 # WAL files archiving is mandatory for pgpool recovery psql_wal_files_archiving_enabled: '{{ psql_pgpool_install }}' psql_restart_after_wal_enabling: True psql_wal_archiving_log_dir: '{{ psql_data_dir }}/archive_log' psql_base_backup_dir: '{{ pg_backup_base_dir }}/base_backup' psql_wal_files_conf: - { name: 'wal_level', value: 'archive', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'wal_sync_method', value: 'fdatasync', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'full_page_writes', value: 'on', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'wal_log_hints', value: 'on', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'archive_mode', value: 'on', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'archive_command', value: "'test ! -f {{ psql_wal_archiving_log_dir }}/%f && cp %p {{ psql_wal_archiving_log_dir }}/%f'", set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'archive_timeout', value: '120', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'max_wal_senders', value: '5', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'wal_sender_timeout', value: '60s', set: '{{ psql_wal_files_archiving_enabled }}' } - { name: 'max_replication_slots', value: '5', set: '{{ psql_wal_files_archiving_enabled }}' } # postgis postgres_install_gis_extensions: False postgres_gis_version: 2.5 postgres_gis_shortver: 25 postgres_gis_pkgs: - 'postgresql-{{ psql_version }}-postgis-{{ postgres_gis_version }}' postgres_el_gis_pkgs: - 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}' - 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}-client' # Local backup pg_backup_enabled: True pg_el_backup_conf_dir: /etc/sysconfig pg_backup_conf_dir: /etc/default pg_backup_bin: /usr/local/sbin/postgresql-backup pg_backup_pgdump_bin: /usr/bin/pg_dump pg_backup_retain_copies: 2 pg_backup_build_db_list: "yes" # Dynamically created from psql_db_data if pg_backup_db_list is not set #pg_backup_db_list: '{{ psql_db_name}}' pg_backup_base_dir: /var/lib/pgsql pg_backup_destdir: '{{ pg_backup_base_dir }}/backups' pg_backup_logdir: /var/log/postgresql pg_backup_logfile: '{{ pg_backup_logdir }}/postgresql-backup.log' pg_backup_use_auth: "no" pg_backup_pass_file: /root/.pgpass pg_backup_use_nagios: "yes" # Used to configure firewalld postgresql_firewalld_zone: '{{ firewalld_default_zone }}'