From 1fc4a4527d053dd093ef3203f73d08c013c36b9c Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 18 Dec 2023 12:41:38 +0100
Subject: [PATCH] Fix the pgdg repository of the deb packages.

---
 defaults/main.yml             | 137 ++++++++++++++++++----------------
 tasks/postgresql_org_repo.yml |  48 ++++++++----
 2 files changed, 105 insertions(+), 80 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 084bd3f..e11eca7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,26 +1,31 @@
 ---
-psql_enabled: True
+psql_enabled: true
 # I prefer to use the postgresql.org repositories
 #
 # See the features matrix here: http://www.postgresql.org/about/featurematrix/
 #
-pg_use_postgresql_org_repo: True
-psql_postgresql_install: True
+pg_use_postgresql_org_repo: true
+postgresql_deb_repo_key_url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc"
+postgresql_deb_repo_key: /etc/apt/keyrings/postgresql.asc
+postgresql_deb_repository_url: "http://apt.postgresql.org/pub/repos/apt/"
+postgresql_deb_repository_rel: "{{ ansible_lsb.codename }}-pgdg"
+psql_postgresql_install: true
 psql_pkg_state: present
-postgresql_enabled: True
+postgresql_enabled: true
 psql_version: 16
 psql_db_host: localhost
 psql_db_port: 5432
 psql_db_size_w: 150000000
 psql_db_size_c: 170000000
 psql_max_connections: 1024
-psql_listen_on_ext_int: False
-psql_use_alternate_data_dir: False
+psql_listen_on_ext_int: false
+psql_use_alternate_data_dir: false
 # Deb/Ubuntu
 psql_data_root_dir: '/var/lib/postgresql/{{ psql_version }}'
 psql_data_dir: '{{ psql_data_root_dir }}/main'
 psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main'
 psql_log_dir: /var/log/postgresql
+postgresql_install_client_only: false
 
 # Debian/Ubuntu
 postgresql_pkgs:
@@ -30,8 +35,8 @@ postgresql_pkgs:
   - pgtop
   - "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-psycopg2{% else %}python-psycopg2{% endif %}"
 
-psql_el_install_scl_version: False
-psql_el_install_from_pgdg_repo: True
+psql_el_install_scl_version: false
+psql_el_install_from_pgdg_repo: true
 psql_el_pgdg_repo_url: "https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm"
 psql_scl_base_dir: '/var/opt/rh/rh-postgresql{{ psql_version }}/lib/pgsql'
 psql_el_base_dir: '/var/lib/pgsql/{{ psql_version }}'
@@ -53,68 +58,68 @@ psql_el_scl_packages:
   - python-psycopg2
 
 psql_conf_parameters:
-  - { name: 'max_connections', value: '{{ psql_max_connections }}', set: 'True' }
-  - { name: 'shared_buffers', value: '{{ (ansible_memtotal_mb / 4) | int }}MB', set: 'True' }
-  - { name: 'work_mem', value: '{{ ((ansible_memtotal_mb * 1024) / (400 * ansible_processor_vcpus)) | int }}kB', set: 'True' }
-  - { name: 'maintenance_work_mem', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' }
-  - { name: 'temp_buffers', value: '{{ ansible_memtotal_mb }}kB', set: 'True' }
-  - { name: 'wal_buffers', value: '{{ (ansible_memtotal_mb / 1024 * 2) | int }}MB', set: 'True' }
-  - { name: 'min_wal_size', value: '{{ (ansible_memtotal_mb / 16) | int }}MB', set: 'True' }
-  - { name: 'max_wal_size', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' }
-  - { name: 'effective_cache_size', value: '{{ (ansible_memtotal_mb / 1.3) | int }}MB', set: 'True' }
-  - { name: 'max_stack_depth', value: '2MB', set: 'False' }
-  - { name: 'max_files_per_process', value: '8192', set: 'False' }
+  - { name: 'max_connections', value: '{{ psql_max_connections }}', set: 'true' }
+  - { name: 'shared_buffers', value: '{{ (ansible_memtotal_mb / 4) | int }}MB', set: 'true' }
+  - { name: 'work_mem', value: '{{ ((ansible_memtotal_mb * 1024) / (400 * ansible_processor_vcpus)) | int }}kB', set: 'true' }
+  - { name: 'maintenance_work_mem', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'true' }
+  - { name: 'temp_buffers', value: '{{ ansible_memtotal_mb }}kB', set: 'true' }
+  - { name: 'wal_buffers', value: '{{ (ansible_memtotal_mb / 1024 * 2) | int }}MB', set: 'true' }
+  - { name: 'min_wal_size', value: '{{ (ansible_memtotal_mb / 16) | int }}MB', set: 'true' }
+  - { name: 'max_wal_size', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'true' }
+  - { name: 'effective_cache_size', value: '{{ (ansible_memtotal_mb / 1.3) | int }}MB', set: 'true' }
+  - { name: 'max_stack_depth', value: '2MB', set: 'false' }
+  - { name: 'max_files_per_process', value: '8192', set: 'false' }
 
 # logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters
 psql_log_configuration:
-  - { name: 'log_destination', value: 'stderr', set: 'True' }
-  - { name: 'logging_collector', value: 'off', set: 'False' }
-  - { name: 'log_directory', value: '{{ psql_log_dir }}', set: 'True' }
-  - { name: 'log_rotation_age', value: '1d', set: 'True' }
-  - { name: 'log_rotation_size', value: '10MB', set: 'True' }
-  - { name: 'client_min_messages', value: 'notice', set: 'True' }
-  - { name: 'log_min_messages', value: 'warning', set: 'True' }
-  - { name: 'log_min_error_statement', value: 'error', set: 'True' }
-  - { name: 'log_min_duration_statement', value: '-1', set: 'True' }
-  - { name: 'log_checkpoints', value: 'off', set: 'True' }
-  - { name: 'log_duration', value: 'off', set: 'True' }
-  - { name: 'log_error_verbosity', value: 'default', set: 'True' }
+  - { name: 'log_destination', value: 'stderr', set: 'true' }
+  - { name: 'logging_collector', value: 'off', set: 'false' }
+  - { name: 'log_directory', value: '{{ psql_log_dir }}', set: 'true' }
+  - { name: 'log_rotation_age', value: '1d', set: 'true' }
+  - { name: 'log_rotation_size', value: '10MB', set: 'true' }
+  - { name: 'client_min_messages', value: 'notice', set: 'true' }
+  - { name: 'log_min_messages', value: 'warning', set: 'true' }
+  - { name: 'log_min_error_statement', value: 'error', set: 'true' }
+  - { name: 'log_min_duration_statement', value: '-1', set: 'true' }
+  - { name: 'log_checkpoints', value: 'off', set: 'true' }
+  - { name: 'log_duration', value: 'off', set: 'true' }
+  - { name: 'log_error_verbosity', value: 'default', set: 'true' }
   
 # Treat vacuum separately. Important: the parameters that need a restart must be listed in psql_conf_parameters
 psql_autovacuum_configuration:
-  - { name: 'track_counts', value: 'on', set: 'True' }
-  - { name: 'autovacuum', value: 'on', set: 'True' }
-  - { name: 'log_autovacuum_min_duration', value: '-1', set: 'True' }
-  - { name: 'autovacuum_vacuum_threshold', value: '50', set: 'True' }
-  - { name: 'autovacuum_analyze_threshold', value: '50', set: 'True' }
-  - { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'True' }
-  - { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'True' }
-  - { name: 'autovacuum_max_workers', value: '10', set: 'True' }
-  - { name: 'autovacuum_naptime', value: '10', set: 'True' }
+  - { name: 'track_counts', value: 'on', set: 'true' }
+  - { name: 'autovacuum', value: 'on', set: 'true' }
+  - { name: 'log_autovacuum_min_duration', value: '-1', set: 'true' }
+  - { name: 'autovacuum_vacuum_threshold', value: '50', set: 'true' }
+  - { name: 'autovacuum_analyze_threshold', value: '50', set: 'true' }
+  - { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'true' }
+  - { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'true' }
+  - { name: 'autovacuum_max_workers', value: '10', set: 'true' }
+  - { name: 'autovacuum_naptime', value: '10', set: 'true' }
 
 # Streaming replication settings
-postgresql_streaming_replication: False
+postgresql_streaming_replication: false
 postgresql_streaming_replication_primary_node: 'localhost'
 psql_streaming_replication_hosts:
   - 'localhost'
 psql_streaming_replication_user: psql_replica
 #psql_streaming_replication_pwd: 'use a vault'
 psql_streaming_replication_config:
-  - { name: 'wal_level', value: 'replica', set: 'True' }
-  - { name: 'max_wal_senders', value: '10', set: 'True' }
-  - { name: 'wal_keep_size', value: '0', set: 'True' }
-  - { name: 'max_slot_wal_keep_size', value: '50MB', set: 'True' }
-  - { name: 'wal_compression', value: 'on', set: 'True' }
-  - { name: 'wal_log_hints', value: 'on', set: 'True' }
-  - { name: 'hot_standby', value: 'on', set: 'True' }
-  - { name: 'archive_mode', value: 'always', set: 'True' }
-  - { name: 'archive_command', value: "cp %p {{ psql_wal_archiving_log_dir }}/%f", set: 'True' }
-  - { name: 'restore_command', value: "cp {{ psql_wal_archiving_log_dir }}/%f %p", set: 'True' }
-  - { name: 'archive_cleanup_command', value: "pg_archivecleanup {{ psql_wal_archiving_log_dir }} %r", set: 'True' }
+  - { name: 'wal_level', value: 'replica', set: 'true' }
+  - { name: 'max_wal_senders', value: '10', set: 'true' }
+  - { name: 'wal_keep_size', value: '0', set: 'true' }
+  - { name: 'max_slot_wal_keep_size', value: '50MB', set: 'true' }
+  - { name: 'wal_compression', value: 'on', set: 'true' }
+  - { name: 'wal_log_hints', value: 'on', set: 'true' }
+  - { name: 'hot_standby', value: 'on', set: 'true' }
+  - { name: 'archive_mode', value: 'always', set: 'true' }
+  - { name: 'archive_command', value: "cp %p {{ psql_wal_archiving_log_dir }}/%f", set: 'true' }
+  - { name: 'restore_command', value: "cp {{ psql_wal_archiving_log_dir }}/%f %p", set: 'true' }
+  - { name: 'archive_cleanup_command', value: "pg_archivecleanup {{ psql_wal_archiving_log_dir }} %r", set: 'true' }
 
 # SSL as a special case
-psql_enable_ssl: False
-psql_force_ssl_client_connection: False
+psql_enable_ssl: false
+psql_force_ssl_client_connection: false
 postgresql_letsencrypt_managed: '{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}true{% else %}false{% endif %}'
 psql_ssl_privkey_global_file: '{% if postgresql_letsencrypt_managed %}/var/lib/acme/live/{{ ansible_fqdn }}/privkey{% else %}{{ pki_dir }}/keys/{{ ansible_fqdn}}-key.pem{% endif %}'
 psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
@@ -122,15 +127,15 @@ psql_ssl_cert_file: '{% if postgresql_letsencrypt_managed %}/var/lib/acme/live/{
 # In CentOS/RHEL is /etc/pki/tls/cert.pem
 psql_ssl_ca_file: '/etc/ssl/certs/ca-certificates.crt'
 psql_conf_ssl_parameters: 
-  - { name: 'ssl', value: 'true', set: 'True' }
-  - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}', set: 'True' }
-  - { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_file }}', set: 'True' }
-  - { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}', set: 'True' }
+  - { name: 'ssl', value: 'true', set: 'true' }
+  - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}', set: 'true' }
+  - { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_file }}', set: 'true' }
+  - { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}', set: 'true' }
 
 psql_conf_disable_ssl_parameters: 
-  - { name: 'ssl', value: 'false', set: 'True' }
+  - { name: 'ssl', value: 'false', set: 'true' }
 
-psql_set_shared_memory: False
+psql_set_shared_memory: false
 psql_sysctl_file: 30-postgresql-shm.conf
 psql_sysctl_kernel_sharedmem_parameters:
   - { name: 'kernel.shmmax', value: '33554432' }
@@ -142,14 +147,14 @@ psql_db_pwd: "We cannot save the password into the repository. Use another varia
 
 #psql_db_data:
   # Example of line needed to create a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory.
-  #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: True }
+  #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: true }
   # Example of line needed to manage the db accesses (used by iptables too), without creating the db and the user. Useful, for example, to give someone access to the postgresql db
-  #- { name: '{{ psql_db_name }}', user: '{{ psql_db_user }}', allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: False }
+  #- { name: '{{ psql_db_name }}', user: '{{ psql_db_user }}', allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: false }
   # Example of line needed to remove a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory.
-  #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', managedb: True, roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], state=absent }
+  #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', managedb: true, roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], state=absent }
 
 # postgis
-postgres_install_gis_extensions: False
+postgres_install_gis_extensions: false
 postgres_gis_version: 3
 postgres_gis_shortver: 3
 postgres_gis_pkgs:
@@ -160,14 +165,14 @@ postgres_el_gis_pkgs:
   - 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}-client'
 
 # Local backup  
-pg_backup_enabled: True
+pg_backup_enabled: true
 pg_el_backup_conf_dir: /etc/sysconfig
 pg_backup_conf_dir: /etc/default
 pg_backup_bin: /usr/local/sbin/postgresql-backup
 pg_backup_pgdump_bin: /usr/bin/pg_dump
 pg_backup_retain_copies: 2
 pg_backup_build_db_list: "yes"
-psql_wal_files_archiving_enabled: False
+psql_wal_files_archiving_enabled: false
 psql_wal_archiving_log_dir: '{{ psql_data_dir }}/archive_log'
 psql_base_backup_dir: '{{ pg_backup_base_dir }}/base_backup'
 # Dynamically created from psql_db_data if pg_backup_db_list is not set
diff --git a/tasks/postgresql_org_repo.yml b/tasks/postgresql_org_repo.yml
index 7511292..8b3b272 100644
--- a/tasks/postgresql_org_repo.yml
+++ b/tasks/postgresql_org_repo.yml
@@ -1,23 +1,43 @@
 ---
-- name: Debian or Ubuntu
-  block:
-  - name: Get the signing key for the postgresql.org repository
-    apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present
-
-  - name: Setup the postgresql.org repository
-    apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes
-
+- name: postgresql_org_repo | Debian or Ubuntu
   when:
     - pg_use_postgresql_org_repo
     - ansible_distribution_file_variety == "Debian"
-  tags: [ 'postgresql', 'postgresql_repo' ]
-
-- name: EL
+  tags: ['postgresql', 'postgresql_repo']
   block:
-  - name: Install the pgsql pgdg repository
-    yum: name={{ psql_el_pgdg_repo_url }} state={{ psql_pkg_state }}
+    - name: postgresql_org_repo | Ensure that /etc/apt.d/keyrings exists
+      ansible.builtin.file:
+        dest: /etc/apt.d/keyrings
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+    - name: postgresql_org_repo | Get the signing key for the postgresql.org repository
+      ansible.builtin.get_url:
+        url: "{{ postgresql_deb_repo_key_url }}"
+        dest: "{{ postgresql_deb_repo_key }}"
+        owner: root
+        group: root
+        mode: "0644"
+    - name: postgresql_org_repo | Install the repository for Ubuntu
+      ansible.builtin.deb822_repository:
+        name: postgresql-org
+        types: [deb]
+        uris: "{{ postgresql_deb_repository_url }}"
+        components:
+          - main
+        suites: ["{{ postgresql_deb_repository_rel }}"]
+        signed_by: "{{ postgresql_deb_repo_key }}"
+        state: present
+        enabled: true
 
+- name: postgresql_org_repo | Manage the EL repository
   when:
     - pg_use_postgresql_org_repo
     - ansible_distribution_file_variety == "RedHat"
-  tags: [ 'postgresql', 'postgresql_repo' ]
+  tags: ['postgresql', 'postgresql_repo']
+  block:
+    - name: postgresql_org_repo | Install the pgsql pgdg repository
+      ansible.builtin.yum:
+        name: "{{ psql_el_pgdg_repo_url }}"
+        state: present