---
- name: Install the packages needed by postgres when running behind a pgpool server
  apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
  notify: Restart postgresql
  when:
    - psql_pgpool_install
    - ansible_distribution_file_variety == "Debian"
  tags: [ 'postgresql', 'postgres', 'pgpool' ]

- name: PgPool II users setup
  block:
  - name: Add the postgres user that will manage the recovery, if not postgres
    become: True
    become_user: postgres
    postgresql_user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd }} role_attr_flags=REPLICATION port={{ psql_db_port }}
    when:
      - ('{{ pgpool_recovery_user }}' != 'postgres')
      - pgpool_recovery_user_pwd is defined

  - name: Give access to the pgpool recovery user, if it is not postgres
    lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ pgpool_recovery_user }} {{ item.1 }} md5"
    with_subelements: 
      - '{{ psql_db_data | default([]) }}'
      - allowed_hosts
    when:
      - psql_db_data is defined
      - item.1 is defined
      - pgpool_recovery_user_pwd is defined
    notify: Reload postgresql

  - name: Add the system user that will manage the recovery, if not postgres
    user: user={{ pgpool_recovery_user }} password={{ pgpool_recovery_user_pwd | password_hash('sha512') }} groups=postgres shell=/bin/bash system=yes
    when:
      - ('{{ pgpool_recovery_user }}' != 'postgres')
      - pgpool_recovery_user_pwd is defined

  - name: Configure the global replication user permissions on deb when no password has been defined
    postgresql_pg_hba:
      dest: '{{ psql_conf_dir }}/pg_hba.conf'
      contype: host
      users: '{{ pgpool_recovery_user }}'
      address: '{{ item.1 }}'
      databases: 'all'
      method: 'trust'
      state: present
    with_subelements:
      - '{{ psql_db_data | default([]) }}'
      - allowed_hosts
    when:
      - psql_db_data is defined
      - item.1 is defined
      - pgpool_recovery_user_pwd is not defined
    notify: Reload postgresql

  - name: Configure the replication user permissions for the replication DB on deb when no password has been defined
    postgresql_pg_hba:
      dest: '{{ psql_conf_dir }}/pg_hba.conf'
      contype: host
      users: '{{ pgpool_recovery_user }}'
      address: '{{ item.1 }}'
      databases: 'replication'
      method: 'trust'
      state: present
    with_subelements:
      - '{{ psql_db_data | default([]) }}'
      - allowed_hosts
    when:
      - psql_db_data is defined
      - item.1 is defined
      - pgpool_recovery_user_pwd is not defined
    notify: Reload postgresql

  - meta: flush_handlers

  - name: Create the ssh keys for the recovery user
    user: user={{ pgpool_recovery_user }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa ssh_key_type=ed25519

  - name: Remember to trust the ssh keys between the two nodes
    debug:
      msg: "Remember to trust the ssh keys between the two nodes. You have to setup the .ssh/authorized_keys manually for the user {{ pgpool_recovery_user }}"

  - name: Install the pgpool recovery and remote restart scripts. They assume that the postgresql hosts can talk to each other
    template: src={{ item.1 }}.j2 dest={{ item.0.backend_data_directory }}/{{ item.1 }} owner=postgres group=postgres mode=0500
    with_nested: 
      - '{{ pgpool_backends | default([]) }}'
      - [ '{{ pgpool_recovery_stage1_script }}', '{{ pgpool_recovery_stage2_script }}', '{{ pgpool_remote_start_script }}' ]

  tags: [ 'postgresql', 'postgres', 'pgpool', 'pgpool_user' ]

- name: PgPool II postgres setup
  block:
  - name: Set the postgresql configuration parameters needed by pgpool
    action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
    with_items: '{{ psql_wal_files_conf }}'
    when:
      - item.set
      - psql_wal_files_archiving_enabled
    notify: Restart postgresql with pgpool config
    tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]

  - name: Ensure that the postgresql config file has the correct permissions
    file: dest={{ psql_conf_dir }}/postgresql.conf owner=root group=postgres mode='0440'
    tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]

  - name: Add the pgpool postgres extensions to the template1 dbs
    become: True
    become_user: postgres
    postgresql_ext: name={{ item }} db=template1 port={{ psql_db_port }}
    with_items:
      - pgpool_regclass
      - pgpool_recovery
    tags: [ 'postgresql', 'postgres', 'pg_extensions' ]

  - name: Install the sudoers config that permits the postgres user to restart the service after a recovery
    template: src=postgresql-sudoers.j2 dest=/etc/sudoers.d/postgres-pgpool owner=root group=root mode=0440
    tags: [ 'postgres', 'postgresql', 'sudo', 'pgpool' ]

  - name: Install a script that cleans up the wal log archives
    template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=root mode=0755
    tags: [ 'postgres_backuppc', 'postgres', 'postgresql', 'sudo', 'pgpool' ]

  - name: backuppc root script to syncronize backup and wal clean up
    copy: src=backuppc_pg_wal.sh dest=/usr/local/sbin/backuppc_pg_wal.sh owner=root mode=0744
    tags: [ 'postgres_backuppc', 'postgres', 'postgresql', 'pgpool' ]

# The script is started by the backup server after the file copy, crontab action must be deleted
  #- name: Install a cron job to cleanup the wal log archives
  #  cron: name="Clean up the postgresql WAL log archives" user=postgres job="/usr/local/sbin/postgresql_wal_backup_and_removal > {{ psql_log_dir }}/wal_removal.log 2>&1" special_time=daily

  tags: [ 'postgresql', 'postgres', 'pgpool' ]