tpiccioli
/
ansible-role-postgresql
forked from ISTI-ansible-roles/ansible-role-postgresql
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

merge into: tpiccioli:master
Branches Tags
tpiccioli:master
ISTI-ansible-roles:master
...
pull from: ISTI-ansible-roles:master
Branches Tags
ISTI-ansible-roles:master
tpiccioli:master

52 Commits
master ... master

Author SHA1 Message Date
Andrea Dell'Amico 6712574bd6
Fix the path of the letsencrypt certificates. 2024-11-28 17:51:44 +01:00
Andrea Dell'Amico d36c88673c
Fix the systemd custom file. 2024-08-09 17:03:25 +02:00
Andrea Dell'Amico 33a9cfaefc
Reload systemd after changing the systemd unit. 2024-08-09 16:36:02 +02:00
Andrea Dell'Amico 488253a708
Fix the data directory setup on EL systems. 2024-08-09 16:28:41 +02:00
Andrea Dell'Amico 3aeea4004a
EL config: a 'become_user' is missing. 2024-08-08 19:54:45 +02:00
Andrea Dell'Amico 2f1d9b5971
Create the data directory if it is meant to be in a different place. 2024-08-08 19:32:50 +02:00
Andrea Dell'Amico 715e2b4c49
Use dnf on EL 8+. 2024-08-08 19:03:24 +02:00
Andrea Dell'Amico f2103225f1
Fix the EL repository name. 2024-08-08 18:56:24 +02:00
Andrea Dell'Amico 0c35eea79e
Fix a typo. 2024-05-13 18:23:26 +02:00
Andrea Dell'Amico 4f2e0615e5
New task to manage additional custom parameters. 2024-05-13 18:08:20 +02:00
Andrea Dell'Amico aded1a0426
hashing method configurable. 2024-05-13 17:59:41 +02:00
Andrea Dell'Amico b8be7778e8
Update the apt cache when the repo changes. 2024-02-12 16:29:27 +01:00
Andrea Dell'Amico eaeeb5be5a
Ubuntu bionic not supported anymore. 2023-12-18 13:44:49 +01:00
Andrea Dell'Amico 7870fbcbfa
Another round of task names changes. 2023-12-18 13:15:11 +01:00
Andrea Dell'Amico aad4b75d60
Fix a task name. 2023-12-18 13:12:22 +01:00
Andrea Dell'Amico 6819643fd1
Fix a typo. 2023-12-18 13:11:17 +01:00
Andrea Dell'Amico efb66ae437
Tags for the client installation. 2023-12-18 13:07:42 +01:00
Andrea Dell'Amico 96d172ce67
Option to install the client only. 2023-12-18 13:00:20 +01:00
Andrea Dell'Amico 1fc4a4527d
Fix the pgdg repository of the deb packages. 2023-12-18 12:41:38 +01:00
Andrea Dell'Amico e54345a927
New variable to set the max connections. 2023-12-13 11:56:43 +01:00
Andrea Dell'Amico e8e9e32f82
Align the parameters convetions. 2023-11-21 12:04:25 +01:00
Andrea Dell'Amico fd68e8d04a
Flush handlers after configuring pg_hba. 2023-10-25 16:29:36 +02:00
Andrea Dell'Amico a6f71dda75
Fix some lint warnings. 2023-10-20 12:44:06 +02:00
Andrea Dell'Amico d69716bb8a
Replace the configfile.py module. Other fixes. 2023-10-16 18:39:03 +02:00
Andrea Dell'Amico 3941030b6b
Start replacing configfile with the proper modules 2023-10-15 15:30:17 +02:00
Andrea Dell'Amico b6d5cae17b
Some code cleanup. 2023-10-15 15:13:16 +02:00
Andrea Dell'Amico 758b309594
Add a .gitignore. 2023-10-15 15:12:34 +02:00
Andrea Dell'Amico 05277e8038
Fix a typo. The r mode was not removed. 2023-10-11 18:53:56 +02:00
Andrea Dell'Amico cf4d866f0c
The file must be writeable... 2023-10-11 18:26:08 +02:00
Andrea Dell'Amico df6cf284e4
Use mode=r for the temp file too. 2023-10-11 18:20:29 +02:00
Andrea Dell'Amico 36ce397a79
Try again to open as a string. 2023-10-11 18:10:58 +02:00
Andrea Dell'Amico 27f5e6f0a7
Open the file as binary. 2023-10-11 18:01:56 +02:00
Andrea Dell'Amico 643ca47814
Fix the meta. 2023-10-11 17:56:26 +02:00
Andrea Dell'Amico b78149be59
Do not open the file as binary. 2023-10-11 17:56:16 +02:00
Andrea Dell'Amico 7a24ebf9be
New defaults: postgresql 16, postgis 3. 2023-10-11 11:54:01 +02:00
Andrea Dell'Amico 9df46eb4fb
Fix a typo. 2023-10-11 11:40:26 +02:00
Andrea Dell'Amico 07a81fbba9
Fix a typo. 2023-10-11 11:35:16 +02:00
Andrea Dell'Amico 1094339af2
Install python3-psycopg2 when Ubuntu >= 20. 2023-10-11 11:28:03 +02:00
Andrea Dell'Amico c0158f0c5b Merge pull request 'Update 'templates/postgresql-backup.sh.j2'' (!5) from tpiccioli-patch-1 into master 
Reviewed-on: ISTI-ansible-roles/ansible-role-postgresql#5
 2023-03-24 19:13:42 +01:00
Tommaso Piccioli 8b13a1377c Update 'templates/postgresql-backup.sh.j2' 2023-03-24 19:07:57 +01:00
Tommaso Piccioli a4ceaaf5b2 revert c9aa64f79a 
revert Update 'templates/postgresql-backup.sh.j2'
 2023-03-24 19:05:12 +01:00
Tommaso Piccioli c9aa64f79a Update 'templates/postgresql-backup.sh.j2' 2023-03-24 19:01:45 +01:00
Andrea Dell'Amico c38d2fb895 Merge pull request 'Update 'templates/postgresql-backup.sh.j2'' (!4) from tpiccioli-patch-1 into master 
Reviewed-on: ISTI-ansible-roles/ansible-role-postgresql#4
 2023-03-23 16:22:54 +01:00
Tommaso Piccioli 56cdc39d7b Update 'templates/postgresql-backup.sh.j2' 
- Cleanup older dumps leaving N_DAYS_TO_SPARE dump, don't use find by date
- clean old dumps before new dump
 2023-03-23 16:15:08 +01:00
Andrea Dell'Amico c3f33257ad Merge pull request 'using mtime instead of atime with find' (!3) from tpiccioli-patch-1 into master 
Reviewed-on: ISTI-ansible-roles/ansible-role-postgresql#3
 2023-03-03 18:05:39 +01:00
Tommaso Piccioli 66227f98b8 using mtime instead of atime with find 2023-03-03 17:57:19 +01:00
Andrea Dell'Amico 7b2a0a1b1e
Fix the letsencrypt defaults. 2021-10-09 17:21:53 +02:00
Andrea Dell'Amico 974c435e20
New max_slot_wal_keep_size default. 2021-09-21 19:00:26 +02:00
Andrea Dell'Amico 2d4f05bc3a
Fix the permissions of /usr/local/sbin/postgresql_wal_backup_and_removal 2021-09-18 14:35:35 +02:00
Andrea Dell'Amico d1bd4ab919
Set wal_keep_size to the default. 2021-09-18 14:31:55 +02:00
Andrea Dell'Amico 596337db58
The proposed value of 'wal_keep_size' was wrong. 2021-09-18 14:24:10 +02:00
Andrea Dell'Amico 3e01e4fa34 Merge pull request 'if master check added' (!2) from tpiccioli/ansible-role-postgresql:master into master 
Reviewed-on: ISTI-ansible-roles/ansible-role-postgresql#2
 2021-09-17 23:28:47 +02:00
22 changed files with 1017 additions and 829 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
# ---> Ansible # ---> Ansible
*.retry *.retry
.vscode/settings.json

164
defaults/main.yml
View File

@ -1,25 +1,32 @@
--- ---
psql_enabled: True psql_enabled: true
# I prefer to use the postgresql.org repositories # I prefer to use the postgresql.org repositories
# #
# See the features matrix here: http://www.postgresql.org/about/featurematrix/ # See the features matrix here: http://www.postgresql.org/about/featurematrix/
# #
pg_use_postgresql_org_repo: True pg_use_postgresql_org_repo: true
psql_postgresql_install: True postgresql_deb_repo_key_url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc"
postgresql_deb_repo_key: /etc/apt/keyrings/postgresql.asc
postgresql_deb_repository_url: "http://apt.postgresql.org/pub/repos/apt/"
postgresql_deb_repository_rel: "{{ ansible_lsb.codename }}-pgdg"
psql_postgresql_install: true
postgresql_client_only: false
psql_pkg_state: present psql_pkg_state: present
postgresql_enabled: True postgresql_enabled: true
psql_version: 13 psql_version: 16
psql_db_host: localhost psql_db_host: localhost
psql_db_port: 5432 psql_db_port: 5432
psql_db_size_w: 150000000 psql_db_size_w: 150000000
psql_db_size_c: 170000000 psql_db_size_c: 170000000
psql_listen_on_ext_int: False psql_max_connections: 1024
psql_use_alternate_data_dir: False psql_listen_on_ext_int: false
psql_use_alternate_data_dir: false
# Deb/Ubuntu # Deb/Ubuntu
psql_data_root_dir: '/var/lib/postgresql/{{ psql_version }}' psql_data_root_dir: '/var/lib/postgresql/{{ psql_version }}'
psql_data_dir: '{{ psql_data_root_dir }}/main' psql_data_dir: '{{ psql_data_root_dir }}/main'
psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main' psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main'
psql_log_dir: /var/log/postgresql psql_log_dir: /var/log/postgresql
postgresql_install_client_only: false
# Debian/Ubuntu # Debian/Ubuntu
postgresql_pkgs: postgresql_pkgs:
@ -27,11 +34,11 @@ postgresql_pkgs:
- 'postgresql-contrib-{{ psql_version }}' - 'postgresql-contrib-{{ psql_version }}'
- 'postgresql-client-{{ psql_version }}' - 'postgresql-client-{{ psql_version }}'
- pgtop - pgtop
- python-psycopg2 - "{% if ansible_distribution_version is version_compare('20.04', '>=') %}python3-psycopg2{% else %}python-psycopg2{% endif %}"
psql_el_install_scl_version: False psql_el_install_scl_version: false
psql_el_install_from_pgdg_repo: True psql_el_install_from_pgdg_repo: true
psql_el_pgdg_repo_url: "https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm" psql_el_pgdg_repo_url: "https://download.postgresql.org/pub/repos/yum/reporpms/EL-{{ ansible_distribution_major_version }}-x86_64/pgdg-redhat-repo-latest.noarch.rpm"
psql_scl_base_dir: '/var/opt/rh/rh-postgresql{{ psql_version }}/lib/pgsql' psql_scl_base_dir: '/var/opt/rh/rh-postgresql{{ psql_version }}/lib/pgsql'
psql_el_base_dir: '/var/lib/pgsql/{{ psql_version }}' psql_el_base_dir: '/var/lib/pgsql/{{ psql_version }}'
psql_el_data_dir: '{{ psql_el_base_dir }}/data' psql_el_data_dir: '{{ psql_el_base_dir }}/data'
@ -52,86 +59,87 @@ psql_el_scl_packages:
- python-psycopg2 - python-psycopg2
psql_conf_parameters: psql_conf_parameters:
- { name: 'max_connections', value: '100', set: 'True' } - { name: 'max_connections', value: '{{ psql_max_connections }}', set: 'true' }
- { name: 'shared_buffers', value: '{{ (ansible_memtotal_mb / 4) | int }}MB', set: 'True' } - { name: 'shared_buffers', value: '{{ (ansible_memtotal_mb / 4) | int }}MB', set: 'true' }
- { name: 'work_mem', value: '{{ ((ansible_memtotal_mb * 1024) / (400 * ansible_processor_vcpus)) | int }}kB', set: 'True' } - { name: 'work_mem', value: '{{ ((ansible_memtotal_mb * 1024) / (400 * ansible_processor_vcpus)) | int }}kB', set: 'true' }
- { name: 'maintenance_work_mem', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' } - { name: 'maintenance_work_mem', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'true' }
- { name: 'temp_buffers', value: '{{ ansible_memtotal_mb }}kB', set: 'True' } - { name: 'temp_buffers', value: '{{ ansible_memtotal_mb }}kB', set: 'true' }
- { name: 'wal_buffers', value: '{{ (ansible_memtotal_mb / 1024 * 2) | int }}MB', set: 'True' } - { name: 'wal_buffers', value: '{{ (ansible_memtotal_mb / 1024 * 2) | int }}MB', set: 'true' }
- { name: 'min_wal_size', value: '{{ (ansible_memtotal_mb / 16) | int }}MB', set: 'True' } - { name: 'min_wal_size', value: '{{ (ansible_memtotal_mb / 16) | int }}MB', set: 'true' }
- { name: 'max_wal_size', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'True' } - { name: 'max_wal_size', value: '{{ (ansible_memtotal_mb / 8) | int }}MB', set: 'true' }
- { name: 'effective_cache_size', value: '{{ (ansible_memtotal_mb / 1.3) | int }}MB', set: 'True' } - { name: 'effective_cache_size', value: '{{ (ansible_memtotal_mb / 1.3) | int }}MB', set: 'true' }
- { name: 'max_stack_depth', value: '2MB', set: 'False' } - { name: 'max_stack_depth', value: '2MB', set: 'false' }
- { name: 'max_files_per_process', value: '8192', set: 'False' } - { name: 'max_files_per_process', value: '8192', set: 'false' }
# Custom parameters. Default empty
psql_conf_custom_parameters: []
# logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters # logging configuration. Important: the parameters that need a restart must be listed in psql_conf_parameters
psql_log_configuration: psql_log_configuration:
- { name: 'log_destination', value: 'stderr', set: 'True' } - { name: 'log_destination', value: 'stderr', set: 'true' }
- { name: 'logging_collector', value: 'off', set: 'False' } - { name: 'logging_collector', value: 'off', set: 'false' }
- { name: 'log_directory', value: "'{{ psql_log_dir }}'", set: 'True' } - { name: 'log_directory', value: '{{ psql_log_dir }}', set: 'true' }
- { name: 'log_rotation_age', value: '1d', set: 'True' } - { name: 'log_rotation_age', value: '1d', set: 'true' }
- { name: 'log_rotation_size', value: '10MB', set: 'True' } - { name: 'log_rotation_size', value: '10MB', set: 'true' }
- { name: 'client_min_messages', value: 'notice', set: 'True' } - { name: 'client_min_messages', value: 'notice', set: 'true' }
- { name: 'log_min_messages', value: 'warning', set: 'True' } - { name: 'log_min_messages', value: 'warning', set: 'true' }
- { name: 'log_min_error_statement', value: 'error', set: 'True' } - { name: 'log_min_error_statement', value: 'error', set: 'true' }
- { name: 'log_min_duration_statement', value: '-1', set: 'True' } - { name: 'log_min_duration_statement', value: '-1', set: 'true' }
- { name: 'log_checkpoints', value: 'off', set: 'True' } - { name: 'log_checkpoints', value: 'off', set: 'true' }
- { name: 'log_connections', value: 'on', set: 'True' } - { name: 'log_duration', value: 'off', set: 'true' }
- { name: 'log_disconnections', value: 'off', set: 'True' } - { name: 'log_error_verbosity', value: 'default', set: 'true' }
- { name: 'log_duration', value: 'off', set: 'True' }
- { name: 'log_error_verbosity', value: 'default', set: 'True' }
- { name: 'log_hostname', value: 'on', set: 'True' }
# Treat vacuum separately. Important: the parameters that need a restart must be listed in psql_conf_parameters # Treat vacuum separately. Important: the parameters that need a restart must be listed in psql_conf_parameters
psql_autovacuum_configuration: psql_autovacuum_configuration:
- { name: 'track_counts', value: 'on', set: 'True' } - { name: 'track_counts', value: 'on', set: 'true' }
- { name: 'autovacuum', value: 'on', set: 'True' } - { name: 'autovacuum', value: 'on', set: 'true' }
- { name: 'log_autovacuum_min_duration', value: '-1', set: 'True' } - { name: 'log_autovacuum_min_duration', value: '-1', set: 'true' }
- { name: 'autovacuum_vacuum_threshold', value: '50', set: 'True' } - { name: 'autovacuum_vacuum_threshold', value: '50', set: 'true' }
- { name: 'autovacuum_analyze_threshold', value: '50', set: 'True' } - { name: 'autovacuum_analyze_threshold', value: '50', set: 'true' }
- { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'True' } - { name: 'autovacuum_vacuum_scale_factor', value: '0.2', set: 'true' }
- { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'True' } - { name: 'autovacuum_vacuum_cost_limit', value: '1000', set: 'true' }
- { name: 'autovacuum_max_workers', value: '10', set: 'True' } - { name: 'autovacuum_max_workers', value: '10', set: 'true' }
- { name: 'autovacuum_naptime', value: '10', set: 'True' } - { name: 'autovacuum_naptime', value: '10', set: 'true' }
# Streaming replication settings # Streaming replication settings
postgresql_streaming_replication: False postgresql_streaming_replication: false
postgresql_streaming_replication_primary_node: 'localhost' postgresql_streaming_replication_primary_node: 'localhost'
psql_streaming_replication_hosts: psql_streaming_replication_hosts:
- 'localhost' - 'localhost'
psql_streaming_replication_user: psql_replica psql_streaming_replication_user: psql_replica
#psql_streaming_replication_pwd: 'use a vault' #psql_streaming_replication_pwd: 'use a vault'
psql_streaming_replication_config: psql_streaming_replication_config:
- { name: 'wal_level', value: 'replica' } - { name: 'wal_level', value: 'replica', set: 'true' }
- { name: 'max_wal_senders', value: '10' } - { name: 'max_wal_senders', value: '10', set: 'true' }
- { name: 'wal_keep_size', value: '1GB' } - { name: 'wal_keep_size', value: '0', set: 'true' }
- { name: 'max_slot_wal_keep_size', value: '15' } - { name: 'max_slot_wal_keep_size', value: '50MB', set: 'true' }
- { name: 'wal_compression', value: 'on' } - { name: 'wal_compression', value: 'on', set: 'true' }
- { name: 'wal_log_hints', value: 'on' } - { name: 'wal_log_hints', value: 'on', set: 'true' }
- { name: 'hot_standby', value: 'on' } - { name: 'hot_standby', value: 'on', set: 'true' }
- { name: 'archive_mode', value: 'always' } - { name: 'archive_mode', value: 'always', set: 'true' }
- { name: 'archive_command', value: "cp %p {{ psql_wal_archiving_log_dir }}/%f" } - { name: 'archive_command', value: "cp %p {{ psql_wal_archiving_log_dir }}/%f", set: 'true' }
- { name: 'restore_command', value: "cp {{ psql_wal_archiving_log_dir }}/%f %p" } - { name: 'restore_command', value: "cp {{ psql_wal_archiving_log_dir }}/%f %p", set: 'true' }
- { name: 'archive_cleanup_command', value: "pg_archivecleanup {{ psql_wal_archiving_log_dir }} %r" } - { name: 'archive_cleanup_command', value: "pg_archivecleanup {{ psql_wal_archiving_log_dir }} %r", set: 'true' }
# SSL as a special case # SSL as a special case
psql_enable_ssl: False psql_enable_ssl: false
psql_force_ssl_client_connection: False psql_force_ssl_client_connection: false
postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}' postgresql_letsencrypt_managed: '{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}true{% else %}false{% endif %}'
psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey' psql_ssl_privkey_global_file: '{% if postgresql_letsencrypt_managed %}{{ letsencrypt_acme_sh_certificates_install_path }}/privkey{% else %}{{ pki_dir }}/keys/{{ ansible_fqdn}}-key.pem{% endif %}'
psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' psql_ssl_cert_file: '{% if postgresql_letsencrypt_managed %}{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain{% else %}{{ pki_dir }}/certs/{{ ansible_fqdn}}.pem{% endif %}'
psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain' # In CentOS/RHEL is /etc/pki/tls/cert.pem
psql_ssl_ca_file: '/etc/ssl/certs/ca-certificates.crt'
psql_conf_ssl_parameters: psql_conf_ssl_parameters:
- { name: 'ssl', value: 'true' } - { name: 'ssl', value: 'true', set: 'true' }
- { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' } - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}', set: 'true' }
- { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_file }}' } - { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_file }}', set: 'true' }
- { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}' } - { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}', set: 'true' }
psql_conf_disable_ssl_parameters: psql_conf_disable_ssl_parameters:
- { name: 'ssl', value: 'false' } - { name: 'ssl', value: 'false', set: 'true' }
psql_set_shared_memory: False psql_set_shared_memory: false
psql_sysctl_file: 30-postgresql-shm.conf psql_sysctl_file: 30-postgresql-shm.conf
psql_sysctl_kernel_sharedmem_parameters: psql_sysctl_kernel_sharedmem_parameters:
- { name: 'kernel.shmmax', value: '33554432' } - { name: 'kernel.shmmax', value: '33554432' }
@ -143,16 +151,16 @@ psql_db_pwd: "We cannot save the password into the repository. Use another varia
#psql_db_data: #psql_db_data:
# Example of line needed to create a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory. # Example of line needed to create a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory.
#- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: True } #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: true }
# Example of line needed to manage the db accesses (used by iptables too), without creating the db and the user. Useful, for example, to give someone access to the postgresql db # Example of line needed to manage the db accesses (used by iptables too), without creating the db and the user. Useful, for example, to give someone access to the postgresql db
#- { name: '{{ psql_db_name }}', user: '{{ psql_db_user }}', allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: False } #- { name: '{{ psql_db_name }}', user: '{{ psql_db_user }}', allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], managedb: false }
# Example of line needed to remove a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory. # Example of line needed to remove a db, create the user that owns the db, manage the db accesses (used by iptables too). All the fields are mandatory.
#- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', managedb: True, roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], state=absent } #- { name: '{{ psql_db_name }}', encoding: 'UTF8', user: '{{ psql_db_user }}', pwd: '{{ psql_db_pwd }}', managedb: true, roles: 'NOCREATEDB,NOSUPERUSER', extensions: [ 'postgis', 'pgpool_regclass', 'pgpool_recovery' ], allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], state=absent }
# postgis # postgis
postgres_install_gis_extensions: False postgres_install_gis_extensions: false
postgres_gis_version: 2.5 postgres_gis_version: 3
postgres_gis_shortver: 25 postgres_gis_shortver: 3
postgres_gis_pkgs: postgres_gis_pkgs:
- 'postgresql-{{ psql_version }}-postgis-{{ postgres_gis_version }}' - 'postgresql-{{ psql_version }}-postgis-{{ postgres_gis_version }}'
@ -161,14 +169,14 @@ postgres_el_gis_pkgs:
- 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}-client' - 'postgis{{ postgres_gis_shortver }}-{{ psql_version }}-client'
# Local backup # Local backup
pg_backup_enabled: True pg_backup_enabled: true
pg_el_backup_conf_dir: /etc/sysconfig pg_el_backup_conf_dir: /etc/sysconfig
pg_backup_conf_dir: /etc/default pg_backup_conf_dir: /etc/default
pg_backup_bin: /usr/local/sbin/postgresql-backup pg_backup_bin: /usr/local/sbin/postgresql-backup
pg_backup_pgdump_bin: /usr/bin/pg_dump pg_backup_pgdump_bin: /usr/bin/pg_dump
pg_backup_retain_copies: 2 pg_backup_retain_copies: 2
pg_backup_build_db_list: "yes" pg_backup_build_db_list: "yes"
psql_wal_files_archiving_enabled: False psql_wal_files_archiving_enabled: false
psql_wal_archiving_log_dir: '{{ psql_data_dir }}/archive_log' psql_wal_archiving_log_dir: '{{ psql_data_dir }}/archive_log'
psql_base_backup_dir: '{{ pg_backup_base_dir }}/base_backup' psql_base_backup_dir: '{{ pg_backup_base_dir }}/base_backup'
# Dynamically created from psql_db_data if pg_backup_db_list is not set # Dynamically created from psql_db_data if pg_backup_db_list is not set

30
handlers/main.yml
View File

@ -1,22 +1,34 @@
--- ---
- name: Restart postgresql - name: Restart postgresql
service: name=postgresql state=restarted ansible.builtin.service:
name: postgresql
state: restarted
when: ansible_distribution_file_variety == "Debian" when: ansible_distribution_file_variety == "Debian"
- name: Reload postgresql - name: Reload postgresql
service: name=postgresql state=reloaded ansible.builtin.service:
name: postgresql
state: reloaded
when: ansible_distribution_file_variety == "Debian" when: ansible_distribution_file_variety == "Debian"
- name: Restart postgresql with pgpool config - name: Restart postgresql with pgpool config
service: name=postgresql state=restarted ansible.builtin.service:
name: postgresql
state: restarted
when: when:
- ansible_distribution_file_variety == "Debian" - ansible_distribution_file_variety == "Debian"
- psql_restart_after_wal_enabling - psql_restart_after_wal_enabling
- name: Flush the APT cache
ansible.builtin.apt:
update_cache: true
- name: Restart postgresql - name: Restart postgresql
service: name='postgresql-{{ psql_version }}' state=restarted ansible.builtin.service:
name: 'postgresql-{{ psql_version }}'
state: restarted
when: ansible_distribution_file_variety == "RedHat" when: ansible_distribution_file_variety == "RedHat"
- name: Reload postgresql - name: Reload postgresql
service: name='postgresql-{{ psql_version }}' state=reloaded ansible.builtin.service:
name: 'postgresql-{{ psql_version }}'
state: reloaded
when: ansible_distribution_file_variety == "RedHat" when: ansible_distribution_file_variety == "RedHat"
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: true

83
library/configfile.py
View File

@ -1,83 +0,0 @@
#!/usr/bin/python
from __future__ import print_function
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'status': ['preview'],
'supported_by': 'ISTI-CNR'
}
import glob
import json
import tempfile
import filecmp
import os
import re
from ansible.module_utils.basic import AnsibleModule
def run_configfile_module():
module = AnsibleModule(
argument_spec = dict(
path=dict(required=True),
key=dict(required=True),
value=dict(required=True),
syntax=dict(required=False, choices=['standard', 'shell'], default='standard'),
)
)
path = module.params['path']
syntax = module.params['syntax']
key = module.params['key']
value = module.params['value']
found = [False]
def expand(line):
if syntax == 'standard':
if re.match("[ #]*%s *=.*" % (key), line):
found[0] = True
return re.sub("[ #]*%s *=.*" % (key), "%s = %s" % (key, value), line)
elif syntax == 'shell':
if re.match("[ #]*%s *=.*" % (key), line):
found[0] = True
return re.sub("[ #]*%s *=.*" % (key), "%s=%s" % (key, value), line)
else:
raise Exception("unsupported syntax %s" % syntax)
changed = False
with open(path) as input:
with tempfile.NamedTemporaryFile(dir=os.path.dirname(path)) as temp:
for line in input:
print(expand(line), end=' ', file=temp)
if not found[0]:
if not line.endswith('\n'):
print('', file=temp)
if syntax == 'standard':
print("%s = %s" % (key, value), file=temp)
elif syntax == 'shell':
print("%s=%s" % (key, value), file=temp)
else:
raise Exception("unsupported syntax %s" % syntax)
temp.delete = False
temp.close()
changed = not filecmp.cmp(path, temp.name)
if changed:
os.rename(temp.name, path)
else:
os.remove(temp.name)
module.exit_json(changed=changed)
# include magic from lib/ansible/module_common.py
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
def main():
run_configfile_module()
if __name__ == '__main__':
main()

18
meta/main.yml
View File

@ -1,13 +1,12 @@
galaxy_info: galaxy_info:
author: Andrea Dell'Amico author: Andrea Dell'Amico
description: Systems Architect description: Role that installs PostgreSQL
company: ISTI-CNR company: ISTI-CNR
namespace: adellam
role_name: postgresql
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
license: EUPL 1.2+ license: EUPL 1.2+
min_ansible_version: "2.9"
min_ansible_version: 2.8
# To view available platforms and versions (or releases), visit: # To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/ # https://galaxy.ansible.com/api/v1/platforms/
@ -15,12 +14,13 @@ galaxy_info:
platforms: platforms:
- name: Ubuntu - name: Ubuntu
versions: versions:
- bionic - focal
- jammy
- name: EL - name: EL
versions: versions:
- 7 - "7"
- "8"
- "9"
galaxy_tags: galaxy_tags:
- postgresql - postgresql
dependencies: []

178
tasks/configure-access.yml
View File

@ -1,84 +1,108 @@
--- ---
- name: Configure accesses on Deb/Ubuntu - name: configure-access | Configure accesses on Deb/Ubuntu
block:
- name: Give access to the remote postgresql client
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int
- psql_db_data is defined
- item.1 is defined
- not psql_force_ssl_client_connection
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Give access to the remote postgresql client, force ssl
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int
- psql_db_data is defined
- item.1 is defined
- psql_force_ssl_client_connection
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
# No conditionals, it is needed to perform base backups when the WAL archive is active
- name: Give local access with replication privileges to the postgres user
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" owner=root group=postgres mode='0440'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
when: ansible_distribution_file_variety == "Debian" when: ansible_distribution_file_variety == "Debian"
tags: ['postgresql', 'postgres', 'pg_hba', 'pg_db']
- name: Configure accesses on EL
block: block:
- name: Open the postgresql service to a specific zone. - name: configure-access | Give access to the remote postgresql client
firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True community.postgresql.postgresql_pg_hba:
when: dest: '{{ psql_conf_dir }}/pg_hba.conf'
- psql_listen_on_ext_int contype: '{% if psql_force_ssl_client_connection %}hostssl{% else %}host{% endif %}'
- firewalld_enabled users: '{{ item.0.user }}'
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db', 'firewall', 'iptables_rules' ] address: '{{ item.1 }}'
databases: '{{ item.0.name }}'
method: '{{ item.0.hash_method | default("scram-sha-256") }}'
owner: root
group: postgres
mode: "0640"
state: "{{ item.0.state | default('present') }}"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int
- psql_db_data is defined
- item.1 is defined
notify: Reload postgresql
- name: Give access to the remote postgresql client # No conditionals, it is required to perform base backups when the WAL archive is active
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440' - name: configure-access | Give local access with replication privileges to the postgres user
with_subelements: community.postgresql.postgresql_pg_hba:
- '{{ psql_db_data | default([]) }}' dest: '{{ psql_conf_dir }}/pg_hba.conf'
- allowed_hosts contype: 'local'
when: users: 'postgres'
- psql_listen_on_ext_int databases: 'replication'
- psql_db_data is defined method: 'peer'
- item.1 is defined state: present
- not psql_force_ssl_client_connection owner: root
notify: Reload postgresql group: postgres
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ] mode: "0640"
notify: Reload postgresql
- name: Give access to the remote postgresql client, force ssl - name: configure-access | Flush handlers
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440' ansible.builtin.meta: flush_handlers
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int
- psql_db_data is defined
- item.1 is defined
- psql_force_ssl_client_connection
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
# No conditionals, it is needed to perform base backups when the WAL archive is active
- name: Remove the ident authentication for the local connections
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local.*?all.*?ident$" state=absent owner=root group=postgres mode='0440'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: Give local access with replication privileges to the postgres user
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" owner=root group=postgres mode='0440'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
- name: configure-access | Configure accesses on EL
when: ansible_distribution_file_variety == "RedHat" when: ansible_distribution_file_variety == "RedHat"
block:
- name: configure-access | Open the postgresql service to a specific zone.
ansible.posix.firewalld:
service: postgresql
zone: "{{ postgresql_firewalld_zone }}"
permanent: true
state: enabled
immediate: true
when:
- psql_listen_on_ext_int
- firewalld_enabled
tags: ['postgresql', 'postgres', 'pg_hba', 'pg_db', 'firewall', 'iptables_rules']
- name: configure-access | Give access to the remote postgresql client
community.postgresql.postgresql_pg_hba:
dest: '{{ psql_el_conf_dir }}/pg_hba.conf'
contype: '{% if psql_force_ssl_client_connection %}hostssl{% else %}host{% endif %}'
users: '{{ item.0.user }}'
address: '{{ item.1 }}'
databases: '{{ item.0.name }}'
method: '{{ item.0.hash_method | default("scram-sha-256") }}'
state: "{{ item.0.state | default('present') }}"
owner: root
group: postgres
mode: "0640"
with_subelements:
- '{{ psql_db_data | default([]) }}'
- allowed_hosts
when:
- psql_listen_on_ext_int
- psql_db_data is defined
- item.1 is defined
notify: Reload postgresql
# No conditionals, it is required to perform base backups when the WAL archive is active
- name: configure-access | Remove the ident authentication for the local connections
community.postgresql.postgresql_pg_hba:
dest: '{{ psql_el_conf_dir }}/pg_hba.conf'
contype: 'local'
users: 'all'
databases: 'all'
method: 'ident'
state: absent
owner: root
group: postgres
mode: "0640"
notify: Reload postgresql
- name: configure-access | Give local access with replication privileges to the postgres user
community.postgresql.postgresql_pg_hba:
dest: '{{ psql_conf_dir }}/pg_hba.conf'
contype: 'local'
users: 'postgres'
databases: 'replication'
method: 'peer'
state: present
owner: root
group: postgres
mode: "0640"
notify: Reload postgresql
- name: configure-access | Flush handlers
ansible.builtin.meta: flush_handlers

68
tasks/main.yml
View File

@ -1,32 +1,64 @@
--- ---
- import_tasks: postgresql_org_repo.yml - name: Postgresql external repository
- import_tasks: packages.yml ansible.builtin.import_tasks: postgresql_org_repo.yml
- name: Manage the postgresql packages
ansible.builtin.import_tasks: postgresql-packages.yml
when: psql_postgresql_install when: psql_postgresql_install
- import_tasks: postgis.yml - name: Manage the postgis packages
ansible.builtin.import_tasks: postgis.yml
when: postgres_install_gis_extensions when: postgres_install_gis_extensions
- import_tasks: postgresql-config.yml - name: PostgreSQL configuration of deb systems
when: psql_postgresql_install ansible.builtin.import_tasks: postgresql-config-deb.yml
- import_tasks: postgresql-ssl-config.yml
when: psql_postgresql_install
- import_tasks: psql-kernel-sharedmem.yml
when: when:
- psql_postgresql_install - psql_postgresql_install
- not postgresql_client_only
- ansible_distribution_file_variety == "Debian"
- name: PostgreSQL configuration of EL systems
ansible.builtin.import_tasks: postgresql-config-el.yml
when:
- psql_postgresql_install
- not postgresql_client_only
- ansible_distribution_file_variety == "RedHat"
- name: TLS setup
ansible.builtin.import_tasks: postgresql-ssl-config.yml
when:
- psql_postgresql_install
- not postgresql_client_only
- name: Kernel sysctl parameters
ansible.builtin.import_tasks: psql-kernel-sharedmem.yml
when:
- psql_postgresql_install
- psql_set_shared_memory - psql_set_shared_memory
- import_tasks: configure-access.yml - not postgresql_client_only
- name: Configure access to the databases
ansible.builtin.import_tasks: configure-access.yml
when: when:
- psql_postgresql_install - psql_postgresql_install
- psql_db_data is defined - psql_db_data is defined
- import_tasks: postgresql-service-status.yml - not postgresql_client_only
when: psql_postgresql_install - name: Service management
- import_tasks: manage_pg_db.yml ansible.builtin.import_tasks: postgresql-service-status.yml
when:
- psql_postgresql_install
- not postgresql_client_only
- name: Manage the databases
ansible.builtin.import_tasks: manage_pg_db.yml
when: when:
- psql_postgresql_install - psql_postgresql_install
- psql_db_data is defined - psql_db_data is defined
- import_tasks: postgresql-streaming-replication.yml - not postgresql_client_only
- name: Streaming replication setup
ansible.builtin.import_tasks: postgresql-streaming-replication.yml
when: when:
- postgresql_streaming_replication - postgresql_streaming_replication
- import_tasks: postgresql-backup.yml - not postgresql_client_only
when: psql_postgresql_install - name: Local backups
- import_tasks: postgresql-letsencrypt-acmetool.yml ansible.builtin.import_tasks: postgresql-backup.yml
when: when:
- letsencrypt_acme_install is defined and letsencrypt_acme_install - psql_postgresql_install
- not postgresql_client_only
- name: Letsencrypt hook
ansible.builtin.import_tasks: postgresql-letsencrypt-acmetool.yml
when:
- postgresql_letsencrypt_managed
- not postgresql_client_only

81
tasks/manage_pg_db.yml
View File

@ -1,65 +1,70 @@
--- ---
- name: Add a user for the postgresql DBs - name: manage_pg_db | Add a user for the postgresql DBs
become: True become: true
become_user: postgres become_user: postgres
postgresql_user: user={{ item.user }} password={{ item.pwd }} role_attr_flags={{ item.roles }} port={{ psql_db_port }} state={{ item.userstate | default('present') }} community.postgresql.postgresql_user:
with_items: '{{ psql_db_data | default([]) }}' user: "{{ item.user }}"
password: "{{ item.pwd }}"
role_attr_flags: "{{ item.roles }}"
port: "{{ psql_db_port }}"
state: "{{ item.userstate | default('present') }}"
no_log: true
loop: '{{ psql_db_data | default([]) }}'
when: item.roles is defined when: item.roles is defined
tags: [ 'postgresql', 'postgres', 'pg_db', 'pg_user' ] tags: ['postgresql', 'postgres', 'pg_db', 'pg_user']
- name: Add the databases with the correct owner. Or remove them, if not used anymore - name: manage_pg_db | Add the databases with the correct owner. Or remove them, if not used anymore
become: True become: true
become_user: postgres become_user: postgres
postgresql_db: db={{ item.name }} port={{ psql_db_port }} encoding={{ item.encoding }} owner={{ item.user }} template=template0 state={{ item.state | default('present') }} community.postgresql.postgresql_db:
with_items: '{{ psql_db_data | default([]) }}' db: "{{ item.name }}"
port: "{{ psql_db_port }}"
encoding: "{{ item.encoding }}"
owner: "{{ item.user }}"
template: template0
state: "{{ item.state | default('present') }}"
loop: '{{ psql_db_data | default([]) }}'
when: item.managedb | default(True) when: item.managedb | default(True)
tags: [ 'postgresql', 'postgres', 'pg_db' ] tags: ['postgresql', 'postgres', 'pg_db']
- name: Manage users privileges - name: manage_pg_db | Manage users privileges
become: True become: true
become_user: postgres become_user: postgres
postgresql_privs: community.postgresql.postgresql_privs:
db: '{{ item.name }}' db: '{{ item.name }}'
privs: '{{ item.privs }}' privs: '{{ item.privs }}'
#type: database # type: database
objs: "{{ item.objs | default('ALL_IN_SCHEMA') }}" objs: "{{ item.objs | default('ALL_IN_SCHEMA') }}"
roles: '{{ item.roles }}' roles: '{{ item.roles }}'
port: '{{ psql_db_port }}' port: '{{ psql_db_port }}'
state: "{{ item.userstate | default('present') }}" state: "{{ item.userstate | default('present') }}"
grant_option: "{{ item.grant_option | default('yes') }}" grant_option: "{{ item.grant_option | default('yes') }}"
with_items: '{{ psql_db_privs | default([]) }}' with_items: '{{ psql_db_privs | default([]) }}'
tags: [ 'postgresql', 'postgres', 'pg_db', 'pg_user', 'postgresql_privs' ] tags: ['postgresql', 'postgres', 'pg_db', 'pg_user', 'postgresql_privs']
- name: Add postgres extensions to the databases, if needed - name: manage_pg_db | Add postgres extensions to the databases, if any
become: True become: true
become_user: postgres become_user: postgres
postgresql_ext: name={{ item.1 | default(omit) }} db={{ item.0.name }} port={{ psql_db_port }} community.postgresql.postgresql_ext:
name: "{{ item.1 | default(omit) }}"
db: "{{ item.0.name }}"
port: "{{ psql_db_port }}"
with_subelements: with_subelements:
- '{{ psql_db_extensions | default([]) }}' - '{{ psql_db_extensions | default([]) }}'
- extensions - extensions
when: psql_db_extensions is defined when: psql_db_extensions is defined
tags: [ 'postgresql', 'postgres', 'pg_extensions', 'pg_db' ] tags: ['postgresql', 'postgres', 'pg_extensions', 'pg_db']
# - name: Add schemas to a database. - name: manage_pg_db | Define a user with password, with no associated DBs
# become: True become: true
# become_user: postgres
# postgresql_schema: database={{ item.0.name }} port={{ psql_db_port }} name={{ item.1 }} owner={{ item.0.user }} state={{ item.0.schemastate | default('present') }}
# with_subelements:
# - '{{ psql_db_data | default([]) }}'
# - schema
# when:
# - item.0.manageschema | default(False)
# - item.1 is defined
# ignore_errors: True
# tags: [ 'postgresql', 'postgres', 'pg_db', 'pg_schema' ]
- name: Define a user with password, with no associated DBs
become: True
become_user: postgres become_user: postgres
postgresql_user: user={{ item.user }} password={{ item.pwd }} port={{ psql_db_port }} community.postgresql.postgresql_user:
with_items: '{{ psql_db_data | default(omit) }}' user: "{{ item.user }}"
password: "{{ item.pwd }}"
port: "{{ psql_db_port }}"
no_log: true
loop: '{{ psql_db_data | default([]) }}'
when: when:
- item.pwd is defined - item.pwd is defined
- item.roles is not defined - item.roles is not defined
tags: [ 'postgresql', 'postgres', 'pg_db' ] tags: ['postgresql', 'postgres', 'pg_db']

38
tasks/packages.yml
View File

@ -1,38 +0,0 @@
---
- block:
- name: install the postgresql packages
apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600
notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres' ]
- name: EL
block:
- name: install the postgresql packages from the pgdg repository
yum: pkg={{ psql_el_pgdg_packages }} state={{ psql_pkg_state }}
- name: Init the db if needed
command: /usr/pgsql-{{ psql_version }}/bin/postgresql-{{ psql_version }}-setup initdb
args:
creates: '{{ psql_el_data_dir }}/postgresql.conf'
when:
- not psql_el_install_scl_version
- ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres' ]
- name: EL from SCL
block:
- name: install the postgresql scl packages
yum: pkg={{ psql_el_scl_packages }} state={{ psql_pkg_state }}
- name: Init the db if needed
command: /opt/rh/rh-postgresql{{ psql_version }}/root/usr/bin/postgresql-setup --initdb
args:
creates: '{{ psql_el_data_dir }}/postgresql.conf'
when:
- psql_el_install_scl_version
- ansible_distribution_file_variety == "RedHat"
tags: [ 'scl', 'postgresql', 'postgres' ]

18
tasks/postgis.yml
View File

@ -1,13 +1,17 @@
--- ---
- name: install the postgresql GIS packages on deb/ubuntu - name: postgis | Install the postgresql GIS packages on deb/ubuntu
apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }} cache_valid_time=3600 ansible.builtin.apt:
pkg: "{{ postgres_gis_pkgs }}"
state: "{{ psql_pkg_state }}"
cache_valid_time: 3600
notify: Restart postgresql notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian" when: ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'postgis' ] tags: ['postgresql', 'postgres', 'postgis']
- name: install the postgresql GIS packages on EL - name: postgis | Install the postgresql GIS packages on EL
yum: pkg={{ postgres_el_gis_pkgs }} state={{ psql_pkg_state }} ansible.builtin.yum:
pkg: "{{ postgres_el_gis_pkgs }}"
state: "{{ psql_pkg_state }}"
notify: Restart postgresql notify: Restart postgresql
when: ansible_distribution_file_variety == "RedHat" when: ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres', 'postgis' ] tags: ['postgresql', 'postgres', 'postgis']

2
tasks/postgresql-backup.yml
View File

@ -44,7 +44,7 @@
tags: [ 'pg_backup', 'postgresql', 'postgres' ] tags: [ 'pg_backup', 'postgresql', 'postgres' ]
- name: Backup script for the postgresql streaming replication database(s) - name: Backup script for the postgresql streaming replication database(s)
template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root mode=0744 template: src=postgresql_wal_backup_and_removal.j2 dest=/usr/local/sbin/postgresql_wal_backup_and_removal owner=root group=postgres mode=0754
tags: [ 'pg_stream_backup', 'postgresql', 'postgres' ] tags: [ 'pg_stream_backup', 'postgresql', 'postgres' ]
- name: backuppc root script for the postgresql streaming replication database(s) - name: backuppc root script for the postgresql streaming replication database(s)

144
tasks/postgresql-config-deb.yml Normal file
View File

@ -0,0 +1,144 @@
---
- name: postgresql-config-deb | Data directory for Deb/Ubuntu
when:
- psql_use_alternate_data_dir
- ansible_distribution_file_variety == "Debian"
tags: ['postgresql', 'postgres', 'pg_conf']
block:
- name: postgresql-config-deb | Create the postgresql data directory if it is not in the default place
ansible.builtin.file:
dest: "{{ psql_data_dir }}"
owner: postgres
group: postgres
mode: '700'
state: directory
- name: postgresql-config-deb | Set the postgresql data dir if it is different from the default
become: true
become_user: postgres
ansible.builtin.lineinfile:
path: "{{ psql_conf_dir }}/postgresql.conf"
regexp: "^data_directory\ ="
line: "data_directory = '{{ psql_data_dir }}'"
create: false
state: present
- name: postgresql-config-deb | Check if the new postgresql data directory has been populated already
ansible.builtin.stat:
path: "{{ psql_data_dir }}/.postgresql_data_dir"
register: postgresql_data_dir
- name: postgresql-config-deb | Stop the postgresql service while reconfiguring the data directory
ansible.builtin.service:
name: postgresql
state: stopped
when: not postgresql_data_dir.stat.exists
- name: postgresql-config-deb | Copy the postgresql data directory into the new place
ansible.builtin.shell:
cmd: |
if [ "/var/lib/postgresql/{{ psql_version | quote }}/main" != "{{ psql_data_dir | quote }}" ] ; then
cp -a /var/lib/postgresql/{{ psql_version | quote }}/main/* {{ psql_data_dir | quote }}
echo "Custom data dir" > "{{ psql_data_dir | quote }}/.postgresql_data_dir"
fi
args:
creates: '{{ psql_data_dir | quote }}/.postgresql_data_dir'
- name: postgresql-config-deb | Start the postgresql service that will use the new data directory
ansible.builtin.service:
name: postgresql
state: started
- name: postgresql-config-deb | Configuration of Deb/Ubuntu systems
when: ansible_distribution_file_variety == "Debian"
tags: ['postgresql', 'postgres', 'pg_conf']
block:
- name: postgresql-config-deb | Set some postgresql configuration parameters that require a db restart
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
loop: '{{ psql_conf_parameters }}'
notify: Restart postgresql
- name: postgresql-config-deb | Set the postgresql logging configuration parameters
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
loop: '{{ psql_log_configuration }}'
notify: Reload postgresql
tags: ['postgresql', 'postgres', 'pg_conf', 'pg_conf_log']
- name: postgresql-config-deb | Set the postgresql autovacuum configuration parameters
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
loop: '{{ psql_autovacuum_configuration }}'
notify: Reload postgresql
tags: ['postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum']
- name: postgresql-config-deb | Set the postgresql listen port
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'port'
value: "{% if psql_listen_on_ext_int %}{{ psql_db_port }}{% else %}default{% endif %}"
notify: Restart postgresql
- name: postgresql-config-deb | We want postgres listen on the public IP
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'listen_addresses'
value: "{% if psql_listen_on_ext_int %}*{% else %}default{% endif %}"
notify: Restart postgresql
- name: postgresql-config-deb | Custom configuration parameters
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
loop: '{{ psql_conf_custom_parameters }}'
notify: Restart postgresql
- name: postgresql-config-deb | Flush flush_handlers Restart PostgreSQL
ansible.builtin.meta: flush_handlers
tags: ['postgresql', 'postgres', 'pg_hba', 'pg_conf']
- name: postgresql-config-deb | Log the connections
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'log_connections'
value: "{% if psql_listen_on_ext_int %}on{% else %}default{% endif %}"
notify: Reload postgresql
- name: postgresql-config-deb | Log the disconnections
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'log_disconnections'
value: "{% if psql_listen_on_ext_int is defined %}on{% else %}default{% endif %}"
notify: Reload postgresql
- name: postgresql-config-deb | Log the hostnames
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'log_hostname'
value: "{% if psql_listen_on_ext_int %}on{% else %}default{% endif %}"
notify: Reload postgresql
- name: postgresql-config-deb | Flush flush_handlers Restart PostgreSQL
ansible.builtin.meta: flush_handlers
tags: ['postgresql', 'postgres', 'pg_hba', 'pg_conf']
- name: postgresql-config-deb | Flush flush_handlers Reload PostgreSQL
ansible.builtin.meta: flush_handlers
tags: ['postgresql', 'postgres', 'pg_hba', 'pg_conf']

169
tasks/postgresql-config-el.yml Normal file
View File

@ -0,0 +1,169 @@
---
- name: postgresql-config-el | Data directory for EL
when:
- psql_use_alternate_data_dir
- ansible_distribution_file_variety == "RedHat"
tags: ['postgresql', 'postgres', 'pg_conf']
block:
- name: postgresql-config-el | Create the postgresql data directory if it is not in the default place
ansible.builtin.file:
dest: "{{ psql_el_data_dir }}"
owner: postgres
group: postgres
mode: "700"
state: directory
- name: postgresql-config-el | Set the postgresql data dir if it is different from the default
become: true
become_user: postgres
ansible.builtin.lineinfile:
path: "{{ psql_el_conf_dir }}/postgresql.conf"
regexp: "^data_directory\ ="
line: "data_directory = '{{ psql_el_data_dir }}'"
create: false
state: present
- name: postgresql-config-el | Check if the new postgresql data directory has been populated already
ansible.builtin.stat:
path: "{{ psql_el_data_dir }}/.postgresql_data_dir"
register: postgresql_data_dir
- name: postgresql-config-el | Stop the postgresql service while reconfiguring the data directory
ansible.builtin.service:
name: 'postgresql-{{ psql_version }}'
state: stopped
when: not postgresql_data_dir.stat.exists
- name: postgresql-config-el | Copy the postgresql data directory into the new place
ansible.builtin.shell:
cmd: |
if [ "/var/lib/pgsql/{{ psql_version | quote }}/data" != "{{ psql_el_data_dir | quote }}" ] ; then
cp -a /var/lib/pgsql/{{ psql_version | quote }}/main/* {{ psql_el_data_dir | quote }}
echo "Custom data dir" > "{{ psql_el_data_dir | quote }}/.postgresql_data_dir"
fi
args:
creates: '{{ psql_el_data_dir }}/.postgresql_data_dir'
register: postgresql_new_data_dir
- name: postgresql-config-el | Fix the SELinux context for the new data directory
community.general.sefcontext:
target: '{{ psql_el_base_dir }}(/.*)?'
setype: postgresql_db_t
state: present
- name: postgresql-config-el | Restore the SELinux context
ansible.builtin.command: restorecon -vR {{ psql_el_base_dir }}
when: postgresql_new_data_dir is changed
- name: postgresql-config-el | Start the postgresql service that will use the new data directory
ansible.builtin.service:
name: 'postgresql-{{ psql_version }}'
state: started
- name: postgresql-config-el | Configuration of EL systems
when: ansible_distribution_file_variety == "RedHat"
tags: ['postgresql', 'postgres', 'pg_conf']
block:
- name: postgresql-config-el | Create the postgresql log directory
ansible.builtin.file:
dest: "{{ psql_log_dir }}"
state: directory
owner: postgres
group: postgres
mode: '0750'
register: postgresql_log_dir_creation
- name: postgresql-config-el | Fix the SELinux context for the postgresql log directory
community.general.sefcontext:
target: '{{ psql_log_dir }}(/.*)?'
setype: postgresql_db_t
state: present
- name: postgresql-config-el | Fix the SELinux context for the postgresql log directory
ansible.builtin.command: restorecon -vR {{ psql_log_dir }}
when: postgresql_log_dir_creation is changed
- name: postgresql-config-el | Set some postgresql configuration parameters that require a db restart
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
loop: '{{ psql_conf_parameters }}'
notify: Restart postgresql
- name: postgresql-config-el | Set the postgresql logging configuration parameters
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
loop: '{{ psql_log_configuration }}'
notify: Reload postgresql
tags: ['postgresql', 'postgres', 'pg_conf', 'pg_conf_log']
- name: postgresql-config-el | Set the postgresql autovacuum configuration parameters
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
loop: '{{ psql_autovacuum_configuration }}'
notify: Reload postgresql
tags: ['postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum']
- name: postgresql-config-el | Set the postgresql listen port
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'port'
value: "{% if psql_listen_on_ext_int %}{{ psql_db_port }}{% else %}default{% endif %}"
notify: Restart postgresql
- name: postgresql-config-el | We want postgres listen on the public IP
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'listen_addresses'
value: "{% if psql_listen_on_ext_int %}*{% else %}default{% endif %}"
notify: Restart postgresql
- name: postgresql-config-el | If postgresql is only accessed from localhost make it listen only on the localhost interface
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'listen_addresses'
value: "{% if psql_listen_on_ext_int %}*{% else %}default{% endif %}"
notify: Restart postgresql
- name: postgresql-config-el | Flush flush_handlers Restart PostgreSQL
ansible.builtin.meta: flush_handlers
tags: ['postgresql', 'postgres', 'pg_hba', 'pg_conf']
- name: postgresql-config-el | Log the connections
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'log_connections'
value: "{% if psql_listen_on_ext_int %}on{% else %}default{% endif %}"
notify: Reload postgresql
- name: postgresql-config-el | Log the disconnections
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'log_disconnections'
value: "{% if psql_listen_on_ext_int %}on{% else %}default{% endif %}"
notify: Reload postgresql
- name: postgresql-config-el | Log the hostnames
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: 'log_hostname'
value: "{% if psql_listen_on_ext_int %}on{% else %}default{% endif %}"
notify: Reload postgresql
- name: postgresql-config-el | Flush flush_handlers Reload PostgreSQL
ansible.builtin.meta: flush_handlers
tags: ['postgresql', 'postgres', 'pg_hba', 'pg_conf']

253
tasks/postgresql-config.yml
View File

@ -1,253 +0,0 @@
---
- name: Data directory for Deb/Ubuntu
block:
- name: Check if the new postgresql data directory exists
stat: path={{ psql_data_dir }}
register: postgresql_data_dir
- name: Stop the postgresql service while reconfiguring the data directory
service: name=postgresql state=stopped
when: postgresql_data_dir.stat.isdir is not defined
- name: Create the postgresql data directory if it is not in the default place
file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
- name: Set the postgresql data dir if it is different from the default
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
- name: Copy the postgresql data directory into the new place
shell: '[ "/var/lib/postgresql/{{ psql_version }}/main" != "{{ psql_data_dir }}" ] && cp -a /var/lib/postgresql/{{ psql_version }}/main/* {{ psql_data_dir }}'
args:
creates: '{{ psql_data_dir }}/main/base'
when: postgresql_data_dir.stat.isdir is not defined
- name: Start the postgresql service that will use the new data directory
service: name=postgresql state=started
when: postgresql_data_dir.stat.isdir is not defined
when:
- psql_use_alternate_data_dir
- ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Configuration of Deb/Ubuntu systems
block:
- name: Set some postgresql configuration parameters that require a db restart
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_conf_parameters }}'
when: item.set == 'True'
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the postgresql logging configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_log_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
- name: Set the postgresql autovacuum configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_autovacuum_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
- name: Set the postgresql listen port
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
register: restart_postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: We want postgres listen on the public IP
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
register: restart_postgresql
when:
- psql_listen_on_ext_int
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
register: restart_postgresql
when:
- not psql_listen_on_ext_int
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the connections
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the disconnections
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the hostnames
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on"
register: restart_postgresql
when:
- psql_listen_on_ext_int
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the correct permissions to the postgresql files
file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
with_items:
- pg_hba.conf
- postgresql.conf
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
- name: Restart the postgresql server after changing parameters that need a restart
service: name=postgresql state=restarted
when:
- restart_postgresql is defined and restart_postgresql is changed
ignore_errors: True
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
when: ansible_distribution_file_variety == "Debian"
- name: Data directory for EL
block:
- name: Check if the new postgresql data directory exists
stat: path={{ psql_el_data_dir }}
register: postgresql_data_dir
- name: Stop the postgresql service while reconfiguring the data directory
service: name='postgresql-{{ psql_version }}' state=stopped
when: postgresql_data_dir.stat.isdir is not defined
- name: Create the postgresql data directory if it is not in the default place
file: dest={{ psql_el_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
- name: Set the postgresql data dir if it is different from the default
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_el_data_dir }}'"
- name: Copy the postgresql data directory into the new place
shell: '[ "/var/lib/pgsql/{{ psql_version }}/data" != "{{ psql_el_data_dir }}" ] && cp -a /var/lib/pgsql/{{ psql_version }}/data/* {{ psql_el_data_dir }}'
args:
creates: '{{ psql_el_data_dir }}/base'
when: postgresql_data_dir.stat.isdir is not defined
- name: Fix the SELinux context for the new data directory
sefcontext:
target: '{{ psql_el_base_dir }}(/.*)?'
setype: postgresql_db_t
state: present
- name: Restore the SELinux context
command: restorecon -vR {{ psql_el_base_dir }}
- name: Start the postgresql service that will use the new data directory
service: name='postgresql-{{ psql_version }}' state=started
when: postgresql_data_dir.stat.isdir is not defined
when:
- psql_use_alternate_data_dir
- ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Configuration of EL systems
block:
- name: Create the postgresql log directory
file: dest={{ psql_log_dir }} state=directory owner=postgres group=postgres mode='0750'
- name: Fix the SELinux context for the postgresql log directory
sefcontext:
target: '{{ psql_log_dir }}(/.*)?'
setype: postgresql_db_t
state: present
- name: Fix the SELinux context for the postgresql log directory
command: restorecon -vR {{ psql_log_dir }}
- name: Set some postgresql configuration parameters that require a db restart
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_conf_parameters }}'
when: item.set == 'True'
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the postgresql logging configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_log_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_log' ]
- name: Set the postgresql autovacuum configuration parameters
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="{{ item.value }}"
with_items: '{{ psql_autovacuum_configuration }}'
when: item.set == 'True'
notify: Reload postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_conf_autovacuum' ]
- name: Set the postgresql listen port
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
register: restart_postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: We want postgres listen on the public IP
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
register: restart_postgresql
when:
- psql_listen_on_ext_int
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
register: restart_postgresql
when:
- not psql_listen_on_ext_int
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the connections
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_connections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the disconnections
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_disconnections value="on"
register: restart_postgresql
when: psql_db_data is defined
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Log the hostnames
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key=log_hostname value="on"
register: restart_postgresql
when:
- psql_listen_on_ext_int
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: Set the correct permissions to the postgresql files
file: dest={{ psql_el_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
with_items:
- pg_hba.conf
- postgresql.conf
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
- name: Restart the postgresql server after changing parameters that need a restart
service: name='postgresql-{{ psql_version }}' state=restarted
when:
- restart_postgresql is defined and restart_postgresql is changed
ignore_errors: True
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
when: ansible_distribution_file_variety == "RedHat"

119
tasks/postgresql-packages.yml Normal file
View File

@ -0,0 +1,119 @@
---
- name: postgresql-packages | Manage the postgresql packages installation
when:
- ansible_distribution_file_variety == "Debian"
- not postgresql_client_only
tags: ['postgresql', 'postgres']
block:
- name: postgresql-packages | Install the postgresql server packages on Deb systems
ansible.builtin.apt:
pkg: "{{ postgresql_pkgs }}"
state: present
cache_valid_time: 3600
notify: Restart postgresql
- name: postgresql-packages | Manage the postgresql client installation
when:
- ansible_distribution_file_variety == "Debian"
- postgresql_client_only
tags: ['postgresql', 'postgres', 'postgres_client']
block:
- name: postgresql-packages | Install the postgresql client packages on Deb systems
ansible.builtin.apt:
pkg: postgresql-client
state: present
cache_valid_time: 3600
- name: postgresql-packages | EL server packages
when:
- not psql_el_install_scl_version
- not postgresql_client_only
- ansible_distribution_file_variety == "RedHat"
tags: ['postgresql', 'postgres']
block:
- name: postgresql-packages | Install the postgresql EL packages from the pgdg repository
ansible.builtin.yum:
pkg: "{{ psql_el_pgdg_packages }}"
state: present
- name: postgresql-packages | Print the DATA directory
ansible.builtin.debug:
msg: "Postgresql data directory: {{ psql_el_data_dir }}"
- name: postgresql-packages | Create the postgresql data directory if it is not in the default place
ansible.builtin.file:
dest: "{{ psql_el_data_dir }}"
owner: postgres
group: postgres
mode: "700"
state: directory
when: psql_use_alternate_data_dir
- name: postgresql-packages | Crate a systemd directory to customize the postgresql startup unit
ansible.builtin.file:
dest: "/etc/systemd/system/postgresql-{{ psql_version }}.service.d"
owner: root
group: root
mode: "755"
state: directory
when: psql_use_alternate_data_dir
- name: postgresql-packages | Crate a postgresql systemd unit environment file
ansible.builtin.template:
src: postgresql-service-environment.conf.j2
dest: "/etc/systemd/system/postgresql-{{ psql_version }}.service.d/environment.conf"
owner: root
group: root
mode: "644"
when: psql_use_alternate_data_dir
notify: Reload systemd
- name: postgresql-packages | Postgresql install flush handlers
ansible.builtin.meta: flush_handlers
- name: postgresql-packages | Init the db if needed on EL systems
ansible.builtin.command: /usr/pgsql-{{ psql_version }}/bin/postgresql-{{ psql_version }}-setup initdb
args:
creates: '{{ psql_el_data_dir }}/postgresql.conf'
- name: postgresql-packages | EL server packages from SCL
when:
- psql_el_install_scl_version
- ansible_distribution_file_variety == "RedHat"
- not postgresql_client_only
tags: ['scl', 'postgresql', 'postgres']
block:
- name: postgresql-packages | Install the postgresql scl packages on EL
ansible.builtin.yum:
pkg: "{{ psql_el_scl_packages }}"
state: present
- name: postgresql-packages | Init the db if needed on EL systems
ansible.builtin.command: /opt/rh/rh-postgresql{{ psql_version }}/root/usr/bin/postgresql-setup --initdb
args:
creates: '{{ psql_el_data_dir }}/postgresql.conf'
- name: postgresql-packages | EL client packages
when:
- not psql_el_install_scl_version
- postgresql_client_only
- ansible_distribution_file_variety == "RedHat"
tags: ['postgresql', 'postgres', 'postgres_client']
block:
- name: postgresql-packages | Install the postgresql client from the pgdg repository on EL systems
ansible.builtin.yum:
pkg: "postgresql{{ psql_version }}"
state: present
- name: postgresql-packages | EL client packages from SCL
when:
- psql_el_install_scl_version
- ansible_distribution_file_variety == "RedHat"
- postgresql_client_only
tags: ['scl', 'postgresql', 'postgres', 'postgres_client']
block:
- name: postgresql-packages | Install the postgresql scl client package on EL systems
ansible.builtin.yum:
pkg: "{{ item }}"
state: present
loop:
- "rh-postgresql{{ psql_version }}-runtime"
- "rh-postgresql{{ psql_version }}-postgresql"

76
tasks/postgresql-ssl-config.yml
View File

@ -1,47 +1,43 @@
--- ---
- block: - name: postgresql-ssl-config | TLS configuration
- name: Setup SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_ssl_parameters }}'
notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian"
- name: Setup SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_ssl_parameters }}'
notify: Restart postgresql
when: ansible_distribution_file_variety == "RedHat"
- name: Create the pki directory to store the postgresql key
file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750
- name: Create a postgres accessible ssl key file if it does not exist
copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True
when: psql_enable_ssl when: psql_enable_ssl
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ] tags: ['postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf']
block:
- name: postgresql-ssl-config | Setup SSL in the postgresql configuration
- block: become: true
- name: Disable SSL in the postgresql configuration
become: True
become_user: postgres become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" community.postgresql.postgresql_set:
with_items: '{{ psql_conf_disable_ssl_parameters }}' name: '{{ item.name }}'
value: "{{ item.value }}"
loop: '{{ psql_conf_ssl_parameters }}'
notify: Restart postgresql notify: Restart postgresql
when: ansible_distribution_file_variety == "Debian"
- name: Disable SSL in the postgresql configuration - name: postgresql-ssl-config | Create the pki directory to store the private key
become: True ansible.builtin.file:
become_user: postgres dest: /etc/pki/postgresql
action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" state: directory
with_items: '{{ psql_conf_disable_ssl_parameters }}' owner: postgres
notify: Restart postgresql group: postgres
when: ansible_distribution_file_variety == "RedHat" mode: '0750'
- name: postgresql-ssl-config | Create a postgres accessible ssl key file if it does not exist
ansible.builtin.copy:
src: "{{ psql_ssl_privkey_global_file }}"
dest: "{{ psql_ssl_privkey_file }}"
owner: postgres
group: postgres
mode: '0400'
remote_src: true
- name: postgresql-ssl-config | Disable the TLS configuration
when: not psql_enable_ssl when: not psql_enable_ssl
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ] tags: ['postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf']
block:
- name: postgresql-ssl-config | Disable SSL in the postgresql configuration
become: true
become_user: postgres
community.postgresql.postgresql_set:
name: '{{ item.name }}'
value: "{{ item.value }}"
loop: '{{ psql_conf_disable_ssl_parameters }}'
notify: Restart postgresql

323
tasks/postgresql-streaming-replication.yml
View File

@ -1,173 +1,184 @@
--- ---
- name: Configuration of the streaming replication - name: postgresql-streaming-replication | Configuration of the streaming replication
block: become: true
- name: Create the replication user
postgresql_user:
name: '{{ psql_streaming_replication_user }}'
role_attr_flags: "REPLICATION"
password: '{{ psql_streaming_replication_pwd }}'
encrypted: yes
state: present
- name: Setup the streaming replication on the primary
postgresql_set:
name: '{{ item.name }}'
value: "{{ item.value }}"
loop: '{{ psql_streaming_replication_config }}'
when: postgresql_streaming_replication_primary_node == ansible_fqdn
notify: Restart postgresql
- meta: flush_handlers
become: True
become_user: postgres become_user: postgres
tags: [ 'postgresql', 'postgres', 'pg_conf', 'postgresql_replication' ] tags: ['postgresql', 'postgres', 'pg_conf', 'postgresql_replication']
- name: Configure the streaming replication user on deb systems
block: block:
- name: Configure the replication user permissions on deb - name: postgresql-streaming-replication | Create the replication user
postgresql_pg_hba: community.postgresql.postgresql_user:
dest: '{{ psql_conf_dir }}/pg_hba.conf' name: '{{ psql_streaming_replication_user }}'
contype: host role_attr_flags: "REPLICATION"
users: '{{ psql_streaming_replication_user }}' password: '{{ psql_streaming_replication_pwd }}'
address: '{{ item }}' encrypted: true
databases: 'replication' state: present
#method: 'scram-sha-256'
method: 'md5'
state: present
loop: '{{ psql_streaming_replication_hosts }}'
notify: Reload postgresql
when: not psql_enable_ssl
- name: Configure the replication user permissions on deb - name: postgresql-streaming-replication | Setup the streaming replication on the primary
postgresql_pg_hba: community.postgresql.postgresql_set:
dest: '{{ psql_conf_dir }}/pg_hba.conf' name: '{{ item.name }}'
contype: hostssl value: "{% if item.set %}{{ item.value }}{% else %}default{% endif %}"
users: '{{ psql_streaming_replication_user }}' loop: '{{ psql_streaming_replication_config }}'
address: '{{ item }}' when: postgresql_streaming_replication_primary_node == ansible_fqdn
databases: 'replication' notify: Restart postgresql
#method: 'scram-sha-256'
method: 'md5'
state: present
loop: '{{ psql_streaming_replication_hosts }}'
notify: Reload postgresql
when: psql_enable_ssl
- meta: flush_handlers - name: postgresql-streaming-replication | Flush flush_handlers restart PostgreSQL
ansible.builtin.meta: flush_handlers
- name: postgresql-streaming-replication | Configure the streaming replication user on deb systems
when: ansible_distribution_file_variety == "Debian" when: ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_hba', 'postgresql_replication' ] tags: ['postgresql', 'postgres', 'pg_conf', 'pg_hba', 'postgresql_replication']
- name: Configure the streaming replication user on EL
block: block:
- name: Configure the replication user permissions on EL - name: postgresql-streaming-replication | Configure the replication user permissions on deb
postgresql_pg_hba: become: true
dest: '{{ psql_el_conf_dir }}/pg_hba.conf' become_user: postgres
contype: host community.postgresql.postgresql_pg_hba:
users: '{{ psql_streaming_replication_user }}' dest: '{{ psql_conf_dir }}/pg_hba.conf'
address: '{{ item }}' contype: host
databases: 'replication' users: '{{ psql_streaming_replication_user }}'
#method: 'scram-sha-256' address: '{{ item }}'
method: 'md5' databases: 'replication'
state: present # method: 'scram-sha-256'
loop: '{{ psql_streaming_replication_hosts }}' method: 'md5'
notify: Reload postgresql state: present
when: not psql_enable_ssl loop: '{{ psql_streaming_replication_hosts }}'
notify: Reload postgresql
when: not psql_enable_ssl
- name: Configure the replication user permissions on EL - name: postgresql-streaming-replication | Configure the replication user permissions on deb
postgresql_pg_hba: become: true
dest: '{{ psql_el_conf_dir }}/pg_hba.conf' become_user: postgres
contype: hostssl community.postgresql.postgresql_pg_hba:
users: '{{ psql_streaming_replication_user }}' dest: '{{ psql_conf_dir }}/pg_hba.conf'
address: '{{ item }}' contype: hostssl
databases: 'replication' users: '{{ psql_streaming_replication_user }}'
#method: 'scram-sha-256' address: '{{ item }}'
method: 'md5' databases: 'replication'
state: present # method: 'scram-sha-256'
loop: '{{ psql_streaming_replication_hosts }}' method: 'md5'
notify: Reload postgresql state: present
when: psql_enable_ssl loop: '{{ psql_streaming_replication_hosts }}'
notify: Reload postgresql
when: psql_enable_ssl
- meta: flush_handlers - name: postgresql-streaming-replication | Flush flush_handlers reload PostgreSQL
ansible.builtin.meta: flush_handlers
- name: postgresql-streaming-replication | Configure the streaming replication user on EL
when: ansible_distribution_file_variety == "RedHat" when: ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_hba', 'postgresql_replication' ] tags: ['postgresql', 'postgres', 'pg_conf', 'pg_hba', 'postgresql_replication']
- name: Manage the replica initialization
block: block:
- name: Set some paths when it is a deb based system - name: postgresql-streaming-replication | Configure the replication user permissions on EL
set_fact: become: true
postgresql_user_home: '/var/lib/postgresql' become_user: postgres
postgresql_active_data_dir: '{{ psql_data_dir }}' community.postgresql.postgresql_pg_hba:
when: ansible_distribution_file_variety == "Debian" dest: '{{ psql_el_conf_dir }}/pg_hba.conf'
contype: host
users: '{{ psql_streaming_replication_user }}'
address: '{{ item }}'
databases: 'replication'
# method: 'scram-sha-256'
method: 'md5'
state: present
loop: '{{ psql_streaming_replication_hosts }}'
notify: Reload postgresql
when: not psql_enable_ssl
- name: Set some paths it is a EL based system - name: postgresql-streaming-replication | Configure the replication user permissions on EL
set_fact: become: true
postgresql_user_home: '/var/lib/pgsql' become_user: postgres
postgresql_active_data_dir: '{{ psql_el_data_dir }}' community.postgresql.postgresql_pg_hba:
when: ansible_distribution_file_variety == "RedHat" dest: '{{ psql_el_conf_dir }}/pg_hba.conf'
contype: hostssl
users: '{{ psql_streaming_replication_user }}'
address: '{{ item }}'
databases: 'replication'
# method: 'scram-sha-256'
method: 'md5'
state: present
loop: '{{ psql_streaming_replication_hosts }}'
notify: Reload postgresql
when: psql_enable_ssl
- name: Create the .pgpass file inside the postgresql home {{ postgresql_user_home }} - name: postgresql-streaming-replication | Flush flush_handlers reload PostgreSQL
become: True ansible.builtin.meta: flush_handlers
become_user: postgres
copy:
content: "{{ postgresql_streaming_replication_primary_node }}:{{ psql_db_port }}:replication:{{ psql_streaming_replication_user }}:{{ psql_streaming_replication_pwd }}"
dest: '{{ postgresql_user_home }}/.pgpass'
mode: '0400'
- name: Check if a replica is already enabled
stat:
path: '{{ postgresql_active_data_dir }}/standby.signal'
register: standby_signal_file
- debug:
msg: 'Replica file: {{ postgresql_active_data_dir }}/standby.signal'
- name: Stop the postgresql service on deb systems
service:
name: postgresql
state: stopped
when:
- ansible_distribution_file_variety == "Debian"
- not standby_signal_file.stat.exists
- name: Stop the postgresql service on EL systems
service:
name: 'postgresql-{{ psql_version }}'
state: stopped
when:
- ansible_distribution_file_variety == "RedHat"
- not standby_signal_file.stat.exists
- name: Remove the data directory contents {{ postgresql_active_data_dir }}
become: True
become_user: postgres
file:
dest: '{{ postgresql_active_data_dir }}'
state: absent
when: not standby_signal_file.stat.exists
- name: Run the pg_basebackup command that starts the replica
become: True
become_user: postgres
shell: /usr/bin/pg_basebackup -h {{ postgresql_streaming_replication_primary_node }} -p {{ psql_db_port }} -U {{ psql_streaming_replication_user }} -D {{ postgresql_active_data_dir }} -Fp -R -Xs -P -w
when: not standby_signal_file.stat.exists
- name: Start the postgresql service
service:
name: postgresql
state: started
when:
- ansible_distribution_file_variety == "Debian"
- not standby_signal_file.stat.exists
- name: Start the postgresql service on EL systems
service:
name: 'postgresql-{{ psql_version }}'
state: started
when:
- ansible_distribution_file_variety == "RedHat"
- not standby_signal_file.stat.exists
- name: postgresql-streaming-replication | Manage the replica initialization
when: postgresql_streaming_replication_primary_node != ansible_fqdn when: postgresql_streaming_replication_primary_node != ansible_fqdn
tags: [ 'postgresql', 'postgres', 'pg_conf', 'postgresql_replication' ] tags: ['postgresql', 'postgres', 'pg_conf', 'postgresql_replication']
block:
- name: postgresql-streaming-replication | Set some paths when it is a deb based system
ansible.builtin.set_fact:
postgresql_user_home: '/var/lib/postgresql'
postgresql_active_data_dir: '{{ psql_data_dir }}'
when: ansible_distribution_file_variety == "Debian"
- name: postgresql-streaming-replication | Set some paths it is a EL based system
ansible.builtin.set_fact:
postgresql_user_home: '/var/lib/pgsql'
postgresql_active_data_dir: '{{ psql_el_data_dir }}'
when: ansible_distribution_file_variety == "RedHat"
- name: postgresql-streaming-replication | Create the .pgpass file inside the postgresql home {{ postgresql_user_home }}
become: true
become_user: postgres
ansible.builtin.template:
src: replica_pgpass.j2
dest: '{{ postgresql_user_home }}/.pgpass'
mode: '0400'
- name: postgresql-streaming-replication | Check if a replica is already enabled
ansible.builtin.stat:
path: '{{ postgresql_active_data_dir }}/standby.signal'
register: standby_signal_file
- name: postgresql-streaming-replication | Prnt the replica file
ansible.builtin.debug:
msg: 'Replica file: {{ postgresql_active_data_dir }}/standby.signal'
- name: postgresql-streaming-replication | Stop the postgresql service on deb systems
ansible.builtin.service:
name: postgresql
state: stopped
when:
- ansible_distribution_file_variety == "Debian"
- not standby_signal_file.stat.exists
- name: postgresql-streaming-replication | Stop the postgresql service on EL systems
ansible.builtin.service:
name: 'postgresql-{{ psql_version }}'
state: stopped
when:
- ansible_distribution_file_variety == "RedHat"
- not standby_signal_file.stat.exists
- name: postgresql-streaming-replication | Remove the data directory contents {{ postgresql_active_data_dir }}
ansible.builtin.file:
dest: '{{ postgresql_active_data_dir }}'
state: absent
when: not standby_signal_file.stat.exists
- name: postgresql-streaming-replication | Run the pg_basebackup command that starts the replica
become: true
become_user: postgres
ansible.builtin.shell: >
/usr/bin/pg_basebackup -h {{ postgresql_streaming_replication_primary_node }}
-p {{ psql_db_port }} -U {{ psql_streaming_replication_user }}
-D {{ postgresql_active_data_dir }} -Fp -R -Xs -P -w
args:
creates: '{{ postgresql_active_data_dir }}'
when: not standby_signal_file.stat.exists
- name: postgresql-streaming-replication | Start the postgresql service
ansible.builtin.service:
name: postgresql
state: started
when:
- ansible_distribution_file_variety == "Debian"
- not standby_signal_file.stat.exists
- name: postgresql-streaming-replication | Start the postgresql service on EL systems
ansible.builtin.service:
name: 'postgresql-{{ psql_version }}'
state: started
when:
- ansible_distribution_file_variety == "RedHat"
- not standby_signal_file.stat.exists

60
tasks/postgresql_org_repo.yml
View File

@ -1,23 +1,55 @@
--- ---
- name: Debian or Ubuntu - name: postgresql_org_repo | Debian or Ubuntu
block:
- name: Get the signing key for the postgresql.org repository
apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present
- name: Setup the postgresql.org repository
apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main' update_cache=yes
when: when:
- pg_use_postgresql_org_repo - pg_use_postgresql_org_repo
- ansible_distribution_file_variety == "Debian" - ansible_distribution_file_variety == "Debian"
tags: [ 'postgresql', 'postgresql_repo' ] tags: ['postgresql', 'postgresql_repo', 'postgres_client']
- name: EL
block: block:
- name: Install the pgsql pgdg repository - name: postgresql_org_repo | Ensure that /etc/apt.d/keyrings exists
yum: name={{ psql_el_pgdg_repo_url }} state={{ psql_pkg_state }} ansible.builtin.file:
dest: /etc/apt/keyrings
state: directory
owner: root
group: root
mode: "0755"
- name: postgresql_org_repo | Get the signing key for the postgresql.org repository
ansible.builtin.get_url:
url: "{{ postgresql_deb_repo_key_url }}"
dest: "{{ postgresql_deb_repo_key }}"
owner: root
group: root
mode: "0644"
- name: postgresql_org_repo | Install the repository for Ubuntu
ansible.builtin.deb822_repository:
name: postgresql-org
types: [deb]
uris: "{{ postgresql_deb_repository_url }}"
components:
- main
suites: ["{{ postgresql_deb_repository_rel }}"]
signed_by: "{{ postgresql_deb_repo_key }}"
state: present
enabled: true
notify: Flush the APT cache
- name: postgresql_org_repo | Postgresql repo flush handlers
ansible.builtin.meta: flush_handlers
- name: postgresql_org_repo | Manage the EL repository
when: when:
- pg_use_postgresql_org_repo - pg_use_postgresql_org_repo
- ansible_distribution_file_variety == "RedHat" - ansible_distribution_file_variety == "RedHat"
tags: [ 'postgresql', 'postgresql_repo' ] tags: ['postgresql', 'postgresql_repo', 'postgres_client']
block:
- name: postgresql_org_repo | Install the pgsql pgdg repository on EL 7
ansible.builtin.yum:
name: "{{ psql_el_pgdg_repo_url }}"
state: present
disable_gpg_check: true
when: ansible_distribution_major_version is version_compare('8', '<')
- name: postgresql_org_repo | Install the pgsql pgdg repository on EL 8+
ansible.builtin.dnf:
name: "{{ psql_el_pgdg_repo_url }}"
state: present
disable_gpg_check: true
when: ansible_distribution_major_version is version_compare('8', '>=')

16
templates/postgresql-backup.sh.j2
View File

@ -46,12 +46,13 @@ create_backup_dirs() {
cleanup_old_backups() { cleanup_old_backups() {
# Remove the old backups # Remove the old backups
find ${HISTDIR} -atime +${N_DAYS_TO_SPARE} -type f -exec rm -f {} \; # find ${HISTDIR} -mtime +${N_DAYS_TO_SPARE} -type f -exec rm -fv {} \;
# TODELETE=$( /bin/ls "${HISTDIR}/" | awk -F '.' '{print $NF}' | sort -ruV | tail -n +${N_DAYS_TO_SPARE} ) ORD_DUMP_TO_DEL=$( expr $N_DAYS_TO_SPARE + 1 )
# for i in ${TODELETE} TODELETE=$( /bin/ls "${HISTDIR}/" | awk -F '.' '{print $NF}' | sort -ruV | tail -n +${ORD_DUMP_TO_DEL} )
# do for DATETODELETE in ${TODELETE}
# rm -f "${HISTDIR}/*.${i}" do
# done rm -fv ${HISTDIR}/*.${DATETODELETE}
done
} }
create_db_list() { create_db_list() {
@ -118,6 +119,8 @@ fix_backup_permissions() {
# #
umask 0077 umask 0077
cleanup_old_backups
create_backup_dirs create_backup_dirs
if [ "$BUILD_DBLIST" == "yes" ] ; then if [ "$BUILD_DBLIST" == "yes" ] ; then
create_db_list create_db_list
@ -150,6 +153,5 @@ else
fi fi
fix_backup_permissions fix_backup_permissions
cleanup_old_backups
exit $RETVAL exit $RETVAL

2
templates/postgresql-letsencrypt-acme.sh.j2
View File

@ -2,7 +2,7 @@
H_NAME=$( hostname -f ) H_NAME=$( hostname -f )
LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks
LE_CERTS_DIR=/var/lib/acme/live/$H_NAME LE_CERTS_DIR={{ letsencrypt_acme_sh_certificates_install_path }}
LE_LOG_DIR=/var/log/letsencrypt LE_LOG_DIR=/var/log/letsencrypt
POSTGRESQL_CERTDIR=/etc/pki/postgresql POSTGRESQL_CERTDIR=/etc/pki/postgresql
POSTGRESQL_KEYFILE=$POSTGRESQL_CERTDIR/postgresql.key POSTGRESQL_KEYFILE=$POSTGRESQL_CERTDIR/postgresql.key

2
templates/postgresql-service-environment.conf.j2 Normal file
View File

@ -0,0 +1,2 @@
[Service]
Environment=PGDATA={{ psql_el_data_dir }}

1
templates/replica_pgpass.j2 Normal file
View File

@ -0,0 +1 @@
{{ postgresql_streaming_replication_primary_node }}:{{ psql_db_port }}:replication:{{ psql_streaming_replication_user }}:{{ psql_streaming_replication_pwd }}