Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

142 lines
4.1 KiB

---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
- vars/defaults.yml
tags: pg
- name: Install Postgresql packages
yum:
name: "{{ pg_packages }}"
tags: pg
- name: Check if PG_VERSION exists
stat: path=/var/lib/pgsql/{{ (pg_version != 'default') | ternary(pg_version | string + '/','') }}data/PG_VERSION
register: pg_version_file
tags: pg
- name: Init data
command: "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string + '/bin/postgresql-' + pg_version | string + '-setup','postgresql-setup') }} initdb"
when: not pg_version_file.stat.exists
tags: pg
- name: Deploy configuration
template: src={{ item }}.j2 dest=/var/lib/pgsql/{{ (pg_version != 'default') | ternary(pg_version | string + '/','') }}data/{{ item }} owner=postgres group=postgres mode=600
with_items:
- pg_hba.conf
- postgresql.conf
notify: reload postgresql
tags: pg
- name: Create backup directories
file: path=/home/lbkp/pgsql state=directory owner=postgres group=postgres mode=700
tags: pg
- name: Create pre and post backup hook dir
file: path={{ item }} state=directory mode=750
with_items:
- /etc/backup/pre.d
- /etc/backup/post.d
tags: pg
- name: Deploy backup scripts
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.hook }}.d/{{ item.script }} mode=755
with_items:
- { script: 'postgresql_create_dumps.sh', hook: pre }
- { script: 'postgresql_delete_dumps.sh', hook: post }
tags: pg
- name: Handle PostgreSQL port
iptables_raw:
name: pg_port
state: "{{ (pg_src_ip is defined and pg_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ pg_port }} -s {{ pg_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: pg
- name: Create postgresql unit snippet dir
file: path=/etc/systemd/system/postgresql{{ (pg_version != 'default') | ternary('-' + pg_version | string,'') }}.service.d state=directory
tags: pg
- name: Increase postgresql start/stop timeout
copy:
content: |
[Service]
TimeoutSec=300
StartLimitInterval=0
RestartSec=1
dest: /etc/systemd/system/postgresql{{ (pg_version != 'default') | ternary('-' + pg_version | string,'') }}.service.d/timeout.conf
register: pg_unit
notify: restart postgresql
tags: pg
- name: Reload systemd
command: systemctl daemon-reload
when: pg_unit.changed
tags: pg
# TODO: we should instead iterate over every postgresql* services and disable everyone of them
# except for pg_version
- name: Disable default postgresql version
service: name=postgresql state=stopped enabled=False
when: pg_version != 'default'
failed_when: False
tags: pg
- name: Start and enable the service
service: name=postgresql{{ (pg_version != 'default') | ternary('-' + pg_version | string,'') }} state=started enabled=True
tags: pg
- name: Create postgresql admin role
postgresql_user:
name: "sqladmin"
password: "{{ pg_admin_pass }}"
role_attr_flags: SUPERUSER,CREATEROLE,CREATEDB
become_user: postgres
tags: pg
- name: Create roles
postgresql_user:
name: "{{ item.name }}"
password: "{{ item.pass }}"
role_attr_flags: "{{ item.flags | default([]) | join(',') }}"
become_user: postgres
with_items: "{{ pg_roles }}"
tags: pg
- name: Create databases
postgresql_db:
name: "{{ item.name }}"
encoding: "{{ item.encoding | default('UTF-8') }}"
lc_collate: C
lc_ctype: C
template: template0
owner: "{{ item.owner | default(omit) }}"
become_user: postgres
with_items: "{{ pg_databases }}"
tags: pg
- name: Apply privileges
postgresql_privs: "{{ item }}"
become_user: postgres
loop: "{{ pg_privs }}"
tags: pg
- name: Remove databases
postgresql_db:
name: "{{ item }}"
state: absent
become_user: postgres
with_items: "{{ pg_databases_to_remove }}"
tags: pg
- name: Remove roles
postgresql_user:
name: "{{ item }}"
state: absent
become_user: postgres
with_items: "{{ pg_roles_to_remove }}"
tags: pg