r/postgresql-data: Manage users and databases

This role can ensure PostgreSQL users and databases are created for applications that are not themselves managed by Ansible. Notably, we need to do this for anything deployed in Kubernetes that uses the central database server.
2025-02-01 17:20:36 -06:00 · 2025-02-01 17:20:36 -06:00 · 164d86d646
parent 34c1256f27
commit 164d86d646
4 changed files with 39 additions and 0 deletions
--- a/group_vars/postgresql.yml
+++ b/group_vars/postgresql.yml
@ -60,3 +60,15 @@ wal_g_pg_config:
  AWS_ENDPOINT: https://s3.backups.pyrocufflink.blue
  PGHOST: /run/postgresql
  WALG_STATSD_ADDRESS: localhost:9125
+
+postgresql_users:
+- name: ara
+- name: authelia
+- name: firefly
+- name: homeassistant
+
+postgresql_dbs:
+- name: ara
+- name: authelia
+- name: firefly
+- name: homeassistant
--- a/postgresql.yml
+++ b/postgresql.yml
@ -14,3 +14,5 @@
  - postgresql-server
  - role: postgres-exporter
    tags: postgres-exporter
+  - role: postgresql-data
+    tags: postgresql-data
--- a/roles/postgresql-data/defaults/main.yml
+++ b/roles/postgresql-data/defaults/main.yml
@ -0,0 +1,2 @@
+postgresql_users: []
+postgresql_dbs: []
--- a/roles/postgresql-data/tasks/main.yml
+++ b/roles/postgresql-data/tasks/main.yml
@ -0,0 +1,23 @@
+- name: ensure postgresql users exist
+  become: true
+  become_user: postgres
+  postgresql_user:
+    name: '{{ item.name }}'
+    password: '{{ item.password|d(omit) }}'
+    state: present
+  loop: '{{ postgresql_users }}'
+  tags:
+  - postgresql-user
+
+- name: ensure postgresql databases exist
+  become: true
+  become_user: postgres
+  postgresql_db:
+    name: '{{ item.name }}'
+    owner: '{{ item.owner|d(item.name) }}'
+    encoding: '{{ item.encoding|d(omit) }}'
+    lc_collate: '{{ item.lc_collate|d(omit) }}'
+    lc_ctype: '{{ item.lc_ctype|d(omit) }}'
+  loop: '{{ postgresql_dbs }}'
+  tags:
+  - postgresql-db