roles/postgresql-server: Rewrite role
This rewrite brings a lot of improvements and new functionality to the *postgresql-server* role. The most noticeable change is the introduction of the `postgresql_config_dir` variable, which can be used to specify a different location for the PostgreSQL server configuration files, separate from the data storage directory. By default, the variable is set to `/etc/postgresql`. For some situations, it may be necessary to disable this functionality, which can be accomplished by setting the value of `postgresql_config_dir` to the same path as `pgdata_dir`. Note also that the `postgresql-setup` tool, and the corresponding `postgresql-check-db-dir` script, which are included in the Fedora/Red Hat distribution of PostgreSQL, do not support having separate configuration and data directories, so their use has to be disabled. Another significant improvement is to how the `postgresql.conf` file is generated. Any setting can be set now, using the `postgresql_config` variable; any key in this dictionary will be written to the configuration file. Note that configuration file syntax requires single quotes around string values, so these have to be included in the YAML value. To support deploying standby servers, the role now supports running a command to restore from a backup instead of running `initdb`. Additionally, the `postgresql_standby` variable can be set to `true` to create the `recovery.signal` file, configuring the server as a standby.
This commit is contained in:
@@ -1,64 +1,153 @@
|
||||
- name: ensure postgresql-server is installed
|
||||
package:
|
||||
name=postgresql-server
|
||||
state=present
|
||||
name: postgresql-server
|
||||
state: present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: restore postgresql data directory from backup
|
||||
command: >-
|
||||
{{ postgresql_restore_command }}
|
||||
args:
|
||||
creates: '{{ pgdata_dir }}/PG_VERSION'
|
||||
when: postgresql_restore_command|d(none)
|
||||
notify:
|
||||
- create postgresql server recovery signal file
|
||||
tags:
|
||||
- restore
|
||||
|
||||
- name: ensure postgresql data directory exists
|
||||
file:
|
||||
path: '{{ pgdata_dir }}'
|
||||
owner: postgres
|
||||
group: postgres
|
||||
mode: u=rwx,go=
|
||||
state: directory
|
||||
tags:
|
||||
- initdb
|
||||
- name: ensure postgresql database cluster is initialized
|
||||
command:
|
||||
postgresql-setup initdb
|
||||
creates={{ pgdata_dir }}/PG_VERSION
|
||||
runuser -u postgres -- initdb {{ pgdata_dir }}
|
||||
args:
|
||||
creates: '{{ pgdata_dir }}/PG_VERSION'
|
||||
tags:
|
||||
- initdb
|
||||
|
||||
- name: ensure default configuration files are removed from data directory
|
||||
file:
|
||||
path: '{{ pgdata_dir }}/{{ item }}'
|
||||
state: absent
|
||||
when: pgdata_dir != postgresql_config_dir
|
||||
loop:
|
||||
- postgresql.conf
|
||||
- pg_hba.conf
|
||||
- pg_ident.conf
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: ensure postgresql configuration directory exists
|
||||
file:
|
||||
path: '{{ postgresql_config_dir }}'
|
||||
owner: root
|
||||
group: postgres
|
||||
mode: u=rwx,g=rx,o=
|
||||
state: directory
|
||||
when: postgresql_config_dir != pgdata_dir
|
||||
tags:
|
||||
- config
|
||||
- name: ensure postgresql server is configured
|
||||
template:
|
||||
src: postgresql.conf.j2
|
||||
dest: '{{ postgresql_config_dir }}/postgresql.conf'
|
||||
owner: root
|
||||
group: postgres
|
||||
mode: u=rw,g=r,o=
|
||||
notify: restart postgresql server
|
||||
tags:
|
||||
- config
|
||||
- name: ensure postgresql identity mapping is configured
|
||||
template:
|
||||
src: pg_ident.conf.j2
|
||||
dest: '{{ postgresql_config_dir }}/pg_ident.conf'
|
||||
owner: root
|
||||
group: postgres
|
||||
mode: u=rw,g=r,o=
|
||||
setype: postgresql_db_t
|
||||
tags:
|
||||
- config
|
||||
- name: ensure postgresql host-based authentication is configured
|
||||
template:
|
||||
src: pg_hba.conf.j2
|
||||
dest: '{{ postgresql_config_dir }}/pg_hba.conf'
|
||||
owner: root
|
||||
group: postgres
|
||||
mode: u=rw,g=r,o=
|
||||
setype: postgresql_db_t
|
||||
notify: reload postgresql server
|
||||
tags:
|
||||
- config
|
||||
- pg_hba
|
||||
|
||||
- name: ensure postgresql server standby signal file exists
|
||||
file:
|
||||
path: '{{ pgdata_dir }}/standby.signal'
|
||||
state: >-
|
||||
{{ 'touch' if postgresql_standby|d(false) else 'absent' }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=r
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: ensure postgresql server certificate is installed
|
||||
copy:
|
||||
src: '{{ item }}'
|
||||
dest: '{{ pgdata_dir }}/{{ item|basename }}'
|
||||
dest: '{{ postgresql_config_dir }}/{{ item|basename }}'
|
||||
owner: postgres
|
||||
group: postgres
|
||||
mode: 00600
|
||||
mode: u=rw,go=
|
||||
with_fileglob: 'certs/postgresql/{{ inventory_hostname }}/*'
|
||||
tags:
|
||||
- cert
|
||||
|
||||
- name: ensure postgresql server is configured
|
||||
template:
|
||||
src: '{{ item }}'
|
||||
dest: '{{ pgdata_dir }}/postgresql.conf'
|
||||
mode: '0600'
|
||||
notify: restart postgresql server
|
||||
with_first_found:
|
||||
- ../templates/postgresql-{{ ansible_distribution }}-{{ ansible_distribution_version }}.conf.j2
|
||||
- ../templates/postgresql-{{ ansible_distribution }}.conf.j2
|
||||
- ../templates/postgresql.conf.j2
|
||||
- name: ensure postgresql identity mapping is configured
|
||||
template:
|
||||
src=pg_ident.conf.j2
|
||||
dest={{ pgdata_dir }}/pg_ident.conf
|
||||
owner=postgres
|
||||
group=postgres
|
||||
mode=0600
|
||||
setype=postgresql_db_t
|
||||
- name: ensure postgresql host-based authentication is configured
|
||||
template:
|
||||
src=pg_hba.conf.j2
|
||||
dest={{ pgdata_dir }}/pg_hba.conf
|
||||
owner=postgres
|
||||
group=postgres
|
||||
mode=0600
|
||||
setype=postgresql_db_t
|
||||
notify: reload postgresql server
|
||||
|
||||
- name: ensure postgresql-check-db-dir is labelled correctly
|
||||
- name: ensure postgresql systemd unit drop-in directory exists
|
||||
file:
|
||||
path=/usr/bin/postgresql-check-db-dir
|
||||
setype=postgresql_exec_t
|
||||
state=file
|
||||
when: ansible_distribution in ('CentOS', 'RHEL')
|
||||
path: /etc/systemd/system/postgresql.service.d
|
||||
owner: root
|
||||
group: root
|
||||
state: directory
|
||||
tags:
|
||||
- systemd
|
||||
- name: ensure postgresql systemd unit extension is configured
|
||||
template:
|
||||
src: pgdata.systemd.conf.j2
|
||||
dest: /etc/systemd/system/postgresql.service.d/pgdata.conf
|
||||
owner: root
|
||||
group: root
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart postgresql server
|
||||
tags:
|
||||
- systemd
|
||||
|
||||
- name: ensure postgresql starts at boot
|
||||
service:
|
||||
name=postgresql
|
||||
enabled=yes
|
||||
- meta: flush_handlers
|
||||
name: postgresql
|
||||
enabled: true
|
||||
- name: flush handlers
|
||||
meta: flush_handlers
|
||||
- name: ensure postgresql server is running
|
||||
service:
|
||||
name=postgresql
|
||||
state=started
|
||||
name: postgresql
|
||||
state: started
|
||||
|
||||
- name: ensure firewall is configured for postgresql
|
||||
firewalld:
|
||||
service: postgresql
|
||||
state: >-
|
||||
{{ 'enabled' if postgresql_allow_remote else 'disabled' }}
|
||||
permanent: true
|
||||
immediate: true
|
||||
when: host_uses_firewalld|d(true)
|
||||
tags:
|
||||
- firewalld
|
||||
|
||||
Reference in New Issue
Block a user