From afe4fb7effd51ff19fee1687b3a6f671b7aabea3 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 14 Apr 2018 15:23:44 -0500 Subject: [PATCH] roles/postgresql-server: Deploy PostgreSQL The *postgresql-server* role installs and configures PostgreSQL on Fedora/RHEL-based distributions. --- roles/postgresql-server/defaults/main.yml | 3 ++ roles/postgresql-server/handlers/main.yml | 6 +++ roles/postgresql-server/tasks/main.yml | 53 +++++++++++++++++++ .../templates/pg_hba.conf.j2 | 7 +++ .../templates/pg_ident.conf.j2 | 3 ++ .../templates/postgresql-setup.service.j2 | 11 ++++ 6 files changed, 83 insertions(+) create mode 100644 roles/postgresql-server/defaults/main.yml create mode 100644 roles/postgresql-server/handlers/main.yml create mode 100644 roles/postgresql-server/tasks/main.yml create mode 100644 roles/postgresql-server/templates/pg_hba.conf.j2 create mode 100644 roles/postgresql-server/templates/pg_ident.conf.j2 create mode 100644 roles/postgresql-server/templates/postgresql-setup.service.j2 diff --git a/roles/postgresql-server/defaults/main.yml b/roles/postgresql-server/defaults/main.yml new file mode 100644 index 0000000..a753f04 --- /dev/null +++ b/roles/postgresql-server/defaults/main.yml @@ -0,0 +1,3 @@ +pgdata_dir: /var/lib/pgsql/data +pg_locale: en_US.UTF-8 +pg_ident: [] diff --git a/roles/postgresql-server/handlers/main.yml b/roles/postgresql-server/handlers/main.yml new file mode 100644 index 0000000..9cadfd4 --- /dev/null +++ b/roles/postgresql-server/handlers/main.yml @@ -0,0 +1,6 @@ +- name: reload systemd + command: systemctl daemon-reload +- name: reload postgresql server + service: + name=postgresql + state=reloaded diff --git a/roles/postgresql-server/tasks/main.yml b/roles/postgresql-server/tasks/main.yml new file mode 100644 index 0000000..2ea1ad6 --- /dev/null +++ b/roles/postgresql-server/tasks/main.yml @@ -0,0 +1,53 @@ +- name: ensure postgresql-server is installed + package: + name=postgresql-server + state=present + tags: + - install + +- name: ensure postgresql-setup unit is installed + template: + src=postgresql-setup.service.j2 + dest=/etc/systemd/system/postgresql-setup.service + mode=0644 + notify: reload systemd +- meta: flush_handlers +- name: ensure postgresql-setup has started + service: + name=postgresql-setup + state=started + +- name: ensure postgresql identity mapping is configured + template: + src=pg_ident.conf.j2 + dest={{ pgdata_dir }}/pg_ident.conf + owner=postgres + group=postgres + mode=0600 + setype=postgresql_db_t +- name: ensure postgresql host-based authentication is configured + template: + src=pg_hba.conf.j2 + dest={{ pgdata_dir }}/pg_hba.conf + owner=postgres + group=postgres + mode=0600 + setype=postgresql_db_t + notify: reload postgresql server + +- name: ensure postgresql-check-db-dir is labelled correctly + file: + path=/usr/bin/postgresql-check-db-dir + setype=postgresql_exec_t + state=file + when: ansible_distribution in ('CentOS', 'RHEL') + +- name: ensure postgresql starts at boot + service: + name=postgresql + enabled=yes +- meta: flush_handlers +- name: ensure postgresql server is running + service: + name=postgresql + state=started diff --git a/roles/postgresql-server/templates/pg_hba.conf.j2 b/roles/postgresql-server/templates/pg_hba.conf.j2 new file mode 100644 index 0000000..64c9182 --- /dev/null +++ b/roles/postgresql-server/templates/pg_hba.conf.j2 @@ -0,0 +1,7 @@ +{#- vim: set ft=jinja : -#} +# TYPE DATABASE USER ADDRESS METHOD +{% for auth in pg_hba_extra|d({}) %} +{{ '{type: <9} {database: <15} {user: <15} {address: <23} {method}'.format(**auth) }} +{% endfor %} +local all postgres peer +local sameuser all peer diff --git a/roles/postgresql-server/templates/pg_ident.conf.j2 b/roles/postgresql-server/templates/pg_ident.conf.j2 new file mode 100644 index 0000000..60c86ee --- /dev/null +++ b/roles/postgresql-server/templates/pg_ident.conf.j2 @@ -0,0 +1,3 @@ +{% for item in pg_ident %} +{{ item.mapname }} {{ item.system_user }} {{ item.pg_user }} +{% endfor %} diff --git a/roles/postgresql-server/templates/postgresql-setup.service.j2 b/roles/postgresql-server/templates/postgresql-setup.service.j2 new file mode 100644 index 0000000..7ceb640 --- /dev/null +++ b/roles/postgresql-server/templates/postgresql-setup.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Before=postgresql.service + +[Service] +Type=oneshot +RemainAfterExit=true +Environment=PGDATA={{ pgdata_dir }} +Environment=LANG={{ pg_locale }} +User=postgres +Group=postgres +ExecStart=/bin/sh -c "[ -f ${PGDATA}/PG_VERSION ] || initdb -D ${PGDATA}"