roles/postgresql-server: Deploy PostgreSQL

The *postgresql-server* role installs and configures PostgreSQL on Fedora/RHEL-based distributions.
2018-04-14 15:23:44 -05:00 · 2018-04-14 15:23:44 -05:00 · afe4fb7eff
parent f89b279d3a
commit afe4fb7eff
6 changed files with 83 additions and 0 deletions
--- a/roles/postgresql-server/defaults/main.yml
+++ b/roles/postgresql-server/defaults/main.yml
@ -0,0 +1,3 @@
+pgdata_dir: /var/lib/pgsql/data
+pg_locale: en_US.UTF-8
+pg_ident: []
--- a/roles/postgresql-server/handlers/main.yml
+++ b/roles/postgresql-server/handlers/main.yml
@ -0,0 +1,6 @@
+- name: reload systemd
+  command: systemctl daemon-reload
+- name: reload postgresql server
+  service:
+    name=postgresql
+    state=reloaded
--- a/roles/postgresql-server/tasks/main.yml
+++ b/roles/postgresql-server/tasks/main.yml
@ -0,0 +1,53 @@
+- name: ensure postgresql-server is installed
+  package:
+    name=postgresql-server
+    state=present
+  tags:
+  - install
+
+- name: ensure postgresql-setup unit is installed
+  template:
+    src=postgresql-setup.service.j2
+    dest=/etc/systemd/system/postgresql-setup.service
+    mode=0644
+  notify: reload systemd
+- meta: flush_handlers
+- name: ensure postgresql-setup has started
+  service:
+    name=postgresql-setup
+    state=started
+
+- name: ensure postgresql identity mapping is configured
+  template:
+    src=pg_ident.conf.j2
+    dest={{ pgdata_dir }}/pg_ident.conf
+    owner=postgres
+    group=postgres
+    mode=0600
+    setype=postgresql_db_t
+- name: ensure postgresql host-based authentication is configured
+  template:
+    src=pg_hba.conf.j2
+    dest={{ pgdata_dir }}/pg_hba.conf
+    owner=postgres
+    group=postgres
+    mode=0600
+    setype=postgresql_db_t
+  notify: reload postgresql server
+
+- name: ensure postgresql-check-db-dir is labelled correctly
+  file:
+    path=/usr/bin/postgresql-check-db-dir
+    setype=postgresql_exec_t
+    state=file
+  when: ansible_distribution in ('CentOS', 'RHEL')
+
+- name: ensure postgresql starts at boot
+  service:
+    name=postgresql
+    enabled=yes
+- meta: flush_handlers
+- name: ensure postgresql server is running
+  service:
+    name=postgresql
+    state=started
--- a/roles/postgresql-server/templates/pg_hba.conf.j2
+++ b/roles/postgresql-server/templates/pg_hba.conf.j2
@ -0,0 +1,7 @@
+{#- vim: set ft=jinja : -#}
+# TYPE    DATABASE        USER            ADDRESS                 METHOD
+{% for auth in pg_hba_extra|d({}) %}
+{{ '{type: <9} {database: <15} {user: <15} {address: <23} {method}'.format(**auth) }}
+{% endfor %}
+local     all             postgres                                peer
+local     sameuser        all                                     peer
--- a/roles/postgresql-server/templates/pg_ident.conf.j2
+++ b/roles/postgresql-server/templates/pg_ident.conf.j2
@ -0,0 +1,3 @@
+{% for item in pg_ident %}
+{{ item.mapname }}	{{ item.system_user }}	{{ item.pg_user }}
+{% endfor %}
--- a/roles/postgresql-server/templates/postgresql-setup.service.j2
+++ b/roles/postgresql-server/templates/postgresql-setup.service.j2
@ -0,0 +1,11 @@
+[Unit]
+Before=postgresql.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+Environment=PGDATA={{ pgdata_dir }}
+Environment=LANG={{ pg_locale }}
+User=postgres
+Group=postgres
+ExecStart=/bin/sh -c "[ -f ${PGDATA}/PG_VERSION ] || initdb -D ${PGDATA}"