dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
Files
96902342037e666644035c6b148849b15f991752
configpolicy/roles/postgresql-server/tasks/main.yml
Dustin C. Hatch 965742d2b0 r/postgresql-server-base: Factor out prep steps 
There's a bit of a dependency loop between the _postgresql-server_ role
and other roles that supplement it, like _wal-g-pg_ and
_postgresql-cert_.  The latter roles need PostgreSQL installed, but when
those roles are used, the server cannot be started until they have been
applied.  To resolve this situation, I've broken out the initial
installation steps from the _postgresql-server_ role into
_postgresql-server-base_.  Roles that need PostgreSQL installed, but
need to be applied before the server can start, can depend on this role.
2024-11-17 10:27:31 -06:00

147 lines
3.4 KiB
YAML
Raw Blame History

- name: restore postgresql data directory from backup
command: >-
{{ postgresql_restore_command }}
args:
creates: '{{ pgdata_dir }}/PG_VERSION'
when: postgresql_restore_command|d(none)
notify:
- create postgresql server recovery signal file
tags:
- restore
- name: ensure postgresql data directory exists
file:
path: '{{ pgdata_dir }}'
owner: postgres
group: postgres
mode: u=rwx,go=
state: directory
tags:
- initdb
- name: ensure postgresql database cluster is initialized
command:
runuser -u postgres -- initdb {{ pgdata_dir }}
args:
creates: '{{ pgdata_dir }}/PG_VERSION'
tags:
- initdb
- name: ensure default configuration files are removed from data directory
file:
path: '{{ pgdata_dir }}/{{ item }}'
state: absent
when: pgdata_dir != postgresql_config_dir
loop:
- postgresql.conf
- pg_hba.conf
- pg_ident.conf
tags:
- config
- name: ensure postgresql configuration directory exists
file:
path: '{{ postgresql_config_dir }}'
owner: root
group: postgres
mode: u=rwx,g=rx,o=
state: directory
when: postgresql_config_dir != pgdata_dir
tags:
- config
- name: ensure postgresql server is configured
template:
src: postgresql.conf.j2
dest: '{{ postgresql_config_dir }}/postgresql.conf'
owner: root
group: postgres
mode: u=rw,g=r,o=
notify: restart postgresql server
tags:
- config
- name: ensure postgresql identity mapping is configured
template:
src: pg_ident.conf.j2
dest: '{{ postgresql_config_dir }}/pg_ident.conf'
owner: root
group: postgres
mode: u=rw,g=r,o=
setype: postgresql_db_t
tags:
- config
- name: ensure postgresql host-based authentication is configured
template:
src: pg_hba.conf.j2
dest: '{{ postgresql_config_dir }}/pg_hba.conf'
owner: root
group: postgres
mode: u=rw,g=r,o=
setype: postgresql_db_t
notify: reload postgresql server
tags:
- config
- pg_hba
- name: ensure postgresql server standby signal file exists
file:
path: '{{ pgdata_dir }}/standby.signal'
state: >-
{{ 'touch' if postgresql_standby|d(false) else 'absent' }}
owner: root
group: root
mode: u=rw,go=r
tags:
- config
- name: ensure postgresql server certificate is installed
copy:
src: '{{ item }}'
dest: '{{ postgresql_config_dir }}/{{ item|basename }}'
owner: postgres
group: postgres
mode: u=rw,go=
with_fileglob: 'certs/postgresql/{{ inventory_hostname }}/*'
tags:
- cert
- name: ensure postgresql systemd unit drop-in directory exists
file:
path: /etc/systemd/system/postgresql.service.d
owner: root
group: root
state: directory
tags:
- systemd
- name: ensure postgresql systemd unit extension is configured
template:
src: pgdata.systemd.conf.j2
dest: /etc/systemd/system/postgresql.service.d/pgdata.conf
owner: root
group: root
notify:
- reload systemd
- restart postgresql server
tags:
- systemd
- name: ensure postgresql starts at boot
service:
name: postgresql
enabled: true
- name: flush handlers
meta: flush_handlers
- name: ensure postgresql server is running
service:
name: postgresql
state: started
- name: ensure firewall is configured for postgresql
firewalld:
service: postgresql
state: >-
{{ 'enabled' if postgresql_allow_remote else 'disabled' }}
permanent: true
immediate: true
when: host_uses_firewalld|d(true)
tags:
- firewalld
Reference in New Issue View Git Blame Copy Permalink