| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 |
- ---
- - name: ensure a postgresql server is running and correctly configured
- hosts: dbservers
- gather_facts: no
- vars:
- pg_admin_pass: verysecret
- tasks:
- - name: check whether package is installed
- command: rpm -q postgresql-server
- ignore_errors: yes
- changed_when: false
- register: pg_is_there
- tags:
- - install
- - name: check whether PG_VERSION exists in datadir
- become: yes
- stat:
- path: /var/lib/pgsql/data/PG_VERSION
- register: pg_version_is_there
- tags:
- - install
- - name: ensure the server is at latest version
- become: true
- yum:
- name:
- - postgresql-server
- - python3-psycopg2
- state: latest
- register: install_status
- tags:
- - install
- - name: stop the server if this was an upgrade
- become: true
- service:
- name: postgresql
- state: stopped
- when:
- - not pg_is_there.failed
- - pg_version_is_there.stat.exists
- - install_status.changed
- tags:
- - install
- - name: decide what option to use for postgresql-setup
- set_fact:
- pgsetup: --initdb
- when: >
- (install_status.changed and pg_is_there.failed)
- or
- not pg_version_is_there.stat.exists
- tags:
- - install
- - name: decide what option to use for postgresql-setup
- set_fact:
- pgsetup: --upgrade
- when:
- - install_status.changed
- - not pg_is_there.failed
- tags:
- - install
- - name: initialise or upgrade the database
- become: yes
- command: postgresql-setup {{ pgsetup }}
- when: pgsetup is defined
- tags:
- - install
- - name: ensure the service is started
- become: yes
- service:
- name: postgresql
- state: started
- tags:
- - config
- - name: open ports if necessary
- become: yes
- firewalld:
- service: postgresql
- state: enabled
- immediate: yes
- permanent: yes
- tags:
- - config
- - name: ensure md5 authentication is configured for remote users (ipv4)
- become: yes
- become_user: postgres
- lineinfile:
- path: /var/lib/pgsql/data/pg_hba.conf
- regex: '^host\s+all\s+all\s+0\.0\.0\.0/0\s+'
- line: "host all all 0.0.0.0/0 md5"
- notify: reload postgres
- tags:
- - config
- - name: ensure md5 authentication is configured for remote users (ipv6)
- become: yes
- become_user: postgres
- lineinfile:
- path: /var/lib/pgsql/data/pg_hba.conf
- regex: '^host\s+all\s+all\s+::/0\s+'
- line: "host all all ::/0 md5"
- notify: reload postgres
- tags:
- - config
- - name: ensure the server is listening on all interfaces
- become: yes
- become_user: postgres
- lineinfile:
- path: /var/lib/pgsql/data/postgresql.conf
- regex: '^#?listen_addresses\s.*'
- line: "listen_addresses '*'"
- notify: restart postgres
- tags:
- - config
- - name: flush handlers
- meta: flush_handlers
- - name: ensure an admin user exists
- become: yes
- become_user: postgres
- postgresql_user:
- name: admin
- password: "{{ pg_admin_pass }}"
- state: present
- login_unix_socket: "/var/run/postgresql"
- role_attr_flags: SUPERUSER
- tags:
- - config
- - name: ensure the driver is installed on client machine
- become: true
- delegate_to: workstation.lab.example.com
- yum:
- name:
- - python3-psycopg2
- state: latest
- tags:
- - test
- - never
- - name: test the connection works
- delegate_to: workstation.lab.example.com
- postgresql_ping:
- login_host: "{{ inventory_hostname }}"
- login_user: admin
- login_password: "{{ pg_admin_pass }}"
- db: postgres
- register: ping_result
- tags:
- - test
- - never
- - assert:
- that: ping_result.is_available
- tags:
- - test
- - never
- handlers:
- - name: reload postgres
- become: yes
- service:
- name: postgresql
- state: reloaded
- - name: restart postgres
- become: yes
- service:
- name: postgresql
- state: restarted
- ...
|
