From 60f8384e15da43e849179be26d480328c48e2a04 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Sat, 17 Sep 2022 15:01:47 +0200
Subject: [PATCH] postgres: Add Commvault backup compatibility
---
postgres/defaults/main.yml | 4 +++
postgres/handlers/main.yml | 6 ++++
postgres/tasks/main.yml | 66 ++++++++++++++++++++++++++++++++--
postgres/templates/pg_ident.j2 | 3 ++
4 files changed, 77 insertions(+), 2 deletions(-)
create mode 100644 postgres/handlers/main.yml
create mode 100644 postgres/templates/pg_ident.j2
diff --git a/postgres/defaults/main.yml b/postgres/defaults/main.yml
index 97bb888..5818f96 100644
--- a/postgres/defaults/main.yml
+++ b/postgres/defaults/main.yml
@@ -2,3 +2,7 @@
postgres_pgdg_repo: false
postgres_rsnapshot: false
+postgres_commvault_compat: false
+
+### Will be the version of the `postgresql` package if undefined
+# postgres_version: 15
diff --git a/postgres/handlers/main.yml b/postgres/handlers/main.yml
new file mode 100644
index 0000000..6b6cbd7
--- /dev/null
+++ b/postgres/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart Postgres
+ systemd:
+ name: postgresql.service
+ state: restarted
diff --git a/postgres/tasks/main.yml b/postgres/tasks/main.yml
index 868ea84..6fb1268 100644
--- a/postgres/tasks/main.yml
+++ b/postgres/tasks/main.yml
@@ -17,12 +17,24 @@
- name: ensure postgres packages are installed
apt:
name:
- # yamllint disable-line rule:line-length
- - postgresql{{ "-{}".format(postgres_version) if postgres_version is defined }}
+ - postgresql{{
+ "-" + postgres_version|string if postgres_version is defined
+ }}
- python3-psycopg2
- libpq-dev
state: present
+- when: not postgres_version is defined
+ block:
+ - name: Check installed software
+ package_facts:
+ manager: auto
+
+ - name: Set postgres_version
+ set_fact:
+ postgres_version: >-
+ {{ ansible_facts.packages.postgresql[0].version.split('+')[0] }}
+
- name: ensure legacy postgres packages are installed
apt:
name:
@@ -41,6 +53,7 @@
block:
- name: ensure we have our postgres backup script
copy:
+ # yamllint disable-line rule:line-length
src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"
dest: /usr/local/bin/pgbackup.sh
owner: root
@@ -59,3 +72,52 @@
file:
path: /etc/cron.d/postgres-snapshot
state: absent
+
+- name: Configure Commvault backup compatibility
+ when: postgres_commvault_compat
+ block:
+ - name: Create WAL backup directory
+ file:
+ path: /var/backups/pg_wal
+ state: directory
+ owner: postgres
+ group: postgres
+ mode: '0750'
+
+ - name: Configure Postgres WAL archive
+ postgresql_set:
+ name: "{{ item.name }}"
+ value: "{{ item.value }}"
+ loop:
+ - name: archive_mode
+ value: "on"
+ - name: archive_command
+ value: 'cp %p /var/backups/pg_wal/%f'
+ notify:
+ - Restart Postgres
+
+ - name: Configure Postgres ident mappings
+ blockinfile:
+ path: /etc/postgresql/{{ postgres_version }}/main/pg_ident.conf
+ insertafter: '^# MAPNAME\s+SYSTEM-USERNAME\s+PG-USERNAME$'
+ block: '{{ lookup("template", "pg_ident.j2") }}'
+ vars:
+ postgres_ident_mappings:
+ - mapname: postgres
+ system_username: postgres
+ pg_username: postgres
+ - mapname: postgres
+ system_username: root
+ pg_username: postgres
+ notify:
+ - Restart Postgres
+
+ - name: Configure Postgres to use ident mapping for postgres role
+ postgresql_pg_hba:
+ dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+ contype: local
+ users: postgres
+ method: peer
+ options: map=postgres
+ notify:
+ - Restart Postgres
diff --git a/postgres/templates/pg_ident.j2 b/postgres/templates/pg_ident.j2
new file mode 100644
index 0000000..27e841e
--- /dev/null
+++ b/postgres/templates/pg_ident.j2
@@ -0,0 +1,3 @@
+{% for i in postgres_ident_mappings %}
+{{ "{mapname:15} {system_username:23} {pg_username}".format(**i) }}
+{% endfor %}
--
GitLab