postgres: Add Commvault backup compatibility

60f8384e · Thomas Schneider · f98d9e58 · 60f8384e · 60f8384e · 60f8384e
Commit 60f8384e authored 2 years ago by Thomas Schneider
--- a/postgres/defaults/main.yml
+++ b/postgres/defaults/main.yml
@@ -2,3 +2,7 @@

 postgres_pgdg_repo: false
 postgres_rsnapshot: false
+postgres_commvault_compat: false
+
+### Will be the version of the `postgresql` package if undefined
+# postgres_version: 15
--- a/postgres/handlers/main.yml
+++ b/postgres/handlers/main.yml
+---
+
+- name: Restart Postgres
+  systemd:
+    name: postgresql.service
+    state: restarted
--- a/postgres/tasks/main.yml
+++ b/postgres/tasks/main.yml
@@ -17,12 +17,24 @@
 - name: ensure postgres packages are installed
  apt:
    name:
-      # yamllint disable-line rule:line-length
-      - postgresql{{ "-{}".format(postgres_version) if postgres_version is defined }}
+      - postgresql{{
+          "-" + postgres_version|string if postgres_version is defined
+        }}
      - python3-psycopg2
      - libpq-dev
    state: present

+- when: not postgres_version is defined
+  block:
+    - name: Check installed software
+      package_facts:
+        manager: auto
+
+    - name: Set postgres_version
+      set_fact:
+        postgres_version: >-
+          {{ ansible_facts.packages.postgresql[0].version.split('+')[0] }}
+
 - name: ensure legacy postgres packages are installed
  apt:
    name:
@@ -41,6 +53,7 @@
  block:
    - name: ensure we have our postgres backup script
      copy:
+        # yamllint disable-line rule:line-length
        src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"
        dest: /usr/local/bin/pgbackup.sh
        owner: root
@@ -59,3 +72,52 @@
      file:
        path: /etc/cron.d/postgres-snapshot
        state: absent
+
+- name: Configure Commvault backup compatibility
+  when: postgres_commvault_compat
+  block:
+    - name: Create WAL backup directory
+      file:
+        path: /var/backups/pg_wal
+        state: directory
+        owner: postgres
+        group: postgres
+        mode: '0750'
+
+    - name: Configure Postgres WAL archive
+      postgresql_set:
+        name: "{{ item.name }}"
+        value: "{{ item.value }}"
+      loop:
+        - name: archive_mode
+          value: "on"
+        - name: archive_command
+          value: 'cp %p /var/backups/pg_wal/%f'
+      notify:
+        - Restart Postgres
+
+    - name: Configure Postgres ident mappings
+      blockinfile:
+        path: /etc/postgresql/{{ postgres_version }}/main/pg_ident.conf
+        insertafter: '^# MAPNAME\s+SYSTEM-USERNAME\s+PG-USERNAME$'
+        block: '{{ lookup("template", "pg_ident.j2") }}'
+      vars:
+        postgres_ident_mappings:
+          - mapname: postgres
+            system_username: postgres
+            pg_username: postgres
+          - mapname: postgres
+            system_username: root
+            pg_username: postgres
+      notify:
+        - Restart Postgres
+
+    - name: Configure Postgres to use ident mapping for postgres role
+      postgresql_pg_hba:
+        dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+        contype: local
+        users: postgres
+        method: peer
+        options: map=postgres
+      notify:
+        - Restart Postgres
--- a/postgres/templates/pg_ident.j2
+++ b/postgres/templates/pg_ident.j2
+{% for i in postgres_ident_mappings %}
+{{ "{mapname:15} {system_username:23} {pg_username}".format(**i) }}
+{% endfor %}