diff --git a/postgres/defaults/main.yml b/postgres/defaults/main.yml
index 97bb8882e1d7e5d7a4d52db030338fdffdcc4af0..5818f96e43ec4027730b8bf9fb304bae29ae3076 100644
--- a/postgres/defaults/main.yml
+++ b/postgres/defaults/main.yml
@@ -2,3 +2,7 @@
postgres_pgdg_repo: false
postgres_rsnapshot: false
+postgres_commvault_compat: false
+
+### Will be the version of the `postgresql` package if undefined
+# postgres_version: 15
diff --git a/postgres/handlers/main.yml b/postgres/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6b6cbd77c83086091eaa2e15b57a3db5aeb833a1
--- /dev/null
+++ b/postgres/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart Postgres
+ systemd:
+ name: postgresql.service
+ state: restarted
diff --git a/postgres/tasks/main.yml b/postgres/tasks/main.yml
index 2877fb80de4ddcba5d8769ac5b32c9f0989e62bf..725f9edc3e34e06bb4e32d0c95bf90e196136263 100644
--- a/postgres/tasks/main.yml
+++ b/postgres/tasks/main.yml
@@ -17,12 +17,24 @@
- name: ensure postgres packages are installed
apt:
name:
- # yamllint disable-line rule:line-length
- - postgresql{{ "-{}".format(postgres_version) if postgres_version is defined }}
+ - postgresql{{
+ "-" + postgres_version|string if postgres_version is defined
+ }}
- python3-psycopg2
- libpq-dev
state: present
+- when: postgres_version is not defined
+ block:
+ - name: Check installed software
+ package_facts:
+ manager: auto
+
+ - name: Set postgres_version
+ set_fact:
+ postgres_version: >-
+ {{ ansible_facts.packages.postgresql[0].version.split('+')[0] }}
+
- name: ensure legacy postgres packages are installed
apt:
name:
@@ -62,3 +74,52 @@
file:
path: /etc/cron.d/postgres-snapshot
state: absent
+
+- name: Configure Commvault backup compatibility
+ when: postgres_commvault_compat
+ block:
+ - name: Create WAL backup directory
+ file:
+ path: /var/backups/pg_wal
+ state: directory
+ owner: postgres
+ group: postgres
+ mode: '0750'
+
+ - name: Configure Postgres WAL archive
+ postgresql_set:
+ name: "{{ item.name }}"
+ value: "{{ item.value }}"
+ loop:
+ - name: archive_mode
+ value: "on"
+ - name: archive_command
+ value: 'cp %p /var/backups/pg_wal/%f'
+ notify:
+ - Restart Postgres
+
+ - name: Configure Postgres ident mappings
+ blockinfile:
+ path: /etc/postgresql/{{ postgres_version }}/main/pg_ident.conf
+ insertafter: '^# MAPNAME\s+SYSTEM-USERNAME\s+PG-USERNAME$'
+ block: '{{ lookup("template", "pg_ident.j2") }}'
+ vars:
+ postgres_ident_mappings:
+ - mapname: postgres
+ system_username: postgres
+ pg_username: postgres
+ - mapname: postgres
+ system_username: root
+ pg_username: postgres
+ notify:
+ - Restart Postgres
+
+ - name: Configure Postgres to use ident mapping for postgres role
+ postgresql_pg_hba:
+ dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+ contype: local
+ users: postgres
+ method: peer
+ options: map=postgres
+ notify:
+ - Restart Postgres
diff --git a/postgres/templates/pg_ident.j2 b/postgres/templates/pg_ident.j2
new file mode 100644
index 0000000000000000000000000000000000000000..27e841ec19164e7049ae51296ce9a03b2e68c789
--- /dev/null
+++ b/postgres/templates/pg_ident.j2
@@ -0,0 +1,3 @@
+{% for i in postgres_ident_mappings %}
+{{ "{mapname:15} {system_username:23} {pg_username}".format(**i) }}
+{% endfor %}