diff --git a/postgres/defaults/main.yml b/postgres/defaults/main.yml
index 97bb8882e1d7e5d7a4d52db030338fdffdcc4af0..1f70df5df2a9ee6163768a95c4350a4e71bfe20a 100644
--- a/postgres/defaults/main.yml
+++ b/postgres/defaults/main.yml
@@ -2,3 +2,11 @@
postgres_pgdg_repo: false
postgres_rsnapshot: false
+postgres_commvault_compat: false
+
+postgres_versions_debian:
+ buster: "11"
+ bullseye: "13"
+ bookworm: "14"
+
+postgres_version: "{{ postgres_versions_debian[ansible_distribution_release] }}"
diff --git a/postgres/handlers/main.yml b/postgres/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6b6cbd77c83086091eaa2e15b57a3db5aeb833a1
--- /dev/null
+++ b/postgres/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart Postgres
+ systemd:
+ name: postgresql.service
+ state: restarted
diff --git a/postgres/tasks/main.yml b/postgres/tasks/main.yml
index 868ea8465ba86b4467d0c68cd28560de9596862f..6ac01b7622612bc72a17b029a349dc65120d5973 100644
--- a/postgres/tasks/main.yml
+++ b/postgres/tasks/main.yml
@@ -17,8 +17,7 @@
- name: ensure postgres packages are installed
apt:
name:
- # yamllint disable-line rule:line-length
- - postgresql{{ "-{}".format(postgres_version) if postgres_version is defined }}
+ - postgresql-{{ postgres_version }}
- python3-psycopg2
- libpq-dev
state: present
@@ -41,6 +40,7 @@
block:
- name: ensure we have our postgres backup script
copy:
+ # yamllint disable-line rule:line-length
src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"
dest: /usr/local/bin/pgbackup.sh
owner: root
@@ -59,3 +59,50 @@
file:
path: /etc/cron.d/postgres-snapshot
state: absent
+
+- name: Configure Commvault backup compatibility
+ when: postgres_commvault_compat
+ block:
+ - name: Create WAL backup directory
+ file:
+ path: /var/backups/pg_wal
+ state: directory
+ owner: postgres
+ group: postgres
+ mode: '0750'
+
+ - name: Configure Postgres WAL archive
+ postgresql_set:
+ name: "{{ item.name }}"
+ value: "{{ item.value }}"
+ loop:
+ - name: archive_mode
+ value: "on"
+ - name: archive_command
+ value: 'cp %p /var/backups/pg_wal/%f'
+
+ - name: Configure Postgres ident mappings
+ blockinfile:
+ path: /etc/postgresql/{{ postgres_version }}/main/pg_ident.conf
+ insertafter: '^# MAPNAME\s+SYSTEM-USERNAME\s+PG-USERNAME$'
+ block: '{{ lookup("template", "pg_ident.j2") }}'
+ vars:
+ postgres_ident_mappings:
+ - mapname: postgres
+ system_username: postgres
+ pg_username: postgres
+ - mapname: postgres
+ system_username: root
+ pg_username: postgres
+ notify:
+ - Restart Postgres
+
+ - name: Configure Postgres to use ident mapping for postgres role
+ postgresql_pg_hba:
+ dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+ contype: local
+ users: postgres
+ method: peer
+ options: map=postgres
+ notify:
+ - Restart Postgres
diff --git a/postgres/templates/pg_ident.j2 b/postgres/templates/pg_ident.j2
new file mode 100644
index 0000000000000000000000000000000000000000..27e841ec19164e7049ae51296ce9a03b2e68c789
--- /dev/null
+++ b/postgres/templates/pg_ident.j2
@@ -0,0 +1,3 @@
+{% for i in postgres_ident_mappings %}
+{{ "{mapname:15} {system_username:23} {pg_username}".format(**i) }}
+{% endfor %}