From fc73094200f2b2d47e9763f550d3102e8eed1bfd Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Sat, 17 Sep 2022 15:01:47 +0200
Subject: [PATCH] postgres: Add Commvault backup compatibility
---
postgres/defaults/main.yml | 8 ++++++
postgres/handlers/main.yml | 6 ++++
postgres/tasks/main.yml | 51 ++++++++++++++++++++++++++++++++--
postgres/templates/pg_ident.j2 | 3 ++
4 files changed, 66 insertions(+), 2 deletions(-)
create mode 100644 postgres/handlers/main.yml
create mode 100644 postgres/templates/pg_ident.j2
diff --git a/postgres/defaults/main.yml b/postgres/defaults/main.yml
index 97bb888..1f70df5 100644
--- a/postgres/defaults/main.yml
+++ b/postgres/defaults/main.yml
@@ -2,3 +2,11 @@
postgres_pgdg_repo: false
postgres_rsnapshot: false
+postgres_commvault_compat: false
+
+postgres_versions_debian:
+ buster: "11"
+ bullseye: "13"
+ bookworm: "14"
+
+postgres_version: "{{ postgres_versions_debian[ansible_distribution_release] }}"
diff --git a/postgres/handlers/main.yml b/postgres/handlers/main.yml
new file mode 100644
index 0000000..6b6cbd7
--- /dev/null
+++ b/postgres/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart Postgres
+ systemd:
+ name: postgresql.service
+ state: restarted
diff --git a/postgres/tasks/main.yml b/postgres/tasks/main.yml
index 868ea84..6ac01b7 100644
--- a/postgres/tasks/main.yml
+++ b/postgres/tasks/main.yml
@@ -17,8 +17,7 @@
- name: ensure postgres packages are installed
apt:
name:
- # yamllint disable-line rule:line-length
- - postgresql{{ "-{}".format(postgres_version) if postgres_version is defined }}
+ - postgresql-{{ postgres_version }}
- python3-psycopg2
- libpq-dev
state: present
@@ -41,6 +40,7 @@
block:
- name: ensure we have our postgres backup script
copy:
+ # yamllint disable-line rule:line-length
src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"
dest: /usr/local/bin/pgbackup.sh
owner: root
@@ -59,3 +59,50 @@
file:
path: /etc/cron.d/postgres-snapshot
state: absent
+
+- name: Configure Commvault backup compatibility
+ when: postgres_commvault_compat
+ block:
+ - name: Create WAL backup directory
+ file:
+ path: /var/backups/pg_wal
+ state: directory
+ owner: postgres
+ group: postgres
+ mode: '0750'
+
+ - name: Configure Postgres WAL archive
+ postgresql_set:
+ name: "{{ item.name }}"
+ value: "{{ item.value }}"
+ loop:
+ - name: archive_mode
+ value: "on"
+ - name: archive_command
+ value: 'cp %p /var/backups/pg_wal/%f'
+
+ - name: Configure Postgres ident mappings
+ blockinfile:
+ path: /etc/postgresql/{{ postgres_version }}/main/pg_ident.conf
+ insertafter: '^# MAPNAME\s+SYSTEM-USERNAME\s+PG-USERNAME$'
+ block: '{{ lookup("template", "pg_ident.j2") }}'
+ vars:
+ postgres_ident_mappings:
+ - mapname: postgres
+ system_username: postgres
+ pg_username: postgres
+ - mapname: postgres
+ system_username: root
+ pg_username: postgres
+ notify:
+ - Restart Postgres
+
+ - name: Configure Postgres to use ident mapping for postgres role
+ postgresql_pg_hba:
+ dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+ contype: local
+ users: postgres
+ method: peer
+ options: map=postgres
+ notify:
+ - Restart Postgres
diff --git a/postgres/templates/pg_ident.j2 b/postgres/templates/pg_ident.j2
new file mode 100644
index 0000000..27e841e
--- /dev/null
+++ b/postgres/templates/pg_ident.j2
@@ -0,0 +1,3 @@
+{% for i in postgres_ident_mappings %}
+{{ "{mapname:15} {system_username:23} {pg_username}".format(**i) }}
+{% endfor %}
--
GitLab