Select Git revision
EncryptWidget.cpp
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
main.yml 4.06 KiB
---
- when: postgres_pgdg_repo
block:
- name: Install pgdg apt repo key
apt_key:
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
state: present
- name: Configure pgdg apt repo
apt_repository:
repo: >-
deb
https://apt.postgresql.org/pub/repos/apt
{{ ansible_distribution_release }}-pgdg
main
- name: ensure postgres packages are installed
apt:
name:
- postgresql{{
"-" + postgres_version|string if postgres_version is defined
}}
- python3-psycopg2
- libpq-dev
state: present
- when: not postgres_version is defined
block:
- name: Check installed software
package_facts:
manager: auto
- name: Set postgres_version
set_fact:
postgres_version: >-
{{ ansible_facts.packages.postgresql[0].version.split('+')[0] }}
- name: ensure legacy postgres packages are installed
apt:
name:
- python-psycopg2
state: present
when: ansible_distribution_major_version|int(default=99) < 11
- name: ensure postgres is started
service:
name: postgresql
state: started
enabled: true
- name: configure snapshots
when: postgres_rsnapshot
block:
- name: ensure we have our postgres backup script
copy:
src: >-
pgbackup{{
'-bullseye' if ansible_distribution_major_version|int(default=99) > 10
else '' }}.sh
dest: /usr/local/bin/pgbackup.sh
owner: root
group: root
mode: '0755'
- name: ensure we have our rsnapshot config
copy:
src: rsnapshot.conf
dest: /etc/rsnapshot.d/postgres.conf
owner: root
group: root mode: '0644'
- name: remove obsolete crontab
file:
path: /etc/cron.d/postgres-snapshot
state: absent
- name: Configure Postgres WAL archive framework
when: postgres_wal_archive
block:
- name: Create WAL archiver drop-in directory
file:
path: /etc/postgresql/wal-archive
state: directory
owner: root
group: postgres
mode: "0750"
- name: Configure Postgres WAL archive
postgresql_set:
name: "{{ item.name }}"
value: "{{ item.value }}"
become: true
become_user: postgres
loop:
- name: archive_mode
value: "on"
- name: archive_command
# pgBackRest checks the Postgres configuration, archive_command
# _needs_ to contain the string "pgbackrest", so add it as (unused)
# argument
value: >-
run-parts --report --arg=%p --arg=%f --arg=pgbackrest
/etc/postgresql/wal-archive
- name: Configure Commvault backup compatibility
when: postgres_commvault_compat
block:
- name: Create WAL backup directory
file:
path: /var/backups/pg_wal
state: directory
owner: postgres
group: postgres
mode: '0750'
- name: Configure Commvault Postgres WAL archive
copy:
src: wal-archive-commvault.sh
dest: /etc/postgresql/wal-archive/commvault
owner: root
group: postgres
mode: "0755"
- name: Configure Postgres ident mappings
blockinfile:
path: /etc/postgresql/{{ postgres_version }}/main/pg_ident.conf
insertafter: '^# MAPNAME\s+SYSTEM-USERNAME\s+PG-USERNAME$'
block: '{{ lookup("template", "pg_ident.j2") }}'
vars:
postgres_ident_mappings:
- mapname: postgres
system_username: postgres
pg_username: postgres
- mapname: postgres
system_username: root
pg_username: postgres
notify:
- Restart Postgres
- name: Configure Postgres to use ident mapping for postgres role
postgresql_pg_hba:
dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
contype: local
users: postgres
method: peer
options: map=postgres
notify:
- Restart Postgres
- name: Configure pgBackRest
when: postgres_pgbackrest
import_tasks: pgbackrest.yml