roles/postgresql-server: Deploy PostgreSQL

The *postgresql-server* role installs and configures PostgreSQL on Fedora/RHEL-based distributions.
2018-04-14 15:23:44 -05:00 · 2018-04-14 15:23:44 -05:00 · afe4fb7eff
parent f89b279d3a
commit afe4fb7eff
6 changed files with 83 additions and 0 deletions
--- a/roles/postgresql-server/defaults/main.yml
+++ b/roles/postgresql-server/defaults/main.yml
@ -0,0 +1,3 @@
 pgdata_dir: /var/lib/pgsql/data
 pg_locale: en_US.UTF-8
 pg_ident: []
--- a/roles/postgresql-server/handlers/main.yml
+++ b/roles/postgresql-server/handlers/main.yml
@ -0,0 +1,6 @@
 - name: reload systemd
  command: systemctl daemon-reload
 - name: reload postgresql server
  service:
    name=postgresql
    state=reloaded
--- a/roles/postgresql-server/tasks/main.yml
+++ b/roles/postgresql-server/tasks/main.yml
@ -0,0 +1,53 @@
 - name: ensure postgresql-server is installed
  package:
    name=postgresql-server
    state=present
  tags:
  - install
 - name: ensure postgresql-setup unit is installed
  template:
    src=postgresql-setup.service.j2
    dest=/etc/systemd/system/postgresql-setup.service
    mode=0644
  notify: reload systemd
 - meta: flush_handlers
 - name: ensure postgresql-setup has started
  service:
    name=postgresql-setup
    state=started
 - name: ensure postgresql identity mapping is configured
  template:
    src=pg_ident.conf.j2
    dest={{ pgdata_dir }}/pg_ident.conf
    owner=postgres
    group=postgres
    mode=0600
    setype=postgresql_db_t
 - name: ensure postgresql host-based authentication is configured
  template:
    src=pg_hba.conf.j2
    dest={{ pgdata_dir }}/pg_hba.conf
    owner=postgres
    group=postgres
    mode=0600
    setype=postgresql_db_t
  notify: reload postgresql server
 - name: ensure postgresql-check-db-dir is labelled correctly
  file:
    path=/usr/bin/postgresql-check-db-dir
    setype=postgresql_exec_t
    state=file
  when: ansible_distribution in ('CentOS', 'RHEL')
 - name: ensure postgresql starts at boot
  service:
    name=postgresql
    enabled=yes
 - meta: flush_handlers
 - name: ensure postgresql server is running
  service:
    name=postgresql
    state=started
--- a/roles/postgresql-server/templates/pg_hba.conf.j2
+++ b/roles/postgresql-server/templates/pg_hba.conf.j2
@ -0,0 +1,7 @@
 {#- vim: set ft=jinja : -#}
 # TYPE    DATABASE        USER            ADDRESS                 METHOD
 {% for auth in pg_hba_extra|d({}) %}
 {{ '{type: <9} {database: <15} {user: <15} {address: <23} {method}'.format(**auth) }}
 {% endfor %}
 local     all             postgres                                peer
 local     sameuser        all                                     peer
--- a/roles/postgresql-server/templates/pg_ident.conf.j2
+++ b/roles/postgresql-server/templates/pg_ident.conf.j2
@ -0,0 +1,3 @@
 {% for item in pg_ident %}
 {{ item.mapname }}	{{ item.system_user }}	{{ item.pg_user }}
 {% endfor %}
--- a/roles/postgresql-server/templates/postgresql-setup.service.j2
+++ b/roles/postgresql-server/templates/postgresql-setup.service.j2
@ -0,0 +1,11 @@
 [Unit]
 Before=postgresql.service
 [Service]
 Type=oneshot
 RemainAfterExit=true
 Environment=PGDATA={{ pgdata_dir }}
 Environment=LANG={{ pg_locale }}
 User=postgres
 Group=postgres
 ExecStart=/bin/sh -c "[ -f ${PGDATA}/PG_VERSION ] || initdb -D ${PGDATA}"