154 lines
3.6 KiB
YAML
154 lines
3.6 KiB
YAML
- name: ensure postgresql-server is installed
|
|
package:
|
|
name: postgresql-server
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: restore postgresql data directory from backup
|
|
command: >-
|
|
{{ postgresql_restore_command }}
|
|
args:
|
|
creates: '{{ pgdata_dir }}/PG_VERSION'
|
|
when: postgresql_restore_command|d(none)
|
|
notify:
|
|
- create postgresql server recovery signal file
|
|
tags:
|
|
- restore
|
|
|
|
- name: ensure postgresql data directory exists
|
|
file:
|
|
path: '{{ pgdata_dir }}'
|
|
owner: postgres
|
|
group: postgres
|
|
mode: u=rwx,go=
|
|
state: directory
|
|
tags:
|
|
- initdb
|
|
- name: ensure postgresql database cluster is initialized
|
|
command:
|
|
runuser -u postgres -- initdb {{ pgdata_dir }}
|
|
args:
|
|
creates: '{{ pgdata_dir }}/PG_VERSION'
|
|
tags:
|
|
- initdb
|
|
|
|
- name: ensure default configuration files are removed from data directory
|
|
file:
|
|
path: '{{ pgdata_dir }}/{{ item }}'
|
|
state: absent
|
|
when: pgdata_dir != postgresql_config_dir
|
|
loop:
|
|
- postgresql.conf
|
|
- pg_hba.conf
|
|
- pg_ident.conf
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure postgresql configuration directory exists
|
|
file:
|
|
path: '{{ postgresql_config_dir }}'
|
|
owner: root
|
|
group: postgres
|
|
mode: u=rwx,g=rx,o=
|
|
state: directory
|
|
when: postgresql_config_dir != pgdata_dir
|
|
tags:
|
|
- config
|
|
- name: ensure postgresql server is configured
|
|
template:
|
|
src: postgresql.conf.j2
|
|
dest: '{{ postgresql_config_dir }}/postgresql.conf'
|
|
owner: root
|
|
group: postgres
|
|
mode: u=rw,g=r,o=
|
|
notify: restart postgresql server
|
|
tags:
|
|
- config
|
|
- name: ensure postgresql identity mapping is configured
|
|
template:
|
|
src: pg_ident.conf.j2
|
|
dest: '{{ postgresql_config_dir }}/pg_ident.conf'
|
|
owner: root
|
|
group: postgres
|
|
mode: u=rw,g=r,o=
|
|
setype: postgresql_db_t
|
|
tags:
|
|
- config
|
|
- name: ensure postgresql host-based authentication is configured
|
|
template:
|
|
src: pg_hba.conf.j2
|
|
dest: '{{ postgresql_config_dir }}/pg_hba.conf'
|
|
owner: root
|
|
group: postgres
|
|
mode: u=rw,g=r,o=
|
|
setype: postgresql_db_t
|
|
notify: reload postgresql server
|
|
tags:
|
|
- config
|
|
- pg_hba
|
|
|
|
- name: ensure postgresql server standby signal file exists
|
|
file:
|
|
path: '{{ pgdata_dir }}/standby.signal'
|
|
state: >-
|
|
{{ 'touch' if postgresql_standby|d(false) else 'absent' }}
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure postgresql server certificate is installed
|
|
copy:
|
|
src: '{{ item }}'
|
|
dest: '{{ postgresql_config_dir }}/{{ item|basename }}'
|
|
owner: postgres
|
|
group: postgres
|
|
mode: u=rw,go=
|
|
with_fileglob: 'certs/postgresql/{{ inventory_hostname }}/*'
|
|
tags:
|
|
- cert
|
|
|
|
- name: ensure postgresql systemd unit drop-in directory exists
|
|
file:
|
|
path: /etc/systemd/system/postgresql.service.d
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
tags:
|
|
- systemd
|
|
- name: ensure postgresql systemd unit extension is configured
|
|
template:
|
|
src: pgdata.systemd.conf.j2
|
|
dest: /etc/systemd/system/postgresql.service.d/pgdata.conf
|
|
owner: root
|
|
group: root
|
|
notify:
|
|
- reload systemd
|
|
- restart postgresql server
|
|
tags:
|
|
- systemd
|
|
|
|
- name: ensure postgresql starts at boot
|
|
service:
|
|
name: postgresql
|
|
enabled: true
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
- name: ensure postgresql server is running
|
|
service:
|
|
name: postgresql
|
|
state: started
|
|
|
|
- name: ensure firewall is configured for postgresql
|
|
firewalld:
|
|
service: postgresql
|
|
state: >-
|
|
{{ 'enabled' if postgresql_allow_remote else 'disabled' }}
|
|
permanent: true
|
|
immediate: true
|
|
when: host_uses_firewalld|d(true)
|
|
tags:
|
|
- firewalld
|