configpolicy/roles/postgresql-server/tasks/main.yml

- name: ensure postgresql-server is installed
  package:
    name=postgresql-server
    state=present
  tags:
  - install

- name: ensure postgresql-setup unit is installed
  template:
    src=postgresql-setup.service.j2
    dest=/etc/systemd/system/postgresql-setup.service
    mode=0644
  notify: reload systemd
- meta: flush_handlers
- name: ensure postgresql-setup has started
  service:
    name=postgresql-setup
    state=started
- name: ensure postgresql server certificate is installed
  copy:
    src: '{{ item }}'
    dest: '{{ pgdata_dir }}/{{ item|basename }}'
    owner: postgres
    group: postgres
    mode: 00600
  with_fileglob: 'certs/postgresql/{{ inventory_hostname }}/*'

- name: ensure postgresql server is configured
  template:
    src: '{{ item }}'
    dest: '{{ pgdata_dir }}/postgresql.conf'
    mode: '0600'
  notify: restart postgresql server
  with_first_found:
  - ../templates/postgresql-{{ ansible_distribution }}-{{ ansible_distribution_version }}.conf.j2
  - ../templates/postgresql-{{ ansible_distribution }}.conf.j2
  - ../templates/postgresql.conf.j2
- name: ensure postgresql identity mapping is configured
  template:
    src=pg_ident.conf.j2
    dest={{ pgdata_dir }}/pg_ident.conf
    owner=postgres
    group=postgres
    mode=0600
    setype=postgresql_db_t
- name: ensure postgresql host-based authentication is configured
  template:
    src=pg_hba.conf.j2
    dest={{ pgdata_dir }}/pg_hba.conf
    owner=postgres
    group=postgres
    mode=0600
    setype=postgresql_db_t
  notify: reload postgresql server

- name: ensure postgresql-check-db-dir is labelled correctly
  file:
    path=/usr/bin/postgresql-check-db-dir
    setype=postgresql_exec_t
    state=file
  when: ansible_distribution in ('CentOS', 'RHEL')

- name: ensure postgresql starts at boot
  service:
    name=postgresql
    enabled=yes
- meta: flush_handlers
- name: ensure postgresql server is running
  service:
    name=postgresql
    state=started