gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-1007 Fix #3 pgadmin4

Browse Source
main
Michael Haehnel 2 years ago
parent 0842a54a03
commit 5cdaa7d323
No known key found for this signature in database
GPG Key ID: D2FA233B52AEC75C
7 changed files with 73 additions and 68 deletions
Show Stats Download Patch File Download Diff File

6
roles/pgadmin4/vars/main.yml
Unescape Escape View File

@ -15,7 +15,7 @@ pgadmin4_docker:
name: "init-pgadmin",
image_name: "{{ pgadmin4_image_name }}",
image_version: "{{ pgadmin4_version }}",
restart: '"on-failure:10"',
restart: '"on-failure:20"',
entrypoint:
[
"- sh",
@ -30,7 +30,7 @@ pgadmin4_docker:
" /venv/bin/python3 /pgadmin4/setup.py --load-servers /config/servers_admin.json --user nso.devops@netgo.de --replace",
" /venv/bin/python3 /pgadmin4/setup.py --load-servers /config/servers_dev.json --user developer@netgo.de --replace",
],
volumes: [./config:/config, pgadmin_data:/var/lib/pgadmin],
volumes: ["./config:/config", "pgadmin_data:/var/lib/pgadmin"],
},
{
name: "{{ pgadmin_id }}",
@ -67,7 +67,7 @@ pgadmin4_docker:
''OAUTH2_SERVER_METADATA_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/.well-known/openid-configuration''
}]"',
],
volumes: [pgadmin_data:/var/lib/pgadmin],
volumes: ["pgadmin_data:/var/lib/pgadmin"],
networks: [front-tier, back-tier],
extra_hosts: "{{ pgadmin_extra_hosts | default([]) }}",
},

43
roles/postgres/tasks/_update_database_state.yml
Unescape Escape View File

@ -54,22 +54,6 @@
- item.stdout == '0'
- server_type == 'master'
- name: "Grant CREATE privilege on public schema for if necessary"
community.postgresql.postgresql_privs:
role: "{{ item.item.name }}"
type: schema
priv: ALL
objs: public
login_user: "{{ postgres_admin_user }}"
database: "{{ item.item.name }}"
state: present
loop: "{{ role_check.results }}"
become: true
become_user: "{{ postgres_admin_user }}"
when:
- database_state == 'present'
- server_type == 'master'
- name: "Checking database exist"
shell: '/usr/bin/psql -Atc "SELECT count(*) FROM pg_database WHERE datname = ''{{ item.name }}''"'
with_items: "{{ postgres_acls }}"
@ -94,6 +78,22 @@
- item.stdout == '0'
- server_type == 'master'
- name: "Grant CREATE privilege on public schema for if necessary"
community.postgresql.postgresql_privs:
role: "{{ item.item.name }}"
type: schema
priv: ALL
objs: public
login_user: "{{ postgres_admin_user }}"
database: "{{ item.item.name }}"
state: present
loop: "{{ role_check.results }}"
become: true
become_user: "{{ postgres_admin_user }}"
when:
- database_state == 'present'
- server_type == 'master'
- name: "Deleting Databases if necessary"
shell: '/usr/bin/psql -c "DROP DATABASE {{ item.item.name }} WITH (FORCE);"'
with_items: "{{ database_check.results }}"
@ -135,7 +135,7 @@
- name: "Create PostgreSQL readonly group"
community.postgresql.postgresql_user:
name: "postgres_readonly"
role_attr_flags: NOLOGIN,NOSUPERUSER,NOINHERIT,NOCREATEDB,NOCREATEROLE,NOREPLICATION
role_attr_flags: NOLOGIN,NOSUPERUSER,NOCREATEDB,NOCREATEROLE,NOREPLICATION
login_user: "{{ postgres_admin_user }}"
state: present
become: true
@ -167,7 +167,7 @@
when:
- server_type == 'master'
- name: "Grant USAGE privilege to postgres readonly group"
- name: "Grant USAGE privilege to postgres readonly group on all public schemas"
community.postgresql.postgresql_privs:
role: "postgres_readonly"
type: schema
@ -175,6 +175,7 @@
objs: public
login_user: "{{ postgres_admin_user }}"
database: "{{ item.datname }}"
state: present
loop: "{{ database_list.query_result }}"
become: true
become_user: "{{ postgres_admin_user }}"
@ -185,7 +186,7 @@
community.postgresql.postgresql_privs:
role: "postgres_readonly"
type: table
priv: SELECT
privs: SELECT
schema: public
objs: ALL_IN_SCHEMA
login_user: "{{ postgres_admin_user }}"
@ -201,7 +202,7 @@
community.postgresql.postgresql_user:
name: "{{ pgadmin4_oidc_dev_username }}"
password: "{{ pgadmin4_oidc_dev_password }}"
role_attr_flags: LOGIN,NOSUPERUSER,NOINHERIT,NOCREATEDB,NOCREATEROLE,NOREPLICATION
role_attr_flags: LOGIN,NOSUPERUSER,NOCREATEDB,NOCREATEROLE,NOREPLICATION
login_user: "{{ postgres_admin_user }}"
state: present
become: true
@ -212,7 +213,7 @@
- name: "Add {{ pgadmin4_oidc_dev_username }} to group 'postgres_readonly'"
community.postgresql.postgresql_user:
name: "{{ pgadmin4_oidc_dev_username }}"
role_attr_flags: "NOSUPERUSER,NOINHERIT,NOCREATEDB,NOCREATEROLE,NOREPLICATION"
role_attr_flags: "NOSUPERUSER,NOCREATEDB,NOCREATEROLE,NOREPLICATION"
groups: "postgres_readonly"
login_user: "{{ postgres_admin_user }}"
state: present

10
roles/postgres/tasks/master-requirements.yml
Unescape Escape View File

@ -1,13 +1,4 @@
---
- name: "Check if role {{ postgres_replicator_user }} exists"
community.postgresql.postgresql_query:
query: "SELECT count(rolname) FROM pg_roles WHERE rolname = '{{ postgres_replicator_user }}'"
login_user: "{{ postgres_admin_user }}"
db: "{{ postgres_admin_user }}"
become: true
become_user: "{{ postgres_admin_user }}"
register: role_check
- name: "Create role {{ postgres_replicator_user }} if necessary"
community.postgresql.postgresql_user:
name: "{{ postgres_replicator_user }}"
@ -16,7 +7,6 @@
state: present
become: true
become_user: "{{ postgres_admin_user }}"
when: role_check.rowcount == "0"
- name: "Change passwords with scram-sha-256 for postgres superuser and replicator user"
community.postgresql.postgresql_user:

5
templates/pgadmin4/config/pgpass_admin.j2
Unescape Escape View File

@ -1 +1,4 @@
{{ shared_service_postgres_primary }}:5432:*:{{ postgres_admin_user }}:{{ postgres_admin_password }}
{% set pg_servers = stage_server_infos | selectattr('service', 'equalto', 'postgres') | selectattr('role', 'equalto', 'master') | list %}
{% for server in pg_servers %}
{{ server.name }}:5432:*:{{ postgres_admin_user }}:{{ postgres_admin_password }}
{% endfor %}

5
templates/pgadmin4/config/pgpass_dev.j2
Unescape Escape View File

@ -1 +1,4 @@
{{ shared_service_postgres_primary }}:5432:*:{{ pgadmin4_oidc_dev_username }}:{{ pgadmin4_oidc_dev_password }}
{% set pg_servers = stage_server_infos | selectattr('service', 'equalto', 'postgres') | selectattr('role', 'equalto', 'master') | list %}
{% for server in pg_servers %}
{{ server.name }}:5432:*:{{ pgadmin4_oidc_dev_username }}:{{ pgadmin4_oidc_dev_password }}
{% endfor %}

16
templates/pgadmin4/config/servers_admin.json.j2
Unescape Escape View File

@ -1,15 +1,19 @@
{
"Servers": {
"1": {
"Name": "{{ shared_service_postgres_primary }}",
{% set pg_servers = stage_server_infos | selectattr('service', 'equalto', 'postgres') | selectattr('role', 'equalto', 'master') | list %}
{% for server in pg_servers %}
"{{ loop.index }}": {
"Name": "{{ server.name }}",
"Group": "Servers_Admin",
"Host": "{{ shared_service_postgres_primary }}",
"HostAddr": "{{ shared_service_pg_master_ip }}",
"Host": "{{ server.name }}",
"HostAddr": "{{ server.private_ip }}",
"Port": 5432,
"MaintenanceDB": "{{ stage_database_management_connect_name }}",
"MaintenanceDB": "{{ postgres_admin_user }}",
"Username": "{{ postgres_admin_user }}",
"PassFile": "/pgpass",
"SSLMode": "prefer"
}
}{% if not loop.last and pg_servers|length > 1 %},
{% endif %}
{% endfor %}
}
}

16
templates/pgadmin4/config/servers_dev.json.j2
Unescape Escape View File

@ -1,15 +1,19 @@
{
"Servers": {
"1": {
"Name": "{{ shared_service_postgres_primary }}",
{% set pg_servers = stage_server_infos | selectattr('service', 'equalto', 'postgres') | selectattr('role', 'equalto', 'master') | list %}
{% for server in pg_servers %}
"{{ loop.index }}": {
"Name": "{{ server.name }}",
"Group": "Servers_Readonly",
"Host": "{{ shared_service_postgres_primary }}",
"HostAddr": "{{ shared_service_pg_master_ip }}",
"Host": "{{ server.name }}",
"HostAddr": "{{ server.private_ip }}",
"Port": 5432,
"MaintenanceDB": "{{ stage_database_management_connect_name }}",
"MaintenanceDB": "{{ postgres_admin_user }}",
"Username": "{{ pgadmin4_oidc_dev_username }}",
"PassFile": "/pgpass",
"SSLMode": "prefer"
}
}{% if not loop.last and pg_servers|length > 1 %},
{% endif %}
{% endfor %}
}
}

Write Preview
Loading…
Cancel
Save