DEV-198: added stuff to delete data in postgres

remove-database.yml

@@ -0,0 +1,120 @@
+---
+
+# deletes databases and roles on shared service servers
+#   - postgres
+#     - executed on stage specific server: {{ stage }}-postgres-01
+
+# Parameters:
+#   playbook inventory
+#     stage := the type of the stage (e.g. dev, int, qa, prod)
+#     tenant_id := (unique key for the tenant, e.g. customer)
+#     cluster_name := (business name for the cluster, e.g. product, department )
+#     cluster_size := (WIP node count for the cluster) (Currently max is 2 master/slave)
+#     cluster_services_str := (services to setup, e.g. 'connect,wordpress')
+#   smardigo message callback
+#     scope_id := (scope id of the management process)
+#     process_instance_id := (process instance id of the management process)
+#     smardigo_management_action := (smardigo management action anme of the management process)
+
+#############################################################
+#   Creating inventory dynamically for given parameters
+#############################################################
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+
+  pre_tasks:
+    - name: "Check if ansible version is at least 2.10.x"
+      assert:
+        that:
+          - ansible_version.major >= 2
+          - ansible_version.minor >= 10
+        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+    - set_fact:
+        cluster_services: "{{ cluster_services_str | split(',') }}"
+
+  tasks:
+    - name: Add postgres servers to hosts if necessary
+      add_host:
+        name: "{{ stage }}-postgres-01"
+        groups:
+        - "stage_{{ stage }}"
+        - "{{ item }}"
+      changed_when: False
+      with_items: "{{ cluster_services }}"
+      when: item in ['connect', 'management_connect', 'keycloak', 'webdav']
+
+    - name: Add maria servers to hosts if necessary
+      add_host:
+        name: "{{ stage }}-maria-01"
+        groups:
+        - "stage_{{ stage }}"
+        - "{{ item }}"
+      changed_when: False
+      with_items: "{{ cluster_services }}"
+      when: item in ['connect_wordpress']
+
+#############################################################
+# Setup databases for created inventory
+#############################################################
+
+- hosts: "stage_{{ stage }}"
+  serial: "{{ serial_number | default(1) }}"
+  remote_user: root
+
+  pre_tasks:
+    - name: "Import autodiscover pre-tasks"
+      include_tasks: tasks/autodiscover_pre_tasks.yml
+    - name: "Parsing cluster_services_str into cluster_services"
+      set_fact:
+        cluster_services: "{{ cluster_services_str | split(',') }}"
+
+  roles:
+    - role: connect-postgres
+      vars:
+         database_state: absent
+      when: "'connect' in group_names"
+
+    - role: keycloak-postgres
+      vars:
+         database_state: absent
+      when: "'keycloak' in group_names"
+
+    - role: webdav-postgres
+      vars:
+         database_state: absent
+      when: "'webdav' in group_names"
+
+    - role: connect-wordpress-maria
+      when: "'connect_wordpress' in group_names"
+
+#############################################################
+# Sending smardigo management message to process
+#############################################################
+
+- hosts: "stage_{{ stage }}"
+  serial: "{{ serial_number | default(1) }}"
+  connection: local
+  gather_facts: false
+  run_once: true
+
+  post_tasks:
+    - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>"
+      uri:
+        url: "{{ smardigo_management_url }}"
+        method: POST
+        body_format: json
+        body: "{{ lookup('template','smardigo-management-message.json.j2') }}"
+        headers:
+          accept: "*/*"
+          Content-Type: "application/json"
+          Smardigo-User-Token: "{{ smardigo_management_token }}"
+        status_code: [200]
+      delegate_to: 127.0.0.1
+      retries: 5
+      delay: 5
+      when:
+        - scope_id is defined
+        - process_instance_id is defined
+        - smardigo_management_action is defined

roles/connect-postgres/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
 ### tags:
+###     - remove-data
 
 - name: "Setup postgres for {{ inventory_hostname }}"
   include_role:

roles/keycloak-postgres/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
 ### tags:
+###     - remove-data
 
 - name: "Setup postgres for {{ inventory_hostname }}"
   include_role:

roles/postgres/defaults/main.yml

@@ -7,3 +7,5 @@ default_max_connections: 1000
 default_shared_buffers: 256MB
 
 postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_private_server_ip }}'"
+
+database_state: present

roles/postgres/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: pg_reload_conf
+  become: yes
+  become_user: postgres
+  shell: '/usr/bin/psql -c "SELECT pg_reload_conf();"'

roles/postgres/tasks/_postgres-acls.yml

@@ -6,12 +6,13 @@
 ###     - password
 ###     - trusted_cidr_entry [shared_service_network]
 
-- name: "Add pg_hba.conf entries for users/nodes/schemas"
+- name: "Add/Remove pg_hba.conf entries for users/nodes/schemas"
   lineinfile:
-    state: present
+    state: '{{ database_state }}'
     regex: '^host[ ]+{{ item.name }}[ ]+{{ item.name }}'
     line: 'host    {{ item.name }}    {{ item.name }}    {{ item.trusted_cidr_entry | default(shared_service_network) }} md5'
     path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
+  notify: pg_reload_conf
   with_items: "{{ postgres_acls }}"
 
 - name: "Check roles exist"
@@ -21,6 +22,13 @@
   with_items: "{{ postgres_acls }}"
   register: role_check
   changed_when: "role_check.stdout == '0'"
+  when:
+    - database_state == 'present'
+
+- debug:
+    msg: "DEBUGGING: database_state: {{ database_state }}"
+  when:
+   - debug
 
 - name: "Check roles exist result"
   debug:
@@ -32,16 +40,20 @@
   become: yes
   become_user: postgres
   shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'"
-  when: item.stdout == '0'
+  when:
+    - database_state == 'present'
+    - item.stdout == '0'
   with_items: "{{ role_check.results }}"
 
-- name: "Check databases exist"
+- name: "Check database exist"
   become: yes
   become_user: postgres
   shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\""
   with_items: "{{ postgres_acls }}"
   register: database_check
   changed_when: "database_check.stdout == '0'"
+  when:
+    - database_state == 'present'
 
 - name: "Check databases exist result"
   debug:
@@ -53,23 +65,40 @@
   become: yes
   become_user: postgres
   shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\""
-  when: item.stdout == '0'
+  when:
+    - database_state == 'present'
+    - item.stdout == '0'
+  with_items: "{{ database_check.results }}"
+
+- name: "DROP Databases if necessary"
+  become: yes
+  become_user: postgres
+  shell: '/usr/bin/psql -c "DROP DATABASE {{ item.item.name }} WITH (FORCE);"'
+  when: 
+    - database_state == 'absent'
   with_items: "{{ database_check.results }}"
 
+- name: "DROP roles if necessary"
+  become: yes
+  become_user: postgres
+  shell: '/usr/bin/psql -c "DROP ROLE {{ item.item.name }};"'
+  when:
+    - database_state == 'absent'
+  with_items: "{{ role_check.results }}"
+
+
 - name: "Change password with scram-sha-256! for users and set password"
   become: yes
   become_user: postgres
   shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.name }} WITH PASSWORD '{{ item.password }}';\""
   with_items: "{{ postgres_acls }}"
+  when:
+    - database_state == 'present'
 
 - name: "Change owners for databases"
   become: yes
   become_user: postgres
   shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.name }};\""
   with_items: "{{ postgres_acls }}"
-
-# TODO: -> factor out as handler
-- name: "Reload pg_hba.conf"
-  become: yes
-  become_user: postgres
-  shell: "/usr/bin/psql -c \"SELECT pg_reload_conf();\""
+  when:
+    - database_state == 'present'