diff --git a/remove-database.yml b/remove-database.yml new file mode 100644 index 0000000..5ac8fb3 --- /dev/null +++ b/remove-database.yml @@ -0,0 +1,120 @@ +--- + +# deletes databases and roles on shared service servers +# - postgres +# - executed on stage specific server: {{ stage }}-postgres-01 + +# Parameters: +# playbook inventory +# stage := the type of the stage (e.g. dev, int, qa, prod) +# tenant_id := (unique key for the tenant, e.g. customer) +# cluster_name := (business name for the cluster, e.g. product, department ) +# cluster_size := (WIP node count for the cluster) (Currently max is 2 master/slave) +# cluster_services_str := (services to setup, e.g. 'connect,wordpress') +# smardigo message callback +# scope_id := (scope id of the management process) +# process_instance_id := (process instance id of the management process) +# smardigo_management_action := (smardigo management action anme of the management process) + +############################################################# +# Creating inventory dynamically for given parameters +############################################################# + +- hosts: localhost + connection: local + gather_facts: false + + pre_tasks: + - name: "Check if ansible version is at least 2.10.x" + assert: + that: + - ansible_version.major >= 2 + - ansible_version.minor >= 10 + msg: "The ansible version has to be at least ({{ ansible_version.full }})" + - set_fact: + cluster_services: "{{ cluster_services_str | split(',') }}" + + tasks: + - name: Add postgres servers to hosts if necessary + add_host: + name: "{{ stage }}-postgres-01" + groups: + - "stage_{{ stage }}" + - "{{ item }}" + changed_when: False + with_items: "{{ cluster_services }}" + when: item in ['connect', 'management_connect', 'keycloak', 'webdav'] + + - name: Add maria servers to hosts if necessary + add_host: + name: "{{ stage }}-maria-01" + groups: + - "stage_{{ stage }}" + - "{{ item }}" + changed_when: False + with_items: "{{ cluster_services }}" + when: item in ['connect_wordpress'] + +############################################################# +# Setup databases for created inventory +############################################################# + +- hosts: "stage_{{ stage }}" + serial: "{{ serial_number | default(1) }}" + remote_user: root + + pre_tasks: + - name: "Import autodiscover pre-tasks" + include_tasks: tasks/autodiscover_pre_tasks.yml + - name: "Parsing cluster_services_str into cluster_services" + set_fact: + cluster_services: "{{ cluster_services_str | split(',') }}" + + roles: + - role: connect-postgres + vars: + database_state: absent + when: "'connect' in group_names" + + - role: keycloak-postgres + vars: + database_state: absent + when: "'keycloak' in group_names" + + - role: webdav-postgres + vars: + database_state: absent + when: "'webdav' in group_names" + + - role: connect-wordpress-maria + when: "'connect_wordpress' in group_names" + +############################################################# +# Sending smardigo management message to process +############################################################# + +- hosts: "stage_{{ stage }}" + serial: "{{ serial_number | default(1) }}" + connection: local + gather_facts: false + run_once: true + + post_tasks: + - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" + uri: + url: "{{ smardigo_management_url }}" + method: POST + body_format: json + body: "{{ lookup('template','smardigo-management-message.json.j2') }}" + headers: + accept: "*/*" + Content-Type: "application/json" + Smardigo-User-Token: "{{ smardigo_management_token }}" + status_code: [200] + delegate_to: 127.0.0.1 + retries: 5 + delay: 5 + when: + - scope_id is defined + - process_instance_id is defined + - smardigo_management_action is defined diff --git a/roles/connect-postgres/tasks/main.yml b/roles/connect-postgres/tasks/main.yml index 334cbeb..4c21e56 100644 --- a/roles/connect-postgres/tasks/main.yml +++ b/roles/connect-postgres/tasks/main.yml @@ -1,6 +1,7 @@ --- ### tags: +### - remove-data - name: "Setup postgres for {{ inventory_hostname }}" include_role: diff --git a/roles/keycloak-postgres/tasks/main.yml b/roles/keycloak-postgres/tasks/main.yml index 334cbeb..4c21e56 100644 --- a/roles/keycloak-postgres/tasks/main.yml +++ b/roles/keycloak-postgres/tasks/main.yml @@ -1,6 +1,7 @@ --- ### tags: +### - remove-data - name: "Setup postgres for {{ inventory_hostname }}" include_role: diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml index dfe5065..d7e328d 100644 --- a/roles/postgres/defaults/main.yml +++ b/roles/postgres/defaults/main.yml @@ -7,3 +7,5 @@ default_max_connections: 1000 default_shared_buffers: 256MB postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_private_server_ip }}'" + +database_state: present diff --git a/roles/postgres/handlers/main.yml b/roles/postgres/handlers/main.yml new file mode 100644 index 0000000..04a1cab --- /dev/null +++ b/roles/postgres/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: pg_reload_conf + become: yes + become_user: postgres + shell: '/usr/bin/psql -c "SELECT pg_reload_conf();"' diff --git a/roles/postgres/tasks/_postgres-acls.yml b/roles/postgres/tasks/_postgres-acls.yml index 8647558..f41cd7b 100644 --- a/roles/postgres/tasks/_postgres-acls.yml +++ b/roles/postgres/tasks/_postgres-acls.yml @@ -6,12 +6,13 @@ ### - password ### - trusted_cidr_entry [shared_service_network] -- name: "Add pg_hba.conf entries for users/nodes/schemas" +- name: "Add/Remove pg_hba.conf entries for users/nodes/schemas" lineinfile: - state: present + state: '{{ database_state }}' regex: '^host[ ]+{{ item.name }}[ ]+{{ item.name }}' line: 'host {{ item.name }} {{ item.name }} {{ item.trusted_cidr_entry | default(shared_service_network) }} md5' path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf + notify: pg_reload_conf with_items: "{{ postgres_acls }}" - name: "Check roles exist" @@ -21,6 +22,13 @@ with_items: "{{ postgres_acls }}" register: role_check changed_when: "role_check.stdout == '0'" + when: + - database_state == 'present' + +- debug: + msg: "DEBUGGING: database_state: {{ database_state }}" + when: + - debug - name: "Check roles exist result" debug: @@ -32,16 +40,20 @@ become: yes become_user: postgres shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'" - when: item.stdout == '0' + when: + - database_state == 'present' + - item.stdout == '0' with_items: "{{ role_check.results }}" -- name: "Check databases exist" +- name: "Check database exist" become: yes become_user: postgres shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\"" with_items: "{{ postgres_acls }}" register: database_check changed_when: "database_check.stdout == '0'" + when: + - database_state == 'present' - name: "Check databases exist result" debug: @@ -53,23 +65,40 @@ become: yes become_user: postgres shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\"" - when: item.stdout == '0' + when: + - database_state == 'present' + - item.stdout == '0' + with_items: "{{ database_check.results }}" + +- name: "DROP Databases if necessary" + become: yes + become_user: postgres + shell: '/usr/bin/psql -c "DROP DATABASE {{ item.item.name }} WITH (FORCE);"' + when: + - database_state == 'absent' with_items: "{{ database_check.results }}" +- name: "DROP roles if necessary" + become: yes + become_user: postgres + shell: '/usr/bin/psql -c "DROP ROLE {{ item.item.name }};"' + when: + - database_state == 'absent' + with_items: "{{ role_check.results }}" + + - name: "Change password with scram-sha-256! for users and set password" become: yes become_user: postgres shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.name }} WITH PASSWORD '{{ item.password }}';\"" with_items: "{{ postgres_acls }}" + when: + - database_state == 'present' - name: "Change owners for databases" become: yes become_user: postgres shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.name }};\"" with_items: "{{ postgres_acls }}" - -# TODO: -> factor out as handler -- name: "Reload pg_hba.conf" - become: yes - become_user: postgres - shell: "/usr/bin/psql -c \"SELECT pg_reload_conf();\"" + when: + - database_state == 'present'