gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bugfix: remove-database is bow idempotent

Browse Source
master
Sven Ketelsen 4 years ago
parent 6742866961
commit 8ceda24811
1 changed files with 33 additions and 41 deletions
Show Stats Download Patch File Download Diff File

74
roles/postgres/tasks/_postgres-acls.yml
Unescape Escape View File

@ -6,54 +6,45 @@
### - password ### - password
### - trusted_cidr_entry [shared_service_network] ### - trusted_cidr_entry [shared_service_network]
- name: "Add/Remove pg_hba.conf entries for users/nodes/schemas" - name: "Updating pg_hba.conf entries for users/nodes/schemas"
lineinfile: lineinfile:
state: '{{ database_state }}' state: '{{ database_state }}'
regex: '^host[ ]+{{ item.name }}[ ]+{{ item.name }}' regex: '^host[ ]+{{ item.name }}[ ]+{{ item.name }}'
line: 'host {{ item.name }} {{ item.name }} {{ item.trusted_cidr_entry | default(shared_service_network) }} md5' line: 'host {{ item.name }} {{ item.name }} {{ item.trusted_cidr_entry | default(shared_service_network) }} md5'
path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
notify: pg_reload_conf
with_items: "{{ postgres_acls }}" with_items: "{{ postgres_acls }}"
notify: pg_reload_conf
- name: "Check roles exist" - name: "Checking roles exist"
become: yes
become_user: postgres
shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.name }}'\"" shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.name }}'\""
with_items: "{{ postgres_acls }}" with_items: "{{ postgres_acls }}"
register: role_check register: role_check
changed_when: "role_check.stdout == '0'" changed_when: "role_check.stdout == '0'"
when: become_user: postgres
- database_state == 'present' become: yes
- debug:
msg: "DEBUGGING: database_state: {{ database_state }}"
when:
- debug
- name: "Check roles exist result" - name: "Checking roles exist"
debug: debug:
msg: "{{ role_check }}" msg: "{{ role_check }}"
when: when:
- debug - debug
- name: "Create roles if necessary" - name: "Creating roles if necessary"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'" shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'"
with_items: "{{ role_check.results }}"
become_user: postgres
become: yes
when: when:
- database_state == 'present' - database_state == 'present'
- item.stdout == '0' - item.stdout == '0'
with_items: "{{ role_check.results }}"
- name: "Check database exist" - name: "Checking database exist"
become: yes
become_user: postgres
shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\"" shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\""
with_items: "{{ postgres_acls }}" with_items: "{{ postgres_acls }}"
register: database_check register: database_check
changed_when: "database_check.stdout == '0'" changed_when: "database_check.stdout == '0'"
when: become_user: postgres
- database_state == 'present' become: yes
- name: "Check databases exist result" - name: "Check databases exist result"
debug: debug:
@ -61,44 +52,45 @@
when: when:
- debug - debug
- name: "Create Databases if necessary" - name: "Creating Databases if necessary"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\"" shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\""
with_items: "{{ database_check.results }}"
become_user: postgres
become: yes
when: when:
- database_state == 'present' - database_state == 'present'
- item.stdout == '0' - item.stdout == '0'
with_items: "{{ database_check.results }}"
- name: "DROP Databases if necessary" - name: "Deleting Databases if necessary"
become: yes
become_user: postgres
shell: '/usr/bin/psql -c "DROP DATABASE {{ item.item.name }} WITH (FORCE);"' shell: '/usr/bin/psql -c "DROP DATABASE {{ item.item.name }} WITH (FORCE);"'
with_items: "{{ database_check.results }}"
become_user: postgres
become: yes
when: when:
- database_state == 'absent' - database_state == 'absent'
with_items: "{{ database_check.results }}" - item.stdout == '1'
- name: "DROP roles if necessary" - name: "Deleting roles if necessary"
become: yes
become_user: postgres
shell: '/usr/bin/psql -c "DROP ROLE {{ item.item.name }};"' shell: '/usr/bin/psql -c "DROP ROLE {{ item.item.name }};"'
with_items: "{{ role_check.results }}"
become_user: postgres
become: yes
when: when:
- database_state == 'absent' - database_state == 'absent'
with_items: "{{ role_check.results }}" - item.stdout == '1'
- name: "Changing password with scram-sha-256! for users and set password"
- name: "Change password with scram-sha-256! for users and set password"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.name }} WITH PASSWORD '{{ item.password }}';\"" shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.name }} WITH PASSWORD '{{ item.password }}';\""
with_items: "{{ postgres_acls }}" with_items: "{{ postgres_acls }}"
become_user: postgres
become: yes
when: when:
- database_state == 'present' - database_state == 'present'
- name: "Change owners for databases" - name: "Changing owners for databases"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.name }};\"" shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.name }};\""
with_items: "{{ postgres_acls }}" with_items: "{{ postgres_acls }}"
become_user: postgres
become: yes
when: when:
- database_state == 'present' - database_state == 'present'

Write Preview
Loading…
Cancel
Save