DEV-438: debuggen SFTP-error - thesis: ssh hardening will rise the WARN

4 years ago · bdc33af536
parent 315bee648d
commit bdc33af536
1 changed files with 19 additions and 16 deletions
--- a/patchday.yml
+++ b/patchday.yml
@ -102,33 +102,36 @@
        name: postgresql
        state: started

+    # wait_for cannot be used anymore due to enabled SSL encryption for postgres connections in DEV-382
    - name: "Smardigo Patchday: check if postgres is listing on net internal ip address"
-      ansible.builtin.wait_for:
-        delay: 15
-        timeout: 180
+      become: no
+      community.postgresql.postgresql_ping:
        port: 5432
-        host: '{{ stage_private_server_ip }}'
+        ssl_mode: require
+        login_host: '{{ stage_private_server_ip }}'
      register: check_postgres
+      ignore_errors: yes

-    - name: "Smardigo Patchday: restart postgres and check listing on net internal ip address again"
+    - name: "Smardigo Patchday: error-handling - ensure postgres started and check listing on net internal ip address"
      block:

-      - name: "Smardigo Patchday: stop service(s)"
+      - name: "Smardigo Patchday: error-handling - ensure service(s) started"
        ansible.builtin.systemd:
          name: postgresql
-          state: restarted
+          state: started

-      - name: "Smardigo Patchday: check if postgres is listing on net internal ip address"
-        ansible.builtin.wait_for:
-          delay: 15
-          timeout: 180
+      - name: "Smardigo Patchday: error-handling - check if postgres is listing on net internal ip address"
+        become: no
+        community.postgresql.postgresql_ping:
          port: 5432
-          host: '{{ stage_private_server_ip }}'
-          register: check_postgres
-        failed_when: check_postgres_again.failed
+          ssl_mode: require
+          login_host: '{{ stage_private_server_ip }}'
+        register: check_postgres_again
+        retries: 5
+        failed_when: not check_postgres_again.is_available

      rescue:
-        - name: send mail to DEVOPS-DL
+        - name: "Smardigo Patchday: error-handling - send mail to DEVOPS-DL"
          delegate_to: '{{ stage }}-mail-01'
          community.general.mail:
            host: localhost
@ -147,7 +150,7 @@
              your automation-bofh

      when:
-        - check_postgres.failed
+        - not check_postgres.is_available

 - hosts: all,!elastic,!postgres,!k8s_cluster
  serial: 10