gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '49fc416764'
${ noResults }
hetzner-ansible/roles/postgres/tasks/base-requirements.yml

159 lines
4.9 KiB
YAML
Raw Blame History

- name: "Adding group postgresql"
group:
name: postgres
gid: 2001
- name: "Adding user postgresql"
user:
name: postgres
uid: 2000
group: postgres
home: '{{ postgres_homedir }}'
system: true
shell: /bin/bash
- name: "Ensuring repository meta is installed"
apt:
name: ["debian-keyring", "debian-archive-keyring", "apt-transport-https"]
update_cache: yes
cache_valid_time: 900
state: present
- name: "Adding an apt signing key, uses whichever key is at the url"
ansible.builtin.apt_key:
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
state: present
validate_certs: false
- name: "Adding postgresql repository into sources list"
ansible.builtin.apt_repository:
repo: deb http://apt.postgresql.org/pub/repos/apt {{ default_postgres_target_distribution }} main
state: present
- name: "Ensuring several packages being installed"
apt:
name: "{{ item }}"
update_cache: yes
cache_valid_time: 900
state: present
loop:
- 'postgresql-{{ default_postgres_version }}'
- python3-psycopg2
- name: "Set vars"
set_fact:
cert_private_key: '{{ postgres_homedir }}/{{ inventory_hostname }}.{{ domain }}-key.pem'
cert_public_key: '{{ postgres_homedir }}/{{ inventory_hostname }}.{{ domain }}-crt.pem'
ca_cert: '{{ postgres_homedir }}/ca-certificate.pem'
- name: "Include role for self-signed CA"
include_role:
name: selfsigned_ca
- name: "Create certs with selfsigned CA"
include_role:
name: selfsigned_ca
tasks_from: _create_cert
vars:
selfsigned_ca_cert_private_key: '{{ cert_private_key }}'
selfsigned_ca_cert_private_key_group: postgres
selfsigned_ca_cert_public_key: '{{ cert_public_key }}'
selfsigned_ca_cacert: '{{ ca_cert }}'
selfsigned_ca_cert_subject:
CN: '{{ inventory_hostname }}.{{ domain }}'
selfsigned_ca_cert_altnames:
- 'DNS:{{ inventory_hostname }}.{{ domain }}'
- 'DNS:{{ inventory_hostname }}'
# selfsigned_ca_trigger_handler: restart postgres
- name: "Ensure postgresql.conf via evil lineinfile..."
lineinfile:
state: present
regex: "{{ item.regex }}"
line: "{{ item.line }}"
path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
loop: '{{ postgres_config }}'
notify: restart postgres
- name: "Creating archive directory if necessary"
file:
state: directory
path: /postgresql/replication
owner: postgres
group: postgres
mode: "g+s"
- name: "Install prometheus postgres exporter..."
apt:
name: "prometheus-postgres-exporter"
update_cache: yes
cache_valid_time: 900
state: present
- name: "Ensure config for prometheus-postgres-exporter via evil lineinfile..."
lineinfile:
state: present
regex: "{{ item.regex }}"
line: "{{ item.line }}"
path: /etc/default/prometheus-postgres-exporter
loop: '{{ prometheus_postgres_exporter_config }}'
notify: restart prometheus-postgres-exporter
- name: "Ensure /metrics directory exists"
file:
state: directory
path: /metrics
mode: '0755'
- name: "Ensure /metrics/queries.yaml exists"
copy:
src: pg-exporter-queries.yml
dest: /metrics/queries.yaml
mode: '0755'
- name: Check role prometheus exists # noqa command-instead-of-shell no-changed-when
become: yes
become_user: postgres
shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='prometheus'\""
register: role_check
ignore_errors: yes
- name: "Copy prometheus_postgres_exporter init script"
copy:
src: init.sql
dest: /tmp/prometheus_postgres_exporter.sql
mode: '0755'
when: "role_check.stdout == '0' and server_type == 'master'"
- name: "Execute prometheus_postgres_exporter init script" # noqa command-instead-of-shell
become: true
become_user: postgres
shell: "psql -f /tmp/prometheus_postgres_exporter.sql"
when: "role_check.stdout == '0' and server_type == 'master'"
- name: "Delete prometheus_postgres_exporter init script"
file: path="/tmp/prometheus_postgres_exporter.sql" state=absent
when: "role_check.stdout == '0' and server_type == 'master'"
- name: "Block: gpg stuff"
become: yes
become_user: postgres
block:
- name: Create temp dir
ansible.builtin.tempfile:
state: directory
suffix: gitcheckout
path: /tmp
register: tempdir
- name: "Checkout repo for gpg communication-keys"
ansible.builtin.git:
repo: 'https://{{ gituser | default("gitea-admin") | urlencode }}:{{ gitea_admin_password | urlencode }}@{{ stage }}-gitea-01.smardigo.digital/gitea-admin/communication-keys.git'
dest: '{{ tempdir.path }}'
version: master
# there is no ansible gpg module already in place
# linting violation needs to be whitelisted
- name: "Importing stage specific automation gpg-key" # noqa command-instead-of-shell
shell: 'gpg --import {{ tempdir.path }}/smardigo_automation_{{ stage }}.gpg.pub'
Reference in New Issue View Git Blame Copy Permalink