gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8318792f1f'
${ noResults }
hetzner-ansible/roles/postgres/tasks/base-requirements.yml

115 lines
3.3 KiB
YAML
Raw Blame History

- name: "Adding group postgresql"
group:
name: postgres
gid: 2001
- name: "Adding user postgresql"
user:
name: postgres
uid: 2000
group: postgres
home: "{{ postgres_homedir }}"
system: true
shell: /bin/bash
- name: "Ensure postgres_homedir exists"
file:
path: "{{ postgres_homedir }}"
state: directory
owner: postgres
group: postgres
mode: "0755"
- name: "Ensuring repository meta is installed"
apt:
name: ["debian-keyring", "debian-archive-keyring", "apt-transport-https"]
update_cache: yes
cache_valid_time: 900
state: present
- name: "Adding an apt signing key, uses whichever key is at the url"
ansible.builtin.apt_key:
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
state: present
validate_certs: false
- name: "Adding postgresql repository into sources list"
ansible.builtin.apt_repository:
repo: deb http://apt.postgresql.org/pub/repos/apt {{ default_postgres_target_distribution }} main
state: present
- name: "Ensuring several packages being installed"
apt:
name: "{{ item }}"
update_cache: yes
cache_valid_time: 900
state: present
loop:
- "postgresql-{{ default_postgres_version }}"
- python3-psycopg2
- name: "Set vars"
set_fact:
cert_private_key: "{{ postgres_homedir }}/{{ inventory_hostname }}.{{ domain }}-key.pem"
cert_public_key: "{{ postgres_homedir }}/{{ inventory_hostname }}.{{ domain }}-crt.pem"
ca_cert: "{{ postgres_homedir }}/ca-certificate.pem"
- name: "Include role for self-signed CA"
include_role:
name: selfsigned_ca
- name: "Create certs with selfsigned CA"
include_role:
name: selfsigned_ca
tasks_from: _create_cert
vars:
selfsigned_ca_cert_private_key: "{{ cert_private_key }}"
selfsigned_ca_cert_private_key_group: postgres
selfsigned_ca_cert_public_key: "{{ cert_public_key }}"
selfsigned_ca_cacert: "{{ ca_cert }}"
selfsigned_ca_cert_subject:
CN: "{{ inventory_hostname }}.{{ domain }}"
selfsigned_ca_cert_altnames:
- "DNS:{{ inventory_hostname }}.{{ domain }}"
- "DNS:{{ inventory_hostname }}"
# selfsigned_ca_trigger_handler: restart postgres
- name: "ASSERT: stage_private_server_ip"
ansible.builtin.assert:
that:
- stage_private_server_ip != ''
msg: "stage_private_server_ip is EMPTY. plz check tasks/autodiscover_pre_tasks.yml "
- name: "Ensure postgresql.conf via evil lineinfile..."
lineinfile:
state: present
regex: "{{ item.regex }}"
line: "{{ item.line }}"
path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
loop: "{{ postgres_config }}"
notify: restart postgres
- name: "Updating pg_hba.conf entry for trusted admin user 'postgres'"
lineinfile:
state: "{{ database_state }}"
regex: "^hostssl[ ]+postgres[ ]+postgres"
line: "hostssl postgres postgres {{ stage_private_server_ip }}/32 trust"
path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
- name: "Creating archive directory if necessary"
file:
state: directory
path: /postgresql/replication
owner: postgres
group: postgres
mode: "g+s"
- name: "Install postgres exporter via include_task"
include_tasks: install_postgres_exporter.yml
args:
apply:
tags:
- postgres-exporter
tags:
- postgres-exporter
Reference in New Issue View Git Blame Copy Permalink