hetzner-ansible/roles/postgres/tasks/master-requirements.yml

---

- name: Check role exists
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='replicator'\"" # noqa command-instead-of-shell
  register: role_check

- name: Create role if necessary
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c 'CREATE ROLE replicator WITH REPLICATION LOGIN;'"
  when: role_check.stdout == "0"

- name: Change password with scram-sha-256! for replicator and set password
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE replicator WITH PASSWORD '{{ postgres_replicator_user_password }}';\""

- name: Setup pg_hba.conf for replicator user
  lineinfile:
    state: present
    regex: "^host[ ]+replication[ ]+replicator"
    line: "host    replication     replicator      {{ shared_service_pg_slave_ip }}/32     trust"
    path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
  register: pg_hba_conf_replicator

- name: Set 'wal_level = replica' for master postgresql instance
  lineinfile:
    state: present
    regex: "^wal_level"
    line: "wal_level = replica"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: wal_level

- name: Set 'max_wal_senders = 10' for master postgresql instance
  lineinfile:
    state: present
    regex: "^max_wal_senders"
    line: "max_wal_senders = 10"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: max_wal_senders

- name: Set 'archive_mode = on' for master postgresql instance
  lineinfile:
    state: present
    regex: "^archive_mode"
    line: "archive_mode = on"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: archive_mode

- name: Set 'archive_command = cp -f %p /postgresql/replication/%f' for master postgresql instance
  lineinfile:
    state: present
    regex: "^archive_command"
    line: "archive_command = 'cp -f %p /postgresql/replication/%f'"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: archive_command

- name: Set 'wal_keep_size  = 16' for master postgresql instance
  lineinfile:
    state: present
    regex: "^wal_keep_size"
    line: "wal_keep_size = 16"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: wal_keep_size

- name: Install nfs-server
  apt: name=nfs-kernel-server state=present update_cache=yes cache_valid_time=900

- name: Install nfs-common
  apt: name=nfs-common state=present update_cache=yes cache_valid_time=900

- name: Create nfs share for archive
  lineinfile:
    path: /etc/exports
    regex: "^/postgresql/replication"
    line: "/postgresql/replication/ {{ shared_service_pg_slave_ip }}/32(rw,crossmnt,root_squash,no_subtree_check,sync)"
    state: present
  register: nfsshare_archive_check

- name: Restart nfs-server if necessary # noqa no-handler
  service:
    name: nfs-kernel-server
    state: restarted
  when: nfsshare_archive_check.changed

- name: Restart postgres if necessary # noqa no-handler
  service:
    name: postgresql
    state: restarted
  when:
    pg_hba_conf_replicator.changed or
    wal_level.changed or
    archive_mode.changed or
    archive_command.changed or
    max_wal_senders.changed or
    wal_keep_size.changed

- name: Create extension pgcrypto for template1
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql template1 -c \"create extension if not exists pgcrypto;\""
  ignore_errors: yes # noqa ignore-errors no-changed-when

- name: Check database replication_cron exists
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = 'replication_cron'\""
  register: database_replication_check

- name: Create replication_cron update database
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c \"CREATE DATABASE replication_cron;\""
  when: database_replication_check.stdout == "0"

- name: Create replication update schema
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql replication_cron -c \"CREATE SCHEMA IF NOT EXISTS replication_cron;\""

- name: Create replication update table
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql replication_cron -c \"CREATE TABLE IF NOT EXISTS replication_cron.replication_cron (dt timestamp);\""

- name: Create dummy update data
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql replication_cron -c \"INSERT INTO replication_cron.replication_cron SELECT now() WHERE NOT EXISTS (SELECT 1 from replication_cron.replication_cron);\""

- name: Ensure a cron runs every 5 minutes and update replication check table"
  ansible.builtin.cron:
    name: "update replication table"
    minute: "*/5"
    job: su - postgres -c "/usr/bin/psql replication_cron -c \"UPDATE replication_cron.replication_cron SET dt=now();\""

- name: Check replication slot exists
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"select count(*) from pg_replication_slots where slot_name='pgstandby1'\""
  register: replication_slot_check

- name: Create replication-slot
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT pg_create_physical_replication_slot('pgstandby1');\""
  when: replication_slot_check.stdout == "0"

# only needed in case of install from scratch
- name: "Ensure test db stuff"
  block:
  - name: "Copy testdb.sql to ensure test DB"
    copy:
      src: '{{ item }}'
      dest: '/tmp/{{ item }}'
      mode: '0444'
      owner: postgres
      group: postgres
    loop:
      - testdb.sql

  - name: "Ensure test DB"
    become: yes
    become_user: postgres
    community.postgresql.postgresql_db:
      name: dummytestdb

  - name: "Ensure content for test DB"
    become: yes
    become_user: postgres
    community.postgresql.postgresql_db:
      name: dummytestdb
      state: restore
      target: /tmp/testdb.sql
  when: postgres_ensure_testdb | default(False)