Skip to content

Commit

Permalink
Ubuntu installation except pgbouncer
Browse files Browse the repository at this point in the history
  • Loading branch information
atsikham committed May 23, 2021
1 parent 173ce55 commit 54640cc
Show file tree
Hide file tree
Showing 9 changed files with 117 additions and 117 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

# --- Configure users ---

- name: Extensions | Repmgr | Add postgres user to sudoers file
- name: Extensions | Repmgr | Add 'postgres' user to sudoers file
lineinfile:
path: /etc/sudoers
line: >-
Expand All @@ -21,19 +21,22 @@
{{ repmgr.bindir[ansible_os_family] }}/repmgr standby follow
validate: 'visudo -cf %s'

- name: Extensions | Repmgr | Create super user in postgresql
become_user: postgres
postgresql_user:
user: "{{ specification.extensions.replication.privileged_user_name }}"
password: "{{ specification.extensions.replication.privileged_user_password }}"
role_attr_flags: LOGIN,SUPERUSER

- name: Extensions | Repmgr | Create replication user in postgresql
- name: Extensions | Repmgr | Create replication and super users in PostgreSQL
become_user: postgres
vars:
_users:
- user: "{{ specification.extensions.replication.privileged_user_name }}"
password: "{{ specification.extensions.replication.privileged_user_password }}"
role_attr_flags: LOGIN,SUPERUSER
- user: "{{ specification.extensions.replication.replication_user_name }}"
password: "{{ specification.extensions.replication.replication_user_password }}"
role_attr_flags: LOGIN,REPLICATION
postgresql_user:
user: "{{ specification.extensions.replication.replication_user_name }}"
password: "{{ specification.extensions.replication.replication_user_password }}"
role_attr_flags: LOGIN,REPLICATION
user: "{{ item.user }}"
password: "{{ item.password }}"
role_attr_flags: "{{ item.role_attr_flags }}"
no_log: true
loop: "{{ _users }}"

- name: Extensions | Repmgr | Create pgpass file
template:
Expand Down Expand Up @@ -69,49 +72,51 @@
vars:
node_id: "{{ pg_repmgr_node_id }}"

## On Ubuntu config file location is not set by package (see https://repmgr.org/docs/4.0/packages-debian-ubuntu.html).
## Create symlink to allow using repmgr commands without specifying config file location (which is custom).
## See https://repmgr.org/docs/4.0/configuration-file.html
#- name: Extensions | Repmgr | Debian specific tasks
# when: ansible_os_family == 'Debian'
# block:
# - name: Extensions | Repmgr | Create symlink /etc/repmgr.conf
# file:
# src: "{{ template_repmgr_conf.dest }}"
# dest: /etc/repmgr.conf
# state: link
# owner: postgres
# group: postgres
# when: template_repmgr_conf.dest != '/etc/repmgr.conf'
#
# # For repmgr installed from Ubuntu package additional configuration is required before repmgrd is started as daemon
# - name: Extensions | Repmgr | Set repmgr.conf file in /etc/default/repmgrd
# replace:
# path: /etc/default/repmgrd
# regexp: "^#REPMGRD_CONF=\"/path/to/repmgr.conf\""
# replace: "REPMGRD_CONF=\"{{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf\""
#
# - name: Extensions | Repmgr | Enable repmgrd in /etc/default/repmgrd
# replace:
# path: /etc/default/repmgrd
# regexp: "^[#]?REPMGRD_ENABLED=no"
# replace: "REPMGRD_ENABLED=yes"
# On Ubuntu config file location is not set by package (see https://repmgr.org/docs/5.2/packages-debian-ubuntu.html).
# Create symlink to allow using repmgr commands without specifying config file location (which is custom).
# See https://repmgr.org/docs/5.2/configuration-file.html
- name: Extensions | Repmgr | Debian specific tasks
when: ansible_os_family == 'Debian'
block:
- name: Extensions | Repmgr | Create symlink /etc/repmgr.conf
file:
src: "{{ template_repmgr_conf.dest }}"
dest: /etc/repmgr.conf
state: link
owner: postgres
group: postgres
when: template_repmgr_conf.dest != '/etc/repmgr.conf'

# For repmgr installed from Ubuntu package additional configuration is required before repmgrd is started as daemon
- name: Extensions | Repmgr | Set repmgr.conf file in /etc/default/repmgrd
replace:
path: /etc/default/repmgrd
regexp: "^#REPMGRD_CONF=\"/path/to/repmgr.conf\""
replace: "REPMGRD_CONF=\"{{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf\""

- name: Extensions | Repmgr | Enable repmgrd in /etc/default/repmgrd
replace:
path: /etc/default/repmgrd
regexp: "^[#]?REPMGRD_ENABLED=no"
replace: "REPMGRD_ENABLED=yes"

- name: Extensions | Repmgr | Check cluster status
become_user: postgres
command: "{{ repmgr.bindir[ansible_os_family] }}/repmgr cluster show --csv"
register: pg_cluster_status
# 25 means there is an error with at least one registered node
# sometimes 'repmgr cluster show' returns 25 code with empty stderr and no explaination
failed_when: pg_cluster_status.rc not in [0, 25] or pg_cluster_status.stdout_lines|length > groups.postgresql|length
changed_when: false
failed_when: false
no_log: true

# There is a preflight check that no more than 2 cluster nodes are supported
# 1. There is a preflight check that no more than 2 cluster nodes are supported
# 2. rc = 25 means that there is an error with at least one registered node
# sometimes 'repmgr cluster show' returns 25 code with empty stderr and no explanation
- name: Extensions | Repmgr | Set 'pg_is_clustered' fact
set_fact:
pg_is_clustered: "{{ pg_cluster_status.stdout_lines | length }} == 2"
pg_is_clustered: "{{ pg_cluster_status.rc in [0, 25] and pg_cluster_status.stdout_lines | length > 1 }}"

- name: Extensions | Repmgr | Configure PostgreSQL cluster
when: not pg_is_clustered
when: not pg_is_clustered|bool
vars:
pg_node_primary: "{{ groups.postgresql[0] }}" # the first node in the group is primary
block:
Expand Down Expand Up @@ -173,7 +178,7 @@
enabled: true

- name: Extensions | Repmgr | Check already configured cluster
when: pg_is_clustered
when: pg_is_clustered|bool
block:
- name: Extensions | Repmgr | Search for a primary node
become_user: postgres
Expand All @@ -190,16 +195,13 @@
block:
- name: Extensions | Repmgr | Check if node is not attached to repmgr
become_user: postgres
shell: >-
set -o pipefail &&
{{ repmgr.bindir[ansible_os_family] }}/repmgr cluster show
| grep -i 'not attached to its upstream node'
command: "{{ repmgr.bindir[ansible_os_family] }}/repmgr cluster show"
changed_when: false
register: is_node_not_attached
failed_when: is_node_not_attached.rc not in [0, 1]
register: pg_cluster_status
failed_when: pg_cluster_status.rc not in [0, 25]

- name: Extensions | Repmgr | Attach active standby to current primary node
when: is_node_not_attached.stdout | length > 0
when: "'not attached to its upstream node' in pg_cluster_status.stdout|lower"
become: true
become_user: postgres
become_method: sudo
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,6 @@
Debian:
- postgresql-13-repmgr
RedHat:
- repmgr13
- repmgr13-5.2.1
module_defaults:
yum: { lock_timeout: "{{ yum_lock_timeout }}" }
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
- name: Set facts
- name: Set 'enabled_extensions' fact
set_fact:
enabled_extensions: >-
{{ (_defined_extensions | selectattr('config.enabled') | list) + _undefined_extensions }}
Expand All @@ -22,6 +22,9 @@
vars:
_packages:
Debian:
- postgresql-client-common
- postgresql-common
- postgresql-client-13
- postgresql-13
- postgresql-contrib-13
- python-psycopg2 # required for postgresql ansible management
Expand All @@ -33,104 +36,93 @@

# Extension packages need to be installed first to be able to process PostgreSQL config
- name: Install extension packages
include_tasks: extensions/{{ data.name }}/packages.yml
include_tasks: extensions/{{ extension.name }}/packages.yml
loop_control:
loop_var: data
loop_var: extension
loop: "{{ enabled_extensions }}"

- name: Create directories and ensure correct permissions
file:
path: "{{ item }}"
path: "{{ path }}"
state: directory
owner: postgres
group: postgres
mode: u=rwx,g=,o=
loop_control:
loop_var: path
loop:
- /var/log/postgresql
- "{{ pg.data_dir[ansible_os_family] }}" # Permissions should be u=rwx (0700) or u=rwx,g=rx (0750)

- name: RedHat | Initialize database
when: ansible_os_family == 'RedHat'
block:
- name: Check initialization status (RedHat)
- name: RedHat | Check initialization status
stat:
path: "{{ pg.config_dir[ansible_os_family] }}/pg_hba.conf"
register: pg_hba_conf_stat

- name: Initialize database (RedHat)
- name: RedHat | Initialize database
when: not pg_hba_conf_stat.stat.exists
command: /usr/pgsql-13/bin/postgresql-13-setup initdb {{ pg.service_name[ansible_os_family] }}
when:
- not pg_hba_conf_stat.stat.exists
when:
- ansible_os_family == 'RedHat'

- name: Copy pg_hba.conf
template:
src: pg_hba.conf.j2
dest: "{{ pg.config_dir[ansible_os_family] }}/pg_hba.conf"
owner: postgres
group: postgres
mode: u=rw,g=,o=
backup: true
register: change_pg_hba_conf
- name: Ensure that postgresql service is started
block:
- name: Ensure that postgresql service is started
systemd:
name: "{{ pg.service_name[ansible_os_family] }}"
state: started
enabled: true

- &check-debian-service
name: Debian | Check that the main service is started
when: ansible_os_family == 'Debian'
systemd:
name: "{{ pg.instantiated_service_name[ansible_os_family] }}"
state: started
enabled: true

# Used in postgresql-epiphany.conf.j2
- name: Set runtime_shared_preload_libraries fact
block:
- name: Collect facts about system services
service_facts:
register: services_state

- name: Get PostgreSQL settings
become: true
become_user: postgres
vars:
_service: "{{ pg.service_name[ansible_os_family] }}.service"
_state: "{{ ansible_facts.services[_service] }}"
postgresql_info:
filter: settings
register: postgresql_info
when:
- "_service|string in ansible_facts.services"
- "_state|string == 'started'"

- name: Set runtime_shared_preload_libraries fact
set_fact:
runtime_shared_preload_libraries: "{{ postgresql_info.settings.shared_preload_libraries.setting }}"
when:
- postgresql_info.settings is defined

- name: Create Epiphany managed configuration sub-file
- name: Copy PostgreSQL configuration files
vars:
_files:
- pg_hba.conf
- postgresql-epiphany.conf
- postgresql.conf
template:
src: postgresql-epiphany.conf.j2
dest: "{{ pg.config_dir[ansible_os_family] }}/postgresql-epiphany.conf"
owner: postgres
group: postgres
mode: u=rw,g=,o=
register: change_postgresql_epiphany_conf

- name: Copy postgresql.conf
copy:
src: postgresql.conf
dest: "{{ pg.config_dir[ansible_os_family] }}/postgresql.conf"
src: "{{ file_name }}.j2"
dest: "{{ pg.config_dir[ansible_os_family] }}/{{ file_name }}"
owner: postgres
group: postgres
mode: u=rw,g=,o=
backup: true
register: change_postgresql_conf
loop_control:
loop_var: file_name
loop: "{{ _files }}"
register: change_pg_config

- name: Restart postgresql service if configuration changed
systemd:
name: "{{ pg.service_name[ansible_os_family] }}"
state: restarted
when: change_pg_hba_conf
or change_postgresql_epiphany_conf
or change_postgresql_conf

# This is a separate task as service restart runs not each time
- name: Enable postgresql service
systemd:
name: "{{ pg.service_name[ansible_os_family] }}"
enabled: true
block:
- name: Restart postgresql service if configuration changed
systemd:
name: "{{ pg.service_name[ansible_os_family] }}"
state: restarted

- *check-debian-service
when: (change_pg_config.results | map(attribute='changed') | list) is any

- name: Configure postgresql logrotate
block:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# {{ ansible_managed }}
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
Expand Down Expand Up @@ -38,7 +39,7 @@
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.

#data_directory = 'ConfigDir' # use data in another directory
data_directory = '{{ pg.data_dir[ansible_os_family] }}' # use data in another directory
# (change requires restart)
#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
# (change requires restart)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
that: _unsupported_enabled_apps | length == 0
fail_msg: >-
Following application(s) are not supported for {{ _k8s_arch }} and cannot be installed:
{{ _unsupported_enabled_apps | map(attribute='name') | join(', ') }}
{{ _unsupported_enabled_apps | map(attribute='name') | list | join(', ') }}
success_msg: "All enabled applications are supported for {{ _k8s_arch }}"
quiet: true
vars:
Expand Down Expand Up @@ -43,8 +43,8 @@
assert:
that: _unsupported_enabled_extensions | length == 0
fail_msg: >-
{{ unsupported_postgres_extensions[_pg_arch] | join(', ') }} extensions are not supported for {{ _pg_arch }}
and cannot be installed
{{ _unsupported_enabled_extensions | map(attribute='name') | list | join(', ') }} extensions are not supported
for {{ _pg_arch }} and cannot be installed
success_msg: "All enabled PostgreSQL extensions are supported for current architecture"
vars:
_pg_arch: >-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ rabbitmq-server-3.8.9
rh-haproxy18
rh-haproxy18-haproxy-syspaths
postgresql13-server
repmgr13
repmgr13-5.2.1
samba-client
samba-client-libs # for samba-client
samba-common
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ rabbitmq-server-3.8.9
rh-haproxy18
rh-haproxy18-haproxy-syspaths
postgresql13-server
repmgr13
repmgr13-5.2.1
samba-client
samba-client-libs # for samba-client
samba-common
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | tee /
wget -qO - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch | sudo apt-key add -
echo "deb https://d3g5vo6xdbdb9a.cloudfront.net/apt stable main" | tee -a /etc/apt/sources.list.d/opendistroforelasticsearch.list

wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
echo "deb http://apt.postgresql.org/pub/repos/apt bionic-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list

wget -qO - https://dl.2ndquadrant.com/gpg-key.asc | apt-key add -
echo "deb https://dl.2ndquadrant.com/default/release/apt bionic-2ndquadrant main" | tee -a /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list

Expand Down
Loading

0 comments on commit 54640cc

Please sign in to comment.