PostgreSQL v13 installation

core/src/epicli/data/common/ansible/playbooks/roles/backup/tasks/postgresql.yml

@@ -10,7 +10,7 @@
 - name: Check if database is running on node0 database server
   become: true
   become_user: postgres
-  command: "{{ repmgr.pg_bindir[ansible_os_family] }}/pg_isready"
+  command: "{{ pg.bindir[ansible_os_family] }}/pg_isready"
   register: node0
   ignore_errors: True
   when: groups['postgresql'][0] == inventory_hostname

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/defaults/main.yml

@@ -1,34 +1,34 @@
 ---
 pg:
+  bindir:
+    RedHat: /usr/pgsql-13/bin
+    Debian: /usr/lib/postgresql/13/bin
   service_name:
-    RedHat: postgresql-10
+    RedHat: postgresql-13
     Debian: postgresql
   instantiated_service_name:
     RedHat: null
-    Debian: postgresql@10-main
+    Debian: postgresql@13-main
   base_dir:
     RedHat: /var/lib/pgsql
     Debian: /var/lib/postgresql
   config_dir:
-    RedHat: /var/lib/pgsql/10/data
-    Debian: /etc/postgresql/10/main
+    RedHat: /var/lib/pgsql/13/data
+    Debian: /etc/postgresql/13/main
   data_dir:
-    RedHat: /var/lib/pgsql/10/data
-    Debian: /var/lib/postgresql/10/main
+    RedHat: /var/lib/pgsql/13/data
+    Debian: /var/lib/postgresql/13/main
 
 repmgr:
   bindir:
-    RedHat: /usr/pgsql-10/bin
+    RedHat: /usr/pgsql-13/bin
     Debian: /usr/bin
-  pg_bindir:
-    RedHat: /usr/pgsql-10/bin
-    Debian: /usr/lib/postgresql/10/bin
   service_name:
-    RedHat: repmgr10
+    RedHat: repmgr13
     Debian: repmgrd
   config_dir:
-    RedHat: /etc/repmgr/10
-    Debian: /etc/postgresql/10/main
+    RedHat: /etc/repmgr/13
+    Debian: /etc/postgresql/13/main
 
 pgbouncer:
   logfile:

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/README.adoc

@@ -0,0 +1,35 @@
+= Installation guide
+
+== Requirements
+
+* Internet connection
+* Molecule link:https://molecule.readthedocs.io/en/latest/installation.html[dependencies]
+* Docker
+* ansible-lint
+
+== Installation
+
+[source:bash]
+----
+pip install 'molecule[docker]'
+pip install ansible-lint
+----
+
+== Execution
+
+=== General
+
+[source:bash]
+----
+molecule test -s <scenario-name>
+----
+
+=== Separate steps
+
+[source:bash]
+----
+molecule lint -s <scenario-name>
+molecule converge -s <scenario-name>
+molecule idempotence -s <scenario-name>
+molecule verify -s <scenario-name>
+----

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/add-repos-debian.sh

@@ -0,0 +1,11 @@
+#!/bin/bash -eu
+
+apt update && apt -y install wget gpg-agent
+
+wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+echo "deb http://apt.postgresql.org/pub/repos/apt bionic-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
+
+wget -qO - https://dl.2ndquadrant.com/gpg-key.asc | apt-key add -
+echo "deb https://dl.2ndquadrant.com/default/release/apt bionic-2ndquadrant main" | tee /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list
+
+apt update

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/add-repos-redhat.sh

@@ -0,0 +1,143 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+CREATE_LOGFILE='no'
+
+# params: <repo_id> <config_file_content>
+add_repo_as_file() {
+    local repo_id="$1"
+    local config_file_content="$2"
+    local config_file_name="$repo_id.repo"
+
+    if ! is_repo_enabled "$repo_id"; then
+        echol "Adding repository: $repo_id"
+        cat <<<"$config_file_content" >"/etc/yum.repos.d/$config_file_name" ||
+            exit_with_error "Function add_repo_as_file failed for repo: $repo_id"
+        local -a gpg_key_urls
+        IFS=" " read -r -a gpg_key_urls \
+            <<<"$(grep -i --only-matching --perl-regexp '(?<=^gpgkey=)http[^#\n]+' <<<"$config_file_content")"
+        if ((${#gpg_key_urls[@]} > 0)); then
+            import_repo_gpg_keys "${gpg_key_urls[@]}" 3
+        fi
+        # to accept import of repo's GPG key (for repo_gpgcheck=1)
+        yum -y repolist >/dev/null || exit_with_error "Command failed: yum -y repolist"
+    fi
+}
+
+# params: <script_url>
+add_repo_from_script() {
+    local script_url="$1"
+
+    echol "Running: curl $script_url | bash"
+    curl $script_url | bash
+}
+
+# params: <repo_id>
+disable_repo() {
+    local repo_id="$1"
+
+    if yum repolist enabled | grep --quiet "$repo_id"; then
+        echol "Disabling repository: $repo_id"
+        yum-config-manager --disable "$repo_id" ||
+            exit_with_error "Command failed: yum-config-manager --disable \"$repo_id\""
+    fi
+}
+
+echol() {
+    echo -e "$@"
+    if [[ $CREATE_LOGFILE == 'yes' ]]; then
+        local timestamp=$(date +"%b %e %H:%M:%S")
+        echo -e "${timestamp}: $@" >>"$LOG_FILE_PATH"
+    fi
+}
+
+# params: <url(s)> <retries>
+import_repo_gpg_keys() {
+    local retries=${!#}        # get last arg
+    local urls=("${@:1:$#-1}") # remove last arg
+
+    for url in "${urls[@]}"; do
+        run_cmd_with_retries rpm --import "$url" "$retries"
+    done
+}
+
+# params: <repo_id>
+is_repo_enabled() {
+    local repo_id="$1"
+
+    if yum repolist | grep --quiet "$repo_id"; then
+        echol "Repository $repo_id already enabled"
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Runs command as array with printing it, doesn't support commands with shell operators (such as pipe or redirection)
+# params: <command to execute> [--no-exit-on-error]
+run_cmd() {
+    local cmd_arr=("$@")
+
+    local exit_on_error=1
+    if [[ ${cmd_arr[-1]} == '--no-exit-on-error' ]]; then
+        exit_on_error=0
+        cmd_arr=("${cmd_arr[@]:0:$#-1}") # remove last item
+    fi
+
+    local escaped_string return_code
+    escaped_string=$(_print_array_as_shell_escaped_string "${cmd_arr[@]}")
+    echol "Executing: ${escaped_string}"
+    "${cmd_arr[@]}"
+    return_code=$?
+    if ((return_code != 0)) && ((exit_on_error)); then
+        exit_with_error "Command failed: ${escaped_string}"
+    else
+        return $return_code
+    fi
+}
+
+# Runs command with retries, doesn't support commands with shell operators (such as pipe or redirection)
+# params: <command to execute> <retries>
+run_cmd_with_retries() {
+    # pop 'retries' argument
+    local retries=${!#}  # get last arg (indirect expansion)
+    set -- "${@:1:$#-1}" # set new "$@"
+
+    local cmd_arr=("$@")
+    (# sub-shell is used to limit scope for 'set +e'
+        set +e
+        trap - ERR # disable global trap locally
+        for ((i = 0; i <= retries; i++)); do
+            run_cmd "${cmd_arr[@]}" '--no-exit-on-error'
+            return_code=$?
+            if ((return_code == 0)); then
+                break
+            elif ((i < retries)); then
+                sleep 1
+                echol "retrying ($((i + 1))/${retries})"
+            else
+                echol "ERROR: all attempts failed"
+                local escaped_string
+                escaped_string=$(_print_array_as_shell_escaped_string "${cmd_arr[@]}")
+                exit_with_error "Command failed: ${escaped_string}"
+            fi
+        done
+        return $return_code
+    )
+}
+
+POSTGRESQL_REPO_CONF=$(
+    cat <<'EOF'
+[pgdg13]
+name=PostgreSQL 13 for RHEL/CentOS $releasever - $basearch
+baseurl=https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch
+enabled=1
+gpgcheck=1
+gpgkey=https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG
+EOF
+)
+
+add_repo_as_file 'postgresql-13' "$POSTGRESQL_REPO_CONF"
+add_repo_from_script 'https://dl.2ndquadrant.com/default/release/get/13/rpm' # for repmgr
+disable_repo '2ndquadrant-dl-default-release-pg13-debug'                     # script adds 2 repositories, only 1 is required

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/debian-repmgr/converge.yml

@@ -0,0 +1,19 @@
+---
+- name: Converge
+  hosts: postgresql
+  become: true
+  become_method: sudo
+  module_defaults:
+    shell:
+      executable: /bin/bash
+  tasks:
+    - name: Include 'configuration/postgresql' variables
+      include_vars:
+        file: ../vars-repmgr.yml
+
+    - name: Include postgresql role
+      include_role:
+        name: postgresql
+      vars:
+        yum_lock_timeout: 300 # https://github.com/ansible/ansible/issues/57189
+        roles_with_generated_vars: [ ] # don't execute PgPool related tasks

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/debian-repmgr/molecule.yml

@@ -0,0 +1,45 @@
+---
+dependency:
+  enabled: false
+lint: ansible-lint --exclude molecule
+driver:
+  name: docker
+platforms:
+  - name: instance-1
+    groups:
+      - postgresql
+    image: geerlingguy/docker-ubuntu1804-ansible:python2
+    pre_build_image: true
+    capabilities:
+      - SYS_ADMIN
+    command: /lib/systemd/systemd
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: instance-2
+    groups:
+      - postgresql
+    image: geerlingguy/docker-ubuntu1804-ansible:python2
+    pre_build_image: true
+    capabilities:
+      - SYS_ADMIN
+    command: /lib/systemd/systemd
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+provisioner:
+  name: ansible
+  playbooks:
+    prepare: prepare.yml
+    converge: converge.yml
+    verify: verify.yml
+  inventory:
+    group_vars:
+      postgresql:
+        ansible_python_interpreter: /usr/bin/python2
+verifier:
+  name: ansible

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/debian-repmgr/prepare.yml

@@ -0,0 +1,6 @@
+---
+- name: Converge
+  hosts: postgresql
+  tasks:
+    - name: Add repositories for dependencies downloading
+      script: ../add-repos-debian.sh

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/debian-repmgr/verify.yml

@@ -0,0 +1,53 @@
+---
+- name: Verify
+  hosts: postgresql
+  gather_facts: false
+  tasks:
+    - name: Check that DB port is open
+      block:
+        - name: Ensure that DB port is open
+          wait_for:
+            host: 0.0.0.0
+            port: 5432
+            state: started
+            delay: 0
+            timeout: 3
+          register: port_status
+
+        - name: Verify that port status is not changed
+          assert:
+            that:
+              - not port_status.changed
+
+    - name: Check that PostgreSQL services are started and enabled
+      block:
+        - name: Ensure that postgresql service is started and enabled
+          systemd:
+            name: postgresql
+            enabled: true
+          register: svc_status
+
+        - name: Ensure that postgresql@13-main service is started and enabled
+          systemd:
+            name: postgresql
+            enabled: true
+          register: svc_main_status
+
+        - name: Verify that service statuses are not changed
+          assert:
+            that:
+              - not svc_status.changed
+              - not svc_main_status.changed
+
+    - name: Check that repmgrd service is started and enabled
+      block:
+        - name: Ensure that repmgrd service is started and enabled
+          systemd:
+            name: repmgrd
+            enabled: true
+          register: svc_repmgr_status
+
+        - name: Verify that service status is not changed
+          assert:
+            that:
+              - not svc_repmgr_status.changed

core/src/epicli/data/common/ansible/playbooks/roles/postgresql/molecule/debian-single-node/converge.yml

@@ -0,0 +1,19 @@
+---
+- name: Converge
+  hosts: postgresql
+  become: true
+  become_method: sudo
+  module_defaults:
+    shell:
+      executable: /bin/bash
+  tasks:
+    - name: Include 'configuration/postgresql' variables
+      include_vars:
+        file: ../vars-single-node.yml
+
+    - name: Include postgresql role
+      include_role:
+        name: postgresql
+      vars:
+        yum_lock_timeout: 300 # https://github.com/ansible/ansible/issues/57189
+        roles_with_generated_vars: [ ] # don't execute PgPool related tasks