diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index d112f9e89..d81e9e1f3 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -54,6 +54,10 @@ ansible.builtin.set_fact: target: system # includes updates to Postgres, Patroni, and all system packages + - name: Add repository GPG key + ansible.builtin.command: "rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-{{ ansible_distribution_major_version }}" + when: ansible_distribution == "AlmaLinux" + - name: Clean yum cache (molecule containers) ansible.builtin.command: yum clean all when: diff --git a/molecule/pg_upgrade/converge.yml b/molecule/pg_upgrade/converge.yml index 5e97f32a8..7e037e70e 100644 --- a/molecule/pg_upgrade/converge.yml +++ b/molecule/pg_upgrade/converge.yml @@ -39,6 +39,10 @@ pg_old_version: "14" pg_new_version: "16" + - name: Add repository GPG key + ansible.builtin.command: "rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-{{ ansible_distribution_major_version }}" + when: ansible_distribution == "AlmaLinux" + - name: Clean yum cache (molecule containers) ansible.builtin.command: yum clean all when: diff --git a/roles/add-repository/tasks/main.yml b/roles/add-repository/tasks/main.yml index 65a3e287f..b0e5b92d3 100644 --- a/roles/add-repository/tasks/main.yml +++ b/roles/add-repository/tasks/main.yml @@ -36,17 +36,6 @@ when: yum_repository | length > 0 # Install Epel Repository - - name: Remove epel-release package (if exists) - ansible.builtin.package: - name: epel-release - state: absent - register: package_status - until: package_status is success - delay: 5 - retries: 3 - when: install_epel_repo|bool - tags: install_epel_repo - - name: Get epel-release-latest rpm package ansible.builtin.get_url: url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 index 0de255671..0aa568c4a 100644 --- a/roles/etcd/templates/etcd.conf.j2 +++ b/roles/etcd/templates/etcd.conf.j2 @@ -10,3 +10,4 @@ ETCD_DATA_DIR="{{ etcd_data_dir }}" ETCD_ELECTION_TIMEOUT="5000" ETCD_HEARTBEAT_INTERVAL="1000" ETCD_INITIAL_ELECTION_TICK_ADVANCE="false" +ETCD_AUTO_COMPACTION_RETENTION="1" diff --git a/roles/pgbouncer/config/tasks/main.yml b/roles/pgbouncer/config/tasks/main.yml index 0e8c999a0..46d8def58 100644 --- a/roles/pgbouncer/config/tasks/main.yml +++ b/roles/pgbouncer/config/tasks/main.yml @@ -52,26 +52,33 @@ tags: pgbouncer, pgbouncer_conf, pgbouncer_generate_userlist # if pgbouncer_auth_user is 'true' -- name: "Create function 'user_search' for pgbouncer 'auth_query' option in all databases" - become: true - become_user: postgres - ansible.builtin.shell: | - for db in $({{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc \ - "select datname from pg_catalog.pg_database where datname <> 'template0'"); do - {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d "$db" -tAXc ' - CREATE OR REPLACE FUNCTION user_search(uname TEXT) RETURNS TABLE (usename name, passwd text) AS +- block: + - name: "Check if 'user_search' function exists" + become: true + become_user: postgres + ansible.builtin.command: >- + {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d {{ pgbouncer_auth_dbname }} -tAXc + "select exists(select proname from pg_proc where proname='user_search')" + register: exists_func_user + when: (is_master | bool and patroni_standby_cluster.host | default('') | length < 1) # do not perform on the Standby Cluster leader + changed_when: false + + - name: "Create 'user_search' function for pgbouncer 'auth_query' option" + become: true + become_user: postgres + ansible.builtin.command: >- + {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d {{ pgbouncer_auth_dbname }} -tAXc + "CREATE FUNCTION user_search(uname TEXT) RETURNS TABLE (usename name, passwd text) AS $$ SELECT usename, passwd FROM pg_shadow WHERE usename=$1; $$ LANGUAGE sql SECURITY DEFINER; REVOKE ALL ON FUNCTION user_search(uname TEXT) FROM public; - GRANT EXECUTE ON FUNCTION user_search(uname TEXT) TO {{ pgbouncer_auth_username }}; - '; done - args: - executable: /bin/bash - when: - - pgbouncer_auth_user | bool - - (is_master | bool and patroni_standby_cluster.host | default('') | length < 1) # do not perform on the Standby Cluster leader + GRANT EXECUTE ON FUNCTION user_search(uname TEXT) TO {{ pgbouncer_auth_username }}" + when: + - (is_master | bool and patroni_standby_cluster.host | default('') | length < 1) # do not perform on the Standby Cluster leader + - exists_func_user.stdout == "f" + when: pgbouncer_auth_user|bool tags: pgbouncer, pgbouncer_conf, pgbouncer_auth_query ... diff --git a/vars/main.yml b/vars/main.yml index 8afedea56..780b5acc1 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -51,7 +51,7 @@ keepalived_virtual_router_id: "{{ cluster_vip.split('.')[3] | int }}" # The last # virtual_router_id - must be unique in the network (available values are 0..255). # vip-manager (if 'cluster_vip' is specified and 'with_haproxy_load_balancing' is 'false') -vip_manager_version: "2.1.0" # version to install +vip_manager_version: "2.3.0" # version to install vip_manager_conf: "/etc/patroni/vip-manager.yml" vip_manager_interval: "1000" # time (in milliseconds) after which vip-manager wakes up and checks if it needs to register or release ip addresses. vip_manager_iface: "{{ vip_interface }}" # interface to which the virtual ip will be added