101 lines
2.7 KiB
YAML
101 lines
2.7 KiB
YAML
---
|
|
- name: Validate required password is set
|
|
ansible.builtin.assert:
|
|
that:
|
|
- postgres_admin_password is defined
|
|
- postgres_admin_password | length >= 12
|
|
fail_msg: |
|
|
postgres_admin_password is required (min 12 chars).
|
|
See roles/postgres/defaults/main.yml for configuration instructions.
|
|
success_msg: "Password validation passed"
|
|
|
|
- name: Load OS-specific variables
|
|
ansible.builtin.include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ ansible_facts['os_family'] }}.yml"
|
|
- debian.yml
|
|
|
|
- name: Install PostgreSQL packages
|
|
ansible.builtin.package:
|
|
name: "{{ postgres_packages }}"
|
|
state: present
|
|
|
|
- name: Include OS-specific tasks
|
|
ansible.builtin.include_tasks: "{{ ansible_facts['os_family'] | lower }}.yml"
|
|
|
|
- name: Ensure PostgreSQL config directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ postgres_config_dir }}"
|
|
state: directory
|
|
owner: postgres
|
|
group: postgres
|
|
mode: "0750"
|
|
|
|
- name: Enable include_dir in main postgresql.conf
|
|
ansible.builtin.lineinfile:
|
|
path: "{{ postgres_config_path }}"
|
|
regexp: "^#?include_dir ="
|
|
line: "include_dir = 'conf.d'"
|
|
state: present
|
|
notify: Restart PostgreSQL
|
|
|
|
- name: Deploy custom PostgreSQL configuration
|
|
ansible.builtin.template:
|
|
src: custom.conf.j2
|
|
dest: "{{ postgres_config_dir }}/custom.conf"
|
|
owner: postgres
|
|
group: postgres
|
|
mode: "0640"
|
|
notify: Restart PostgreSQL
|
|
|
|
- name: Deploy pg_hba.conf from template
|
|
ansible.builtin.template:
|
|
src: pg_hba.conf.j2
|
|
dest: "{{ postgres_hba_path }}"
|
|
owner: postgres
|
|
group: postgres
|
|
mode: "0640"
|
|
notify: Restart PostgreSQL
|
|
|
|
- name: Setup firewall rules for PostgreSQL
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: "{{ item }}"
|
|
port: "{{ postgres_port }}"
|
|
proto: tcp
|
|
direction: in
|
|
comment: "PostgreSQL"
|
|
loop: "{{ postgres_firewall_allowed_sources }}"
|
|
retries: 5
|
|
delay: 2
|
|
register: ufw_result
|
|
until: ufw_result is succeeded
|
|
|
|
- name: Enable and start PostgreSQL service
|
|
ansible.builtin.systemd:
|
|
name: "{{ postgres_service_name }}"
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Deploy logrotate configuration for PostgreSQL
|
|
ansible.builtin.template:
|
|
src: logrotate-postgresql.j2
|
|
dest: /etc/logrotate.d/postgresql
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
when: postgres_log_backend == 'file'
|
|
|
|
- name: Remove logrotate configuration when using journald
|
|
ansible.builtin.file:
|
|
path: /etc/logrotate.d/postgresql
|
|
state: absent
|
|
when: postgres_log_backend == 'journald'
|
|
|
|
- name: Set PostgreSQL admin user password
|
|
community.postgresql.postgresql_user:
|
|
name: "{{ postgres_admin_user }}"
|
|
password: "{{ postgres_admin_password }}"
|
|
state: present
|
|
become_user: "{{ postgres_admin_user }}"
|