[psql] Refactoring

2021-03-03 10:59:56 +01:00 · 2021-03-03 10:59:56 +01:00 · 5096de1a6a
parent f41ee5cf3d
commit 5096de1a6a
12 changed files with 97 additions and 49 deletions
--- a/group_vars/bdd.yml
+++ b/group_vars/bdd.yml
@ -1,13 +1,4 @@
-glob_postgresql:
-  hosts:
-    # Database, User, net CIDR, Method
-  - [ "etherpad", "crans", "10.231.136.76/32", "etherpad"]
-  - [ "roundcube", "roundcube", "10.231.136.73/32", "webmail"]
-  - [ "roundcube", "roundcube", "2a0c:700:0:2:200:13ff:fe03:90b/128", "webmail"]
-  - [ "all", "all", "10.231.136.73/32", null]
-  - [ "all", "all", "2a0c:700:0:2:200:13ff:fe03:90b/128", null]
-  - [ "sql grey pour zamok", "sqlgrey", "sqlgrey", "10.231.136.1/32", null ]
-  - [ "sqlgrey", "sqlgrey", "2a0c:700:0:2:1e98:ecff:fe15:2c88/128", null ]
-  
-  
-  
+glob_psql:
+  subnets:
+    - 172.16.10.0/24
+    - fd00:0:0:10::/64
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@ -3,3 +3,8 @@ loc_slapd:
  ip: "{{ query('ldap', 'ip', 'daniel', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 2
+
+loc_psql:
+  version: 11
+  replica: yes
+  addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@ -3,3 +3,8 @@ loc_slapd:
  ip: "{{ query('ldap', 'ip', 'jack', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 3
+
+loc_psql:
+  version: 11
+  replica: yes
+  addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@ -3,3 +3,8 @@ loc_slapd:
  ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 1
+
+loc_psql:
+  version: 11
+  replica: yes
+  addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@ -1,5 +1,29 @@
-loc_postgresql:
+loc_psql:
  version: 11
+  hosts:
+    - db: etherpad
+      user: crans
+      map: { name: etherpad, system: etherpad, pg: crans }
+    - db: etherpad_tmp
+      user: crans
+      map: { name: etherpad_tmp, system: etherpad, pg: crans }
+    - db: horde5
+      user: www-data
+      map: { name: horde, system: www-data, pg: www-data }
+    - db: roundcube
+      user: roundcube
+      map: { name: webmail, system: www-data, pg: roundcube }
+    - { db: owncloud, user: owncloud }
+    - { db: cas, user: cas }
+    - { db: hedgedoc, user: hedgedoc }
+    - { db: sqlgrey, user: sqlgrey, method: ident }
+    - { db: re2o, user: re2o }
+    - { db: re2o_test, user: re2o }
+    - { db: mailman3, user: mailman3 }
+    - { db: mailman3web, user: mailman3web }
+    - { db: all, user: all, subnets: ['127.0.0.1/32','::1/128'], local: yes }
+    - { db: replication, user: replication, local: yes }
+  addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"

 loc_slapd:
  ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
--- a/3
+++ b/3
@ -17,6 +17,9 @@ tealc.adm.crans.org
 [bdd]
 tealc.adm.crans.org

+[bdd:children]
+virtu
+
 [belenios]
 belenios.adm.crans.org

--- a/plays/postgresql.yml
+++ b/plays/postgresql.yml
@ -3,8 +3,6 @@
 # Deploy postgresql server
 - hosts: bdd
  vars:
-    postgresql:
-      version: "{{ loc_postgresql.version }}"
-      hosts: "{{ glob_postgresql.hosts }}"
+    psql: '{{ glob_psql | default({}) | combine(loc_psql | default({})) }}'
  roles:
    - postgresql
--- a/roles/postgresql/handlers/main.yml
+++ b/roles/postgresql/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: restart postgresql
  systemd:
-    name: postgresql
+    name: postgresql@{{ psql.version }}-main
    state: restarted
    enabled: true
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -1,4 +1,8 @@
 ---
+- name: Set postgresql installation directory
+  set_fact:
+    psql_dir: '/etc/postgresql/{{ psql.version }}/main/'
+
 - name: Install postgresql
  apt:
    update_cache: true
@ -10,34 +14,40 @@

 - name: Ensure main postgresql directory exists
  file:
-    path: /etc/postgresql/{{ postgresql.version }}/main/
+    path: '{{ psql_dir }}'
    state: directory
    owner: postgres
    group: postgres
    mode: 0755
-    recurse: yes

 - name: Ensure configuration directory exists
  file:
-    path: /etc/postgresql/{{ postgresql.version }}/main/conf.d
+    path: '{{ psql_dir }}/conf.d'
    state: directory
    owner: postgres
    group: postgres
    mode: 0755
-        
- name: Configuration of postgresql {{ postgresql.version }}
+
+- name: Configuration of postgresql {{ psql.version }}
  template:
-    src: postgresql/{{ item }}.j2
-    dest: /etc/postgresql/{{ postgresql.version }}/main/{{ item }}
+    src: postgresql/postgresql.conf.j2
+    dest: '{{ psql_dir }}/postgresql.conf'
+    mode: 0640
+    owner: postgres
+    group: postgres
+  notify:
+    - restart postgresql
+
+- name: Master of configuration of postgresql {{ psql.version }}
+  template:
+    src: 'postgresql/{{ item }}.j2'
+    dest: '{{ psql_dir }}/{{ item }}'
    mode: 0640
    owner: postgres
    group: postgres
  loop:
   - pg_hba.conf
   - pg_ident.conf
-   - postgresql.conf
  notify:
    - restart postgresql
-    
-
-
+  when: 'not(psql.replica | default(False))'
--- a/roles/postgresql/templates/postgresql/pg_hba.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
@ -88,16 +88,14 @@ local   all             postgres                                peer

 # TYPE  DATABASE        USER            ADDRESS                 METHOD

+{% for host in psql.hosts %}
+{% if host.local | default(False) %}
 # "local" is for Unix domain socket connections only
-local   all             all                                     peer
+local  {{ host.db }} {{ host.user }} peer
+{% endif %}
+{% for subnet in host.subnets | default(psql.subnets) %}
+host   {{ host.db }}    {{ host.user }}    {{ subnet }}    {% if host.map is defined %}ident map={{ host.map.name }}{% else %}{{ host.method | default('md5') }}{% endif %}

-{% for host in postgresql.hosts %}  
-host   {{ host[0] }}    {{ host[1] }}    {{ host[2] }}    ident {% if host[3] %}map={{ host[3] }}{% endif %}
 {% endfor %}

-
-# Allow replication connections from localhost, by a user with the
-# replication privilege.
-local   replication     all                                     peer
-host    replication     all             127.0.0.1/32            md5
-host    replication     all             ::1/128                 md5
+{% endfor %}
--- a/roles/postgresql/templates/postgresql/pg_ident.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_ident.conf.j2
@ -42,3 +42,8 @@
 # ----------------------------------

 # MAPNAME       SYSTEM-USERNAME         PG-USERNAME
+{% for host in psql.hosts %}
+{% if host.map is defined %}
+{{ host.map.name }}		{{ host.map.system }}		{{ host.map.pg }}
+{% endif %}
+{% endfor %}
--- a/roles/postgresql/templates/postgresql/postgresql.conf.j2
+++ b/roles/postgresql/templates/postgresql/postgresql.conf.j2
@ -40,15 +40,15 @@
 # The default values of these variables are driven from the -D command-line
 # option or PGDATA environment variable, represented here as ConfigDir.

-data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main'		# use data in another directory
+data_directory = '/var/lib/postgresql/{{ psql.version }}/main'		# use data in another directory
 					# (change requires restart)
-hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf'	# host-based authentication file
+hba_file = '/etc/postgresql/{{ psql.version }}/main/pg_hba.conf'	# host-based authentication file
 					# (change requires restart)
-ident_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_ident.conf'	# ident configuration file
+ident_file = '/etc/postgresql/{{ psql.version }}/main/pg_ident.conf'	# ident configuration file
 					# (change requires restart)

 # If external_pid_file is not explicitly set, no extra PID file is written.
-external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid'			# write an extra PID file
+external_pid_file = '/var/run/postgresql/{{ psql.version }}-main.pid'			# write an extra PID file
 					# (change requires restart)


@ -57,8 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid'			#
 #------------------------------------------------------------------------------

 # - Connection Settings -
-
-#listen_addresses = 'localhost'		# what IP address(es) to listen on;
+listen_addresses = '{{ (psql.addresses | default([]) + ['localhost']) | join(',') }}'		# what IP address(es) to listen on;
 					# comma-separated list of addresses;
 					# defaults to 'localhost'; use '*' for all
 					# (change requires restart)
@ -183,7 +182,7 @@ dynamic_shared_memory_type = posix	# the default is the first option

 # - Settings -

-#wal_level = replica			# minimal, replica, or logical
+wal_level = replica			# minimal, replica, or logical
 					# (change requires restart)
 #fsync = on				# flush data to disk for crash safety
 					# (turning this off can cause
@ -238,12 +237,12 @@ min_wal_size = 80MB

 # Set these on the master and on any standby that will send replication data.

-#max_wal_senders = 10		# max number of walsender processes
+max_wal_senders = 10		# max number of walsender processes
 				# (change requires restart)
 #wal_keep_segments = 0		# in logfile segments; 0 disables
 #wal_sender_timeout = 60s	# in milliseconds; 0 disables

-#max_replication_slots = 10	# max number of replication slots
+max_replication_slots = 10	# max number of replication slots
 				# (change requires restart)
 #track_commit_timestamp = off	# collect timestamp of transaction commit
 				# (change requires restart)
@ -262,8 +261,13 @@ min_wal_size = 80MB

 # These settings are ignored on a master server.

+{% if psql.replica | default(False) %}
+hot_standby = on			# "off" disallows queries during recovery
+					# (change requires restart)
+{% else %}
 #hot_standby = on			# "off" disallows queries during recovery
 					# (change requires restart)
+{% endif %}
 #max_standby_archive_delay = 30s	# max delay before canceling queries
 					# when reading WAL from archive;
 					# -1 allows indefinite delay
@ -487,7 +491,7 @@ log_timezone = 'Europe/Paris'
 # PROCESS TITLE
 #------------------------------------------------------------------------------

-cluster_name = '{{ postgresql.version }}/main'			# added to process titles if nonempty
+cluster_name = '{{ psql.version }}/main'			# added to process titles if nonempty
 					# (change requires restart)
 #update_process_title = on

@ -503,7 +507,7 @@ cluster_name = '{{ postgresql.version }}/main'			# added to process titles if no
 #track_io_timing = off
 #track_functions = none			# none, pl, all
 #track_activity_query_size = 1024	# (change requires restart)
-stats_temp_directory = '/var/run/postgresql/{{ postgresql.version }}-main.pg_stat_tmp'
+stats_temp_directory = '/var/run/postgresql/{{ psql.version }}-main.pg_stat_tmp'


 # - Monitoring -