[postgres]

group_vars/postgres.yml

@@ -1,4 +1,4 @@
-glob_psql:
+glob_postgres:
   subnets:
     - 172.16.10.0/24
     - fd00:0:0:10::/64

host_vars/daniel.adm.crans.org.yml

@@ -4,7 +4,7 @@ loc_slapd:
   replica: true
   replica_rid: 2
 
-loc_psql:
+loc_postgres:
   version: 11
   replica: yes
   addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"

host_vars/gulp.cachan-adm.crans.org.yml

@@ -10,7 +10,7 @@ glob_ntp_client:
 
 debian_mirror: http://172.17.10.202/debian
 
-loc_psql:
+loc_postgres:
   subnets:
     - 172.17.10.0/24
     - fd00:0:0:3010::/64
@@ -18,6 +18,9 @@ loc_psql:
   hosts:
     - { db: re2o, user: re2o }
   addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
+  backup:
+    dir: /var/local/db-backup
+    frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"
 
 loc_borg:
   remote:

host_vars/jack.adm.crans.org.yml

@@ -4,7 +4,7 @@ loc_slapd:
   replica: true
   replica_rid: 3
 
-loc_psql:
+loc_postgres:
   version: 11
   replica: yes
   addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"

host_vars/sam.adm.crans.org.yml

@@ -4,7 +4,7 @@ loc_slapd:
   replica: true
   replica_rid: 1
 
-loc_psql:
+loc_postgres:
   version: 11
   replica: yes
   addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"

host_vars/tealc.adm.crans.org.yml

@@ -1,4 +1,4 @@
-loc_psql:
+loc_postgres:
   version: 11
   hosts:
     - db: etherpad
@@ -19,11 +19,15 @@ loc_psql:
     - { db: sqlgrey, user: sqlgrey, method: ident }
     - { db: re2o, user: re2o }
     - { db: re2o_test, user: re2o }
+    - { db: constellation-dev, user: constellation-dev }
     - { db: mailman3, user: mailman3 }
     - { db: mailman3web, user: mailman3web }
     - { db: all, user: all, subnets: ['127.0.0.1/32','::1/128'], local: yes }
     - { db: replication, user: replication, local: yes }
   addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"
+  backup:
+    dir: /var/local/db-backup
+    frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"
 
 loc_slapd:
   ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"

hosts

@@ -14,13 +14,12 @@ omnomnom.cachan-adm.crans.org
 cameron.adm.crans.org
 tealc.adm.crans.org
 
-[bdd]
+[postgres]
 tealc.adm.crans.org
 gulp.cachan-adm.crans.org
 
 [blackbox]
 monitoring.adm.crans.org
-
 [bdd:children]
 virtu
 

plays/postgresql.yml

@@ -1,8 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy postgresql server
-- hosts: bdd
+- hosts: postgres
   vars:
-    psql: '{{ glob_psql | default({}) | combine(loc_psql | default({})) }}'
+    postgres: '{{ glob_postgres | default({}) | combine(loc_postgres | default({})) }}'
   roles:
     - postgresql

roles/postgresql/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
 - name: reload postgresql
-  command: /usr/bin/pg_ctlcluster {{ psql.version }} main reload
+  command: /usr/bin/pg_ctlcluster {{ postgres.version }} main reload

roles/postgresql/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Set postgresql installation directory
   set_fact:
-    psql_dir: '/etc/postgresql/{{ psql.version }}/main/'
+    postgres_dir: '/etc/postgresql/{{ postgres.version }}/main'
 
 - name: Install postgresql
   apt:
@@ -14,7 +14,7 @@
 
 - name: Ensure main postgresql directory exists
   file:
-    path: '{{ psql_dir }}'
+    path: '{{ postgres_dir }}'
     state: directory
     owner: postgres
     group: postgres
@@ -22,26 +22,26 @@
 
 - name: Ensure configuration directory exists
   file:
-    path: '{{ psql_dir }}/conf.d'
+    path: '{{ postgres_dir }}/conf.d'
     state: directory
     owner: postgres
     group: postgres
     mode: 0755
 
-- name: Configuration of postgresql {{ psql.version }}
+- name: Configuration of postgresql {{ postgres.version }}
   template:
     src: postgresql/postgresql.conf.j2
-    dest: '{{ psql_dir }}/postgresql.conf'
+    dest: '{{ postgres_dir }}/postgresql.conf'
     mode: 0640
     owner: postgres
     group: postgres
   notify:
     - reload postgresql
 
-- name: Master of configuration of postgresql {{ psql.version }}
+- name: Master of configuration of postgresql {{ postgres.version }}
   template:
     src: 'postgresql/{{ item }}.j2'
-    dest: '{{ psql_dir }}/{{ item }}'
+    dest: '{{ postgres_dir }}/{{ item }}'
     mode: 0640
     owner: postgres
     group: postgres
@@ -50,4 +50,19 @@
    - pg_ident.conf
   notify:
     - reload postgresql
-  when: 'not(psql.replica | default(False))'
+  when: 'not(postgres.replica | default(False))'
+
+- name: Create backup directory
+  file:
+    path: "{{ postgres.backup.dir }}"
+    owner: postgres
+    group: postgres
+    state: directory
+    mode: 0770
+  when: postgres.backup is defined
+
+- name: Create backup cron
+  template:
+    src: cron.d/pg_dump.j2
+    dest: /etc/cron.d/pg_dump
+  when: postgres.backup is defined

roles/postgresql/templates/cron.d/pg_dump.j2

@@ -0,0 +1,5 @@
+{{ ansible_header | comment }}
+
+PATH=$PATH:/usr/sbin:/usr/bin:/usr/local/bin:/sbin:/bin
+
+{{ postgres.backup.frequency }} postgres pg_dumpall  -f {{ postgres.backup.dir }}/all.sql

roles/postgresql/templates/postgresql/pg_hba.conf.j2

@@ -88,12 +88,12 @@ local   all             postgres                                peer
 
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 
-{% for host in psql.hosts %}
+{% for host in postgres.hosts %}
 {% if host.local | default(False) %}
 # "local" is for Unix domain socket connections only
 local  {{ host.db }} {{ host.user }} peer
 {% endif %}
-{% for subnet in host.subnets | default(psql.subnets) %}
+{% for subnet in host.subnets | default(postgres.subnets) %}
 host   {{ host.db }}    {{ host.user }}    {{ subnet }}    {% if host.map is defined %}ident map={{ host.map.name }}{% else %}{{ host.method | default('md5') }}{% endif %}
 
 {% endfor %}

roles/postgresql/templates/postgresql/pg_ident.conf.j2

@@ -42,7 +42,7 @@
 # ----------------------------------
 
 # MAPNAME       SYSTEM-USERNAME         PG-USERNAME
-{% for host in psql.hosts %}
+{% for host in postgres.hosts %}
 {% if host.map is defined %}
 {{ host.map.name }}		{{ host.map.system }}		{{ host.map.pg }}
 {% endif %}

roles/postgresql/templates/postgresql/postgresql.conf.j2

@@ -40,15 +40,15 @@
 # The default values of these variables are driven from the -D command-line
 # option or PGDATA environment variable, represented here as ConfigDir.
 
-data_directory = '/var/lib/postgresql/{{ psql.version }}/main'		# use data in another directory
+data_directory = '/var/lib/postgresql/{{ postgres.version }}/main'		# use data in another directory
 					# (change requires restart)
-hba_file = '/etc/postgresql/{{ psql.version }}/main/pg_hba.conf'	# host-based authentication file
+hba_file = '/etc/postgresql/{{ postgres.version }}/main/pg_hba.conf'	# host-based authentication file
 					# (change requires restart)
-ident_file = '/etc/postgresql/{{ psql.version }}/main/pg_ident.conf'	# ident configuration file
+ident_file = '/etc/postgresql/{{ postgres.version }}/main/pg_ident.conf'	# ident configuration file
 					# (change requires restart)
 
 # If external_pid_file is not explicitly set, no extra PID file is written.
-external_pid_file = '/var/run/postgresql/{{ psql.version }}-main.pid'			# write an extra PID file
+external_pid_file = '/var/run/postgresql/{{ postgres.version }}-main.pid'			# write an extra PID file
 					# (change requires restart)
 
 
@@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ psql.version }}-main.pid'			# write
 #------------------------------------------------------------------------------
 
 # - Connection Settings -
-listen_addresses = '{{ (psql.addresses | default([]) + ['localhost']) | join(',') }}'		# what IP address(es) to listen on;
+listen_addresses = '{{ (postgres.addresses | default([]) + ['localhost']) | join(',') }}'		# what IP address(es) to listen on;
 					# comma-separated list of addresses;
 					# defaults to 'localhost'; use '*' for all
 					# (change requires restart)
@@ -261,7 +261,7 @@ max_replication_slots = 10	# max number of replication slots
 
 # These settings are ignored on a master server.
 
-{% if psql.replica | default(False) %}
+{% if postgres.replica | default(False) %}
 hot_standby = on			# "off" disallows queries during recovery
 					# (change requires restart)
 {% else %}
@@ -491,7 +491,7 @@ log_timezone = 'Europe/Paris'
 # PROCESS TITLE
 #------------------------------------------------------------------------------
 
-cluster_name = '{{ psql.version }}/main'			# added to process titles if nonempty
+cluster_name = '{{ postgres.version }}/main'			# added to process titles if nonempty
 					# (change requires restart)
 #update_process_title = on
 
@@ -507,7 +507,7 @@ cluster_name = '{{ psql.version }}/main'			# added to process titles if nonempty
 #track_io_timing = off
 #track_functions = none			# none, pl, all
 #track_activity_query_size = 1024	# (change requires restart)
-stats_temp_directory = '/var/run/postgresql/{{ psql.version }}-main.pg_stat_tmp'
+stats_temp_directory = '/var/run/postgresql/{{ postgres.version }}-main.pg_stat_tmp'
 
 
 # - Monitoring -