2021-09-10 12:09:38 +00:00
|
|
|
# Ansible role: Postgresql
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://code.waks.be/nishiki/ansible-role-postgresql/releases)
|
|
|
|
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-postgresql/src/branch/main/LICENSE)
|
2024-05-09 09:48:52 +00:00
|
|
|
[![Build](https://code.waks.be/nishiki/ansible-role-postgresql/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-postgresql/actions?workflow=molecule.yml)
|
2021-09-10 12:09:38 +00:00
|
|
|
|
|
|
|
Install and configure Postgresql
|
|
|
|
|
|
|
|
## Requirements
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
- Ansible >= 2.10
|
|
|
|
- Debian
|
|
|
|
- Bullseye
|
|
|
|
- Bookworm
|
2021-09-10 12:09:38 +00:00
|
|
|
|
|
|
|
## Role variables
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
| Name | Type | Required | Default | Comment |
|
|
|
|
| ---------------------------------- | ----- | -------- | ------- | --------------------------------------------------- |
|
|
|
|
| postgresql_version | str | no | 15 | the major version to use |
|
|
|
|
| postgresql_use_official_repository | bool | no | false | set true if you want official postgresql repository |
|
|
|
|
| postgresql_primary | bool | no | false | set true to create user and database on this server |
|
|
|
|
| postgresql_config | dict | no | | add option config file |
|
|
|
|
| postgresql_databases | array | no | | the database to manage |
|
|
|
|
| postgresql_users | dict | no | | the users to manage |
|
|
|
|
| postgresql_privileges | array | no | | set the privileges for roles |
|
|
|
|
| postgresql_hba | array | no | | the hba authorizations |
|
|
|
|
| postgresql_role_memberships | dict | no | | add membership in a role group |
|
2021-09-10 12:09:38 +00:00
|
|
|
|
|
|
|
### postgresql_config
|
|
|
|
|
|
|
|
See all options on [postgresql documentation](https://www.postgresql.org/docs/current/runtime-config.html)
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```
|
|
|
|
listen_addresses: '*'
|
|
|
|
port: 5432
|
|
|
|
ssl: true
|
|
|
|
unix_socket_directories: /var/run/postgresql
|
|
|
|
```
|
|
|
|
|
|
|
|
### postgresql_databases
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
| Name | Type | Required | Default | Comment |
|
|
|
|
| ---------- | ---- | -------- | --------- | --------------------------------- |
|
|
|
|
| name | str | yes | | the database name |
|
|
|
|
| owner | str | yes | | the owner's database name |
|
|
|
|
| encoding | str | no | UTF-8 | encoding to use |
|
|
|
|
| lc_collate | str | no | C.UTF-8 | lc_collate to use |
|
|
|
|
| lc_ctype | str | no | C.UTF-8 | lc_ctype to use |
|
|
|
|
| template | str | no | template0 | template to use |
|
2021-09-10 12:09:38 +00:00
|
|
|
| state | str | no | present | if absent the database is deleted |
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```
|
|
|
|
- name: test
|
2022-07-20 08:35:39 +00:00
|
|
|
owner: user
|
2021-09-10 12:09:38 +00:00
|
|
|
encoding: UTF-8
|
|
|
|
state: present
|
|
|
|
```
|
|
|
|
|
|
|
|
### postgresql_users
|
|
|
|
|
2021-11-09 10:40:21 +00:00
|
|
|
| Name | Type | Required | Default | Comment |
|
2024-05-08 08:43:30 +00:00
|
|
|
| ---------- | ----- | -------- | ------- | ------------------------------------------------------------- |
|
2022-02-21 09:13:57 +00:00
|
|
|
| key | str | yes | | the user name |
|
2021-11-09 10:40:21 +00:00
|
|
|
| password | str | yes | | the password to logon |
|
2022-02-21 09:13:57 +00:00
|
|
|
| attributes | array | no | | list with the user's attributes (REPLICATION, SUPERUSER, ...) |
|
|
|
|
| state | str | no | present | if absent the user is deleted |
|
2021-09-10 12:09:38 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```
|
2022-02-21 09:13:57 +00:00
|
|
|
user1:
|
2021-09-10 12:09:38 +00:00
|
|
|
password: secret
|
2022-02-21 09:13:57 +00:00
|
|
|
attributes:
|
|
|
|
- REPLICATION
|
|
|
|
state: present
|
|
|
|
```
|
|
|
|
|
|
|
|
### postgresql_privileges
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
| Name | Type | Required | Default | Comment |
|
|
|
|
| ---------- | ----- | -------- | ----------------- | ----------------------------------------------------------- |
|
|
|
|
| roles | str | yes | | the roles with this privileges |
|
|
|
|
| database | str | yes | | the database where to apply the privileges |
|
|
|
|
| type | str | no | table | the type of privileges (table, function, schema, ...) |
|
|
|
|
| objets | array | yes | ["ALL_IN_SCHEMA"] | list with the objets (ex: table name) |
|
|
|
|
| privileges | array | yes | | list with the privileges (SELECT, UPDATE, INSERT, ALL, ...) |
|
|
|
|
| state | str | no | present | if absent the privileges is deleted |
|
2022-02-21 09:13:57 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```
|
|
|
|
- role: user1
|
2021-09-10 12:09:38 +00:00
|
|
|
database: test
|
2022-02-21 09:13:57 +00:00
|
|
|
type: table
|
|
|
|
objets:
|
|
|
|
- mytable
|
2021-09-10 12:09:38 +00:00
|
|
|
privileges:
|
|
|
|
- SELECT
|
2022-02-21 09:13:57 +00:00
|
|
|
- INSERT
|
2021-09-10 12:09:38 +00:00
|
|
|
state: present
|
|
|
|
```
|
|
|
|
|
2021-10-12 12:50:55 +00:00
|
|
|
### postgresql_hba
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
| Name | Type | Required | Default | Comment |
|
|
|
|
| --------- | ----- | -------- | ------- | ------------------------------------------- |
|
|
|
|
| type | str | yes | | connection type (host, hostssl, local) |
|
|
|
|
| databases | array | yes | | array with the database names or all string |
|
|
|
|
| users | array | yes | | array with the user names or all string |
|
|
|
|
| subnet | str | no | | allow subnet, not require if type is local |
|
|
|
|
| method | str | yes | | auth method (trust, md5, ...) |
|
2021-10-12 12:50:55 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```
|
|
|
|
- type: hostssl
|
|
|
|
databases:
|
|
|
|
- myappli
|
|
|
|
users: all
|
|
|
|
subnet: samenet
|
|
|
|
method: md5
|
|
|
|
```
|
|
|
|
|
2022-05-06 12:13:39 +00:00
|
|
|
### postgresql_role_memberships
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
| Name | Type | Required | Default | Comment |
|
|
|
|
| ------ | ----- | -------- | ------- | ---------------------------------------- |
|
|
|
|
| key | str | yes | | the role name |
|
|
|
|
| groups | array | yes | | the groups (roles) where to add the role |
|
|
|
|
| state | str | no | present | if absent the memberships are deleted |
|
2022-05-06 12:13:39 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```
|
|
|
|
postgres:
|
2022-11-18 13:58:45 +00:00
|
|
|
groups:
|
2022-05-06 12:13:39 +00:00
|
|
|
- myuser
|
|
|
|
state: present
|
|
|
|
```
|
|
|
|
|
2021-09-10 12:09:38 +00:00
|
|
|
## How to use
|
|
|
|
|
|
|
|
```
|
|
|
|
- hosts: server
|
|
|
|
roles:
|
|
|
|
- postgresql
|
|
|
|
vars:
|
|
|
|
postgresql_use_official_repository: true
|
|
|
|
postgresql_config:
|
|
|
|
listen_addresses: '*'
|
|
|
|
postgresql_databases:
|
|
|
|
- name: test
|
|
|
|
postgresql_users
|
2022-02-21 09:13:57 +00:00
|
|
|
user1:
|
2021-09-10 12:09:38 +00:00
|
|
|
password: secret
|
2022-02-21 09:13:57 +00:00
|
|
|
postgresql_privilges:
|
|
|
|
- role: user1
|
2021-09-10 12:09:38 +00:00
|
|
|
database: test
|
2022-02-21 09:13:57 +00:00
|
|
|
type: table
|
2021-09-10 12:09:38 +00:00
|
|
|
privileges:
|
|
|
|
- SELECT
|
2022-02-21 09:13:57 +00:00
|
|
|
- role: user1
|
|
|
|
database: test
|
|
|
|
type: table
|
|
|
|
objets:
|
|
|
|
- table1
|
|
|
|
privileges:
|
|
|
|
- INSERT
|
2021-09-10 12:09:38 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
## Development
|
|
|
|
|
|
|
|
### Test with molecule and docker
|
|
|
|
|
2024-05-08 08:43:30 +00:00
|
|
|
- install [docker](https://docs.docker.com/engine/installation/)
|
|
|
|
- install `python3` and `python3-pip`
|
|
|
|
- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint testinfra yamllint`
|
|
|
|
- run `molecule test`
|
2021-09-10 12:09:38 +00:00
|
|
|
|
|
|
|
## License
|
|
|
|
|
|
|
|
```
|
|
|
|
Copyright (c) 2021 Adrien Waksberg
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
```
|