ansible-role-postgresql/README.md

# Ansible role: Postgresql

[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://code.waks.be/nishiki/ansible-role-postgresql/releases)
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-postgresql/src/branch/main/LICENSE)
[![Build](https://code.waks.be/nishiki/ansible-role-postgresql/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-postgresql/actions?workflow=molecule.yml)

Install and configure Postgresql

## Requirements

- Ansible >= 2.10
- Debian
  - Bullseye
  - Bookworm

## Role variables

| Name                               | Type  | Required | Default | Comment                                             |
| ---------------------------------- | ----- | -------- | ------- | --------------------------------------------------- |
| postgresql_version                 | str   | no       | 15      | the major version to use                            |
| postgresql_use_official_repository | bool  | no       | false   | set true if you want official postgresql repository |
| postgresql_primary                 | bool  | no       | false   | set true to create user and database on this server |
| postgresql_config                  | dict  | no       |         | add option config file                              |
| postgresql_databases               | array | no       |         | the database to manage                              |
| postgresql_users                   | dict  | no       |         | the users to manage                                 |
| postgresql_privileges              | array | no       |         | set the privileges for roles                        |
| postgresql_hba                     | array | no       |         | the hba authorizations                              |
| postgresql_role_memberships        | dict  | no       |         | add membership in a role group                      |

### postgresql_config

See all options on [postgresql documentation](https://www.postgresql.org/docs/current/runtime-config.html)

Example:

```
  listen_addresses: '*'
  port: 5432
  ssl: true
  unix_socket_directories: /var/run/postgresql
```

### postgresql_databases

| Name       | Type | Required | Default   | Comment                           |
| ---------- | ---- | -------- | --------- | --------------------------------- |
| name       | str  | yes      |           | the database name                 |
| owner      | str  | yes      |           | the owner's database name         |
| encoding   | str  | no       | UTF-8     | encoding to use                   |
| lc_collate | str  | no       | C.UTF-8   | lc_collate to use                 |
| lc_ctype   | str  | no       | C.UTF-8   | lc_ctype to use                   |
| template   | str  | no       | template0 | template to use                   |
| state      | str  | no       | present   | if absent the database is deleted |

Example:

```
  - name: test
    owner: user
    encoding: UTF-8
    state: present
```

### postgresql_users

| Name       | Type  | Required | Default | Comment                                                       |
| ---------- | ----- | -------- | ------- | ------------------------------------------------------------- |
| key        | str   | yes      |         | the user name                                                 |
| password   | str   | yes      |         | the password to logon                                         |
| attributes | array | no       |         | list with the user's attributes (REPLICATION, SUPERUSER, ...) |
| state      | str   | no       | present | if absent the user is deleted                                 |

Example:

```
  user1:
    password: secret
    attributes:
      - REPLICATION
    state: present
```

### postgresql_privileges

| Name       | Type  | Required | Default           | Comment                                                     |
| ---------- | ----- | -------- | ----------------- | ----------------------------------------------------------- |
| roles      | str   | yes      |                   | the roles with this privileges                              |
| database   | str   | yes      |                   | the database where to apply the privileges                  |
| type       | str   | no       | table             | the type of privileges (table, function, schema, ...)       |
| objets     | array | yes      | ["ALL_IN_SCHEMA"] | list with the objets (ex: table name)                       |
| privileges | array | yes      |                   | list with the privileges (SELECT, UPDATE, INSERT, ALL, ...) |
| state      | str   | no       | present           | if absent the privileges is deleted                         |

Example:

```
  - role: user1
    database: test
    type: table
    objets:
      - mytable
    privileges:
      - SELECT
      - INSERT
    state: present
```

### postgresql_hba

| Name      | Type  | Required | Default | Comment                                     |
| --------- | ----- | -------- | ------- | ------------------------------------------- |
| type      | str   | yes      |         | connection type (host, hostssl, local)      |
| databases | array | yes      |         | array with the database names or all string |
| users     | array | yes      |         | array with the user names or all string     |
| subnet    | str   | no       |         | allow subnet, not require if type is local  |
| method    | str   | yes      |         | auth method (trust, md5, ...)               |

Example:

```
  - type: hostssl
    databases:
      - myappli
    users: all
    subnet: samenet
    method: md5
```

### postgresql_role_memberships

| Name   | Type  | Required | Default | Comment                                  |
| ------ | ----- | -------- | ------- | ---------------------------------------- |
| key    | str   | yes      |         | the role name                            |
| groups | array | yes      |         | the groups (roles) where to add the role |
| state  | str   | no       | present | if absent the memberships are deleted    |

Example:

```
  postgres:
    groups:
      - myuser
    state: present
```

## How to use

```
- hosts: server
  roles:
    - postgresql
  vars:
    postgresql_use_official_repository: true
    postgresql_config:
      listen_addresses: '*'
    postgresql_databases:
      - name: test
    postgresql_users
      user1:
        password: secret
    postgresql_privilges:
      - role: user1
        database: test
        type: table
        privileges:
          - SELECT
      - role: user1
        database: test
        type: table
        objets:
          - table1
        privileges:
          - INSERT
```

## Development

### Test with molecule and docker

- install [docker](https://docs.docker.com/engine/installation/)
- install `python3` and `python3-pip`
- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint testinfra yamllint`
- run `molecule test`

## License

```
Copyright (c) 2021 Adrien Waksberg

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```
first version 2021-09-10 12:09:38 +00:00			`# Ansible role: Postgresql`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://code.waks.be/nishiki/ansible-role-postgresql/releases)`
			`[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-postgresql/src/branch/main/LICENSE)`
test: add forgejo workflow 2024-05-09 09:48:52 +00:00			`[![Build](https://code.waks.be/nishiki/ansible-role-postgresql/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-postgresql/actions?workflow=molecule.yml)`
first version 2021-09-10 12:09:38 +00:00
			`Install and configure Postgresql`

			`## Requirements`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`- Ansible >= 2.10`
			`- Debian`
			`- Bullseye`
			`- Bookworm`
first version 2021-09-10 12:09:38 +00:00
			`## Role variables`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`\| Name \| Type \| Required \| Default \| Comment \|`
			`\| ---------------------------------- \| ----- \| -------- \| ------- \| --------------------------------------------------- \|`
			`\| postgresql_version \| str \| no \| 15 \| the major version to use \|`
			`\| postgresql_use_official_repository \| bool \| no \| false \| set true if you want official postgresql repository \|`
			`\| postgresql_primary \| bool \| no \| false \| set true to create user and database on this server \|`
			`\| postgresql_config \| dict \| no \| \| add option config file \|`
			`\| postgresql_databases \| array \| no \| \| the database to manage \|`
			`\| postgresql_users \| dict \| no \| \| the users to manage \|`
			`\| postgresql_privileges \| array \| no \| \| set the privileges for roles \|`
			`\| postgresql_hba \| array \| no \| \| the hba authorizations \|`
			`\| postgresql_role_memberships \| dict \| no \| \| add membership in a role group \|`
first version 2021-09-10 12:09:38 +00:00
			`### postgresql_config`

			`See all options on [postgresql documentation](https://www.postgresql.org/docs/current/runtime-config.html)`

			`Example:`

			```
			`listen_addresses: '*'`
			`port: 5432`
			`ssl: true`
			`unix_socket_directories: /var/run/postgresql`
			```

			`### postgresql_databases`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`\| Name \| Type \| Required \| Default \| Comment \|`
			`\| ---------- \| ---- \| -------- \| --------- \| --------------------------------- \|`
			`\| name \| str \| yes \| \| the database name \|`
			`\| owner \| str \| yes \| \| the owner's database name \|`
			`\| encoding \| str \| no \| UTF-8 \| encoding to use \|`
			`\| lc_collate \| str \| no \| C.UTF-8 \| lc_collate to use \|`
			`\| lc_ctype \| str \| no \| C.UTF-8 \| lc_ctype to use \|`
			`\| template \| str \| no \| template0 \| template to use \|`
first version 2021-09-10 12:09:38 +00:00			`\| state \| str \| no \| present \| if absent the database is deleted \|`

			`Example:`

			```
			`- name: test`
feat: add database owner 2022-07-20 08:35:39 +00:00			`owner: user`
first version 2021-09-10 12:09:38 +00:00			`encoding: UTF-8`
			`state: present`
			```

			`### postgresql_users`

feat: add user attributes 2021-11-09 10:40:21 +00:00			`\| Name \| Type \| Required \| Default \| Comment \|`
test: use personal docker registry 2024-05-08 08:43:30 +00:00			`\| ---------- \| ----- \| -------- \| ------- \| ------------------------------------------------------------- \|`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`\| key \| str \| yes \| \| the user name \|`
feat: add user attributes 2021-11-09 10:40:21 +00:00			`\| password \| str \| yes \| \| the password to logon \|`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`\| attributes \| array \| no \| \| list with the user's attributes (REPLICATION, SUPERUSER, ...) \|`
			`\| state \| str \| no \| present \| if absent the user is deleted \|`
first version 2021-09-10 12:09:38 +00:00
			`Example:`

			```
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`user1:`
first version 2021-09-10 12:09:38 +00:00			`password: secret`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`attributes:`
			`- REPLICATION`
			`state: present`
			```

			`### postgresql_privileges`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`\| Name \| Type \| Required \| Default \| Comment \|`
			`\| ---------- \| ----- \| -------- \| ----------------- \| ----------------------------------------------------------- \|`
			`\| roles \| str \| yes \| \| the roles with this privileges \|`
			`\| database \| str \| yes \| \| the database where to apply the privileges \|`
			`\| type \| str \| no \| table \| the type of privileges (table, function, schema, ...) \|`
			`\| objets \| array \| yes \| ["ALL_IN_SCHEMA"] \| list with the objets (ex: table name) \|`
			`\| privileges \| array \| yes \| \| list with the privileges (SELECT, UPDATE, INSERT, ALL, ...) \|`
			`\| state \| str \| no \| present \| if absent the privileges is deleted \|`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00
			`Example:`

			```
			`- role: user1`
first version 2021-09-10 12:09:38 +00:00			`database: test`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`type: table`
			`objets:`
			`- mytable`
first version 2021-09-10 12:09:38 +00:00			`privileges:`
			`- SELECT`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`- INSERT`
first version 2021-09-10 12:09:38 +00:00			`state: present`
			```

fix: add default postgresql_hba variable 2021-10-12 12:50:55 +00:00			`### postgresql_hba`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`\| Name \| Type \| Required \| Default \| Comment \|`
			`\| --------- \| ----- \| -------- \| ------- \| ------------------------------------------- \|`
			`\| type \| str \| yes \| \| connection type (host, hostssl, local) \|`
			`\| databases \| array \| yes \| \| array with the database names or all string \|`
			`\| users \| array \| yes \| \| array with the user names or all string \|`
			`\| subnet \| str \| no \| \| allow subnet, not require if type is local \|`
			`\| method \| str \| yes \| \| auth method (trust, md5, ...) \|`
fix: add default postgresql_hba variable 2021-10-12 12:50:55 +00:00
			`Example:`

			```
			`- type: hostssl`
			`databases:`
			`- myappli`
			`users: all`
			`subnet: samenet`
			`method: md5`
			```

feat: add role membership 2022-05-06 12:13:39 +00:00			`### postgresql_role_memberships`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`\| Name \| Type \| Required \| Default \| Comment \|`
			`\| ------ \| ----- \| -------- \| ------- \| ---------------------------------------- \|`
			`\| key \| str \| yes \| \| the role name \|`
			`\| groups \| array \| yes \| \| the groups (roles) where to add the role \|`
			`\| state \| str \| no \| present \| if absent the memberships are deleted \|`
feat: add role membership 2022-05-06 12:13:39 +00:00
			`Example:`

			```
			`postgres:`
fix: change memberships variables 2022-11-18 13:58:45 +00:00			`groups:`
feat: add role membership 2022-05-06 12:13:39 +00:00			`- myuser`
			`state: present`
			```

first version 2021-09-10 12:09:38 +00:00			`## How to use`

			```
			`- hosts: server`
			`roles:`
			`- postgresql`
			`vars:`
			`postgresql_use_official_repository: true`
			`postgresql_config:`
			`listen_addresses: '*'`
			`postgresql_databases:`
			`- name: test`
			`postgresql_users`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`user1:`
first version 2021-09-10 12:09:38 +00:00			`password: secret`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`postgresql_privilges:`
			`- role: user1`
first version 2021-09-10 12:09:38 +00:00			`database: test`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`type: table`
first version 2021-09-10 12:09:38 +00:00			`privileges:`
			`- SELECT`
break: new system for user and privileges 2022-02-21 09:13:57 +00:00			`- role: user1`
			`database: test`
			`type: table`
			`objets:`
			`- table1`
			`privileges:`
			`- INSERT`
first version 2021-09-10 12:09:38 +00:00			```

			`## Development`

			`### Test with molecule and docker`

test: use personal docker registry 2024-05-08 08:43:30 +00:00			`- install [docker](https://docs.docker.com/engine/installation/)`
			- install `python3` and `python3-pip`
			- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint testinfra yamllint`
			- run `molecule test`
first version 2021-09-10 12:09:38 +00:00
			`## License`

			```
			`Copyright (c) 2021 Adrien Waksberg`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			```