Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0

Automate postgresql setup

Creates the user and the database provided by the environment variable.
These are currently duplicated in postgres.env so we might want to find
a way to have them in only one place.

I tried my best at keeping the pg_hba.conf file secure for the server,
but I am no expert so it'd be great if someone could check it out.
Cette révision appartient à :
tomleb 2017-05-07 16:31:38 -04:00
Parent b178f12bab
révision 55c7252327
9 fichiers modifiés avec 92 ajouts et 5 suppressions

1
.gitignore externe
Voir le fichier

@ -13,3 +13,4 @@ templates/*.html.go
*.bat
*.backup
tags
*.retry

Voir le fichier

@ -1,2 +1,5 @@
[webservers]
127.0.0.1:2200 ansible_connection=ssh ansible_ssh_user=vagrant
[dbs]
127.0.0.1:2200 ansible_connection=ssh ansible_ssh_user=vagrant

Voir le fichier

@ -11,7 +11,7 @@
become: true
- name: Install Docker CE
yum:
yum:
name: docker-ce
state: present
become: true
@ -24,7 +24,7 @@
mode: 0755
become: true
- name: Enable docker at boot
- name: Start docker and enable at boot
systemd:
enabled: yes
name: docker

Voir le fichier

@ -0,0 +1,63 @@
- name: Install postgresql
yum:
name: postgresql-server
state: present
become: true
- name: Initialize postgresql
command: postgresql-setup initdb
# Will error when database has already been initialized so just ignore it
ignore_errors: yes
become: true
- name: Install adapter for python
yum:
name: python-psycopg2
state: present
become: true
- name: Start postgresql and enable at boot
systemd:
enabled: yes
name: postgresql
state: started
become: true
- name: Create nyaapantsu database
postgresql_db:
name: "{{ nyaapantsu_dbname }}"
become: true
become_user: postgres
# TODO Probably better idea to not set SUPERUSER
- name: Create nyaapantsu user
postgresql_user:
db: "{{ nyaapantsu_dbname }}"
name: "{{ nyaapantsu_user }}"
password: "{{ nyaapantsu_password }}"
role_attr_flags: SUPERUSER,LOGIN
become: true
become_user: postgres
- name: Grant privileges to user
postgresql_privs:
db: "{{ nyaapantsu_dbname }}"
priv: ALL
roles: "{{ nyaapantsu_user }}"
state: present
type: database
become: true
become_user: postgres
- name: Add custom pg_hba.conf
template:
src: pg_hba.conf.j2
dest: /var/lib/pgsql/data/pg_hba.conf
become: true
become_user: postgres
- name: Reload postgres
systemd:
name: postgresql
state: reloaded
become: true

Voir le fichier

@ -0,0 +1,13 @@
# TYPE DATABASE USER ADDRESS METHOD
# For debugging purposes
local "{{ nyaapantsu_dbname }}" "{{ nyaapantsu_user }}" md5
local all all peer
# IPv4 local connections:
host "{{ nyaapantsu_user }}" "{{ nyaapantsu_password }}" 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident

Voir le fichier

@ -0,0 +1,3 @@
nyaapantsu_dbname: nyaapantsu
nyaapantsu_user: nyaapantsu
nyaapantsu_password: nyaapantsu

Voir le fichier

@ -1 +0,0 @@
127.0.0.1

Voir le fichier

@ -1,5 +1,9 @@
- name: Dotfiles
- name: Set up webserver
hosts: webservers
roles:
- docker
- name: Set up databases
hosts: dbs
roles:
- postgresql

Voir le fichier

@ -9,6 +9,7 @@ services:
- postgres-prod.env
environment:
- PANTSU_INTERNAL_PORT=${PANTSU_INTERNAL_PORT}
network_mode: "host"
ports:
# 0.0.0.0 makes it accessible to the network
# You may want to remove it to make pantsu available only