Automate postgresql setup
Creates the user and the database provided by the environment variable. These are currently duplicated in postgres.env so we might want to find a way to have them in only one place. I tried my best at keeping the pg_hba.conf file secure for the server, but I am no expert so it'd be great if someone could check it out.
Cette révision appartient à :
Parent
b178f12bab
révision
55c7252327
9 fichiers modifiés avec 92 ajouts et 5 suppressions
1
.gitignore
externe
1
.gitignore
externe
|
@ -13,3 +13,4 @@ templates/*.html.go
|
|||
*.bat
|
||||
*.backup
|
||||
tags
|
||||
*.retry
|
||||
|
|
|
@ -1,2 +1,5 @@
|
|||
[webservers]
|
||||
127.0.0.1:2200 ansible_connection=ssh ansible_ssh_user=vagrant
|
||||
|
||||
[dbs]
|
||||
127.0.0.1:2200 ansible_connection=ssh ansible_ssh_user=vagrant
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
become: true
|
||||
|
||||
- name: Install Docker CE
|
||||
yum:
|
||||
yum:
|
||||
name: docker-ce
|
||||
state: present
|
||||
become: true
|
||||
|
@ -24,7 +24,7 @@
|
|||
mode: 0755
|
||||
become: true
|
||||
|
||||
- name: Enable docker at boot
|
||||
- name: Start docker and enable at boot
|
||||
systemd:
|
||||
enabled: yes
|
||||
name: docker
|
||||
|
|
63
deploy/ansible/roles/postgresql/tasks/main.yml
Fichier normal
63
deploy/ansible/roles/postgresql/tasks/main.yml
Fichier normal
|
@ -0,0 +1,63 @@
|
|||
- name: Install postgresql
|
||||
yum:
|
||||
name: postgresql-server
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Initialize postgresql
|
||||
command: postgresql-setup initdb
|
||||
# Will error when database has already been initialized so just ignore it
|
||||
ignore_errors: yes
|
||||
become: true
|
||||
|
||||
- name: Install adapter for python
|
||||
yum:
|
||||
name: python-psycopg2
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Start postgresql and enable at boot
|
||||
systemd:
|
||||
enabled: yes
|
||||
name: postgresql
|
||||
state: started
|
||||
become: true
|
||||
|
||||
- name: Create nyaapantsu database
|
||||
postgresql_db:
|
||||
name: "{{ nyaapantsu_dbname }}"
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
# TODO Probably better idea to not set SUPERUSER
|
||||
- name: Create nyaapantsu user
|
||||
postgresql_user:
|
||||
db: "{{ nyaapantsu_dbname }}"
|
||||
name: "{{ nyaapantsu_user }}"
|
||||
password: "{{ nyaapantsu_password }}"
|
||||
role_attr_flags: SUPERUSER,LOGIN
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Grant privileges to user
|
||||
postgresql_privs:
|
||||
db: "{{ nyaapantsu_dbname }}"
|
||||
priv: ALL
|
||||
roles: "{{ nyaapantsu_user }}"
|
||||
state: present
|
||||
type: database
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Add custom pg_hba.conf
|
||||
template:
|
||||
src: pg_hba.conf.j2
|
||||
dest: /var/lib/pgsql/data/pg_hba.conf
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Reload postgres
|
||||
systemd:
|
||||
name: postgresql
|
||||
state: reloaded
|
||||
become: true
|
13
deploy/ansible/roles/postgresql/templates/pg_hba.conf.j2
Fichier normal
13
deploy/ansible/roles/postgresql/templates/pg_hba.conf.j2
Fichier normal
|
@ -0,0 +1,13 @@
|
|||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
# For debugging purposes
|
||||
local "{{ nyaapantsu_dbname }}" "{{ nyaapantsu_user }}" md5
|
||||
local all all peer
|
||||
# IPv4 local connections:
|
||||
host "{{ nyaapantsu_user }}" "{{ nyaapantsu_password }}" 127.0.0.1/32 md5
|
||||
# IPv6 local connections:
|
||||
host all all ::1/128 ident
|
||||
# Allow replication connections from localhost, by a user with the
|
||||
# replication privilege.
|
||||
#local replication postgres peer
|
||||
#host replication postgres 127.0.0.1/32 ident
|
||||
#host replication postgres ::1/128 ident
|
3
deploy/ansible/roles/postgresql/vars/main.yml
Fichier normal
3
deploy/ansible/roles/postgresql/vars/main.yml
Fichier normal
|
@ -0,0 +1,3 @@
|
|||
nyaapantsu_dbname: nyaapantsu
|
||||
nyaapantsu_user: nyaapantsu
|
||||
nyaapantsu_password: nyaapantsu
|
|
@ -1 +0,0 @@
|
|||
127.0.0.1
|
|
@ -1,5 +1,9 @@
|
|||
- name: Dotfiles
|
||||
- name: Set up webserver
|
||||
hosts: webservers
|
||||
|
||||
roles:
|
||||
- docker
|
||||
|
||||
- name: Set up databases
|
||||
hosts: dbs
|
||||
roles:
|
||||
- postgresql
|
||||
|
|
|
@ -9,6 +9,7 @@ services:
|
|||
- postgres-prod.env
|
||||
environment:
|
||||
- PANTSU_INTERNAL_PORT=${PANTSU_INTERNAL_PORT}
|
||||
network_mode: "host"
|
||||
ports:
|
||||
# 0.0.0.0 makes it accessible to the network
|
||||
# You may want to remove it to make pantsu available only
|
||||
|
|
Référencer dans un nouveau ticket