postgresql
.. _section-role-postgresql:
Role postgresql
Ansible Galaxy page <https://galaxy.ansible.com/honzamach/postgresql>__GitHub repository <https://github.com/honzamach/ansible-role-postgresql>__Travis CI page <https://travis-ci.org/honzamach/ansible-role-postgresql>__
Ansible role for convenient installation of the PostgreSQL <https://www.postgresql.org/>__
database.
This role is intended to keep the things as simple as possible and performs only basic installation and configuration of the PostgreSQL service. Any advanced configuration adjustments have to be done manually. This role installs the latest version 12 and can optionally remove the previous 10.x and 11.x versions. The actual migration is however quite complex process and must be done manually.
Table of Contents:
- :ref:
section-role-postgresql-installation - :ref:
section-role-postgresql-dependencies - :ref:
section-role-postgresql-usage - :ref:
section-role-postgresql-variables - :ref:
section-role-postgresql-files - :ref:
section-role-postgresql-author
This role is part of the MSMS <https://github.com/honzamach/msms>__ package.
Some common features are documented in its :ref:manual <section-manual>.
.. _section-role-postgresql-installation:
Installation
To install the role honzamach.postgresql <https://galaxy.ansible.com/honzamach/postgresql>__
from Ansible Galaxy <https://galaxy.ansible.com/>__ please use variation of
following command::
ansible-galaxy install honzamach.postgresql
To install the role directly from GitHub <https://github.com>__ by cloning the
ansible-role-postgresql <https://github.com/honzamach/ansible-role-postgresql>__
repository please use variation of following command::
git clone https://github.com/honzamach/ansible-role-postgresql.git honzamach.postgresql
Currently the advantage of using direct Git cloning is the ability to easily update the role when new version comes out.
.. _section-role-postgresql-dependencies:
Dependencies
This role is not dependent on any other role.
Following roles have direct dependency on this role:
- :ref:
griffin <section-role-griffin> - :ref:
mentat <section-role-mentat> - :ref:
mentat_dev <section-role-mentat-dev>
.. _section-role-postgresql-usage:
Usage
Example content of inventory file inventory::
[servers_postgresql]
your-server
Example content of role playbook file role_playbook.yml::
- hosts: servers_postgresql
remote_user: root
roles:
- role: honzamach.postgresql
tags:
- role-postgresql
Example usage::
# Run everything:
ansible-playbook --ask-vault-pass --inventory inventory role_playbook.yml
# For package cache update before installing any packages:
ansible-playbook --ask-vault-pass --inventory inventory role_playbook.yml --extra-vars '{"hm_pgsql__apt_force_update":"yes"}'
It is recommended to follow these configuration principles:
Create/edit file
inventory/group_vars/all/vars.ymland within define some sensible defaults for all your managed servers. Example::hm_pgsql__monitoring_password: "{{ vault_hm_pgsql__monitoring_password }}"Create/edit :ref:
vault <section-overview-vault>encrypted fileinventory/group_vars/all/vault.ymland within store your backup encryption password::vault_hm_pgsql__monitoring_password: something-so-secret-no1-is-gonna-guessUse files
inventory/host_vars/[your-server]/vars.ymlto customize settings for particular servers. Please see section :ref:section-role-postgresql-variablesfor all available options.
.. _section-role-postgresql-variables:
Configuration variables
Internal role variables
.. envvar:: hm_pgsql__apt_key_url
URL leading to GPG key for signing PostgreSQL packages.
* *Type:* ``string``
* *Default:* ``"https://www.postgresql.org/media/keys/ACCC4CF8.asc"``
.. envvar:: hm_pgsql__apt_key_id
Identifier of the signing key.
* *Type:* ``string``
* *Default:* ``"ACCC4CF8"``
.. envvar:: hm_pgsql__apt_repository
Location of PostgreSQL repository.
* *Type:* ``string``
* *Default:* ``"deb http://apt.postgresql.org/pub/repos/apt/[ansible_lsb['codename']]-pgdg main"``
.. envvar:: hm_pgsql__major_version
Major version your wish this role would install to target host.
* *Type:* ``string``
* *Default:* ``"12"``
.. envvar:: hm_pgsql__remove_packages
List of packages defined separately for each linux distribution and package manager,
that MUST NOT be present on target system. Any package on this list will be removed
from target host. This role currently recognizes only ``apt`` for ``debian``.
* *Datatype:* ``dict``
* *Default:* (please see YAML file ``defaults/main.yml``)
* *Example:*
.. code-block:: yaml
hm_logged__remove_packages:
debian:
apt:
- syslog-ng
- ...
.. envvar:: hm_pgsql__remove_previous
Remove previous version of PostgreSQL database (true/false).
* *Type:* ``bool``
* *Default:* ``false``
.. envvar:: hm_pgsql__install_packages
List of packages defined separately for each linux distribution and package manager,
that MUST be present on target system. Any package on this list will be installed on
target host. This role currently recognizes only ``apt`` for ``debian``.
* *Datatype:* ``dict``
* *Default:* (please see YAML file ``defaults/main.yml``)
* *Example:*
.. code-block:: yaml
hm_logged__install_packages:
debian:
apt:
- syslog-ng
- ...
.. envvar:: hm_pgsql__apt_force_update
Force APT cache update before installing any packages ('yes','no').
* *Datatype:* ``string``
* *Default:* ``"no"``
.. envvar:: hm_pgsql__user
Name for the UNIX system user for PostgreSQL database.
* *Type:* ``string``
* *Default:* ``"postgres"``
.. envvar:: hm_pgsql__group
Name for the UNIX system group for PostgreSQL database.
* *Type:* ``string``
* *Default:* ``"postgres"``
.. envvar:: hm_pgsql__monitoring_user
Name for the restricted user account for monitoring PostgreSQL database.
* *Type:* ``string``
* *Default:* ``"watchdog"``
.. envvar:: hm_pgsql__monitoring_password
Password for the restricted user account for monitoring PostgreSQL database.
You should encrypt this password with vault.
* *Type:* ``string``
* *Default:* ``"watchdog"``
.. envvar:: hm_pgsql__databases
List of all PostgreSQL databases that should be present on target system.
* *Type:* ``list of strings``
* *Default:* ``[]`` (empty list)
.. envvar:: hm_pgsql__logdir
Path to log directory.
* *Type:* ``string``
* *Default:* ``"/var/log/postgresql"``
.. envvar:: hm_pgsql__logfile
Path to log file.
* *Type:* ``string``
* *Default:* ``"{{ hm_pgsql__logdir }}/postgresql-{{ hm_pgsql__major_version }}-main.log"``
.. envvar:: hm_pgsql__logrotate
Log rotation switch (true/false).
* *Type:* ``bool``
* *Default:* ``true``
.. envvar:: hm_pgsql__logrotate_options
Log rotation options.
* *Type:* ``list of strings``
* *Default:* (please see YAML file ``defaults/main.yml``)
.. envvar:: hm_pgsql__procs_mincnt
Minimal number of running PostgreSQL processes for health monitoring.
* *Type:* ``int``
* *Default:* ``1``
.. envvar:: hm_pgsql__procs_maxcnt
Maximal number of running PostgreSQL processes for health monitoring.
* *Type:* ``int``
* *Default:* ``100``
.. envvar:: hm_pgsql__checks
Configurations for various Nagios check warning and critical thresholds.
* *Type:* ``dict``
* *Default:* (please see YAML file ``defaults/main.yml``)
* *Example:*
.. code-block:: yaml
hm_pgsql__checks:
check_postgres_query_time:
w: 5 minutes
c: 10 minutes
...
Foreign variables
--------------------------------------------------------------------------------
This role uses following foreign variables defined in other roles:
:envvar:`hm_accounts__users`
You may flag certain users as administrators of this PostgreSQL database and
superuser accounts will be created for them in database and ``peer`` level
authentication access will be configured. Use flag ``is_admin_postgresql: true``
as property of an account.
* *Example:*
.. code-block:: yaml
hm_accounts__users:
user:
is_admin_postgresql: true
...
:envvar:`hm_monitored__service_name`
Name of the NRPE service in case the server is in **servers_monitored**
group and the playbook is automagically configuring monitoring of the Mentat
system.
Built-in Ansible variables
:envvar:group_names
List of group names current host is member of. This variable is used to resolve
:ref:`soft role dependencies <section-overview-role-soft-dependencies>`.
:envvar:ansible_lsb['codename']
Linux distribution codename. It is used to generate correct APT repository URL
and for :ref:`template customizations <section-overview-role-customize-templates>`.
Group memberships
* **servers_monitored**
In case the target server is member of this group Nagios monitoring is automagically
configured for the PostgreSQL database.
* **servers_commonenv**
In case the target server is member of this group system status script is automagically
configured for the PostgreSQL database.
.. _section-role-postgresql-files:
Managed files
--------------------------------------------------------------------------------
.. note::
This role supports the :ref:`template customization <section-overview-role-customize-templates>` feature.
This role manages content of following files on target system:
* ``/etc/logrotate.d/postgresql-common`` *[TEMPLATE]*
* ``/etc/nagios/nrpe.d/postgresql.cfg`` *[TEMPLATE]*
* ``/opt/system-status/system-status.d/20-postgresql`` *[TEMPLATE]*
.. _section-role-postgresql-author:
Author and license
--------------------------------------------------------------------------------
| *Copyright:* (C) since 2019 Honza Mach <[email protected]>
| *Author:* Honza Mach <[email protected]>
| Use of this role is governed by the MIT license, see LICENSE file.
|
Ansible role for convenient installation of the PostgreSQL database.
ansible-galaxy install honzamach/ansible-role-postgresql