From 20319194803be899b5860c131c17de7d33da5dc9 Mon Sep 17 00:00:00 2001 From: "Eric D. Helms" Date: Thu, 12 May 2022 13:08:15 -0400 Subject: [PATCH] Add role to spin up a basic external postgresql database --- playbooks/postgresql_server.yml | 9 ++ roles/external_database/defaults/main.yml | 2 + roles/external_database/meta/main.yml | 4 + roles/external_database/tasks/main.yml | 85 +++++++++++++++++++ .../templates/pg_hba.conf.j2 | 13 +++ roles/external_database/vars/RedHat-7.yml | 8 ++ roles/external_database/vars/RedHat-8.yml | 7 ++ 7 files changed, 128 insertions(+) create mode 100644 playbooks/postgresql_server.yml create mode 100644 roles/external_database/defaults/main.yml create mode 100644 roles/external_database/meta/main.yml create mode 100644 roles/external_database/tasks/main.yml create mode 100644 roles/external_database/templates/pg_hba.conf.j2 create mode 100644 roles/external_database/vars/RedHat-7.yml create mode 100644 roles/external_database/vars/RedHat-8.yml diff --git a/playbooks/postgresql_server.yml b/playbooks/postgresql_server.yml new file mode 100644 index 000000000..f9b4092b9 --- /dev/null +++ b/playbooks/postgresql_server.yml @@ -0,0 +1,9 @@ +--- +- hosts: all + gather_facts: true + become: true + roles: + - role: update_os_packages + - role: postgresql_scl + when: ansible_distribution_major_version == '7' + - role: external_database diff --git a/roles/external_database/defaults/main.yml b/roles/external_database/defaults/main.yml new file mode 100644 index 000000000..214369d1c --- /dev/null +++ b/roles/external_database/defaults/main.yml @@ -0,0 +1,2 @@ +--- +external_database_encryption: md5 diff --git a/roles/external_database/meta/main.yml b/roles/external_database/meta/main.yml new file mode 100644 index 000000000..3b0347906 --- /dev/null +++ b/roles/external_database/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: foreman_repositories + - role: katello_repositories diff --git a/roles/external_database/tasks/main.yml b/roles/external_database/tasks/main.yml new file mode 100644 index 000000000..f7f605950 --- /dev/null +++ b/roles/external_database/tasks/main.yml @@ -0,0 +1,85 @@ +--- +- name: "Load OS variables" + include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" + +- name: 'Install PostgreSQL packages' + package: + name: "{{ external_database_packages }}" + state: installed + +- name: 'Init PostgreSQL database' + command: postgresql-setup initdb + args: + creates: "{{ external_database_postgresql_conf_path }}" + +- name: 'Deploy pg_hba.conf' + template: + dest: "{{ external_database_pg_hba_conf_path }}" + src: pg_hba.conf.j2 + mode: 0600 + owner: postgres + group: postgres + +- name: Set listen addresses to * + lineinfile: + dest: "{{ external_database_postgresql_conf_path }}" + regexp: "^listen_addresses" + line: "listen_addresses = '*'" + state: present + backup: yes + +- name: Set password_encryption + lineinfile: + dest: "{{ external_database_postgresql_conf_path }}" + regexp: "password_encryption =" + line: "password_encryption = {{ external_database_encryption }}" + state: present + backup: yes + +- name: 'Ensure PostgreSQL is running' + service: + name: postgresql + state: restarted + enabled: yes + +- name: 'Add database user' + become_user: postgres + postgresql_user: + state: present + name: "foreman" + password: "foreman" + +- name: 'Create Foreman database' + become_user: postgres + postgresql_db: + state: present + name: "foreman" + owner: "foreman" + +- name: 'Add candlepin database user' + become_user: postgres + postgresql_user: + state: present + name: "candlepin" + password: "candlepin" + +- name: 'Create Candlepin database' + become_user: postgres + postgresql_db: + state: present + name: "candlepin" + owner: "candlepin" + +- name: 'Add pulp database user' + become_user: postgres + postgresql_user: + state: present + name: "pulp" + password: "pulp" + +- name: 'Create Pulp database' + become_user: postgres + postgresql_db: + state: present + name: "pulp" + owner: "pulp" diff --git a/roles/external_database/templates/pg_hba.conf.j2 b/roles/external_database/templates/pg_hba.conf.j2 new file mode 100644 index 000000000..42a01f9ed --- /dev/null +++ b/roles/external_database/templates/pg_hba.conf.j2 @@ -0,0 +1,13 @@ +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all ident + +# IPv4 local connections: +host all all 127.0.0.1/32 {{ external_database_encryption }} + +# IPv4 remote connections: +host all all 0.0.0.0/0 {{ external_database_encryption }} + +# IPv6 local connections: +host all all ::1/128 {{ external_database_encryption }} diff --git a/roles/external_database/vars/RedHat-7.yml b/roles/external_database/vars/RedHat-7.yml new file mode 100644 index 000000000..b27b1f79f --- /dev/null +++ b/roles/external_database/vars/RedHat-7.yml @@ -0,0 +1,8 @@ +--- +external_database_packages: + - rh-postgresql12-syspaths + - rh-postgresql12-postgresql-server + - python-psycopg2 + - rh-postgresql12-postgresql-evr +external_database_postgresql_conf_path: /var/opt/rh/rh-postgresql12/lib/pgsql/data/postgresql.conf +external_database_pg_hba_conf_path: /var/opt/rh/rh-postgresql12/lib/pgsql/data/pg_hba.conf diff --git a/roles/external_database/vars/RedHat-8.yml b/roles/external_database/vars/RedHat-8.yml new file mode 100644 index 000000000..c635589c0 --- /dev/null +++ b/roles/external_database/vars/RedHat-8.yml @@ -0,0 +1,7 @@ +--- +external_database_packages: + - postgresql-server + - python3-psycopg2 + - postgresql-evr +external_database_postgresql_conf_path: /var/lib/pgsql/data/postgresql.conf +external_database_pg_hba_conf_path: /var/lib/pgsql/data/pg_hba.conf