dataverse-ansible/tasks/postgres.yml at 7ec81793e87745b859438d89daca8fdce5603a57 · gdcc/dataverse-ansible · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
# dataverse/tasks/db.postgres.yml

- name: install postgres
  debug:
    msg: '##### POSTGRES #####'


- name: ansible postgres module wants python-psycopg2 on debian and RedHat 7
  package:
    name: python-psycopg2
    state: latest
  when: (ansible_os_family == "RedHat" and
        ansible_distribution_major_version == "7") or
        (ansible_os_family == "Debian" and
        ansible_distribution_major_version == "10")

- name: ansible postgres module wants python3-psycopg2
  package:
    name: python3-psycopg2
    state: latest
  when: (ansible_os_family == "RedHat" and
        ansible_distribution_major_version == "8") or
        (ansible_os_family == "Debian" and
        ansible_distribution_major_version == "11")

- name: import RPM-GPG-KEY-PGDG
  rpm_key:
    state: present
    key: https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG
  when: ansible_os_family == "RedHat"

- name: install postgres repo RPM
  yum:
    name: 'https://download.postgresql.org/pub/repos/yum/reporpms/EL-{{ ansible_distribution_major_version }}-x86_64/pgdg-redhat-repo-latest.noarch.rpm'
    state: present
  when: ansible_os_family == "RedHat"

- name: "RHEL/Rocky8: disable PostgreSQL proper in the OS"
  shell: 'dnf -qy module disable postgresql'
  when: ansible_os_family == "RedHat" and
        ansible_distribution_major_version == "8"

- name: postgres uses differing version syntax in a few commands/packages
  set_fact:
    dataverse_pg_version_short: "{{ db.postgres.version | regex_replace('\\.','') }}"

- name: get postgres config directory
  set_fact:
    postgres_config_dir: "{{ (ansible_os_family == 'RedHat') |
                             ternary('/var/lib/pgsql/'+(db.postgres.version|string)+'/data',
                                     '/etc/postgresql/'+(db.postgres.version|string)+'/main'
                         ) }}"

- name: install postgres server on RedHat / Rocky
  yum:
   name: 'postgresql{{ dataverse_pg_version_short }}-server'
   state: latest
  when: ansible_os_family == "RedHat" and
        db.use_rds == false

- name: install postgres server on Debian
  apt:
   name: 'postgresql-{{ dataverse_pg_version_short }}'
   state: latest
  when: ansible_os_family == "Debian" and
        db.use_rds == false

- name: install postgres client on RedHat / Rocky for RDS
  yum:
    name: 'postgresql{{ dataverse_pg_version_short }}'
    state: latest
  when: ansible_os_family == "RedHat" and
        db.use_rds == true

- name: install postgres client on Debian
  apt:
    name: 'postgresql-client-{{ dataverse_pg_version_short }}'
    state: latest
  when: ansible_os_family == "Debian" and
        db.use_rds == true

- ansible.builtin.import_tasks: postgresql-init.yml
  when: db.use_rds == false

- name: install pg_hba.conf
  template:
    src: pg_hba.conf.j2
    dest: '{{ postgres_config_dir }}/pg_hba.conf'
    owner: postgres
    group: postgres
    mode: 0644
  when: db.use_rds == false
  notify: enable and restart postgres

- ansible.builtin.import_tasks: postgres_replication.yml
  when: db.postgres.replication.enabled

- name: log_lock_waits when told
  lineinfile:
    path: '{{ postgres_config_dir }}/postgresql.conf'
    regexp: '^#log_lock_waits'
    line: 'log_lock_waits = on'
  when:
   - db.postgres.log_lock_waits
   - not db.use_rds
  notify: enable and restart postgres

- meta: flush_handlers

- name: dataverse python installer wants to be a postgres admin
  community.postgresql.postgresql_user:
    db: postgres
    login_user: '{{ db.postgres.adminuser }}'
    name: '{{ db.postgres.adminuser }}'
    password: '{{ db.postgres.adminpass }}'
  become: true
  become_user: postgres
  when: db.use_rds == false

- name: create dataverse postgres database
  postgresql_db:
    name: '{{ db.postgres.name }}'
  become: true
  become_user: postgres
  when: db.use_rds == false

- name: create dataverse postgres user, set permissions
  postgresql_user:
    db: '{{ db.postgres.name }}'
    name: '{{ db.postgres.user }}'
    password: '{{ db.postgres.pass }}'
    role_attr_flags: 'NOSUPERUSER,CREATEDB,CREATEROLE,INHERIT,LOGIN'
  become: true
  become_user: postgres
  when: db.use_rds == false

- name: postgresql 15 requires explicit permissions on public schema
  community.postgresql.postgresql_privs:
    db: '{{ db.postgres.name }}'
    privs: CREATE
    type: schema
    objs: public
    role: '{{ db.postgres.user }}'
  become: true
  become_user: postgres
  when: db.use_rds == false

- ansible.builtin.import_tasks: postgres_sequential_identifiers.yml
  when: dataverse.api.test_suite == true