diff --git a/group_vars/bdd.yml b/group_vars/bdd.yml
index bd8c2dbad87490e302ece3a7980426b92465def3..e9bc488af8f68ad237782c06a9af29b8be46d585 100644
--- a/group_vars/bdd.yml
+++ b/group_vars/bdd.yml
@@ -1,13 +1,4 @@
-glob_postgresql:
- hosts:
- # Database, User, net CIDR, Method
- - [ "etherpad", "crans", "10.231.136.76/32", "etherpad"]
- - [ "roundcube", "roundcube", "10.231.136.73/32", "webmail"]
- - [ "roundcube", "roundcube", "2a0c:700:0:2:200:13ff:fe03:90b/128", "webmail"]
- - [ "all", "all", "10.231.136.73/32", null]
- - [ "all", "all", "2a0c:700:0:2:200:13ff:fe03:90b/128", null]
- - [ "sql grey pour zamok", "sqlgrey", "sqlgrey", "10.231.136.1/32", null ]
- - [ "sqlgrey", "sqlgrey", "2a0c:700:0:2:1e98:ecff:fe15:2c88/128", null ]
-
-
-
+glob_psql:
+ subnets:
+ - 172.16.10.0/24
+ - fd00:0:0:10::/64
diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml
index 6185fc51d563216e45cc65566c3618f2ae440400..9ba145d25d3c95bfb7f72a600e61459942e7c06b 100644
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@@ -3,3 +3,8 @@ loc_slapd:
ip: "{{ query('ldap', 'ip', 'daniel', 'adm') | ipv4 | first }}"
replica: true
replica_rid: 2
+
+loc_psql:
+ version: 11
+ replica: yes
+ addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml
index 6688778fd8743f60ed16f13b19523a93c452c41f..a6631ab3c4c68301e978004b46c70a6041ff147e 100644
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@@ -3,3 +3,8 @@ loc_slapd:
ip: "{{ query('ldap', 'ip', 'jack', 'adm') | ipv4 | first }}"
replica: true
replica_rid: 3
+
+loc_psql:
+ version: 11
+ replica: yes
+ addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml
index e612aa73ba5d1977c0625c945ceb952179d98375..d5e8bbf14120c68033ca927bae877ceb1aa92751 100644
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@@ -3,3 +3,8 @@ loc_slapd:
ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}"
replica: true
replica_rid: 1
+
+loc_psql:
+ version: 11
+ replica: yes
+ addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml
index 0ae0ea3824b4476fdbcd977a91ad70572ddffe95..aa6545f9b871c7029fb83225af73f1942261104d 100644
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@@ -1,5 +1,29 @@
-loc_postgresql:
+loc_psql:
version: 11
+ hosts:
+ - db: etherpad
+ user: crans
+ map: { name: etherpad, system: etherpad, pg: crans }
+ - db: etherpad_tmp
+ user: crans
+ map: { name: etherpad_tmp, system: etherpad, pg: crans }
+ - db: horde5
+ user: www-data
+ map: { name: horde, system: www-data, pg: www-data }
+ - db: roundcube
+ user: roundcube
+ map: { name: webmail, system: www-data, pg: roundcube }
+ - { db: owncloud, user: owncloud }
+ - { db: cas, user: cas }
+ - { db: hedgedoc, user: hedgedoc }
+ - { db: sqlgrey, user: sqlgrey, method: ident }
+ - { db: re2o, user: re2o }
+ - { db: re2o_test, user: re2o }
+ - { db: mailman3, user: mailman3 }
+ - { db: mailman3web, user: mailman3web }
+ - { db: all, user: all, subnets: ['127.0.0.1/32','::1/128'], local: yes }
+ - { db: replication, user: replication, local: yes }
+ addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"
loc_slapd:
ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
diff --git a/hosts b/hosts
index 3ed8da22643466f34d56f156a0cc7ef8d25659a7..8f68354e701e52f5326baac7af6e8e94907c9ed7 100644
--- a/hosts
+++ b/hosts
@@ -17,6 +17,9 @@ tealc.adm.crans.org
[bdd]
tealc.adm.crans.org
+[bdd:children]
+virtu
+
[belenios]
belenios.adm.crans.org
diff --git a/plays/postgresql.yml b/plays/postgresql.yml
index 009b812509c2bc54a4670469adaf661f75efc0d9..3c5ab740c67affbae5a7da7ac57d858987194c00 100755
--- a/plays/postgresql.yml
+++ b/plays/postgresql.yml
@@ -3,8 +3,6 @@
# Deploy postgresql server
- hosts: bdd
vars:
- postgresql:
- version: "{{ loc_postgresql.version }}"
- hosts: "{{ glob_postgresql.hosts }}"
+ psql: '{{ glob_psql | default({}) | combine(loc_psql | default({})) }}'
roles:
- postgresql
diff --git a/roles/postgresql/handlers/main.yml b/roles/postgresql/handlers/main.yml
index 13e253367a0bff621888cc8fd0428a01ee5ec7cd..027db7b28d03cff5174fa6c56de617a8e74265bf 100644
--- a/roles/postgresql/handlers/main.yml
+++ b/roles/postgresql/handlers/main.yml
@@ -1,6 +1,6 @@
---
- name: restart postgresql
systemd:
- name: postgresql
+ name: postgresql@{{ psql.version }}-main
state: restarted
enabled: true
diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml
index a8979b2cbaff2e3e6badfe4f499522fbf12d78d6..e49eba30c75f2d45acf62a46a2531e7799bdfaf3 100644
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@@ -1,4 +1,8 @@
---
+- name: Set postgresql installation directory
+ set_fact:
+ psql_dir: '/etc/postgresql/{{ psql.version }}/main/'
+
- name: Install postgresql
apt:
update_cache: true
@@ -10,34 +14,40 @@
- name: Ensure main postgresql directory exists
file:
- path: /etc/postgresql/{{ postgresql.version }}/main/
+ path: '{{ psql_dir }}'
state: directory
owner: postgres
group: postgres
mode: 0755
- recurse: yes
- name: Ensure configuration directory exists
file:
- path: /etc/postgresql/{{ postgresql.version }}/main/conf.d
+ path: '{{ psql_dir }}/conf.d'
state: directory
owner: postgres
group: postgres
mode: 0755
-
-- name: Configuration of postgresql {{ postgresql.version }}
+
+- name: Configuration of postgresql {{ psql.version }}
template:
- src: postgresql/{{ item }}.j2
- dest: /etc/postgresql/{{ postgresql.version }}/main/{{ item }}
+ src: postgresql/postgresql.conf.j2
+ dest: '{{ psql_dir }}/postgresql.conf'
+ mode: 0640
+ owner: postgres
+ group: postgres
+ notify:
+ - restart postgresql
+
+- name: Master of configuration of postgresql {{ psql.version }}
+ template:
+ src: 'postgresql/{{ item }}.j2'
+ dest: '{{ psql_dir }}/{{ item }}'
mode: 0640
owner: postgres
group: postgres
loop:
- pg_hba.conf
- pg_ident.conf
- - postgresql.conf
notify:
- restart postgresql
-
-
-
+ when: 'not(psql.replica | default(False))'
diff --git a/roles/postgresql/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
index 96d071421d1f29b19627cd3824a482fa53b4c6bf..5e877e0aebf7009973586a1f98733d601a4a880c 100644
--- a/roles/postgresql/templates/postgresql/pg_hba.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
@@ -88,16 +88,14 @@ local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
+{% for host in psql.hosts %}
+{% if host.local | default(False) %}
# "local" is for Unix domain socket connections only
-local all all peer
+local {{ host.db }} {{ host.user }} peer
+{% endif %}
+{% for subnet in host.subnets | default(psql.subnets) %}
+host {{ host.db }} {{ host.user }} {{ subnet }} {% if host.map is defined %}ident map={{ host.map.name }}{% else %}{{ host.method | default('md5') }}{% endif %}
-{% for host in postgresql.hosts %}
-host {{ host[0] }} {{ host[1] }} {{ host[2] }} ident {% if host[3] %}map={{ host[3] }}{% endif %}
{% endfor %}
-
-# Allow replication connections from localhost, by a user with the
-# replication privilege.
-local replication all peer
-host replication all 127.0.0.1/32 md5
-host replication all ::1/128 md5
+{% endfor %}
diff --git a/roles/postgresql/templates/postgresql/pg_ident.conf.j2 b/roles/postgresql/templates/postgresql/pg_ident.conf.j2
index 1047e97639fa560cc53d87986a64163657401406..ed359311863adc56792867f46b01095192daecee 100644
--- a/roles/postgresql/templates/postgresql/pg_ident.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_ident.conf.j2
@@ -42,3 +42,8 @@
# ----------------------------------
# MAPNAME SYSTEM-USERNAME PG-USERNAME
+{% for host in psql.hosts %}
+{% if host.map is defined %}
+{{ host.map.name }} {{ host.map.system }} {{ host.map.pg }}
+{% endif %}
+{% endfor %}
diff --git a/roles/postgresql/templates/postgresql/postgresql.conf.j2 b/roles/postgresql/templates/postgresql/postgresql.conf.j2
index c5a09617dbb8a9a19028a7bac31d9a7993689e66..991ed2b834e560dd8a9c3791e87c0f69c1363c59 100644
--- a/roles/postgresql/templates/postgresql/postgresql.conf.j2
+++ b/roles/postgresql/templates/postgresql/postgresql.conf.j2
@@ -40,15 +40,15 @@
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
-data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main' # use data in another directory
+data_directory = '/var/lib/postgresql/{{ psql.version }}/main' # use data in another directory
# (change requires restart)
-hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf' # host-based authentication file
+hba_file = '/etc/postgresql/{{ psql.version }}/main/pg_hba.conf' # host-based authentication file
# (change requires restart)
-ident_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_ident.conf' # ident configuration file
+ident_file = '/etc/postgresql/{{ psql.version }}/main/pg_ident.conf' # ident configuration file
# (change requires restart)
# If external_pid_file is not explicitly set, no extra PID file is written.
-external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # write an extra PID file
+external_pid_file = '/var/run/postgresql/{{ psql.version }}-main.pid' # write an extra PID file
# (change requires restart)
@@ -57,8 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' #
#------------------------------------------------------------------------------
# - Connection Settings -
-
-#listen_addresses = 'localhost' # what IP address(es) to listen on;
+listen_addresses = '{{ (psql.addresses | default([]) + ['localhost']) | join(',') }}' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
@@ -183,7 +182,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# - Settings -
-#wal_level = replica # minimal, replica, or logical
+wal_level = replica # minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
# (turning this off can cause
@@ -238,12 +237,12 @@ min_wal_size = 80MB
# Set these on the master and on any standby that will send replication data.
-#max_wal_senders = 10 # max number of walsender processes
+max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
#wal_keep_segments = 0 # in logfile segments; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
-#max_replication_slots = 10 # max number of replication slots
+max_replication_slots = 10 # max number of replication slots
# (change requires restart)
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
@@ -262,8 +261,13 @@ min_wal_size = 80MB
# These settings are ignored on a master server.
+{% if psql.replica | default(False) %}
+hot_standby = on # "off" disallows queries during recovery
+ # (change requires restart)
+{% else %}
#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
+{% endif %}
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
@@ -487,7 +491,7 @@ log_timezone = 'Europe/Paris'
# PROCESS TITLE
#------------------------------------------------------------------------------
-cluster_name = '{{ postgresql.version }}/main' # added to process titles if nonempty
+cluster_name = '{{ psql.version }}/main' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
@@ -503,7 +507,7 @@ cluster_name = '{{ postgresql.version }}/main' # added to process titles if no
#track_io_timing = off
#track_functions = none # none, pl, all
#track_activity_query_size = 1024 # (change requires restart)
-stats_temp_directory = '/var/run/postgresql/{{ postgresql.version }}-main.pg_stat_tmp'
+stats_temp_directory = '/var/run/postgresql/{{ psql.version }}-main.pg_stat_tmp'
# - Monitoring -