diff --git a/group_vars/bdd.yml b/group_vars/postgres.yml
similarity index 78%
rename from group_vars/bdd.yml
rename to group_vars/postgres.yml
index e9bc488af8f68ad237782c06a9af29b8be46d585..0ecc3093eef0d9c702a657e641ae2f74b82c4346 100644
--- a/group_vars/bdd.yml
+++ b/group_vars/postgres.yml
@@ -1,4 +1,4 @@
-glob_psql:
+glob_postgres:
subnets:
- 172.16.10.0/24
- fd00:0:0:10::/64
diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml
index 2766f75aea578650aba6f677a2f77452f6fb039c..c759e0ab6ff46eda36a25f52eb2d78f6229892a3 100644
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@@ -4,7 +4,7 @@ loc_slapd:
replica: true
replica_rid: 2
-loc_psql:
+loc_postgres:
version: 11
replica: yes
addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
diff --git a/host_vars/gulp.cachan-adm.crans.org.yml b/host_vars/gulp.cachan-adm.crans.org.yml
index 7b436efdaa6967cd0e1ae543f190b98a0631393b..f3996168971fc429f1b883dadf318957b627c50d 100644
--- a/host_vars/gulp.cachan-adm.crans.org.yml
+++ b/host_vars/gulp.cachan-adm.crans.org.yml
@@ -10,7 +10,7 @@ glob_ntp_client:
debian_mirror: http://172.17.10.202/debian
-loc_psql:
+loc_postgres:
subnets:
- 172.17.10.0/24
- fd00:0:0:3010::/64
@@ -18,6 +18,9 @@ loc_psql:
hosts:
- { db: re2o, user: re2o }
addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
+ backup:
+ dir: /var/local/db-backup
+ frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"
loc_borg:
remote:
diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml
index db3c3b654ac42643d27a8b163cd780d8d3bdaeeb..38e384d9fd3a3a13d268bf4244e9bcb3f4058d0e 100644
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@@ -4,7 +4,7 @@ loc_slapd:
replica: true
replica_rid: 3
-loc_psql:
+loc_postgres:
version: 11
replica: yes
addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml
index a3163e32212d86ba0bbc0fbbe0a9624587be7a96..6128448d754be59b3b8418c935cd4c753d2ebbb7 100644
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@@ -4,7 +4,7 @@ loc_slapd:
replica: true
replica_rid: 1
-loc_psql:
+loc_postgres:
version: 11
replica: yes
addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml
index dce9520d86fbe2877b953da3e884f78ea380a4ef..e169e9e9387a272c52b9b840eca713809ba38939 100644
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@@ -1,4 +1,4 @@
-loc_psql:
+loc_postgres:
version: 11
hosts:
- db: etherpad
@@ -19,11 +19,15 @@ loc_psql:
- { db: sqlgrey, user: sqlgrey, method: ident }
- { db: re2o, user: re2o }
- { db: re2o_test, user: re2o }
+ - { db: constellation-dev, user: constellation-dev }
- { db: mailman3, user: mailman3 }
- { db: mailman3web, user: mailman3web }
- { db: all, user: all, subnets: ['127.0.0.1/32','::1/128'], local: yes }
- { db: replication, user: replication, local: yes }
addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"
+ backup:
+ dir: /var/local/db-backup
+ frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"
loc_slapd:
ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
diff --git a/hosts b/hosts
index bcba7db6760b6ed66232c3cefb3c1b34fa6cd54d..0a734fa9fdb86bfa365f29c2ecb1279d96fe3db6 100644
--- a/hosts
+++ b/hosts
@@ -14,13 +14,12 @@ omnomnom.cachan-adm.crans.org
cameron.adm.crans.org
tealc.adm.crans.org
-[bdd]
+[postgres]
tealc.adm.crans.org
gulp.cachan-adm.crans.org
[blackbox]
monitoring.adm.crans.org
-
[bdd:children]
virtu
diff --git a/plays/postgresql.yml b/plays/postgresql.yml
index 3c5ab740c67affbae5a7da7ac57d858987194c00..114ce1e7a1ca9ac23209badfa1bf5716aed486c5 100755
--- a/plays/postgresql.yml
+++ b/plays/postgresql.yml
@@ -1,8 +1,8 @@
#!/usr/bin/env ansible-playbook
---
# Deploy postgresql server
-- hosts: bdd
+- hosts: postgres
vars:
- psql: '{{ glob_psql | default({}) | combine(loc_psql | default({})) }}'
+ postgres: '{{ glob_postgres | default({}) | combine(loc_postgres | default({})) }}'
roles:
- postgresql
diff --git a/roles/postgresql/handlers/main.yml b/roles/postgresql/handlers/main.yml
index 5c9eb096d28d470545a4e74822721c1cf36bacbf..2081f6e49265b9a2ca6863ec05b9f79142f0b7a3 100644
--- a/roles/postgresql/handlers/main.yml
+++ b/roles/postgresql/handlers/main.yml
@@ -1,3 +1,3 @@
---
- name: reload postgresql
- command: /usr/bin/pg_ctlcluster {{ psql.version }} main reload
+ command: /usr/bin/pg_ctlcluster {{ postgres.version }} main reload
diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml
index f40d96541b0e6fae77c1c85c12192b0c3a5c6281..e90aa6a6a87b1c298ca27ca0f2d9e14f3f60b896 100644
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: Set postgresql installation directory
set_fact:
- psql_dir: '/etc/postgresql/{{ psql.version }}/main/'
+ postgres_dir: '/etc/postgresql/{{ postgres.version }}/main'
- name: Install postgresql
apt:
@@ -14,7 +14,7 @@
- name: Ensure main postgresql directory exists
file:
- path: '{{ psql_dir }}'
+ path: '{{ postgres_dir }}'
state: directory
owner: postgres
group: postgres
@@ -22,26 +22,26 @@
- name: Ensure configuration directory exists
file:
- path: '{{ psql_dir }}/conf.d'
+ path: '{{ postgres_dir }}/conf.d'
state: directory
owner: postgres
group: postgres
mode: 0755
-- name: Configuration of postgresql {{ psql.version }}
+- name: Configuration of postgresql {{ postgres.version }}
template:
src: postgresql/postgresql.conf.j2
- dest: '{{ psql_dir }}/postgresql.conf'
+ dest: '{{ postgres_dir }}/postgresql.conf'
mode: 0640
owner: postgres
group: postgres
notify:
- reload postgresql
-- name: Master of configuration of postgresql {{ psql.version }}
+- name: Master of configuration of postgresql {{ postgres.version }}
template:
src: 'postgresql/{{ item }}.j2'
- dest: '{{ psql_dir }}/{{ item }}'
+ dest: '{{ postgres_dir }}/{{ item }}'
mode: 0640
owner: postgres
group: postgres
@@ -50,4 +50,19 @@
- pg_ident.conf
notify:
- reload postgresql
- when: 'not(psql.replica | default(False))'
+ when: 'not(postgres.replica | default(False))'
+
+- name: Create backup directory
+ file:
+ path: "{{ postgres.backup.dir }}"
+ owner: postgres
+ group: postgres
+ state: directory
+ mode: 0770
+ when: postgres.backup is defined
+
+- name: Create backup cron
+ template:
+ src: cron.d/pg_dump.j2
+ dest: /etc/cron.d/pg_dump
+ when: postgres.backup is defined
diff --git a/roles/postgresql/templates/cron.d/pg_dump.j2 b/roles/postgresql/templates/cron.d/pg_dump.j2
new file mode 100644
index 0000000000000000000000000000000000000000..312197b186d3df574526190f60e390e2f92e88d9
--- /dev/null
+++ b/roles/postgresql/templates/cron.d/pg_dump.j2
@@ -0,0 +1,5 @@
+{{ ansible_header | comment }}
+
+PATH=$PATH:/usr/sbin:/usr/bin:/usr/local/bin:/sbin:/bin
+
+{{ postgres.backup.frequency }} postgres pg_dumpall -f {{ postgres.backup.dir }}/all.sql
diff --git a/roles/postgresql/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
index 5e877e0aebf7009973586a1f98733d601a4a880c..ca41345722a60feb3a28c0b911de5ec131d9da38 100644
--- a/roles/postgresql/templates/postgresql/pg_hba.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
@@ -88,12 +88,12 @@ local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
-{% for host in psql.hosts %}
+{% for host in postgres.hosts %}
{% if host.local | default(False) %}
# "local" is for Unix domain socket connections only
local {{ host.db }} {{ host.user }} peer
{% endif %}
-{% for subnet in host.subnets | default(psql.subnets) %}
+{% for subnet in host.subnets | default(postgres.subnets) %}
host {{ host.db }} {{ host.user }} {{ subnet }} {% if host.map is defined %}ident map={{ host.map.name }}{% else %}{{ host.method | default('md5') }}{% endif %}
{% endfor %}
diff --git a/roles/postgresql/templates/postgresql/pg_ident.conf.j2 b/roles/postgresql/templates/postgresql/pg_ident.conf.j2
index ed359311863adc56792867f46b01095192daecee..8c0dd01c12caf1c96744b6c90f1b035b75deb71b 100644
--- a/roles/postgresql/templates/postgresql/pg_ident.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_ident.conf.j2
@@ -42,7 +42,7 @@
# ----------------------------------
# MAPNAME SYSTEM-USERNAME PG-USERNAME
-{% for host in psql.hosts %}
+{% for host in postgres.hosts %}
{% if host.map is defined %}
{{ host.map.name }} {{ host.map.system }} {{ host.map.pg }}
{% endif %}
diff --git a/roles/postgresql/templates/postgresql/postgresql.conf.j2 b/roles/postgresql/templates/postgresql/postgresql.conf.j2
index 991ed2b834e560dd8a9c3791e87c0f69c1363c59..24da99c9e4485161e69f9af1c4bb56a4615332e9 100644
--- a/roles/postgresql/templates/postgresql/postgresql.conf.j2
+++ b/roles/postgresql/templates/postgresql/postgresql.conf.j2
@@ -40,15 +40,15 @@
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
-data_directory = '/var/lib/postgresql/{{ psql.version }}/main' # use data in another directory
+data_directory = '/var/lib/postgresql/{{ postgres.version }}/main' # use data in another directory
# (change requires restart)
-hba_file = '/etc/postgresql/{{ psql.version }}/main/pg_hba.conf' # host-based authentication file
+hba_file = '/etc/postgresql/{{ postgres.version }}/main/pg_hba.conf' # host-based authentication file
# (change requires restart)
-ident_file = '/etc/postgresql/{{ psql.version }}/main/pg_ident.conf' # ident configuration file
+ident_file = '/etc/postgresql/{{ postgres.version }}/main/pg_ident.conf' # ident configuration file
# (change requires restart)
# If external_pid_file is not explicitly set, no extra PID file is written.
-external_pid_file = '/var/run/postgresql/{{ psql.version }}-main.pid' # write an extra PID file
+external_pid_file = '/var/run/postgresql/{{ postgres.version }}-main.pid' # write an extra PID file
# (change requires restart)
@@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ psql.version }}-main.pid' # write
#------------------------------------------------------------------------------
# - Connection Settings -
-listen_addresses = '{{ (psql.addresses | default([]) + ['localhost']) | join(',') }}' # what IP address(es) to listen on;
+listen_addresses = '{{ (postgres.addresses | default([]) + ['localhost']) | join(',') }}' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
@@ -261,7 +261,7 @@ max_replication_slots = 10 # max number of replication slots
# These settings are ignored on a master server.
-{% if psql.replica | default(False) %}
+{% if postgres.replica | default(False) %}
hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
{% else %}
@@ -491,7 +491,7 @@ log_timezone = 'Europe/Paris'
# PROCESS TITLE
#------------------------------------------------------------------------------
-cluster_name = '{{ psql.version }}/main' # added to process titles if nonempty
+cluster_name = '{{ postgres.version }}/main' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
@@ -507,7 +507,7 @@ cluster_name = '{{ psql.version }}/main' # added to process titles if nonempty
#track_io_timing = off
#track_functions = none # none, pl, all
#track_activity_query_size = 1024 # (change requires restart)
-stats_temp_directory = '/var/run/postgresql/{{ psql.version }}-main.pg_stat_tmp'
+stats_temp_directory = '/var/run/postgresql/{{ postgres.version }}-main.pg_stat_tmp'
# - Monitoring -