122 lines
3.2 KiB
YAML
122 lines
3.2 KiB
YAML
|
---
|
||
|
|
- name: Install required packages for PostgreSQL installation
|
||
|
|
apt:
|
||
|
|
name:
|
||
|
|
- ca-certificates
|
||
|
|
- curl
|
||
|
|
- gnupg
|
||
|
|
- lsb-release
|
||
|
|
state: present
|
||
|
|
update_cache: yes
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Create PostgreSQL repository keyring directory
|
||
|
|
file:
|
||
|
|
path: /etc/apt/keyrings
|
||
|
|
state: directory
|
||
|
|
mode: '0755'
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Download and install PostgreSQL GPG key
|
||
|
|
shell: |
|
||
|
|
curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/postgresql.gpg
|
||
|
|
chmod 644 /etc/apt/keyrings/postgresql.gpg
|
||
|
|
args:
|
||
|
|
creates: /etc/apt/keyrings/postgresql.gpg
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Add PostgreSQL repository
|
||
|
|
apt_repository:
|
||
|
|
repo: "deb [signed-by=/etc/apt/keyrings/postgresql.gpg] http://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main"
|
||
|
|
state: present
|
||
|
|
update_cache: yes
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Install PostgreSQL
|
||
|
|
apt:
|
||
|
|
name:
|
||
|
|
- postgresql-{{ postgresql_version }}
|
||
|
|
- postgresql-contrib-{{ postgresql_version }}
|
||
|
|
- postgresql-client-{{ postgresql_version }}
|
||
|
|
state: present
|
||
|
|
update_cache: yes
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Ensure PostgreSQL service is started and enabled
|
||
|
|
service:
|
||
|
|
name: postgresql@17-main
|
||
|
|
state: started
|
||
|
|
enabled: yes
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Configure PostgreSQL listen addresses
|
||
|
|
lineinfile:
|
||
|
|
path: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
|
||
|
|
regexp: "^listen_addresses[[:space:]]*="
|
||
|
|
line: "listen_addresses = '{{ postgresql_listen_addresses }}'"
|
||
|
|
backup: yes
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Configure PostgreSQL authentication
|
||
|
|
lineinfile:
|
||
|
|
path: "/etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf"
|
||
|
|
line: "host all all 192.168.0.0/24 md5"
|
||
|
|
insertafter: "^# IPv4 local connections:"
|
||
|
|
backup: yes
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Reload PostgreSQL configuration
|
||
|
|
service:
|
||
|
|
name: postgresql@17-main
|
||
|
|
state: reloaded
|
||
|
|
name: postgresql@17-main
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Create PostgreSQL users and databases
|
||
|
|
become: yes
|
||
|
|
become_user: postgres
|
||
|
|
community.postgresql.postgresql_user:
|
||
|
|
name: "{{ item.name }}"
|
||
|
|
password: "{{ item.password }}"
|
||
|
|
state: present
|
||
|
|
loop: "{{ postgresql_users }}"
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Create PostgreSQL databases
|
||
|
|
become: yes
|
||
|
|
become_user: postgres
|
||
|
|
community.postgresql.postgresql_db:
|
||
|
|
name: "{{ item.name }}"
|
||
|
|
owner: "{{ item.owner }}"
|
||
|
|
state: present
|
||
|
|
loop: "{{ postgresql_databases }}"
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Create postgres_exporter user for monitoring
|
||
|
|
become: yes
|
||
|
|
become_user: postgres
|
||
|
|
community.postgresql.postgresql_user:
|
||
|
|
name: "{{ postgres_exporter_user }}"
|
||
|
|
password: "{{ postgres_exporter_password }}"
|
||
|
|
state: present
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Grant permissions to postgres_exporter user
|
||
|
|
become: yes
|
||
|
|
become_user: postgres
|
||
|
|
community.postgresql.postgresql_privs:
|
||
|
|
database: postgres
|
||
|
|
state: present
|
||
|
|
privs: CONNECT
|
||
|
|
type: database
|
||
|
|
roles: "{{ postgres_exporter_user }}"
|
||
|
|
tags: postgresql
|
||
|
|
|
||
|
|
- name: Configure UFW for PostgreSQL
|
||
|
|
ufw:
|
||
|
|
rule: allow
|
||
|
|
port: "{{ postgresql_port }}"
|
||
|
|
proto: tcp
|
||
|
|
comment: "PostgreSQL"
|
||
|
|
tags: postgresql
|