From d22bbd3dba7de90c6719e6e3dc8c16f2a0e616e9 Mon Sep 17 00:00:00 2001
From: Freazzzing <ссс999.11@mail.ru>
Date: Wed, 4 Feb 2026 07:27:56 +0000
Subject: [PATCH] feat: add PostgreSQL infrastructure for App2

- Add PostgreSQL role for installing and configuring PostgreSQL 17
- Add postgres_exporter role for PostgreSQL metrics collection
- Add deploy-postgres-app2.yml playbook for deployment
- Configure test database 'testdb' with user 'testuser'
- Set up postgres_exporter user for monitoring
- Include firewall configuration for PostgreSQL (5432) and postgres_exporter (9187)
- Follow existing role structure pattern from node_exporter
---
 playbooks/add-postgres-to-prometheus.yml      |  35 +++++
 playbooks/deploy-postgres-app2.yml            |  12 ++
 roles/postgres_exporter/defaults/main.yml     |  12 ++
 roles/postgres_exporter/tasks/main.yml        |  94 ++++++++++++++
 .../templates/postgres_exporter.service.j2    |  16 +++
 roles/postgresql/defaults/main.yml            |  21 +++
 roles/postgresql/tasks/main.yml               | 121 ++++++++++++++++++
 7 files changed, 311 insertions(+)
 create mode 100644 playbooks/add-postgres-to-prometheus.yml
 create mode 100644 playbooks/deploy-postgres-app2.yml
 create mode 100644 roles/postgres_exporter/defaults/main.yml
 create mode 100644 roles/postgres_exporter/tasks/main.yml
 create mode 100644 roles/postgres_exporter/templates/postgres_exporter.service.j2
 create mode 100644 roles/postgresql/defaults/main.yml
 create mode 100644 roles/postgresql/tasks/main.yml

diff --git a/playbooks/add-postgres-to-prometheus.yml b/playbooks/add-postgres-to-prometheus.yml
new file mode 100644
index 0000000..4a7054c
--- /dev/null
+++ b/playbooks/add-postgres-to-prometheus.yml
@@ -0,0 +1,35 @@
+---
+- name: Add PostgreSQL exporter to Prometheus
+  hosts: 192.168.0.105
+  become: yes
+
+  tasks:
+    - name: Add postgres_exporter scrape config
+      blockinfile:
+        path: /etc/prometheus/prometheus.yml
+        insertafter: '  # Nginx metrics via nginx-prometheus-exporter'
+        block: |2
+          # PostgreSQL metrics via postgres_exporter
+          - job_name: 'postgres-app2'
+            scrape_interval: 15s
+            scrape_timeout: 10s
+            static_configs:
+              - targets: ['192.168.0.111:9187']
+                labels:
+                  instance: 'app2'
+                  service: 'postgresql'
+                  job: 'postgres'
+            metric_relabel_configs:
+              - source_labels: [__address__]
+                target_label: instance
+              - source_labels: [__address__]
+                regex: '([^:]+):\\d+'
+                replacement: '${1}'
+                target_label: host
+        marker: "# {mark} ANSIBLE MANAGED BLOCK - postgres_exporter"
+        backup: yes
+
+    - name: Reload Prometheus
+      systemd:
+        name: prometheus
+        state: reloaded
diff --git a/playbooks/deploy-postgres-app2.yml b/playbooks/deploy-postgres-app2.yml
new file mode 100644
index 0000000..36b532e
--- /dev/null
+++ b/playbooks/deploy-postgres-app2.yml
@@ -0,0 +1,12 @@
+---
+- name: Deploy PostgreSQL and Postgres Exporter on App2
+  hosts: 192.168.0.111
+  become: yes
+  gather_facts: yes
+
+  roles:
+    - role: postgresql
+      tags: postgresql
+
+    - role: postgres_exporter
+      tags: postgres_exporter
diff --git a/roles/postgres_exporter/defaults/main.yml b/roles/postgres_exporter/defaults/main.yml
new file mode 100644
index 0000000..ae62901
--- /dev/null
+++ b/roles/postgres_exporter/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+# Postgres Exporter
+postgres_exporter_version: "0.15.0"
+postgres_exporter_port: 9187
+postgres_exporter_user: "postgres_exporter"
+postgres_exporter_password: "exporterpassword123"
+
+# Connection settings
+postgres_exporter_data_source_name: "user={{ postgres_exporter_user }} password={{ postgres_exporter_password }} host=localhost port=5432 dbname=postgres sslmode=disable"
+
+# Systemd service
+postgres_exporter_service_name: "postgres_exporter"
diff --git a/roles/postgres_exporter/tasks/main.yml b/roles/postgres_exporter/tasks/main.yml
new file mode 100644
index 0000000..a1268d3
--- /dev/null
+++ b/roles/postgres_exporter/tasks/main.yml
@@ -0,0 +1,94 @@
+---
+- name: Install required packages
+  apt:
+    name:
+      - wget
+      - tar
+    state: present
+    update_cache: yes
+  tags: postgres_exporter
+
+- name: Create postgres_exporter user
+  user:
+    name: postgres_exporter
+    system: yes
+    shell: /bin/false
+    home: /nonexistent
+    comment: "Postgres Exporter Service User"
+  tags: postgres_exporter
+
+- name: Download Postgres Exporter
+  get_url:
+    url: "https://github.com/prometheus-community/postgres_exporter/releases/download/v{{ postgres_exporter_version }}/postgres_exporter-{{ postgres_exporter_version }}.linux-amd64.tar.gz"
+    dest: "/tmp/postgres_exporter-{{ postgres_exporter_version }}.tar.gz"
+    timeout: 30
+    validate_certs: no
+  tags: postgres_exporter
+
+- name: Extract Postgres Exporter
+  unarchive:
+    src: "/tmp/postgres_exporter-{{ postgres_exporter_version }}.tar.gz"
+    dest: "/tmp/"
+    remote_src: yes
+    creates: "/tmp/postgres_exporter-{{ postgres_exporter_version }}.linux-amd64"
+  tags: postgres_exporter
+
+- name: Install Postgres Exporter binary
+  copy:
+    src: "/tmp/postgres_exporter-{{ postgres_exporter_version }}.linux-amd64/postgres_exporter"
+    dest: "/usr/local/bin/postgres_exporter"
+    owner: postgres_exporter
+    group: postgres_exporter
+    mode: '0755'
+    remote_src: yes
+  tags: postgres_exporter
+
+- name: Create systemd service
+  template:
+    src: postgres_exporter.service.j2
+    dest: /etc/systemd/system/{{ postgres_exporter_service_name }}.service
+    owner: root
+    group: root
+    mode: '0644'
+  tags: postgres_exporter
+
+- name: Clean up temp files
+  file:
+    path: "/tmp/postgres_exporter-{{ postgres_exporter_version }}.tar.gz"
+    state: absent
+  tags: postgres_exporter
+
+- name: Clean up extracted directory
+  file:
+    path: "/tmp/postgres_exporter-{{ postgres_exporter_version }}.linux-amd64"
+    state: absent
+  tags: postgres_exporter
+
+- name: Reload systemd
+  systemd:
+    daemon_reload: yes
+  tags: postgres_exporter
+
+- name: Enable and start Postgres Exporter
+  systemd:
+    name: "{{ postgres_exporter_service_name }}"
+    enabled: yes
+    state: started
+    daemon_reload: yes
+  tags: postgres_exporter
+
+- name: Configure UFW for Postgres Exporter
+  ufw:
+    rule: allow
+    port: "{{ postgres_exporter_port }}"
+    proto: tcp
+    comment: "Postgres Exporter metrics"
+  tags: postgres_exporter
+
+- name: Verify Postgres Exporter is running
+  wait_for:
+    port: "{{ postgres_exporter_port }}"
+    host: "{{ ansible_host }}"
+    delay: 3
+    timeout: 60
+  tags: postgres_exporter
diff --git a/roles/postgres_exporter/templates/postgres_exporter.service.j2 b/roles/postgres_exporter/templates/postgres_exporter.service.j2
new file mode 100644
index 0000000..c77235e
--- /dev/null
+++ b/roles/postgres_exporter/templates/postgres_exporter.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Postgres Exporter
+After=network.target postgresql.service
+Wants=postgresql.service
+
+[Service]
+Type=simple
+User=postgres_exporter
+Group=postgres_exporter
+Environment=DATA_SOURCE_NAME="{{ postgres_exporter_data_source_name }}"
+ExecStart=/usr/local/bin/postgres_exporter --web.listen-address=:{{ postgres_exporter_port }}
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/postgresql/defaults/main.yml b/roles/postgresql/defaults/main.yml
new file mode 100644
index 0000000..863ef84
--- /dev/null
+++ b/roles/postgresql/defaults/main.yml
@@ -0,0 +1,21 @@
+---
+# PostgreSQL
+postgresql_version: "17"
+postgresql_port: 5432
+postgresql_listen_addresses: "*"
+postgresql_data_dir: "/var/lib/postgresql/{{ postgresql_version }}/main"
+
+# Database configuration
+postgresql_databases:
+  - name: testdb
+    owner: testuser
+
+postgresql_users:
+  - name: testuser
+    password: "testpassword123"
+    databases: [testdb]
+    privileges: ["ALL"]
+
+# Postgres exporter user (for metrics collection)
+postgres_exporter_user: "postgres_exporter"
+postgres_exporter_password: "exporterpassword123"
diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml
new file mode 100644
index 0000000..e521b3d
--- /dev/null
+++ b/roles/postgresql/tasks/main.yml
@@ -0,0 +1,121 @@
+---
+- name: Install required packages for PostgreSQL installation
+  apt:
+    name:
+      - ca-certificates
+      - curl
+      - gnupg
+      - lsb-release
+    state: present
+    update_cache: yes
+  tags: postgresql
+
+- name: Create PostgreSQL repository keyring directory
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+  tags: postgresql
+
+- name: Download and install PostgreSQL GPG key
+  shell: |
+    curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/postgresql.gpg
+    chmod 644 /etc/apt/keyrings/postgresql.gpg
+  args:
+    creates: /etc/apt/keyrings/postgresql.gpg
+  tags: postgresql
+
+- name: Add PostgreSQL repository
+  apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/postgresql.gpg] http://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main"
+    state: present
+    update_cache: yes
+  tags: postgresql
+
+- name: Install PostgreSQL
+  apt:
+    name:
+      - postgresql-{{ postgresql_version }}
+      - postgresql-contrib-{{ postgresql_version }}
+      - postgresql-client-{{ postgresql_version }}
+    state: present
+    update_cache: yes
+  tags: postgresql
+
+- name: Ensure PostgreSQL service is started and enabled
+  service:
+    name: postgresql@17-main
+    state: started
+    enabled: yes
+  tags: postgresql
+
+- name: Configure PostgreSQL listen addresses
+  lineinfile:
+    path: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
+    regexp: "^listen_addresses[[:space:]]*="
+    line: "listen_addresses = '{{ postgresql_listen_addresses }}'"
+    backup: yes
+  tags: postgresql
+
+- name: Configure PostgreSQL authentication
+  lineinfile:
+    path: "/etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf"
+    line: "host    all             all             192.168.0.0/24          md5"
+    insertafter: "^# IPv4 local connections:"
+    backup: yes
+  tags: postgresql
+
+- name: Reload PostgreSQL configuration
+  service:
+    name: postgresql@17-main
+    state: reloaded
+    name: postgresql@17-main
+  tags: postgresql
+
+- name: Create PostgreSQL users and databases
+  become: yes
+  become_user: postgres
+  community.postgresql.postgresql_user:
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    state: present
+  loop: "{{ postgresql_users }}"
+  tags: postgresql
+
+- name: Create PostgreSQL databases
+  become: yes
+  become_user: postgres
+  community.postgresql.postgresql_db:
+    name: "{{ item.name }}"
+    owner: "{{ item.owner }}"
+    state: present
+  loop: "{{ postgresql_databases }}"
+  tags: postgresql
+
+- name: Create postgres_exporter user for monitoring
+  become: yes
+  become_user: postgres
+  community.postgresql.postgresql_user:
+    name: "{{ postgres_exporter_user }}"
+    password: "{{ postgres_exporter_password }}"
+    state: present
+  tags: postgresql
+
+- name: Grant permissions to postgres_exporter user
+  become: yes
+  become_user: postgres
+  community.postgresql.postgresql_privs:
+    database: postgres
+    state: present
+    privs: CONNECT
+    type: database
+    roles: "{{ postgres_exporter_user }}"
+  tags: postgresql
+
+- name: Configure UFW for PostgreSQL
+  ufw:
+    rule: allow
+    port: "{{ postgresql_port }}"
+    proto: tcp
+    comment: "PostgreSQL"
+  tags: postgresql