diff --git a/roles/init_dbserver/defaults/main.yml b/roles/init_dbserver/defaults/main.yml index b3537b75..c6844fdd 100644 --- a/roles/init_dbserver/defaults/main.yml +++ b/roles/init_dbserver/defaults/main.yml @@ -35,7 +35,6 @@ disable_logging: true use_replication_slots: true use_hostname: true update_etc_file: true -enable_core_dump: false # setting validate_only to true allows you to validate setup on an existing node # use_validation flag applies to deployment configuration and validation after setup diff --git a/roles/init_dbserver/tasks/pg_setup_systemd.yml b/roles/init_dbserver/tasks/pg_setup_systemd.yml index 8ae56d07..ad54137f 100644 --- a/roles/init_dbserver/tasks/pg_setup_systemd.yml +++ b/roles/init_dbserver/tasks/pg_setup_systemd.yml @@ -28,15 +28,3 @@ become: true when: - ansible_os_family == 'RedHat' - -- name: Add LimitCORE in systemd file - edb_devops.edb_postgres.linesinfile: - path: "/etc/systemd/system/{{ pg_service }}.service" - lines: - - line: "LimitCORE=infinity" - regexp: "^LimitCORE=.*" - insertafter: "^\\[Service\\]$" - become: true - when: - - enable_core_dump|bool - - ansible_os_family == 'RedHat' diff --git a/roles/install_dbserver/defaults/main.yml b/roles/install_dbserver/defaults/main.yml index 54ab204e..3794b802 100644 --- a/roles/install_dbserver/defaults/main.yml +++ b/roles/install_dbserver/defaults/main.yml @@ -6,7 +6,6 @@ pg_version: 14 pg_tuner_version: 1 pg_owner: "{{ 'enterprisedb' if pg_type == 'EPAS' else 'postgres' }}" enable_core_dump: false -core_dump_directory: "/var/coredumps" pg_instance_name: "main" # setting validate_only to true allows you to validate setup on an existing node @@ -33,9 +32,6 @@ pg_deb_drop_cluster: "/usr/bin/pg_dropcluster" pg_service: "{{ lookup('edb_devops.edb_postgres.pg_service') }}" pg_ssl: true -sysctl_params: - - {"name": "fs.suid_dumpable", "value": "2", "state": "present"} - supported_os: - CentOS7 - CentOS8 diff --git a/roles/install_dbserver/tasks/EPAS_RedHat_install.yml b/roles/install_dbserver/tasks/EPAS_RedHat_install.yml index 4c7861e6..0e9de5e5 100644 --- a/roles/install_dbserver/tasks/EPAS_RedHat_install.yml +++ b/roles/install_dbserver/tasks/EPAS_RedHat_install.yml @@ -70,3 +70,23 @@ state: present become: true when: pg_ssl + +- name: Install debuginfo helper packages + ansible.builtin.package: + name: + - yum-utils + state: present + become: true + when: enable_core_dump | bool + +- name: Install debug packages + ansible.builtin.command: + cmd: >- + debuginfo-install -y + edb-as{{ pg_version }}-server + edb-as{{ pg_version }}-server-core + edb-as{{ pg_version }}-server-contrib + edb-as{{ pg_version }}-server-libs + edb-as{{ pg_version }}-server-client + when: enable_core_dump | bool + become: true diff --git a/roles/install_dbserver/tasks/install_dbserver.yml b/roles/install_dbserver/tasks/install_dbserver.yml index c730c0db..ad973b71 100644 --- a/roles/install_dbserver/tasks/install_dbserver.yml +++ b/roles/install_dbserver/tasks/install_dbserver.yml @@ -39,13 +39,6 @@ - not validate_only|bool - not remove_only|bool -- name: Enable coredump based on enable_core_dump - ansible.builtin.include_tasks: linux_coredump.yml - when: - - enable_core_dump|bool - - not validate_only|bool - - not remove_only|bool - - name: Validate install_dbserver tasks ansible.builtin.include_tasks: validate_install_dbserver.yml when: diff --git a/roles/install_dbserver/tasks/linux_coredump.yml b/roles/install_dbserver/tasks/linux_coredump.yml deleted file mode 100644 index f964a17e..00000000 --- a/roles/install_dbserver/tasks/linux_coredump.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Ensure core dump directory exists - ansible.builtin.file: - path: "{{ core_dump_directory }}" - owner: root - mode: "0733" - state: directory - become: true - no_log: "{{ disable_logging }}" - -- name: Add core dump parameters in sysctl.conf - ansible.posix.sysctl: - name: "{{ line_item.name }}" - value: "{{ line_item.value }}" - state: "{{ line_item.state | default('present') }}" - reload: true - with_items: "{{ sysctl_params }}" - loop_control: - loop_var: line_item - become: true - no_log: "{{ disable_logging }}" - -- name: Update limits.conf file - community.general.pam_limits: - domain: "{{ pg_owner }}" - limit_type: soft - limit_item: core - value: unlimited - become: true - no_log: "{{ disable_logging }}" - -- name: Install debuginfo helper packages - ansible.builtin.package: - name: yum-utils - state: present - become: true - -- name: Install debug packages - ansible.builtin.command: - cmd: >- - debuginfo-install -y - edb-as{{ pg_version }}-server - edb-as{{ pg_version }}-server-core - edb-as{{ pg_version }}-server-contrib - edb-as{{ pg_version }}-server-libs - edb-as{{ pg_version }}-server-client - become: true - when: >- - pg_type == 'EPAS' diff --git a/roles/manage_operating_system/README.md b/roles/manage_operating_system/README.md index 2e5a7584..d0046c02 100644 --- a/roles/manage_operating_system/README.md +++ b/roles/manage_operating_system/README.md @@ -12,6 +12,11 @@ Following are the requirements of this role. When executing the role via Ansible these are the applicable variables: + * ***enable_core_dump*** + + When `true`, enable operating system facilities to capture and save core + dumps. Default: `false` + * ***enable_user_profiling*** When `true`, sets relevant operating system settings such that any user and @@ -49,6 +54,7 @@ Content of the `inventory.yml` file: pre_tasks: - name: Initialize the user defined variables ansible.builtin.set_fact: + enable_core_dump: true enable_user_profiling: true collections: @@ -65,7 +71,7 @@ $ ansible-playbook playbook.yml \ -i inventory.yml \ -u centos \ --private-key \ - --extra-vars="enable_user_profiling=true" + --extra-vars="enable_user_profiling=true enable_core_dump=true" ``` ## License diff --git a/roles/manage_operating_system/defaults/main.yml b/roles/manage_operating_system/defaults/main.yml index e28a9a58..a2acfd30 100644 --- a/roles/manage_operating_system/defaults/main.yml +++ b/roles/manage_operating_system/defaults/main.yml @@ -1,2 +1,3 @@ --- +enable_core_dump: false enable_user_profiling: false diff --git a/roles/manage_operating_system/tasks/enable_core_dump.yml b/roles/manage_operating_system/tasks/enable_core_dump.yml new file mode 100644 index 00000000..bd3cd880 --- /dev/null +++ b/roles/manage_operating_system/tasks/enable_core_dump.yml @@ -0,0 +1,15 @@ +--- +- name: Enable unlimited core size for all users + community.general.pam_limits: + domain: "*" + limit_type: "-" + limit_item: "core" + value: "unlimited" + become: true + +- name: Install debuginfo helper packages + ansible.builtin.package: + name: yum-utils + state: present + when: ansible_os_family == 'RedHat' + become: true diff --git a/roles/manage_operating_system/tasks/main.yml b/roles/manage_operating_system/tasks/main.yml index 616c1e4b..5badc97d 100644 --- a/roles/manage_operating_system/tasks/main.yml +++ b/roles/manage_operating_system/tasks/main.yml @@ -3,3 +3,8 @@ ansible.builtin.include_tasks: enable_user_profiling.yml when: - enable_user_profiling | bool + +- name: Enable core dumps + ansible.builtin.include_tasks: enable_core_dump.yml + when: + - enable_core_dump | bool diff --git a/roles/setup_patroni/defaults/main.yml b/roles/setup_patroni/defaults/main.yml index c3703a92..c2822f34 100644 --- a/roles/setup_patroni/defaults/main.yml +++ b/roles/setup_patroni/defaults/main.yml @@ -9,7 +9,6 @@ pg_remote_ssl_src: false disable_logging: true use_hostname: true update_etc_file: true -enable_core_dump: false use_replication_slots: true pass_dir: "~/.edb" diff --git a/roles/setup_pgd/defaults/main.yml b/roles/setup_pgd/defaults/main.yml index f496525d..c70d16e8 100644 --- a/roles/setup_pgd/defaults/main.yml +++ b/roles/setup_pgd/defaults/main.yml @@ -22,7 +22,6 @@ disable_logging: true use_replication_slots: true use_hostname: true update_etc_file: true -enable_core_dump: false # setting validate_only to true allows you to validate setup on an existing node # use_validation flag applies to deployment configuration and validation after setup diff --git a/roles/setup_pgd/tasks/pg_setup_systemd.yml b/roles/setup_pgd/tasks/pg_setup_systemd.yml index 8ae56d07..ad54137f 100644 --- a/roles/setup_pgd/tasks/pg_setup_systemd.yml +++ b/roles/setup_pgd/tasks/pg_setup_systemd.yml @@ -28,15 +28,3 @@ become: true when: - ansible_os_family == 'RedHat' - -- name: Add LimitCORE in systemd file - edb_devops.edb_postgres.linesinfile: - path: "/etc/systemd/system/{{ pg_service }}.service" - lines: - - line: "LimitCORE=infinity" - regexp: "^LimitCORE=.*" - insertafter: "^\\[Service\\]$" - become: true - when: - - enable_core_dump|bool - - ansible_os_family == 'RedHat' diff --git a/roles/setup_replication/defaults/main.yml b/roles/setup_replication/defaults/main.yml index 8b964626..2057d82a 100644 --- a/roles/setup_replication/defaults/main.yml +++ b/roles/setup_replication/defaults/main.yml @@ -11,8 +11,6 @@ force_replication: false use_replication_slots: true use_hostname: true update_etc_file: true -enable_core_dump: false - # TDE functionality key edb_enable_tde: false diff --git a/roles/setup_replication/tasks/pg_setup_systemd.yml b/roles/setup_replication/tasks/pg_setup_systemd.yml index ffdf3cac..95040104 100644 --- a/roles/setup_replication/tasks/pg_setup_systemd.yml +++ b/roles/setup_replication/tasks/pg_setup_systemd.yml @@ -29,15 +29,3 @@ become: true when: - ansible_os_family == "RedHat" - -- name: Add LimitCORE in systemd file - edb_devops.edb_postgres.linesinfile: - path: "/etc/systemd/system/{{ pg_service }}.service" - lines: - - line: "LimitCORE=infinity" - regexp: "^LimitCORE=.*" - insertafter: "^\\[Service\\]$" - become: true - when: - - enable_core_dump|bool - - ansible_os_family == 'RedHat'