Add database admin password parameter

nephelaiio · Mar 18, 2024 · fd9b76f · fd9b76f
1 parent e86b654
commit fd9b76f
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 28 deletions.
diff --git a/.talismanrc b/.talismanrc
@@ -5,7 +5,11 @@ fileignoreconfig:
     ignore_detectors: [filecontent]
   - filename: templates/postgres.conf.j2
     ignore_detectors: [filecontent]
+  - filename: molecule/databases/molecule.yml
+    ignore_detectors: [filecontent]
   - filename: tasks/vars.yml
     ignore_detectors: [filecontent]
+  - filename: tasks/configure.yml
+    ignore_detectors: [filecontent]
   - filename: tasks/roles.yml
     ignore_detectors: [filecontent]
diff --git a/README.md b/README.md
@@ -15,16 +15,17 @@ The following is the list of end-user serviceable parameters:
 
 Global PostgreSQL configuration
 
-| Parameter                  |                  Default | Type   | Description                     |
-|:---------------------------|-------------------------:|:-------|:--------------------------------|
-| postgresql_release         |                       16 | string | Target PostgreSQL major release |
-| postgresql_package_state   |                  present | string | PostgreSQL package state        |
-| postgresql_service_state   |                  started | string | PostgreSQL service state        |
-| postgresql_service_enabled |                     true | bool   | Start PostgreSQL on boot        |
-| postgresql_datadir         | /var/lib/postgresql/data | string | PostgreSQL database location    |
-| postgresql_roles           |                       [] | list   | List of PostgreSQL roles        |
-| postgresql_databases       |                       [] | list   | List of PostgreSQL databases    |
-| postgresql_hba_entries     |                       [] | list   | List of HBA entries             |
+| Parameter                  |                  Default | Type   | Description                        | Required |
+|:---------------------------|-------------------------:|:-------|:-----------------------------------|:---------|
+| postgresql_release         |                       16 | string | Target PostgreSQL major release    | false    |
+| postgresql_package_state   |                  present | string | PostgreSQL package state           | false    |
+| postgresql_service_state   |                  started | string | PostgreSQL service state           | false    |
+| postgresql_service_enabled |                     true | bool   | Start PostgreSQL on boot           | false    |
+| postgresql_datadir         | /var/lib/postgresql/data | string | PostgreSQL database location       | false    |
+| postgresql_roles           |                       [] | list   | List of PostgreSQL roles           | false    |
+| postgresql_databases       |                       [] | list   | List of PostgreSQL databases       | false    |
+| postgresql_hba_entries     |                       [] | list   | List of HBA entries                | false    |
+| postgresql_admin_password  |                      n/a | string | postgresql database admin password | false    |
 
 Please refer to the [defaults directory](/defaults/main/) for an up to date list of input parameters.
 

diff --git a/defaults/main/params.yml b/defaults/main/params.yml
@@ -8,8 +8,7 @@ postgresql_service_enabled: true
 postgresql_service_masked: false
 postgresql_user: postgres
 postgresql_group: postgres
-postgresql_initdb: true
-postgresql_waldir: "/var/lib/postgresql/wal"
+postgresql_admin_user: postgres
 postgresql_datadir: "/var/lib/postgresql/data"
 postgresql_roles: []
 postgresql_databases: []

diff --git a/molecule/databases/molecule.yml b/molecule/databases/molecule.yml
@@ -33,6 +33,7 @@ provisioner:
       all:
         vars:
           postgresql_nolog: false
+          postgresql_admin_password: molecule
           postgresql_roles:
             - name: admin
               password: admin

diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -33,14 +33,6 @@
       when: postgresql_locale != _locale_config
       changed_when: false
 
-- name: Create PostgreSQL wal directory
-  ansible.builtin.file:
-    path: "{{ _postgresql_waldir }}"
-    owner: "{{ postgresql_user }}"
-    group: "{{ postgresql_group }}"
-    state: directory
-    mode: 0700
-
 - name: Create PostgreSQL data directory
   ansible.builtin.file:
     path: "{{ _postgresql_datadir }}"
@@ -49,13 +41,37 @@
     state: directory
     mode: 0700
 
-- name: Initialize PostgreSQL database
-  ansible.builtin.command:
-    cmd: "{{ _postgresql_bindir }}/initdb -D {{ _postgresql_datadir }}"
-    creates: "{{ _postgresql_datadir }}/PG_VERSION"
-  become: true
-  become_user: "{{ postgresql_user }}"
-  when: postgresql_initdb | bool
+- name: Create PostgreSQL password tempfile
+  ansible.builtin.tempfile:
+    state: file
+    suffix: passfile
+  when: postgresql_admin_password is defined
+  register: _postgresql_passfile
+
+- name: Create PostgreSQL database
+  block:
+    - name: Initialize PostgreSQL password file
+      ansible.builtin.copy:
+        dest: "{{ _postgresql_passfile.path }}"
+        content: "{{ postgresql_admin_password }}"
+      when: postgresql_admin_password is defined
+      register: _postgresql_passfile
+
+    - name: Run initdb
+      ansible.builtin.command:
+        cmd: "{{ _postgresql_bindir }}/initdb -D --data-checksums {{ _postgresql_datadir }} {{ _username }} {{ _passfile }}"
+        creates: "{{ _postgresql_datadir }}/PG_VERSION"
+      vars:
+        _username: "-U {{ postgresql_admin_username }}"
+        _password: "--pwfile {{ postgresql_admin_password }}"
+        _passfile: "{{ '' if  postgresql_admin_password is not defined else _password }}"
+      become: true
+      become_user: "{{ postgresql_user }}"
+  always:
+    - name: Destroy PostgreSQL password tempfile
+      ansible.builtin.file:
+        path: "{{ _postgresql_passfile.path }}"
+        state: absent
 
 - name: Create PostgreSQL include directory
   ansible.builtin.file:

diff --git a/tasks/vars.yml b/tasks/vars.yml
@@ -5,7 +5,6 @@
     _postgresql_service_name: "{{ postgresql_service_name | default(_default_service) }}"
     _postgresql_bindir: "{{ __postgresql_bindir | nephelaiio.plugins.sorted_get(_conf_search) }}"
     _postgresql_datadir: "{{ postgresql_datadir }}"
-    _postgresql_waldir: "{{ postgresql_waldir }}"
     _postgresql_pgoptions: "{{ (_auth_method == _auth_scram_sha256) | ternary(_auth_scram_option, '') }}"
     _postgresql_conf_include: "{{ _conf_include }}"
     _postgresql_conf_main: "{{ _conf_main }}"