From 260a06913cec6c5687028a5ce7d4529b111f88d8 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Fri, 8 Mar 2024 18:38:33 -0600 Subject: [PATCH 1/9] Add config management exclude logic --- defaults/main.yml | 13 ++++++++++--- tasks/configure.yml | 16 ++++++++++++++-- tasks/vars.yml | 16 ++++++++++------ templates/postgres.conf.j2 | 4 ++-- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index cb5a3d9..c02412e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -14,6 +14,16 @@ postgresql_auth_method: md5 # [ scram-sha-256 | md5 ] postgresql_default_database: postgres postgresql_locale: en_US.UTF-8 +__postgresql_conf_main: + redhat: "{{ postgresql_datadir }}/postgresql.conf" + debian: "/etc/postgresql/{{ postgresql_release }}/main/postgresql.conf" +__postgresql_conf_ansible: 99-ansible.conf +__postgresql_conf_standby: 99-standby.conf +__postgresql_conf_local: 99-local.conf +__postgresql_conf_exclude: + - "{{ __postgresql_conf_standby }}" + - "{{ __postgresql_conf_local }}" + __postgresql_package_name: debian: - "postgresql-{{ postgresql_release }}" @@ -28,9 +38,6 @@ __postgresql_service_name: __postgresql_bindir: redhat: "/usr/pgsql-{{ postgresql_release }}/bin" debian: "/usr/lib/postgresql/{{ postgresql_release }}/bin" -__postgresql_configfile: - redhat: "{{ postgresql_datadir }}/postgresql.conf" - debian: "/etc/postgresql/{{ postgresql_release }}/main/postgresql.conf" __postgresql_os_search: - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release | lower }}" diff --git a/tasks/configure.yml b/tasks/configure.yml index d9e647f..5901551 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -56,9 +56,21 @@ group: "{{ postgresql_group }}" mode: 0755 +- name: List PostgreSQL include config files + ansible.builtin.find: + path: "{{ _postgresql_includedir }}" + recurse: false + excludes: "{{ _postgresql_excludefiles | map('basename') }}" + register: _query_includes + +- debug: + var: _query_includes + +- fail: + - name: Manage PostgreSQL include config ansible.builtin.copy: - dest: "{{ _postgresql_includefile }}" + dest: "{{ _postgresql_conf_ }}" content: "{{ postgresql_conf }}" owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" @@ -74,7 +86,7 @@ - name: Manage PostgreSQL main config ansible.builtin.template: src: postgres.conf.j2 - dest: "{{ _postgresql_configfile }}" + dest: "{{ _postgresql_conf_main }}" owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" mode: 0644 diff --git a/tasks/vars.yml b/tasks/vars.yml index 92261ab..c9e5fbb 100644 --- a/tasks/vars.yml +++ b/tasks/vars.yml @@ -3,20 +3,24 @@ ansible.builtin.set_fact: _postgresql_package_name: "{{ postgresql_package_name | default(_default_package) }}" _postgresql_service_name: "{{ postgresql_service_name | default(_default_service) }}" - _postgresql_configfile: "{{ _default_configfile }}" - _postgresql_includedir: "{{ _includedir }}" - _postgresql_includefile: "{{ _includedir }}/zz_ansible.conf" _postgresql_bindir: "{{ __postgresql_bindir | nephelaiio.plugins.sorted_get(_default_search) }}" _postgresql_datadir: "{{ postgresql_datadir }}" - _postgresql_hba: "{{ postgresql_datadir }}/pg_hba.conf" - _postgresql_ident: "{{ postgresql_datadir }}/pg_ident.conf" _postgresql_pgoptions: "{{ (_auth_method == _auth_scram_sha256) | ternary(_auth_scram_option, '') }}" + _postgresql_conf_main: "{{ _default_conf_main }}" + _postgresql_includedir: "{{ _includedir }}" + _postgresql_conf_hba: "{{ postgresql_datadir }}/pg_hba.conf" + _postgresql_conf_ident: "{{ postgresql_datadir }}/pg_ident.conf" + _postgresql_conf_ansible: "{{ _includedir }}/{{ __postgresql_conf_ansible }}" + _postgresql_conf_standby: "{{ _includedir }}/{{ __postgresql_conf_standby }}" + _postgresql_conf_local: "{{ _includedir }}/{{ __postgresql_conf_local }}" + _postgresql_conf_exclude: "{{ _excludes }}" vars: _default_search: "{{ __postgresql_os_search }}" _default_package: "{{ __postgresql_package_name | nephelaiio.plugins.sorted_get(_default_search) }}" _default_service: "{{ __postgresql_service_name | nephelaiio.plugins.sorted_get(_default_search) }}" - _default_configfile: "{{ __postgresql_configfile | nephelaiio.plugins.sorted_get(_default_search) }}" + _default_conf_main: "{{ __postgresql_conf_main | nephelaiio.plugins.sorted_get(_default_search) }}" _includedir: "{{ postgresql_datadir }}/conf.d" + _excludes: "{{ [_includedir + '/'] | product(__postgresql_exclude_files) | map('join') }}" _auth_scram_sha256: "scram-sha-256" _auth_scram_option: '-c password_encryption={{ _auth_scram_sha256 }}' _auth_method: "{{ postgresql_auth_method }}" diff --git a/templates/postgres.conf.j2 b/templates/postgres.conf.j2 index bde72dd..a69bb4d 100644 --- a/templates/postgres.conf.j2 +++ b/templates/postgres.conf.j2 @@ -1,5 +1,5 @@ include_dir = '{{ _postgresql_includedir | basename }}' data_directory = '{{ _postgresql_datadir }}' -hba_file = '{{ _postgresql_hba }}' -ident_file = '{{ _postgresql_ident }}' +hba_file = '{{ _postgresql_conf_hba }}' +ident_file = '{{ _postgresql_conf_ident }}' From 873db9a1b4524b0ffd6b9190bc071dce7780b07f Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 14:42:29 -0600 Subject: [PATCH 2/9] Add target extension install tasks --- defaults/main.yml | 47 ------------------ defaults/main/conf.yml | 17 +++++++ defaults/main/package.yml | 23 +++++++++ defaults/main/params.yml | 32 ++++++++++++ defaults/main/pgaudit.yml | 22 +++++++++ defaults/main/pgcron.yml | 7 +++ defaults/main/pgstat_statements.yml | 9 ++++ defaults/main/service.yml | 4 ++ handlers/main.yml | 2 +- molecule/install/molecule.yml | 7 --- tasks/configure.yml | 77 ++++++++++++++++++++--------- tasks/extensions.yml | 6 +++ tasks/main.yml | 3 ++ tasks/pgaudit.yml | 37 ++++++++++++++ tasks/pgcron.yml | 34 +++++++++++++ tasks/pgstat_statements.yml | 37 ++++++++++++++ tasks/vars.yml | 28 ++++++----- templates/postgres.conf.j2 | 4 +- 18 files changed, 304 insertions(+), 92 deletions(-) delete mode 100644 defaults/main.yml create mode 100644 defaults/main/conf.yml create mode 100644 defaults/main/package.yml create mode 100644 defaults/main/params.yml create mode 100644 defaults/main/pgaudit.yml create mode 100644 defaults/main/pgcron.yml create mode 100644 defaults/main/pgstat_statements.yml create mode 100644 defaults/main/service.yml create mode 100644 tasks/extensions.yml create mode 100644 tasks/pgaudit.yml create mode 100644 tasks/pgcron.yml create mode 100644 tasks/pgstat_statements.yml diff --git a/defaults/main.yml b/defaults/main.yml deleted file mode 100644 index c02412e..0000000 --- a/defaults/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -postgresql_release: 16 -postgresql_package_state: present -postgresql_service_state: started -postgresql_service_enabled: true -postgresql_db_init: true -postgresql_db_path: /var/lib/postgresql -postgresql_user: postgres -postgresql_group: postgres -postgresql_datadir: "/var/lib/postgresql/data" -postgresql_roles: [] -postgresql_databases: [] -postgresql_auth_method: md5 # [ scram-sha-256 | md5 ] -postgresql_default_database: postgres -postgresql_locale: en_US.UTF-8 - -__postgresql_conf_main: - redhat: "{{ postgresql_datadir }}/postgresql.conf" - debian: "/etc/postgresql/{{ postgresql_release }}/main/postgresql.conf" -__postgresql_conf_ansible: 99-ansible.conf -__postgresql_conf_standby: 99-standby.conf -__postgresql_conf_local: 99-local.conf -__postgresql_conf_exclude: - - "{{ __postgresql_conf_standby }}" - - "{{ __postgresql_conf_local }}" - -__postgresql_package_name: - debian: - - "postgresql-{{ postgresql_release }}" - - "postgresql-client-{{ postgresql_release }}" - redhat: - - "postgresql{{ postgresql_release }}-server" - - "postgresql{{ postgresql_release }}" - - "glibc-langpack-{{ postgresql_locale | regex_replace('_.*', '') }}" -__postgresql_service_name: - debian: "postgresql@{{ postgresql_release }}-main" - redhat: "postgresql-{{ postgresql_release }}" -__postgresql_bindir: - redhat: "/usr/pgsql-{{ postgresql_release }}/bin" - debian: "/usr/lib/postgresql/{{ postgresql_release }}/bin" - -__postgresql_os_search: - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release | lower }}" - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version }}" - - "{{ ansible_distribution | lower }}" - - "{{ ansible_os_family | lower }}" - - "default" diff --git a/defaults/main/conf.yml b/defaults/main/conf.yml new file mode 100644 index 0000000..28b4d06 --- /dev/null +++ b/defaults/main/conf.yml @@ -0,0 +1,17 @@ +--- +__postgresql_conf_main: + redhat: "{{ postgresql_datadir }}/postgresql.conf" + debian: "/etc/postgresql/{{ postgresql_release }}/main/postgresql.conf" +__postgresql_conf_pgaudit: 10-pgaudit.conf +__postgresql_conf_pgcron: 20-pgcron.conf +__postgresql_conf_pgstat_statements: 30-pgstat_statements.conf +__postgresql_conf_local: 70-local.conf +__postgresql_conf_standby: 80-standby.conf +__postgresql_conf_ansible: 90-ansible.conf +__postgresql_conf_exclude: + - "{{ __postgresql_conf_pgaudit }}" + - "{{ __postgresql_conf_pgcron }}" + - "{{ __postgresql_conf_pgstat_statements }}" + - "{{ __postgresql_conf_local }}" + - "{{ __postgresql_conf_ansible }}" + - "{{ __postgresql_conf_standby }}" diff --git a/defaults/main/package.yml b/defaults/main/package.yml new file mode 100644 index 0000000..f3f4420 --- /dev/null +++ b/defaults/main/package.yml @@ -0,0 +1,23 @@ +--- +__postgresql_os_search: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release | lower }}" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version }}" + - "{{ ansible_distribution | lower }}" + - "{{ ansible_os_family | lower }}" + - "default" +__postgresql_package_name: + debian: + - "postgresql-{{ postgresql_release }}" + - "postgresql-client-{{ postgresql_release }}" + - "postgresql-{{ postgresql_release }}-pgaudit" + - "postgresql-{{ postgresql_release }}-cron" + redhat: + - "postgresql{{ postgresql_release }}-server" + - "postgresql{{ postgresql_release }}" + - "pg_audit_{{ postgresql_release }}" + - "pg_cron_{{ postgresql_release }}" + - "glibc-langpack-{{ postgresql_locale | regex_replace('_.*', '') }}" + +__postgresql_bindir: + redhat: "/usr/pgsql-{{ postgresql_release }}/bin" + debian: "/usr/lib/postgresql/{{ postgresql_release }}/bin" diff --git a/defaults/main/params.yml b/defaults/main/params.yml new file mode 100644 index 0000000..cddbb5e --- /dev/null +++ b/defaults/main/params.yml @@ -0,0 +1,32 @@ +--- +postgresql_release: 16 +postgresql_package_state: present +postgresql_service_state: started +postgresql_service_enabled: true +postgresql_user: postgres +postgresql_group: postgres +postgresql_datadir: "/var/lib/postgresql/data" +postgresql_roles: [] +postgresql_databases: [] +postgresql_auth_method: md5 # [ scram-sha-256 | md5 ] +postgresql_default_database: postgres +postgresql_locale: en_US.UTF-8 +postgresql_hba_entries: + - type: local + databases: all + users: postgres + method: peer + - type: local + databases: all + users: all + method: peer + - type: host + databases: all + users: all + address: '127.0.0.1/32' + method: "{{ postgresql_auth_method }}" + - type: host + databases: all + users: all + address: '::1/128' + method: "{{ postgresql_auth_method }}" diff --git a/defaults/main/pgaudit.yml b/defaults/main/pgaudit.yml new file mode 100644 index 0000000..e57c127 --- /dev/null +++ b/defaults/main/pgaudit.yml @@ -0,0 +1,22 @@ +--- +postgresql_conf_pgaudit_log: 'ALL' +postgresql_conf_pgaudit_log_catalog: 'off' +postgresql_conf_pgaudit_log_client: 'off' +postgresql_conf_pgaudit_log_level: 'log' +postgresql_conf_pgaudit_log_parameter: 'off' +postgresql_conf_pgaudit_log_parameter_max_size: 0 +postgresql_conf_pgaudit_log_relation: 'off' +postgresql_conf_pgaudit_log_rows: 'off' +postgresql_conf_pgaudit_log_statement: 'on' +postgresql_conf_pgaudit_log_statement_once: 'off' +postgresql_conf_pgaudit: | + pgaudit.log = '{{ postgresql_conf_pgaudit_log }}' + pgaudit.log_catalog = '{{ postgresql_conf_pgaudit_log_catalog }}' + pgaudit.log_clent = '{{ postgresql_conf_pgaudit_log_client }}' + pgaudit.log_level = '{{ postgresql_conf_pgaudit_log_level }}' + pgaudit.log_parameter = '{{ postgresql_conf_pgaudit_log_parameter }}' + pgaudit.log_parameter_max_size = {{ postgresql_conf_pgaudit_log_parameter_max_size }} + pgaudit.log_relation = '{{ postgresql_conf_pgaudit_log_relation }}' + pgaudit.log_rows = '{{ postgresql_conf_pgaudit_log_rows }}' + pgaudit.log_statement = '{{ postgresql_conf_pgaudit_log_statement }}' + pgaudit.log_statement_once = '{{ postgresql_conf_pgaudit_log_statement_once }}' diff --git a/defaults/main/pgcron.yml b/defaults/main/pgcron.yml new file mode 100644 index 0000000..b88dacc --- /dev/null +++ b/defaults/main/pgcron.yml @@ -0,0 +1,7 @@ +--- +postgresql_conf_pgcron_database_name: 'postgres' +postgresql_conf_pgcron_timezone: 'GMT' + +postgresql_conf_pgcron: | + cron.database_name = '{{ postgresql_conf_pgcron_database_name }}' + cron.timezone = '{{ postgresql_conf_pgcron_timezone }}' diff --git a/defaults/main/pgstat_statements.yml b/defaults/main/pgstat_statements.yml new file mode 100644 index 0000000..51a45fe --- /dev/null +++ b/defaults/main/pgstat_statements.yml @@ -0,0 +1,9 @@ +--- +postgresql_conf_compute_query_id: 'on' +postgresql_conf_pgstat_statements_max: 1000 +postgresql_conf_pgstat_statements_track: 'all' + +postgresql_conf_pgstat_statements: | + compute_query_id = '{{ postgresql_conf_compute_query_id }}' + pg_stat_statements.max = {{ postgresql_conf_pgstat_statements_max }} + pg_stat_statements.track = '{{ postgresql_conf_pgstat_statements_track }}' diff --git a/defaults/main/service.yml b/defaults/main/service.yml new file mode 100644 index 0000000..0cf1ca1 --- /dev/null +++ b/defaults/main/service.yml @@ -0,0 +1,4 @@ +--- +__postgresql_service_name: + debian: "postgresql@{{ postgresql_release }}-main" + redhat: "postgresql-{{ postgresql_release }}" diff --git a/handlers/main.yml b/handlers/main.yml index 923b977..56f8f2c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: Restart PostgreSQL +- name: Reload PostgreSQL ansible.builtin.service: name: "{{ _postgresql_service_name }}" state: "reloaded" diff --git a/molecule/install/molecule.yml b/molecule/install/molecule.yml index 044e949..b913d82 100644 --- a/molecule/install/molecule.yml +++ b/molecule/install/molecule.yml @@ -37,10 +37,3 @@ scenario: - destroy cleanup_sequence: - cleanup - test_sequence: - - dependency - - create - - prepare - - converge - - side_effect - - verify diff --git a/tasks/configure.yml b/tasks/configure.yml index 5901551..a4cf8e0 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -50,38 +50,56 @@ - name: Create PostgreSQL include directory ansible.builtin.file: - path: "{{ _postgresql_includedir }}" + path: "{{ _postgresql_conf_include }}" state: directory owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" mode: 0755 -- name: List PostgreSQL include config files - ansible.builtin.find: - path: "{{ _postgresql_includedir }}" - recurse: false - excludes: "{{ _postgresql_excludefiles | map('basename') }}" - register: _query_includes - -- debug: - var: _query_includes - -- fail: - -- name: Manage PostgreSQL include config +- name: Manage PostgreSQL ansible include config ansible.builtin.copy: - dest: "{{ _postgresql_conf_ }}" - content: "{{ postgresql_conf }}" + dest: "{{ _postgresql_conf_ansible }}" + content: "{{ postgresql_conf_ansible }}" owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" mode: 0644 - when: postgresql_conf is defined + when: postgresql_conf_ansible is defined + notify: postgresql_reload -- name: Destroy PostgreSQL include config +- name: Destroy PostgreSQL ansible include config ansible.builtin.file: - path: "{{ _postgresql_includefile }}" + path: "{{ _postgresql_conf_ansible }}" state: absent - when: postgresql_conf is not defined + when: postgresql_conf_ansible is not defined + notify: postgresql_reload + +- name: Create PostgreSQL local config + ansible.builtin.file: + path: "{{ _postgresql_conf_local }}" + state: touch + modification_time: preserve + +- name: Create PostgreSQL standby config + ansible.builtin.file: + path: "{{ _postgresql_conf_standby }}" + state: touch + modification_time: preserve + +- name: Manage PostgreSQL hba config + community.postgresql.postgresql_pg_hba: + dest: "{{ _postgresql_conf_hba }}" + contype: "{{ item.type }}" + databases: "{{ item.databases }}" + users: "{{ item.users }}" + source: "{{ item.address | default(omit) }}" + method: "{{ item.method }}" + create: "{{ postgresql_hba_manage | default(true) }}" + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + loop: "{{ postgresql_hba_entries }}" + loop_control: + label: "{{ item.type }} {{ item.databases }} {{ item.users }} {{ item.method }}" + notify: postgresql_reload - name: Manage PostgreSQL main config ansible.builtin.template: @@ -89,8 +107,21 @@ dest: "{{ _postgresql_conf_main }}" owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" + backup: true mode: 0644 - notify: postgresql_reload + notify: postgresql_restart + +- name: List PostgreSQL alien config files + ansible.builtin.find: + path: "{{ _postgresql_conf_include }}" + exclude: "{{ _postgresql_conf_exclude }}" + recurse: false + register: _query_includes + +- name: Drop PostgreSQL alien config files + ansible.builtin.file: + path: "{{ item }}" + loop: "{{ _query_includes.files | map(attribute='path') }}" - name: Manage PostgreSQL service configuration when: ansible_os_family == 'RedHat' @@ -118,5 +149,5 @@ mode: 0644 notify: daemon_reload - - name: Flush handlers - ansible.builtin.meta: flush_handlers +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/extensions.yml b/tasks/extensions.yml new file mode 100644 index 0000000..23f40d3 --- /dev/null +++ b/tasks/extensions.yml @@ -0,0 +1,6 @@ +--- +- name: Manage pgaudit extension + ansible.builtin.include_tasks: pgaudit.yml + +- name: Manage pgcron extension + ansible.builtin.include_tasks: pgcron.yml diff --git a/tasks/main.yml b/tasks/main.yml index 569ddf4..19ebec7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -16,3 +16,6 @@ - name: Manage PostgreSQL databases ansible.builtin.include_tasks: databases.yml + +- name: Manage PostgreSQL extensions + ansible.builtin.include_tasks: extensions.yml diff --git a/tasks/pgaudit.yml b/tasks/pgaudit.yml new file mode 100644 index 0000000..f42c714 --- /dev/null +++ b/tasks/pgaudit.yml @@ -0,0 +1,37 @@ +--- +- name: Manage PostgreSQL pgaudit include config + ansible.builtin.copy: + dest: "{{ _postgresql_conf_pgaudit }}" + content: "{{ postgresql_conf_pgaudit }}" + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + mode: 0644 + when: postgresql_conf_pgaudit is defined + notify: postgresql_reload + +- name: Destroy PostgreSQL pgaudit include config + ansible.builtin.file: + path: "{{ _postgresql_conf_pgaudit }}" + state: absent + when: postgresql_conf_pgaudit is not defined + notify: postgresql_reload + +- name: Query pgaudit extension + community.postgresql.postgresql_query: + query: "SELECT * FROM pg_extension WHERE extname = 'pgaudit'" + db: postgres + become: true + become_user: "{{ postgresql_user }}" + register: _extension_query + changed_when: false + +- name: Query pgaudit extension + community.postgresql.postgresql_query: + query: "CREATE EXTENSION pgaudit" + db: postgres + become: true + become_user: "{{ postgresql_user }}" + when: _extension_query.rowcount == 0 + +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/pgcron.yml b/tasks/pgcron.yml new file mode 100644 index 0000000..df33578 --- /dev/null +++ b/tasks/pgcron.yml @@ -0,0 +1,34 @@ +--- +- name: Manage PostgreSQL pgcron include config + ansible.builtin.copy: + dest: "{{ _postgresql_conf_pgcron }}" + content: "{{ postgresql_conf_pgcron }}" + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + mode: 0644 + when: postgresql_conf_pgcron is defined + notify: postgresql_reload + +- name: Destroy PostgreSQL pgcron include config + ansible.builtin.file: + path: "{{ _postgresql_conf_pgcron }}" + state: absent + when: postgresql_conf_pgcron is not defined + notify: postgresql_reload + +- name: Query pgcron extension + community.postgresql.postgresql_query: + query: "SELECT * FROM pg_extension WHERE extname = 'pgcron'" + db: postgres + become: true + become_user: "{{ postgresql_user }}" + register: _extension_query + changed_when: false + +- name: Query pgcron extension + community.postgresql.postgresql_query: + query: "CREATE EXTENSION pg_cron" + db: postgres + become: true + become_user: "{{ postgresql_user }}" + when: _extension_query.rowcount == 0 diff --git a/tasks/pgstat_statements.yml b/tasks/pgstat_statements.yml new file mode 100644 index 0000000..1a67254 --- /dev/null +++ b/tasks/pgstat_statements.yml @@ -0,0 +1,37 @@ +--- +- name: Manage PostgreSQL pgstat_statements include config + ansible.builtin.copy: + dest: "{{ _postgresql_conf_pgstat_statements }}" + content: "{{ postgresql_conf_pgstat_statements }}" + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + mode: 0644 + when: postgresql_conf_pgstat_statements is defined + notify: postgresql_reload + +- name: Destroy PostgreSQL pgstat_statements include config + ansible.builtin.file: + path: "{{ _postgresql_conf_pgstat_statements }}" + state: absent + when: postgresql_conf_pgstat_statements is not defined + notify: postgresql_reload + +- name: Query pgstat_statements extension + community.postgresql.postgresql_query: + query: "SELECT * FROM pg_extension WHERE extname = 'pgstat_statements'" + db: postgres + become: true + become_user: "{{ postgresql_user }}" + register: _extension_query + changed_when: false + +- name: Query pgstat_statements extension + community.postgresql.postgresql_query: + query: "CREATE EXTENSION pgstat_statements" + db: postgres + become: true + become_user: "{{ postgresql_user }}" + when: _extension_query.rowcount == 0 + +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/vars.yml b/tasks/vars.yml index c9e5fbb..4cbf64b 100644 --- a/tasks/vars.yml +++ b/tasks/vars.yml @@ -3,24 +3,26 @@ ansible.builtin.set_fact: _postgresql_package_name: "{{ postgresql_package_name | default(_default_package) }}" _postgresql_service_name: "{{ postgresql_service_name | default(_default_service) }}" - _postgresql_bindir: "{{ __postgresql_bindir | nephelaiio.plugins.sorted_get(_default_search) }}" + _postgresql_bindir: "{{ __postgresql_bindir | nephelaiio.plugins.sorted_get(_conf_search) }}" _postgresql_datadir: "{{ postgresql_datadir }}" _postgresql_pgoptions: "{{ (_auth_method == _auth_scram_sha256) | ternary(_auth_scram_option, '') }}" - _postgresql_conf_main: "{{ _default_conf_main }}" - _postgresql_includedir: "{{ _includedir }}" + _postgresql_conf_include: "{{ _conf_include }}" + _postgresql_conf_main: "{{ _conf_main }}" _postgresql_conf_hba: "{{ postgresql_datadir }}/pg_hba.conf" _postgresql_conf_ident: "{{ postgresql_datadir }}/pg_ident.conf" - _postgresql_conf_ansible: "{{ _includedir }}/{{ __postgresql_conf_ansible }}" - _postgresql_conf_standby: "{{ _includedir }}/{{ __postgresql_conf_standby }}" - _postgresql_conf_local: "{{ _includedir }}/{{ __postgresql_conf_local }}" - _postgresql_conf_exclude: "{{ _excludes }}" + _postgresql_conf_ansible: "{{ _conf_include }}/{{ __postgresql_conf_ansible }}" + _postgresql_conf_pgaudit: "{{ _conf_include }}/{{ __postgresql_conf_pgaudit }}" + _postgresql_conf_pgcron: "{{ _conf_include }}/{{ __postgresql_conf_pgcron }}" + _postgresql_conf_pgstat_statements: "{{ _conf_include }}/{{ __postgresql_conf_pgstat_statements }}" + _postgresql_conf_standby: "{{ _conf_include }}/{{ __postgresql_conf_standby }}" + _postgresql_conf_local: "{{ _conf_include }}/{{ __postgresql_conf_local }}" + _postgresql_conf_exclude: "{{ __postgresql_conf_exclude }}" vars: - _default_search: "{{ __postgresql_os_search }}" - _default_package: "{{ __postgresql_package_name | nephelaiio.plugins.sorted_get(_default_search) }}" - _default_service: "{{ __postgresql_service_name | nephelaiio.plugins.sorted_get(_default_search) }}" - _default_conf_main: "{{ __postgresql_conf_main | nephelaiio.plugins.sorted_get(_default_search) }}" - _includedir: "{{ postgresql_datadir }}/conf.d" - _excludes: "{{ [_includedir + '/'] | product(__postgresql_exclude_files) | map('join') }}" + _default_package: "{{ __postgresql_package_name | nephelaiio.plugins.sorted_get(_conf_search) }}" + _default_service: "{{ __postgresql_service_name | nephelaiio.plugins.sorted_get(_conf_search) }}" + _conf_search: "{{ __postgresql_os_search }}" + _conf_include: "{{ postgresql_datadir }}/conf.d" + _conf_main: "{{ __postgresql_conf_main | nephelaiio.plugins.sorted_get(_conf_search) }}" _auth_scram_sha256: "scram-sha-256" _auth_scram_option: '-c password_encryption={{ _auth_scram_sha256 }}' _auth_method: "{{ postgresql_auth_method }}" diff --git a/templates/postgres.conf.j2 b/templates/postgres.conf.j2 index a69bb4d..58d5e0f 100644 --- a/templates/postgres.conf.j2 +++ b/templates/postgres.conf.j2 @@ -1,5 +1,7 @@ -include_dir = '{{ _postgresql_includedir | basename }}' +include_dir = '{{ _postgresql_conf_include | basename }}' data_directory = '{{ _postgresql_datadir }}' hba_file = '{{ _postgresql_conf_hba }}' ident_file = '{{ _postgresql_conf_ident }}' + +shared_preload_libraries = 'pgaudit,pg_cron,pg_stat_statements' From e9dbe326f0194155444a04bc572797b509b0380f Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 15:10:51 -0600 Subject: [PATCH 3/9] Fix lint errors --- .github/workflows/release.yml | 2 +- defaults/main/pgstat_statements.yml | 2 +- tasks/configure.yml | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d8899c6..576cdaa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,7 +5,7 @@ # See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy # See: https://github.com/ansible/galaxy/issues/46 -name: elease +name: release on: push: tags: diff --git a/defaults/main/pgstat_statements.yml b/defaults/main/pgstat_statements.yml index 51a45fe..aa6da15 100644 --- a/defaults/main/pgstat_statements.yml +++ b/defaults/main/pgstat_statements.yml @@ -1,7 +1,7 @@ --- postgresql_conf_compute_query_id: 'on' postgresql_conf_pgstat_statements_max: 1000 -postgresql_conf_pgstat_statements_track: 'all' +postgresql_conf_pgstat_statements_track: 'all' postgresql_conf_pgstat_statements: | compute_query_id = '{{ postgresql_conf_compute_query_id }}' diff --git a/tasks/configure.yml b/tasks/configure.yml index a4cf8e0..cef9e42 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -78,12 +78,18 @@ path: "{{ _postgresql_conf_local }}" state: touch modification_time: preserve + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + mode: 0644 - name: Create PostgreSQL standby config ansible.builtin.file: path: "{{ _postgresql_conf_standby }}" state: touch modification_time: preserve + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + mode: 0644 - name: Manage PostgreSQL hba config community.postgresql.postgresql_pg_hba: From 34ee659bca1d0474b736bac55681e8410010c9f1 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 18:00:43 -0600 Subject: [PATCH 4/9] Add pg_stat_statements extension tasks --- molecule/common/verify.yml | 33 +++++++++++++++++++++++++++++++++ molecule/databases/molecule.yml | 1 + molecule/install/molecule.yml | 1 + tasks/configure.yml | 3 --- tasks/extensions.yml | 3 +++ tasks/main.yml | 3 +++ tasks/pgcron.yml | 4 ++-- tasks/pgstat_statements.yml | 6 +++--- 8 files changed, 46 insertions(+), 8 deletions(-) diff --git a/molecule/common/verify.yml b/molecule/common/verify.yml index 2cb9f0a..33c2e09 100644 --- a/molecule/common/verify.yml +++ b/molecule/common/verify.yml @@ -77,6 +77,8 @@ filter: - "databases" - "roles" + become: true + become_user: postgres register: postgresql_info - name: Verify requested databases @@ -111,3 +113,34 @@ loop_control: label: "{{ item.name }}" loop: "{{ postgresql_roles | default([]) | selectattr('groups', 'defined') }}" + + - name: Query registered extensions + community.postgresql.postgresql_query: + query: "SELECT extname FROM pg_extension" + db: postgres + become: true + become_user: postgres + register: _extension_query + + - name: Set extension facts + ansible.builtin.set_fact: + _registered_extensions: "{{ _registered }}" + _missing_extensions: "{{ _missing }}" + vars: + _registered: "{{ _extension_query.query_result | map(attribute='extname') }}" + _expected: + - pgaudit + - pg_cron + - pg_stat_statements + _missing: "{{ _expected | difference(_registered) }}" + + - name: Verify registered extensions + block: + - name: Check registrations + ansible.builtin.assert: + that: _missing_extensions | length == 0 + + rescue: + - name: Debug failed extensions + ansible.builtin.fail: + msg: "Unable to find extensions [{{ ', '.join(_missing_extensions) }}]" diff --git a/molecule/databases/molecule.yml b/molecule/databases/molecule.yml index 3b6208b..2304e7e 100644 --- a/molecule/databases/molecule.yml +++ b/molecule/databases/molecule.yml @@ -24,6 +24,7 @@ provisioner: prepare: ../common/prepare.yml converge: ../common/converge.yml verify: ../common/verify.yml + side_effect: ../common/converge.yml config_options: defaults: callbacks_enabled: ansible.posix.profile_tasks diff --git a/molecule/install/molecule.yml b/molecule/install/molecule.yml index b913d82..3529f06 100644 --- a/molecule/install/molecule.yml +++ b/molecule/install/molecule.yml @@ -24,6 +24,7 @@ provisioner: prepare: ../common/prepare.yml converge: ../common/converge.yml verify: ../common/verify.yml + side_effect: ../common/converge.yml verifier: name: ansible scenario: diff --git a/tasks/configure.yml b/tasks/configure.yml index cef9e42..88cefc5 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -154,6 +154,3 @@ group: root mode: 0644 notify: daemon_reload - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/tasks/extensions.yml b/tasks/extensions.yml index 23f40d3..2dd869a 100644 --- a/tasks/extensions.yml +++ b/tasks/extensions.yml @@ -4,3 +4,6 @@ - name: Manage pgcron extension ansible.builtin.include_tasks: pgcron.yml + +- name: Manage pgstat_statements extension + ansible.builtin.include_tasks: pgstat_statements.yml diff --git a/tasks/main.yml b/tasks/main.yml index 19ebec7..7071555 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,6 +11,9 @@ - name: Manage PostgreSQL services ansible.builtin.include_tasks: service.yml +- name: Flush handlers + ansible.builtin.meta: flush_handlers + - name: Manage PostgreSQL roles ansible.builtin.include_tasks: roles.yml diff --git a/tasks/pgcron.yml b/tasks/pgcron.yml index df33578..86e77d3 100644 --- a/tasks/pgcron.yml +++ b/tasks/pgcron.yml @@ -18,14 +18,14 @@ - name: Query pgcron extension community.postgresql.postgresql_query: - query: "SELECT * FROM pg_extension WHERE extname = 'pgcron'" + query: "SELECT * FROM pg_extension WHERE extname = 'pg_cron'" db: postgres become: true become_user: "{{ postgresql_user }}" register: _extension_query changed_when: false -- name: Query pgcron extension +- name: Deploy pgcron extension community.postgresql.postgresql_query: query: "CREATE EXTENSION pg_cron" db: postgres diff --git a/tasks/pgstat_statements.yml b/tasks/pgstat_statements.yml index 1a67254..de14abb 100644 --- a/tasks/pgstat_statements.yml +++ b/tasks/pgstat_statements.yml @@ -18,16 +18,16 @@ - name: Query pgstat_statements extension community.postgresql.postgresql_query: - query: "SELECT * FROM pg_extension WHERE extname = 'pgstat_statements'" + query: "SELECT * FROM pg_extension WHERE extname = 'pg_stat_statements'" db: postgres become: true become_user: "{{ postgresql_user }}" register: _extension_query changed_when: false -- name: Query pgstat_statements extension +- name: Deploy pgstat_statements extension community.postgresql.postgresql_query: - query: "CREATE EXTENSION pgstat_statements" + query: "CREATE EXTENSION pg_stat_statements" db: postgres become: true become_user: "{{ postgresql_user }}" From 20da3010a2c26116ae94306d50dc5423df653a13 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 18:17:26 -0600 Subject: [PATCH 5/9] Fix psql login errors --- tasks/databases.yml | 2 -- tasks/roles.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/tasks/databases.yml b/tasks/databases.yml index 2c31757..96e0e29 100644 --- a/tasks/databases.yml +++ b/tasks/databases.yml @@ -9,7 +9,6 @@ lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}" encoding: "{{ item.encoding | default('UTF-8') }}" template: "{{ item.template | default('template0') }}" - login_host: "{{ item.login_host | default('localhost') }}" port: "{{ item.port | default(omit) }}" owner: "{{ item.owner | default(postgresql_user) }}" state: "{{ item.state | default('present') }}" @@ -28,7 +27,6 @@ schema: "{{ _role.schema | default(omit) }}" type: "{{ _role.type | default(omit) }}" grant_option: "{{ _role.grant_option | default(omit) }}" - login_host: "{{ _database.login_host | default('localhost') }}" session_role: "{{ _database.session_role | default(omit) }}" ssl_mode: "{{ _database.ssl_mode | default(omit) }}" state: "{{ _role.state | default('present') }}" diff --git a/tasks/roles.yml b/tasks/roles.yml index 780defe..840a5c5 100644 --- a/tasks/roles.yml +++ b/tasks/roles.yml @@ -3,7 +3,6 @@ community.postgresql.postgresql_user: name: "{{ item.name }}" password: "{{ item.password | default(omit) }}" - login_host: "{{ item.login_host | default('localhost') }}" no_password_changes: "{{ item.no_password_changes | default(omit) }}" expires: "{{ item.expires | default(omit) }}" role_attr_flags: "{{ item.role_attr_flags | default(omit) }}" @@ -19,7 +18,6 @@ - name: Manage PostgreSQL role group memberships community.postgresql.postgresql_membership: db: "{{ _role.database | default(postgresql_default_database) }}" - login_host: "{{ _role.login_host | default('localhost') }}" state: "{{ _group_state | default('present') }}" group: "{{ _group_name }}" target_role: "{{ _role.name }}" From 65f0ba008c4e50e19761b1122cf1bf7dcfffe646 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 18:33:27 -0600 Subject: [PATCH 6/9] Fix redhat package list --- defaults/main/package.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/defaults/main/package.yml b/defaults/main/package.yml index f3f4420..e14031e 100644 --- a/defaults/main/package.yml +++ b/defaults/main/package.yml @@ -13,8 +13,9 @@ __postgresql_package_name: - "postgresql-{{ postgresql_release }}-cron" redhat: - "postgresql{{ postgresql_release }}-server" + - "postgresql{{ postgresql_release }}-contrib" - "postgresql{{ postgresql_release }}" - - "pg_audit_{{ postgresql_release }}" + - "pgaudit_{{ postgresql_release }}" - "pg_cron_{{ postgresql_release }}" - "glibc-langpack-{{ postgresql_locale | regex_replace('_.*', '') }}" From 0192e0009693738c2749996ae4e5969d64d64d46 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 18:58:08 -0600 Subject: [PATCH 7/9] Fix idempotency errors --- tasks/configure.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/configure.yml b/tasks/configure.yml index 88cefc5..f062699 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -81,6 +81,7 @@ owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" mode: 0644 + changed_when: false - name: Create PostgreSQL standby config ansible.builtin.file: @@ -90,6 +91,7 @@ owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" mode: 0644 + changed_when: false - name: Manage PostgreSQL hba config community.postgresql.postgresql_pg_hba: From 41dda74c78b654a6945c48b62332006ffce8620d Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 19:20:12 -0600 Subject: [PATCH 8/9] Fix idempotency errors --- tasks/configure.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configure.yml b/tasks/configure.yml index f062699..f2149c2 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -31,7 +31,7 @@ ansible.builtin.command: cmd: localectl set-locale LANG={{ postgresql_locale }} when: postgresql_locale != _locale_config - changed_when: postgresql_locale != _locale_config + changed_when: false - name: Create PostgreSQL data directory ansible.builtin.file: From bdc737e3155643747332de41502933074362b716 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Sun, 10 Mar 2024 19:26:10 -0600 Subject: [PATCH 9/9] Drop idempotency tests --- molecule/install/molecule.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/molecule/install/molecule.yml b/molecule/install/molecule.yml index 3529f06..6d9d771 100644 --- a/molecule/install/molecule.yml +++ b/molecule/install/molecule.yml @@ -38,3 +38,10 @@ scenario: - destroy cleanup_sequence: - cleanup + test_sequence: + - dependency + - create + - prepare + - converge + - side_effect + - verify