This commit is contained in:
Sam A. 2024-01-09 21:36:49 +01:00
parent e10edc362c
commit 06460e503e
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
7 changed files with 51 additions and 59 deletions

27
roles/apps/tasks/app.yml Normal file
View file

@ -0,0 +1,27 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create app directory for {{ app }}
ansible.builtin.file:
path: "{{ apps_data_root }}/{{ app }}"
owner: root
mode: u=rwx,go=
state: directory
- name: Upload Compose file for {{ app }}
ansible.builtin.template:
src: compose-files/{{ app }}.yml.j2
dest: "{{ apps_data_root }}/{{ app }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Create data directory for {{ app }}
ansible.builtin.file:
path: "{{ apps_data_root }}/{{ app }}/data"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
- name: Run extra configuration tasks for {{ app }}
ansible.builtin.include_tasks: extra_tasks/{{ app }}.yml
when: apps_vars[app].extra_tasks

View file

@ -1,27 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create app directory for {{ app_name }}
ansible.builtin.file:
path: "{{ apps_data_root }}/{{ app_name }}"
owner: root
mode: u=rwx,go=
state: directory
- name: Upload Compose file for {{ app_name }}
ansible.builtin.template:
src: compose-files/{{ app_name }}.yml.j2
dest: "{{ apps_data_root }}/{{ app_name }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Create data directory for {{ app_name }}
ansible.builtin.file:
path: "{{ apps_data_root }}/{{ app_name }}/data"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
- name: Run extra configuration tasks for {{ app_name }}
ansible.builtin.include_tasks: extra_tasks/{{ app_name }}.yml
when: app_vars.extra_tasks

View file

@ -24,11 +24,11 @@
state: directory state: directory
- name: Configure apps - name: Configure apps
ansible.builtin.include_tasks: configure_app.yml ansible.builtin.include_tasks:
vars: file: app.yml
app_name: "{{ item }}"
app_vars: "{{ apps_vars[item] }}"
loop: "{{ apps_include }}" loop: "{{ apps_include }}"
loop_control:
loop_var: app
- name: Copy deploy.sh - name: Copy deploy.sh
ansible.builtin.template: ansible.builtin.template:

View file

@ -4,3 +4,5 @@
postgresql_pgdata: "{{ data_fs }}/pgsql/{{ postgresql_version }}/data" postgresql_pgdata: "{{ data_fs }}/pgsql/{{ postgresql_version }}/data"
postgresql_wal_archive: "{{ data_fs }}/wal-archive" postgresql_wal_archive: "{{ data_fs }}/wal-archive"
postgresql_service: postgresql-{{ postgresql_version }} postgresql_service: postgresql-{{ postgresql_version }}
postgresql_db_list: "{{ databases | dict2items(key_name='name', value_name='vars') }}"

View file

@ -1,24 +1,24 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
- name: Create database user '{{ db_vars.username }}' - name: Create database user '{{ db.vars.username }}'
community.postgresql.postgresql_user: community.postgresql.postgresql_user:
name: "{{ db_vars.username }}" name: "{{ db.vars.username }}"
password: "{{ db_vars.password }}" password: "{{ db.vars.password }}"
state: present state: present
- name: Create database '{{ db_name }}' - name: Create database '{{ db.name }}'
community.postgresql.postgresql_db: community.postgresql.postgresql_db:
name: "{{ db_name }}" name: "{{ db.name }}"
owner: "{{ db_vars.username }}" owner: "{{ db.vars.username }}"
template: template0 template: template0
encoding: UTF-8 encoding: UTF-8
state: present state: present
- name: Grant all priviliges to owner on database '{{ db_name }}' - name: Grant all priviliges to owner on database '{{ db.name }}'
community.postgresql.postgresql_privs: community.postgresql.postgresql_privs:
database: "{{ db_name }}" database: "{{ db.name }}"
roles: "{{ db_vars.username }}" roles: "{{ db.vars.username }}"
type: database type: database
privs: ALL privs: ALL
state: present state: present

View file

@ -37,21 +37,9 @@
- name: Flush handlers - name: Flush handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Create PGDATA directory - name: Create PostgreSQL directories
ansible.builtin.file: ansible.builtin.file:
path: "{{ postgresql_pgdata }}" path: "{{ item }}"
owner: postgres
group: postgres
mode: u=rwx,go=
seuser: system_u
serole: object_r
setype: postgresql_db_t
selevel: s0
state: directory
- name: Create WAL archive directory
ansible.builtin.file:
path: "{{ postgresql_wal_archive }}"
owner: postgres owner: postgres
group: postgres group: postgres
mode: u=rwx,go= mode: u=rwx,go=
@ -60,6 +48,9 @@
setype: postgresql_db_t setype: postgresql_db_t
selevel: s0 selevel: s0
state: directory state: directory
loop:
- "{{ postgresql_pgdata }}"
- "{{ postgresql_wal_archive }}"
- name: Initialize database - name: Initialize database
ansible.builtin.command: ansible.builtin.command:
@ -99,8 +90,7 @@
apply: apply:
become: true become: true
become_user: postgres become_user: postgres
vars: loop: "{{ postgresql_db_list }}"
db_name: "{{ item.key }}" loop_control:
db_vars: "{{ item.value }}" loop_var: db
loop: "{{ databases | dict2items }}"
no_log: true no_log: true

View file

@ -6,6 +6,6 @@ local all all scram-sh
host all all 127.0.0.1/32 scram-sha-256 host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256 host all all ::1/128 scram-sha-256
{% for db in (databases | dict2items(key_name='name', value_name='vars')) %} {% for db in postgresql_db_list|sort %}
host {{ db.name }} {{ db.vars.username }} {{ internal_subnet }} scram-sha-256 host {{ db.name }} {{ db.vars.username }} {{ internal_subnet }} scram-sha-256
{% endfor %} {% endfor %}