You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
83 lines
2.4 KiB
83 lines
2.4 KiB
---
|
|
- name: Check if required variables are defined
|
|
ansible.builtin.fail:
|
|
msg: "{{ item }} is not defined or empty"
|
|
when: |
|
|
(vars[item] is undefined)
|
|
or (vars[item] is none)
|
|
or (vars[item] | trim | length == 0)
|
|
with_items:
|
|
- koji_db_server_db_name
|
|
- koji_db_server_user
|
|
- koji_db_server_password
|
|
- koji_db_server_ip
|
|
- koji_db_server_password_encryption
|
|
|
|
# Required for community.postgresql.postgresql_db module
|
|
- name: Install dependencies
|
|
ansible.builtin.dnf:
|
|
name: python3-psycopg2
|
|
state: installed
|
|
|
|
- name: Create Koji database
|
|
community.postgresql.postgresql_db:
|
|
name: "{{ koji_db_server_db_name }}"
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Create Koji database user
|
|
community.postgresql.postgresql_user:
|
|
db: "{{ koji_db_server_db_name }}"
|
|
name: "{{ koji_db_server_user }}"
|
|
password: "{{ koji_db_server_password }}"
|
|
environment:
|
|
PGOPTIONS: "-c password_encryption={{ koji_db_server_password_encryption }}"
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Get PostgreSQL server version
|
|
community.postgresql.postgresql_info:
|
|
filter: ver*
|
|
become: true
|
|
become_user: postgres
|
|
register: postgres_version
|
|
|
|
- name: GRANT USAGE, CREATE PRIVILEGES ON SCHEMA public TO koji_db_server_user
|
|
community.postgresql.postgresql_privs:
|
|
db: "{{ koji_db_server_db_name }}"
|
|
privs: USAGE,CREATE
|
|
type: schema
|
|
objs: public
|
|
role: "{{ koji_db_server_user }}"
|
|
become: true
|
|
become_user: postgres
|
|
when: postgres_version.version.major >= 15
|
|
|
|
- name: Allow requests from Koji server
|
|
community.postgresql.postgresql_pg_hba:
|
|
dest: /var/lib/pgsql/data/pg_hba.conf
|
|
contype: host
|
|
databases: "{{ koji_db_server_db_name }}"
|
|
users: "{{ koji_db_server_user }}"
|
|
address: "{{ koji_db_server_ip }}/32"
|
|
method: "{{ koji_db_server_password_encryption }}"
|
|
register: pg_hba_status
|
|
when: koji_db_server_ip | trim != 'localhost'
|
|
|
|
- name: Allow requests from Koji server
|
|
community.postgresql.postgresql_pg_hba:
|
|
dest: /var/lib/pgsql/data/pg_hba.conf
|
|
contype: host
|
|
databases: "{{ koji_db_server_db_name }}"
|
|
users: "{{ koji_db_server_user }}"
|
|
address: "localhost"
|
|
method: "{{ koji_db_server_password_encryption }}"
|
|
register: pg_hba_status
|
|
when: koji_db_server_ip | trim == 'localhost'
|
|
|
|
- name: Restart PostgreSQL
|
|
ansible.builtin.service:
|
|
name: postgresql
|
|
state: restarted
|
|
when: pg_hba_status.changed
|