ansible/roles/postgres/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

- name: Install postgres packages
  apt:
    name:
      - python3-psycopg2
      - postgresql-{{ postgres_version }}
      - postgresql-contrib-{{ postgres_version }}
      - libpq-dev
    state: present
  tags:
    - role::postgres

- name: Check postgres is started and enabled on boot
  service:
    name: '{{ postgres_daemon }}'
    state: started
    enabled: true
  tags:
    - role::postgres

- name: Add postgres users
  become: true
  become_user: "{{ postgres_user }}"
  community.postgresql.postgresql_user:
    name: "{{ item.name }}"
    password: "{{ item.password }}"
    state: present
  loop_control:
    label: "{{ item.name }}"
  loop: "{{ postgres_users }}"
  environment:
    PGOPTIONS: "-c password_encryption=scram-sha-256"
  tags:
    - role::postgres

- name: Add postgres databases
  become: true
  become_user: "{{ postgres_user }}"
  community.postgresql.postgresql_db:
    name: "{{ item.name }}"
    owner: "{{ item.owner }}"
    state: present
  loop: "{{ postgres_databases }}"
  tags:
    - role::postgres

- name: Set host based authentication rules for all postgres users at once
  ansible.builtin.blockinfile:
    path: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
    insertafter: "# Put your actual configuration here"
    marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK"
    block: |
      {% for db in postgres_databases %}
      host    {{ db.name }}    {{ db.owner }}    all    scram-sha-256
      {% endfor %}
  loop: "{{ postgres_databases }}"
  notify:
    - Reload the postgres service
  tags:
    - role::postgres