You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
2.6 KiB
94 lines
2.6 KiB
- name: Install PostgreSQL
|
|
hosts: db
|
|
gather_facts: yes
|
|
become: yes
|
|
tasks:
|
|
- name: Install PostgreSQL
|
|
dnf:
|
|
name:
|
|
- postgresql-server
|
|
- postgresql-docs
|
|
- postgresql-upgrade
|
|
- postgresql-contrib
|
|
- python3-psycopg2 # Needed by the community.general.postgresql_* tasks
|
|
state: installed
|
|
|
|
- name: Initialize the database
|
|
command: postgresql-setup --initdb
|
|
args:
|
|
creates: /var/lib/pgsql/data/log/
|
|
|
|
- name: Listen on all network interfaces
|
|
lineinfile:
|
|
insertbefore: '^ *#* *listen_addresses *='
|
|
path: /var/lib/pgsql/data/postgresql.conf
|
|
regexp: '^ *listen_addresses *= *'
|
|
line: "listen_addresses = '0.0.0.0'"
|
|
register: postgresql_conf1
|
|
|
|
- name: Enable scram-sha-256
|
|
lineinfile:
|
|
insertbefore: '^ *#* *password_encryption *='
|
|
path: /var/lib/pgsql/data/postgresql.conf
|
|
regexp: '^ *password_encryption *= *'
|
|
line: "password_encryption = scram-sha-256"
|
|
register: postgresql_conf2
|
|
|
|
- name: Enable password authentication instead of ident
|
|
community.general.postgresql_pg_hba:
|
|
dest: /var/lib/pgsql/data/pg_hba.conf
|
|
contype: host
|
|
databases: all
|
|
users: all
|
|
address: '{{ item.address }}'
|
|
method: '{{ item.method }}'
|
|
state: '{{ item.state }}'
|
|
loop:
|
|
- address: 127.0.0.1/32
|
|
method: scram-sha-256
|
|
state: present
|
|
- address: ::1/128
|
|
method: scram-sha-256
|
|
state: present
|
|
- address: 0.0.0.0/0
|
|
method: scram-sha-256
|
|
state: present
|
|
register: pghba_conf
|
|
|
|
- name: Reload PostgreSQL when needed
|
|
systemd:
|
|
name: postgresql
|
|
enabled: true
|
|
state: reloaded
|
|
when: postgresql_conf1.changed or postgresql_conf2.changed or pghba_conf.changed
|
|
|
|
- name: Ensure the PostgreSQL service is started and enabled
|
|
systemd:
|
|
name: postgresql
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Wait for PostgreSQL to be ready
|
|
community.general.postgresql_query:
|
|
db: template1
|
|
query: SELECT version()
|
|
become_user: postgres
|
|
retries: 20
|
|
delay: 5
|
|
register: healthcheck
|
|
until: not healthcheck.failed
|
|
|
|
- name: Create the PostgreSQL database for Keycloak
|
|
community.general.postgresql_db:
|
|
name: '{{ db_name }}'
|
|
become_user: postgres
|
|
|
|
- name: Create the PostgreSQL user for Keycloak
|
|
community.general.postgresql_user:
|
|
name: '{{ db_username }}'
|
|
password: '{{ db_password }}'
|
|
login_db: '{{ db_name }}'
|
|
priv: ALL
|
|
become_user: postgres
|
|
environment:
|
|
PGOPTIONS: "-c password_encryption=scram-sha-256"
|
|
|