Solved users recreated by backup restore bug

This commit is contained in:
Kevin Veen-Birkenbach 2025-07-03 21:04:40 +02:00
parent a3fd74c2e0
commit 3600874223
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E

View File

@ -1,3 +1,13 @@
---
- name: "Wait until Postgres is listening on port {{ database_port }}"
wait_for:
host: 127.0.0.1
port: "{{ database_port }}"
delay: 5
timeout: 300
state: started
# 1) Create the database
- name: "Create database: {{ database_name }}"
postgresql_db:
name: "{{ database_name }}"
@ -5,8 +15,9 @@
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
login_port: "{{ database_port }}"
# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}"
postgresql_user:
name: "{{ database_username }}"
@ -16,68 +27,72 @@
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
login_port: "{{ database_port }}"
- name: "Set privileges for database user: {{ database_username }}"
# 3) Enable LOGIN for the role (removes NOLOGIN)
- name: "Enable login for role {{ database_username }}"
postgresql_query:
db: postgres
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
ALTER ROLE "{{ database_username }}"
WITH LOGIN;
# 4) Grant ALL privileges on all tables in the public schema
- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
state: present
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
login_port: "{{ database_port }}"
- name: Grant all privileges at the database level
# 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
db: "{{ database_name }}"
role: "{{ database_username }}"
type: database
privs: ALL
type: database
state: present
login_user: postgres
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
- name: Grant all privileges on all tables in the public schema
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Set comprehensive privileges for user on public schema
# 6) Grant USAGE/CREATE on schema and set default privileges
- name: "Set comprehensive schema privileges for {{ database_username }}"
postgresql_query:
db: "{{ database_name }}"
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
query: |
GRANT USAGE ON SCHEMA public TO {{ database_username }};
GRANT CREATE ON SCHEMA public TO {{ database_username }};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};
- name: Ensure PostGIS-related extensions are installed
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
# 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
loop:
- postgis
- pg_trgm