svc-db-postgres: add retry mechanism to all PostgreSQL tasks and fix condition handling

- Added register, until, retries, and delay to all PostgreSQL-related tasks in 02_init.yml to handle transient 'tuple concurrently updated' and similar errors. - Changed 'when: "{{ postgres_init }}"' to 'when: postgres_init | bool' in main.yml for correct boolean evaluation. - Switched 'role' to 'roles' in postgresql_privs tasks for forward compatibility. - Added postgres_retry_retries and postgres_retry_delay defaults in vars/main.yml to centralize retry configuration. https://chatgpt.com/share/689b2360-a8a4-800f-9acb-6d88d6aa5cb7
2025-08-15 08:30:46 +02:00 · 2025-08-12 13:20:30 +02:00 · 2025-08-12 13:20:30 +02:00 · 5d36a806ff
commit 5d36a806ff
parent 84de85d905
3 changed files with 38 additions and 4 deletions
--- a/roles/svc-db-postgres/tasks/02_init.yml
+++ b/roles/svc-db-postgres/tasks/02_init.yml
@ -16,6 +16,10 @@
    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
    login_host: "{{ postgres_local_host }}"
    login_port: "{{ postgres_port }}"
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
 # 2) Create the database user (with password)
 - name: "Create database user: {{ database_username }}"
@ -28,6 +32,10 @@
    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
    login_host:     "{{ postgres_local_host }}"
    login_port:     "{{ postgres_port }}"
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
 # 3) Enable LOGIN for the role (removes NOLOGIN)
 - name: "Enable login for role {{ database_username }}"
@ -40,12 +48,16 @@
    query: |
      ALTER ROLE "{{ database_username }}"
        WITH LOGIN;
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
 # 4) Grant ALL privileges on all tables in the public schema
 - name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
  community.postgresql.postgresql_privs:
    db:     "{{ database_name }}"
-    role:   "{{ database_username }}"
+    roles:   "{{ database_username }}"
    objs:   ALL_IN_SCHEMA
    privs:  ALL
    type:   table
@ -55,12 +67,16 @@
    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
    login_host:     "{{ postgres_local_host }}"
    login_port:     "{{ postgres_port }}"
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
 # 5) Grant ALL privileges at the database level
 - name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
  community.postgresql.postgresql_privs:
    db:    "{{ database_name }}"
-    role:  "{{ database_username }}"
+    roles:  "{{ database_username }}"
    type:  database
    privs: ALL
    state: present
@ -68,6 +84,10 @@
    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
    login_host:     "{{ postgres_local_host }}"
    login_port:     "{{ postgres_port }}"
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
 # 6) Grant USAGE/CREATE on schema and set default privileges
 - name: "Set comprehensive schema privileges for {{ database_username }}"
@ -82,6 +102,10 @@
      GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
      ALTER DEFAULT PRIVILEGES IN SCHEMA public
        GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
 # 7) Ensure PostGIS and related extensions are installed (if enabled)
 - name: "Ensure PostGIS-related extensions are installed"
@ -98,6 +122,10 @@
    - pg_trgm
    - unaccent
  when: postgres_gis_enabled | bool
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
 # 8) Ensure pgvector (vector) extension is installed (for Discourse‑AI, pgvector, …)
 - name: "Ensure pgvector (vector) extension is installed"
@ -109,3 +137,7 @@
    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
    login_host:   "{{ postgres_local_host }}"
    login_port:   "{{ postgres_port }}"
  register: postgresql_result
  until: postgresql_result is succeeded
  retries: "{{ postgres_retry_retries }}"
  delay: "{{ postgres_retry_delay }}"
--- a/roles/svc-db-postgres/tasks/main.yml
+++ b/roles/svc-db-postgres/tasks/main.yml
@ -10,4 +10,4 @@
 - name: "Initialize database for '{{ database_name }}'"
  include_tasks: 02_init.yml
-  when: "{{ postgres_init }}"
+  when: postgres_init | bool
--- a/roles/svc-db-postgres/vars/main.yml
+++ b/roles/svc-db-postgres/vars/main.yml
@ -20,4 +20,6 @@ postgres_init:                  "{{ database_username is defined and database_pa
 postgres_expose_local:          True # Exposes the db to localhost, almost everytime neccessary
 postgres_custom_image_name:     "postgres_custom"
 postgres_local_host:            "127.0.0.1"
-postgres_pg_vector_enabled:     True # Required by discourse, propably in a later step it makes sense to define this as a configuration option in config/main.yml
+postgres_pg_vector_enabled:     True # Required by discourse, propably in a later step it makes sense to define this as a configuration option in config/main.yml
 postgres_retry_retries:         5
 postgres_retry_delay:           2