Moved blocks to include_tasks to raise performance. Deploy was really slow

2025-08-31 15:48:57 +02:00 · 2025-08-11 12:28:31 +02:00
parent b6e571a496
commit 6e04ac58d2
52 changed files with 609 additions and 628 deletions
--- a/roles/svc-db-postgres/tasks/02_init.yml
+++ b/roles/svc-db-postgres/tasks/02_init.yml
@@ -0,0 +1,111 @@
+---
+- name: "Wait until Postgres is listening on port {{ postgres_port }}"
+  wait_for:
+    host: "{{ postgres_local_host }}"
+    port: "{{ postgres_port }}"
+    delay: 5
+    timeout: 300
+    state: started
+
+# 1) Create the database
+- name: "Create database: {{ database_name }}"
+  postgresql_db:
+    name: "{{ database_name }}"
+    state: present
+    login_user: postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
+
+# 2) Create the database user (with password)
+- name: "Create database user: {{ database_username }}"
+  postgresql_user:
+    name:           "{{ database_username }}"
+    password:       "{{ database_password }}"
+    db:             "{{ database_name }}"
+    state:          present
+    login_user:     postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
+
+# 3) Enable LOGIN for the role (removes NOLOGIN)
+- name: "Enable login for role {{ database_username }}"
+  postgresql_query:
+    db: postgres
+    login_user: postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
+    query: |
+      ALTER ROLE "{{ database_username }}"
+        WITH LOGIN;
+
+# 4) Grant ALL privileges on all tables in the public schema
+- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
+  postgresql_privs:
+    db:     "{{ database_name }}"
+    role:   "{{ database_username }}"
+    objs:   ALL_IN_SCHEMA
+    privs:  ALL
+    type:   table
+    schema: public
+    state:  present
+    login_user:     postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
+
+# 5) Grant ALL privileges at the database level
+- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
+  postgresql_privs:
+    db:    "{{ database_name }}"
+    role:  "{{ database_username }}"
+    type:  database
+    privs: ALL
+    state: present
+    login_user:     postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
+
+# 6) Grant USAGE/CREATE on schema and set default privileges
+- name: "Set comprehensive schema privileges for {{ database_username }}"
+  postgresql_query:
+    db: "{{ database_name }}"
+    login_user: postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
+    query: |
+      GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
+      GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
+      ALTER DEFAULT PRIVILEGES IN SCHEMA public
+        GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
+
+# 7) Ensure PostGIS and related extensions are installed (if enabled)
+- name: "Ensure PostGIS-related extensions are installed"
+  community.postgresql.postgresql_ext:
+    db:         "{{ database_name }}"
+    ext:        "{{ item }}"
+    state:      present
+    login_user:     postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
+  loop:
+    - postgis
+    - pg_trgm
+    - unaccent
+  when: postgres_gis_enabled | bool
+
+# 8) Ensure pgvector (vector) extension is installed (for Discourse‑AI, pgvector, …)
+- name: "Ensure pgvector (vector) extension is installed"
+  community.postgresql.postgresql_ext:
+    db:           "{{ database_name }}"
+    ext:          vector
+    state:        present
+    login_user:   postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host:   "{{ postgres_local_host }}"
+    login_port:   "{{ postgres_port }}"