kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Renamed Database roles

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-12 10:11:52 +02:00
parent 44834f9873
commit e14e6b96e9
46 changed files with 49 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/svc-postgres/Administration.md Normal file
View File

@@ -0,0 +1,7 @@
# Administration
## Root Access
To access the database via the root account execute the following on the server:
```bash
docker exec -it "{{ applications['postgres'].hostname }}" psql -U postgres
```

30
roles/svc-postgres/README.md Normal file
View File

@@ -0,0 +1,30 @@
# PostgreSQL
## Description
This Ansible role deploys and configures a PostgreSQL database in a Docker container using Docker Compose. It is designed to simplify database administration by automating the creation of networks, containers, and essential database tasks (such as database and user creation) for a secure and high-performance environment.
## Overview
Built for environments that demand reliability and ease of management, this role:
- Sets up a dedicated Docker network for PostgreSQL.
- Deploys a PostgreSQL container with secure configurations and automated healthchecks.
- Automates tasks like database creation, user setup, and privilege assignments to streamline your workflows.
## Purpose
The purpose of this role is to provide an effortless way to deploy a PostgreSQL database via Docker. It minimizes manual interventions while ensuring that your database is configured securely and reliably for both production and development scenarios.
## Features
- **Automated Deployment:** Installs PostgreSQL with minimal manual steps.
- **Robust Administration:** Automatically creates databases, users, and assigns privileges.
- **Enhanced Security:** The service is bound to `127.0.0.1:5432`, restricting access and enhancing security.
- **Seamless Docker Integration:** Works harmoniously with Docker Compose and other roles in your infrastructure.
## Credits 📝
Developed by **Kevin Veen-Birkenbach**.
Discover more at [www.veen.world](https://www.veen.world)
Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)
License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

2
roles/svc-postgres/Todo.md Normal file
View File

@@ -0,0 +1,2 @@
# Todos
- Move init_database.yml to an own role

19
roles/svc-postgres/Upgrade.md Normal file
View File

@@ -0,0 +1,19 @@
# PostgreSQL Docker Upgrade: Major Version Migration
This guide explains how to safely upgrade a PostgreSQL Docker container from one major version to another (e.g., version 12 to 16) using a **dump and restore** method. This is the recommended approach in Docker environments.
---
## ⚠️ Important
PostgreSQL data directories are **not compatible across major versions**. You cannot just point a newer version to the old data volume. You must export and re-import your data.
## Backup
First do a backup
## Restore
Setup new Version and apply restore_postgres_databases.py.
## 🔗 References
- [PostgreSQL Backup Documentation](https://www.postgresql.org/docs/current/backup-dump.html)
- [PostgreSQL Docker Image](https://hub.docker.com/_/postgres)

11
roles/svc-postgres/config/main.yml Normal file
View File

@@ -0,0 +1,11 @@
hostname: "central-postgres"
network: "central_postgres"
port: 5432
docker:
images:
# Postgis is necessary for mobilizon
postgres: postgis/postgis
versions:
# Please set an version in your inventory file!
# Rolling release isn't recommended
postgres: "latest"

26
roles/svc-postgres/meta/main.yml Normal file
View File

@@ -0,0 +1,26 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >-
The Docker PostgreSQL Role offers an easy and efficient way to run a PostgreSQL database inside a Docker container.
Manage your data securely and effectively, making it ideal for production or local development.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- "latest"
galaxy_tags:
- postgresql
- docker
- database
- administration
- central-database
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"

5
roles/svc-postgres/schema/main.yml Normal file
View File

@@ -0,0 +1,5 @@
credentials:
postgres_password:
description: "Password for the PostgreSQL superuser 'postgres'"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

100
roles/svc-postgres/tasks/init_database.yml Normal file
View File

@@ -0,0 +1,100 @@
---
- name: "Wait until Postgres is listening on port {{ database_port }}"
wait_for:
host: 127.0.0.1
port: "{{ database_port }}"
delay: 5
timeout: 300
state: started
# 1) Create the database
- name: "Create database: {{ database_name }}"
postgresql_db:
name: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}"
postgresql_user:
name: "{{ database_username }}"
password: "{{ database_password }}"
db: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 3) Enable LOGIN for the role (removes NOLOGIN)
- name: "Enable login for role {{ database_username }}"
postgresql_query:
db: postgres
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
ALTER ROLE "{{ database_username }}"
WITH LOGIN;
# 4) Grant ALL privileges on all tables in the public schema
- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
type: database
privs: ALL
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 6) Grant USAGE/CREATE on schema and set default privileges
- name: "Set comprehensive schema privileges for {{ database_username }}"
postgresql_query:
db: "{{ database_name }}"
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
# 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
loop:
- postgis
- pg_trgm
- unaccent
when: database_gis_enabled is defined and database_gis_enabled

60
roles/svc-postgres/tasks/main.yml Normal file
View File

@@ -0,0 +1,60 @@
- name: Create Docker network for PostgreSQL
docker_network:
name: "{{ applications[application_id].network }}"
state: present
ipam_config:
- subnet: "{{ networks.local.postgres.subnet }}"
when: run_once_docker_postgres is not defined
- name: Install PostgreSQL
docker_container:
name: "{{ applications[application_id].hostname }}"
image: "{{ applications | get_docker_image(application_id) }}"
detach: yes
env:
POSTGRES_PASSWORD: "{{ applications[application_id].credentials.postgres_password }}"
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" # Necessary for web-app-matrix
networks:
- name: "{{ applications[application_id].network }}"
published_ports:
- "127.0.0.1:{{ applications[application_id].port }}:5432"
volumes:
- central_postgres_database:/var/lib/postgresql/data
restart_policy: "{{ docker_restart_policy }}"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
register: setup_postgres_container_result
when: run_once_docker_postgres is not defined
- name: Wait for Postgres inside the container
shell: "docker exec {{ applications[application_id].hostname }} pg_isready -U postgres"
register: pg_ready
until: pg_ready.rc == 0
retries: 30
delay: 5
when:
- setup_postgres_container_result is defined
- setup_postgres_container_result.changed
- run_once_docker_postgres is not defined
- name: install python-psycopg2
pacman:
name: python-psycopg2
state: present
when: run_once_docker_postgres is not defined
- name: Load database initialization tasks dynamically
include_tasks: init_database.yml
when:
- database_username is defined
- database_password is defined
- database_name is defined
- name: Run the docker_postgres tasks once
set_fact:
run_once_docker_postgres: true
when: run_once_docker_postgres is not defined

1
roles/svc-postgres/vars/main.yml Normal file
View File

@@ -0,0 +1 @@
application_id: postgres