- name: Create Docker network for PostgreSQL
docker_network:
name: central_postgres
state: present
ipam_config:
- subnet: "{{ networks.local.postgres.subnet }}"
when: run_once_docker_postgres is not defined
- name: Install PostgreSQL
docker_container:
name: central-postgres
image: "postgres:{{applications.postgres.database_version}}"
detach: yes
env:
POSTGRES_PASSWORD: "{{ central_postgres_password }}"
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" # Necessary for docker-matrix
networks:
- name: central_postgres
published_ports:
- "127.0.0.1:{{database_port}}:5432"
volumes:
- central_postgres_database:/var/lib/postgresql/data
restart_policy: "{{docker_restart_policy}}"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
register: setup_postgres_container_result
when: run_once_docker_postgres is not defined
- name: wait for database
pause:
seconds: "{{pause_duration}}"
when: setup_postgres_container_result.changed and run_once_docker_postgres is not defined
- name: install python-psycopg2
pacman:
name: python-psycopg2
state: present
when: run_once_docker_postgres is not defined
- name: "Create database: {{ database_name }}"
postgresql_db:
name: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ central_postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: "Create database user: {{ database_username }}"
postgresql_user:
name: "{{ database_username }}"
password: "{{ database_password }}"
db: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ central_postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: "Set privileges for database user: {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
state: present
login_user: postgres
login_password: "{{ central_postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Grant all privileges at the database level
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
privs: ALL
type: database
state: present
login_user: postgres
login_password: "{{ central_postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Grant all privileges on all tables in the public schema
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ central_postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Set comprehensive privileges for user on public schema
postgresql_query:
db: "{{ database_name }}"
login_user: postgres
login_password: "{{ central_postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
query: |
GRANT USAGE ON SCHEMA public TO {{ database_username }};
GRANT CREATE ON SCHEMA public TO {{ database_username }};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};
- name: Run the docker_postgres tasks once
set_fact:
run_once_docker_postgres: true
when: run_once_docker_postgres is not defined