kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 16:40:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/svc-db-postgres/tasks/02_init.yml

143 lines
5.4 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: Wait for Postgres inside the container
shell: "docker exec {{ POSTGRES_CONTAINER }} pg_isready -U postgres"
register: pg_ready
until: pg_ready.rc == 0
retries: 30
delay: 5
# 1) Create the database
- name: "Create database: {{ database_name }}"
community.postgresql.postgresql_db:
name: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}"
community.postgresql.postgresql_user:
name: "{{ database_username }}"
password: "{{ database_password }}"
db: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
# 3) Enable LOGIN for the role (removes NOLOGIN)
- name: "Enable login for role {{ database_username }}"
community.postgresql.postgresql_query:
db: postgres
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
query: |
ALTER ROLE "{{ database_username }}"
WITH LOGIN;
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
# 4) Grant ALL privileges on all tables in the public schema
- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
community.postgresql.postgresql_privs:
db: "{{ database_name }}"
roles: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
# 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
community.postgresql.postgresql_privs:
db: "{{ database_name }}"
roles: "{{ database_username }}"
type: database
privs: ALL
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
# 6) Grant USAGE/CREATE on schema and set default privileges
- name: "Set comprehensive schema privileges for {{ database_username }}"
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
query: |
GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
# 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
loop:
- postgis
- pg_trgm
- unaccent
when: postgres_gis_enabled | bool
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
# 8) Ensure pgvector (vector) extension is installed (for DiscourseAI, pgvector, …)
- name: "Ensure pgvector (vector) extension is installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: vector
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.POSTGRES_PASSWORD', True) }}"
login_host: "{{ POSTGRES_LOCAL_HOST }}"
login_port: "{{ POSTGRES_PORT }}"
register: postgresql_result
until: postgresql_result is succeeded
retries: "{{ POSTGRES_RETRIES }}"
delay: "{{ POSTGRES_DELAY }}"
Reference in New Issue View Git Blame Copy Permalink