๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/postgres/tasks/add_database.yml

83 lines
2.3 KiB

2 years ago
- name: check if database is an object
fail:
msg: database must be an object
when: database is not mapping
- name: check if database parameters are defined
fail:
msg: some database parameters are invalid or not defined
when: (database.name is not string) or (database.user is not string) or
(database.pass is not string)
- name: add db to postgres
community.postgresql.postgresql_db:
name: "{{ database.name }}"
trust_input: no
- name: add user to postgres
community.postgresql.postgresql_user:
comment: "{{ database.user_comment | d('managed by ansible') }}"
encrypted: yes
expires: infinity
name: "{{ database.user }}"
password: "{{ database.pass }}"
role_attr_flags: "{{ database.user_flags | d('NOSUPERUSER,NOCREATEROLE,NOCREATEDB') }}"
trust_input: no
- name: grant database privileges to user
community.postgresql.postgresql_privs:
database: "{{ database.name }}"
privs: CREATE,CONNECT,TEMPORARY
type: database
role: "{{ database.user }}"
- name: grant privileges to all tables
community.postgresql.postgresql_privs:
database: "{{ database.name }}"
privs: ALL
type: table
objs: ALL_IN_SCHEMA
role: "{{ database.user }}"
- name: grant privileges to all sequences
community.postgresql.postgresql_privs:
database: "{{ database.name }}"
privs: ALL
type: sequence
objs: ALL_IN_SCHEMA
role: "{{ database.user }}"
- name: grant privileges to public schema
community.postgresql.postgresql_privs:
database: "{{ database.name }}"
privs: USAGE,CREATE
type: schema
objs: public
role: "{{ database.user }}"
2 years ago
- name: add line to postgres hba
community.postgresql.postgresql_pg_hba:
dest: "{{ (postgresql_conf_dir, 'pg_hba.conf') | path_join }}"
2 years ago
contype: "{{ 'host' if (database.ssl | d(false) == false) else 'hostssl' }}"
databases: "{{ database.name }}"
users: "{{ database.user }}"
address: "{{ item }}/32"
method: "{{ database.auth_method | d('scram-sha-256') }}"
register: result
loop: "{{ [database.addresses] if database.addresses is string else
(database.addresses | d(['127.0.0.1' if (database.self_hosted | d(false) == true) else ansible_host])) }}"
- name: reload postgres config
community.postgresql.postgresql_query:
query: SELECT pg_reload_conf();
when: result.changed