{"id":20331009,"url":"https://github.com/cans/pg-db","last_synced_at":"2025-03-04T12:24:36.043Z","repository":{"id":139898292,"uuid":"89745062","full_name":"cans/pg-db","owner":"cans","description":"Ansible role to create a bunch of Postgres Roles, Databases and Grant Privileges on the latter to the former.","archived":false,"fork":false,"pushed_at":"2018-07-22T19:25:47.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-14T15:24:20.252Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cans.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-28T21:10:09.000Z","updated_at":"2017-05-01T20:09:26.000Z","dependencies_parsed_at":"2024-06-25T18:21:37.057Z","dependency_job_id":null,"html_url":"https://github.com/cans/pg-db","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cans%2Fpg-db","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cans%2Fpg-db/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cans%2Fpg-db/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cans%2Fpg-db/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cans","download_url":"https://codeload.github.com/cans/pg-db/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241845854,"owners_count":20029951,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T20:18:28.046Z","updated_at":"2025-03-04T12:24:36.017Z","avatar_url":"https://github.com/cans.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"cans.pg-db\n==========\n\n[![Build Status](https://travis-ci.org/cans/pg-db.svg?branch=master)](https://travis-ci.org/cans/pg-db)\n\nAnsible Role to create roles, databases and grant rights on the latter\nto the former, on a PostgreSQL cluster\n\n\n### Specifying the roles to create\n\nThe roles to create have to be specified as a list of items as described\nbelow:\n\n    - login: \"me, myself, and I\"           (default: _undefined_)\n      password: \"{{variable_in_a_vault}}\"  (default: _undefined_)\n      host: \"dbserver0.domain.com\"         (default: `pg_test_db_host` if defined, see note below)\n      socket: \"/run/postgres/socket\"       (default: `pg_test_db_socket`)\n      attr: \"NOSUPERUSER,CREATEDB\"         (default: `pg_test_db_default_role_attributes`)\n\nWhere:\n\n- `attr`: lists the attributes the user should have (_cf._\n  [CREATE ROLE](https://www.postgresql.org/docs/current/static/sql-createrole.html));\n- `host`: the hostname through which connect to the database cluster\n  (implies use of TCP/IP connection, mutually exclusive with `socket`);\n- `login`: the name to give to the new user;\n- `password`: the password to set for the new user;\n- `socket`: the path to a Unix Domain through which connect to the\n  database cluster (mutually exclusive with `host`);\n\n### Specifying the databases to create\n\nThe databases to create have to be specified as a list of items as described\nbelow:\n\n    - name: \"my_db\"                    (default: _undefined_)\n      extensions:                      (default: [])\n        - \"postgis\"\n      host: \"dbserver0.domain.com\"     (default: `pg_db_host` if defined, see note below)\n      socket: omit                     (default: `pg_db_socket` if defined, see note below)\n      owner: \"alice\"\n      users:\n        - name: \"alice\"\n          privs: \"ALL\"\n\nWhere:\n\n- `extensions`: lists the names of the postgres extension to install in\n  the database (default: *[]*);\n- `host`: the hostname through which connect to the database cluster\n  (implies use of TCP/IP connection, mutually exclusive with `socket`);\n- `name`: is the name of the database to create (*mandatory*);\n- `owner`: is the name of the user that should own the database\n  (default: *omit*, meaning *pg_db_admin_user* will own the database);\n- `socket`: the path to a Unix Domain through which connect to the\n  database cluster (mutually exclusive with `host`);\n- `users`: a list of users to grant some privileges to on the created\n  database (default: *[]*). Each user must be given a `login` and\n  a list of privileges via the `privs` variable;\n\nUsers, whether specified in the `owner` or in the `users` list are\nassumed to exist *a priori*\n\nNotes:\n\n- Either of `socket` or `host` *should* be defined, if neither is, then either\n  of `pg_db_host` or `pg_db_socket` **must** be defined.\n  This is true for both items representing roles _and_ databases;\n- This role will create users, before creating databases to be able to\n  set ownership and privileges properly;\n\n\n### Regarding tests and authentication\n\nThis role comes with what tries to be a thorough test suite (admittedly\nincomplete as of yet).\n\nOn challenge is to make sure authentication works depending on the very\nmany scenarios you could face:\n\n- playbook ran locally connecting to a local Postgres cluster;\n- playbook ran locally connecting to a remote Postgres cluster;\n- playbook ran on a remote target and connecting to database local to\n  the target host;\n- playbook ran on a remote target used to bounce to yet another host\n  where the Postgres cluster is hosted;\n\nSome of that test suit is ran on the popular [TravisCI](travis-ci.org)\nonline continuous integration service. Sadly, their build image come\nwith very lax security set-up. This may hide issues with ill-handled\nscenarios amongst those listed above and the different connection and\nauthentication options they offer.\n\nIt is thus not recommanded to trust those tests outcome and run the\ntests on set-up of your own. For its development, this role's tests\nwere typically run against a Debian distro inside a VM. The only\nmodifications required being the following:\n\n- On the VM add a sudoer user (e.g. `ansible`) that does not require\n  a password (basically what you get e.g. if you set-up the VM with\n  vagrant).\n- Inside the `tests/` add a `inventory.local` file that points to the\n  VM, as follows:\n\n       [servers]\n       192.168.X.X ansible_user=\u003csudoer user\u003e\n\n  Where `\u003csudoer user\u003e` is to be substituted for the name of the user\n  you added at the previous step;\n\nYou can then launch the `tests/run.sh` script to run the tests.\n\n\nRequirements\n------------\n\nThis role has the dependencies of Ansible's PostgreSQL related modules:\n\n- [`postgresql_db`](http://docs.ansible.com/ansible/postgresql_db_module.html)\n- [`postgresql_ext`](http://docs.ansible.com/ansible/postgresql_ext_module.html)\n- [`postgresql_user`](http://docs.ansible.com/ansible/postgresql_user_module.html)\n- [`postgresql_privs`](http://docs.ansible.com/ansible/postgresql_privs_module.html)\n\nWhich basically means that you need psycopg2 installed on the target host. The\n`pg_db_apt_packages` variable found in `vars/main.yml` provides a list of\npackages you need to install for this role to work.\n\n\nRole Variables\n--------------\n\nAll the variables in this role are namespaced with the prefix `pg_db`\n\n- `pg_db_admin_db`: name of cluster's administration database user\n  (default: \"postgres\")\n- `pg_db_admin_user`: login name of the postgresql super (admin)\n  user (default: \"postgres\")\n- `pg_db_apt_packages`: the list of Debian packages to install on\n  the target host(s) for this role to work.\n- `pg_db_change_password`: whether to change the user's password if needed\n  see comment in the\n  [`postgresql_user` documentation](http://docs.ansible.com/ansible/postgresql_user_module.html)\n  (default: no)\n- `pg_db_encoding`: (default: \"UTF-8\")\n- `pg_db_encrypt_password`: (default: yes)\n- `pg_db_extensions`:  (default: []);\n- `pg_db_host`: the default database server host to connect to (default: _omit_);\n- `pg_db_database_add`: the list of database to create (default: []);\n- `pg_db_database_del`: the list of database to delete (default: []);\n- `pg_db_socket`: the UNIX domain socket through which connect to the\n  server (default: *undefined*);\n- `pg_db_system_user`: system user the cluster runs as. If set, this\n  role will become (_su_ as) that user before issuing priviledged commands.\n- `pg_db_user_add`: the list of roles to create (default: []);\n- `pg_db_user_del`: the list of roles to delete (default: []);\n\n\nDependencies\n------------\n\nThis role has no dependency.\n\n\nExample Playbook\n----------------\n\nThe following example will connect to the postgreSQL cluster on the local\nmachine, through a unix socket, and create a role `alice` and a database\nnamed `test_db` and owned by alice.\n\n\n    - hosts: 127.0.0.1\n      connection: local\n      vars_files:\n        - vars/vault.yml  # To store credentials: pg_db_admin_login, pg_db_admin_password, _etc._\n\n      vars:\n        pg_db_user_add:\n          - name: alice\n            password: \"{{alices_password}}\"\n            socket: \"/run/postgresql\"\n        pg_db_database_add:\n          - name: test_db\n            socket: \"/run/postgresql\"\n            owner: alice\n        pg_db_admin_user: \"postgres\"\n        pg_db_admin_password: \"{{db_admins_password}}\"\n\n      roles:\n         - role: cans.pg-db\n\n\nLicense\n-------\n\nGPLv2\n\n\nAuthor Information\n------------------\n\nCopyright © 2017, Nicolas CANIART\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcans%2Fpg-db","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcans%2Fpg-db","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcans%2Fpg-db/lists"}