{"id":18906440,"url":"https://github.com/claranet/ansible-role-postgresql","last_synced_at":"2025-04-15T04:31:33.084Z","repository":{"id":235441473,"uuid":"756262438","full_name":"claranet/ansible-role-postgresql","owner":"claranet","description":"Install and configure PostgreSQL server on Debian and RedHat systems using this Ansible role. It provides a flexible and automated way to set up PostgreSQL databases, users, extensions, and more.","archived":false,"fork":false,"pushed_at":"2025-04-08T09:47:09.000Z","size":175,"stargazers_count":5,"open_issues_count":11,"forks_count":1,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-04-08T10:35:05.732Z","etag":null,"topics":["ansible","claranet","postgres","postgresql","role"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/claranet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-12T10:09:38.000Z","updated_at":"2025-03-14T10:41:07.000Z","dependencies_parsed_at":"2024-04-23T12:23:38.927Z","dependency_job_id":"b2c6eb31-812b-4260-8615-c84200df9015","html_url":"https://github.com/claranet/ansible-role-postgresql","commit_stats":null,"previous_names":["claranet/ansible-role-postgresql"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-postgresql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-postgresql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-postgresql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-postgresql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/claranet","download_url":"https://codeload.github.com/claranet/ansible-role-postgresql/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249006435,"owners_count":21197275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","claranet","postgres","postgresql","role"],"created_at":"2024-11-08T09:16:17.434Z","updated_at":"2025-04-15T04:31:33.063Z","avatar_url":"https://github.com/claranet.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Role - PostgreSQL\n[![Maintainer](https://img.shields.io/badge/maintained%20by-claranet-e00000?style=flat-square)](https://www.claranet.fr/)\n[![License](https://img.shields.io/github/license/claranet/ansible-role-postgresql?style=flat-square)](LICENSE)\n[![Release](https://img.shields.io/github/v/release/claranet/ansible-role-postgresql?style=flat-square)](https://github.com/claranet/ansible-role-postgresql/releases)\n[![Status](https://img.shields.io/github/actions/workflow/status/claranet/ansible-role-postgresql/molecule.yml?branch=main\u0026style=flat-square\u0026label=tests)](https://github.com/claranet/ansible-role-postgresql/actions?query=workflow%3A%22Ansible+Molecule%22)\n[![Ansible version](https://img.shields.io/badge/ansible-%3E%3D2.10-black.svg?style=flat-square\u0026logo=ansible)](https://github.com/ansible/ansible)\n[![Ansible Galaxy](https://img.shields.io/badge/ansible-galaxy-black.svg?style=flat-square\u0026logo=ansible)](https://galaxy.ansible.com/claranet/postgresql)\n\n\n\u003e :star: Star us on GitHub — it motivates us a lot!\n\nInstall and configure PostgreSQL server on Debian and RedHat systems using this Ansible role. It provides a flexible and automated way to set up PostgreSQL databases, users, extensions, and more.\n\n## Table of Contents\n\n1. [Role Requirements](#warning-requirements)\n2. [Role Dependencies](#arrows_counterclockwise-dependencies)\n3. [Role Installation](#zap-role-installation)\n4. [Features and Tags](#available-features-and-tags)\n6. [Supported Linux/PostgreSQL Versions](#linuxpostgresql-versions-supported)\n5. [Role features in use](#role-features-in-use)\n - [Proxy usage](#proxy-usage)\n - [Installation](#installation)\n - [Configuration](#configuration)\n - [Auto tuning](#auto-tuning)\n - [Physical replication](#physical-replication)\n - [Vacuum setup](#vacuum)\n - [Backup setup](#backup)\n - [User and database management](#createremove-database-users)\n - [Tablespaces management](#tablespaces)\n - [Databases management](#createremove-databases)\n - [Ownership and privileges management](#manage-ownership-and-privileges)\n - [Extensions management](#extensions-management)\n - [SQL executions](#sql-executions)\n - [Advanced customized installation](#advanced-customized-installation)\n - [Uninstallation](#uninstallation)\n9. [Full example playbook](#pencil2-full-example-playbook)\n10. [Hardening](HARDENING.md)\n11. [Contributing](CONTRIBUTING.md)\n12. [License](LICENSE)\n13. [Author information](#author-information)\n\n## :warning: Requirements\n\nAnsible \u003e= 2.10\n\n## :arrows_counterclockwise: Collection dependencies\n```yaml\n- community.general\n- community.postgresql==3.2.0\n```\n\n\n## :zap: Role Installation\n\n```bash\nansible-galaxy install claranet.postgresql\n```\n\n### Available features and tags\n-----\nThis role support the following features and tags in the following order during execution:\nFeature | Tag\n------------------------------------|---------------------\nUninstallation | uninstallation\nInstallation | install, installation\nDatadir initialization | init,initialize,initialise\nAuto tune (with pg-config.org) | autotune, auto-tune\nConfiguration | config, configure, configuration\nReplication | repli, replication\nVacuum | vacuum\nBackup | backup\nUser \u0026 membership management | user, users\nTablespace management | tblspc, tablespace, tablespaces\nDatabase management | db, database, databases\nOwnership \u0026 privileges management | owner, owners, ownership, priv, privs, privileges\nExtensions management | ext, extension, extensions\nSQL code executions | query, script\n\n\nLinux/PostgreSQL versions supported\n-----\n\nLinux/PostgreSQL | 12 | 13 | 14 | 15 | 16\n------------------|:----:|:----:|:----:|:----:|:----:\nDebian 11 | Yes | Yes | Yes | Yes | Yes \nDebian 12 | Yes | Yes | Yes | Yes | Yes \nUbuntu 20.04 | Yes | Yes | Yes | Yes | Yes \nUbuntu 22.04 | Yes | Yes | Yes | Yes | Yes \nUbuntu 24.04 | Yes | Yes | Yes | Yes | Yes \nRockyLinux 8.9 | Yes | Yes | Yes | Yes | Yes \nRockyLinux 9.3 | Yes | Yes | Yes | Yes | Yes \nFedora 38 | No | No | No | No | No \n\n## Role features in use\n\n### Proxy usage\n----\nThis role supports use of proxies.\n\nThe variables `postgresql_http_general_proxy` and `postgresql_https_general_proxy` can be used to specify a proxy for general internet access (such as downloading files).\n\nThe variables `postgresql_http_pkg_proxy` and `postgresql_https_pkg_proxy` can be used to specify a proxy for package manager interaction (such as downloading packages or updating cache).\n\n_Notes:_ \n\nThese variables are translated to environnement variables `http_proxy` and `https_proxy` which are passed to corresponding tasks.\n\n\n### Installation\n----\n_default PostgreSQL version is 15_\nPostgreSQL and locales installation.\n\n```yaml\npostgresql_version: \"15\"\n\n# Debian only. Used to generate the locales used by PostgreSQL databases.\npostgresql_locales:\n - 'en_US.UTF-8'\n - 'fr_FR.UTF-8'\n\n# Redhat only. For more info check: https://www.thegeekdiary.com/how-to-add-locale-on-centos-rhel-8/\npostgresql_locale_packages:\n - glibc-langpack-en\n - glibc-langpack-fr\n```\n\n### Configuration \n----\nExample for configuration related variables:\n```yaml\npostgresql_port: 5432\npostgresql_listen_addresses: 0.0.0.0\npostgresql_shared_preload_libraries:\n - pg_stat_statements\npostgresql_max_connections: 100\n# Custom PostgreSQL configuration options provided by the user\npostgresql_global_config_options_extra:\n - option: log_statement\n value: all\npostgresql_hba_entries_extra: []\n # - {contype: local, databases: all, users: postgres, method: peer}\n# Default authentication method used method for the default hba rules\n# postgresql_auth_method: \"{{ ansible_fips | ternary('scram-sha-256', 'md5') }}\"\npostgresql_hba_use_raw: false\npostgresql_hba_raw: |\n # TYPE DATABASE USER ADDRESS METHOD\n local all postgres peer\n host all all 127.0.0.1/32 md5\n host all all ::1/128 md5\n\n# Allow service restart for configuration changes that require it\npostgresql_config_change_allow_restart: true\n\n```\n\n_Notes:_\n\nBy default, this role restarts the PostgreSQL service during subsequent configuration changes after the initial engine installation, ensuring all changes are applied immediately. However, this behavior can cause potential service outages.\n\nTo prevent automatic restarts, you can set the variable `postgresql_config_change_allow_restart` (introduced in `v2.1.0`) to `false`. Starting with (`v3.0.0`), the default value of this variable will change to `false`, meaning the role will avoid restarting PostgreSQL by default. If you rely on the current behavior, you will need to explicitly set this variable to true in your configuration.\n\nIn relation to HBA rules, you have the option to configure the variable `postgresql_hba_use_raw` as `true` and specify the contents of `postgresql_hba_raw`. These contents will be inserted directly into the `pg_hba.conf` file.\n\nAlternatively, if you possess a file containing these rules, you can set the `postgresql_hba_template_path` variable to the path of that file on the Ansible controller. In this case, the specified file will be copied to replace the `pg_hba.conf` file.\n\nHowever, it's crucial to note that when using this approach, the entire content of the HBA file becomes your responsibility. You must ensure that there are rules allowing the `postgres` system user to connect to the PostgreSQL server without requiring a password and authorizing replication in the relevant context\n\n\n### Auto tuning\n----\nThis role supports the use of the website [pgconfig.org](https://www.pgconfig.org) for automatically tunning some of configuration parameters of the postgresql server.\n\nYou can check the [full documentation](https://docs.pgconfig.org/api/#available-parameters) on the available configurations parameters.\n\nConfiguration example for variables (_those are the default values_):\n```yaml\npostgresql_autotune: true\npostgresql_autotune_base_url: https://api.pgconfig.org\npostgresql_autotune_pg_version: \"{{ postgresql_version }}\"\n# linux/windows/unix\npostgresql_autotune_os_type: linux\n# 386/x86-64\npostgresql_autotune_arch: x86-64\n# HDD/SSD/SAN\npostgresql_autotune_drive_type: SSD\n# WEB/OLTP/DW/Mixed/Desktop\npostgresql_autotune_env_name: OLTP\npostgresql_autotune_cpus: \"{{ ansible_processor_nproc | d('') }}\"\n# Total ram in GB\npostgresql_autotune_total_ram: \"{{ ((ansible_memtotal_mb / 1024) | round | int) | d('') }}\"\n```\n\n\n### Physical Replication\n----\nConfiguration example for the primary server: \n\n```yaml\npostgresql_replication: true\npostgresql_replication_user: replication_user\npostgresql_replication_password: replication_password\n\npostgresql_replication_role: primary\n# Used to generate hba rules to allow the specified servers to connect to the primary server\npostgresql_replication_replica_addresses: [192.168.1.6/32, 192.168.1.7/32]\n# User provided replication specific hba rules that overwrites the generated ones\npostgresql_replication_hba_entries: []\n # - contype: host\n # databases: replication\n # users: \"{{ postgresql_replication_user }}\"\n # address: \"{{ postgresql_replication_replica_address }}\"\n # method: \"{{ postgresql_replication_auth_method }}\"\n\n```\n\n\nConfiguration example for the replicas:\n\n```yaml\npostgresql_replication: true\npostgresql_replication_user: replication_user\npostgresql_replication_password: replication_password\n\npostgresql_replication_role: replica\npostgresql_replication_primary_address: 192.168.1.5\npostgresql_replication_primary_port: 5432\npostgresql_replication_primary_inventory_name: node1 # primary server name in the ansible inventory\n\n```\n\nUsing slots for replication:\n\n```yaml\npostgresql_replication_slot: replica1_slot\npostgresql_replication_create_slot: true\n```\nWhen set to true the variable `postgresql_replication_create_slot` ensures the specified replication slot exists before running the `pg_basebackup` command run to copy data from the primary.\n\n_Notes:_ \n\nWhen using the slot feature for replication, make sure to indicate a different slot for each replica. You can set that value in the host_vars for each server.\n\n\nAdvanced configuration:\n```yaml\n# Authentication method specific for the replica hosts\n# postgresql_replication_auth_method: \"{{ postgresql_auth_method }}\"\n# --checkpoint parameter value of the pg_basebackup command\npostgresql_pg_basebackup_checkpoint: fast # spread\n# --wal-method parameter value of the pg_basebackup command\npostgresql_pg_basebackup_walmethod: stream # none/stream/fetch\n# extra arguments appended to the build pg_basebackup command\npostgresql_pg_basebackup_args: \"\"\n\n# Actual pg_basebackup built with the previous parameters\n# DO NOT override this variable except you know what you are doing \npostgresql_pg_basebackup_cmd: {{ _postgresql_bin_path }}/pg_basebackup --no-password --host {{ postgresql_replication_primary_address }} --port {{ postgresql_replication_primary_port }} --username {{ postgresql_replication_user }} --pgdata {{ _postgresql_data_dir }} --checkpoint {{ postgresql_pg_basebackup_checkpoint }} {{ (postgresql_replication_slot != '') | ternary('--slot ' ~ postgresql_replication_slot, '') }} --wal-method {{ postgresql_pg_basebackup_walmethod }} --write-recovery-conf --verbose --progress {{ postgresql_pg_basebackup_args }}\n```\n\n### Vacuum\n----\n_(new in v2.0.0)_\n\nBy default vaccum is enabled (`postgresql_vacuum: true`), with vacuum and analyze planned daily at 23:00\n\nConfiguration example for vacuum.\n\nTo disable:\n```yaml\npostgresql_vacuum: false\n```\n\nTo change schedule to 21:00: \n```yaml\npostgresql_vacuum_schedule:\n minute: 0\n hour: 21\n```\n\nTo vacuum only (other options : vacuumanalyze, vacuumfull, vacuumonly, analyzeonly)\n```yaml\npostgresql_vacuum_option: \"vacuumonly\"\n```\n\n### Backup\n----\n\u003e :rotating_light: The provided backup script is not intended for use within Claranet environments. Claranet has superior and more robust backup solutions that should be used for production systems. This script is designed solely for development, testing, or demonstration purposes and should not replace established backup practices in live environments. :rotating_light:\n\nBy default, the backup is disabled (`postgresql_backup: false`).\n\nConfiguration example for backup.\n```yaml\n# Allow ansible to setup postgresql backups when running\npostgresql_backup: true\n# Root directory containing the backups\npostgresql_backup_root_dir: /var/backups/postgresql\npostgresql_backup_mail_addr: admin@email.com\npostgresql_backup_schedule:\n hour: 0\n minute: 0\n# 3 days retentions for daily backups\npostgresql_backup_brdaily: 3\n# disable weekly and monthly backups\npostgresql_backup_doweekly: 0\npostgresql_backup_domonthly: 0\n# Weekly and monthly backups are disabled so these values don't really matter\npostgresql_backup_brweekly: 0\npostgresql_backup_brmontly: 0\n```\n\n### Create/Remove database users\n----\nConfiguration example for managing users:\n\n```yaml\npostgresql_users:\n# Create two groups 'group1' and 'group2' by making use of thr role_attr_flags attribute\n - name: group1\n role_attr_flags: NOLOGIN\n - name: group2\n role_attr_flags: NOLOGIN\n# Create 'user1' and 'user2' with default parameters\n - name: user1\n - name: user2\n# Create user 'jdoe' with more personalized parameters\n - name: jdoe\n password: password\n comment: this is a test user\n expires: \"Jun 21 2029\"\n\npostgresql_memberships:\n# Ensure the role 'user1' belongs to group 'group1'\n - groups:\n - group1\n target_roles:\n - user1\n state: present\n# Ensure the role 'user2' does not belong to the group 'group2'\n - groups:\n - group2\n target_roles:\n - user2\n state: absent\n# Ensure the role 'jdoe' does not belong to any group\n - groups: []\n target_roles:\n - jdoe\n state: exact\n```\n\n_Notes:_\n\nCheck the links for a documentation on all the available options for defining items within the variables:\n- [`postgresql_users`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_user_module.html#parameters)\n- [`postgresql_memberships`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_membership_module.html#parameters).\n\n\n### Tablespaces\n----\n\nCOnfiguration example for managing tablespaces:\n\n```yaml\npostgresql_tablespaces:\n# Create tablespace 'ssd'\n - name: ssd\n set:\n random_page_cost: 1\n seq_page_cost: 1\n owner: jdoe\n location: /tmp/ssd\n location_create: true # default is false\n state: present # default is present\n location_owner: postgres # default is postgres\n location_group: postgres # default is postgres\n location_mode: '0700' # default is '0700'\n# Delete tablespaces 'temp2'\n - name: temp2\n state: absent\n location: /tmp/temp2_tblspc\n set:\n random_page_cost: 1\n owner: user1\n```\n\n_Notes:_\n\nWhen combining `location_create: true` with `state: present` the role will create the location of the tablespace with the specified permissions before creating the tablespace itself.\n\nIf you ensure the existence of that location by others means, feel free to not set the variables `location_*`.\n\n\n### Create/Remove databases\n----\n\nConfiguration example for managing databases:\n\n```yaml\npostgresql_databases:\n - name: db1\n owner: user1\n encoding: UTF-8\n lc_collate: en_US.UTF-8\n lc_ctype: en_US.UTF-8\n conn_limit: 100\n template: template0\n - name: db2\n owner: user2\n - name: db3\n state: absent\n\npostgresql_schemas:\n - name: acme\n db: db1\n - name: acme\n db: db2\n - name: not_existing_shema\n db: db1\n owner: user1\n state: absent\n cascade_drop: true\n\npostgresql_tables:\n - name: table1\n db: db1\n owner: user1\n columns:\n - id SERIAL PRIMARY KEY\n - name VARCHAR(50)\n - age INT\n - email VARCHAR(100)\n tablespace: ssd\n storage_params:\n - fillfactor=10\n - autovacuum_analyze_threshold=1\n - name: acme.table2\n db: db1\n columns: waste_id int\n unlogged: true\n```\n\n_Notes:_\n\nCheck the links for a documentation on all the available options for defining items within the variables:\n- [`postgresql_database`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_database_module.html#parameters)\n- [`postgresql_schema`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_schema_module.html#parameters)\n- [`postgresql_table`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_table_module.html#parameters)\n\n### Manage ownership and privileges\n----\n```yaml\npostgresql_privs:\n - roles: group1 # group1 and user1 are granted all privs on all object wihtin the public schema of the example db\n db: db1\n privs: ALL\n objs: table1\n type: table\n # schema: public\n grant_option: true\n - roles: user2 # grant user2 user all privs on postgres database\n db: postgres\n type: database\n privs: ALL\n objs: db1,db2\n grant_option: true\n - roles : group1 # grant group1 role all privs on all tables and all sequences of database db1\n db: db1\n objs: TABLES,SEQUENCES\n privs: ALL\n type: default_privs\n\n\npostgresql_ownerships:\n - db: db1\n new_owner: user1\n obj_name: table1\n obj_type: table\n - db: db2 # reassign all dbs owned by user1 to user2 and all objects in db2 to user2\n new_owner: user2\n reassign_owned_by: user1\n```\n_Notes:_\n\nCheck the links for a documentation on all the available options for defining items within the variables:\n- [`postgresql_ownerships`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_owner_module.html#parameters) \n- [`postgresql_privs`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_privs_module.html#parameters)\n\n\n\n### Extensions management\n----\nConfiguration example for extensions management:\n\n```yaml\npostgresql_extensions:\n - name: pg_stat_statements\n db: db1\n cascade: true\n version: latest\n schema: public\n - name: non_existing_extension\n db: db1\n state: absent\n```\n\n_Notes:_\n\nFor the extensions with `state: present, version: latest`, the role will always report `changed: false` as the underlying module does not differentiate when the extension is actually updated or not.\n\n\n\n### SQL executions\n----\nConfiguration example for running sql:\n```yaml\npostgresql_queries:\n - query: SELECT version()\n db: db1\n - query:\n - select * from public.table1\n db: db1\npostgresql_scripts:\n - path: /tmp/insert_in_table1.sql\n db: db1\n```\n\n_Notes:_\n\nCheck the links for a documentation on all the available options for defining items within the variables:\n- [`postgresql_queries`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_query_module.html#parameters)\n- [`postgresql_scripts`](https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_script_module.html#parameters).\n\n\n### Advanced customized installation\n----\nIt is highly recommended you modify these variables only if you know what you're doing.\n```yaml\n# New postgresql installation datadir\npostgresql_data_dir: \n# Extra arguments passed to the initdb binary during database initialization\npostgresql_initdb_extra_args: ''\n# Debian only. postgresql cluster name\npostgresql_cluster_name: main\n\n# PostgreSQL system user/group\npostgresql_user: postgres\npostgresql_group: postgres\n\n# Postgresql service state after role run\npostgresql_service_state: started\n# Whether or not to enable the postgresql service after installation\npostgresql_service_enabled: true\n# PostgreSQL unix_socket_directories config parameter\npostgresql_unix_socket_directories: [/run/postgresql]\n\n# Permissions for the PostgreSQL unix sockets (default is distro dependant)\npostgresql_unix_socket_directories_mode: ''\n\n# Permissions for the postgresql log directory\npostgresql_log_directory_mode: '0700'\n# Whether or not to create a tmpfiles.d postgresql file to persist permissions on unix socket directories and log directories accross system rebbots \npostgresql_persist_permissions: true\n# Path to the template used by Ansible to create the tempfile conf to persist permissions \n# You can update this path to a custom file to completely customize the persisting rules\npostgresql_tempfile_src_template_path: etc/tmpfiles.d/postgresql-common.conf.j2\n# Destination path for the tempfile configuration\npostgresql_tempfile_dest_path: /etc/tmpfiles.d/postgresql-common.conf\n# File permissions and owner/group of the postgresql tempfile configuration\npostgresql_tempfile_mode: '0644'\npostgresql_tempfile_owner: root\npostgresql_tempfile_group: root\n\n```\n\n### Uninstallation\n----\nIf you want to uninstall a Postgresql installation with this role, set both variables `postgresql_uninstall_1`, `postgresql_uninstall_1` to `true` and use the corresponding tag (`uninstallation`).\n\n## :pencil2: Full Example Playbook\n\n```yaml\n---\n- name: Converge\n hosts: all\n become: true\n gather_facts: true\n\n vars:\n postgresql_version: \"15\"\n\n # Run debug tasks withint the role \n postgresql_debug: true\n\n # Configuration\n postgresql_port: 5432\n postgresql_listen_addresses: 0.0.0.0\n postgresql_shared_preload_libraries:\n - pg_stat_statements\n postgresql_max_connections: 100\n # Custom configuration options provided by the user\n postgresql_global_config_options_extra:\n - option: log_statement\n value: all\n postgresql_hba_entries_extra: []\n # - {contype: local, databases: all, users: postgres, method: peer}\n\n postgresql_autotune: true\n # postgresql_autotune_base_url: http://192.168.56.101:3000\n\n postgresql_users_no_log: false\n postgresql_users:\n # Create two groups 'group1' and 'group2' by making use of thr role_attr_flags attribute\n - name: group1\n role_attr_flags: NOLOGIN\n - name: group2\n role_attr_flags: NOLOGIN\n # Create 'user1' and 'user2' with default parameters\n - name: user1\n - name: user2\n # Create user 'jdoe' with more personalized parameters\n - name: jdoe\n password: password\n comment: this is a test user\n expires: \"Jun 21 2029\"\n\n postgresql_memberships:\n # Ensure the role 'user1' belongs to group 'group1'\n - groups:\n - group1\n target_roles:\n - user1\n state: present\n # Ensure the role 'user2' does not belong to the group 'group2'\n - groups:\n - group2\n target_roles:\n - user2\n state: absent\n # Ensure the role 'jdoe' does not belong to any group\n - groups: []\n target_roles:\n - jdoe\n state: exact\n\n postgresql_tablespaces:\n # Create tablespace 'ssd'\n - name: ssd\n set:\n random_page_cost: 1\n seq_page_cost: 1\n owner: jdoe\n location: /tmp/ssd\n location_create: true # default is false\n state: present # default is present\n location_owner: postgres # default is postgres\n location_group: postgres # default is postgres\n location_mode: '0700' # default is '0700'\n # Delete tablespaces 'temp2'\n - name: temp2\n state: absent\n location: /tmp/temp2_tblspc\n set:\n random_page_cost: 1\n owner: user1\n\n postgresql_databases:\n - name: db1\n owner: user1\n encoding: UTF-8\n lc_collate: en_US.UTF-8\n lc_ctype: en_US.UTF-8\n conn_limit: 100\n template: template0\n - name: db2\n owner: user2\n - name: db3\n state: absent\n\n postgresql_schemas:\n - name: acme\n db: db1\n - name: acme\n db: db2\n - name: not_existing_shema\n db: db1\n state: absent\n cascade_drop: true\n\n postgresql_tables:\n - name: table1\n db: db1\n owner: user1\n columns:\n - id SERIAL PRIMARY KEY\n - name VARCHAR(50)\n - age INT\n - email VARCHAR(100)\n tablespace: ssd\n storage_params:\n - fillfactor=10\n - autovacuum_analyze_threshold=1\n - name: acme.table2\n db: db1\n columns: waste_id int\n unlogged: true\n # like: public.table1\n # including: comments, indexes\n # - name: table2\n # db: db1\n # truncate: true\n # - name: acme.table2\n # db: db1\n # like: public.table2\n # - name: table2\n # db: db2\n # state: absent\n # cascade: true\n\n\n postgresql_extensions:\n - name: pg_stat_statements\n db: db1\n cascade: true\n version: latest\n schema: public\n - name: non_existing_extension\n db: db1\n state: absent\n\n\n postgresql_queries:\n - query: SELECT version()\n db: db1\n - query:\n - select * from public.table1\n db: db1\n postgresql_scripts:\n - path: /tmp/insert_in_table1.sql\n db: db1\n\n postgresql_privs:\n - roles: group1 # group1 and user1 are granted all privs on all object wihtin the public schema of the example db\n db: db1\n privs: ALL\n objs: table1\n type: table\n # schema: public\n grant_option: true\n - roles: user2 # grant nreslou user all privs on nreslou database by first connecting to the postgres maintenance db\n db: postgres\n type: database\n privs: ALL\n objs: db1,db2\n grant_option: true\n # - roles: user1\n # db: db2\n # type: function\n # objs: add(int:int)\n # privs: ALL\n # grant_option: true\n\n postgresql_ownerships:\n - db: db1\n new_owner: user1\n obj_name: table1\n obj_type: table\n # - db: db2 # reassign all dbs owned by user1 to user2 and all objects in db2 to user2\n # new_owner: user2\n # reassign_owned_by: user1\n\n # standalone installation\n postgresql_replication: false\n\n # Disable backups setup by Ansible\n postgresql_backup: false\n\n\n roles:\n - role: claranet.postgresql\n```\n\n## :closed_lock_with_key: [Hardening](HARDENING.md)\n\n## :heart_eyes_cat: [Contributing](CONTRIBUTING.md)\nCheckout the [Contributing](CONTRIBUTING.md) if you are looking for a guide on how to setup an environnement so you can test this role as a developper.\n\n\n## :copyright: [License](LICENSE)\n\n[Mozilla Public License Version 2.0](https://www.mozilla.org/en-US/MPL/2.0/)\n\n## Author information\n\nProudly made by the Claranet team and inspired by:\n- [Jeff Geerling](https://github.com/geerlingguy/ansible-role-postgresql)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclaranet%2Fansible-role-postgresql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclaranet%2Fansible-role-postgresql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclaranet%2Fansible-role-postgresql/lists"}