https://github.com/cesnet/ansible-role-postgresql

Ansible Galaxy role cesnet.postgresql
https://github.com/cesnet/ansible-role-postgresql

Last synced: about 1 month ago
JSON representation

Ansible Galaxy role cesnet.postgresql

• Host: GitHub
• URL: https://github.com/cesnet/ansible-role-postgresql
• Owner: CESNET
• License: apache-2.0
• Created: 2019-09-23T15:52:36.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2026-01-27T13:42:33.000Z (about 2 months ago)
• Last Synced: 2026-01-28T00:53:04.507Z (about 2 months ago)
• Size: 59.6 KB
• Stars: 2
• Watchers: 8
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
postgresql

==========

Ansible Galaxy role [cesnet.postgresql](https://galaxy.ansible.com/cesnet/postgresql) that installs PostgreSQL 

server from PGDG repository.

Role Variables

--------------

- **postgresql_version** - version to install, prevents automatic major version upgrade, default is 17

- **postgresql_hold_upgrades** - block server from automcatic upgrades and thus restarts, default is yes

- **postgresql_allow_remote_connections** - boolean flag for listening on all network interfaces, default is yes

- **postgresql_daily_backup** - boolean flag whether to dump DB content into file /var/lib/postgresql/backup.sql.xz, default is True

- **postgresql_daily_backup_hour** and **postgresql_daily_backup_minute** - the hour and minute for the cron job making the DB dump, default is 20:50  

- **postgresql_daily_backup_more_commands** - shell commands to be added to the backup cronjob, perhaps copying the backup somewhere else

- **postgresql_settings** - dictionary of key-value pairs to be set using ALTER SYSTEM in $PGDATA/postgresql.auto.conf file, which is read in addition to postgresql.conf

- **postgresql_db_user** - when set, creates a PostgreSQL user

- **postgresql_db_user_password** - password for the user

- **postgresql_db_name** - when set, creates a database owned by the user

- **postgresql_certificate_file** - path to PEM-encoded certificate, used for remote TLS connections (JDBC checks it)

- **postgresql_certificate_key_file** - path to private key

- **postgresql_certificate_chain_file** - path to CA certificate chain

- **postgresql_pgwatch_password** - if defined, user pgwatch with connect privilege is created and extension pg_stat_statements is added

- **postgresql_pg_hba_add_allow_all** when set to false, pg_hba.conf entry allowing all connections isn't added.

- **postgresql_pg_hba_auth_method** allows changing the auth method for the pg_hba added by this role, default is md5 (for backward compatibility).

        

Example Playbook

----------------

```yaml

- hosts: all

  roles:

    - role: cesnet.postgresql

      vars:

        postgresql_version: 17

        postgresql_hold_upgrades: no

        postgresql_allow_remote_connections: yes

        postgresql_daily_backup: yes

        postgresql_daily_backup_hour: 20

        postgresql_daily_backup_minute: 50

        postgresql_settings:

            max_connections: 100

            max_pred_locks_per_transaction: 64

        postgresql_db_user: "john"

        postgresql_db_user_password: "X6v38GYN3RxZUYg"

        postgresql_db_name: "cities"

        postgresql_certificate_file: "/etc/ssl/localcerts/host_cert.pem"

        postgresql_certificate_key_file: "/etc/ssl/localcerts/host_key.pem"

        postgresql_certificate_chain_file: "/etc/ssl/localcerts/terena_ssl_ca_3.pem"

```