Flag pg installation

trustification · Oct 25, 2024 · ebcfee0 · ebcfee0
1 parent 01b7a99
commit ebcfee0
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 0 deletions.
diff --git a/roles/tpa_single_node/tasks/infra/main.yml b/roles/tpa_single_node/tasks/infra/main.yml
@@ -1,4 +1,11 @@
 ---
+- name: Configure and deploy Postgres
+  ansible.builtin.include_tasks: infra/postgresql.yml
+  args:
+    apply:
+      become: true
+  when: tpa_single_node_pg_install_enabled
+
 - name: Configure OIDC
   ansible.builtin.include_tasks: infra/oidc.yml
 

diff --git a/roles/tpa_single_node/tasks/infra/postgresql.yml b/roles/tpa_single_node/tasks/infra/postgresql.yml
@@ -0,0 +1,68 @@
+# @postgres-remove
+---
+- name: "Find out if PostgreSQL is initialized"
+  ansible.builtin.stat:
+    path: "/var/lib/pgsql/data/pg_hba.conf"
+  register: postgres_data
+
+- name: "Initialize PostgreSQL"
+  shell: "postgresql-setup --initdb"
+  when: not postgres_data.stat.exists
+
+- name: "Start and enable services"
+  service: "name={{ item }} state=started enabled=yes"
+  with_items:
+    - postgresql
+
+- name: "Install Python packages"
+  ansible.builtin.pip:
+    name: psycopg2-binary
+
+- name: "Create app database"
+  postgresql_db:
+    state: present
+    name: "{{ tpa_single_node_pg_db }}"
+  become: yes
+  become_user: postgres
+
+- name: "Create db user"
+  postgresql_user:
+    state: present
+    name: "{{ tpa_single_node_pg_user }}"
+    password: "{{ tpa_single_node_pg_user_passwd }}"
+  become: yes
+  become_user: postgres
+
+- name: "Grant db user access to app db"
+  postgresql_privs:
+    type: database
+    database: "{{ tpa_single_node_pg_db }}"
+    roles: "{{ tpa_single_node_pg_user }}"
+    grant_option: no
+    privs: all
+  become: yes
+  become_user: postgres
+
+- name: "Ensure the IP is set to all"
+  lineinfile:
+    path: /var/lib/pgsql/data/postgresql.conf
+    regexp: '^#?listen_addresses ='
+    line: "listen_addresses = '*'"
+    state: present
+
+- name: "Allow md5 connection for the db user"
+  postgresql_pg_hba:
+    dest: "/var/lib/pgsql/data/pg_hba.conf"
+    contype: host
+    databases: all
+    source: 0.0.0.0/0
+    method: md5
+    users: all
+    create: true
+  become: yes
+  become_user: postgres
+
+- name: Restart postgres
+  ansible.builtin.service:
+    name: postgresql
+    state: restarted
diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml
@@ -10,6 +10,7 @@ tpa_single_node_systemd_directory: /etc/systemd/system
 tpa_single_node_default_empty: ""
 
 # DB_SERVICE
+tpa_single_node_pg_install_enabled: false
 tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}"
 tpa_single_node_pg_port: 5432
 tpa_single_node_pg_db: guac