commit 04afd73ef622cfb797957fbe3ca8a942190e0d0d Author: vanzhiganov Date: Tue Jan 28 18:20:23 2025 +0300 init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c13bb9b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +inventory.ini \ No newline at end of file diff --git a/inventory.tpl.ini b/inventory.tpl.ini new file mode 100644 index 0000000..6086e61 --- /dev/null +++ b/inventory.tpl.ini @@ -0,0 +1,7 @@ +app-1 ansible_host=localhost ansible_user=root ansible_port=22 ansible_python_interpreter=python3 + +[app] +app-1 + +[db] +app-1 \ No newline at end of file diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..375f1ed --- /dev/null +++ b/playbook.yml @@ -0,0 +1,18 @@ +--- +- hosts: app + become: yes + roles: + - app + tags: + - app + +- hosts: db + become: yes + roles: + - pg + vars: + - db_name: "nativecloud" + - db_password: "password" + - db_user: "nativecloud" + tags: + - pg diff --git a/roles/app/tasks/Rocky-9.yml b/roles/app/tasks/Rocky-9.yml new file mode 100644 index 0000000..d9a1b18 --- /dev/null +++ b/roles/app/tasks/Rocky-9.yml @@ -0,0 +1,8 @@ +--- +- name: Install postgresql-server package + package: + name: [ + gcc, + python3-devel, + ] + state: present diff --git a/roles/app/tasks/main.yml b/roles/app/tasks/main.yml new file mode 100644 index 0000000..60af44c --- /dev/null +++ b/roles/app/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" diff --git a/roles/pg/handlers/main.yml b/roles/pg/handlers/main.yml new file mode 100644 index 0000000..ecf5028 --- /dev/null +++ b/roles/pg/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: restart postgres + service: + name: postgresql + state: restarted + +- name: reload postgresql + service: + name: postgresql + state: reloaded diff --git a/roles/pg/tasks/Rocky-9.yml b/roles/pg/tasks/Rocky-9.yml new file mode 100644 index 0000000..aafc2bc --- /dev/null +++ b/roles/pg/tasks/Rocky-9.yml @@ -0,0 +1,52 @@ +- name: Install postgresql-server package + package: + name: [ + postgresql-server, + python3-psycopg2 + ] + state: present + +- name: initialize postgresql + command: postgresql-setup initdb + args: + creates: /var/lib/pgsql/data/pg_hba.conf + notify: + - reload postgresql + +- name: configure pg_hba.conf + copy: + dest: /var/lib/pgsql/data/pg_hba.conf + content: | + local koji koji trust + local all postgres peer + mode: preserve + notify: + - reload postgresql + +- name: disable TCP/IP for postgres + lineinfile: + dest: /var/lib/pgsql/data/postgresql.conf + regexp: '^#listen_addresses' + line: "listen_addresses = ''" + notify: + - reload postgresql + +# Note: this is not in the upstream documentation. It's still under discussion +# upstream, see +# https://lists.fedorahosted.org/archives/list/koji-devel@lists.fedorahosted.org/thread/NMDIDYS7CZWB3SMPT6UO2P5WGZXKIZVW/ +- name: increase number of max connections + lineinfile: + dest: /var/lib/pgsql/data/postgresql.conf + regexp: '^max_connections' + line: "max_connections = 500" + notify: + - reload postgresql + when: + - ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 7 + # - ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 7 + +- name: start postgresql + service: + name: postgresql + state: started + enabled: true diff --git a/roles/pg/tasks/main.yml b/roles/pg/tasks/main.yml new file mode 100644 index 0000000..94f4a35 --- /dev/null +++ b/roles/pg/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- include_tasks: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" +- include_tasks: postgres.yml diff --git a/roles/pg/tasks/postgres.yml b/roles/pg/tasks/postgres.yml new file mode 100644 index 0000000..f28531d --- /dev/null +++ b/roles/pg/tasks/postgres.yml @@ -0,0 +1,25 @@ +--- +- name: "Create app database" + postgresql_db: + state: present + name: "{{ db_name }}" + become: yes + become_user: postgres + +- name: "Create db user" + postgresql_user: + state: present + name: "{{ db_user }}" + password: "{{ db_password }}" + become: yes + become_user: postgres + +- name: "Grant db user access to app db" + postgresql_privs: + type: database + database: "{{ db_name }}" + roles: "{{ db_user }}" + grant_option: no + privs: all + become: yes + become_user: postgres