-
Notifications
You must be signed in to change notification settings - Fork 140
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
21 changed files
with
740 additions
and
1,184 deletions.
There are no files selected for viewing
311 changes: 203 additions & 108 deletions
311
Ansible/ansible_collections/jfrog/platform/roles/postgres/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,108 +1,203 @@ | ||
| # Default version of Postgres server to install. | ||
| postgres_version: 13 | ||
|
|
||
| # Default listen_addresses of Postgres server | ||
| postgres_listen_addresses: 0.0.0.0 | ||
|
|
||
| # Default port of Postgres server | ||
| postgres_port: 5432 | ||
|
|
||
| # Location of GPG key used to sign the RPMs | ||
| postgres_rpmkey_url: "https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL" | ||
|
|
||
| # Server version in package: | ||
| postgres_server_pkg_version: "{{ postgres_version | replace('.', '') }}" | ||
|
|
||
| # Whether or not the files are on ZFS. | ||
| postgres_server_volume_is_zfs: false | ||
|
|
||
| # Postgres setting max_connections. | ||
| postgres_server_max_connections: 1000 | ||
|
|
||
| # Postgres setting shared_buffers. | ||
| postgres_server_shared_buffers: 128MB | ||
|
|
||
| # Postgres setting maintenance_work_mem. | ||
| postgres_server_maintenance_work_mem: 64MB | ||
|
|
||
| # Postgres setting effective_io_concurrency. | ||
| postgres_server_effective_io_concurrency: 1 | ||
|
|
||
| # Postgres setting max_worker_processes. | ||
| postgres_server_max_worker_processes: 8 | ||
|
|
||
| # Postgres setting max_parallel_maintenance_workers. | ||
| postgres_server_max_parallel_maintenance_workers: 2 | ||
|
|
||
| # Postgres setting max_parallel_workers_per_gather. | ||
| postgres_server_max_parallel_workers_per_gather: 2 | ||
|
|
||
| # Postgres setting parallel_leader_participation. | ||
| postgres_server_parallel_leader_participation: true | ||
|
|
||
| # Postgres setting max_parallel_workers. | ||
| postgres_server_max_parallel_workers: 8 | ||
|
|
||
| # Postgres setting max_locks_per_transaction. | ||
| postgres_server_max_locks_per_transaction: 64 | ||
|
|
||
| # Configuration for "random access" cost. | ||
| postgres_server_random_page_cost: "4.0" | ||
|
|
||
| # User name that the postgres user runs as. | ||
| postgres_user: postgres | ||
|
|
||
| postgres_locale: "en_US.UTF-8" | ||
| # Whether or not to lock checkpoints. | ||
| postgres_server_log_checkpoints: false | ||
|
|
||
| # Whether or not to lock connects. | ||
| postgres_server_log_connections: false | ||
|
|
||
| # Whether or not to lock disconnects. | ||
| postgres_server_log_disconnections: false | ||
|
|
||
| # Whether or not to log duration | ||
| postgres_server_log_duration: false | ||
|
|
||
| # Error logging verbosity. | ||
| postgres_server_log_error_verbosity: "default" | ||
|
|
||
| # Whether or not to log the host name. | ||
| postgres_server_log_hostname: false | ||
|
|
||
| # Whether or not to lock waits. | ||
| postgres_server_log_lock_waits: false | ||
|
|
||
| # Which statements to log. | ||
| postgres_server_log_statements: "none" | ||
|
|
||
| # Whether or not to enable the auto_explain module. | ||
| postgres_server_auto_explain_enabled: false | ||
|
|
||
| # Minimal duration to log auto explain for. | ||
| postgres_server_auto_explain_log_min_duration: -1 | ||
|
|
||
| # Whether or not to use EXPLAIN ANALYZE. | ||
| postgres_server_auto_explain_log_analyze: true | ||
|
|
||
| # Sets the hosts that can access the database | ||
| postgres_allowed_hosts: | ||
| - { | ||
| type: "host", | ||
| database: "all", | ||
| user: "all", | ||
| address: "0.0.0.0/0", | ||
| method: "trust", | ||
| } | ||
|
|
||
| # PostgreSQL misc settings | ||
| postgresql_bin_path: "{{ default_postgresql_bin_path }}" | ||
| postgresql_config_path: "{{ default_postgresql_config_path }}" | ||
| postgresql_data_dir: "{{ default_postgresql_data_dir }}" | ||
| postgresql_daemon: "{{ default_postgresql_daemon }}" | ||
| postgresql_external_pid_file: "{{ default_postgresql_external_pid_file }}" | ||
|
|
||
| postgres_apt_key_id: "{{ default_postgres_apt_key_id }}" | ||
| postgres_apt_key_url: "{{ default_postgres_apt_key_url }}" | ||
| postgres_apt_repository_repo: "{{ default_postgres_apt_repository_repo }}" | ||
| --- | ||
| # Defaults file for postgres | ||
|
|
||
| # Postgres version to install (default: 13) | ||
| postgresql_version: '13' | ||
|
|
||
| # Set to true if you want to use PostgreSQL official repository (default: false) | ||
| # By design this role installs PostgreSQL included with the distribution. | ||
| postgresql_use_official_repos: false | ||
|
|
||
| # Define PostgreSQL user/group (default: postgres) | ||
| postgresql_user: postgres | ||
| postgresql_group: postgres | ||
|
|
||
| # PostgreSQL Password Authentication method | ||
| # https://www.postgresql.org/docs/current/auth-password.html | ||
| # `md5` or `scram-sha-256` (md5 is deprecated) | ||
| postgresql_auth_method: 'scram-sha-256' | ||
|
|
||
| # Define the locales for PostgreSQL databases. | ||
| postgresql_locale: 'en_US.UTF-8' | ||
|
|
||
| # Host based authentication (hba) entries to be added to the pg_hba.conf. This | ||
| # variable's defaults reflect the defaults that come with a fresh installation. | ||
| postgresql_hba_entries: | ||
| - {type: local, database: all, user: postgres, auth_method: peer} | ||
| - {type: local, database: all, user: all, auth_method: peer} | ||
| - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"} | ||
| - {type: host, database: all, user: all, address: '::1/128', auth_method: "{{ postgresql_auth_method }}"} | ||
| # - {type: host, database: all, user: all, address: '0.0.0.0/0', auth_method: trust } | ||
|
|
||
| # Whether to output user data when managing users. | ||
| postgres_users_no_log: true | ||
|
|
||
| # Base configuration option that will be set by default. | ||
| # Any of these can be overriden in `postgresql_custom_config_options` | ||
| postgresql_default_config_options: | ||
| - option: 'unix_socket_directories' | ||
| value: "{{ postgresql_unix_socket_directories | join(',') }}" | ||
| - option: 'external_pid_file' | ||
| value: "{{ postgresql_external_pid_file }}" | ||
| - option: 'max_connections' | ||
| value: '1000' | ||
|
|
||
| # Custom configuration options that will be set in postgresql.conf. | ||
| # For logging option refer to: https://www.postgresql.org/docs/current/runtime-config-logging.html | ||
| postgresql_custom_config_options: [] | ||
|
|
||
| # Example below to configure a total of 1GB per week of logs | ||
| # Ensure you set postgresql_add_logrotate to true | ||
| # Compatible with pgbadger | ||
|
|
||
| # postgresql_custom_config_options: | ||
| # - option: 'logging_collector' | ||
| # value: 'on' | ||
| # - option: 'log_directory' | ||
| # value: '/var/log/postgresql' | ||
| # - option: 'log_filename' | ||
| # value: 'postgresql-%Y%m%d%H%M%S.log' | ||
| # - option: 'log_file_mode' | ||
| # value: '0600' | ||
| # - option: 'log_truncate_on_rotation' | ||
| # value: 'on' | ||
| # - option: 'log_rotation_age' | ||
| # value: '1d' | ||
| # - option: 'log_rotation_size' | ||
| # value: '143000' | ||
| # - option: 'log_line_prefix' | ||
| # value: '%t [%p]: db=%d,user=%u,app=%a,client=%h ' | ||
| # - option: 'log_min_duration_statement' | ||
| # value: '0' | ||
| # - option: 'log_checkpoints' | ||
| # value: 'on' | ||
| # - option: 'log_connections' | ||
| # value: 'on' | ||
| # - option: 'log_disconnections' | ||
| # value: 'on' | ||
| # - option: 'log_lock_waits' | ||
| # value: 'on' | ||
| # - option: 'log_temp_files' | ||
| # value: '0' | ||
| # - option: 'log_autovacuum_min_duration' | ||
| # value: '0' | ||
| # - option: 'log_error_verbosity' | ||
| # value: 'default' | ||
|
|
||
| # Set to true if you want to add logrotate option. | ||
| # Will be applied if log_directory is not a relative path+. | ||
| postgresql_add_logrotate: false | ||
| postgresql_logrotate_content: | | ||
| {{ postgresql_effective_log_dir }}/*.log { | ||
| hourly | ||
| missingok | ||
| rotate 7 | ||
| compress | ||
| delaycompress | ||
| notifempty | ||
| nocreate | ||
| } | ||
| # Postgresql users and databases default configuration | ||
| # Every setting can be overwritten by providing the `artifactory_db_name` or similar | ||
| postgresql_databases_users: | ||
|
|
||
| artifactory: | ||
| name: "{{ artifactory_db_name | d('artifactory') }}" | ||
| username: "{{ artifactory_db_user_name | d('artifactory') }}" | ||
| userpass: "{{ artifactory_db_user_pass | d('yRQBPdbTsYVd9MFqBBnbrh') }}" | ||
| userpass_encrypted: "{{ artifactory_db_user_pass_encrypted | d('true') }}" | ||
| userprivs: "{{ artifactory_db_user_privs | d(['ALL']) }}" | ||
| owner: "{{ artifactory_db_owner | d(postgresql_databases.artifactory.user) }}" | ||
| lc_collate: "{{ artifactory_db_lc_collate | d(postgresql_locale) }}" | ||
| lc_ctype: "{{ artifactory_db_lc_ctype | d(postgresql_locale) }}" | ||
| encoding: "{{ artifactory_db_encoding | d('UTF-8') }}" | ||
| template: "{{ artifactory_db_template | d('template0') }}" | ||
| login_host: "{{ artifactory_db_login_host | d('localhost') }}" | ||
| login_port: "{{ artifactory_db_login_port | d(null) }}" | ||
| login_user: "{{ artifactory_db_login_user | d(postgresql_user) }}" | ||
| login_password: "{{ artifactory_db_login_password | d(null) }}" | ||
| login_unix_socket: "{{ artifactory_db_unix_socket | d(null) }}" | ||
| state: "{{ artifactory_db_state | d(artifactory_enabled | d(true) | bool | ternary('present', 'absent')) }}" | ||
| driver: "{{ artifactory_db_driver | d('org.postgresql.Driver') }}" | ||
| url: >- | ||
| jdbc:postgresql:// | ||
| {{ (hostvars[groups['postgres_servers'][0]].ansible_host | d(hostvars[groups['postgres_servers'][0]].ansible_default_ipv4.address | d('127.0.0.1'))) }}: | ||
| {{ artifactory_db_login_port | d('5432') }}/ | ||
| {{ artifactory_db_name | d('artifactory') }}?sslmode=disable | ||
| xray: | ||
| name: "{{ xray_db_name | d('xray') }}" | ||
| username: "{{ xray_db_user_name | d('xray') }}" | ||
| userpass: "{{ xray_db_user_pass | d('mYT5izjC4XkDmafv7wUbs4') }}" | ||
| userpass_encrypted: "{{ xray_db_user_pass_encrypted | d('true') }}" | ||
| userprivs: "{{ xray_db_user_privs | d(['ALL']) }}" | ||
| owner: "{{ xray_db_owner | d(postgresql_databases.xray.user) }}" | ||
| lc_collate: "{{ xray_db_lc_collate | d(postgresql_locale) }}" | ||
| lc_ctype: "{{ xray_db_lc_ctype | d(postgresql_locale) }}" | ||
| encoding: "{{ xray_db_encoding | d('UTF-8') }}" | ||
| template: "{{ xray_db_template | d('template0') }}" | ||
| login_host: "{{ xray_db_login_host | d(null) }}" | ||
| login_port: "{{ xray_db_login_port | d(null) }}" | ||
| login_user: "{{ xray_db_login_user | d(postgresql_user) }}" | ||
| login_password: "{{ xray_db_login_password | d(null) }}" | ||
| login_unix_socket: "{{ xray_db_unix_socket | d(null) }}" | ||
| state: "{{ xray_db_state | d(xray_enabled | d(true) | bool | ternary('present', 'absent')) }}" | ||
| driver: "{{ xray_db_driver | d('org.postgresql.Driver') }}" | ||
| url: >- | ||
| jdbc:postgresql:// | ||
| {{ (hostvars[groups['postgres_servers'][0]].ansible_host | d(hostvars[groups['postgres_servers'][0]].ansible_default_ipv4.address | d('127.0.0.1'))) }}: | ||
| {{ xray_db_login_port | d('5432') }}/ | ||
| {{ xray_db_name | d('xray') }}?sslmode=disable | ||
| distribution: | ||
| name: "{{ distribution_db_name | d('distribution') }}" | ||
| username: "{{ distribution_db_user_name | d('distribution') }}" | ||
| userpass: "{{ distribution_db_user_pass | d('XSaP2U8BSCAmLrek4Hb7Vx') }}" | ||
| userpass_encrypted: "{{ distribution_db_user_pass_encrypted | d('true') }}" | ||
| userprivs: "{{ distribution_db_user_privs | d(['ALL']) }}" | ||
| owner: "{{ distribution_db_owner | d(postgresql_users.distribution.user) }}" | ||
| lc_collate: "{{ distribution_db_lc_collate | d(postgresql_locale) }}" | ||
| lc_ctype: "{{ distribution_db_lc_ctype | d(postgresql_locale) }}" | ||
| encoding: "{{ distribution_db_encoding | d('UTF-8') }}" | ||
| template: "{{ distribution_db_template | d('template0') }}" | ||
| login_host: "{{ distribution_db_login_host | d(null) }}" | ||
| login_port: "{{ distribution_db_login_port | d(null) }}" | ||
| login_user: "{{ distribution_db_login_user | d(postgresql_user) }}" | ||
| login_password: "{{ distribution_db_login_password | d(null) }}" | ||
| login_unix_socket: "{{ distribution_db_unix_socket | d(null) }}" | ||
| state: "{{ distribution_db_state | d(distribution_db_state | d(true) | bool | ternary('present', 'absent')) }}" | ||
| driver: "{{ distribution_db_driver | d('org.postgresql.Driver') }}" | ||
| url: >- | ||
| jdbc:postgresql:// | ||
| {{ (hostvars[groups['postgres_servers'][0]].ansible_host | d(hostvars[groups['postgres_servers'][0]].ansible_default_ipv4.address | d('127.0.0.1'))) }}: | ||
| {{ distribution_db_login_port | d('5432') }}/ | ||
| {{ distribution_db_name | d('distribution') }}?sslmode=disable | ||
| insight: | ||
| name: "{{ insight_db_name | d('insight') }}" | ||
| username: "{{ insight_db_user_name | d('insight') }}" | ||
| userpass: "{{ insight_db_user_pass | d('JJ49gTYWzFA5psTjyy5bFu') }}" | ||
| userpass_encrypted: "{{ insight_db_user_pass_encrypted | d('true') }}" | ||
| userprivs: "{{ insight_db_user_privs | d(['ALL']) }}" | ||
| owner: "{{ insight_db_owner | d(postgresql_users.insight.user) }}" | ||
| lc_collate: "{{ insight_db_lc_collate | d(postgresql_locale) }}" | ||
| lc_ctype: "{{ insight_db_lc_ctype | d(postgresql_locale) }}" | ||
| encoding: "{{ insight_db_encoding | d('UTF-8') }}" | ||
| template: "{{ insight_db_template | d('template0') }}" | ||
| login_host: "{{ insight_db_login_host | d(null) }}" | ||
| login_port: "{{ insight_db_login_port | d(null) }}" | ||
| login_user: "{{ insight_db_login_user | d(postgresql_user) }}" | ||
| login_password: "{{ insight_db_login_password | d(null) }}" | ||
| login_unix_socket: "{{ insight_db_unix_socket | d(null) }}" | ||
| state: "{{ insight_db_state | d(insight_enabled | d(true) | bool | ternary('present', 'absent')) }}" | ||
| driver: "{{ insight_db_driver | d('org.postgresql.Driver') }}" | ||
| url: >- | ||
| jdbc:postgresql:// | ||
| {{ (hostvars[groups['postgres_servers'][0]].ansible_host | d(hostvars[groups['postgres_servers'][0]].ansible_default_ipv4.address | d('127.0.0.1'))) }}: | ||
| {{ insight_db_login_port | d('5432') }}/ | ||
| {{ insight_db_name | d('insight') }}?sslmode=disable | ||
| # RHEL/CentOS only. Define repositories to enable/disable for PostgreSQL installation. | ||
| postgresql_install_enablerepo: [] | ||
| postgresql_install_disablerepo: [] |
12 changes: 6 additions & 6 deletions
12
Ansible/ansible_collections/jfrog/platform/roles/postgres/handlers/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| --- | ||
| - name: Restart postgresql | ||
| become: true | ||
| ansible.builtin.systemd: | ||
| name: "{{ postgresql_daemon }}" | ||
| state: restarted | ||
| --- | ||
| - name: Restart PostgreSQL | ||
| become: true | ||
| ansible.builtin.systemd_service: | ||
| name: "{{ postgresql_daemon }}" | ||
| state: restarted |
55 changes: 28 additions & 27 deletions
55
Ansible/ansible_collections/jfrog/platform/roles/postgres/meta/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,28 @@ | ||
| --- | ||
| dependencies: [] | ||
|
|
||
| galaxy_info: | ||
| author: "JFrog Maintainers Team <installers@jfrog.com>" | ||
| description: "The postgres role will install Postgresql software and configure a database and user to support an Artifactory or Xray server." | ||
| company: JFrog | ||
| issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues" | ||
| license: license (Apache-2.0) | ||
| min_ansible_version: 2.9 | ||
| platforms: | ||
| - name: EL | ||
| versions: | ||
| - 7 | ||
| - 8 | ||
| - name: Ubuntu | ||
| versions: | ||
| - bionic | ||
| - focal | ||
| - jammy | ||
| - name: Debian | ||
| versions: | ||
| - buster | ||
| - bullseye | ||
| galaxy_tags: | ||
| - postgres | ||
| - jfrog | ||
| --- | ||
| dependencies: [] | ||
|
|
||
| galaxy_info: | ||
| author: "JFrog Maintainers Team <installers@jfrog.com>" | ||
| description: "The postgres role will install Postgresql software and configure a database and user to support an Artifactory or Xray server." | ||
| company: JFrog | ||
| issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues" | ||
| license: 'license (Apache-2.0)' | ||
| min_ansible_version: '2.9' | ||
| platforms: | ||
| - name: EL | ||
| versions: | ||
| - '8' | ||
| - '9' | ||
| - name: Ubuntu | ||
| versions: | ||
| - bionic | ||
| - focal | ||
| - jammy | ||
| - noble | ||
| - name: Debian | ||
| versions: | ||
| - buster | ||
| - bullseye | ||
| galaxy_tags: | ||
| - postgres | ||
| - jfrog |
Oops, something went wrong.