-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathpostgresql.yml
94 lines (83 loc) · 2.81 KB
/
postgresql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
---
- name: ensure database service is up
service:
name: postgresql
state: started
become: true
- name: allow users to connect locally
become: true
lineinfile:
# TODO: should not hardcode that version
dest: /etc/postgresql/9.5/main/pg_hba.conf
regexp: '^host\s+all\s+all\s+127.0.0.1/32'
line: 'host all all 127.0.0.1/32 md5'
backrefs: yes
register: pg_hba_conf
- service:
name: postgresql
state: restarted
become: true
when: pg_hba_conf.changed
# FIXME: flag/option needed
# this is a bit of chicken-or-egg problem. If the user for the app does
# exist but we failed to set the password in both postgresql and the python
# config file then we will fail to reset it next time around. This would
# leave the app without the access to the database.
- name: generate pseudo-random password for the database connection
shell: python -c "exec 'import os; print os.urandom(30).encode(\'base64\')[:${length}]'"
register: db_password
changed_when: false
- name: Make {{ app_name }} user
postgresql_user:
name: "{{ app_name }}"
password: "{{ db_password.stdout }}"
role_attr_flags: SUPERUSER
login_user: postgres
become_user: postgres
become: true
- name: Make {{ app_name }} database
postgresql_db:
name: "{{ app_name }}"
owner: "{{ app_name }}"
state: present
login_user: postgres
become_user: postgres
become: true
- name: ensure database service is up
service:
name: postgresql
state: started
become: true
- name: create the prod_db config file with the db password
template:
src: ../templates/prod_db.py.j2
dest: "{{ app_home }}/src/{{ app_name }}/prod_db.py"
notify:
- restart app
- name: write a .pgpass file so we can back up the db
lineinfile:
path: "/home/{{ ansible_ssh_user }}/.pgpass"
owner: "{{ ansible_ssh_user }}"
group: "{{ ansible_ssh_user }}"
mode: 0600
create: yes
state: present
line: '127.0.0.1:5432:{{ app_name }}:{{ app_name }}:{{ db_password.stdout }}'
# this needs to be here because it needs the new db password
- name: create the prod alembic.ini file
template:
src: ../templates/alembic-prod.ini.j2
dest: "{{ app_home }}/src/{{ app_name }}/alembic-prod.ini"
- name: check if database for app needs populating
# this should be configurable/optional in the playbook
command: psql -t chacra -c "SELECT COUNT(*) FROM projects;"
become_user: postgres
become: true
register: database_is_populated
ignore_errors: true
changed_when: "database_is_populated.rc != 0"
- name: populate the database for {{ app_name }}
when: "database_is_populated.rc == 1"
command: "{{ app_home }}/bin/pecan populate {{ app_home }}/src/{{ app_name }}/prod.py"
environment:
ALEMBIC_CONFIG: "{{ app_home }}/src/{{ app_name }}/alembic-prod.ini"