veza/ansible/roles/postgres/tasks/main.yml

---
# file: roles/postgres/tasks/main.yml

- name: "postgresql-common"
  apt:
    name:
      - "postgresql-common"
    update_cache: true
  when: not ansible_check_mode
  tags: postgres

- name: "disable cluster auto creation"
  lineinfile:
    path: "/etc/postgresql-common/createcluster.conf"
    line: "create_main_cluster = false"
    regexp: '^create_main_cluster'
    insertafter: '^#create_main_cluster '
  tags: postgres

- name: "set default collation for cluster creation"
  lineinfile:
    path: "/etc/postgresql-common/createcluster.conf"
    line: "initdb_options = '--locale={{ pg_default_encoding | default('en_US.UTF-8') }}'"
    regexp: '^initdb_options'
    insertafter: '^#initdb_options '
  tags: postgres

- name: "postgresql packages and prerequisites"
  apt:
    name:
      - "postgresql-{{ pg_version }}"
      - "postgresql-contrib-{{ pg_version }}"
      - "python3-psycopg2"
      - "sshpass"
  when: not ansible_check_mode
  tags: postgres

- name: "determine the file system used for {{ pg_data_directory }}"
  shell: "grep \"$(df -h {{ pg_data_directory }} | awk '{ print $6 }' | grep /) \" /proc/mounts | awk '{ print $3 }'"
  register: file_system
  changed_when: false
  check_mode: no
  tags:
    - postgres
    - zfs

- name: "Check if pg cluster exists"
  stat:
    path: "{{ pg_data_directory }}"
  register: pg_cluster_exists
  tags: postgres

- name: "postgresql create cluster {{ pg_version }} {{ pg_cluster_name }}"
  command:
    cmd: "/usr/bin/pg_createcluster {{ pg_version }} {{ pg_cluster_name }}"
  when: not pg_cluster_exists.stat.exists
  tags: postgres

- name: "configuration files"
  import_tasks: configuration.yml
  tags:
    - postgres
    - pg_hba

- name: "import_tasks: zfs.yml"
  import_tasks: zfs.yml
  when: file_system.stdout == "zfs"
  tags:
    - postgres
    - zfs

- name: "replica configuration: recovery.conf"
  import_tasks: replica.yml
  when: pg_replication_role == "replica"
  tags: postgres

- name: "{{ pg_data_directory }}/recovery.signal"
  file:
    owner: postgres
    group: postgres
    mode: 0600
    path: "{{ pg_data_directory }}/recovery.signal"
    state: touch
    access_time: preserve
    modification_time: preserve
  when:
    - pg_version is version('12', '>=')
    - pg_recovery
  tags: postgres

- name: "make sure postgres is started (some version do not start after installation!)"
  systemd:
    name: "postgresql@{{ pg_version }}-{{ pg_cluster_name }}.service"
    state: started
  when: ansible_service_mgr == "systemd"
  tags: postgres

- name: "handle physical replication slots"
  become: true
  become_user: postgres
  become_method: sudo
  postgresql_slot:
     slot_type: physical
     name: "{{ item }}"
     db: postgres
  loop: "{{ pg_replication_slot_list }}"
  when:
    - pg_replication
    - pg_replication_slot_list is defined
    - pg_replication_role != "replica"
  tags: postgres

- name: "handle physical replication slots on the replica"
  become: true
  become_user: postgres
  become_method: sudo
  postgresql_slot:
     slot_type: physical
     name: "{{ item }}"
     db: postgres
  loop: "{{ pg_replication_slot_list_replica }}"
  when:
    - pg_replication
    - pg_replication_slot_list_replica is defined
    - pg_replication_role == "replica"
  tags: postgres

- name: "remove physical replication slots if needed"
  become: true
  become_user: postgres
  become_method: sudo
  postgresql_slot:
     slot_type: physical
     name: "{{ item }}"
     db: postgres
     state: absent
  loop: "{{ pg_replication_slot_to_remove }}"
  when: pg_replication_slot_to_remove is defined
  tags: postgres

- name: "use scram passwords everywhere"
  set_fact:
    pg_role_options: "-c password_encryption=scram-sha-256"
  when:
    - not pg_md5
  tags: postgres

- name: "handle users"
  include_tasks: users.yml
  when:
    - pg_replication_role != "replica"
    - pg_users is defined
  loop: "{{ pg_users }}"
  loop_control:
    loop_var: user
  tags: postgres

- name: "handle databases"
  import_tasks: databases.yml
  when:
    - pg_databases is defined
    - pg_replication_role != "replica"
  tags: postgres

- name: "role privs"
  become: True
  become_user: postgres
  become_method: sudo
  postgresql_privs:
    role: "{{ user.name }}"
    db: "{{ user.db | default('postgres') }}"
    privs: "{{ user.priv }}"
    objs: "{{ user.objs | default('ALL_IN_SCHEMA')}}"
  when: user.priv is defined
  loop: "{{ pg_users }}"
  loop_control:
    loop_var: user
  tags: postgres

- name: "get stats of a file"
  ansible.builtin.stat:
    path: "/usr/share/postgresql/{{ pg_version }}/extension/pg_rrule.control"
  when:
    - pg_extensions is defined
    - "'pg_rrule' in pg_extensions"
  register: pg_rrule_installed
  tags: postgres

- name: "import pg_rrule extansion build tasks"
  import_tasks: build_pg_rrule.yml
  when:
    - pg_extensions is defined
    - "'pg_rrule' in pg_extensions"
    - not pg_rrule_installed.stat.exists
  tags: postgres

- name: "postgres extension"
  become: true
  become_user: postgres
  become_method: sudo
  postgresql_ext:
    name: "{{ item }}"
    db: template1
  with_items: "{{ pg_extensions }}"
  when:
    - pg_extensions is defined
    - pg_replication_role != "replica"
  tags: postgres

- name: "include_tasks: pg_backup_service.yml"
  include_tasks: pg_backup_service.yml
  when: pg_backup_service
  tags:
    - scripts
    - postgres

- name: "check if the folder /etc/zabbix/zabbix_agentd.conf.d exists"
  stat:
    path: "/etc/zabbix/zabbix_agentd.conf.d"
  register: zabbix_folder
  tags:
    - postgres
    - zabbix

- name: "import_tasks: zabbix.yml"
  import_tasks: zabbix.yml
  when: zabbix_folder.stat.exists
  tags:
    - postgres
    - zabbix
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`---`
			`# file: roles/postgres/tasks/main.yml`

			`- name: "postgresql-common"`
			`apt:`
			`name:`
			`- "postgresql-common"`
			`update_cache: true`
			`when: not ansible_check_mode`
			`tags: postgres`

			`- name: "disable cluster auto creation"`
			`lineinfile:`
			`path: "/etc/postgresql-common/createcluster.conf"`
			`line: "create_main_cluster = false"`
			`regexp: '^create_main_cluster'`
			`insertafter: '^#create_main_cluster '`
			`tags: postgres`

			`- name: "set default collation for cluster creation"`
			`lineinfile:`
			`path: "/etc/postgresql-common/createcluster.conf"`
			`line: "initdb_options = '--locale={{ pg_default_encoding \| default('en_US.UTF-8') }}'"`
			`regexp: '^initdb_options'`
			`insertafter: '^#initdb_options '`
			`tags: postgres`

			`- name: "postgresql packages and prerequisites"`
			`apt:`
			`name:`
			`- "postgresql-{{ pg_version }}"`
			`- "postgresql-contrib-{{ pg_version }}"`
			`- "python3-psycopg2"`
			`- "sshpass"`
			`when: not ansible_check_mode`
			`tags: postgres`

			`- name: "determine the file system used for {{ pg_data_directory }}"`
			`shell: "grep \"$(df -h {{ pg_data_directory }} \| awk '{ print $6 }' \| grep /) \" /proc/mounts \| awk '{ print $3 }'"`
			`register: file_system`
			`changed_when: false`
			`check_mode: no`
			`tags:`
			`- postgres`
			`- zfs`

			`- name: "Check if pg cluster exists"`
			`stat:`
			`path: "{{ pg_data_directory }}"`
			`register: pg_cluster_exists`
			`tags: postgres`

			`- name: "postgresql create cluster {{ pg_version }} {{ pg_cluster_name }}"`
			`command:`
			`cmd: "/usr/bin/pg_createcluster {{ pg_version }} {{ pg_cluster_name }}"`
			`when: not pg_cluster_exists.stat.exists`
			`tags: postgres`

			`- name: "configuration files"`
			`import_tasks: configuration.yml`
			`tags:`
			`- postgres`
			`- pg_hba`

			`- name: "import_tasks: zfs.yml"`
			`import_tasks: zfs.yml`
			`when: file_system.stdout == "zfs"`
			`tags:`
			`- postgres`
			`- zfs`

			`- name: "replica configuration: recovery.conf"`
			`import_tasks: replica.yml`
			`when: pg_replication_role == "replica"`
			`tags: postgres`

			`- name: "{{ pg_data_directory }}/recovery.signal"`
			`file:`
			`owner: postgres`
			`group: postgres`
			`mode: 0600`
			`path: "{{ pg_data_directory }}/recovery.signal"`
			`state: touch`
			`access_time: preserve`
			`modification_time: preserve`
			`when:`
			`- pg_version is version('12', '>=')`
			`- pg_recovery`
			`tags: postgres`

			`- name: "make sure postgres is started (some version do not start after installation!)"`
			`systemd:`
			`name: "postgresql@{{ pg_version }}-{{ pg_cluster_name }}.service"`
			`state: started`
			`when: ansible_service_mgr == "systemd"`
			`tags: postgres`

			`- name: "handle physical replication slots"`
			`become: true`
			`become_user: postgres`
			`become_method: sudo`
			`postgresql_slot:`
			`slot_type: physical`
			`name: "{{ item }}"`
			`db: postgres`
			`loop: "{{ pg_replication_slot_list }}"`
			`when:`
			`- pg_replication`
			`- pg_replication_slot_list is defined`
			`- pg_replication_role != "replica"`
			`tags: postgres`

			`- name: "handle physical replication slots on the replica"`
			`become: true`
			`become_user: postgres`
			`become_method: sudo`
			`postgresql_slot:`
			`slot_type: physical`
			`name: "{{ item }}"`
			`db: postgres`
			`loop: "{{ pg_replication_slot_list_replica }}"`
			`when:`
			`- pg_replication`
			`- pg_replication_slot_list_replica is defined`
			`- pg_replication_role == "replica"`
			`tags: postgres`

			`- name: "remove physical replication slots if needed"`
			`become: true`
			`become_user: postgres`
			`become_method: sudo`
			`postgresql_slot:`
			`slot_type: physical`
			`name: "{{ item }}"`
			`db: postgres`
			`state: absent`
			`loop: "{{ pg_replication_slot_to_remove }}"`
			`when: pg_replication_slot_to_remove is defined`
			`tags: postgres`

			`- name: "use scram passwords everywhere"`
			`set_fact:`
			`pg_role_options: "-c password_encryption=scram-sha-256"`
			`when:`
			`- not pg_md5`
			`tags: postgres`

			`- name: "handle users"`
			`include_tasks: users.yml`
			`when:`
			`- pg_replication_role != "replica"`
			`- pg_users is defined`
			`loop: "{{ pg_users }}"`
			`loop_control:`
			`loop_var: user`
			`tags: postgres`

			`- name: "handle databases"`
			`import_tasks: databases.yml`
			`when:`
			`- pg_databases is defined`
			`- pg_replication_role != "replica"`
			`tags: postgres`

			`- name: "role privs"`
			`become: True`
			`become_user: postgres`
			`become_method: sudo`
			`postgresql_privs:`
			`role: "{{ user.name }}"`
			`db: "{{ user.db \| default('postgres') }}"`
			`privs: "{{ user.priv }}"`
			`objs: "{{ user.objs \| default('ALL_IN_SCHEMA')}}"`
			`when: user.priv is defined`
			`loop: "{{ pg_users }}"`
			`loop_control:`
			`loop_var: user`
			`tags: postgres`

			`- name: "get stats of a file"`
			`ansible.builtin.stat:`
			`path: "/usr/share/postgresql/{{ pg_version }}/extension/pg_rrule.control"`
			`when:`
			`- pg_extensions is defined`
			`- "'pg_rrule' in pg_extensions"`
			`register: pg_rrule_installed`
			`tags: postgres`

			`- name: "import pg_rrule extansion build tasks"`
			`import_tasks: build_pg_rrule.yml`
			`when:`
			`- pg_extensions is defined`
			`- "'pg_rrule' in pg_extensions"`
			`- not pg_rrule_installed.stat.exists`
			`tags: postgres`

			`- name: "postgres extension"`
			`become: true`
			`become_user: postgres`
			`become_method: sudo`
			`postgresql_ext:`
			`name: "{{ item }}"`
			`db: template1`
			`with_items: "{{ pg_extensions }}"`
			`when:`
			`- pg_extensions is defined`
			`- pg_replication_role != "replica"`
			`tags: postgres`

			`- name: "include_tasks: pg_backup_service.yml"`
			`include_tasks: pg_backup_service.yml`
			`when: pg_backup_service`
			`tags:`
			`- scripts`
			`- postgres`

			`- name: "check if the folder /etc/zabbix/zabbix_agentd.conf.d exists"`
			`stat:`
			`path: "/etc/zabbix/zabbix_agentd.conf.d"`
			`register: zabbix_folder`
			`tags:`
			`- postgres`
			`- zabbix`

			`- name: "import_tasks: zabbix.yml"`
			`import_tasks: zabbix.yml`
			`when: zabbix_folder.stat.exists`
			`tags:`
			`- postgres`
			`- zabbix`