From 55839d4cb2608b57f5c9cbb7fd405d97aad4caeb Mon Sep 17 00:00:00 2001 From: svetozar gremiachikh Date: Thu, 10 Aug 2023 17:06:19 +0300 Subject: [PATCH 1/9] deploy-finish : PostgreSQL list of users with roles --- roles/deploy-finish/tasks/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/deploy-finish/tasks/main.yml b/roles/deploy-finish/tasks/main.yml index 230e0d6b2..e3756a3f3 100644 --- a/roles/deploy-finish/tasks/main.yml +++ b/roles/deploy-finish/tasks/main.yml @@ -59,6 +59,24 @@ ignore_errors: true tags: databases, db_list, cluster_info, cluster_status, point_in_time_recovery +- block: + - name: Get postgresql users list + run_once: true + become: true + become_user: postgres + ansible.builtin.command: + "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -c\"\\du\"" + register: users_result + delegate_to: "{{ groups.master[0] }}" + changed_when: false + + - name: PostgreSQL list of users + run_once: true + ansible.builtin.debug: + var: users_result.stdout_lines + ignore_errors: true + tags: databases, db_list, cluster_info, cluster_status, point_in_time_recovery + - block: # if cluster_vip is defined - name: PostgreSQL Cluster connection info run_once: true From 190e129d81923e013e1e4392db64317e5840a6ac Mon Sep 17 00:00:00 2001 From: svetozar gremiachikh Date: Thu, 10 Aug 2023 17:06:38 +0300 Subject: [PATCH 2/9] feature to grant roles to users --- roles/postgresql-users/tasks/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/postgresql-users/tasks/main.yml b/roles/postgresql-users/tasks/main.yml index 76c8b4869..000d0975f 100644 --- a/roles/postgresql-users/tasks/main.yml +++ b/roles/postgresql-users/tasks/main.yml @@ -21,4 +21,20 @@ when: postgresql_users is defined and postgresql_users | length > 0 tags: postgresql_users +- name: Grant roles to users + community.postgresql.postgresql_membership: + group: "{{ item.role }}" + target_role: "{{ item.name }}" + login_host: "127.0.0.1" + login_port: "{{ postgresql_port }}" + login_user: "{{ patroni_superuser_username }}" + login_password: "{{ patroni_superuser_password }}" + state: present + ignore_errors: true + loop: "{{ postgresql_users | flatten(1) }}" + loop_control: + label: "{{ item.name }}" + when: postgresql_users is defined and postgresql_users | length > 0 + tags: postgresql_users + ... From 532dd1bac91913dd8f97f18b5700e607aef8cebb Mon Sep 17 00:00:00 2001 From: svetozar gremiachikh Date: Thu, 17 Aug 2023 15:17:31 +0300 Subject: [PATCH 3/9] show info summary after config_pgcluster.yml --- config_pgcluster.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/config_pgcluster.yml b/config_pgcluster.yml index d6a379bdb..c159beb6a 100644 --- a/config_pgcluster.yml +++ b/config_pgcluster.yml @@ -323,3 +323,17 @@ - pg_pending_restart_settings | length > 0 tags: - patroni_conf + +- name: config_pgcluster.yml | PostgreSQL Cluster Info + hosts: postgres_cluster + become: true + become_method: sudo + gather_facts: true + any_errors_fatal: true + vars_files: + - vars/main.yml + - vars/system.yml + + roles: + # finish (info) + - role: deploy-finish \ No newline at end of file From a3b1e3499f722e6e0f7d9823b907c678a9f6e70a Mon Sep 17 00:00:00 2001 From: svetozar gremiachikh Date: Thu, 17 Aug 2023 16:48:12 +0300 Subject: [PATCH 4/9] user role example --- vars/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/main.yml b/vars/main.yml index 13b1dde65..7a17801f4 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -140,7 +140,8 @@ postgresql_password_encryption_algorithm: "scram-sha-256" # or "md5" if your cl # (optional) list of users to be created (if not already exists) postgresql_users: - - { name: "{{ pgbouncer_auth_username }}", password: "{{ pgbouncer_auth_password }}", flags: "LOGIN" } + - { name: "{{ pgbouncer_auth_username }}", password: "{{ pgbouncer_auth_password }}", flags: "LOGIN", role: "" } +# - { name: "monitoring_auth_username", password: "monitoring_user_password", flags: "LOGIN", role: "pg_monitor" } # monitoring Service Account # - { name: "mydb-user", password: "mydb-user-pass", flags: "SUPERUSER" } # - { name: "", password: "", flags: "NOSUPERUSER" } # - { name: "", password: "", flags: "NOSUPERUSER" } From 6cd16edb55d8e4c83488c78ad8e484d46908fdcf Mon Sep 17 00:00:00 2001 From: svetozar gremiachikh Date: Thu, 17 Aug 2023 17:11:23 +0300 Subject: [PATCH 5/9] lint --- config_pgcluster.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config_pgcluster.yml b/config_pgcluster.yml index c159beb6a..a5cd2881d 100644 --- a/config_pgcluster.yml +++ b/config_pgcluster.yml @@ -336,4 +336,4 @@ roles: # finish (info) - - role: deploy-finish \ No newline at end of file + - role: deploy-finish From eb22428f79f9869911fbfaee9b08aa356cf8941f Mon Sep 17 00:00:00 2001 From: sgremyachikh <54742172+sgremyachikh@users.noreply.github.com> Date: Thu, 17 Aug 2023 17:22:03 +0300 Subject: [PATCH 6/9] Update roles/deploy-finish/tasks/main.yml Co-authored-by: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> --- roles/deploy-finish/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/deploy-finish/tasks/main.yml b/roles/deploy-finish/tasks/main.yml index e3756a3f3..2b6a5c606 100644 --- a/roles/deploy-finish/tasks/main.yml +++ b/roles/deploy-finish/tasks/main.yml @@ -75,7 +75,7 @@ ansible.builtin.debug: var: users_result.stdout_lines ignore_errors: true - tags: databases, db_list, cluster_info, cluster_status, point_in_time_recovery + tags: users, users_list, cluster_info, cluster_status, point_in_time_recovery - block: # if cluster_vip is defined - name: PostgreSQL Cluster connection info From 6580295d6d21a8e599f5eb0910a2aca527e0cecd Mon Sep 17 00:00:00 2001 From: sgremyachikh <54742172+sgremyachikh@users.noreply.github.com> Date: Thu, 17 Aug 2023 17:26:31 +0300 Subject: [PATCH 7/9] Update roles/postgresql-users/tasks/main.yml Co-authored-by: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> --- roles/postgresql-users/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql-users/tasks/main.yml b/roles/postgresql-users/tasks/main.yml index 000d0975f..376440945 100644 --- a/roles/postgresql-users/tasks/main.yml +++ b/roles/postgresql-users/tasks/main.yml @@ -23,7 +23,7 @@ - name: Grant roles to users community.postgresql.postgresql_membership: - group: "{{ item.role }}" + group: "{{ item.role | default('') }}" target_role: "{{ item.name }}" login_host: "127.0.0.1" login_port: "{{ postgresql_port }}" From a079977bc807f28836964dd18899f71fa41a862a Mon Sep 17 00:00:00 2001 From: sgremyachikh <54742172+sgremyachikh@users.noreply.github.com> Date: Thu, 17 Aug 2023 17:27:50 +0300 Subject: [PATCH 8/9] Update roles/postgresql-users/tasks/main.yml Co-authored-by: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> --- roles/postgresql-users/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/postgresql-users/tasks/main.yml b/roles/postgresql-users/tasks/main.yml index 376440945..c9e47bce0 100644 --- a/roles/postgresql-users/tasks/main.yml +++ b/roles/postgresql-users/tasks/main.yml @@ -34,7 +34,10 @@ loop: "{{ postgresql_users | flatten(1) }}" loop_control: label: "{{ item.name }}" - when: postgresql_users is defined and postgresql_users | length > 0 + when: + - postgresql_users is defined + - postgresql_users | length > 0 + - item.role | default('') | length > 0 tags: postgresql_users ... From e8a9ae430307c4ed4e9815d0d3c8f34271fbd7e3 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Thu, 17 Aug 2023 17:58:18 +0300 Subject: [PATCH 9/9] deploy-finish: change the order of information tasks --- roles/deploy-finish/tasks/main.yml | 36 +++++++++++++++++------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/roles/deploy-finish/tasks/main.yml b/roles/deploy-finish/tasks/main.yml index 2b6a5c606..2819a725e 100644 --- a/roles/deploy-finish/tasks/main.yml +++ b/roles/deploy-finish/tasks/main.yml @@ -3,24 +3,26 @@ - name: Make sure handlers are flushed immediately ansible.builtin.meta: flush_handlers +# users info - block: - - name: Check postgresql cluster health + - name: Get postgresql users list run_once: true become: true become_user: postgres - ansible.builtin.command: patronictl -c /etc/patroni/patroni.yml list - register: patronictl_result - environment: - PATH: "{{ ansible_env.PATH }}:/usr/bin:/usr/local/bin" + ansible.builtin.command: + "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -c\"\\du\"" + register: users_result + delegate_to: "{{ groups.master[0] }}" changed_when: false - - name: PostgreSQL Cluster health + - name: PostgreSQL list of users run_once: true ansible.builtin.debug: - var: patronictl_result.stdout_lines + var: users_result.stdout_lines ignore_errors: true - tags: patroni_status, cluster_info, cluster_status, point_in_time_recovery + tags: users, users_list, cluster_info, cluster_status, point_in_time_recovery +# databases info - block: - name: Get postgresql database list run_once: true @@ -59,24 +61,26 @@ ignore_errors: true tags: databases, db_list, cluster_info, cluster_status, point_in_time_recovery +# cluster info - block: - - name: Get postgresql users list + - name: Check postgresql cluster health run_once: true become: true become_user: postgres - ansible.builtin.command: - "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -c\"\\du\"" - register: users_result - delegate_to: "{{ groups.master[0] }}" + ansible.builtin.command: patronictl -c /etc/patroni/patroni.yml list + register: patronictl_result + environment: + PATH: "{{ ansible_env.PATH }}:/usr/bin:/usr/local/bin" changed_when: false - - name: PostgreSQL list of users + - name: PostgreSQL Cluster health run_once: true ansible.builtin.debug: - var: users_result.stdout_lines + var: patronictl_result.stdout_lines ignore_errors: true - tags: users, users_list, cluster_info, cluster_status, point_in_time_recovery + tags: patroni_status, cluster_info, cluster_status, point_in_time_recovery +# connection info - block: # if cluster_vip is defined - name: PostgreSQL Cluster connection info run_once: true