Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added the functionality of assigning roles to users and few improvements #439

Merged
merged 9 commits into from
Aug 17, 2023
Merged

Added the functionality of assigning roles to users and few improvements #439

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
55839d4
deploy-finish : PostgreSQL list of users with roles
Aug 10, 2023
190e129
feature to grant roles to users
Aug 10, 2023
532dd1b
show info summary after config_pgcluster.yml
Aug 17, 2023
a3b1e34
user role example
Aug 17, 2023
6cd16ed
lint
Aug 17, 2023
eb22428
Update roles/deploy-finish/tasks/main.yml
sgremyachikh Aug 17, 2023
6580295
Update roles/postgresql-users/tasks/main.yml
sgremyachikh Aug 17, 2023
a079977
Update roles/postgresql-users/tasks/main.yml
sgremyachikh Aug 17, 2023
e8a9ae4
deploy-finish: change the order of information tasks
vitabaks Aug 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions config_pgcluster.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,3 +323,17 @@
- pg_pending_restart_settings | length > 0
tags:
- patroni_conf

- name: config_pgcluster.yml | PostgreSQL Cluster Info
hosts: postgres_cluster
become: true
become_method: sudo
gather_facts: true
any_errors_fatal: true
vars_files:
- vars/main.yml
- vars/system.yml

roles:
# finish (info)
- role: deploy-finish
38 changes: 30 additions & 8 deletions roles/deploy-finish/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,26 @@
- name: Make sure handlers are flushed immediately
ansible.builtin.meta: flush_handlers

# users info
- block:
- name: Check postgresql cluster health
- name: Get postgresql users list
run_once: true
become: true
become_user: postgres
ansible.builtin.command: patronictl -c /etc/patroni/patroni.yml list
register: patronictl_result
environment:
PATH: "{{ ansible_env.PATH }}:/usr/bin:/usr/local/bin"
ansible.builtin.command:
"{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -c\"\\du\""
register: users_result
delegate_to: "{{ groups.master[0] }}"
changed_when: false

- name: PostgreSQL Cluster health
- name: PostgreSQL list of users
run_once: true
ansible.builtin.debug:
var: patronictl_result.stdout_lines
var: users_result.stdout_lines
ignore_errors: true
tags: patroni_status, cluster_info, cluster_status, point_in_time_recovery
tags: users, users_list, cluster_info, cluster_status, point_in_time_recovery

# databases info
- block:
- name: Get postgresql database list
run_once: true
Expand Down Expand Up @@ -59,6 +61,26 @@
ignore_errors: true
tags: databases, db_list, cluster_info, cluster_status, point_in_time_recovery

# cluster info
- block:
- name: Check postgresql cluster health
run_once: true
become: true
become_user: postgres
ansible.builtin.command: patronictl -c /etc/patroni/patroni.yml list
register: patronictl_result
environment:
PATH: "{{ ansible_env.PATH }}:/usr/bin:/usr/local/bin"
changed_when: false

- name: PostgreSQL Cluster health
run_once: true
ansible.builtin.debug:
var: patronictl_result.stdout_lines
ignore_errors: true
tags: patroni_status, cluster_info, cluster_status, point_in_time_recovery

# connection info
- block: # if cluster_vip is defined
- name: PostgreSQL Cluster connection info
run_once: true
Expand Down
19 changes: 19 additions & 0 deletions roles/postgresql-users/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,23 @@
when: postgresql_users is defined and postgresql_users | length > 0
tags: postgresql_users

- name: Grant roles to users
community.postgresql.postgresql_membership:
group: "{{ item.role | default('') }}"
target_role: "{{ item.name }}"
login_host: "127.0.0.1"
login_port: "{{ postgresql_port }}"
login_user: "{{ patroni_superuser_username }}"
login_password: "{{ patroni_superuser_password }}"
state: present
ignore_errors: true
loop: "{{ postgresql_users | flatten(1) }}"
loop_control:
label: "{{ item.name }}"
when:
- postgresql_users is defined
- postgresql_users | length > 0
- item.role | default('') | length > 0
tags: postgresql_users

...
3 changes: 2 additions & 1 deletion vars/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,8 @@ postgresql_password_encryption_algorithm: "scram-sha-256" # or "md5" if your cl

# (optional) list of users to be created (if not already exists)
postgresql_users:
- { name: "{{ pgbouncer_auth_username }}", password: "{{ pgbouncer_auth_password }}", flags: "LOGIN" }
- { name: "{{ pgbouncer_auth_username }}", password: "{{ pgbouncer_auth_password }}", flags: "LOGIN", role: "" }
# - { name: "monitoring_auth_username", password: "monitoring_user_password", flags: "LOGIN", role: "pg_monitor" } # monitoring Service Account
# - { name: "mydb-user", password: "mydb-user-pass", flags: "SUPERUSER" }
# - { name: "", password: "", flags: "NOSUPERUSER" }
# - { name: "", password: "", flags: "NOSUPERUSER" }
Expand Down