subspace 0.1.3 → 0.2.1

data/ansible/roles/zenoamaro.postgresql/tasks/configure.yml

@@ -0,0 +1,55 @@
+---
+
+- name: Create the necessary directories
+  sudo: yes
+  file:
+    dest: "{{item}}"
+    state: directory
+    owner: "{{postgresql_admin_user}}"
+    group: "{{postgresql_admin_group}}"
+  with_items:
+    - "{{postgresql_conf_directory}}"
+    - "{{postgresql_data_directory}}"
+    - "{{postgresql_runtime_directory}}"
+    - "{{postgresql_log_directory}}"
+  tags:
+    - postgresql
+    - db
+    - conf
+
+- name: Configure PostgreSQL
+  sudo: yes
+  template:
+    src: "{{item}}"
+    dest: "{{postgresql_conf_directory}}/{{item}}"
+  with_items:
+    - postgresql.conf
+    - pg_ctl.conf
+    - environment
+  notify: restart postgresql
+  tags:
+    - postgresql
+    - db
+    - conf
+
+- name: Configure PostgreSQL (authentication)
+  sudo: yes
+  template:
+    src: pg_hba.conf
+    dest: "{{postgresql_hba_file}}"
+  notify: restart postgresql
+  tags:
+    - postgresql
+    - db
+    - conf
+
+- name: Configure PostgreSQL (ident)
+  sudo: yes
+  template:
+    src: pg_ident.conf
+    dest: "{{postgresql_ident_file}}"
+  notify: restart postgresql
+  tags:
+    - postgresql
+    - db
+    - conf

data/ansible/roles/zenoamaro.postgresql/tasks/extensions.yml

@@ -0,0 +1,49 @@
+---
+
+
+# Development headers and libraries
+# ---------------------------------
+
+- name: Install development headers
+  when: postgresql_dev_headers == True
+  sudo: yes
+  apt:
+    name: libpq-dev
+  tags:
+    - postgresql
+    - db
+    - deps
+    - dev
+
+
+# Contributed extensions
+# ----------------------
+
+- name: Install PostgreSQL contribs
+  when: postgresql_contrib
+  sudo: yes
+  apt:
+    name: "postgresql-contrib-{{postgresql_version}}"
+  notify: restart postgresql
+  tags:
+    - postgresql
+    - db
+    - deps
+
+
+# PostGIS
+# -------
+
+- name: Add postgis extensions
+  when: postgresql_postgis
+  sudo: yes
+  apt:
+    name: "{{item}}"
+  with_items:
+    - "postgresql-{{postgresql_version}}-postgis-{{postgresql_postgis_version}}"
+    - libgeos-c1
+  notify: restart postgresql
+  tags:
+    - postgresql
+    - db
+    - deps

data/ansible/roles/zenoamaro.postgresql/tasks/install.yml

@@ -0,0 +1,51 @@
+---
+
+# Official PostgreSQL [repository] for debian-based distributions
+# [repository]: http://www.postgresql.org/download/
+
+- name: Adding APT repository key
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt_key:
+    id: ACCC4CF8
+    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
+  tags:
+    - postgresql
+    - db
+    - repo
+
+- name: Add PostgreSQL official APT repository
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt_repository:
+    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
+  tags:
+    - postgresql
+    - db
+    - repo
+
+- name: Install PostgreSQL
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt:
+    name: "postgresql-{{postgresql_version}}"
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+  tags:
+    - postgresql
+    - db
+    - deps
+
+- name: Install dependencies for the Ansible module
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt:
+    name: "{{item}}"
+    state: latest
+  with_items:
+    - python-psycopg2
+  tags:
+    - postgresql
+    - db
+    - deps

data/ansible/roles/zenoamaro.postgresql/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+
+- include: install.yml
+- include: extensions.yml
+- include: configure.yml

data/ansible/roles/zenoamaro.postgresql/templates/environment

@@ -0,0 +1,11 @@
+# environment variables for postmaster process
+# This file has the same syntax as postgresql.conf:
+#  VARIABLE = simple_value
+#  VARIABLE2 = 'any value!'
+# I. e. you need to enclose any value which does not only consist of letters,
+# numbers, and '-', '_', '.' in single quotes. Shell commands are not
+# evaluated.
+
+{% if postgresql_env %}{% for k,v in postgresql_env.items() %}
+{{k}} = {{v}}
+{% endfor %}{% endif %}

data/ansible/roles/zenoamaro.postgresql/templates/pg_ctl.conf

@@ -0,0 +1,5 @@
+# Automatic pg_ctl configuration
+# This configuration file contains cluster specific options to be passed to
+# pg_ctl(1).
+
+pg_ctl_options = '{{ postgresql_pg_ctl_options|join(' ')|replace('\'', '\\\'') }}'

data/ansible/roles/zenoamaro.postgresql/templates/pg_hba.conf

@@ -0,0 +1,112 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file.  A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain
+# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
+# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
+# plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof. The "all"
+# keyword does not match "replication". Access to replication
+# must be enabled in a separate record (see example below).
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# ADDRESS specifies the set of hosts the record matches.  It can be a
+# host name, or it is made up of an IP address and a CIDR mask that is
+# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
+# specifies the number of significant bits in the mask.  A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
+# Alternatively, you can write an IP address and netmask in separate
+# columns to specify the set of hosts.  Instead of a CIDR-address, you
+# can write "samehost" to match any of the server's own IP addresses,
+# or "samenet" to match any address in any subnet that the server is
+# directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
+# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
+# "password" sends passwords in clear text; "md5" is preferred since
+# it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE.  The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted.  Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records.  In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+
+# TYPE  DATABASE  USER  ADDRESS  METHOD
+
+{% for auth in postgresql_authentication %}
+{{auth.type}}    {% if 'database' not in auth %}
+samerole{% elif auth.database is string %}
+{{auth.database}}{% elif auth.database is sequence %}
+{{auth.database|join(',')}}{% endif %}    {{auth.user}}    {{auth.address|default('')}}    {{auth.method}}    {% if 'options' in auth %} {% for k,v in auth.options.items() %}
+{{k}}={{v}} {% endfor %}{% endif %}
+
+{% endfor %}
+
+
+# DO NOT DISABLE!
+# If you change this first entry you will need to make sure that the
+# database superuser can access the database using some other method.
+# Noninteractive access to all databases is required during automatic
+# maintenance (custom daily cronjobs, replication, and similar tasks).
+#
+# Database administrative login by Unix domain socket
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+local   all             {{postgresql_admin_user|default('postgres')}}                                peer
+
+# "local" is for Unix domain socket connections only
+local   all             all                                     peer
+
+# IPv4 local connections:
+host    all             all             127.0.0.1/32            md5
+
+# IPv6 local connections:
+host    all             all             ::1/128                 md5
+
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+#local   replication     postgres                                peer
+#host    replication     postgres        127.0.0.1/32            md5
+#host    replication     postgres        ::1/128                 md5

data/ansible/roles/zenoamaro.postgresql/templates/pg_ident.conf

@@ -0,0 +1,46 @@
+# PostgreSQL User Name Maps
+# =========================
+#
+# Refer to the PostgreSQL documentation, chapter "Client
+# Authentication" for a complete description.  A short synopsis
+# follows.
+#
+# This file controls PostgreSQL user name mapping.  It maps external
+# user names to their corresponding PostgreSQL user names.  Records
+# are of the form:
+#
+# MAPNAME  SYSTEM-USERNAME  PG-USERNAME
+#
+# (The uppercase quantities must be replaced by actual values.)
+#
+# MAPNAME is the (otherwise freely chosen) map name that was used in
+# pg_hba.conf.  SYSTEM-USERNAME is the detected user name of the
+# client.  PG-USERNAME is the requested PostgreSQL user name.  The
+# existence of a record specifies that SYSTEM-USERNAME may connect as
+# PG-USERNAME.
+#
+# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
+# regular expression.  Optionally this can contain a capture (a
+# parenthesized subexpression).  The substring matching the capture
+# will be substituted for \1 (backslash-one) if present in
+# PG-USERNAME.
+#
+# Multiple maps may be specified in this file and used by pg_hba.conf.
+#
+# No map names are defined in the default configuration.  If all
+# system user names and PostgreSQL user names are the same, you don't
+# need anything in this file.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+
+# MAPNAME       SYSTEM-USERNAME         PG-USERNAME
+
+{% for mapping in postgresql_user_map %}
+{{mapping.name}} {{mapping.user}} {{mapping.pg_user}}
+{% endfor %}