From 838df872b86a42a361a54f26f98d2b20ea5dd4ed Mon Sep 17 00:00:00 2001 From: Waldemar Smirnow Date: Tue, 20 May 2025 02:16:21 +0200 Subject: [PATCH] Custom configuration options and server listen addresses It is now possible to customize PostgreSQL configuration with role vars. The listen_addresses configuration can be set as a separate variable. --- .github/workflows/molecule.yml | 2 +- README.md | 30 ++++++++++++++++++++++++++++-- defaults/main.yml | 3 +++ molecule/default/converge.yml | 17 +++++++++++++---- molecule/default/verify.yml | 31 +++++++++++++++++++++++++++++++ tasks/main.yml | 34 ++++++++++++++++++++++++++++++++++ 6 files changed, 110 insertions(+), 7 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 1ed464366..0803f28d8 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -17,6 +17,6 @@ jobs: run: pip3 install -r .dev_requirements.txt - name: Test playbook - run: molecule test -- -e opencast_postgresql_password=123 + run: molecule test env: PY_COLORS: '1' diff --git a/README.md b/README.md index 3fe74c5b2..7a85a25ea 100644 --- a/README.md +++ b/README.md @@ -20,14 +20,21 @@ Role Variables - `opencast_postgresql_version` - PostgreSQL major version to install (default: `12`) - Enables CentOS AppStream -- `opencast_postgresql_user:` +- `opencast_postgresql_user` - Database user to create (default: `opencast`) - `opencast_postgresql_password` - Databse password for user (_required_) - `opencast_postgresql_database` - Database name (default: `opencast`) +- `opencast_postgresql_listen_addresses` + - List of IP addresses the server should listen on (default: `["localhost"]`). + - Use `*` to listen on all IP addresses. + - For more information please consult PostgreSQL documentation for the configuration `listen_addresses` - `opencast_postgresql_connection_hosts` - - List of hosts allowed to connect to database (default: `[127.0.0.1/32, ::1/128]`) + - List of IP ranges allowed to connect to database (default: `[127.0.0.1/32, ::1/128]`) +- `opencast_postgresql_extra_configs` + - Additional server configurations as dictionary (default: `{}`) + - Please consult PostgreSQL documentation for available configurations Example Playbook @@ -42,3 +49,22 @@ Example of how to configure and use the role: - role: elan.opencast_postgresql opencast_postgresql_password: secret ``` + +More complex example with custom configurations and listening on all IP addresses is shown here: + +```yaml +- hosts: servers + become: true + roles: + - role: elan.opencast_postgresql + opencast_postgresql_password: secret + opencast_postgresql_extra_configs: + max_connections: 1000 # Increased value for production use + log_destination: "'syslog'" # Log to syslog + opencast_postgresql_listen_addresses: + - "*" # Listen on all IP addresses + opencast_postgresql_connection_hosts: + - "127.0.0.1/32" + - "::1/128" + - "10.10.10.1/24" # Clients IP range +``` diff --git a/defaults/main.yml b/defaults/main.yml index 74bd42ffc..d96d92408 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,9 @@ opencast_postgresql_version: 16 opencast_postgresql_user: opencast opencast_postgresql_database: opencast +opencast_postgresql_listen_addresses: + - "localhost" opencast_postgresql_connection_hosts: - 127.0.0.1/32 - ::1/128 +opencast_postgresql_extra_configs: {} diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 23b7512f6..296153b64 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,7 +1,16 @@ --- + - name: Converge hosts: all - tasks: - - name: "Include opencast_postgresql" - ansible.builtin.include_role: - name: elan.opencast_postgresql + roles: + - role: elan.opencast_postgresql + opencast_postgresql_password: secret + opencast_postgresql_extra_configs: + max_connections: 1000 # Increase value for production use + log_destination: "'syslog'" # Log to syslog + opencast_postgresql_listen_addresses: + - "*" # Listen on all IP addresses + opencast_postgresql_connection_hosts: + - "127.0.0.1/32" + - "::1/128" + - "10.10.10.1/24" # Clients IP range diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 39690b1ed..5e356913d 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -39,3 +39,34 @@ ansible.builtin.debug: msg: "PostgreSQL version on {{ inventory_hostname }} (Debian): {{ psql_version_debian.stdout }}" when: ansible_os_family == "Debian" + + - name: Find configuration file + ansible.builtin.set_fact: + config_file_dir: "{{ paths[ansible_os_family] }}" + vars: + paths: + RedHat: "/var/lib/pgsql/{{ opencast_postgresql_version }}/data" + Debian: "/etc/postgresql/{{ opencast_postgresql_version }}/main" + + - name: Read configuration file + ansible.builtin.slurp: + src: "{{ config_file_dir }}/postgresql.conf" + register: config_file + + - name: Test config set + ansible.builtin.assert: + that: + - '"listen_addresses = ''*''" in (config_file.content | b64decode)' + - '"max_connections = 1000" in (config_file.content | b64decode)' + - '"log_destination = ''syslog''" in (config_file.content | b64decode)' + + - name: Read pg_hba.conf configuration file + ansible.builtin.slurp: + src: "{{ config_file_dir }}/pg_hba.conf" + register: hba_config_file + + - name: Test config set + ansible.builtin.assert: + that: + - '"host all all 127.0.0.1/32 scram-sha-256" in (hba_config_file.content | b64decode)' + - '"host all all 10.10.10.1/24 scram-sha-256" in (hba_config_file.content | b64decode)' diff --git a/tasks/main.yml b/tasks/main.yml index f999592c4..ec35aac55 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -50,6 +50,23 @@ notify: Restart Postgresql On CentOS when: ansible_os_family == "RedHat" +- name: Set listen_addresses (CentOS/RHEL) + ansible.builtin.lineinfile: + path: "/var/lib/pgsql/{{ opencast_postgresql_version }}/data/postgresql.conf" + regexp: '#?\s*listen_addresses\s*=' + line: "listen_addresses = '{{ opencast_postgresql_listen_addresses | join(', ') }}'" + notify: Restart Postgresql On CentOS + when: ansible_os_family == "RedHat" + +- name: Set extra configs (CentOS/RHEL) + ansible.builtin.lineinfile: + path: "/var/lib/pgsql/{{ opencast_postgresql_version }}/data/postgresql.conf" + regexp: '#?\s*{{ item.key }}\s*=' + line: "{{ item.key }} = {{ item.value }}" + loop: "{{ opencast_postgresql_extra_configs | dict2items }}" + notify: Restart Postgresql On CentOS + when: ansible_os_family == "RedHat" + - name: Start and enable PostgreSQL (CentOS/RHEL) ansible.builtin.service: name: "postgresql-{{ opencast_postgresql_version }}" @@ -119,6 +136,23 @@ notify: Restart Postgresql On Debian/Ubuntu when: ansible_os_family == "Debian" +- name: Set listen_addresses (Debian/Ubuntu) + ansible.builtin.lineinfile: + path: "/etc/postgresql/{{ opencast_postgresql_version }}/main/postgresql.conf" + regexp: '#?\s*listen_addresses\s*=' + line: "listen_addresses = '{{ opencast_postgresql_listen_addresses | join(', ') }}'" + notify: Restart Postgresql On Debian/Ubuntu + when: ansible_os_family == "Debian" + +- name: Set extra configs (Debian/Ubuntu) + ansible.builtin.lineinfile: + path: "/etc/postgresql/{{ opencast_postgresql_version }}/main/postgresql.conf" + regexp: '#?\s*{{ item.key }}\s*=' + line: "{{ item.key }} = {{ item.value }}" + loop: "{{ opencast_postgresql_extra_configs | dict2items }}" + notify: Restart Postgresql On Debian/Ubuntu + when: ansible_os_family == "Debian" + - name: Ensure PostgreSQL is started and enabled (Debian/Ubuntu) ansible.builtin.service: name: postgresql