fuz/ansible
9
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

add roles

Browse Source
This commit is contained in:
J. Doe 2019-09-24 10:59:36 +02:00
parent f234c3b08f
commit b8296f4bee
56 changed files with 1157 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1 @@
roles/
.vagrant .vagrant

3
.gitmodules vendored
View File

@ -1,3 +0,0 @@
[submodule "roles/synapse"]
path = roles/synapse
url = https://gitlab.com/famedly/ansible/synapse

3
roles/geerlingguy.pip/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

29
roles/geerlingguy.pip/.travis.yml Normal file
View File

@ -0,0 +1,29 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: pip
matrix:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: fedora29
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: debian9
install:
# Install test dependencies.
- pip install molecule docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

20
roles/geerlingguy.pip/LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

76
roles/geerlingguy.pip/README.md Normal file
View File

@ -0,0 +1,76 @@
# Ansible Role: Pip (for Python)
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-pip.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-pip)
An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux.
## Requirements
On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
pip_package: python-pip
The name of the packge to install to get `pip` on the system. You can set to `python3-pip`, for example, when using Python 3 on Ubuntu.
pip_executable: pip
The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`.
pip_install_packages: []
A list of packages to install with pip. Examples below:
pip_install_packages:
# Specify names and versions.
- name: docker
version: "1.2.3"
- name: awscli
version: "1.11.91"
# Or specify bare packages to get the latest release.
- docker
- awscli
# Or uninstall a package.
- name: docker
state: absent
# Or update a package ot the latest version.
- name: docker
state: latest
# Or force a reinstall.
- name: docker
state: forcereinstall
# Or install a package in a particular virtualenv.
- name: docker
virtualenv: /my_app/venv
## Dependencies
None.
## Example Playbook
- hosts: all
vars:
pip_install_packages:
- name: docker
- name: awscli
roles:
- geerlingguy.pip
## License
MIT / BSD
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

6
roles/geerlingguy.pip/defaults/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
# For Python 3, use python3-pip.
pip_package: python-pip
pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"
pip_install_packages: []

2
roles/geerlingguy.pip/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: Thu Sep 12 20:00:01 2019
version: 1.3.0

30
roles/geerlingguy.pip/meta/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Pip (Python package manager) for Linux.
issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- system
- server
- packaging
- python
- pip
- tools

29
roles/geerlingguy.pip/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,29 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-file: molecule/default/yaml-lint.yml
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
lint:
name: ansible-lint
playbooks:
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

20
roles/geerlingguy.pip/molecule/default/playbook.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Converge
hosts: all
become: true
vars:
pip_install_packages:
# Test installing a specific version of a package.
- name: ipaddress
version: "1.0.18"
# Test installing a package by name.
- colorama
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
roles:
- role: geerlingguy.pip

14
roles/geerlingguy.pip/molecule/default/tests/test_default.py Normal file
View File

@ -0,0 +1,14 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_hosts_file(host):
f = host.file('/etc/hosts')
assert f.exists
assert f.user == 'root'
assert f.group == 'root'

6
roles/geerlingguy.pip/molecule/default/yaml-lint.yml Normal file
View File

@ -0,0 +1,6 @@
---
extends: default
rules:
line-length:
max: 120
level: warning

14
roles/geerlingguy.pip/tasks/main.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: Ensure Pip is installed.
package:
name: "{{ pip_package }}"
state: present
- name: Ensure pip_install_packages are installed.
pip:
name: "{{ item.name | default(item) }}"
version: "{{ item.version | default(omit) }}"
virtualenv: "{{ item.virtualenv | default(omit) }}"
state: "{{ item.state | default(omit) }}"
executable: "{{ pip_executable }}"
with_items: "{{ pip_install_packages }}"

3
roles/geerlingguy.postgresql/.ansible-lint Normal file
View File

@ -0,0 +1,3 @@
skip_list:
- '405'
- '503'

3
roles/geerlingguy.postgresql/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

30
roles/geerlingguy.postgresql/.travis.yml Normal file
View File

@ -0,0 +1,30 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: postgresql
matrix:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: ubuntu1604
- MOLECULE_DISTRO: debian10
- MOLECULE_DISTRO: debian9
install:
# Install test dependencies.
- pip install molecule docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

20
roles/geerlingguy.postgresql/LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

145
roles/geerlingguy.postgresql/README.md Normal file
View File

@ -0,0 +1,145 @@
# Ansible Role: PostgreSQL
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-postgresql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-postgresql)
Installs and configures PostgreSQL server on RHEL/CentOS or Debian/Ubuntu servers.
## Requirements
No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like:
- hosts: database
roles:
- role: geerlingguy.postgresql
become: yes
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
postgresql_enablerepo: ""
(RHEL/CentOS only) You can set a repo to use for the PostgreSQL installation by passing it in here.
postgresql_restarted_state: "restarted"
Set the state of the service when configuration changes are made. Recommended values are `restarted` or `reloaded`.
postgresql_python_library: python-psycopg2
Library used by Ansible to communicate with PostgreSQL. If you are using Python 3 (e.g. set via `ansible_python_interpreter`), you should change this to `python3-psycopg2`.
postgresql_user: postgres
postgresql_group: postgres
The user and group under which PostgreSQL will run.
postgresql_unix_socket_directories:
- /var/run/postgresql
The directories (usually one, but can be multiple) where PostgreSQL's socket will be created.
postgresql_service_state: started
postgresql_service_enabled: true
Control the state of the postgresql service and whether it should start at boot time.
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
- `type` (required)
- `database` (required)
- `user` (required)
- `address` (one of this or the following two are required)
- `ip_address`
- `ip_mask`
- `auth_method` (required)
- `auth_options` (optional)
If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
postgresql_locales:
- 'en_US.UTF-8'
(Debian/Ubuntu only) Used to generate the locales used by PostgreSQL databases.
postgresql_databases:
- name: exampledb # required; the rest are optional
lc_collate: # defaults to 'en_US.UTF-8'
lc_ctype: # defaults to 'en_US.UTF-8'
encoding: # defaults to 'UTF-8'
template: # defaults to 'template0'
login_host: # defaults to 'localhost'
login_password: # defaults to not set
login_user: # defaults to 'postgresql_user'
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
port: # defaults to not set
owner: # defaults to postgresql_user
state: # defaults to 'present'
A list of databases to ensure exist on the server. Only the `name` is required; all other properties are optional.
postgresql_users:
- name: jdoe #required; the rest are optional
password: # defaults to not set
encrypted: # defaults to not set
priv: # defaults to not set
role_attr_flags: # defaults to not set
db: # defaults to not set
login_host: # defaults to 'localhost'
login_password: # defaults to not set
login_user: # defaults to '{{ postgresql_user }}'
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
port: # defaults to not set
state: # defaults to 'present'
A list of users to ensure exist on the server. Only the `name` is required; all other properties are optional.
postgresql_version: [OS-specific]
postgresql_data_dir: [OS-specific]
postgresql_bin_path: [OS-specific]
postgresql_config_path: [OS-specific]
postgresql_daemon: [OS-specific]
postgresql_packages: [OS-specific]
OS-specific variables that are set by include files in this role's `vars` directory. These shouldn't be overridden unless you're using a version of PostgreSQL that wasn't installed using system packages.
## Dependencies
None.
## Example Playbook
- hosts: database
become: yes
vars_files:
- vars/main.yml
roles:
- geerlingguy.postgresql
*Inside `vars/main.yml`*:
postgresql_databases:
- name: example_db
postgresql_users:
- name: example_user
password: supersecure
## License
MIT / BSD
## Author Information
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

64
roles/geerlingguy.postgresql/defaults/main.yml Normal file
View File

@ -0,0 +1,64 @@
---
# RHEL/CentOS only. Set a repository to use for PostgreSQL installation.
postgresql_enablerepo: ""
# Set postgresql state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
postgresql_restarted_state: "restarted"
postgresql_python_library: python-psycopg2
postgresql_user: postgres
postgresql_group: postgres
postgresql_unix_socket_directories:
- /var/run/postgresql
postgresql_service_state: started
postgresql_service_enabled: true
# Global configuration options that will be set in postgresql.conf.
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
# variable's defaults reflect the defaults that come with a fresh installation.
postgresql_hba_entries:
- {type: local, database: all, user: postgres, auth_method: peer}
- {type: local, database: all, user: all, auth_method: peer}
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
# Debian only. Used to generate the locales used by PostgreSQL databases.
postgresql_locales:
- 'en_US.UTF-8'
# Databases to ensure exist.
postgresql_databases: []
# - name: exampledb # required; the rest are optional
# lc_collate: # defaults to 'en_US.UTF-8'
# lc_ctype: # defaults to 'en_US.UTF-8'
# encoding: # defaults to 'UTF-8'
# template: # defaults to 'template0'
# login_host: # defaults to 'localhost'
# login_password: # defaults to not set
# login_user: # defaults to '{{ postgresql_user }}'
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
# port: # defaults to not set
# owner: # defaults to postgresql_user
# state: # defaults to 'present'
# Users to ensure exist.
postgresql_users: []
# - name: jdoe #required; the rest are optional
# password: # defaults to not set
# encrypted: # defaults to not set
# priv: # defaults to not set
# role_attr_flags: # defaults to not set
# db: # defaults to not set
# login_host: # defaults to 'localhost'
# login_password: # defaults to not set
# login_user: # defaults to '{{ postgresql_user }}'
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
# port: # defaults to not set
# state: # defaults to 'present'

6
roles/geerlingguy.postgresql/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart postgresql
service:
name: "{{ postgresql_daemon }}"
state: "{{ postgresql_restarted_state }}"
sleep: 5

2
roles/geerlingguy.postgresql/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: Thu Sep 12 20:01:17 2019
version: 1.4.6

25
roles/geerlingguy.postgresql/meta/main.yml Normal file
View File

@ -0,0 +1,25 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: PostgreSQL server for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
galaxy_tags:
- database
- postgresql
- postgres
- rdbms

29
roles/geerlingguy.postgresql/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,29 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-file: molecule/default/yaml-lint.yml
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
lint:
name: ansible-lint
playbooks:
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

35
roles/geerlingguy.postgresql/molecule/default/playbook.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Converge
hosts: all
become: true
vars:
postgresql_databases:
- name: example
postgresql_users:
- name: jdoe
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Set custom variables for old CentOS 6 PostgreSQL install.
set_fact:
postgresql_hba_entries: []
postgresql_global_config_options:
- option: unix_socket_directory
value: '{{ postgresql_unix_socket_directories[0] }}'
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_version.split('.')[0] == '6'
roles:
- role: geerlingguy.postgresql
post_tasks:
- name: Verify postgres is running.
command: "{{ postgresql_bin_path }}/pg_ctl -D {{ postgresql_data_dir }} status"
changed_when: false
become: true
become_user: postgres

6
roles/geerlingguy.postgresql/molecule/default/yaml-lint.yml Normal file
View File

@ -0,0 +1,6 @@
---
extends: default
rules:
line-length:
max: 120
level: warning

28
roles/geerlingguy.postgresql/tasks/configure.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Configure global settings.
lineinfile:
dest: "{{ postgresql_config_path }}/postgresql.conf"
regexp: "^#?{{ item.option }}.+$"
line: "{{ item.option }} = '{{ item.value }}'"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_global_config_options }}"
notify: restart postgresql
- name: Configure host based authentication (if entries are configured).
template:
src: "pg_hba.conf.j2"
dest: "{{ postgresql_config_path }}/pg_hba.conf"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
mode: 0600
notify: restart postgresql
when: postgresql_hba_entries
- name: Ensure PostgreSQL unix socket dirs exist.
file:
path: "{{ item }}"
state: directory
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
mode: 02775
with_items: "{{ postgresql_unix_socket_directories }}"

21
roles/geerlingguy.postgresql/tasks/databases.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Ensure PostgreSQL databases are present.
postgresql_db:
name: "{{ item.name }}"
lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}"
lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}"
encoding: "{{ item.encoding | default('UTF-8') }}"
template: "{{ item.template | default('template0') }}"
login_host: "{{ item.login_host | default('localhost') }}"
login_password: "{{ item.login_password | default(omit) }}"
login_user: "{{ item.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
port: "{{ item.port | default(omit) }}"
owner: "{{ item.owner | default(postgresql_user) }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_databases }}"
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true

29
roles/geerlingguy.postgresql/tasks/initialize.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: Set PostgreSQL environment variables.
template:
src: postgres.sh.j2
dest: /etc/profile.d/postgres.sh
mode: 0644
notify: restart postgresql
- name: Ensure PostgreSQL data directory exists.
file:
path: "{{ postgresql_data_dir }}"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
state: directory
mode: 0700
- name: Check if PostgreSQL database is initialized.
stat:
path: "{{ postgresql_data_dir }}/PG_VERSION"
register: pgdata_dir_version
- name: Ensure PostgreSQL database is initialized.
command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}"
when: not pgdata_dir_version.stat.exists
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true

25
roles/geerlingguy.postgresql/tasks/main.yml Normal file
View File

@ -0,0 +1,25 @@
---
# Variable configuration.
- include_tasks: variables.yml
# Setup/install tasks.
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include_tasks: initialize.yml
- include_tasks: configure.yml
- name: Ensure PostgreSQL is started and enabled on boot.
service:
name: "{{ postgresql_daemon }}"
state: "{{ postgresql_service_state }}"
enabled: "{{ postgresql_service_enabled }}"
when: not docker_enabled
# Configure PostgreSQL.
- import_tasks: databases.yml
- import_tasks: users.yml

21
roles/geerlingguy.postgresql/tasks/setup-Debian.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Ensure PostgreSQL Python libraries are installed.
apt:
name: "{{ postgresql_python_library }}"
state: present
- name: Ensure PostgreSQL packages are installed.
apt:
name: "{{ postgresql_packages }}"
state: present
- name: Ensure all configured locales are present.
locale_gen: "name={{ item }} state=present"
with_items: "{{ postgresql_locales }}"
register: locale_gen_result
- name: Force-restart PostgreSQL after new locales are generated.
service:
name: "{{ postgresql_daemon }}"
state: restarted
when: locale_gen_result.changed

12
roles/geerlingguy.postgresql/tasks/setup-RedHat.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Ensure PostgreSQL packages are installed.
package:
name: "{{ postgresql_packages }}"
state: present
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"
- name: Ensure PostgreSQL Python libraries are installed.
package:
name: "{{ postgresql_python_library }}"
state: present
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"

22
roles/geerlingguy.postgresql/tasks/users.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Ensure PostgreSQL users are present.
postgresql_user:
name: "{{ item.name }}"
password: "{{ item.password | default(omit) }}"
encrypted: "{{ item.encrypted | default(omit) }}"
priv: "{{ item.priv | default(omit) }}"
role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
db: "{{ item.db | default(omit) }}"
login_host: "{{ item.login_host | default('localhost') }}"
login_password: "{{ item.login_password | default(omit) }}"
login_user: "{{ item.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
port: "{{ item.port | default(omit) }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_users }}"
no_log: true
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true

39
roles/geerlingguy.postgresql/tasks/variables.yml Normal file
View File

@ -0,0 +1,39 @@
---
# Variable configuration.
- name: Include OS-specific variables (Debian).
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_os_family == 'Debian'
- name: Include OS-specific variables (RedHat).
include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_os_family == 'RedHat'
- name: Define postgresql_packages.
set_fact:
postgresql_packages: "{{ __postgresql_packages | list }}"
when: postgresql_packages is not defined
- name: Define postgresql_version.
set_fact:
postgresql_version: "{{ __postgresql_version }}"
when: postgresql_version is not defined
- name: Define postgresql_daemon.
set_fact:
postgresql_daemon: "{{ __postgresql_daemon }}"
when: postgresql_daemon is not defined
- name: Define postgresql_data_dir.
set_fact:
postgresql_data_dir: "{{ __postgresql_data_dir }}"
when: postgresql_data_dir is not defined
- name: Define postgresql_bin_path.
set_fact:
postgresql_bin_path: "{{ __postgresql_bin_path }}"
when: postgresql_bin_path is not defined
- name: Define postgresql_config_path.
set_fact:
postgresql_config_path: "{{ __postgresql_config_path }}"
when: postgresql_config_path is not defined

9
roles/geerlingguy.postgresql/templates/pg_hba.conf.j2 Normal file
View File

@ -0,0 +1,9 @@
{{ ansible_managed | comment }}
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
{% for client in postgresql_hba_entries %}
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
{% endfor %}

2
roles/geerlingguy.postgresql/templates/postgres.sh.j2 Normal file
View File

@ -0,0 +1,2 @@
export PGDATA={{ postgresql_data_dir }}
export PATH=$PATH:{{ postgresql_bin_path }}

10
roles/geerlingguy.postgresql/vars/Debian-10.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "11"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-7.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.1"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-8.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.4"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-9.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.6"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-NA.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "11"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-buster/sid.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "11"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-testing.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "11"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

11
roles/geerlingguy.postgresql/vars/RedHat-6.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "8.4"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs

11
roles/geerlingguy.postgresql/vars/RedHat-7.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "9.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs

10
roles/geerlingguy.postgresql/vars/Ubuntu-14.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.3"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Ubuntu-16.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.5"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Ubuntu-18.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "10"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

7
roles/synapse/.editorconfig Normal file
View File

@ -0,0 +1,7 @@
root = true
trim_trailing_whitespace = true
[*.yml]
insert_final_newline = true
indent_style = space
indent_size = 2

64
roles/synapse/README.md Normal file
View File

@ -0,0 +1,64 @@
# matrix-synapse
Install a matrix synapse server.
## Requirements
The following should be present on the target system
* `pip`
* `systemd`
* `rsyslogd`
* `logrotate`
## Role Variables
### Mandatory Variables
| Name | Type | Description |
| :--- | :--- | :--- |
| **matrix_server_name** | __string__ | |
| **matrix_synapse_tls_cert** | __string__ | server's TLS certificate chain (_when matrix_synapse_extra_config.no_tls is set to true_)|
| **matrix_synapse_tls_key** | __string__ | server's TLS key (_when matrix_synapse_extra_config.no_tls is set to true_)|
| **matrix_synapse_report_stats** | __bool__ | Report the stats to matrix.org |
| **matrix_synapse_pg_host** | __sting__ | postgresql server |
| **matrix_synapse_pg_user** | __string__ | postgresql user |
| **matrix_synapse_pg_pass** | __string__ | postgresql user's password |
| **matrix_synapse_pg_db** | __string__ | postgresql database |
### Optional Variables
| Name | Value | Description |
| :--- | :--- | :--- |
| matrix_synapse_base_path | "/opt/synapse" |
| matrix_synapse_secrets_path | "{{ matrix_synapse_base_path }}/secrets"
| matrix_synapse_extra_config | _None_ | configuration parameters as given in the [synapse configuration file](https://github.com/matrix-org/synapse/tree/master/docs) |
| matrix_synapse_dh_path | "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh" |
| matrix_synapse_baseurl | "https://{{ matrix_server_name }}" |
| matrix_synapse_signing_key_path | "{{ matrix_synapse_base_path }}/ssl/{{ matrix_server_name }}.signing.key" |
| matrix_synapse_version | "v1.0.0" |
| matrix_synapse_log_days_keep | 30 |
| matrix_synapse_deployment_method | pip | Either pip or docker [¹](#footnote_1) |
| matrix_synapse_supervision_method | systemd | Either systemd, runit or docker [¹](#footnote_1) |
| matrix_synapse_python_version | 3 | Default python version (2, 3) to be used |
<a name="footnote_1">¹</a>: Docker must be used for both or neither deployment and supervision
## Dependencies
__None__.
## Example Playbook
```yaml
#TODO: Add example
```
## License
Apache 2.0
# Author Information
* Michael Kaye
* Jan Christian Grünhage
* Emmanouil Kampitakis

1
roles/synapse/TODO.md Normal file
View File

@ -0,0 +1 @@
- Write a handler to restart the systemd service when upgrading

15
roles/synapse/defaults/main.yml Normal file
View File

@ -0,0 +1,15 @@
---
matrix_synapse_extra_config: {}
matrix_synapse_deployment_method: pip
matrix_synapse_supervision_method: systemd
matrix_synapse_base_path: "/opt/synapse"
matrix_synapse_secrets_path: "{{ matrix_synapse_base_path }}/secrets"
matrix_synapse_dh_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh"
matrix_synapse_baseurl: "https://{{ matrix_server_name }}"
matrix_synapse_signing_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.signing.key"
matrix_synapse_version: "v1.3.1"
matrix_synapse_log_dir: "/var/log/matrix_synapse"
matrix_synapse_log_days_keep: 30
matrix_synapse_pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
matrix_synapse_docker_ports: ["8008:8008", "8448:8448"]
matrix_synapse_docker_labels: {}

29
roles/synapse/files/log.config Normal file
View File

@ -0,0 +1,29 @@
version: 1
formatters:
precise:
format: '%(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: INFO
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
handlers: [console]

27
roles/synapse/handlers/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
- name: "reload systemd"
systemd:
daemon_reload: yes
- name: "restart matrix-synapse using systemd"
service:
name: "matrix-synapse"
state: restarted
enabled: yes
when: matrix_synapse_supervision_method == "systemd"
listen: "restart matrix-synapse"
- name: "restart synapse using docker"
docker_container:
name: synapse
state: started
restart: yes
when: matrix_synapse_supervision_method == "docker"
listen: "restart matrix-synapse"
- name: restart rsyslog
become: yes
service:
name: rsyslog
state: restarted
when: matrix_synapse_supervision_method == "systemd"

51
roles/synapse/library/matrix_signing_key.py Normal file
View File

@ -0,0 +1,51 @@
#!/bin/python3
# Copyright: (c) 2018, Emmanouil Kampitakis <info@kampitakis.de>
# Apache 2.0
from ansible.module_utils.basic import AnsibleModule
from signedjson import key
import os
def write_signing_key(path):
with open(path,'w') as f:
key.write_signing_keys(
f,
[key.generate_signing_key('first')]
)
def run_module():
module_args = dict(
path=dict(type='str', required=True),
)
result = dict(
changed=False,
original_message='',
message=''
)
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
signing_key_path = module.params['path']
signing_key_exists = os.path.isfile(signing_key_path)
if not signing_key_exists:
result['changed'] = True
if module.check_mode:
return result
write_signing_key(signing_key_path)
module.exit_json(**result)
def main():
run_module()
if __name__ == '__main__':
main()

16
roles/synapse/meta/main.yml Normal file
View File

@ -0,0 +1,16 @@
galaxy_info:
author: michaelkaye
description: Deploys a synapse server
license: Apache 2.0
min_ansible_version: 2.0
platforms:
- name: Debian
versions:
- jessie
galaxy_tags: []
dependencies: []