From 2bf98e9273872f820481e01246f44bdc2566fec5 Mon Sep 17 00:00:00 2001
From: Oleksandr Stepanov <alexandrst88@gmail.com>
Date: Tue, 19 Nov 2024 16:11:28 +0100
Subject: [PATCH] feat: Added optional postgres replication

---
 defaults/main.yml                |  4 ++++
 tasks/firewall.yml               |  9 +++++++++
 tasks/provision.yml              | 14 ++++++++++++++
 templates/docker-compose.yaml.j2 |  6 ++++++
 4 files changed, 33 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 859f5ac..6f682ae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -56,6 +56,10 @@ postgres_arguments:
   - max_parallel_maintenance_workers=4
   - -c
   - checkpoint_timeout=1800
+enable_postgres_replication: false
+# IP address of the interface replication
+postgres_replication_bind_address: ""
+postgres_replica_address: ""
 
 # Enable TLS for traefik
 enable_tls: false
diff --git a/tasks/firewall.yml b/tasks/firewall.yml
index 2a81b48..f348faf 100644
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@@ -57,6 +57,15 @@
     destination_port: "{{ consensus_port }}"
     jump: ACCEPT
 
+- name: Allow postgres replication traffic from replica only
+  when: enable_postgres_replication
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 5432
+    source: "{{ postgres_replication_bind_address }}"
+    jump: ACCEPT
+
 - name: Set default policy to DROP
   ansible.builtin.iptables:
     chain: INPUT
diff --git a/tasks/provision.yml b/tasks/provision.yml
index 7a35120..1a73553 100644
--- a/tasks/provision.yml
+++ b/tasks/provision.yml
@@ -32,6 +32,20 @@
     - l2_chain_id
     - l1_chain_id
 
+- name: "Verify that required variables for replication is set"
+  when: enable_postgres_replication
+  ansible.builtin.assert:
+    that:
+      - required_var != ""
+    fail_msg: "{{ postgress_replication_required_var }} needs to be set for the role for postgres replication to work"
+    success_msg: "Required variable for postgres replication {{ postgress_replication_required_var }} isn't empty"
+  loop_control:
+    loop_var: postgress_replication_required_var
+  with_items:
+    - enable_postgres_replication
+    - postgres_replication_bind_address
+    - postgres_replica_address
+
 - name: Check required en vars empty
   ansible.builtin.fail:
     msg: "Variable '{{ item }}' is empty"
diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2
index 5e7f028..5e0fb22 100644
--- a/templates/docker-compose.yaml.j2
+++ b/templates/docker-compose.yaml.j2
@@ -43,6 +43,12 @@ services:
       - ./restore_dump.sh:/docker-entrypoint-initdb.d/restore_dump.sh
     env_file:
       - postgres.env
+{% if enable_postgres_replication %}
+    environment:
+      POSTGRES_HOST_AUTH_METHOD: "host replication replicator {{ postgres_replica_address }}/32 md5"
+    ports:
+      - "{{ postgres_replication_interface }}:5432:5432"
+{% endif %}
     command:
       - postgres
       - -c