jleony/ansible-en-role
1
0
Fork 1
mirror of https://github.com/matter-labs/ansible-en-role.git synced 2025-12-06 02:49:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: Added optional postgres replication

Browse Source
This commit is contained in:
Oleksandr Stepanov
2024-11-19 16:11:28 +01:00
parent dde435ca95
commit 2bf98e9273
4 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
defaults/main.yml
View File

@ -56,6 +56,10 @@ postgres_arguments:
- max_parallel_maintenance_workers=4 - max_parallel_maintenance_workers=4
- -c - -c
- checkpoint_timeout=1800 - checkpoint_timeout=1800
enable_postgres_replication: false
# IP address of the interface replication
postgres_replication_bind_address: ""
postgres_replica_address: ""
# Enable TLS for traefik # Enable TLS for traefik
enable_tls: false enable_tls: false

9
tasks/firewall.yml
View File

@ -57,6 +57,15 @@
destination_port: "{{ consensus_port }}" destination_port: "{{ consensus_port }}"
jump: ACCEPT jump: ACCEPT
- name: Allow postgres replication traffic from replica only
when: enable_postgres_replication
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: 5432
source: "{{ postgres_replication_bind_address }}"
jump: ACCEPT
- name: Set default policy to DROP - name: Set default policy to DROP
ansible.builtin.iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT

14
tasks/provision.yml
View File

@ -32,6 +32,20 @@
- l2_chain_id - l2_chain_id
- l1_chain_id - l1_chain_id
- name: "Verify that required variables for replication is set"
when: enable_postgres_replication
ansible.builtin.assert:
that:
- required_var != ""
fail_msg: "{{ postgress_replication_required_var }} needs to be set for the role for postgres replication to work"
success_msg: "Required variable for postgres replication {{ postgress_replication_required_var }} isn't empty"
loop_control:
loop_var: postgress_replication_required_var
with_items:
- enable_postgres_replication
- postgres_replication_bind_address
- postgres_replica_address
- name: Check required en vars empty - name: Check required en vars empty
ansible.builtin.fail: ansible.builtin.fail:
msg: "Variable '{{ item }}' is empty" msg: "Variable '{{ item }}' is empty"

6
templates/docker-compose.yaml.j2
View File

@ -43,6 +43,12 @@ services:
- ./restore_dump.sh:/docker-entrypoint-initdb.d/restore_dump.sh - ./restore_dump.sh:/docker-entrypoint-initdb.d/restore_dump.sh
env_file: env_file:
- postgres.env - postgres.env
{% if enable_postgres_replication %}
environment:
POSTGRES_HOST_AUTH_METHOD: "host replication replicator {{ postgres_replica_address }}/32 md5"
ports:
- "{{ postgres_replication_interface }}:5432:5432"
{% endif %}
command: command:
- postgres - postgres
- -c - -c