From dac0b0cc802a74789e3d759b0be5bdb7eec83d83 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 16:37:33 +0100 Subject: [PATCH 01/10] feat: Configure replication from postgres collection --- defaults/main.yml | 3 +++ tasks/main.yml | 4 ++++ tasks/provision.yml | 2 ++ tasks/replication.yml | 34 ++++++++++++++++++++++++++++++++ templates/docker-compose.yaml.j2 | 2 -- 5 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 tasks/replication.yml diff --git a/defaults/main.yml b/defaults/main.yml index fbeb767..9c63663 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -59,6 +59,9 @@ postgres_arguments: enable_postgres_replication: false # IP address of the interface replication postgres_replications_arguments: [] +postgres_replica_user_name: "" +postgres_replica_user_password: "" +postgres_replica_auth_method: "scram-sha-256" postgres_replication_bind_address: "" postgres_replica_address: "" diff --git a/tasks/main.yml b/tasks/main.yml index cf19627..ab92fc5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,3 +9,7 @@ - name: Prepare configs ansible.builtin.include_tasks: provision.yml + +- name: Configure replication on main instance + ansible.builtin.include_tasks: replication.yml + when: enable_postgres_replication diff --git a/tasks/provision.yml b/tasks/provision.yml index 53bc3db..3daecb5 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -46,6 +46,8 @@ - postgres_replication_bind_address - postgres_replica_address - postgres_replications_arguments + - postgres_replica_user_name + - postgres_replica_user_password - name: Check required en vars empty ansible.builtin.fail: diff --git a/tasks/replication.yml b/tasks/replication.yml new file mode 100644 index 0000000..f7ed04a --- /dev/null +++ b/tasks/replication.yml @@ -0,0 +1,34 @@ +--- +- name: Grant user replication from network 192.168.0.100/24 access for replication with client cert authentication + community.postgresql.postgresql_pg_hba: + dest: {{ storage_directory }}/postgres/pg_hba.conf + contype: host + users: replication + source: {{ postgres_replica_address }}/32 + databases: replication + method: {{ postgres_replica_auth_method }} + +- name: Create postgres replication user + community.postgresql.postgresql_user: + login_host: {{ postgres_replication_bind_address }} + login_user: {{ database_username }} + login_user: {{ database_username }} + name: {{ postgres_replica_user_name }} + password: {{ postgres_replica_user_password }} + priv: "REPLICATION" + + +- name: Create replication slot if doesn't exist + become_user: postgres + community.postgresql.postgresql_slot: + login_host: {{ postgres_replication_bind_address }} + login_user: {{ database_username }} + login_user: {{ database_username }} + slot_name: replica + +- name: Reload postgres select query to acme db + community.postgresql.postgresql_query: + login_host: {{ postgres_replication_bind_address }} + login_user: {{ database_username }} + login_user: {{ database_username }} + query: "SELECT pg_reload_conf()" diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2 index f1b89a8..c349a03 100644 --- a/templates/docker-compose.yaml.j2 +++ b/templates/docker-compose.yaml.j2 @@ -44,8 +44,6 @@ services: env_file: - postgres.env {% if enable_postgres_replication %} - environment: - POSTGRES_HOST_AUTH_METHOD: "host replication replicator {{ postgres_replica_address }}/32 md5" ports: - "{{ postgres_replication_bind_address }}:5432:5432" {% endif %} From 9034dc5fd4ce1080d7ed16fc92f5d55bb39618a4 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 16:42:58 +0100 Subject: [PATCH 02/10] feat: Configure replication from postgres collection --- tasks/replication.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tasks/replication.yml b/tasks/replication.yml index f7ed04a..56892b6 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -1,9 +1,9 @@ --- -- name: Grant user replication from network 192.168.0.100/24 access for replication with client cert authentication +- name: Grant user replication access for replication. community.postgresql.postgresql_pg_hba: dest: {{ storage_directory }}/postgres/pg_hba.conf contype: host - users: replication + users: {{ postgres_replica_user_name }} source: {{ postgres_replica_address }}/32 databases: replication method: {{ postgres_replica_auth_method }} @@ -17,7 +17,6 @@ password: {{ postgres_replica_user_password }} priv: "REPLICATION" - - name: Create replication slot if doesn't exist become_user: postgres community.postgresql.postgresql_slot: From 4f1b6a37ab4073d4cd4f7b6567267cc5b780a2aa Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 16:59:27 +0100 Subject: [PATCH 03/10] fixed lint --- tasks/replication.yml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tasks/replication.yml b/tasks/replication.yml index 56892b6..ab78240 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -1,33 +1,33 @@ --- - name: Grant user replication access for replication. community.postgresql.postgresql_pg_hba: - dest: {{ storage_directory }}/postgres/pg_hba.conf + dest: "{{ storage_directory }}/postgres/pg_hba.conf" contype: host - users: {{ postgres_replica_user_name }} - source: {{ postgres_replica_address }}/32 + users: "{{ postgres_replica_user_name }}" + source: "{{ postgres_replica_address }}/32" databases: replication - method: {{ postgres_replica_auth_method }} + method: "{{ postgres_replica_auth_method }}" - name: Create postgres replication user community.postgresql.postgresql_user: - login_host: {{ postgres_replication_bind_address }} - login_user: {{ database_username }} - login_user: {{ database_username }} - name: {{ postgres_replica_user_name }} - password: {{ postgres_replica_user_password }} + login_host: "{{ postgres_replication_bind_address }}" + login_user: "{{ database_username }}" + login_password: "{{ database_password }}" + name: "{{ postgres_replica_user_name }}" + password: "{{ postgres_replica_user_password }}" priv: "REPLICATION" - name: Create replication slot if doesn't exist become_user: postgres community.postgresql.postgresql_slot: - login_host: {{ postgres_replication_bind_address }} - login_user: {{ database_username }} - login_user: {{ database_username }} + login_host: "{{ postgres_replication_bind_address }}" + login_user: "{{ database_username }}" + login_password: "{{ database_password }}" slot_name: replica - name: Reload postgres select query to acme db community.postgresql.postgresql_query: - login_host: {{ postgres_replication_bind_address }} - login_user: {{ database_username }} - login_user: {{ database_username }} + login_host: "{{ postgres_replication_bind_address }}" + login_user: "{{ database_username }}" + login_password: "{{ database_password }}" query: "SELECT pg_reload_conf()" From 5e8657ac3b03cd05d141ee716847226e8294e3cc Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 17:00:14 +0100 Subject: [PATCH 04/10] fixed lint --- tasks/replication.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/replication.yml b/tasks/replication.yml index ab78240..f92636f 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -25,7 +25,7 @@ login_password: "{{ database_password }}" slot_name: replica -- name: Reload postgres select query to acme db +- name: Reload postgres configuration community.postgresql.postgresql_query: login_host: "{{ postgres_replication_bind_address }}" login_user: "{{ database_username }}" From b672d803f06e5aeaefdf9b5648bd63d94bb13d8f Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 17:01:52 +0100 Subject: [PATCH 05/10] fixed lint --- tasks/replication.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/replication.yml b/tasks/replication.yml index f92636f..8e15df6 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -18,7 +18,6 @@ priv: "REPLICATION" - name: Create replication slot if doesn't exist - become_user: postgres community.postgresql.postgresql_slot: login_host: "{{ postgres_replication_bind_address }}" login_user: "{{ database_username }}" From 576f8eb252a63275965c664edcc2429afb49228c Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 17:44:12 +0100 Subject: [PATCH 06/10] change priv to role_attr_flags --- .../mainnet_with_snapshots_recovery/requirements.yml | 3 +++ tasks/replication.yml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml b/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml index af620b0..71afa5f 100644 --- a/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml +++ b/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml @@ -10,3 +10,6 @@ roles: collections: - name: community.general version: 8.4.0 +# Collection for the replication only. + - name: community.postgresql + version: 3.7.0 diff --git a/tasks/replication.yml b/tasks/replication.yml index 8e15df6..bf1af73 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -15,7 +15,7 @@ login_password: "{{ database_password }}" name: "{{ postgres_replica_user_name }}" password: "{{ postgres_replica_user_password }}" - priv: "REPLICATION" + role_attr_flags: "REPLICATION" - name: Create replication slot if doesn't exist community.postgresql.postgresql_slot: From 5298e9f87d15e2b80a0cabbf8a5abed1d5fc798f Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 17:48:55 +0100 Subject: [PATCH 07/10] add psycopg2 --- tasks/replication.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tasks/replication.yml b/tasks/replication.yml index bf1af73..dadc3d0 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -1,4 +1,9 @@ --- +- name: Install psycopg2 packages + ansible.builtin.apt: + update_cache: true + name: psycopg2 + - name: Grant user replication access for replication. community.postgresql.postgresql_pg_hba: dest: "{{ storage_directory }}/postgres/pg_hba.conf" From 45feed1069d19a5c84d7bbb9e584a37ed3be95e7 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 17:51:20 +0100 Subject: [PATCH 08/10] add psycopg2 --- tasks/replication.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tasks/replication.yml b/tasks/replication.yml index dadc3d0..3a97c61 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -1,7 +1,6 @@ --- -- name: Install psycopg2 packages - ansible.builtin.apt: - update_cache: true +- name: Install psycopg2 python package + ansible.builtin.pip: name: psycopg2 - name: Grant user replication access for replication. From 655b461ba5168e811b3e3e6a75acbd860509d563 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 17:55:22 +0100 Subject: [PATCH 09/10] add libpq-dev --- tasks/replication.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tasks/replication.yml b/tasks/replication.yml index 3a97c61..b313c8d 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -1,4 +1,10 @@ --- + +- name: Install libpq-dev packages + ansible.builtin.apt: + update_cache: true + name: libpq-dev + - name: Install psycopg2 python package ansible.builtin.pip: name: psycopg2 From 22a1d06ef784529d680cede5834b7add8646a753 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Wed, 20 Nov 2024 17:59:52 +0100 Subject: [PATCH 10/10] fix lint --- .../mainnet_with_snapshots_recovery/requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml b/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml index 71afa5f..8be2ff2 100644 --- a/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml +++ b/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml @@ -10,6 +10,6 @@ roles: collections: - name: community.general version: 8.4.0 -# Collection for the replication only. + # Collection for the replication only. - name: community.postgresql version: 3.7.0