Merge pull request #35 from matter-labs/backup-user

feat: Added user with backup permissions only
2025-12-06 10:59:56 +00:00 · 2024-11-27 15:45:36 +01:00 · 2024-11-27 15:24:20 +01:00 · 2024-11-27 15:12:12 +01:00 · 2024-11-27 15:08:46 +01:00 · 2024-11-27 14:51:33 +01:00
6 changed files with 77 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -59,8 +59,14 @@ postgres_arguments:
 enable_postgres_replication: false
 # IP address of the interface replication
 postgres_replications_arguments: []
+postgres_replica_user_name: ""
+postgres_replica_user_password: ""
+postgres_replica_auth_method: "scram-sha-256"
 postgres_replication_bind_address: ""
 postgres_replica_address: ""
+backup_db_user: ""
+backup_db_password: ""
+backup_db_name: ""

 # Enable TLS for traefik
 enable_tls: false
--- a/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml
+++ b/example_playbooks/mainnet_with_snapshots_recovery/requirements.yml
@ -10,3 +10,6 @@ roles:
 collections:
  - name: community.general
    version: 8.4.0
+  # Collection for the replication only.
+  - name: community.postgresql
+    version: 3.7.0
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -9,3 +9,7 @@

 - name: Prepare configs
  ansible.builtin.include_tasks: provision.yml
+
+- name: Configure replication on main instance
+  ansible.builtin.include_tasks: replication.yml
+  when: enable_postgres_replication
--- a/tasks/provision.yml
+++ b/tasks/provision.yml
@ -36,7 +36,7 @@
  when: enable_postgres_replication
  ansible.builtin.assert:
    that:
-      - required_var != ""
+      - postgress_replication_required_var != ""
    fail_msg: "{{ postgress_replication_required_var }} needs to be set for the role for postgres replication to work"
    success_msg: "Required variable for postgres replication {{ postgress_replication_required_var }} isn't empty"
  loop_control:
@ -46,6 +46,8 @@
    - postgres_replication_bind_address
    - postgres_replica_address
    - postgres_replications_arguments
+    - postgres_replica_user_name
+    - postgres_replica_user_password

 - name: Check required en vars empty
  ansible.builtin.fail:
--- a/tasks/replication.yml
+++ b/tasks/replication.yml
@ -0,0 +1,60 @@
+---
+
+- name: Install libpq-dev packages
+  ansible.builtin.apt:
+    update_cache: true
+    name: libpq-dev
+
+- name: Install psycopg2 python package
+  ansible.builtin.pip:
+    name: psycopg2
+
+- name: Grant user replication access for replication.
+  community.postgresql.postgresql_pg_hba:
+    dest: "{{ storage_directory }}/postgres/pg_hba.conf"
+    contype: host
+    users: "{{ postgres_replica_user_name }}"
+    source: "{{ postgres_replica_address }}/32"
+    databases: replication
+    method: "{{ postgres_replica_auth_method }}"
+
+- name: Create postgres replication user
+  community.postgresql.postgresql_user:
+    login_host: "{{ postgres_replication_bind_address }}"
+    login_user: "{{ database_username }}"
+    login_password: "{{ database_password }}"
+    name: "{{ postgres_replica_user_name }}"
+    password: "{{ postgres_replica_user_password }}"
+    role_attr_flags: "REPLICATION"
+
+- name: Create replication slot if doesn't exist
+  community.postgresql.postgresql_slot:
+    login_host: "{{ postgres_replication_bind_address }}"
+    login_user: "{{ database_username }}"
+    login_password: "{{ database_password }}"
+    slot_name: replica
+
+- name: Reload postgres configuration
+  community.postgresql.postgresql_query:
+    login_host: "{{ postgres_replication_bind_address }}"
+    login_user: "{{ database_username }}"
+    login_password: "{{ database_password }}"
+    query: "SELECT pg_reload_conf()"
+
+- name: Create postgres backup user
+  community.postgresql.postgresql_user:
+    login_host: "{{ postgres_replication_bind_address }}"
+    login_user: "{{ database_username }}"
+    login_password: "{{ database_password }}"
+    name: "{{ backup_db_user }}"
+    password: "{{ backup_db_password }}"
+
+- name: Grant role pg_read_all_data to backup user
+  community.postgresql.postgresql_membership:
+    login_host: "{{ postgres_replication_bind_address }}"
+    login_user: "{{ database_username }}"
+    login_password: "{{ database_password }}"
+    group: pg_read_all_data
+    target_roles:
+      - "{{ backup_db_user }}"
+    state: present
--- a/templates/docker-compose.yaml.j2
+++ b/templates/docker-compose.yaml.j2
@ -44,10 +44,8 @@ services:
    env_file:
      - postgres.env
 {% if enable_postgres_replication %}
-    environment:
-      POSTGRES_HOST_AUTH_METHOD: "host replication replicator {{ postgres_replica_address }}/32 md5"
    ports:
-      - "{{ postgres_replication_interface }}:5432:5432"
+      - "{{ postgres_replication_bind_address }}:5432:5432"
 {% endif %}
    command:
      - postgres
Author	SHA1	Message	Date
Aleksandr Stepanov	d276d7b290	Merge pull request #35 from matter-labs/backup-user Some checks failed Release / Release (push) Has been cancelled Details CI / Lint (push) Has been cancelled Details CI / Ansible lint (push) Has been cancelled Details feat: Added user with backup permissions only	2024-11-27 15:45:36 +01:00
Oleksandr Stepanov	60333c40da	feat: Added user with backup permissions only	2024-11-27 15:24:20 +01:00
Oleksandr Stepanov	2eb2b1f6d4	feat: Added user with backup permissions only	2024-11-27 15:12:12 +01:00
Oleksandr Stepanov	69777ac4e8	feat: Added user with backup permissions only	2024-11-27 15:08:46 +01:00
Oleksandr Stepanov	46e2a6e0e4	feat: Added user with backup permissions only	2024-11-27 14:51:33 +01:00
Aleksandr Stepanov	c5ab63672b	Merge pull request #34 from matter-labs/add-more-replication Some checks failed Release / Release (push) Has been cancelled Details CI / Lint (push) Has been cancelled Details CI / Ansible lint (push) Has been cancelled Details feat: Configure replication from postgres collection	2024-11-20 18:04:24 +01:00
Oleksandr Stepanov	22a1d06ef7	fix lint	2024-11-20 17:59:52 +01:00
Oleksandr Stepanov	655b461ba5	add libpq-dev	2024-11-20 17:55:22 +01:00
Oleksandr Stepanov	45feed1069	add psycopg2	2024-11-20 17:51:20 +01:00
Oleksandr Stepanov	5298e9f87d	add psycopg2	2024-11-20 17:48:55 +01:00
Oleksandr Stepanov	576f8eb252	change priv to role_attr_flags	2024-11-20 17:44:12 +01:00
Oleksandr Stepanov	b672d803f0	fixed lint	2024-11-20 17:01:52 +01:00
Oleksandr Stepanov	5e8657ac3b	fixed lint	2024-11-20 17:00:14 +01:00
Oleksandr Stepanov	4f1b6a37ab	fixed lint	2024-11-20 16:59:27 +01:00
Oleksandr Stepanov	9034dc5fd4	feat: Configure replication from postgres collection	2024-11-20 16:42:58 +01:00
Oleksandr Stepanov	dac0b0cc80	feat: Configure replication from postgres collection	2024-11-20 16:37:33 +01:00
Aleksandr Stepanov	10ea272736	Merge pull request #33 from matter-labs/fix-type-postgres_replication_interface fix: Rename variable postgres_replication_bind_address	2024-11-20 10:41:23 +01:00
Oleksandr Stepanov	3fa5c8622b	fix: Rename variable postgres_replication_bind_address	2024-11-20 10:40:16 +01:00
Aleksandr Stepanov	64198202a5	Merge pull request #32 from matter-labs/fix-typo fix: Fixed typo in validation step for replication	2024-11-20 10:36:36 +01:00
Oleksandr Stepanov	0d1717f38a	fix: Fixed typo in validation step for replication	2024-11-20 10:35:18 +01:00