refactor

ita-social-projects · Dec 6, 2024 · 7701f69 · 7701f69
1 parent f4d3057
commit 7701f69
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 25 deletions.
diff --git a/ansible1/roles/postgresql/files/pg_hba.conf.j2 b/ansible1/roles/postgresql/files/pg_hba.conf.j2
@@ -0,0 +1,9 @@
+{{ ansible_managed | comment }}
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
+
+{% for client in postgresql_hba_entries %}
+{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
+{% endfor %}
diff --git a/ansible1/roles/postgresql/tasks/main.yml b/ansible1/roles/postgresql/tasks/main.yml
@@ -1,66 +1,89 @@
 ---
 - name: Install packages
-  apt: "name={{ item }} state=present"
+  apt:
+    name: "{{ item }}"
+    state: present
   with_items:
     - postgresql
     - postgresql-server
 
 - name: Install Python packages
-  pip: "name={{ item }} state=present"
-  sudo: yes
+  pip:
+    name: "{{ item }}"
+    state: present
+  become: yes
   with_items:
     - postgresql-{{ postges_version }}
     - postgresql-client-{{ postges_version }}
     - postgresql-contrib-{{ postges_version }}
 
 - name: Configure PostgreSQL. Set listen_address
-  lineinfile: dest=/etc/postgresql/{{ postges_version }}/main/postgresql.conf
-    regexp="max_connections =" line="max_connections = 1000" state=present
+  lineinfile:
+    dest: "/etc/postgresql/{{ postges_version }}/main/postgresql.conf"
+    regexp: "max_connections ="
+    line: "max_connections = 1000"
+    state: present
   notify: restart postgresql
   sudo: yes
 
 - name: Configure PostgreSQL. Set SSL
-  lineinfile: dest=/etc/postgresql/{{ postges_version }}/main/postgresql.conf
-    regexp="ssl =" line="ssl = false" state=present
+  lineinfile:
+    dest: "/etc/postgresql/{{ postges_version }}/main/postgresql.conf"
+    regexp: "ssl ="
+    line: "ssl = false"
+    state: present
   notify: restart postgresql
-  sudo: yes
+  become: yes
 
 - name: Configure PostgreSQL. Set autovacuum
-  lineinfile: dest=/etc/postgresql/{{ postges_version }}/main/postgresql.conf
-    regexp="autovacuum =" line="autovacuum = on" state=present
+  lineinfile:
+    dest: "/etc/postgresql/{{ postges_version }}/main/postgresql.conf"
+    regexp: "autovacuum ="
+    line: "autovacuum = on"
+    state: present
   notify: restart postgresql
-  sudo: yes
+  become: yes
 
 - name: Configure PostgreSQL. Set hosts in pg_hba.conf
   template:
-    src=pg_hba.conf.j2 dest=/etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
-    backup=yes
+    src: pg_hba.conf.j2
+    dest: "/etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf"
+    backup: yes
   notify: restart postgresql
-  sudo: yes
+  become: yes
 
 - name: Install psycopg2
-  pip: name=psycopg2
-  sudo: yes
+  pip:
+    name: psycopg2
+  become: yes
 
 - name: Create PostgreSQL DB
-  postgresql_db: name={{ postgres_db_development_name }}
-  sudo: yes
-  sudo_user: "{{ postgres_user }}"
+  postgresql_db:
+    name: "{{ postgres_db_development_name }}"
+  become: yes
+  become_user: "{{ postgres_user }}"
 
 - name: Create PostgreSQL DB
-  postgresql_db: name={{ postgres_db_test_name }}
-  sudo: yes
-  sudo_user: "{{ postgres_user }}"
+  postgresql_db:
+    name: "{{ postgres_db_test_name }}"
+  become: yes
+  become_user: "{{ postgres_user }}"
 
 - name: Include encrypted secrets
   include_vars:
     file: vars/secrets.yml
 
 - name: Create PostgreSQL user and grant access
-  postgresql_user: db={{ postgres_db_development_name }} user={{ postgres_user }} password={{ postgres_user_password }}
-  sudo: yes
-  sudo_user: "{{ postgres_user }}"
+  postgresql_user:
+    db: "{{ postgres_db_development_name }}"
+    user: "{{ postgres_user }}"
+    password: "{{ postgres_user_password }}"
+  become: yes
+  become_user: "{{ postgres_user }}"
 
 - name: Run rake db:migrate
   shell: |
     rake db:migrate
+  become: yes
+  args:
+    chdir: "~/ZeroWaste/"
diff --git a/ansible1/roles/postgresql/vars/main.yml b/ansible1/roles/postgresql/vars/main.yml
@@ -3,3 +3,20 @@ postgres_user: "postgres"
 postgres_db_development_name: "zero_waste_development"
 postgres_db_test_name: "zero_waste_test"
 postges_version: 12
+postgresql_hba_entries:
+  - { type: local, database: all, user: postgres, auth_method: trust }
+  - { type: local, database: all, user: all, auth_method: md5 }
+  - {
+      type: host,
+      database: all,
+      user: all,
+      address: "127.0.0.1/32",
+      auth_method: md5,
+    }
+  - {
+      type: host,
+      database: all,
+      user: all,
+      address: "::1/128",
+      auth_method: md5,
+    }