From eae2eed7b06fa77eec36ced64b0700fbcc3eb852 Mon Sep 17 00:00:00 2001
From: Alexis Ben Miloud--Josselin <abenmiloud+git@evolix.fr>
Date: Thu, 16 Mar 2023 17:14:16 +0100
Subject: [PATCH] Add role for PgBouncer

---
 CHANGELOG.md                         |  2 ++
 pgbouncer/README.md                  | 38 ++++++++++++++++++++++++++++
 pgbouncer/defaults/main.yml          |  7 +++++
 pgbouncer/tasks/main.yml             | 17 +++++++++++++
 pgbouncer/templates/pgbouncer.ini.j2 | 29 +++++++++++++++++++++
 pgbouncer/templates/userlist.txt.j2  |  3 +++
 6 files changed, 96 insertions(+)
 create mode 100644 pgbouncer/README.md
 create mode 100644 pgbouncer/defaults/main.yml
 create mode 100644 pgbouncer/tasks/main.yml
 create mode 100644 pgbouncer/templates/pgbouncer.ini.j2
 create mode 100644 pgbouncer/templates/userlist.txt.j2

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc0b7cc3..36b62cb2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
+* pgbouncer: new role
+
 ### Changed
 
 ### Fixed
diff --git a/pgbouncer/README.md b/pgbouncer/README.md
new file mode 100644
index 00000000..2542f497
--- /dev/null
+++ b/pgbouncer/README.md
@@ -0,0 +1,38 @@
+# PgBouncer
+
+Installation and basic configuration of PgBouncer.
+
+## Tasks
+
+Everything is in the `tasks/main.yml` file.
+
+## Available variables
+
+Main variables are :
+
+* `pgbouncer_listen_addr`: the listen IP for PgBouncer (default: `127.0.0.1`),
+* `pgbouncer_listen_port`: the listen post for PgBouncer (default: `6432`),
+* `pgbouncer_databases`: the databases that clients of PgBouncer can connect to,
+* `pgbouncer_account_list`: the accounts that clients of PgBouncer can connect to.
+
+The variable `pgbouncer_databases` must have the `name`, `host` and `port` attributes. The variable can be defined like this:
+
+```
+pgbouncer_databases:
+  - { name: "db1", host: "192.168.3.14", port: "5432" }
+  - { name: "*", host: "192.168.2.71", port: "5432" }
+```
+
+The variable `pgbouncer_account_list` must have the `name` and `hash` attributes. The variable can be defined like this:
+
+```
+pgbouncer_account_list:
+  - { name: "account1", hash: "<hash>" }
+  - { name: "account2", hash: "<hash>" }
+```
+
+The value of `hash` can be obtained by running this command on the PostgreSQL server: `select passwd from pg_shadow where usename='account1';`
+
+> These accounts must exist on the PostegreSQL server.
+
+The full list of variables (with default values) can be found in `defaults/main.yml`.
diff --git a/pgbouncer/defaults/main.yml b/pgbouncer/defaults/main.yml
new file mode 100644
index 00000000..7b246270
--- /dev/null
+++ b/pgbouncer/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+pgbouncer_listen_addr: "127.0.0.1"
+pgbouncer_listen_port: "6432"
+
+pgbouncer_databases: []
+
+pgbouncer_account_list: []
diff --git a/pgbouncer/tasks/main.yml b/pgbouncer/tasks/main.yml
new file mode 100644
index 00000000..67639044
--- /dev/null
+++ b/pgbouncer/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: PgBouncer is installed
+  apt:
+    name: pgbouncer
+    state: present
+- name: Limit for PgBouncer is set
+  lineinfile:
+    path: /etc/default/pgbouncer
+    line: ulimit -n 65536
+- name: Add config file for PgBouncer
+  template:
+    src: pgbouncer.ini.j2
+    dest: /etc/pgbouncer/pgbouncer.ini
+- name: Populate userlist.txt
+  template:
+    src: userlist.txt.j2
+    dest: /etc/pgbouncer/userlist.txt
diff --git a/pgbouncer/templates/pgbouncer.ini.j2 b/pgbouncer/templates/pgbouncer.ini.j2
new file mode 100644
index 00000000..30d34ccb
--- /dev/null
+++ b/pgbouncer/templates/pgbouncer.ini.j2
@@ -0,0 +1,29 @@
+[databases]
+{% for db in pgbouncer_databases %}
+{{ db.name }} = host={{ db.host }} port={{ db.port }}
+{% endfor %}
+
+[pgbouncer]
+logfile = /var/log/postgresql/pgbouncer.log
+pidfile = /var/run/postgresql/pgbouncer.pid
+
+listen_addr = {{ pgbouncer_listen_addr }}
+listen_port = {{ pgbouncer_listen_port }}
+unix_socket_dir =
+
+auth_type = scram-sha-256
+auth_file = /etc/pgbouncer/userlist.txt
+
+# La connexion au serveur redevient libre lorsque le client termine une transaction
+# Autres valeurs possibles : session (lorsque le client ferme la session), statement (lorsque la requête se termine)
+pool_mode = transaction
+
+# Nombre maximum de connexions entrantes
+max_client_conn = 5000
+
+# Nombre de connexion maintenues avec le serveur
+default_pool_size = 20
+
+# Ne pas enregistrer les connexions qui se passent bien
+log_connections = 0
+log_disconnections = 0
diff --git a/pgbouncer/templates/userlist.txt.j2 b/pgbouncer/templates/userlist.txt.j2
new file mode 100644
index 00000000..abf316a3
--- /dev/null
+++ b/pgbouncer/templates/userlist.txt.j2
@@ -0,0 +1,3 @@
+{% for account in pgbouncer_account_list %}
+"{{ account.name }}" "{{ account.hash }}"
+{% endfor %}