evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Compare commits

merge into: evolix:stable
Branches Tags
evolix:stable
evolix:unstable
evolix:patroni
evolix:etcd
evolix:jitsimeet
evolix:monitoringctl
evolix:bind
evolix:peertube
evolix:wip_10691
evolix:multi-php-v2
evolix:etherpad
evolix:gitea
evolix:add-drbd-firewall-rule
evolix:backports_preferences
evolix:migrate-vm-error-handling
evolix:evofs
evolix:goto-postfix-role
evolix:lxc-php82
evolix:timesyncd
evolix:noopensshinlxc
evolix:ssh-split
evolix:rsyslog-remote
evolix:emorino/patroni-etcd
evolix:jitsimeet_docker
evolix:hedgedoc
evolix:privatebin
evolix:mattermost
evolix:p10166-mastodon
evolix:replace_include
evolix:when-not-check
evolix:fix_lxc_php56_debian10
evolix:debian12
evolix:boost-proxy
evolix:debian12-keyring
evolix:evodomains
evolix:vrrp-addresses
evolix:lxc_etc-git
evolix:lxc_etc-commit
evolix:evoacme-v2
evolix:sshd_modular_config
evolix:exclusion_images_evobackup
evolix:rotate_elasticsearch_logs
evolix:evobackup_tags_redux
evolix:log2mail-beats
evolix:T47076
evolix:kvm-guest
evolix:lpoujol/fpm-php
evolix:lxc-php-buster
evolix:simplify-evolinux-users
evolix:openvpn
evolix:newkernel
evolix:etc-git-status-script
evolix:ubuntu
evolix:nagios-sudoers
evolix:configurable-swapiness
evolix:alert5-minifirewall-restart
evolix:fail2ban_ips_tag
evolix:audit-ftpadmin
evolix:projet6062
evolix:whitelisting-changes
evolix:uvrrpd
evolix:packweb-apache-lxc
evolix:backup/jlecour/ssh-groups
evolix:nextcloud
evolix:backup/jlecour/nextcloud
evolix:evoadmin-mail
evolix:haproxy_munin
evolix:evolinux-users
evolix:ansible-log
evolix:ansible-managed
evolix:apache-fix-default-vhost
evolix:ipsec
evolix:courier
evolix:spamassassin
evolix:samba
evolix:munin-openbsd
evolix:24.03
evolix:24.02.1
evolix:24.02
evolix:23.10
evolix:23.04
evolix:23.03.1
evolix:23.03
evolix:22.12
evolix:22.09
evolix:22.07.1
evolix:22.07
evolix:22.06.3
evolix:22.06.2
evolix:22.06.1
evolix:22.06
evolix:22.05.1
evolix:22.05
evolix:22.03
evolix:22.01.3
evolix:22.01.2
evolix:22.01.1
evolix:22.01
evolix:10.6.0
evolix:10.5.1
evolix:10.5.0
evolix:10.4.0
evolix:10.3.0
evolix:10.2.0
evolix:10.1.0
evolix:10.0.0
evolix:9.10.1
evolix:9.10.0
evolix:9.9.0
evolix:9.8.0
evolix:9.7.0
evolix:9.6.0
evolix:9.5.0
evolix:9.4.2
evolix:9.4.1
evolix:9.4.0
evolix:9.3.2
evolix:9.3.1
evolix:9.3.0
evolix:9.2.0
evolix:9.1.9
evolix:9.1.8
evolix:9.1.7
evolix:9.1.6
evolix:9.1.5
evolix:9.1.4
evolix:9.1.3
evolix:9.1.2
evolix:9.1.1
evolix:9.1.0
evolix:9.0.1
evolix:9.0.0
...
pull from: evolix:emorino/patroni-etcd
Branches Tags
evolix:unstable
evolix:patroni
evolix:etcd
evolix:jitsimeet
evolix:monitoringctl
evolix:bind
evolix:stable
evolix:peertube
evolix:wip_10691
evolix:multi-php-v2
evolix:etherpad
evolix:gitea
evolix:add-drbd-firewall-rule
evolix:backports_preferences
evolix:migrate-vm-error-handling
evolix:evofs
evolix:goto-postfix-role
evolix:lxc-php82
evolix:timesyncd
evolix:noopensshinlxc
evolix:ssh-split
evolix:rsyslog-remote
evolix:emorino/patroni-etcd
evolix:jitsimeet_docker
evolix:hedgedoc
evolix:privatebin
evolix:mattermost
evolix:p10166-mastodon
evolix:replace_include
evolix:when-not-check
evolix:fix_lxc_php56_debian10
evolix:debian12
evolix:boost-proxy
evolix:debian12-keyring
evolix:evodomains
evolix:vrrp-addresses
evolix:lxc_etc-git
evolix:lxc_etc-commit
evolix:evoacme-v2
evolix:sshd_modular_config
evolix:exclusion_images_evobackup
evolix:rotate_elasticsearch_logs
evolix:evobackup_tags_redux
evolix:log2mail-beats
evolix:T47076
evolix:kvm-guest
evolix:lpoujol/fpm-php
evolix:lxc-php-buster
evolix:simplify-evolinux-users
evolix:openvpn
evolix:newkernel
evolix:etc-git-status-script
evolix:ubuntu
evolix:nagios-sudoers
evolix:configurable-swapiness
evolix:alert5-minifirewall-restart
evolix:fail2ban_ips_tag
evolix:audit-ftpadmin
evolix:projet6062
evolix:whitelisting-changes
evolix:uvrrpd
evolix:packweb-apache-lxc
evolix:backup/jlecour/ssh-groups
evolix:nextcloud
evolix:backup/jlecour/nextcloud
evolix:evoadmin-mail
evolix:haproxy_munin
evolix:evolinux-users
evolix:ansible-log
evolix:ansible-managed
evolix:apache-fix-default-vhost
evolix:ipsec
evolix:courier
evolix:spamassassin
evolix:samba
evolix:munin-openbsd
evolix:24.03
evolix:24.02.1
evolix:24.02
evolix:23.10
evolix:23.04
evolix:23.03.1
evolix:23.03
evolix:22.12
evolix:22.09
evolix:22.07.1
evolix:22.07
evolix:22.06.3
evolix:22.06.2
evolix:22.06.1
evolix:22.06
evolix:22.05.1
evolix:22.05
evolix:22.03
evolix:22.01.3
evolix:22.01.2
evolix:22.01.1
evolix:22.01
evolix:10.6.0
evolix:10.5.1
evolix:10.5.0
evolix:10.4.0
evolix:10.3.0
evolix:10.2.0
evolix:10.1.0
evolix:10.0.0
evolix:9.10.1
evolix:9.10.0
evolix:9.9.0
evolix:9.8.0
evolix:9.7.0
evolix:9.6.0
evolix:9.5.0
evolix:9.4.2
evolix:9.4.1
evolix:9.4.0
evolix:9.3.2
evolix:9.3.1
evolix:9.3.0
evolix:9.2.0
evolix:9.1.9
evolix:9.1.8
evolix:9.1.7
evolix:9.1.6
evolix:9.1.5
evolix:9.1.4
evolix:9.1.3
evolix:9.1.2
evolix:9.1.1
evolix:9.1.0
evolix:9.0.1
evolix:9.0.0

17 commits
stable ... emorino/pa

Author SHA1 Message Date
Jérémy Lecour d83ae339d8 patroni: disable full configuration
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2805|20|2785|13|:-1: Output truncated.
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
2023-06-06 10:30:08 +02:00
Jérémy Lecour a3ec1d6712 etcd: reorganize configuration 2023-06-06 10:29:51 +02:00
Jérémy Lecour 05da8f6472 WIP: forgot a file
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2798|4|2794|4|:-1: Output truncated.
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
2023-05-12 18:12:43 +02:00
Jérémy Lecour 5cb3762080 WIP: use the systemd unit and config conventions of Patroni 3
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2798|13|2785|8|:-1: Output truncated.
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
2023-05-12 18:12:06 +02:00
Jérémy Lecour 921e384358 apt: move stretch backports to archive.d.o 2023-05-09 09:31:03 +02:00
Eric Morino e27f0aa406 Add template systemd for patroni
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2793|0|2793|0|:zzz:
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
2023-04-23 10:27:05 +02:00
Eric Morino d8e31ef297 changement variable postgresql_hosts 2023-04-23 10:26:45 +02:00
Eric Morino 26c927d3fe Fix variable bin_dir patroni configuration 2023-04-23 10:26:22 +02:00
Eric Morino 5028803dff add create etcd datadir 2023-04-23 10:26:07 +02:00
Eric Morino 63cb7a2671 change variable in templabe by etcd_listen_ip 2023-04-23 10:25:46 +02:00
Eric Morino b4d5107025 add patroni_install_dependencies by default 2023-04-23 10:25:32 +02:00
Eric Morino a66226ea95 add template conf etcd 2023-04-23 10:25:24 +02:00
Eric Morino bc3f5409ef Add task main.yml 2023-04-23 10:25:08 +02:00
Eric Morino e1c1966a6e création role etcd 2023-04-23 10:24:45 +02:00
Eric Morino c13618b2e4 Add new role Patroni in CHANGELOG 2023-04-23 10:24:27 +02:00
Eric Morino 6db3769f9f Add key GPG evolix, and fix some bugs 2023-04-23 10:23:04 +02:00
Eric Morino 96e24527ac début creation rôle patroni 2023-04-23 10:22:41 +02:00
20 changed files with 409 additions and 2 deletions
Show stats Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -14,6 +14,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added
* graylog: new role
* Patroni: new role for install Patroni cluster
### Changed

2
apt/templates/stretch_backports.list.j2
View file

@ -1,3 +1,3 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian stretch-backports {{ apt_backports_components | mandatory }}
deb http://archive.debian.org/debian stretch-backports {{ apt_backports_components | mandatory }}

3
etcd/README.md Normal file
View file

@ -0,0 +1,3 @@
# Etcd
Installation and basic configuration of etcd for integrate in a Patroni and PostgreSQL cluster.

12
etcd/defaults/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
# Define variable for etcd
etcd_listen_ip: []
etcd_cluster_ips: []
etcd_client_port: "2379"
etcd_peer_port: "2380"
etcd_local_name : ""
etcd_cluster_token : ""
etcd_datadir : "/var/lib/etcd/{{ etcd_cluster_token }}"
etcd_initial_cluster: ""
etcd_install_dependencies_for_patroni: False

6
etcd/handlers/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: restart etcd
ansible.builtin.systemd:
name: etcd
state: restarted

20
etcd/tasks/config.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: etcd datadir is present
ansible.builtin.file:
name: "/var/lib/etcd/{{ etcd_cluster_token }}"
state: directory
owner: etcd
group: etcd
mode: "0700"
- name: etcd config file is present
ansible.builtin.template:
src: etcd.j2
dest: /etc/default/etcd
owner: root
group: root
mode: "0644"
notify: restart etcd

4
etcd/tasks/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
- ansible.builtin.import_tasks: packages.yml
- ansible.builtin.import_tasks: config.yml

15
etcd/tasks/packages.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Install etcd client / server package
ansible.builtin.apt:
name:
- etcd-client
- etcd-server
update_cache: yes
- name: Install python dependencies for Patroni
ansible.builtin.apt:
name:
- python3-etcd
- python3-psycopg2
when: etcd_install_dependencies_for_patroni | bool

10
etcd/templates/etcd.j2 Normal file
View file

@ -0,0 +1,10 @@
ETCD_NAME="{{ etcd_local_name }}"
ETCD_DATA_DIR="{{ etcd_datadir }}"
ETCD_LOG_OUTPUTS="stdout"
ETCD_LISTEN_PEER_URLS="http://{{ etcd_listen_ip }}:{{ etcd_peer_port }}"
ETCD_LISTEN_CLIENT_URLS="http://localhost:{{ etcd_client_port }},http://{{ etcd_listen_ip }}:{{ etcd_client_port }}"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://{{ etcd_listen_ip }}:{{ etcd_peer_port }}"
ETCD_INITIAL_CLUSTER="{{ etcd_initial_cluster }}"
ETCD_ADVERTISE_CLIENT_URLS="http://{{ etcd_listen_ip }}:{{ etcd_client_port }}"
ETCD_INITIAL_CLUSTER_TOKEN="{{ etcd_cluster_token }}"
ETCD_INITIAL_CLUSTER_STATE="new"

4
patroni/README.md Normal file
View file

@ -0,0 +1,4 @@
# Patroni
Installation and basic configuration of Patroni.

51
patroni/defaults/main.yml Normal file
View file

@ -0,0 +1,51 @@
---
# Install Patroni from backport Evolix
patroni_backport: false
etcd_install_dependencies_for_patroni: True
#########################################################################
# Disabled for now
# It's too much work to completely manage a Patroni cluster from Ansible
##########
# # Define variable for Patroni
# patroni_scope: "13-main"
# patroni_name: "{{ ansible_hostname }}"
# # Binding host:port for the cluster (must not be localhost)
# patroni_restapi_connect_address_host: "0.0.0.0"
# patroni_restapi_connect_address_port: "8008"
# patroni_restapi_connect_address: "{{ patroni_restapi_connect_address_host }}:{{ patroni_restapi_connect_address_port }}"
# # Additional binding for health-checks…
# patroni_restapi_listen_host: "127.0.0.1"
# patroni_restapi_listen_port: "8008"
# patroni_restapi_listen: "{{ patroni_restapi_listen_host }}:{{ patroni_restapi_listen_port }}"
# patroni_postgresql_connect_address_host: "0.0.0.0"
# patroni_postgresql_connect_address_port: "5432"
# patroni_postgresql_connect_address: "{{ patroni_postgresql_connect_address_host }}:{{ patroni_postgresql_connect_address_port }}"
# patroni_postgresql_listen_hosts:
# - "127.0.0.1"
# patroni_postgresql_listen_port: "5432"
# patroni_postgresql_listen: "{{ patroni_postgresql_listen_hosts | join(',') }}:{{ patroni_postgresql_listen_port }}"
# patroni_postgresql_datadir: "/home/{{ patroni_scope }}"
# patroni_postgresql_pgpass: "/tmp/{{ patroni_scope }}-pgpass"
# patroni_postgresql_listen_ips: 127.0.0.1
# patroni_postgresql_connect_ip: 127.0.0.1
# patroni_postgresql_version: ''
# patroni_postgresql_replication_user: 'repl'
# patroni_postgresql_superuser: 'admin'
# # Each entry must look like this :
# # { name: replication, user: foo, host: "1.2.3.4/32", hash_type: md5/scram-sha-256 }
# patroni_postgresql_hba_roles: []
# # Define variable for etcd
# etcd_hosts: []
# etcd_port: "2379"
#########################################################################

87
patroni/files/pub_evolix.asc Normal file
View file

@ -0,0 +1,87 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGOsRdcBEADDPJ8Tsqr5Z4crmQlNQM32hfufe7gTUrXo0cAL8clt92y1QX3N
YyMv0Re4+Ugo7JZd4jsF2Q1twJMxsX5rA12xDnHHcZRSc/E0DIYvPnfLzEHkwseN
OK4f9lI+xo06k+B3KQQKMeI/RjVaN6AiSply9ZGaZVeGGqd4es4PsU1VQMTWdclV
Bn54HBWUnL5dPStPMnNkt0bMQYIqc5733Yby3qMiUKcql2bl9TYBw8SaJXvClsLw
ERqit6FjljUOEeWtB4WZFpjhc/aqcxGcUTPHRrNTlNF0HCvk8JicEu4/lr99pwy7
7z6SRql++WGMSG06E4MBtUt+wWAmDDHNj3fdZPnoCaDFp7vxy/FEARB2aygTtu11
mLk4XOKheqU/WibWxoXRzyUCuclJ247Fh+YPxkYVG1dnDwpWGbYuRmzUapGLv4ma
dnKsQN0KhXzUqkSoybBgV208dGOP7BqdY6TVnyU0v/7XDeUqFEwnllRKMSYLilV3
huTifiCFTK45HACM/x2yckx8dyAuYg6cJaAR1yn1iaTexoyYPG9ZFifvMB6ranEm
vkmQq1e8/7xiNSQsh5F3Ybl5hh4GVLwsR6esfZsHG0Ve+CitsmcZgWnr0JJ2PZOk
+XHxMwo7Gb0/KVH9XGeoXk+eiNNW/kdcgBMkGkU3nWooVHDm7Dy54I5CzQARAQAB
tC9Fdm9saXggUHVibGljIFJlcG9zaXRvcnkgPGVxdWlwZStwdWJAZXZvbGl4LmZy
PokCVAQTAQoAPhYhBP+vfRvzUK1F+rMpCUaPWta4YwY9BQJjrEXXAhsDBQkHhM4A
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEEaPWta4YwY9V6oP/iYfZceiA1Sy
x9t/7CL3EReuvpdZtZYf2KklBfxEFtzkERV/KKMMpf8mKoGD6BA+ryUc7b4a8npq
yvKbSKDHGZW6gAbq8hneW71vRuNfPNqtfO98JbJO694nqX9sIYU2xQn0UIh0G6N7
D2bOcaicn8AgV/8cQZfgN9yRM4VhCoWZwhLqgROUqMYfDn3szamfkPcFiw10ToVt
c2PIFdqj2soKO9OrF5Ct/pztSGy1f+orDFiJ0AtRlqqRk9z18VB893qspfyd6y9N
q7IrQbYsiP+D8DcXYWZA1KURsI4LVQwsudNXokvGkYdnZitVgXI2lIaY7odDou5F
btZsCIEa45m7Vmvu0Wvtu/90EFbu9iwbOVrNpC7lLnfJpDObVXMiY1r0rQVuweEZ
ZbBcv1NUa3R0SPsPLPKf7L6dCx8gCpZjDVJLsgBeeSEV7XFQiYDbl8THasNTKCOa
C6v4h00mg0H6GhZvGMx+lcx8TzW6l3XXRoptHl4vkdE5usLFjy8/JWG3yJ7e2W3D
jVbPQ0UKJAnkGn1t+UJB1GP9O4annks0nPfcomjZzaDweIL8zSLPy5R9DGNgYLjp
5h/baLoNAOkaKssZrusq/P+BM2tdr3i/N6TK+dbrffz3hNgzSFFYVg51DspV7XWo
JKGqhqCgQpkms+NPJiKr4NDs6DdXn0IKuQINBGOsRdcBEAC9i5qcrYLTfeGrWPo3
Zok3jikNk181HC3HR7Wu8a5whCe/88GgJDY00sU2zZEF9hN/4Vtqq9FICVXUcs+F
5j+Gcb/sqAgwXuwk8LKuhbtR2cnz6I0GCsqNPuj+5uM7MXQlVWeIN5Z6zA/Jw++o
aENZHO6cnuep2KDNPUZzjmTHAa4+qXRL5cRXEOmMB1vtA8mm/43c7wicJ7MrZpba
mqzmiQPsQ2qfmCABfx8BwBgXCVON4sgtzCa+rYOPScsDtv0pv6uG+h/GJp4MdKBp
g3BfShQEAmOwwy3Pt2vo9Rw2s0uJJ9AM2O6tJ3x93YkUP5qj3Etr/eTcgVUiVvSs
h2Rrz2FLen3GMAcqUUDPViCy9nEWRAo7iWQgAKgr8WjeGerOmtsYPyjIQE47eX5M
Gomx0LVCGigYfkSAFIYzm5I+depmn1qTUyizfklvPr0bA/8Cs4zbqx6Pf6Rk5wvb
sJ4envk3dzQRNTH1Vt7Yoktyx1+VX0HFVEaPTQ3JlFORaHYwQQ97LaOZ0VmztE0A
5+CIFFdqp/0H7zGPol+LsPgqnzZZEQ2XFYPOy7/gB17zI2eWNWPAQmOdrUM/v12A
etnLEthZyALcjjBpJEVIHFnuaabYp+mdotycjDkBNSh+P+8H/UsMSrNVhheKQLB8
smzwFcSrAcnQbtiCjFWANTWyKQARAQABiQI8BBgBCgAmFiEE/699G/NQrUX6sykJ
Ro9a1rhjBj0FAmOsRdcCGwwFCQeEzgAACgkQRo9a1rhjBj0FZw//fNhJdx55ACvX
mpa8wz6eZOvzhr5GWSW5/Qie9nRjInPPI3bJ/jU0S/4ENqFBD9RSvY5F+0xCU67F
V2R3a3FFcB81HLIcUrkN0GH6fLcex0Js+grq/U117e2umdfGMKQG0UFJ+XonhtlT
foBcBjXPFr2NUaJB2SPo/RPQ3U+N3wMSm0ZbB/Xvxi5qMEb971dfObvsXTkQZvn7
b0TvccfHhyzs2IM8pZO3PamTwA5e16/2QqisRX4CeL0a/q3Yxfw4R8RPCrz/l0k5
FPdbdXaQuk5s+CiV+Nse7yFGoEoSlLpJM2BpueBsIg92joyOstZRm+tuCb5QefWI
7yFPfJU6xG1CMDqIGjXNU1tzSIoReGUBCNrE9UgzBQPPVD0jNM1WdW6HWSVR7jBb
+dvAeJNzQjJYlvKLQ383mAiVcwmCWBUp+R/kBPlLMGEpLlspti5fkmEc8xvtCaHc
fCLVWd0r2lUFUz+W53r8IXaRcxLtFinz7SHZPrlhaVwErdtlo+5X3kq39Mc4KCmF
bevT+qxlgzHXof+WGTYoc9IHkhDrvZ/TWeAUnBPvVn88dsBRtOC9f5wSCK4r9SfR
Dnf0lAsLWMpNtt812W8sA82RGXRUBwonZKa7YoGNKSa2vPJcUgmpIiHNtoLWpNa+
7pYGN7bV51zyQ1ERaLU5TBC9sPE70p25Ag0EY6xJaQEQAKsxFCb4Vxe8VuUEAKp/
RSRNGX/v9KqXVwbnf3kTYq9FMoplZBeqj4LQ22BqRzZ74ywoyfvHHtvkAtCbmrlc
8iLQEmicLug3Ibk97qm1lvvHnK9fqFOWh+Tx/omlaiSzEfAFbLEjNcplmq1ooqmX
fkI9zcefLZHtUFx6Clw3rwp79d/V5XJDM+2jwB47HfIhrW6jEubUuaXIHNR/GSSd
gTYuw55g9K97LhONX6ZvSBhjp4pOeUUbtFuG1fRkjPiObsB54fJ2R32yfm4jV53/
YgG/Ih/o97tKV+ishQIrr85SB3XiLFlGhQuu/0a/+/vfGVTbJOzrQrE+OCWt9Xm1
4b91MiVSSzXy6TGzPvpNXYR2PQZzVwvz7UctCikaE4gGB0lSH0LemDD0LZIZUwBL
1G9mlwFTkMYK0+iMyHFOKeAlUnSSpO6hFYr4GHOxAMGTjHqqEJZ3lBi9SBPc7AEK
3NcEp4etuiLOeaSBtqmUs+y7g8yMTrnyWPVxa0l5q4OUitbb2qvWYbaD3O22xYyj
9BlqzpG9uO6/d8HefDK8XMNCHlmwFoJj3HJlHJg7oN029vYsXEwBIhFyolAPzIvB
jpLKcebq9DJSObs1nHjAyVUpL4ZzRmujFcJYDYSixiqaWc/1aGTgUZQ/JDXcODiC
LgFu1vLTRf6hwKSb/vnZP5OtABEBAAGJBHIEGAEKACYWIQT/r30b81CtRfqzKQlG
j1rWuGMGPQUCY6xJaQIbAgUJA8JnAAJACRBGj1rWuGMGPcF0IAQZAQoAHRYhBA7H
BbTwXPF0hLMgRYefxhvnjx3ABQJjrElpAAoJEIefxhvnjx3ANpUQAIFLkLcx2z3M
jV0SgoAYertib9T/OOy/rsfeQjE6DFk6IArrHolZPA9g/PpTPuRwK165n5xw483q
BMyssUT9IK7SZxt0gbKpvZ0HFSCwSp5wdSJZymwB4AOcgRBU5rwC/9fFxYihgIym
Ig7TH9aWW4hDbEuGJDrKbhK+DpIL7lK3A5WUZk9ltGOpCcFctV3YnVgbMIwX5gO6
lZ5Zi6NHJEB3HauVZJ59NIPJ/f0xe5GMte/LXckyijs9ei4WOFOjstiW64EWkOBH
El0tj+LUxLznCP2szdXjkDN1P6/NDrY1Nid6/ECOfkh4xO/VHhkdSRAlhdP9FHiV
sy3KUUoPH5B805z1MyOI7UYUD/8CK0juIXcbw7isbVUmLf/VV8jEDmq3WWDj8YZp
IStn2AvQeo3VWGWUfkf3v7UthKandIUTIGc5isD+i6KvzzbggyyZWNtvb3/1wMrz
DUKGlFi/IjMhhElJ0oF3YGsBwz2V2UKP7pPIYo+f5zthc7SbmO9yxAQebEOc3prM
G/Br8JOZ90w1dy6CeIYxkM4YEhhG1K8CzD3ZTTI7vh8mwRc92A6HI2NFyxeYJCr0
IsUcFQpCyXMtcLRN75DGLIjIKdYrYJuwSiUgcH5FtgkuxMYfJEX9UX8rV7HAxUvs
UdIyHLl7k+khGlZa0/W6uCioFNiygnBEp7oP/iSj4Q2Xh5yKI6Jjw/IsfRcsiaac
lHc7uF0caYGMkqRNHiX17d5EtaidTbiqQii1W9slSPXmUuUcKfD1xUfLng7TbZVm
AdEbpHCT+q037cGCYFpHPMvw3OYhhGzYeh3+1oN9t3ZvyGlvAhkrtssDQB+gxX8r
adCpihziFLjm+6IvCLYHEh3gILVFbbhdYDDUduFFjf/snlJW7j8OVc7Cxa7FbPdf
SHLT9VESzf7oiwkP5/ijGmHiEQoJd9EWYkGGz+LZAXemBwe5ZnPPWVZvDEQRMe8v
2V8pa37vyReaK//O8xxGg3NzGTn9otwVr/4Ti9OxrSzmDWpd967oZ42IZSeSY2bz
kOaV8z4C8AIgIA7vWOS83Hncbrgf2nMCXmRjf0KTMm1P7Z0BQDWpxK9lP0nRpVAg
2T3/OjJ9KcAsTz02NFC3/kOUz//NcfDP747HsQB0sltIty140B7CfcWk0a0eKSad
OxGUehskjyKhO6v3dYF+8oR9p98Q8/Rh8r7evYy2mfhgJd7a9Cchn7612Y6k1SLf
nmPGYu3s0lf/k6GoHLfXXQIJDgWeua4ZBr6cgpGONLSvWBeCVaqnk8nhbNIiSBHk
jnrcX8xAtoPLgqg0+yi7rZ3NAauZcQE6UaNB+xjJxDOIpgVLUWtFyAG4MDeIh6GH
oA9QflpnDubMnCve
=ZCml
-----END PGP PUBLIC KEY BLOCK-----

31
patroni/meta/main.yml Normal file
View file

@ -0,0 +1,31 @@
galaxy_info:
company: Evolix
description: Installation and basic configuration of Patroni
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
license: GPLv2
min_ansible_version: "2.7"
platforms:
- name: Debian
versions:
- buster
- bullseye
- bookworm
galaxy_tags: []
# List tags for your role here, one per line. A tag is
# a keyword that describes and categorizes the role.
# Users find roles by searching for tags. Be sure to
# remove the '[]' above if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of
# alphanumeric characters. Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line.
# Be sure to remove the '[]' above if you add dependencies
# to this list.

27
patroni/tasks/backports.yml Normal file
View file

@ -0,0 +1,27 @@
---
- name: Add Evolix GPG key
ansible.builtin.copy:
src: pub_evolix.asc
dest: "{{ apt_keyring_dir }}/pub_evolix.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Evolix backports repository
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix {{ ansible_distribution_release }}-backports main"
filename: backports.list
state: present
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
- name: Add APT preference file
ansible.builtin.template:
src: patroni.pref.j2
dest: /etc/apt/preferences.d/patroni.pref
mode: "0644"

38
patroni/tasks/config.yml Normal file
View file

@ -0,0 +1,38 @@
---
#########################################################################
# Disabled for now
# It's too much work to completely manage a Patroni cluster from Ansible
#########################################################################
# - name: Create a password for PostgreSQL repl user
# command: "apg -M LCN -n1 -m 16"
# register: patroni_postgresql_replication_password
# check_mode: no
# - name: Create a password for PostgreSQL superuser user
# command: "apg -M LCN -n1 -m 16"
# register: patroni_postgresql_superuser_password
# check_mode: no
- name: Create a password for PostgreSQL repl user
local_action:
module: ansible.builtin.command
cmd: "apg -M LCN -n1 -m 16"
register: patroni_postgresql_replication_password
run_once: True
- name: Create a password for PostgreSQL superuser user
local_action:
module: ansible.builtin.command
cmd: "apg -M LCN -n1 -m 16"
register: patroni_postgresql_superuser_password
run_once: True
- name: Create Patroni config file
ansible.builtin.template:
src: config.yml.j2
dest: /etc/patroni/{{ patroni_scope }}.yml
owner: root
group: root
mode: "0644"

14
patroni/tasks/main.yml Normal file
View file

@ -0,0 +1,14 @@
---
- ansible.builtin.import_tasks: backports.yml
when: patroni_backport | bool | default(False)
- ansible.builtin.import_tasks: packages.yml
#########################################################################
# Disabled for now
# It's too much work to completely manage a Patroni cluster from Ansible
##########
# - ansible.builtin.import_tasks: config.yml
#########################################################################

8
patroni/tasks/packages.yml Normal file
View file

@ -0,0 +1,8 @@
---
- name: Install patroni package
ansible.builtin.apt:
name:
- patroni
update_cache: yes

73
patroni/templates/config.yml.j2 Normal file
View file

@ -0,0 +1,73 @@
scope: {{ patroni_scope }}
name: {{ patroni_name }}
restapi:
listen: {{ patroni_restapi_listen }}
connect_address: {{ patroni_restapi_connect_address }}
etcd:
hosts:
{% for server in groups['etcd'] %}
- {{ hostvars[server]['etcd_host'] }}:{{ etcd_client_port }}
{% endfor %}
bootstrap:
dcs:
ttl: 30
loop_wait: 10
retry_timeout: 10
maximum_lag_on_failover: 1048576
postgresql:
use_pg_rewind: true
use_slots: true
parameters:
wal_level: replica
hot_standby: "on"
wal_keep_segment: 8
max_wal_senders: 5
max_relication_slots: 5
checkpoint_timeout: 30
initdb:
- encoding: UTF8
- data-checksums
pg_hba:
- host replication repl 127.0.0.1/32 md5
{% for host in patroni_postgresql_replication_hosts %}
- host {{ patroni_postgresql_replication_role }} {{ patroni_postgresql_replication_user }} {{ host }} {{ patroni_postgresql_replication_hash_type }}
{% endfor %}
- host all all 0.0.0.0/0 md5
users:
{{ patroni_postgresql_superuser }}:
password: {{ patroni_postgresql_superuser_password.stdout }}
options:
- createrole
- createdb
{{ patroni_postgresql_replication_user }}:
password: {{ patroni_postgresql_replication_password.stdout }}
options:
- replication
postgresql:
listen: {{ patroni_postgresql_listen }}
connect_address: {{ patroni_postgresql_connect_address }}
bin_dir: /usr/lib/postgresql/{{ patroni_postgresql_version }}/bin/
data_dir: {{ patroni_postgresql_datadir }}
pgpass: {{ patroni_postgresql_pgpass }}
authentication:
replication:
username: {{ patroni_postgresql_replication_user }}
password: {{ patroni_postgresql_replication_password.stdout }}
superuser:
username: {{ patroni_postgresql_superuser }}
password: {{ patroni_postgresql_superuser_password.stdout }}
parameters:
unix_socket_directories: '/tmp'
tags:
nofailover: false
noloadbalance: false
clonefrom: false
nosync: false

3
patroni/templates/patroni.pref.j2 Normal file
View file

@ -0,0 +1,3 @@
Package: patroni
Pin: release a={{ ansible_distribution_release }}-backports
Pin-Priority: 999

2
pgbouncer/handlers/main.yml
View file

@ -1,5 +1,5 @@
---
- name: Restart PgBouncer
- name: restart pgbouncer
ansible.builtin.systemd:
name: pgbouncer.service
state: restarted