tweack backup and setup cronjob to fix pg table ownership
This commit is contained in:
@@ -35,7 +35,6 @@ gitea:
|
||||
GITEA__mailer__PASSWD: '{{ gitea_vault.GITEA__mailer__PASSWD }}'
|
||||
GITEA__server__SSH_PORT: 2222
|
||||
GITEA__server__SSH_DOMAIN: "{{ hostvars[groups.gitea[0]]['preferred_ip'] }}"
|
||||
# GITEA__server__SSH_DOMAIN: "{{ lookup('dig', groups.gitea[0]) }}" # might work again if deactivate rpi wifi
|
||||
GITEA__server__SSH_LISTEN_PORT: 22
|
||||
GITEA_server__DOMAIN: localhost
|
||||
GITEA_server__HTTP_PORT: 3000
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
gitea_user: "git"
|
||||
backup_dir: "{{ backup_root_dir }}/{{ backup_dirname }}"
|
||||
scripts_dir: "/home/pi/arcodange/docker_composes/gitea/scripts"
|
||||
keep_days: 15
|
||||
keep_days: 3
|
||||
|
||||
tasks:
|
||||
- name: S'assurer que le répertoire de backup existe
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
vars:
|
||||
backup_dir: "{{ backup_root_dir }}/{{ backup_dirname }}"
|
||||
scripts_dir: "/opt/k3s_volumes"
|
||||
keep_days: 15
|
||||
keep_days: 3
|
||||
|
||||
tasks:
|
||||
- name: S'assurer que le répertoire de backup existe
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
postgres_user: "{{ postgres.dockercompose.services.postgres.environment.POSTGRES_USER }}"
|
||||
backup_dir: "{{ backup_root_dir }}/{{ backup_dirname }}"
|
||||
scripts_dir: "/home/pi/arcodange/docker_composes/postgres/scripts"
|
||||
keep_days: 15
|
||||
keep_days: 3
|
||||
|
||||
tasks:
|
||||
- name: S'assurer que le répertoire de backup existe
|
||||
|
||||
@@ -60,7 +60,7 @@
|
||||
name: "{{ recurring_job }}"
|
||||
groups: []
|
||||
task: backup
|
||||
cron: "0 5 1,10,20 * *"
|
||||
cron: "0 5 */2 * *"
|
||||
retain: 2
|
||||
concurrency: 1
|
||||
|
||||
|
||||
@@ -55,3 +55,123 @@
|
||||
loop_var: database__pg_instruction
|
||||
loop:
|
||||
"{{ ['postgres', 'gitea'] | product(pg_instructions) }}"
|
||||
|
||||
# ---
|
||||
|
||||
- name: Change table owner (CronJob with dynamic roles and auto DB naming)
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
|
||||
collections:
|
||||
- kubernetes.core
|
||||
|
||||
vars:
|
||||
|
||||
namespace: kube-system
|
||||
cronjob_name: pg-fix-table-ownership
|
||||
|
||||
pg_conf: >-
|
||||
{{ hostvars[groups.postgres[0]].postgres.dockercompose.services.postgres.environment }}
|
||||
postgres_admin_credentials:
|
||||
username: '{{ pg_conf.POSTGRES_USER }}'
|
||||
password: '{{ pg_conf.POSTGRES_PASSWORD }}'
|
||||
pg_host: "{{ hostvars[groups.postgres[0]]['preferred_ip'] }}"
|
||||
|
||||
tasks:
|
||||
|
||||
- name: Create Kubernetes Secret for PostgreSQL admin credentials
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: postgres-admin-credentials
|
||||
namespace: "{{ namespace }}"
|
||||
type: Opaque
|
||||
data:
|
||||
username: "{{ postgres_admin_credentials.username | b64encode }}"
|
||||
password: "{{ postgres_admin_credentials.password | b64encode }}"
|
||||
|
||||
- name: Create cronjob to change table owners (dynamic roles, auto DB)
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: "{{ cronjob_name }}"
|
||||
namespace: "{{ namespace }}"
|
||||
spec:
|
||||
schedule: "0 3 * * *" # Exécution quotidienne à 3h du matin
|
||||
successfulJobsHistoryLimit: 1
|
||||
failedJobsHistoryLimit: 3
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: psql
|
||||
image: postgres:16.3
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: postgres-admin-credentials
|
||||
env:
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-admin-credentials
|
||||
key: password
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
args:
|
||||
- |
|
||||
set -eu
|
||||
|
||||
# Récupérer dynamiquement les rôles PostgreSQL
|
||||
echo "Fetching roles from PostgreSQL..."
|
||||
ROLES=$(psql \
|
||||
-h {{ pg_host }} \
|
||||
-U $username \
|
||||
-d postgres \
|
||||
-t -A \
|
||||
-c "SELECT rolname FROM pg_roles WHERE rolname LIKE '%_role';")
|
||||
|
||||
echo "Roles found: $ROLES"
|
||||
|
||||
# Pour chaque rôle, changer le propriétaire des tables dans sa base associée
|
||||
for role in $ROLES; do
|
||||
# Déduire le nom de la base en retirant "_role"
|
||||
DB_NAME="${role%_role}"
|
||||
echo "Database for $role: $DB_NAME"
|
||||
|
||||
# Vérifier si la base existe
|
||||
if psql -h {{ pg_host }} -U $username -d postgres -t -A -c "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME';" | grep -q 1; then
|
||||
echo "Changing owner to $role for all tables in $DB_NAME..."
|
||||
psql \
|
||||
-h {{ pg_host }} \
|
||||
-U $username \
|
||||
-d "$DB_NAME" \
|
||||
-c "
|
||||
DO \$\$
|
||||
DECLARE
|
||||
r RECORD;
|
||||
BEGIN
|
||||
FOR r IN
|
||||
SELECT tablename
|
||||
FROM pg_tables
|
||||
WHERE schemaname = 'public'
|
||||
LOOP
|
||||
EXECUTE format('ALTER TABLE public.%I OWNER TO %I', r.tablename, '$role');
|
||||
END LOOP;
|
||||
END \$\$;
|
||||
"
|
||||
echo "Owner changed for $role in $DB_NAME"
|
||||
else
|
||||
echo "Database $DB_NAME does not exist, skipping..."
|
||||
fi
|
||||
done
|
||||
|
||||
@@ -121,7 +121,6 @@
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://{{ hostvars[groups.gitea[0]]['preferred_ip'] }}:3000"
|
||||
# - url: "http://{{ lookup('dig', groups.gitea[0]) }}:3000" # might work again if deactivate rpi wifi
|
||||
routers:
|
||||
dashboard:
|
||||
# rule: Host(`traefik.arcodange.duckdns.org`)
|
||||
|
||||
Reference in New Issue
Block a user