From 1332def067df64bba454a8998c9fb0ae5724a70c Mon Sep 17 00:00:00 2001 From: Gabriel Radureau Date: Mon, 2 Sep 2024 11:29:15 +0200 Subject: [PATCH] setup pgbouncer role and pg function --- .../group_vars/hard_disk/postgres.yml | 8 +++-- .../factory/playbooks/setup/postgres.yml | 34 ++++++++++++++++++- .../roles/deploy_postgresql/defaults/main.yml | 2 +- 3 files changed, 40 insertions(+), 4 deletions(-) diff --git a/ansible/arcodange/factory/inventory/group_vars/hard_disk/postgres.yml b/ansible/arcodange/factory/inventory/group_vars/hard_disk/postgres.yml index c70cabe..5e2d49c 100644 --- a/ansible/arcodange/factory/inventory/group_vars/hard_disk/postgres.yml +++ b/ansible/arcodange/factory/inventory/group_vars/hard_disk/postgres.yml @@ -23,6 +23,10 @@ postgres: networks: - gitea ports: - - "5432" + - "5432:5432" volumes: - - /arcodange/{{postgres_partition}}/postgres/data:/var/lib/postgresql/data \ No newline at end of file + - /arcodange/{{postgres_partition}}/postgres/data:/var/lib/postgresql/data + +pgbouncer: + auth_user: &pgbouncer_auth pgbouncer_auth + auth_user_password: *pgbouncer_auth \ No newline at end of file diff --git a/ansible/arcodange/factory/playbooks/setup/postgres.yml b/ansible/arcodange/factory/playbooks/setup/postgres.yml index 3fbf169..b65e4cf 100644 --- a/ansible/arcodange/factory/playbooks/setup/postgres.yml +++ b/ansible/arcodange/factory/playbooks/setup/postgres.yml @@ -31,4 +31,36 @@ app_name: postgres partition: "{{ applications.postgres.partition }}" postgres_container_name: "{{ applications.postgres.dockercompose.services.postgres.container_name }}" - # applications_databases: "{{ applications_databases }}" # kept for documentation purposes \ No newline at end of file + # applications_databases: "{{ applications_databases }}" # kept for documentation purposes + + - name: Create auth_user for pgbouncer (connection pool component) + ansible.builtin.shell: | + docker exec -it {{ postgres_container_name }} psql -U postgres -d {{ database }} -tc "{{ pg_instruction.replace('$','\$') }}" + vars: + postgres_container_name: "{{ applications.postgres.dockercompose.services.postgres.container_name }}" + pg_instructions: + - >- + DO $$ + BEGIN + CREATE ROLE {{ pgbouncer.auth_user }} + WITH LOGIN PASSWORD '{{ pgbouncer.auth_user_password }}'; + EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE; + END + $$; + - >- + CREATE OR REPLACE FUNCTION user_lookup(in i_username text, out uname text, out phash text) + RETURNS record AS $$ + BEGIN + SELECT usename, passwd FROM pg_catalog.pg_shadow + WHERE usename = i_username INTO uname, phash; + RETURN; + END; + $$ LANGUAGE plpgsql SECURITY DEFINER; + REVOKE ALL ON FUNCTION user_lookup FROM public; + GRANT EXECUTE ON FUNCTION user_lookup TO {{ pgbouncer.auth_user }}; + database: "{{ database__pg_instruction[0] }}" + pg_instruction: "{{ database__pg_instruction[1] }}" + loop_control: + loop_var: database__pg_instruction + loop: + "{{ applications_databases.values() | map(attribute='db_name') | product(pg_instructions) }}" diff --git a/ansible/arcodange/factory/playbooks/setup/roles/deploy_postgresql/defaults/main.yml b/ansible/arcodange/factory/playbooks/setup/roles/deploy_postgresql/defaults/main.yml index 03e9549..0b211ff 100644 --- a/ansible/arcodange/factory/playbooks/setup/roles/deploy_postgresql/defaults/main.yml +++ b/ansible/arcodange/factory/playbooks/setup/roles/deploy_postgresql/defaults/main.yml @@ -1,4 +1,4 @@ partition: pg_data app_name: postgres postgres_container_name: postgres -applications_databases: {} \ No newline at end of file +applications_databases: {} #{app_name: {db_name; db_user; db_password}} \ No newline at end of file