servers/roles/postgres/tasks/main.yml

70 lines
1.6 KiB
YAML
Raw Normal View History

- name: Install packages
package:
name:
- postgresql
- py3-psycopg2
- name: Enable services
service:
name: postgresql
enabled: true
state: started
- name: Check for existing database password
become: yes
become_user: '{{ user }}'
become_method: su
slurp:
path: '~/.pgpass'
register: pgpass
failed_when: false
- name: Get database password
when: '"content" in pgpass'
set_fact: db_password='{{ pgpass.content | b64decode | split(":") | last }}'
- name: Create database password
when: '"content" not in pgpass'
set_fact: db_password='{{ lookup("password", "/dev/null", chars=["ascii_letters", "digits"]) }}'
- name: Create .pgpass
become: yes
become_user: '{{ user }}'
become_method: su
copy:
dest: '~/.pgpass'
content: |
localhost:5432:{{ user }}:{{ user }}:{{ db_password }}
force: no
mode: 0600
- become: yes
become_method: su
become_user: postgres
block:
- name: Create database
postgresql_db:
name: '{{ database | default(user) }}'
- name: Create database user
postgresql_user:
db: '{{ database | default(user) }}'
name: '{{ user }}'
password: '{{ db_password }}'
no_password_changes: '{{ "content" in pgpass }}'
- name: Set schema owner
postgresql_owner:
db: '{{ database | default(user) }}'
new_owner: '{{ user }}'
obj_name: public
obj_type: schema
- name: Grant database privileges
postgresql_privs:
db: '{{ database | default(user) }}'
role: '{{ user }}'
privs: CREATE
type: database