From 22f363d06afa62cc0ef33a700b8bd139c7ccc5fb Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Wed, 5 Jun 2024 12:54:55 +0200 Subject: [PATCH] Add postgres role Or rather rip it out of netbox. Improve DB password handling. --- roles/netbox/tasks/db.yml | 55 ---------------------------- roles/netbox/tasks/main.yml | 17 +++++---- roles/postgres/tasks/main.yml | 69 +++++++++++++++++++++++++++++++++++ setup.yml | 3 ++ 4 files changed, 81 insertions(+), 63 deletions(-) delete mode 100644 roles/netbox/tasks/db.yml create mode 100644 roles/postgres/tasks/main.yml diff --git a/roles/netbox/tasks/db.yml b/roles/netbox/tasks/db.yml deleted file mode 100644 index 81fac5a..0000000 --- a/roles/netbox/tasks/db.yml +++ /dev/null @@ -1,55 +0,0 @@ -- name: Install packages - package: - name: - - postgresql - - py3-psycopg2 - - redis - -- name: Enable services - service: - name: '{{ item }}' - enabled: true - state: started - loop: - - postgresql - - redis - -- name: Create .pgpass - copy: - dest: '{{ user_info.home }}/.pgpass' - content: | - localhost:5432:{{ database }}:{{ user }}:{{ db_password }} - force: no - mode: 0600 - owner: '{{ user_info.uid }}' - group: '{{ user_info.group }}' - -- become: yes - become_method: su - become_user: postgres - block: - - name: Create database - postgresql_db: - name: '{{ database }}' - - - name: Create database user - postgresql_user: - db: '{{ database }}' - name: '{{ user }}' - password: '{{ db_password }}' - no_password_changes: yes - - - name: Set schema owner - postgresql_owner: - db: '{{ database }}' - new_owner: '{{ user }}' - obj_name: public - obj_type: schema - - - name: Grant database privileges - postgresql_privs: - db: '{{ database }}' - role: '{{ user }}' - privs: CREATE - type: database - diff --git a/roles/netbox/tasks/main.yml b/roles/netbox/tasks/main.yml index c1547de..0a96ca7 100644 --- a/roles/netbox/tasks/main.yml +++ b/roles/netbox/tasks/main.yml @@ -1,8 +1,12 @@ -- name: Set variables - set_fact: - user: '{{ user | default("netbox") }}' - database: '{{ database | default("netbox") }}' - db_password: '{{ lookup("password", "/dev/null", chars=["ascii_letters", "digits"]) }}' +- name: Install redis + package: + name: redis + +- name: Enable redis service + service: + name: redis + enabled: true + state: started - name: Create group for web service group: @@ -18,8 +22,5 @@ system: yes register: user_info -- name: Set up database - import_tasks: db.yml - - name: Set up app import_tasks: app.yml diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml new file mode 100644 index 0000000..8c3854b --- /dev/null +++ b/roles/postgres/tasks/main.yml @@ -0,0 +1,69 @@ +- name: Install packages + package: + name: + - postgresql + - py3-psycopg2 + +- name: Enable services + service: + name: postgresql + enabled: true + state: started + +- name: Check for existing database password + become: yes + become_user: '{{ user }}' + become_method: su + slurp: + path: '~/.pgpass' + register: pgpass + failed_when: false + +- name: Get database password + when: '"content" in pgpass' + set_fact: db_password='{{ pgpass.content | b64decode | split(":") | last }}' + +- name: Create database password + when: '"content" not in pgpass' + set_fact: db_password='{{ lookup("password", "/dev/null", chars=["ascii_letters", "digits"]) }}' + +- name: Create .pgpass + become: yes + become_user: '{{ user }}' + become_method: su + copy: + dest: '~/.pgpass' + content: | + localhost:5432:{{ user }}:{{ user }}:{{ db_password }} + force: no + mode: 0600 + +- become: yes + become_method: su + become_user: postgres + block: + - name: Create database + postgresql_db: + name: '{{ database | default(user) }}' + + - name: Create database user + postgresql_user: + db: '{{ database | default(user) }}' + name: '{{ user }}' + password: '{{ db_password }}' + no_password_changes: '{{ "content" in pgpass }}' + + - name: Set schema owner + postgresql_owner: + db: '{{ database | default(user) }}' + new_owner: '{{ user }}' + obj_name: public + obj_type: schema + + - name: Grant database privileges + postgresql_privs: + db: '{{ database | default(user) }}' + role: '{{ user }}' + privs: CREATE + type: database + diff --git a/setup.yml b/setup.yml index 139584b..6225f38 100644 --- a/setup.yml +++ b/setup.yml @@ -24,8 +24,11 @@ - hosts: netbox roles: - alpine + - postgres - nginx - netbox + vars: + user: netbox - hosts: samba roles: