Commit f64579e0 authored by Jan-Oliver Opdenhövel's avatar Jan-Oliver Opdenhövel
Browse files

Spliting postgresql off into it's own role

parent 534ea28b
......@@ -275,6 +275,11 @@
roles:
- role: ipxe-update
# Since setting up a new, fresh synapse server isn't the goal of this project, the initial database
# setup isn't implemented here. When setting up a new server, apply the playbook, run the documented
# setup steps (https://github.com/matrix-org/synapse/blob/master/docs/postgres.md#set-up-database),
# and restart synapse. Be sure to use the password in the RBFSMI password database.
- name: configure fsmi-matrix
hosts: fsmi-matrix
roles:
......@@ -285,4 +290,23 @@
working_dir: "/var/lib"
files:
- "synapse"
- role: postgresql
postgresql:
backup_dir: "/backup"
client_auth:
- type: local
database: all
user: postgres
address: ""
method: peer
- type: host
database: synapse
user: synapse_user
address: "127.0.0.1/32"
method: "scram-sha-256"
- type: host
database: synapse
user: synapse_user
address: "::1/128"
method: "scram-sha-256"
- role: fsmi-matrix
---
# I'm completely configuring fsmi-matrix before abstracting all the bits in order to know
# what to abstract and how.
- name: install all required packages
package:
......@@ -8,89 +6,9 @@
- nginx-mainline
- element-web
- matrix-synapse
- postgresql
- python-psycopg2
- python-authlib
# PostgreSQL
- name: create database directory
file:
path: /var/lib/postgres/data
state: directory
owner: postgres
group: postgres
attributes: +C
mode: '700'
- name: initialize database directory
shell:
cmd: initdb -D /var/lib/postgres/data --locale=en_US.UTF-8 -E UTF8
creates: /var/lib/postgres/data/PG_VERSION
become: true
become_user: postgres
- name: create hooks directory
file:
path: /etc/pacman.d/hooks
state: directory
- name: install config files and scripts
template:
dest: "{{ item.value }}"
src: "{{ item.key }}"
loop: "{{ file_data | dict2items }}"
vars:
file_data:
postgres/prepare_database_upgrade.sh: /usr/local/bin/prepare_database_upgrade.sh
postgres/postgres.pre.hook: /etc/pacman.d/hooks/postgres.pre.hook
postgres/pg_hba.conf: /var/lib/postgres/data/pg_hba.conf
postgres/postgresql.conf: /var/lib/postgres/data/postgresql.conf
postgres/pgdump.service: /etc/systemd/system/pgdump.service
- name: make scripts executable
file:
path: /usr/local/bin/prepare_database_upgrade.sh
mode: "0744"
- name: start PostgreSQL
service:
name: postgresql.service
state: reloaded
enabled: yes
- name: check if synapse database exists
community.postgresql.postgresql_query:
query: "select datname from pg_catalog.pg_database where lower(datname) = lower('synapse');"
become: true
become_user: postgres
register: dbstatus
- name: restore synapse database if necessary
shell:
cmd: cat /backup/postgres_pg_dump.sql.gz | gunzip | psql && vacuumdb -a -z
become: true
become_user: postgres
when: dbstatus.rowcount == 0
- name: setup backup dump file
file:
path: /backup/postgres_pg_dump.sql.gz
state: file
owner: postgres
group: postgres
mode: '600'
- name: enable dumping unit
service:
name: pgdump.service
enabled: yes
# Since setting up a new, fresh synapse server isn't the goal of this project, the initial database
# setup isn't implemented here. When setting up a new server, apply the playbook, run the documented
# setup steps (https://github.com/matrix-org/synapse/blob/master/docs/postgres.md#set-up-database),
# and restart synapse. Be sure to use the password in the RBFSMI password database.
# Synapse
- name: copy synapse config
......
postgresql:
backup_dir: /backup/
client_auth:
- type: local
database: all
user: postgres
address: ""
method: peer
\ No newline at end of file
---
- name: install all required packages
package:
name:
- postgresql
- name: create database directory
file:
path: /var/lib/postgres/data
state: directory
owner: postgres
group: postgres
attributes: +C
mode: "700"
- name: initialize database directory
shell:
cmd: initdb -D /var/lib/postgres/data --locale=en_US.UTF-8 -E UTF8
creates: /var/lib/postgres/data/PG_VERSION
become: true
become_user: postgres
- name: create hooks directory
file:
path: /etc/pacman.d/hooks
state: directory
- name: install config files and scripts
template:
dest: "{{ item.value }}"
src: "{{ item.key }}"
loop: "{{ file_data | dict2items }}"
vars:
file_data:
prepare_database_upgrade.sh: /usr/local/bin/prepare_database_upgrade.sh
postgres.pre.hook: /etc/pacman.d/hooks/postgres.pre.hook
pg_hba.conf: /var/lib/postgres/data/pg_hba.conf
postgresql.conf: /var/lib/postgres/data/postgresql.conf
pgdump.service: /etc/systemd/system/pgdump.service
- name: make scripts executable
file:
path: /usr/local/bin/prepare_database_upgrade.sh
mode: "0744"
- name: start PostgreSQL
service:
name: postgresql.service
state: reloaded
enabled: yes
- name: check if synapse database exists
community.postgresql.postgresql_query:
query: "select datname from pg_catalog.pg_database where lower(datname) = lower('synapse');"
become: true
become_user: postgres
register: dbstatus
- name: restore synapse database if necessary
shell:
cmd: "cat {{ postgresql.backup_dir }}/postgres_pg_dump.sql.gz | gunzip | psql && vacuumdb -a -z"
become: true
become_user: postgres
when: dbstatus.rowcount == 0
- name: setup backup dump file
file:
path: "{{ postgresql.backup_dir }}/postgres_pg_dump.sql.gz"
state: file
owner: postgres
group: postgres
mode: "600"
- name: enable dumping unit
service:
name: pgdump.service
enabled: yes
......@@ -9,9 +9,6 @@
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all postgres peer
# IPv4 local connections:
host synapse synapse_user 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host synapse synapse_user ::1/128 scram-sha-256
{% for auth in postgresql.client_auth %}
{{auth.type}} {{auth.database}} {{auth.user}} {{auth.address}} {{auth.method}}
{% endfor %}
\ No newline at end of file
......@@ -6,7 +6,7 @@ Before=sync.service
[Service]
Type=oneshot
ExecStart=su postgres -c "pg_dumpall -c | gzip > /backup/postgres_pg_dump.sql.gz"
ExecStart=su postgres -c "pg_dumpall -c | gzip > {{ postgresql.backup_dir }}/postgres_pg_dump.sql.gz"
[Install]
RequiredBy=sync.service
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment