PostgreSQL install

Author: lkiesow

README.md

@@ -0,0 +1,34 @@
+Ansible: Opencast PostgreSQL Role
+=================================
+
+This Ansible role installs and prepares a PostgreSQL database server for Opencast.
+
+
+Role Variables
+--------------
+
+- `opencast_postgresql_version`
+	- PostgreSQL major version to install (default: `12`)
+	- Enables CentOS AppStream
+- `opencast_postgresql_user:`
+	- Database user to create (default: `opencast`)
+- `opencast_postgresql_password`
+	- Databse password for user (_required_)
+- `opencast_postgresql_database`
+	- Database name (default: `opencast`)
+- `opencast_postgresql_connection_hosts`
+	- List of hosts allowed to connect to database (default: `[127.0.0.1/32, ::1/128]`)
+
+
+Example Playbook
+----------------
+
+Example of how to configure and use the role:
+
+```yaml
+- hosts: servers
+  become: true
+  roles:
+    - role: lkiesow.opencast_postgresql
+      opencast_postgresql_password: secret
+```

defaults/main.yml

@@ -0,0 +1,8 @@
+---
+
+opencast_postgresql_version: 12
+opencast_postgresql_user: opencast
+opencast_postgresql_database: opencast
+opencast_postgresql_connection_hosts:
+  - 127.0.0.1/32
+  - ::1/128

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart postgresql
+  service:
+    name: postgresql
+    state: restarted

meta/main.yml

@@ -0,0 +1,14 @@
+galaxy_info:
+  author: Lars Kiesow
+  role_name: opencast_user
+  namespace: lkiesow
+  description: Install and prepare PostgreSQL for Opencast
+  license: BSD-3-Clause
+  min_ansible_version: 2.9
+  galaxy_tags:
+    - opencast
+  platforms:
+    - name: EL
+      versions:
+        - 8
+dependencies: []

tasks/main.yml

@@ -0,0 +1,49 @@
+---
+
+- name: install postgresql
+  dnf:
+    name:
+      - '@postgresql:{{ opencast_postgresql_version }}/server'
+      - '@postgresql:{{ opencast_postgresql_version }}/client'
+      - python3-psycopg2
+    state: present
+
+- name: initialize database
+  command:
+    cmd: postgresql-setup --initdb
+    creates: /var/lib/pgsql/data/postgresql.conf
+
+- name: set auth to scram-sha-256
+  lineinfile:
+    path: /var/lib/pgsql/data/postgresql.conf
+    regexp: '^password_encryption'
+    line: "password_encryption = 'scram-sha-256'"
+  notify: restart postgresql
+
+- name: configure postgres access
+  template:
+    src: pg_hba.conf
+    dest: /var/lib/pgsql/data/pg_hba.conf
+    owner: postgres
+    group: postgres
+    mode: '0644'
+  notify: restart postgresql
+
+- name: start and enable postgresql
+  service:
+    name: postgresql
+    state: started
+    enabled: true
+
+- name: create postgresql user
+  become_user: postgres
+  community.postgresql.postgresql_user:
+    name: '{{ opencast_postgresql_user }}'
+    password: '{{ opencast_postgresql_password }}'
+
+- name: create database
+  become: true
+  become_user: postgres
+  community.postgresql.postgresql_db:
+    name: '{{ opencast_postgresql_database }}'
+    owner: '{{ opencast_postgresql_user }}'

templates/pg_hba.conf

@@ -0,0 +1,7 @@
+# "local" is for Unix domain socket connections only
+local   all             all                                     peer
+
+# allow TCP connections with possword from some hosts:
+{% for host in opencast_postgresql_connection_hosts %}
+host    all             all             {{ host }}            scram-sha-256
+{% endfor %}