anxs / postgresql Goto Github PK
View Code? Open in Web Editor NEWFairly full featured Ansible role for Postgresql.
Home Page: http://anxs.io/
License: MIT License
Fairly full featured Ansible role for Postgresql.
Home Page: http://anxs.io/
License: MIT License
When defining users, the encrypted
flag is not used.
Maybe the comment should also say the password should start with 'md5'[md5pass]
On postgresql_user_privileges
the flag role_attr_flags
should be moved to the postgresql_users
because the privileges are global.
Anyhow, thanks for your effort! I'm new to ansible and it would have taken me much more time to figure everything out without your scripts.
I'm still figuring out ansible, so please bear with me. At the end of the install package stage, postgres tries to start itself. However, the postgres clusters haven't been set up yet, which cause the service startup to fail, which fails the entire role. Not sure why this is happening.
TASK: [Ansibles.postgresql | PostgreSQL | Install PostgreSQL] *****************
failed: [clipx.captnemo.in] => (item=postgresql-9.3,postgresql-client-9.3) => {"failed": true, "item": "postgresql-9.3,postgresql-client-9.3"}
stderr: E: Sub-process /usr/bin/dpkg returned an error code (1)
stdout: Reading package lists...
Building dependency tree...
Reading state information...
postgresql-9.3 is already the newest version.
The following packages were automatically installed and are no longer required:
linux-backports-modules-hv-3.2.0-57-virtual libjpeg-turbo8 libjpeg8
linux-headers-3.2.0-57 walinuxagent-data-saver libxslt1.1 nginx-full
init-system-helpers nginx-common python-greenlet python-gevent
linux-headers-3.2.0-57-virtual rlwrap libgd2-noxpm
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 65 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up postgresql-9.3 (9.3.5-1.pgdg12.4+1) ...
* Starting PostgreSQL 9.3 database server * The PostgreSQL server failed to start. Please check the log output.
[fail]
invoke-rc.d: initscript postgresql, action "start" failed.
dpkg: error processing postgresql-9.3 (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
postgresql-9.3
msg: 'apt-get install 'postgresql-9.3' ' failed: E: Sub-process /usr/bin/dpkg returned an error code (1)
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/nemo/site.retry
The log holds nothing useful, but on trying to force postgres to start, I get the following error:
postgres@epicmail-main:/mnt/postgresql/9.3/main$ /usr/lib/postgresql/9.3/bin/postgres -d 3 -D /var/lib/postgresql/9.3/main -c config_file=/etc/postgresql/9.3/main/postgresql.conf
2014-08-07 16:41:51 UTC FATAL: "/mnt/postgresql/9.3/main" is not a valid data directory
2014-08-07 16:41:51 UTC DETAIL: File "/mnt/postgresql/9.3/main/PG_VERSION" is missing.
2014-08-07 16:41:51 UTC DEBUG: shmem_exit(1): 0 callbacks to make
2014-08-07 16:41:51 UTC DEBUG: proc_exit(1): 0 callbacks to make
2014-08-07 16:41:51 UTC DEBUG: exit(1)
which tells me that initdb hasn't been called yet. This is on Ubuntu 12.04 on Azure cloud.
In tasks/databases.yml
:
- name: PostgreSQL | Make sure the PostgreSQL databases are present
postgresql_db:
name: "{{item.name}}"
owner: "{{item.owner | default(postgresql_database_owner)}}"
This last line helps me define the owner on a specific database:
- name: gws2
owner: gws2
cube: yes
earthdistance: yes
tablefunc: yes
Tested it, and works fine!
I've changed the locales to C.UTF-8, which exists in Ubuntu 14.04
When overriding the following default variables in a local role (mainly setting md5
instead of ident
):
postgresql_default_auth_method: 'md5'
postgresql_pg_hba_default:
- { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }
- { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only' }
- { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method }}', comment: 'IPv4 local connections:' }
- { type: host, database: all, user: all, address: '::1/128', method: '{{ postgresql_default_auth_method }}', comment: 'IPv6 local connections:' }
The file present in /var/lib/pgsql/data/pg_hba.conf
is unaffected. Therefore the following error rises:
failed: [10.10.10.9] => {"failed": true}
msg: unable to connect to database: FATAL: Ident authentication failed for user "postgres"
FATAL: all hosts have already failed -- aborting
Hi,
I would like to use this role for managing my DB'S (In fact I already am), but we have recently moved our DB's to a dedicated server, In order to keep using this role I need to ensure my databases are created on a remote host, but the option is not available here, Any chance we can add the login_host
parameter # See Ansible docs just like you do with users and priveledges?
Thanks in advance, and thanks for the great work, You've made amazing contributions to the ansible community, keep it up :)
Any plans on streaming replication? If not, accepting fork/pull?
Have this error on Ubuntu server 14.04
TASK: [ANXS.postgresql | PostgreSQL | Add PostgreSQL repository] **************
fatal: [] => One or more undefined variables: 'ansible_distribution_release' is undefined
Hi,
Are there any plans to support installing PGXN extensions (mongo_fdw, multicorn, ...)?
Thx
TASK: [ANXS.nginx | Nginx | Modules | Enable the status stub sites-available] ***
changed: [testserver]
TASK: [ANXS.nginx | get openssl source] ***************************************
failed: [testserver] => {"dest": "/tmp/openssl-1.0.2c.tar.gz", "failed": true, "response": "HTTP Error 404: Not Found", "state": "absent", "status_code": 404, "url": "https://www.openssl.org/source/openssl-1.0.2c.tar.gz"}
msg: Request failed
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/Users/nikolayponomarev/rails.retry
testserver : ok=39 changed=21 unreachable=0 failed=1
Hello - thanks for all the work on this project!
I've been using this role for the last couple months to deploy Postgres 9.3. Yesterday, I switched to 9.4, and now I get an error when the playbook tries to create database users:
TASK: [postgres | PostgreSQL | Make sure the PostgreSQL users are present] ****
failed: [XX.X.XXX.XXX] => (item={'name': '****', 'pass': '****'}) => {"failed": true, "item": {"name": "****", "pass": "****"}}
msg: unable to connect to database: FATAL: the database system is starting up
This comes right after a regular service
play that checks to see if the database is running (it always is):
- name: PostgreSQL | Ensure PostgreSQL is running
service:
name: postgresql
state: started
So, it seems like there's some kind of gap between the time when the service goes up and when the database is actually ready for connections? Indeed, when I add a pause: seconds=10
before the play in question, the problem goes away. This seems hacky, though - does anyone know what's really going on here? Thanks for any ideas!
I've had a problem using the role on a fresh container installed with Ubuntu 14.04.2 as host and guest, simply because the minimal installation in the LXC guest does not contain CA certificates to validate www.postgresql.org: msg: Failed to validate the SSL certificate for www.postgresql.org:443. Use validate_certs=no or make sure your managed systems have a valid CA certificate installed. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible
.
It can be worked around by installing the package ca-certificates
manually.
I suppose installing it from the role would be an acceptable fix too.
It would be great if this role took care of setting up data directory
Playbook requiring PostGIS always reports that step as "changed". Should report "ok".
I'm fairly new to Ansible, so maybe this is just a lack of general understanding: How do I make Ansible install the hstore extension?
So far everything works fine with a playbook like this:
---
- hosts: db
vars:
...
roles:
- Ansibles.postgresql
Two things:
when: "item.hstore is defined and item.hstore == 'yes'"
in databases.yml
which will not be true when setting hstore: yes
(Ansible will convert it to True
value). The only way to make it work is to use hstore: 'yes'
which I think is not the standard way in ansible world.shell: "psql {{item.name}} -c 'CREATE EXTENSION IF NOT EXISTS hstore;"
but it should be
shell: "psql {{item.name}} -c 'CREATE EXTENSION IF NOT EXISTS hstore;'"
failed: [afya-ya-jamii] => {"failed": true}
msg: Destination directory /etc/postgresql/9.3/main does not exist
FATAL: all hosts have already failed -- aborting
Has anyone had any luck using a non-standard postgresql_admin_user
? I tried changing it to a user that exists on the remote, but it appears that many of the PG files are still owned by postgres
, and I subsequently get the following error when creating the databases:
could not open relation mapping file "global/pg_filenode.map"
I assume that this is because the apt-get pg installation script gives ownership of everything to postgres
. Anyone know of a way around it?
Here is my playbook:
---
- hosts: db
become: yes
roles:
- ANXS.postgresql
And here is what happens when i do ansible-playbook -i dev postgres.yml -vvvv :
...
TASK: [ANXS.postgresql | PostgreSQL | Update configuration - pt. 1 (pg_hba.conf)] ***
<localhost> ESTABLISH CONNECTION FOR USER: root
<localhost> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/hristo/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=2200 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 localhost /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446944017.31-193596271497037 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446944017.31-193596271497037 && echo $HOME/.ansible/tmp/ansible-tmp-1446944017.31-193596271497037'
<localhost> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/hristo/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=2200 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 localhost /bin/sh -c 'rc=flag; [ -r /etc/postgresql/9.4/main/pg_hba.conf ] || rc=2; [ -f /etc/postgresql/9.4/main/pg_hba.conf ] || rc=1; [ -d /etc/postgresql/9.4/main/pg_hba.conf ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/postgresql/9.4/main/pg_hba.conf && exit 0; (python -c '"'"'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1(); afile = open("'"'"'/etc/postgresql/9.4/main/pg_hba.conf'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (python -c '"'"'import sha; BLOCKSIZE = 65536; hasher = sha.sha(); afile = open("'"'"'/etc/postgresql/9.4/main/pg_hba.conf'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (echo '"'"'0 '"'"'/etc/postgresql/9.4/main/pg_hba.conf)'
<localhost> PUT /tmp/tmpMh5DmB TO /root/.ansible/tmp/ansible-tmp-1446944017.31-193596271497037/source
<localhost> PUT /tmp/tmpaOGWid TO /root/.ansible/tmp/ansible-tmp-1446944017.31-193596271497037/copy
<localhost> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/hristo/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=2200 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 localhost /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=gsfqcibljdpuauzliyiscjrljglidogv] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-gsfqcibljdpuauzliyiscjrljglidogv; LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1446944017.31-193596271497037/copy; rm -rf /root/.ansible/tmp/ansible-tmp-1446944017.31-193596271497037/ >/dev/null 2>&1'"'"''
failed: [localhost] => {"failed": true}
msg: Destination directory /etc/postgresql/9.4/main does not exist
FATAL: all hosts have already failed -- aborting
Any idea? I use the latest role as of this bug report. Thanks.
TASK: [Ansibles.postgresql | PostgreSQL | Make sure the PostgreSQL databases are present] ***
failed: [server] => (item={'name': u'mydb', 'hstore': True}) => {"failed": true, "item": {"hstore": true, "name": "mydb"}}
msg: unable to connect to database: FATAL: Peer authentication failed for user "postgres"
vars:
app_postgresql_database: mydb # this is my custom DRY var
postgresql_ext_install_contrib: yes
postgresql_ext_install_dev_headers: yes
postgresql_databases:
- name: "{{ app_postgresql_database }}"
hstore: yes # sane default
postgresql_users:
- name: "{{ app_postgresql_database }}"
pass: "{{ app_postgresql_password }}"
postgresql_user_privileges:
- name: "{{ app_postgresql_database }}"
db: "{{ app_postgresql_database }}"
priv: "ALL"
This used to work with no issues but somehow now it doesn't. The server is clean ubuntu 13.10x64
Hi!
I use this box for Vagrant:
https://cloud-images.ubuntu.com/vagrant/precise/20140519/precise-server-cloudimg-i386-vagrant-disk1.box
And with it I get this error:
TASK: [postgresql | PostgreSQL | Update configuration - pt. 1 (pg_hba.conf)] ***
failed: [default] => {"failed": true, "item": ""}
msg: Destination directory /etc/postgresql/9.3/main does not exist
And after logging in to VM, I see that real location is /usr/share/postgresql/9.3/
. Which is strange.
I am having trouble deploying to a custom directory /opt/data1
$ cat /etc/lsb-release ; uname -a
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.2 LTS"
Linux postgesql-1 3.13.0-45-generic #74-Ubuntu SMP Tue Jan 13 19:36:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
TASK: [PostgreSQL | Restart PostgreSQL] ***************************************
failed: [postgres_1] => {"failed": true}
msg: * Stopping PostgreSQL 9.3 database server
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/mark/postgres.retry
postgres_1 : ok=9 changed=8 unreachable=0 failed=1
so I removed the .pid and now postgres won't start
TASK: [PostgreSQL | Ensure PostgreSQL is running] *****************************
failed: [postgres_1] => {"failed": true}
msg: * Starting PostgreSQL 9.3 database server
FATAL: all hosts have already failed -- aborting
I looked at /opt/data1/9.3/main and the directory is empty.
I'm trying to make a playbook installing postgres with some specific SSL certificates.
I should copy them with owner/group set as postgres/postgres
(inside PGDATA), but the user gets created after the role is executed.
Moreover, also PGDATA
dir (that on my distro is on /var/lib/postgresql/9.4/
) gets created after role is executed, so I cannot copy the files in that directory.
This makes the role fail when it tries to start/restart
Easy workaround would be insert a copy task before postgresql-start, but how to deal with this race condition without editing this role?
Here's console output
$ /usr/lib/postgresql/9.4/bin/postgres -d 3 -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
LOG: unrecognized configuration parameter "krb_srvname" in file "/etc/postgresql/9.4/main/postgresql.conf" line 80
FATAL: configuration file "/etc/postgresql/9.4/main/postgresql.conf" contains errors
DEBUG: shmem_exit(1): 0 before_shmem_exit callbacks to make
DEBUG: shmem_exit(1): 0 on_shmem_exit callbacks to make
DEBUG: proc_exit(1): 0 callbacks to make
DEBUG: exit(1)
Running ansimble as vagrant provision.
Some output before is truncated.
TASK: [ANXS.postgresql | PostgreSQL | Extensions | Make sure the development headers are installed] ***
<33.33.33.55> ESTABLISH CONNECTION FOR USER: vagrant
<33.33.33.55> REMOTE_MODULE apt name=libpq-dev state=present
<33.33.33.55> EXEC ssh -C -tt -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/alex/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/home/alex/.vagrant.d/insecure_private_key" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 33.33.33.55 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1417516573.84-196422177238307 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1417516573.84-196422177238307 && echo $HOME/.ansible/tmp/ansible-tmp-1417516573.84-196422177238307'
<33.33.33.55> PUT /tmp/alex/tmpzXP8Sv TO /home/vagrant/.ansible/tmp/ansible-tmp-1417516573.84-196422177238307/apt
<33.33.33.55> EXEC ssh -C -tt -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/alex/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/home/alex/.vagrant.d/insecure_private_key" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 33.33.33.55 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=pdtbsvhzyqmwuhutjwzvlunuymgkvuck] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-pdtbsvhzyqmwuhutjwzvlunuymgkvuck; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1417516573.84-196422177238307/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1417516573.84-196422177238307/ >/dev/null 2>&1'"'"''
ok: [local.myhost.uss] => {"changed": false}
TASK: [ANXS.postgresql | PostgreSQL | Extensions | Make sure the postgis extensions are installed] ***
skipping: [local.myhost.uss]
TASK: [ANXS.postgresql | PostgreSQL | Make sure the postgres data directory exists] ***
<33.33.33.55> ESTABLISH CONNECTION FOR USER: vagrant
<33.33.33.55> REMOTE_MODULE file group=postgres state=directory path=/var/lib/postgresql/9.3/main owner=postgres
<33.33.33.55> EXEC ssh -C -tt -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/alex/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/home/alex/.vagrant.d/insecure_private_key" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 33.33.33.55 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1417516574.33-214413181594922 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1417516574.33-214413181594922 && echo $HOME/.ansible/tmp/ansible-tmp-1417516574.33-214413181594922'
<33.33.33.55> PUT /tmp/alex/tmpsu3Ig_ TO /home/vagrant/.ansible/tmp/ansible-tmp-1417516574.33-214413181594922/file
<33.33.33.55> EXEC ssh -C -tt -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/alex/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/home/alex/.vagrant.d/insecure_private_key" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 33.33.33.55 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=ibtoadiluvcwogddsrcvttxtcxtlfzcc] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-ibtoadiluvcwogddsrcvttxtcxtlfzcc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1417516574.33-214413181594922/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1417516574.33-214413181594922/ >/dev/null 2>&1'"'"''
ok: [local.myhost.uss] => {"changed": false, "gid": 118, "group": "postgres", "mode": "0700", "owner": "postgres", "path": "/var/lib/postgresql/9.3/main", "size": 4096, "state": "directory", "uid": 111}
TASK: [ANXS.postgresql | PostgreSQL | Reset the cluster - drop the existing one] ***
skipping: [local.myhost.uss]
TASK: [ANXS.postgresql | PostgreSQL | Reset the cluster - create a new one (with specified encoding and locale)] ***
skipping: [local.myhost.uss]
TASK: [ANXS.postgresql | PostgreSQL | Update configuration - pt. 1 (pg_hba.conf)] ***
<33.33.33.55> ESTABLISH CONNECTION FOR USER: vagrant
<33.33.33.55> EXEC ssh -C -tt -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/alex/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/home/alex/.vagrant.d/insecure_private_key" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 33.33.33.55 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1417516574.5-207184879708262 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1417516574.5-207184879708262 && echo $HOME/.ansible/tmp/ansible-tmp-1417516574.5-207184879708262'
<33.33.33.55> EXEC ssh -C -tt -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/alex/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/home/alex/.vagrant.d/insecure_private_key" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 33.33.33.55 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=rzzdyyjmeuuaooptediudyqvujrtwthh] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-rzzdyyjmeuuaooptediudyqvujrtwthh; rc=flag; [ -r "/etc/postgresql/9.3/main/pg_hba.conf" ] || rc=2; [ -f "/etc/postgresql/9.3/main/pg_hba.conf" ] || rc=1; [ -d "/etc/postgresql/9.3/main/pg_hba.conf" ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} /etc/postgresql/9.3/main/pg_hba.conf" && exit 0; (python -c '"'"'"'"'"'"'"'"'import hashlib; print(hashlib.sha1(open("/etc/postgresql/9.3/main/pg_hba.conf", "rb").read()).hexdigest())'"'"'"'"'"'"'"'"' 2>/dev/null) || (python -c '"'"'"'"'"'"'"'"'import sha; print(sha.sha(open("/etc/postgresql/9.3/main/pg_hba.conf", "rb").read()).hexdigest())'"'"'"'"'"'"'"'"' 2>/dev/null) || (echo "0 /etc/postgresql/9.3/main/pg_hba.conf")'"'"''
<33.33.33.55> PUT /tmp/alex/tmpKPLEuE TO /home/vagrant/.ansible/tmp/ansible-tmp-1417516574.5-207184879708262/source
<33.33.33.55> PUT /tmp/alex/tmpFqJESh TO /home/vagrant/.ansible/tmp/ansible-tmp-1417516574.5-207184879708262/copy
<33.33.33.55> EXEC ssh -C -tt -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/alex/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/home/alex/.vagrant.d/insecure_private_key" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 33.33.33.55 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=owzhuynsocpsgjtcwtdxlmukeuuylkfd] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-owzhuynsocpsgjtcwtdxlmukeuuylkfd; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1417516574.5-207184879708262/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1417516574.5-207184879708262/ >/dev/null 2>&1'"'"''
failed: [local.myhost.uss] => {"failed": true}
msg: Destination directory /etc/postgresql/9.3/main does not exist
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/alex/playbook.retry
local.myhost.uss : ok=42 changed=0 unreachable=0 failed=1
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
And really after installing postgres-9.3 no /etc/postgres was created.
This role doesn't currently run on centos because of the package manager references (maybe some other bits).
It would be great to get Centos support in here... originating discussion: #103 (comment)
For various reasons, I'd like to manage my PG configuration using this role but I wish to keep using the packages from the official Ubuntu Repository instead of the ones provided by apt.postgresql.org/pub.
Would you care to add a variable to make adding the PG repo optional please ?
If I understand the Ansible tags in roles correctly, when I use this role like this:
- name: Build stock Docker Postgres image, without any configuration
hosts: localhost
roles:
- {role: ANXS.postgresql, tags: [postgresql-install,postgresql-extensions]}
I should only see the tasks tagged with postgresql-install and postgresql-extensions executed?
However, I also see the configuration task, tagged with postgresql-configure also being executed, according to the playbook logs, which is something I did not expect!
What am I doing wrong/misunderstanding with the Ansible tags? How can I control which tasks to execute from this role?
Thanks,
Hristo
The README specifies some example variables but it doesn't mention where should they be set (which file should be modified). I guess changing yaml in vars subdirectory is not a good idea.
It's probably worth to mention:
http://docs.ansible.com/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable
Also one has to set sudo to true.
Example playbook:
- hosts: all
vars_files:
- vars.yaml
roles:
- setup
- { role: postgresql, sudo: yes }
- deploy
Hi all,
Is it possible to separate out the execution of the individual tasks (e.g configure,database, install, users, user_privileges)? Right now all steps are bundled into a single role - ANXS.postgresql. Ideally, if the tasks were designed as roles, one would be able to do:
- hosts: localhost
roles:
... some roles
- { role: ANXS.postgres.install }
- { role: ANXS.postgres.database }
...other roles
Can this somehow be achieved with the current design? Thank you.
I am trying to make use of this role in Docker. Docker has images and helps you build your stacks in successive layers. As Docker.com offers free hosting for public images, one would typically create a public image by putting all heavy pieces into it (such as running ANXS.postgres.install above) and publish it on the public Docker hub, but then layer all the sensitive stuff (user,databases, password via ANXS.postgres.database, ANXS.postgres.users ..) on top of the public image in a separate private image that gets created on the targeted host only. This approach saves a lot of disk space with docker images.
Right now, since there is a single role, one is forced to create a single final image with everything, which can not be published on Docker public hub as it has passwords, etc.
Any chance of updating the version on https://galaxy.ansible.com/list#/roles/512 ?
The current version still has the uuid-ossp
extension quote bug which causes the CREATE EXTENSION IF NOT EXISTS uuid-ossp;
command to fail.
Thanks!
Hi,
My DB is failing to start due to some invalid configuration entries
root@review:~# /etc/init.d/postgresql status
โ postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled)
Active: active (exited) since Wed 2015-11-18 18:23:47 AEDT; 6min ago
Process: 3629 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3629 (code=exited, status=0/SUCCESS)
root@review:~# tail /var/log/postgresql/postgresql-9.4-main.log
2015-11-18 07:23:28 UTC LOG: invalid value for parameter "lc_messages": "en_US.UTF-8"
2015-11-18 07:23:28 UTC LOG: invalid value for parameter "lc_monetary": "en_US.UTF-8"
2015-11-18 07:23:28 UTC LOG: invalid value for parameter "lc_numeric": "en_US.UTF-8"
2015-11-18 07:23:28 UTC LOG: invalid value for parameter "lc_time": "en_US.UTF-8"
2015-11-18 07:23:28 UTC FATAL: configuration file "/etc/postgresql/9.4/main/postgresql.conf" contains errors
2015-11-18 07:23:46 UTC LOG: invalid value for parameter "lc_messages": "en_US.UTF-8"
2015-11-18 07:23:46 UTC LOG: invalid value for parameter "lc_monetary": "en_US.UTF-8"
2015-11-18 07:23:46 UTC LOG: invalid value for parameter "lc_numeric": "en_US.UTF-8"
2015-11-18 07:23:46 UTC LOG: invalid value for parameter "lc_time": "en_US.UTF-8"
2015-11-18 07:23:46 UTC FATAL: configuration file "/etc/postgresql/9.4/main/postgresql.conf" contains errors
root@review:~# locale
LANG=en_AU.UTF-8
LANGUAGE=en_AU:en
LC_CTYPE="en_AU.UTF-8"
LC_NUMERIC="en_AU.UTF-8"
LC_TIME="en_AU.UTF-8"
LC_COLLATE="en_AU.UTF-8"
LC_MONETARY="en_AU.UTF-8"
LC_MESSAGES="en_AU.UTF-8"
LC_PAPER="en_AU.UTF-8"
LC_NAME="en_AU.UTF-8"
LC_ADDRESS="en_AU.UTF-8"
LC_TELEPHONE="en_AU.UTF-8"
LC_MEASUREMENT="en_AU.UTF-8"
LC_IDENTIFICATION="en_AU.UTF-8"
LC_ALL=
Seems this is due to the system locale differing from the strings being complained about (I have postgresql_locale: 'en_AU.UTF-8' set).
I think the best solution would be to the relevant lc_* entries so they default to postgresql_locale if not set specifically.
I believe http://docs.ansible.com/ansible/playbooks_filters.html#defaulting-undefined-variables is the relevant part of the docs.
Hi -- I found the example showing how to add the uuid and hstore extensions. Those are great. But how would I add more extensions, like the ones I listed in the title?
I just realised as part of filing #110 that ansible isn't correctly detecting the daemon failed to start.
TASK: [ANXS.postgresql | PostgreSQL | Create folder for additional configuration files] ***
ok: [192.168.56.101]
TASK: [ANXS.postgresql | PostgreSQL | Restart PostgreSQL] *********************
changed: [192.168.56.101]
TASK: [ANXS.postgresql | PostgreSQL | Ensure PostgreSQL is running] ***********
ok: [192.168.56.101]
TASK: [ANXS.postgresql | PostgreSQL | Make sure the PostgreSQL users are present] ***
failed: [192.168.56.101] => (item={'encrypted': False, 'name': db_user', 'pass': u''}) => {"failed": true, "item": {"encrypted": false, "name": "db_user", "pass": ""}}
msg: unable to connect to database: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Vagrant 1.7.4
Virtualbox 4.3.28r100309
skipping: [anxs.local]
_________________________________________________
/ TASK: PostgreSQL | Update configuration - pt. 1 \
\ (pg_hba.conf) /
-------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
failed: [anxs.local] => {"failed": true}
msg: Destination directory /etc/postgresql/9.3/main does not exist
FATAL: all hosts have already failed -- aborting
Hello
I've been using task and get error:
TASK [ANXS.postgresql : PostgreSQL | Add PostgreSQL repository preferences] ****
fatal: [192.168.56.10]: FAILED! => {"changed": false, "failed": true, "msg": "IOError: [Errno 2] No such file or directory: u'etc_apt_preferences.d_apt_postgresql_org_pub_repos_apt.pref.j2'"}
my meta file:
dependencies:
Hi,
Is it possible to extend this role for Alpine Linux (AL)? AL is hot, ultra-minimal linux distro, ideal for cloud deployment with a nice package manager that APK, which is supported as of Ansible 2.0 module . Here are a few links:
https://github.com/fabaff/alpine-ansible
https://github.com/kiasaki/docker-alpine-postgres
http://michael.otacoo.com/postgresql-2/minimal-docker-container-postgres/
Also see: William-Yeh/docker-ansible#2
Upon initially trying to create a postgres db I got
TASK: [ANXS.postgresql | PostgreSQL | Make sure the PostgreSQL users are present] ***
failed: [127.0.0.1] => (item={'encrypted': False, 'name': 'fugazzi', 'pass': 'fugazzi'}) => {"failed": true, "item": {"encrypted": false, "name": "fugazzi", "pass": "fugazzi"}}
msg: the python psycopg2 module is required
FATAL: all hosts have already failed -- aborting
Which I thought was weird because this role installs python-psycopg2 on the system. Then I realized I was in a virtualenv.
(ansible)greg@Ithilien:~/workspace/python/ansible-playbooks$ which python
/home/greg/.virtualenvs/ansible/bin/python
After installing psycopg2 into my virtualenv (which requires an unincluded postgresql-server-dev-X.Y pkg) things work out just fine. Not a major problem but it does make running this role one time off the bat impossible if we want to install a db upon provisioning postgres
I'm using this playbook for Django development and I need to be able to create a user that can create additional databases (for example if I am using a db called project_db then the user would need to be able to create a test_project_db for testing purposes) but there doesn't seem to be a config variable to set the owner of a database.
I'm installing a 9.1 installation on an older Ubuntu machine. The following postgresql.conf config parameters are invalid but are included anyways:
Additionally, it's looking for the postgis package in the wrong place on Ubuntu 13.04:
Does not work on 13.04
- "postgresql-{{postgresql_version}}-postgis-{{postgresql_ext_postgis_version}}"
Does work
- "postgresql-{{postgresql_version}}-postgis"
We now have support for running against CentOS hosts within this role, but it needs manual testing in a VM or similar.. we have travis tests for the role (both integrity and idempotence) but they run against an ubuntu host, It would be great to get some test runs in against CentOS, perhaps with containers...
Useful links
Hello!
Fails on ARM, due to missing packages. Is there a way to build from source?
TASK: [postgresql | PostgreSQL | Add PostgreSQL repository] *******************
failed: [7c669d537a3e] => {"failed": true, "parsed": false}
invalid output was: Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1409504381.97-216554174396296/apt_repository", line 2207, in
main()
File "/root/.ansible/tmp/ansible-tmp-1409504381.97-216554174396296/apt_repository", line 430, in main
cache.update()
File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 418, in update
raise FetchFailedException(e)
apt.cache.FetchFailedException: W:Failed to fetch http://apt.postgresql.org/pub/repos/apt/dists/wheezy-pgdg/Release Unable to find expected entry 'main/binary-armhf/Packages' in Release file (Wrong sources.list entry or malformed file)
, E:Some index files failed to download. They have been ignored, or old ones used instead.
FATAL: all hosts have already failed -- aborting
Thanks for useful role! It would be useful, if adding postgis to DB could be documented on project page. Also, it would make more sense to me to name the corresponding key postgis
, instead of just gis
.
When running the postgresql role with only some modified postgresql.conf vars, I get the following error:
fatal: [db1]: FAILED! => {"msg": "ERROR! the field 'environment' has an invalid value (postgresql_env), and could not be converted to an dict. Error was: ", "failed": true}
I cannot really solve this.
Hi,
in my template files i usually add {{ ansible_managed }} on top
makes it easy to see that your config files are written by ansible for someone else.
Please add support to install and configure pgextwlist. It will greatly help users.
It seems now only the Ubuntu is supported.
DEBUG subprocess: stdout:
TASK: [ANXS.postgresql | PostgreSQL | Make sure the dependencies are installed] ***
INFO interface: info:
TASK: [ANXS.postgresql | PostgreSQL | Make sure the dependencies are installed] ***
TASK: [ANXS.postgresql | PostgreSQL | Make sure the dependencies are installed] ***
DEBUG subprocess: stdout: failed: [labola] => (item=python-psycopg2,python-pycurl) => {"cmd": "apt-get update && apt-get install python-apt -y -q", "failed": true, "item": "python-psycopg2,python-pycurl", "rc": 127}
stderr: /bin/sh: apt-get: command not found
msg: /bin/sh: apt-get: command not found
FATAL: all hosts have already failed -- aborting ```
PLAY RECAP ********************************************************************
I'm kinda newbie to Ansible so I might be doing something wrong.
Using Vagrant 1.6.3 on a OSX 10.9.4 machine, everything works fine, until I start to mess with the variables.
So, assuming the following configuration.
When ever I try to define the postgresql_data_directory
the following error occurs, independently of the value defined:
TASK: [Ansibles.postgresql | PostgreSQL | Restart PostgreSQL] *****************
<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant
<127.0.0.1> REMOTE_MODULE service name=postgresql state=restarted
<127.0.0.1> EXEC ['ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/couto/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=2222', '-o', 'IdentityFile="/Users/couto/.vagrant.d/insecure_private_key"', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1408376328.19-89567072261915 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1408376328.19-89567072261915 && echo $HOME/.ansible/tmp/ansible-tmp-1408376328.19-89567072261915'"]
<127.0.0.1> PUT /var/folders/96/zkggd7gn62qg0p40bq45hrqm0000gn/T/tmpT1abag TO /home/vagrant/.ansible/tmp/ansible-tmp-1408376328.19-89567072261915/service
<127.0.0.1> EXEC ['ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/couto/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=2222', '-o', 'IdentityFile="/Users/couto/.vagrant.d/insecure_private_key"', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=bnshvhhhpqnghyqecwjzdteqhjpuetko] password: " -u root /bin/sh -c \'"\'"\'echo SUDO-SUCCESS-bnshvhhhpqnghyqecwjzdteqhjpuetko; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1408376328.19-89567072261915/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1408376328.19-89567072261915/ >/dev/null 2>&1\'"\'"\'\'']
failed: [default] => {"failed": true}
msg: * Stopping PostgreSQL 9.3 database server
* Error: pid file is invalid, please manually kill the stale server process.
...fail!
* Starting PostgreSQL 9.3 database server
* Error: could not read /etc/postgresql/9.3/main/postgresql.conf: Permission denied
...fail!
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/Users/couto/playbook.retry
default : ok=10 changed=9 unreachable=0 failed=1
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
and when I try to define the variable: postgresql_pg_hba_default
it results in the following error:
TASK: [Ansibles.postgresql | PostgreSQL | Restart PostgreSQL] *****************
<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant
<127.0.0.1> REMOTE_MODULE service name=postgresql state=restarted
<127.0.0.1> EXEC ['ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/couto/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=2222', '-o', 'IdentityFile="/Users/couto/.vagrant.d/insecure_private_key"', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1408376636.49-188751064727067 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1408376636.49-188751064727067 && echo $HOME/.ansible/tmp/ansible-tmp-1408376636.49-188751064727067'"]
<127.0.0.1> PUT /var/folders/96/zkggd7gn62qg0p40bq45hrqm0000gn/T/tmpgW93Ah TO /home/vagrant/.ansible/tmp/ansible-tmp-1408376636.49-188751064727067/service
<127.0.0.1> EXEC ['ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/couto/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=2222', '-o', 'IdentityFile="/Users/couto/.vagrant.d/insecure_private_key"', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=npvcgtbzwajzlqishgjlhwqwadsbalcn] password: " -u root /bin/sh -c \'"\'"\'echo SUDO-SUCCESS-npvcgtbzwajzlqishgjlhwqwadsbalcn; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1408376636.49-188751064727067/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1408376636.49-188751064727067/ >/dev/null 2>&1\'"\'"\'\'']
failed: [default] => {"failed": true}
msg: * Stopping PostgreSQL 9.3 database server
...done.
* Starting PostgreSQL 9.3 database server
* The PostgreSQL server failed to start. Please check the log output.
...fail!
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/Users/couto/playbook.retry
default : ok=10 changed=8 unreachable=0 failed=1
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
Hi @pjan, and thanks for your work on this role!
I would like to know if it is planned to support multiple version of PostgreSQL or only the last one?
There is some issues/PR related to (#21, #47, #66)
We are maintaining several PostgreSQL versions on several Debian or Ubuntu releases, and such support would be greatly appreciated. And of course, I'm ready to contribute a lot for this purpose.
Have you stated anything about this, or experienced trouble regarding such support?
Regards,
I ran the role against a centos vagrant, and didn't work. Looks like it's using apt in centos :(
TASK: [ANXS.postgresql | PostgreSQL | Make sure the CA certificates are available] ***
failed: [default] => {"cmd": "apt-get update '&&' apt-get install python-apt -y -q", "failed": true, "rc": 127}
stderr: /bin/sh: apt-get: command not found
msg: /bin/sh: apt-get: command not found
FATAL: all hosts have already failed -- aborting
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.