NewsBlur-viq/ansible/roles/postgres/tasks/main.yml

---
- name: Template postgresql-13.conf file
  template:
    src: /srv/newsblur/docker/postgres/postgresql-13.conf.j2
    dest: /srv/newsblur/docker/postgres/postgres.conf
  notify: reload postgres
  register: updated_config

- name: Create Postgres docker volumes with correct permissions
  file:
    path: "{{ item  }}"
    state: directory
    recurse: yes
    owner: "{{ ansible_effective_user_id|int }}"
    group: "{{ ansible_effective_group_id|int }}"
  with_items:
    - /srv/newsblur/docker/volumes/postgres/archive
    - /srv/newsblur/docker/volumes/postgres/backups
    - /srv/newsblur/docker/volumes/postgres/data

- name: Template postgres secondaries with empty standby.signal file
  file:
    path: /srv/newsblur/docker/volumes/postgres/data/standby.signal
    state: file
    owner: "{{ ansible_effective_user_id|int }}"
    group: "{{ ansible_effective_group_id|int }}"
  when: (inventory_hostname | regex_replace('\-?[0-9]+', '')) in ['db-postgres-secondary', 'hdb-postgres']

- name: Copy SSH private key
  copy:
    src: /srv/secrets-newsblur/keys/postgres.key
    dest: /home/nb/.ssh/id_rsa
    owner: "{{ ansible_effective_user_id|int }}"
    group: "{{ ansible_effective_group_id|int }}"
    mode: "0600"

- name: Copy SSH public key
  copy:
    src: /srv/secrets-newsblur/keys/postgres.key.pub
    dest: /home/nb/.ssh/id_rsa.pub
    owner: "{{ ansible_effective_user_id|int }}"
    group: "{{ ansible_effective_group_id|int }}"
    mode: "0600"

- name: Add SSH public key to authorized keys
  authorized_key:
    user: "nb"
    state: present
    key: "{{ lookup('file', '/srv/secrets-newsblur/keys/postgres.key.pub') }}"

- name: Build the custom postgres docker image
  docker_image:
    name: newsblur/postgres:13
    build:
      path: /srv/newsblur/docker/postgres/Dockerfile.postgres
      pull: yes
    force_tag: yes
    state: present

- name: Start postgres docker containers
  docker_container:
    name: postgres
    image: newsblur/postgres:13
    state: started
    container_default_behavior: no_defaults
    command: postgres -c config_file=/etc/postgresql/postgresql.conf
    env:
      # POSTGRES_USER: "{{ postgres_user }}" # Don't auto-create newsblur, manually add it
      POSTGRES_PASSWORD: "{{ postgres_password }}"
    hostname: "{{ inventory_hostname }}"
    networks_cli_compatible: yes
    network_mode: default
    networks:
      - name: newsblurnet
        aliases:
          - postgres
    ports:
      - 5432:5432
    user: "{{ ansible_effective_user_id|int }}:{{ ansible_effective_group_id|int }}"
    volumes:
      - /srv/newsblur/docker/volumes/postgres/data:/var/lib/postgresql/data
      - /srv/newsblur/docker/volumes/postgres/archive:/var/lib/postgresql/archive
      - /srv/newsblur/docker/volumes/postgres/backups:/var/lib/postgresql/backups
      - /srv/newsblur/docker/postgres/postgres.conf:/etc/postgresql/postgresql.conf
      - /srv/newsblur/docker/postgres/postgres_hba-13.conf:/etc/postgresql/pg_hba.conf
      - /srv/newsblur/docker/postgres/postgres_ident-13.conf:/etc/postgresql/pg_ident.conf
      - /home/nb/.ssh/id_rsa:/var/lib/postgresql/.ssh/id_rsa
    restart_policy: unless-stopped
  when: (inventory_hostname | regex_replace('\-?[0-9]+', '')) in ['db-postgres-primary', 'db-postgres', 'hdb-postgres']

# - name: Change ownership in postgres docker container
#   become: yes
#   command: >
#     docker exec postgres chown -fR postgres.postgres /var/lib/postgresql
#   ignore_errors: yes

- name: Ensure newsblur role in postgres
  become: yes
  shell: >
    sleep 15; 
    docker exec postgres createuser -s newsblur -U postgres;
    docker exec postgres createdb newsblur -U newsblur;
  register: ensure_role
  ignore_errors: yes
  changed_when:
    - "ensure_role.rc == 0"
  failed_when:
    - "'already exists' not in ensure_role.stderr"
    - "ensure_role.rc != 0"

- name: Register postgres in consul
  tags: consul
  become: yes
  template:
    src: consul_service.json
    dest: /etc/consul.d/postgres.json
  notify:
    - reload consul

- name: Copy common secrets
  copy:
    src: /srv/secrets-newsblur/settings/common_settings.py
    dest: /srv/newsblur/newsblur_web/local_settings.py
  register: app_changed

- name: Add sanity checkers cronjob for disk usage
  cron:
    name: disk_usage_sanity_checker
    minute: "0"
    job: >-
      OUTPUT=$(df / | head -n 2 |  tail -1) docker run --rm -it -v /srv/newsblur:/srv/newsblur \
      --network=newsblurnet --hostname {{ ansible_hostname }} newsblur/newsblur_python3 \
      /srv/newsblur/utils/monitor_disk_usage.py $OUTPUT
  tags: cron

- name: Add postgresql archive cleaner cronjob
  cron:
    name: postgres_archive_cleaner
    minute: "0"
    job: >-
      sudo find /srv/newsblur/docker/volumes/postgres/archive -type f -mmin +180 -delete
  tags: cron

- name: Add postgresql backup cleaner cronjob
  cron:
    name: postgres_backup_cleaner
    minute: "0"
    hour: "5"
    job: >-
      sudo find /srv/newsblur/docker/volumes/postgres/backups -type f -mmin +18000 -delete
  tags: cron

- name: Add postgres backup log
  become: yes
  file:
    path: /var/log/postgres_backup.log
    state: touch
    mode: 0777
    owner: "{{ ansible_effective_user_id|int }}"
    group: "{{ ansible_effective_group_id|int }}"

- name: Add postgres backup
  cron:
    name: postgres backup
    minute: "0"
    hour: "4"
    job: /srv/newsblur/docker/postgres/backup_postgres.sh >> /var/log/postgres_backup.log 2>&1
  tags: cron
move postgres tasks into postgres role 2021-02-03 10:43:08 -05:00			`---`
Moving around postgres config 2021-12-17 17:11:49 -05:00			`- name: Template postgresql-13.conf file`
			`template:`
Using new repo password for postgres. 2021-12-17 17:34:54 -05:00			`src: /srv/newsblur/docker/postgres/postgresql-13.conf.j2`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`dest: /srv/newsblur/docker/postgres/postgres.conf`
Moving around postgres config 2021-12-17 17:11:49 -05:00			`notify: reload postgres`
			`register: updated_config`

Upgrading Postgres server. Just have mongo left to do and then :racecar: 2022-05-27 06:58:32 -04:00			`- name: Create Postgres docker volumes with correct permissions`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`file:`
Upgrading Postgres server. Just have mongo left to do and then :racecar: 2022-05-27 06:58:32 -04:00			`path: "{{ item }}"`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`state: directory`
Upgrading Postgres server. Just have mongo left to do and then :racecar: 2022-05-27 06:58:32 -04:00			`recurse: yes`
			`owner: "{{ ansible_effective_user_id\|int }}"`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`group: "{{ ansible_effective_group_id\|int }}"`
Upgrading Postgres server. Just have mongo left to do and then :racecar: 2022-05-27 06:58:32 -04:00			`with_items:`
			`- /srv/newsblur/docker/volumes/postgres/archive`
Postgres restore now explicit about primary server. 2022-06-05 08:55:58 -04:00			`- /srv/newsblur/docker/volumes/postgres/backups`
Upgrading Postgres server. Just have mongo left to do and then :racecar: 2022-05-27 06:58:32 -04:00			`- /srv/newsblur/docker/volumes/postgres/data`
Adding a secondary postgres that starts from a pg_basebackup. Still needs testing. 2022-04-30 07:24:46 -04:00
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`- name: Template postgres secondaries with empty standby.signal file`
			`file:`
			`path: /srv/newsblur/docker/volumes/postgres/data/standby.signal`
			`state: file`
			`owner: "{{ ansible_effective_user_id\|int }}"`
			`group: "{{ ansible_effective_group_id\|int }}"`
			`when: (inventory_hostname \| regex_replace('\-?[0-9]+', '')) in ['db-postgres-secondary', 'hdb-postgres']`

			`- name: Copy SSH private key`
			`copy:`
			`src: /srv/secrets-newsblur/keys/postgres.key`
			`dest: /home/nb/.ssh/id_rsa`
			`owner: "{{ ansible_effective_user_id\|int }}"`
			`group: "{{ ansible_effective_group_id\|int }}"`
			`mode: "0600"`

			`- name: Copy SSH public key`
			`copy:`
			`src: /srv/secrets-newsblur/keys/postgres.key.pub`
			`dest: /home/nb/.ssh/id_rsa.pub`
			`owner: "{{ ansible_effective_user_id\|int }}"`
			`group: "{{ ansible_effective_group_id\|int }}"`
			`mode: "0600"`

			`- name: Add SSH public key to authorized keys`
			`authorized_key:`
			`user: "nb"`
			`state: present`
			`key: "{{ lookup('file', '/srv/secrets-newsblur/keys/postgres.key.pub') }}"`

			`- name: Build the custom postgres docker image`
			`docker_image:`
			`name: newsblur/postgres:13`
			`build:`
			`path: /srv/newsblur/docker/postgres/Dockerfile.postgres`
			`pull: yes`
			`force_tag: yes`
			`state: present`

Prepping postgres backup 2021-12-13 17:09:37 -05:00			`- name: Start postgres docker containers`
move postgres tasks into postgres role 2021-02-03 10:43:08 -05:00			`docker_container:`
			`name: postgres`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`image: newsblur/postgres:13`
move postgres tasks into postgres role 2021-02-03 10:43:08 -05:00			`state: started`
Prepping postgres backup 2021-12-13 17:09:37 -05:00			`container_default_behavior: no_defaults`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`command: postgres -c config_file=/etc/postgresql/postgresql.conf`
move postgres tasks into postgres role 2021-02-03 10:43:08 -05:00			`env:`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`# POSTGRES_USER: "{{ postgres_user }}" # Don't auto-create newsblur, manually add it`
Using new repo password for postgres. 2021-12-17 17:34:54 -05:00			`POSTGRES_PASSWORD: "{{ postgres_password }}"`
Prepping postgres backup 2021-12-13 17:09:37 -05:00			`hostname: "{{ inventory_hostname }}"`
			`networks_cli_compatible: yes`
			`network_mode: default`
			`networks:`
			`- name: newsblurnet`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`aliases:`
Adding postgresql backup restoration. Working on config. 2021-12-17 16:53:28 -05:00			`- postgres`
move postgres tasks into postgres role 2021-02-03 10:43:08 -05:00			`ports:`
Prepping postgres backup 2021-12-13 17:09:37 -05:00			`- 5432:5432`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`user: "{{ ansible_effective_user_id\|int }}:{{ ansible_effective_group_id\|int }}"`
move postgres tasks into postgres role 2021-02-03 10:43:08 -05:00			`volumes:`
Moving pg basebackup to a backup role 2022-05-02 09:32:35 -04:00			`- /srv/newsblur/docker/volumes/postgres/data:/var/lib/postgresql/data`
			`- /srv/newsblur/docker/volumes/postgres/archive:/var/lib/postgresql/archive`
			`- /srv/newsblur/docker/volumes/postgres/backups:/var/lib/postgresql/backups`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`- /srv/newsblur/docker/postgres/postgres.conf:/etc/postgresql/postgresql.conf`
Moving around postgres config 2021-12-17 17:11:49 -05:00			`- /srv/newsblur/docker/postgres/postgres_hba-13.conf:/etc/postgresql/pg_hba.conf`
Adding pg_ident.conf. 2022-05-02 13:03:47 -04:00			`- /srv/newsblur/docker/postgres/postgres_ident-13.conf:/etc/postgresql/pg_ident.conf`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`- /home/nb/.ssh/id_rsa:/var/lib/postgresql/.ssh/id_rsa`
Prepping postgres backup 2021-12-13 17:09:37 -05:00			`restart_policy: unless-stopped`
Adding postgres and elasticsearch to hetzner. Updating redis flask metrics. 2024-01-27 18:11:36 -05:00			`when: (inventory_hostname \| regex_replace('\-?[0-9]+', '')) in ['db-postgres-primary', 'db-postgres', 'hdb-postgres']`
add disk usage sanity checker 2021-06-07 15:44:59 -04:00
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`# - name: Change ownership in postgres docker container`
			`# become: yes`
			`# command: >`
			`# docker exec postgres chown -fR postgres.postgres /var/lib/postgresql`
			`# ignore_errors: yes`

Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`- name: Ensure newsblur role in postgres`
Adding pg_ident.conf. 2022-05-02 13:03:47 -04:00			`become: yes`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`shell: >`
Moving pg basebackup to a backup role 2022-05-02 09:32:35 -04:00			`sleep 15;`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`docker exec postgres createuser -s newsblur -U postgres;`
			`docker exec postgres createdb newsblur -U newsblur;`
			`register: ensure_role`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`ignore_errors: yes`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`changed_when:`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`- "ensure_role.rc == 0"`
			`failed_when:`
Finishing up PostgreSQL migration. Needs to test backups. 2022-01-07 10:07:19 -05:00			`- "'already exists' not in ensure_role.stderr"`
			`- "ensure_role.rc != 0"`

Adding postgresql backup restoration. Working on config. 2021-12-17 16:53:28 -05:00			`- name: Register postgres in consul`
			`tags: consul`
			`become: yes`
			`template:`
			`src: consul_service.json`
			`dest: /etc/consul.d/postgres.json`
			`notify:`
			`- reload consul`
change get_postgres_credentials.py to get_credentials.py so it can also be used to get the s3 bucket name. Fix postgres backups 2021-06-27 14:11:14 -06:00
Executable postgres backup script. 2022-02-03 15:41:35 -05:00			`- name: Copy common secrets`
			`copy:`
			`src: /srv/secrets-newsblur/settings/common_settings.py`
			`dest: /srv/newsblur/newsblur_web/local_settings.py`
			`register: app_changed`

fix disk usage sanity checker to check host machine and pass the data into the container to evaluate the disk usage and send an email 2021-06-18 14:57:29 -06:00			`- name: Add sanity checkers cronjob for disk usage`
			`cron:`
			`name: disk_usage_sanity_checker`
Moving pg basebackup to a backup role 2022-05-02 09:32:35 -04:00			`minute: "0"`
add multiline command syntax `>-` to cronjobs for sanity checkers 2021-06-27 13:24:07 -06:00			`job: >-`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`OUTPUT=$(df / \| head -n 2 \| tail -1) docker run --rm -it -v /srv/newsblur:/srv/newsblur \`
			`--network=newsblurnet --hostname {{ ansible_hostname }} newsblur/newsblur_python3 \`
			`/srv/newsblur/utils/monitor_disk_usage.py $OUTPUT`
Bumping postgres server size, fixing monitor disk usage cronjob. 2022-05-13 16:59:57 -04:00			`tags: cron`

			`- name: Add postgresql archive cleaner cronjob`
			`cron:`
			`name: postgres_archive_cleaner`
			`minute: "0"`
			`job: >-`
			`sudo find /srv/newsblur/docker/volumes/postgres/archive -type f -mmin +180 -delete`
			`tags: cron`
add backup to ansible for postgres 2021-06-19 12:35:28 -06:00
Adding elasticsearch and postgres backup cleaner. 2022-12-28 22:01:51 -05:00			`- name: Add postgresql backup cleaner cronjob`
			`cron:`
			`name: postgres_backup_cleaner`
			`minute: "0"`
			`hour: "5"`
			`job: >-`
			`sudo find /srv/newsblur/docker/volumes/postgres/backups -type f -mmin +18000 -delete`
			`tags: cron`

Adding postgres backup log. 2022-02-04 13:55:23 -05:00			`- name: Add postgres backup log`
			`become: yes`
			`file:`
			`path: /var/log/postgres_backup.log`
			`state: touch`
			`mode: 0777`
Updating postgres for standby. 2024-01-27 23:11:36 -05:00			`owner: "{{ ansible_effective_user_id\|int }}"`
			`group: "{{ ansible_effective_group_id\|int }}"`
Adding postgres backup log. 2022-02-04 13:55:23 -05:00
add backup to ansible for postgres 2021-06-19 12:35:28 -06:00			`- name: Add postgres backup`
			`cron:`
			`name: postgres backup`
			`minute: "0"`
			`hour: "4"`
Adding timestamps to backup logs 2022-04-30 06:51:11 -04:00			`job: /srv/newsblur/docker/postgres/backup_postgres.sh >> /var/log/postgres_backup.log 2>&1`
Bumping postgres server size, fixing monitor disk usage cronjob. 2022-05-13 16:59:57 -04:00			`tags: cron`