Adding pg_ident.conf.

ansible/playbooks/deploy_www.yml

@@ -6,7 +6,7 @@
     - ../env_vars/base.yml
     - roles/letsencrypt/defaults/main.yml
   handlers:
-    - include: roles/haproxy/handlers/main.yml
+    - import_tasks: roles/haproxy/handlers/main.yml
 
   tasks:
     - name: Template haproxy.cfg file

ansible/playbooks/setup_postgres.yml

@@ -9,7 +9,6 @@
 
   roles:
     - {role: 'base', tags: 'base'}
-    - {role: 'ufw', tags: 'ufw'}
     - {role: 'docker', tags: 'docker'}
     - {role: 'repo', tags: ['repo', 'pull']}
     - {role: 'dnsmasq', tags: 'dnsmasq'}
@@ -17,5 +16,6 @@
     - {role: 'consul-client', tags: 'consul'}
     - {role: 'node-exporter', tags: ['node-exporter', 'metrics']}
     - {role: 'postgres', tags: 'postgres'}
+    - {role: 'ufw', tags: 'ufw'}
     - {role: 'monitor', tags: 'monitor'}
     - {role: 'backups', tags: 'backups'}

ansible/roles/backups/tasks/main.yml

@@ -80,7 +80,7 @@
   - name: Start postgres basebackup on secondary
     become: yes
     command:
-      docker exec postgres pg_basebackup -h db-postgres.service.nyc1.consul -p 5432 -U newsblur -D /var/lib/postgresql/data -Fp -R -Xs -P -c fast
+      docker exec postgres pg_basebackup -h db-postgres-staging .service.nyc1.consul -p 5432 -U newsblur -D /var/lib/postgresql/data -Fp -R -Xs -P -c fast
     # when: (inventory_hostname | regex_replace('[0-9]+', '')) in ['db-postgres-secondary']
     tags:
       - never

ansible/roles/docker/tasks/main.yml

@@ -2,11 +2,11 @@
 # tasks file for docker-ce-ansible-role
 
 - name: Install docker-ce (RedHat)
-  include: install-EL.yml
+  include_tasks: install-EL.yml
   when: ansible_os_family == 'RedHat'
 
 - name: Install docker-ce (Ubuntu)
-  include: install-Ubuntu.yml
+  include_tasks: install-Ubuntu.yml
   when: ansible_distribution == 'Ubuntu'
 
 - name: Enable Docker CE service on startup

ansible/roles/letsencrypt/tasks/main.yml

@@ -1,3 +1,3 @@
 ---
-  - include: certbot.yml
-  - include: certbot-dns.yml
+  - include_tasks: certbot.yml
+  - include_tasks: certbot-dns.yml

ansible/roles/postgres/tasks/main.yml

@@ -8,24 +8,28 @@
   register: updated_config
 
 - name: Ensure postgres archive directory
+  become: yes
   file:
     path: /srv/newsblur/docker/volumes/postgres/archive
     state: directory
     mode: 0755
   
 - name: Ensure postgres backup directory
+  become: yes
   file:
     path: /srv/newsblur/docker/volumes/postgres/backups
     state: directory
     mode: 0755
   
 - name: Ensure postgres data directory
+  become: yes
   file:
     path: /srv/newsblur/docker/volumes/postgres/data
     state: directory
     mode: 0755
 
 - name: Start postgres docker containers
+  become: yes
   docker_container:
     name: postgres
     image: postgres:13
@@ -50,14 +54,17 @@
       - /srv/newsblur/docker/volumes/postgres/backups:/var/lib/postgresql/backups
       - /srv/newsblur/docker/postgres/postgres.conf:/etc/postgresql/postgresql.conf
       - /srv/newsblur/docker/postgres/postgres_hba-13.conf:/etc/postgresql/pg_hba.conf
+      - /srv/newsblur/docker/postgres/postgres_ident-13.conf:/etc/postgresql/pg_ident.conf
     restart_policy: unless-stopped
   when: (inventory_hostname | regex_replace('[0-9]+', '')) in ['db-postgres-primary', 'db-postgres']
 
 - name: Change ownership in postgres docker container
+  become: yes
   command: >
     docker exec postgres chown -fR postgres.postgres /var/lib/postgresql
   
 - name: Ensure newsblur role in postgres
+  become: yes
   shell: >
     sleep 15; 
     docker exec postgres createuser -s newsblur -U postgres;

docker/postgres/postgres_ident-13.conf

@@ -0,0 +1,2 @@
+# MAPNAME       SYSTEM-USERNAME         PG-USERNAME
+nbmap         nb                postgres