main.yml

---

# INSTALLATION

- name: install packages
  apt:
    force_apt_get: true
    install_recommends: false
    name: "{{ repmgr_packages }}"

# POSTGRESQL

- name: postgresql
  vars:
    pg_hba:
      - type: local
        method: peer
      - type: host
        address: 127.0.0.1/32
      - type: host
        address: ::1/128
      - type: host
        address: 0.0.0.0/0
      - type: host
        address: ::/0
      - type: local
        database: replication
        method: peer
      - type: host
        database: replication
        address: 127.0.0.1/32
      - type: host
        database: replication
        address: ::1/128
      - type: host
        database: replication
        address: 0.0.0.0/0
      - type: host
        database: replication
        address: ::/0
    pg_conf:
      - name: main
        content: |
          listen_addresses = '*'
      - name: modules
        content: |
          shared_preload_libraries = 'repmgr'
    pg_users:
      - name: "{{ repmgr_user }}"
        password: "{{ repmgr_password }}"
        roles: "{{ repmgr_roles }}"
    pg_databases:
      - name: "{{ repmgr_db }}"
        owner: "{{ repmgr_user }}"
    pg_ferm_input_rules:
      - proto:
          - tcp
        dport:
          - 5432
          - "{{ repmgr_repha_port }}"
  include_role:
    name: postgres

# CONFIGURATION

- name: configure repmgr
  notify: restart repmgrd
  template:
    src: repmgr.conf.j2
    dest: "{{ repmgr_config }}"
    owner: postgres
    group: postgres

- name: configure debian default
  notify: restart repmgrd
  loop:
    - key: REPMGRD_ENABLED
      value: 'yes'
    - key: REPMGRD_CONF
      value: "{{ repmgr_config }}"
  replace:
    path: /etc/default/repmgrd
    regexp: '^#?{{ item.key }}=.*$'
    replace: '{{ item.key }}={{ item.value }}'

- name: copy events notification script
  template:
    src: repmgr-event.py.j2
    dest: /usr/bin/repmgr-event
    mode: 0755

- name: configure sudo
  copy:
    dest: /etc/sudoers.d/postgres
    validate: visudo -cf %s
    content: |
      Defaults:postgres !requiretty
      postgres ALL=NOPASSWD: \
        /bin/systemctl start postgresql@{{ repmgr_pg_version }}-{{ repmgr_pg_cluster }}, \
        /bin/systemctl stop postgresql@{{ repmgr_pg_version }}-{{ repmgr_pg_cluster }}, \
        /bin/systemctl restart postgresql@{{ repmgr_pg_version }}-{{ repmgr_pg_cluster }}, \
        /bin/systemctl reload postgresql@{{ repmgr_pg_version }}-{{ repmgr_pg_cluster }}

# SSH

- name: ensure postgres account have a ssh keypair
  user:
    name: postgres
    generate_ssh_key: true
    ssh_key_type: ed25519
    ssh_key_file: ~postgres/.ssh/id_ed25519

- name: fetch postgres ssh public key
  register: repmgr_postgres_ssh_pubkey
  slurp:
    path: ~postgres/.ssh/id_ed25519.pub

- name: register postgres ssh public key as an ansible fact
  set_fact:
    pubkey: "{{ repmgr_postgres_ssh_pubkey['content'] | b64decode }}"

- name: share postgres ssh public key between cluster members
  loop: "{{ groups['postgres'] }}"
  authorized_key:
    user: postgres
    key: "{{ hostvars[item]['pubkey'] }}"

- name: postgres ssh client configuration
  copy:
    dest: ~postgres/.ssh/config
    owner: postgres
    group: postgres
    content: |
      IdentityFile	~/.ssh/ed25519
      StrictHostKeyChecking	no
      UserKnownHostsFile	/dev/null

# REGISTER PRIMARY

- name: setup primary
  when: db_role == "primary"
  block:

    - name: check if primary already joined
      become: true
      become_user: postgres
      register: repmgr_check_primary
      postgresql_query:
        db: repmgr
        query: SELECT 1 FROM pg_tables WHERE tablename='nodes'

    - name: register primary
      become: true
      become_user: postgres
      when: repmgr_check_primary.query_result | length == 0
      notify: restart repmgrd
      command:
        cmd: repmgr --config-file={{ repmgr_config }} primary register

- meta: flush_handlers

# REGISTER STANDBY

- name: setup standby
  when: db_role == "standby"
  block:

    - name: check if standby already joined
      become: true
      become_user: postgres
      register: repmgr_check_standby
      postgresql_query:
        db: repmgr
        query: SELECT 1 FROM pg_tables WHERE tablename='nodes'

    - name: stop postgresql service
      when: repmgr_check_standby.query_result | length == 0
      systemd:
        name: postgresql@{{ repmgr_pg_version }}-{{ repmgr_pg_cluster }}
        state: stopped

    - name: remove existing pgdata
      when: repmgr_check_standby.query_result | length == 0
      command:
        cmd: mv -vf {{ repmgr_pg_data }} {{ repmgr_pg_data }}.save
        removes: "{{ repmgr_pg_data }}"

    - name: clone from primary to standby
      become: true
      become_user: postgres
      when: repmgr_check_standby.query_result | length == 0
      ignore_errors: true
      register: repmgr_clone_standby
      shell:
        cmd: |
          repmgr \
            --config-file={{ repmgr_config }} \
            --force \
            --dbname={{ repmgr_db }} \
            --host={{ repmgr_primary_node }} \
            --port=5432 \
            --username={{ repmgr_user }} \
            --pgdata={{ repmgr_pg_data }} \
            standby clone --fast-checkpoint

    - name: remove pgdata backup
      when: repmgr_clone_standby is succeeded
      file:
        path: "{{ repmgr_pg_data }}.save"
        state: absent

    - name: remove failed clone pgdata
      when: repmgr_clone_standby is failed
      file:
        path: "{{ repmgr_pg_data }}"
        state: absent

    - name: restore pgdata backup
      when: repmgr_clone_standby is failed
      command:
        cmd: mv -vf {{ repmgr_pg_data }}.save {{ repmgr_pg_data }}
        removes: "{{ repmgr_pg_data }}.save"

    - name: start postgresql service
      systemd:
        name: postgresql@{{ repmgr_pg_version }}-{{ repmgr_pg_cluster }}
        state: started

    - name: standby clone failed
      when: repmgr_clone_standby is failed
      fail:
        msg: "{{ repmgr_clone_standby.stderr }}"

    - name: register standby
      become: true
      become_user: postgres
      when: repmgr_check_standby.query_result | length == 0
      notify: restart repmgrd
      command:
        cmd: repmgr --config-file={{ repmgr_config }} standby register

- meta: flush_handlers

# REGISTER WITNESS

- name: setup witness
  when: db_role == "witness"
  block:

    - name: check if witness already joined
      become: true
      become_user: postgres
      register: repmgr_check_witness
      postgresql_query:
        db: repmgr
        query: SELECT 1 FROM pg_tables WHERE tablename='nodes'

    - name: register witness
      become: true
      become_user: postgres
      when: repmgr_check_witness.query_result | length == 0
      notify: restart repmgrd
      command:
        cmd: repmgr --config-file={{ repmgr_config }} --host={{ repmgr_primary_node }} witness register

- meta: flush_handlers

# REPHACHECK

- name: install rephacheck
  template:
    src: rephacheck.py.j2
    dest: /usr/bin/rephacheck
    mode: 0755

- name: register variables needed by rephacheck as facts
  set_fact:
    repmgr_node_name: "{{ repmgr_node_name }}"
    repmgr_node_id: "{{ repmgr_node_id }}"

- name: configure rephacheck
  template:
    src: rephacheck.conf.j2
    dest: /etc/postgresql/{{ repmgr_pg_version }}/{{ repmgr_pg_cluster }}/rephacheck.conf
    owner: postgres
    group: postgres
    mode: 0644

- name: configure rephacheck socket
  notify:
    - reload systemd
    - restart rephacheck
  copy:
    dest: /etc/systemd/system/rephacheck.socket
    content: |
      [Unit]
      Description=RepHACheck socket

      [Socket]
      ListenStream={{ repmgr_repha_port }}
      Accept=yes

      [Install]
      WantedBy=sockets.target

- name: configure rephacheck service
  notify:
    - reload systemd
    - restart rephacheck
  copy:
    dest: /etc/systemd/system/rephacheck@.service
    content: |
      [Unit]
      Description=RepHACheck - Health check for PostgreSQL cluster managed by repmgr

      [Service]
      ExecStart=-/usr/bin/rephacheck
      StandardInput=socket
      User=postgres
      Group=postgres

- name: enable and start rephacheck
  service:
    name: rephacheck.socket
    state: started
    enabled: true

...