-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'workshop-pglift' into 'master'
Resolve "Workshop pglift" Closes #211 See merge request formation/workshops!295
- Loading branch information
Showing
77 changed files
with
6,294 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.openssl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
[defaults] | ||
host_key_checking = False | ||
interpreter_python=/usr/bin/python3.9 | ||
remote_tmp=/tmp |
10 changes: 10 additions & 0 deletions
10
fr/pglift/ansible/comprehension_et_utilisation_de_pglift.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
|
||
# compréhension et utilisation de pglift | ||
- ansible.builtin.import_playbook: playbooks/prerequisites.yml | ||
- ansible.builtin.import_playbook: playbooks/setup_repositories.yml | ||
- ansible.builtin.import_playbook: playbooks/install_postgresql.yml | ||
- ansible.builtin.import_playbook: playbooks/install_pgbackrest.yml | ||
- ansible.builtin.import_playbook: playbooks/install_prometheus_postgres_exporter.yml | ||
- ansible.builtin.import_playbook: playbooks/install_pglift.yml | ||
- ansible.builtin.import_playbook: playbooks/init_pglift_config.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
|
||
# Nodes | ||
network: 192.168.55 | ||
pg_nodes: | ||
- name: srv-pg1 | ||
ip: "{{ network }}.11" | ||
- name: srv-pg2 | ||
ip: "{{ network }}.11" | ||
helper_nodes: | ||
- name: srv-helper | ||
ip: "{{ network }}.21" | ||
etcd_nodes: | ||
- name: srv-etcd1 | ||
ip: "{{ network }}.31" | ||
- name: srv-etcd2 | ||
ip: "{{ network }}.32" | ||
- name: srv-etcd3 | ||
ip: "{{ network }}.33" | ||
ssl_nodes: "{{ pg_nodes + helper_nodes + etcd_nodes }}" | ||
|
||
# CA TLS | ||
ca_name: ca_workshop | ||
ca_path: "{{ playbook_dir }}/.openssl" | ||
ca_cert: "{{ ca_path }}/{{ ca_name }}.pem" | ||
ca_key: "{{ ca_path }}/{{ ca_name }}.key" | ||
csr_path: "{{ ca_path }}/.csr" | ||
cert_dir: /etc/pki/tls/certs | ||
key_dir: /etc/pki/tls/private | ||
|
||
# Configs pglift des workshops | ||
ws: comprehension_et_utilisation_de_pglift | ||
ws_include_root: "../../include" | ||
ws_pglift_config_dir: "{{ ws_include_root }}/{{ ws }}" | ||
ws_pglift_site_settings: "{{ ws_pglift_config_dir }}/settings.yaml.j2" | ||
ws_pglift_postgresql_template: "{{ ws_pglift_config_dir }}/postgresql.conf.j2" | ||
ws_pglift_pg_hba_template: "{{ ws_pglift_config_dir }}/pg_hba.conf.j2" | ||
ws_pglift_pg_ident_template: "{{ ws_pglift_config_dir }}/pg_ident.conf.j2" | ||
ws_pglift_pgbackrest_template: "{{ ws_pglift_config_dir }}/pgbackrest.conf.j2" | ||
|
||
# PostgreSQL | ||
postgresql_version: 15 | ||
postgresql_sys_user: postgres | ||
postgresql_sys_group: postgres | ||
postgresql_data_dir: /pgdata | ||
|
||
# pglift | ||
pglift_version: 1.0.0 | ||
pglift_sys_user: "{{ postgresql_sys_user }}" | ||
pglift_sys_group: "{{ postgresql_sys_user }}" | ||
pglift_config_root: "/home/{{ postgresql_sys_user }}/.config/pglift" | ||
|
||
# pg_back | ||
pg_back_version: 2.1.1 | ||
pg_back_rpm_url: https://github.com/orgrim/pg_back/releases/download/v{{ pg_back_version }}/pg-back-{{ pg_back_version }}-x86_64.rpm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
|
||
postgresql_user: postgres | ||
|
||
temboard_agent_ca_cert: "{{ cert_dir }}/temboard-agent_ca_cert.pem" | ||
temboard_agent_cert: "{{ cert_dir }}/temboard-agent_cert.pem" | ||
temboard_agent_key: "{{ key_dir }}/temboard-agent.key" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
|
||
temboard_ui_ca_cert: "{{ cert_dir }}/temboard-ca_cert.pem" | ||
temboard_ui_cert: "{{ cert_dir }}/temboard-cert.pem" | ||
temboard_ui_key: "{{ key_dir }}/temboard.key" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
srv-pg1 ansible_host=192.168.55.11 | ||
srv-pg2 ansible_host=192.168.55.12 | ||
srv-helper ansible_host=192.168.55.21 | ||
srv-etcd1 ansible_host=192.168.55.31 | ||
srv-etcd2 ansible_host=192.168.55.32 | ||
srv-etcd3 ansible_host=192.168.55.33 | ||
|
||
[database] | ||
srv-pg1 | ||
srv-pg2 | ||
|
||
[helper] | ||
srv-helper | ||
|
||
[dcs] | ||
srv-etcd1 | ||
srv-etcd2 | ||
srv-etcd3 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
|
||
# pgback | ||
- ansible.builtin.import_playbook: playbooks/prerequisites.yml | ||
- ansible.builtin.import_playbook: playbooks/setup_repositories.yml | ||
- ansible.builtin.import_playbook: playbooks/install_postgresql.yml | ||
- ansible.builtin.import_playbook: playbooks/install_pgbackrest.yml | ||
- ansible.builtin.import_playbook: playbooks/install_prometheus_postgres_exporter.yml | ||
- ansible.builtin.import_playbook: playbooks/install_pglift.yml | ||
- ansible.builtin.import_playbook: playbooks/init_pglift_config.yml | ||
vars: | ||
ws_pglift_site_settings: "{{ ws_include_root }}/pg_back/settings.yaml.j2" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
|
||
- hosts: "{{ pglift_nodes }}" | ||
become: true | ||
become_user: postgres | ||
tasks: | ||
- name: Deploy pglift settings template | ||
ansible.builtin.template: | ||
src: "{{ ws_pglift_site_settings }}" | ||
dest: "{{ pglift_config_root }}/settings.yaml" | ||
mode: '0750' | ||
- name: Deploy PostgreSQL configuration template | ||
ansible.builtin.template: | ||
src: "{{ ws_pglift_postgresql_template }}" | ||
dest: "{{ pglift_config_root }}/postgresql/postgresql.conf" | ||
mode: '0750' | ||
- name: Deploy pg_hba.conf template | ||
ansible.builtin.template: | ||
src: "{{ ws_pglift_pg_hba_template }}" | ||
dest: "{{ pglift_config_root }}/postgresql/pg_hba.conf" | ||
mode: '0750' | ||
- name: Deploy pg_ident.conf template | ||
ansible.builtin.template: | ||
src: "{{ ws_pglift_pg_ident_template }}" | ||
dest: "{{ pglift_config_root }}/postgresql/pg_ident.conf" | ||
mode: '0750' | ||
- name: Deploy pgbackrest configuration template | ||
ansible.builtin.template: | ||
src: "{{ ws_pglift_pgbackrest_template }}" | ||
dest: "{{ pglift_config_root }}/pgbackrest/pgbackrest.conf" | ||
mode: '0750' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
|
||
- hosts: database, helper | ||
become: true | ||
tasks: | ||
- name: "Install pg_back from RPM version {{ pg_back_version }}" | ||
ansible.builtin.yum: | ||
name: "{{ pg_back_rpm_url }}" | ||
state: present | ||
disable_gpg_check: true | ||
- name: Deploy pg_back configuration file | ||
ansible.builtin.template: | ||
src: "{{ ws_include_root }}/pg_back/pg_back.conf.j2" | ||
dest: "{{ pglift_config_root }}/pg_back/pg_back.conf" | ||
owner: "{{ pglift_sys_user }}" | ||
group: "{{ pglift_sys_group }}" | ||
mode: '0750' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
|
||
- hosts: database, helper | ||
become: true | ||
tasks: | ||
- name: Install pgbackrest RPM package | ||
ansible.builtin.package: | ||
name: pgbackrest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
|
||
- hosts: database, helper | ||
become: true | ||
become_user: postgres | ||
tasks: | ||
- name: Install pipx with pip | ||
ansible.builtin.pip: | ||
name: pipx | ||
executable: pip3.9 | ||
- name: "Install pglift {{ pglift_version }}" | ||
community.general.pipx: | ||
name: pglift | ||
source: "pglift=={{ pglift_version }}" | ||
executable: ~/.local/bin/pipx | ||
- name: Enable linger for user {{ pglift_sys_user }} | ||
ansible.builtin.command: "loginctl enable-linger {{ pglift_sys_user }}" | ||
- name: Create directories for components configuration | ||
ansible.builtin.file: | ||
name: "{{ item }}" | ||
state: directory | ||
owner: "{{ postgresql_sys_user }}" | ||
group: "{{ postgresql_sys_group }}" | ||
mode: 0750 | ||
loop: | ||
- "{{ pglift_config_root }}/postgresql" | ||
- "{{ pglift_config_root }}/pgbackrest" | ||
- "{{ pglift_config_root }}/pg_back" | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
--- | ||
|
||
- name: Install PostgreSQL | ||
hosts: database, helper | ||
become: true | ||
tasks: | ||
- name: Create the postgres system group | ||
ansible.builtin.group: | ||
name: postgres | ||
gid: 26 | ||
- name: Create the postgres system user | ||
ansible.builtin.user: | ||
name: "{{ postgresql_sys_user }}" | ||
group: "{{ postgresql_sys_group }}" | ||
uid: 26 | ||
comment: PostgreSQL Server | ||
shell: /bin/bash | ||
- name: Disable the default PostgreSQL module | ||
copy: | ||
dest: /etc/dnf/modules.d/postgresql.module | ||
content: | | ||
[postgresql] | ||
name=postgresql | ||
stream= | ||
profiles= | ||
state=disabled | ||
- name: Install PostgreSQL RPM packages | ||
ansible.builtin.package: | ||
name: "{{ item }}" | ||
loop: | ||
- "postgresql{{ postgresql_version }}" | ||
- "postgresql{{ postgresql_version }}-server" | ||
- "postgresql{{ postgresql_version }}-contrib" | ||
- name: Create the data root directory | ||
ansible.builtin.file: | ||
name: /pgdata | ||
state: directory | ||
owner: "{{ postgresql_sys_user }}" | ||
group: "{{ postgresql_sys_group }}" | ||
mode: 0750 | ||
|
||
- name: Exchange postgres user's ssh keys between PostgreSQL nodes | ||
hosts: database | ||
become: true | ||
roles: | ||
- ssh-exchange | ||
vars: | ||
username: "{{ postgresql_user }}" | ||
target_group: database |
8 changes: 8 additions & 0 deletions
8
fr/pglift/ansible/playbooks/install_prometheus_postgres_exporter.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
|
||
- hosts: database, helper | ||
become: true | ||
tasks: | ||
- name: Install prometheus postgres exporter RPM package | ||
ansible.builtin.package: | ||
name: prometheus-postgres-exporter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
|
||
- hosts: helper | ||
become: true | ||
tasks: | ||
- name: Install temboard server RPM package | ||
ansible.builtin.package: | ||
name: temboard | ||
- name: Check if cert and keys directory exists | ||
ansible.builtin.file: | ||
name: "{{ item }}" | ||
state: directory | ||
loop: | ||
- "{{ cert_dir }}" | ||
- "{{ key_dir }}" | ||
- name: Deploy certificates and keys | ||
ansible.builtin.copy: | ||
src: "{{ item.src }}" | ||
dest: "{{ item.dest }}" | ||
loop: | ||
- src: "{{ ca_cert }}" | ||
dest: "{{ temboard_ui_ca_cert }}" | ||
- src: "{{ ca_path }}/{{ ansible_hostname }}.pem" | ||
dest: "{{ temboard_ui_cert }}" | ||
- src: "{{ ca_path }}/{{ ansible_hostname }}.key" | ||
dest: "{{ temboard_ui_key }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
|
||
- hosts: database | ||
become: true | ||
tasks: | ||
- name: Install temboard server RPM package | ||
ansible.builtin.package: | ||
name: temboard-agent | ||
- name: Check if cert and keys directory exists | ||
ansible.builtin.file: | ||
name: "{{ item }}" | ||
state: directory | ||
loop: | ||
- "{{ cert_dir }}" | ||
- "{{ key_dir }}" | ||
- name: Deploy certificates and keys | ||
ansible.builtin.copy: | ||
src: "{{ item.src }}" | ||
dest: "{{ item.dest }}" | ||
loop: | ||
- src: "{{ ca_cert }}" | ||
dest: "{{ temboard_agent_ca_cert }}" | ||
- src: "{{ ca_path }}/{{ ansible_hostname }}.pem" | ||
dest: "{{ temboard_agent_cert }}" | ||
- src: "{{ ca_path }}/{{ ansible_hostname }}.key" | ||
dest: "{{ temboard_agent_key }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
|
||
- hosts: "{{ pglift_nodes }}" | ||
become: true | ||
become_user: postgres | ||
tasks: | ||
- name: Activate site configuration | ||
ansible.builtin.command: | ||
cmd: "~/.local/bin/pglift site-configure install" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
--- | ||
|
||
- name: Install prerequisites | ||
hosts: all | ||
become: true | ||
tasks: | ||
- name: Install acl package for ansible | ||
ansible.builtin.package: | ||
name: acl | ||
|
||
- hosts: all,localhost | ||
become: true | ||
tasks: | ||
- name: Add /etc/hosts entries corresponding to inventory values on both VMs and localhost | ||
lineinfile: | ||
dest: /etc/hosts | ||
regexp: '.*{{ item }}$' | ||
line: "{{ hostvars[item].ansible_host }} {{item}}" | ||
when: hostvars[item].ansible_host is defined | ||
with_items: "{{ groups.all }}" | ||
|
||
- name: Exchange root ssh keys | ||
hosts: all | ||
become: true | ||
roles: | ||
- ssh-exchange | ||
vars: | ||
username: root | ||
target_group: all |
3 changes: 3 additions & 0 deletions
3
fr/pglift/ansible/playbooks/roles/ssh-exchange/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
|
||
username: root |
Oops, something went wrong.