Skip to content

Commit

Permalink
Workshop pglift/socle2
Browse files Browse the repository at this point in the history
  • Loading branch information
Alexandre Pereira committed Jan 24, 2024
1 parent f036e36 commit ecd385e
Show file tree
Hide file tree
Showing 77 changed files with 6,294 additions and 0 deletions.
1 change: 1 addition & 0 deletions fr/pglift/ansible/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
.openssl
4 changes: 4 additions & 0 deletions fr/pglift/ansible/ansible.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[defaults]
host_key_checking = False
interpreter_python=/usr/bin/python3.9
remote_tmp=/tmp
10 changes: 10 additions & 0 deletions fr/pglift/ansible/comprehension_et_utilisation_de_pglift.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---

# compréhension et utilisation de pglift
- ansible.builtin.import_playbook: playbooks/prerequisites.yml
- ansible.builtin.import_playbook: playbooks/setup_repositories.yml
- ansible.builtin.import_playbook: playbooks/install_postgresql.yml
- ansible.builtin.import_playbook: playbooks/install_pgbackrest.yml
- ansible.builtin.import_playbook: playbooks/install_prometheus_postgres_exporter.yml
- ansible.builtin.import_playbook: playbooks/install_pglift.yml
- ansible.builtin.import_playbook: playbooks/init_pglift_config.yml
55 changes: 55 additions & 0 deletions fr/pglift/ansible/group_vars/all/vars.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---

# Nodes
network: 192.168.55
pg_nodes:
- name: srv-pg1
ip: "{{ network }}.11"
- name: srv-pg2
ip: "{{ network }}.11"
helper_nodes:
- name: srv-helper
ip: "{{ network }}.21"
etcd_nodes:
- name: srv-etcd1
ip: "{{ network }}.31"
- name: srv-etcd2
ip: "{{ network }}.32"
- name: srv-etcd3
ip: "{{ network }}.33"
ssl_nodes: "{{ pg_nodes + helper_nodes + etcd_nodes }}"

# CA TLS
ca_name: ca_workshop
ca_path: "{{ playbook_dir }}/.openssl"
ca_cert: "{{ ca_path }}/{{ ca_name }}.pem"
ca_key: "{{ ca_path }}/{{ ca_name }}.key"
csr_path: "{{ ca_path }}/.csr"
cert_dir: /etc/pki/tls/certs
key_dir: /etc/pki/tls/private

# Configs pglift des workshops
ws: comprehension_et_utilisation_de_pglift
ws_include_root: "../../include"
ws_pglift_config_dir: "{{ ws_include_root }}/{{ ws }}"
ws_pglift_site_settings: "{{ ws_pglift_config_dir }}/settings.yaml.j2"
ws_pglift_postgresql_template: "{{ ws_pglift_config_dir }}/postgresql.conf.j2"
ws_pglift_pg_hba_template: "{{ ws_pglift_config_dir }}/pg_hba.conf.j2"
ws_pglift_pg_ident_template: "{{ ws_pglift_config_dir }}/pg_ident.conf.j2"
ws_pglift_pgbackrest_template: "{{ ws_pglift_config_dir }}/pgbackrest.conf.j2"

# PostgreSQL
postgresql_version: 15
postgresql_sys_user: postgres
postgresql_sys_group: postgres
postgresql_data_dir: /pgdata

# pglift
pglift_version: 1.0.0
pglift_sys_user: "{{ postgresql_sys_user }}"
pglift_sys_group: "{{ postgresql_sys_user }}"
pglift_config_root: "/home/{{ postgresql_sys_user }}/.config/pglift"

# pg_back
pg_back_version: 2.1.1
pg_back_rpm_url: https://github.com/orgrim/pg_back/releases/download/v{{ pg_back_version }}/pg-back-{{ pg_back_version }}-x86_64.rpm
8 changes: 8 additions & 0 deletions fr/pglift/ansible/group_vars/database/vars.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---

postgresql_user: postgres

temboard_agent_ca_cert: "{{ cert_dir }}/temboard-agent_ca_cert.pem"
temboard_agent_cert: "{{ cert_dir }}/temboard-agent_cert.pem"
temboard_agent_key: "{{ key_dir }}/temboard-agent.key"

6 changes: 6 additions & 0 deletions fr/pglift/ansible/group_vars/helper/vars.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---

temboard_ui_ca_cert: "{{ cert_dir }}/temboard-ca_cert.pem"
temboard_ui_cert: "{{ cert_dir }}/temboard-cert.pem"
temboard_ui_key: "{{ key_dir }}/temboard.key"

19 changes: 19 additions & 0 deletions fr/pglift/ansible/inventory
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
srv-pg1 ansible_host=192.168.55.11
srv-pg2 ansible_host=192.168.55.12
srv-helper ansible_host=192.168.55.21
srv-etcd1 ansible_host=192.168.55.31
srv-etcd2 ansible_host=192.168.55.32
srv-etcd3 ansible_host=192.168.55.33

[database]
srv-pg1
srv-pg2

[helper]
srv-helper

[dcs]
srv-etcd1
srv-etcd2
srv-etcd3

12 changes: 12 additions & 0 deletions fr/pglift/ansible/pg_back.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---

# pgback
- ansible.builtin.import_playbook: playbooks/prerequisites.yml
- ansible.builtin.import_playbook: playbooks/setup_repositories.yml
- ansible.builtin.import_playbook: playbooks/install_postgresql.yml
- ansible.builtin.import_playbook: playbooks/install_pgbackrest.yml
- ansible.builtin.import_playbook: playbooks/install_prometheus_postgres_exporter.yml
- ansible.builtin.import_playbook: playbooks/install_pglift.yml
- ansible.builtin.import_playbook: playbooks/init_pglift_config.yml
vars:
ws_pglift_site_settings: "{{ ws_include_root }}/pg_back/settings.yaml.j2"
31 changes: 31 additions & 0 deletions fr/pglift/ansible/playbooks/init_pglift_config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---

- hosts: "{{ pglift_nodes }}"
become: true
become_user: postgres
tasks:
- name: Deploy pglift settings template
ansible.builtin.template:
src: "{{ ws_pglift_site_settings }}"
dest: "{{ pglift_config_root }}/settings.yaml"
mode: '0750'
- name: Deploy PostgreSQL configuration template
ansible.builtin.template:
src: "{{ ws_pglift_postgresql_template }}"
dest: "{{ pglift_config_root }}/postgresql/postgresql.conf"
mode: '0750'
- name: Deploy pg_hba.conf template
ansible.builtin.template:
src: "{{ ws_pglift_pg_hba_template }}"
dest: "{{ pglift_config_root }}/postgresql/pg_hba.conf"
mode: '0750'
- name: Deploy pg_ident.conf template
ansible.builtin.template:
src: "{{ ws_pglift_pg_ident_template }}"
dest: "{{ pglift_config_root }}/postgresql/pg_ident.conf"
mode: '0750'
- name: Deploy pgbackrest configuration template
ansible.builtin.template:
src: "{{ ws_pglift_pgbackrest_template }}"
dest: "{{ pglift_config_root }}/pgbackrest/pgbackrest.conf"
mode: '0750'
18 changes: 18 additions & 0 deletions fr/pglift/ansible/playbooks/install_pg_back.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---

- hosts: database, helper
become: true
tasks:
- name: "Install pg_back from RPM version {{ pg_back_version }}"
ansible.builtin.yum:
name: "{{ pg_back_rpm_url }}"
state: present
disable_gpg_check: true
- name: Deploy pg_back configuration file
ansible.builtin.template:
src: "{{ ws_include_root }}/pg_back/pg_back.conf.j2"
dest: "{{ pglift_config_root }}/pg_back/pg_back.conf"
owner: "{{ pglift_sys_user }}"
group: "{{ pglift_sys_group }}"
mode: '0750'

8 changes: 8 additions & 0 deletions fr/pglift/ansible/playbooks/install_pgbackrest.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---

- hosts: database, helper
become: true
tasks:
- name: Install pgbackrest RPM package
ansible.builtin.package:
name: pgbackrest
30 changes: 30 additions & 0 deletions fr/pglift/ansible/playbooks/install_pglift.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---

- hosts: database, helper
become: true
become_user: postgres
tasks:
- name: Install pipx with pip
ansible.builtin.pip:
name: pipx
executable: pip3.9
- name: "Install pglift {{ pglift_version }}"
community.general.pipx:
name: pglift
source: "pglift=={{ pglift_version }}"
executable: ~/.local/bin/pipx
- name: Enable linger for user {{ pglift_sys_user }}
ansible.builtin.command: "loginctl enable-linger {{ pglift_sys_user }}"
- name: Create directories for components configuration
ansible.builtin.file:
name: "{{ item }}"
state: directory
owner: "{{ postgresql_sys_user }}"
group: "{{ postgresql_sys_group }}"
mode: 0750
loop:
- "{{ pglift_config_root }}/postgresql"
- "{{ pglift_config_root }}/pgbackrest"
- "{{ pglift_config_root }}/pg_back"


49 changes: 49 additions & 0 deletions fr/pglift/ansible/playbooks/install_postgresql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---

- name: Install PostgreSQL
hosts: database, helper
become: true
tasks:
- name: Create the postgres system group
ansible.builtin.group:
name: postgres
gid: 26
- name: Create the postgres system user
ansible.builtin.user:
name: "{{ postgresql_sys_user }}"
group: "{{ postgresql_sys_group }}"
uid: 26
comment: PostgreSQL Server
shell: /bin/bash
- name: Disable the default PostgreSQL module
copy:
dest: /etc/dnf/modules.d/postgresql.module
content: |
[postgresql]
name=postgresql
stream=
profiles=
state=disabled
- name: Install PostgreSQL RPM packages
ansible.builtin.package:
name: "{{ item }}"
loop:
- "postgresql{{ postgresql_version }}"
- "postgresql{{ postgresql_version }}-server"
- "postgresql{{ postgresql_version }}-contrib"
- name: Create the data root directory
ansible.builtin.file:
name: /pgdata
state: directory
owner: "{{ postgresql_sys_user }}"
group: "{{ postgresql_sys_group }}"
mode: 0750

- name: Exchange postgres user's ssh keys between PostgreSQL nodes
hosts: database
become: true
roles:
- ssh-exchange
vars:
username: "{{ postgresql_user }}"
target_group: database
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---

- hosts: database, helper
become: true
tasks:
- name: Install prometheus postgres exporter RPM package
ansible.builtin.package:
name: prometheus-postgres-exporter
26 changes: 26 additions & 0 deletions fr/pglift/ansible/playbooks/install_temboard.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---

- hosts: helper
become: true
tasks:
- name: Install temboard server RPM package
ansible.builtin.package:
name: temboard
- name: Check if cert and keys directory exists
ansible.builtin.file:
name: "{{ item }}"
state: directory
loop:
- "{{ cert_dir }}"
- "{{ key_dir }}"
- name: Deploy certificates and keys
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- src: "{{ ca_cert }}"
dest: "{{ temboard_ui_ca_cert }}"
- src: "{{ ca_path }}/{{ ansible_hostname }}.pem"
dest: "{{ temboard_ui_cert }}"
- src: "{{ ca_path }}/{{ ansible_hostname }}.key"
dest: "{{ temboard_ui_key }}"
26 changes: 26 additions & 0 deletions fr/pglift/ansible/playbooks/install_temboard_agent.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---

- hosts: database
become: true
tasks:
- name: Install temboard server RPM package
ansible.builtin.package:
name: temboard-agent
- name: Check if cert and keys directory exists
ansible.builtin.file:
name: "{{ item }}"
state: directory
loop:
- "{{ cert_dir }}"
- "{{ key_dir }}"
- name: Deploy certificates and keys
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- src: "{{ ca_cert }}"
dest: "{{ temboard_agent_ca_cert }}"
- src: "{{ ca_path }}/{{ ansible_hostname }}.pem"
dest: "{{ temboard_agent_cert }}"
- src: "{{ ca_path }}/{{ ansible_hostname }}.key"
dest: "{{ temboard_agent_key }}"
9 changes: 9 additions & 0 deletions fr/pglift/ansible/playbooks/pglift_site_configure.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---

- hosts: "{{ pglift_nodes }}"
become: true
become_user: postgres
tasks:
- name: Activate site configuration
ansible.builtin.command:
cmd: "~/.local/bin/pglift site-configure install"
29 changes: 29 additions & 0 deletions fr/pglift/ansible/playbooks/prerequisites.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---

- name: Install prerequisites
hosts: all
become: true
tasks:
- name: Install acl package for ansible
ansible.builtin.package:
name: acl

- hosts: all,localhost
become: true
tasks:
- name: Add /etc/hosts entries corresponding to inventory values on both VMs and localhost
lineinfile:
dest: /etc/hosts
regexp: '.*{{ item }}$'
line: "{{ hostvars[item].ansible_host }} {{item}}"
when: hostvars[item].ansible_host is defined
with_items: "{{ groups.all }}"

- name: Exchange root ssh keys
hosts: all
become: true
roles:
- ssh-exchange
vars:
username: root
target_group: all
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---

username: root
Loading

0 comments on commit ecd385e

Please sign in to comment.