add rhel 9 and debian 11 support

README.md

@@ -1,4 +1,7 @@
-Setup PostgreSQL for RHEL8  
+Setup PostgreSQL
+Supported OS:
+  - RHEL 8/9
+  - Debian 11
 Supported PostgreSQL versions:
   - 13
   - 14

defaults/main.yaml

@@ -1,19 +1,22 @@
-postgresql_version: "14.6"
+postgresql_version: "15.2"
 
 # Options
+postgresql_superuser_db: "postgres"
+postgresql_superuser_name: "postgres"
 postgresql_superuser_password: "postgres"
 
 # SSL options
-postgresql_ssl: yes
-postgresql_ssl_path: "/var/lib/pgsql/{{ postgresql_major_version }}"
-postgresql_self_signed_cert: yes
+postgresql_ssl: true
+postgresql_group: "postgresql"
+postgresql_self_signed_cert: true
 postgresql_self_signed_cert_name: "cert"
 
 ## Backup options
-postgresql_wal_g_install: no
+postgresql_wal_g_install: false
 
 postgresql_password_encryption_algorithm: "scram-sha-256"
 postgresql_default_parameters:
+  data_directory: '{{ postgresql_data_dir }}'
   listen_addresses: '*'
   max_connections: '1000'
   superuser_reserved_connections: '5'
@@ -37,10 +40,10 @@ postgresql_default_parameters:
   log_timezone: 'Europe/Moscow'
   datestyle: 'iso, mdy'
   timezone: 'Europe/Moscow'
-  lc_messages: 'en_US.UTF-8'
-  lc_monetary: 'en_US.UTF-8'
-  lc_numeric: 'en_US.UTF-8'
-  lc_time: 'en_US.UTF-8'
+  lc_messages: '{{ postgresql_system_locale | default("en_US.UTF-8") }}'
+  lc_monetary: '{{ postgresql_system_locale | default("en_US.UTF-8") }}'
+  lc_numeric: '{{ postgresql_system_locale | default("en_US.UTF-8") }}'
+  lc_time: '{{ postgresql_system_locale | default("en_US.UTF-8") }}'
   default_text_search_config: 'pg_catalog.english'
   password_encryption: '{{ postgresql_password_encryption_algorithm }}'
 
@@ -55,4 +58,3 @@ postgresql_supported_versions:
   - 13
   - 14
   - 15
-

handlers/main.yaml

@@ -2,8 +2,9 @@
   - name: Restart PostgreSQL
     throttle: 1
     ansible.builtin.systemd:
+      name: "{{ postgresql_unit_name }}"
       state: restarted
       daemon_reload: yes
-      name: "postgresql-{{ postgresql_major_version }}"
-    when: "not postgresql_setup.changed or not postgresql_enable_and_start.changed"
-
+    when: 
+      - not postgresql_setup.changed 
+      - not postgresql_enable_and_start.changed

tasks/Debian/config.yaml

@@ -0,0 +1,40 @@
+---
+- name: Merge user options for PostgreSQL config
+  set_fact:
+    postgresql_combined_parameters: "{{ postgresql_default_parameters | combine(postgresql_custom_parameters|default({}), recursive=true) }}"
+
+- name: Merge backup options for PostgreSQL config
+  set_fact:
+    postgresql_combined_parameters: "{{ postgresql_combined_parameters | combine(postgresql_backup_parameters|default({}), recursive=true) }}"
+  when:
+
+- name: Propagate PostgreSQL configs
+  block:
+    - name: Template PostgreSQL pg_hba configuration
+      template:
+        src: "{{ postgresql_major_version }}-pg_hba.conf.j2"
+        dest: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}/pg_hba.conf"
+        mode: 0600
+        owner: postgres
+        group: postgres
+      register: pg_hba_config_file
+      notify: Restart PostgreSQL
+    - name: Template PostgreSQL configuration
+      template:
+        src: "{{ postgresql_major_version }}-postgresql.conf.j2"
+        dest: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}/postgresql.conf"
+        mode: 0600
+        owner: postgres
+        group: postgres
+      register: postgresql_config_file
+      notify: Restart PostgreSQL
+    - name: Template PostgreSQL SSL configuration
+      template:
+        src: "{{ postgresql_major_version }}-postgresql.ssl.conf.j2"
+        dest: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}/postgresql.ssl.conf"
+        mode: 0600
+        owner: postgres
+        group: postgres
+      register: postgresql_ssl_config_file
+      notify: Restart PostgreSQL
+      when: postgresql_ssl

tasks/Debian/install.yaml

@@ -0,0 +1,55 @@
+- name: Install deps packages
+  apt:
+    name: "{{ postgresql_deps_packages }}"
+    state: present
+    update_cache: yes
+
+- name: Add gpg keys for PostgreSQL repo
+  ansible.builtin.apt_key:
+    url: "{{ item.url }}"
+    keyring: "{{ item.keyring }}"
+  loop: "{{ postgresql_apt_key }}"
+
+- name: Add PostgreSQL repository
+  ansible.builtin.apt_repository:
+    repo: "{{ item.repo }}"
+    state: present
+    filename: "{{ item.filename }}"
+    update_cache: yes
+  loop: "{{ postgresql_apt_repository }}" 
+
+- name: Gather packages
+  package_facts:
+    manager: auto
+
+- name: Set fact about PostgreSQL package
+  set_fact:
+    postgresql_installed_package: "{{ ansible_facts.packages[postgresql_package_name][0]['name'] }}"
+  when: postgresql_package_name in ansible_facts.packages
+
+- debug:
+    msg: "{{ ansible_facts.packages[postgresql_package_name][0]['version'] }}"
+  when: postgresql_installed_package is defined
+
+- name: Mask PostgreSQL before install
+  ansible.builtin.systemd:
+    name: "{{ postgresql_unit_name }}"
+    masked: yes
+  when: postgresql_package_name not in ansible_facts.packages or ansible_facts.packages[postgresql_package_name][0]['version'] != (postgresql_version + "-" + postgresql_version_build)
+
+- name: "Install {{ postgresql_package_name }}-{{ postgresql_version }}-{{ postgresql_version_build }}"
+  apt:
+    name: "{{ postgresql_package }}"
+    update_cache: yes
+  register: postgresql_setup
+  when: postgresql_package_name not in ansible_facts.packages 
+
+- name: "Update {{ postgresql_package_name }}-{{ postgresql_version }}-{{ postgresql_version_build }}"
+  apt:
+    name: "{{ postgresql_package }}"
+    update_cache: yes
+  register: postgresql_update
+  notify: Restart PostgreSQL
+  when: 
+    - postgresql_package_name in ansible_facts.packages 
+    - ansible_facts.packages[postgresql_package_name][0]['version'] != (postgresql_version + "-" + postgresql_version_build)

tasks/Debian/main.yaml

@@ -1,37 +1,14 @@
-- name: Add gpg package
-  apt:
-    name: gpg
+- name: "Install PostgreSQL"
+  include_tasks: install.yaml
+  tags: postgresql_installation
 
-- name: Add gpg keys for postgresql
-  ansible.builtin.apt_key:
-    url: "{{ item.url }}"
-    keyring: "{{ item.keyring }}"
-  loop: "{{ postgresql_apt_key }}"
+- name: "Configure PostgreSQL"
+  include_tasks: config.yaml
+  tags: postgresql_configuration
 
-- name: Add Hashicorp repository
-  apt_repository:
-    repo: "{{ item.repo }}"
-    state: present
-    filename: "{{ item.filename }}"
-    update_cache: yes
-  loop: "{{ postgresql_apt_repository }}" 
-
-- name: Check if Patroni is installed
-  ansible.builtin.shell: dpkg-query -l {{ postgresql_package_name }} 2>&1 | grep {{ postgresql_version }}
-  ignore_errors: True
-  register: is_postgresql
-  changed_when: is_postgresql.rc != 0
-  failed_when: False
-
-- name: Mask Patroni before install
-  ansible.builtin.systemd:
-    name: "{{ postgresql_package_name }}"
-    masked: yes
-  when: is_postgresql.rc != 0
-
-- name: "Install {{ postgresql_package_name }} {{ postgresql_version }}"
-  apt:
-    name: "{{ postgresql_package }}"
-    update_cache: yes
-  register: postgresql_setup
-  when: is_postgresql.rc != 0
+- name: "PostgreSQL initdb"
+  become_user: "{{ postgresql_superuser_name }}"
+  shell: "/usr/lib/postgresql/{{ postgresql_major_version }}/bin/initdb -D {{ postgresql_data_dir }} --auth-local peer --auth-host {{ postgresql_password_encryption_algorithm }} --no-instructions"
+  register: initdb
+  changed_when: "'exists but is not empty' not in initdb.stderr"
+  failed_when: false

tasks/RedHat/config.yaml

@@ -13,7 +13,7 @@
     - name: Template PostgreSQL pg_hba configuration
       template:
         src: "{{ postgresql_major_version }}-pg_hba.conf.j2"
-        dest: "/var/lib/pgsql/{{ postgresql_major_version }}/data/pg_hba.conf"
+        dest: "{{ postgresql_data_dir }}/pg_hba.conf"
         mode: 0600
         owner: postgres
         group: postgres
@@ -22,7 +22,7 @@
     - name: Template PostgreSQL configuration
       template:
         src: "{{ postgresql_major_version }}-postgresql.conf.j2"
-        dest: "/var/lib/pgsql/{{ postgresql_major_version }}/data/postgresql.conf"
+        dest: "{{ postgresql_data_dir }}/postgresql.conf"
         mode: 0600
         owner: postgres
         group: postgres
@@ -31,7 +31,7 @@
     - name: Template PostgreSQL SSL configuration
       template:
         src: "{{ postgresql_major_version }}-postgresql.ssl.conf.j2"
-        dest: "/var/lib/pgsql/{{ postgresql_major_version }}/data/postgresql.ssl.conf"
+        dest: "{{ postgresql_data_dir }}/postgresql.ssl.conf"
         mode: 0600
         owner: postgres
         group: postgres

tasks/RedHat/main.yaml

@@ -1,7 +1,14 @@
+- name: Install deps packages
+  dnf:
+    name: "{{ postgresql_deps_packages }}"
+    state: present
+
 - name: Disable PostgreSQL module
   shell: dnf module disable -y postgresql
   register: disable_postgresql_module
   changed_when: "'Nothing to do' not in disable_postgresql_module.stdout"
+  when:
+    - ansible_facts['distribution_major_version'] == '8'
 
 - name: Add PostgreSQL repository
   dnf: 
@@ -16,16 +23,16 @@
     disable_gpg_check: yes
   register: postgresql_setup
 
-- name: Manage TLS/SSL certificates
-  include_tasks: cacert.yaml
-  when: postgresql_ssl
-
 - name: PostgreSQL Initdb
   shell: "/usr/pgsql-{{ postgresql_major_version }}/bin/postgresql-{{ postgresql_major_version }}-setup initdb"
   register: initdb
   changed_when: "'Data directory is not empty!' not in initdb.stdout"
   failed_when: false
 
+- name: "Configure PostgreSQL"
+  include_tasks: config.yaml
+  tags: postgresql_configuration
+
 - name: Include WAL-G role
   ansible.builtin.include_role:
     name: wal-g

tasks/cacert.yaml

@@ -1,3 +1,18 @@
+- name: "Add host to {{ postgresql_group }} group"
+  add_host:
+    groups: "{{ postgresql_group }}"
+    hostname: "{{ hostvars[item]['inventory_hostname'] }}"
+    ansible_host: "{{ hostvars[item]['ansible_host'] | default(omit) }}"
+  loop: "{{ ansible_play_hosts }}"
+  when: groups[postgresql_group] is not defined
+  changed_when: false
+
+- name: Install python3-cryptography as dependence
+  dnf:
+    name: python3-cryptography
+    state: present
+  when: ansible_facts['os_family'] == 'RedHat'
+
 - name: Check if ssl dir exist
   file: 
     name: "{{ postgresql_ssl_path }}"
@@ -16,7 +31,7 @@
   when: postgresql_cert is defined
 
 - name: Generate OpenSSL key and cert for PostgreSQL
-  when: "inventory_hostname == groups.postgresql|first"
+  when: "inventory_hostname == groups[postgresql_group]|first"
   block:
     - name: Generate an OpenSSL private CA key with the default values (4096 bits, RSA)
       community.crypto.openssl_privatekey:
@@ -61,12 +76,26 @@
       when: postgresql_cert is not defined
       register: postgresql_key_gen
 
+    - name: Generate PostgreSQL subject_alt_ips from ansible_host
+      set_fact:
+        postgresql_server_subject_alt_ips_from_ansible_host: "{{ groups[postgresql_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
+      when: hostvars[inventory_hostname]['ansible_host'] is defined
+
+    - name: Generate PostgreSQL subject_alt_ips from default ipv4 address
+      set_fact:
+        postgresql_server_subject_alt_ips: "{{ groups[postgresql_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}"
+      when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined
+
+    - name: Generate PostgreSQL subject_alt_names
+      set_fact:
+        postgresql_server_subject_alt_names: "{{ groups[postgresql_group] | default([]) | map('extract', hostvars, ['inventory_hostname']) | map('regex_replace', '^', 'DNS:') | list }}"
+
     - name: Generate an OpenSSL Certificate Signing Request for client
       community.crypto.openssl_csr:
         path: "{{ postgresql_ssl_path }}/{{ postgresql_self_signed_cert_name }}.csr"
         privatekey_path: "{{ postgresql_ssl_path }}/{{ postgresql_self_signed_cert_name }}.key"
         common_name: "{{ postgresql_self_signed_cert_name }}"
-        subject_alt_name: "{{ groups.postgresql | map('regex_replace', '^', 'IP:') | list }}"
+        subject_alt_name: "{{ postgresql_server_subject_alt_ips | default([]) + postgresql_server_subject_alt_names | default([]) + postgresql_agent_subject_alt_ips | default([]) + postgresql_agent_subject_alt_names | default([]) + postgresql_server_subject_alt_ips_from_ansible_host | default([]) + postgresql_agent_subject_alt_ips_from_ansible_host | default([]) }}"
         owner: postgres
         group: postgres
       register: postgresql_csr
@@ -133,13 +162,13 @@
 - name: Put PostgreSQL CA OpenSSL cert to PKI
   copy:
     content: "{{ postgresql_ca_cert }}"
-    dest: "/etc/pki/ca-trust/source/anchors/CA-{{ postgresql_self_signed_cert_name }}.crt"
-  register: ca_trust_anchors
+    dest: "{{ postgresql_ssl_ca_trust_dir }}/CA-{{ postgresql_self_signed_cert_name }}.crt"
+  register: ca_trust
   notify: Restart PostgreSQL
 
 - name: Update CA trust
-  shell: update-ca-trust extract
-  when: ca_trust_anchors.changed
+  shell: "{{ postgresql_ssl_update_ca_command }}"
+  when: ca_trust.changed
 
 - name: Put PostgreSQL OpenSSL key
   copy:

tasks/locale.yaml

@@ -0,0 +1,42 @@
+- name: Install glibc-all-langpacks for RedHat
+  dnf:
+    name: glibc-all-langpacks
+    state: present
+  when: ansible_facts['os_family'] == 'RedHat'
+
+- name: Check if locale exists
+  shell: "locale -a | grep -i {{ postgresql_system_locale | regex_replace('-', '') | quote }}"
+  register: found_locale
+  changed_when: false
+  failed_when: false
+
+- name: Create locale
+  command: "localedef -i {{ postgresql_system_locale | regex_replace('(.*)\\..*', '\\1') | quote }} -f {{ postgresql_system_locale | regex_replace('.*\\.(.*)', '\\1') | quote }} {{ postgresql_system_locale | quote }}"
+  when: not ansible_check_mode and found_locale.rc != 0
+
+- name: Check if language exists
+  shell: "locale -a | grep -i {{ postgresql_system_language | regex_replace('-', '') | quote }}"
+  register: found_language
+  changed_when: false
+  failed_when: false
+
+- name: Create language
+  command: "localedef -i {{ postgresql_system_language | regex_replace('(.*)\\..*', '\\1') | quote }} -f {{ postgresql_system_language | regex_replace('.*\\.(.*)', '\\1') | quote }} {{ postgresql_system_language | quote }}"
+  when: not ansible_check_mode and found_language.rc != 0
+
+- name: Get current locale and language configuration
+  command: localectl status
+  register: locale_status
+  changed_when: false
+
+- name: Parse 'LANG' from current locale and language configuration
+  set_fact:
+    locale_lang: "{{ locale_status.stdout | regex_search('LANG=([^\n]+)', '\\1') | first }}"
+
+- name: Parse 'LANGUAGE' from current locale and language configuration
+  set_fact:
+    locale_language: "{{ locale_status.stdout | regex_search('LANGUAGE=([^\n]+)', '\\1') | default([locale_lang], true) | first }}"
+
+- name: Configure locale to '{{ postgresql_system_locale }}' and language to '{{ postgresql_system_language }}'
+  command: localectl set-locale LANG={{ postgresql_system_locale }} LANGUAGE={{ postgresql_system_language }}
+  changed_when: locale_lang != postgresql_system_locale or locale_language != postgresql_system_language

tasks/main.yaml

@@ -6,24 +6,28 @@
   vars:
     params:
       files:
-        - "{{ ansible_facts['distribution'] }}.yaml"
-        - "{{ ansible_facts['os_family'] }}.yaml"
+        - "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml"
+        - "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml"
       paths:
         - "vars"
   tags: postgresql_vars
 
+- name: "Set locale for PostgreSQL"
+  include_tasks: locale.yaml
+  tags: postgresql_locale
+
 - name: "Install PostgreSQL for {{ ansible_facts['os_family'] }}"
   include_tasks: "{{ ansible_facts['os_family'] }}/main.yaml"
   tags: postgresql_setup
 
-- name: "Configure PostgreSQL"
-  include_tasks: config.yaml
-  tags: postgresql_configuration
+- name: "Manage TLS/SSL certificates"
+  include_tasks: cacert.yaml
+  when: postgresql_ssl
 
 - name: Enable and start PostgreSQL
   systemd:
     daemon_reload: true
-    name: "postgresql-{{ postgresql_major_version }}"
+    name: "{{ postgresql_unit_name }}"
     enabled: true
     state: started
     masked: no

tasks/user.yaml

@@ -1,17 +1,10 @@
-- name: Ensure Python 3.9 and psycopg2 installed
-  dnf:
-    name:
-      - python39
-      - python39-psycopg2
-    state: present
-
 - name: Set initial PostgreSQL user
   become: true
   become_user: postgres
   vars:
     ansible_python_interpreter: '/usr/bin/env python3'
   community.postgresql.postgresql_user:
-    db: "postgres"
-    name: "postgres"
+    db: "{{ postgresql_superuser_db }}"
+    name: "{{ postgresql_superuser_name }}"
     password: "{{ postgresql_superuser_password }}"
     state: present

vars/Debian-11.yaml

@@ -0,0 +1,24 @@
+postgresql_apt_key: 
+  - name: org.postgresql.gpg
+    url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc"
+    keyring: /etc/apt/trusted.gpg.d/org.postgresql.gpg
+postgresql_apt_repository:
+  - repo: deb http://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main
+    filename: postgresql
+
+postgresql_deps_packages:
+  - gnupg
+  - python3-psycopg2
+
+postgresql_package_name: "postgresql-{{ postgresql_major_version }}"
+postgresql_package: "{{ postgresql_package_name }}={{ postgresql_version }}-{{ postgresql_version_build }}"
+postgresql_version_build: "1.pgdg110+1"
+postgresql_config_dir: "/etc/postgresql"
+postgresql_base_dir: "/var/lib/postgresql"
+postgresql_data_dir: "{{ postgresql_base_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}"
+postgresql_ssl_path: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}"
+postgresql_package_name_regex: "{{ postgresql_package_name }}-{{ postgresql_version }}-{{ postgresql_version_build }}"
+postgresql_cluster_name: "main"
+postgresql_ssl_update_ca_command: "update-ca-certificates --fresh"
+postgresql_ssl_ca_trust_dir: "/usr/local/share/ca-certificates"
+postgresql_unit_name: "postgresql@{{ postgresql_major_version}}-{{ postgresql_cluster_name }}"

vars/Debian.yaml

@@ -1,10 +0,0 @@
-postgresql_apt_key: 
-  - name: org.postgresql.gpg
-    url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc"
-    keyring: /etc/apt/trusted.gpg.d/org.postgresql.gpg
-postgresql_apt_repository:
-  - repo: deb http://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main
-    filename: postgresql
-
-postgresql_package: "{{ postgresql_package_name }}-{{ postgresql_major_version }}={{ postgresql_version }}"
-postgresql_home_dir: "/var/lib/postgresql"

vars/RedHat-8.yaml

@@ -0,0 +1,14 @@
+postgresql_repo_package: "https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm"
+
+postgresql_package_name: "postgresql"
+postgresql_package: "{{ postgresql_package_name }}{{ postgresql_major_version }}-server-{{ postgresql_version }}"
+postgresql_base_dir: "/var/lib/pgsql"
+postgresql_data_dir: "{{ postgresql_base_dir }}/{{ postgresql_major_version }}/data"
+postgresql_ssl_path: "{{ postgresql_base_dir }}/{{ postgresql_major_version }}"
+
+postgresql_ssl_update_ca_command: "update-ca-trust extract"
+postgresql_ssl_ca_trust_dir: "/etc/pki/ca-trust/source/anchors"
+postgresql_unit_name: "postgresql-{{ postgresql_major_version }}"
+postgresql_deps_packages:
+  - python39
+  - python39-psycopg2

vars/RedHat-9.yaml

@@ -0,0 +1,14 @@
+postgresql_repo_package: "https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm"
+
+postgresql_package_name: "postgresql"
+postgresql_package: "{{ postgresql_package_name }}{{ postgresql_major_version }}-server-{{ postgresql_version }}"
+postgresql_base_dir: "/var/lib/pgsql"
+postgresql_data_dir: "{{ postgresql_base_dir }}/{{ postgresql_major_version }}/data"
+postgresql_ssl_path: "{{ postgresql_base_dir }}/{{ postgresql_major_version }}"
+
+postgresql_ssl_update_ca_command: "update-ca-trust extract"
+postgresql_ssl_ca_trust_dir: "/etc/pki/ca-trust/source/anchors"
+postgresql_unit_name: "postgresql-{{ postgresql_major_version }}"
+postgresql_deps_packages:
+  - python3
+  - python3-psycopg2

vars/RedHat.yaml

@@ -1,4 +0,0 @@
-postgresql_repo_package: "https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm"
-
-postgresql_package: "{{ postgresql_package_name }}{{ postgresql_major_version }}-server-{{ postgresql_version }}"
-postgresql_home_dir: "/var/lib/pgsql"

vars/main.yaml

@@ -1,3 +1,5 @@
-postgresql_package_name: "postgresql"
 postgresql_major_version: "{{ postgresql_version | split('.') | first }}"
 postgresql_minor_version: "{{ postgresql_version | split('.') | last }}"
+postgresql_system_locale: "en_US.UTF-8"
+postgresql_system_language: "{{ postgresql_system_locale }}"
+