From ecd8a1a55ac5505709eb3005173a3de434a31f8e Mon Sep 17 00:00:00 2001 From: Hamatoma Date: Fri, 16 May 2025 09:12:02 +0200 Subject: [PATCH] improvements --- docu/{ => de}/70_postgresql.md | 0 .../de/90_wartung.md | 19 ++++++--- playbooks.templates/pg_dbs.yaml | 22 +++++++++- playbooks.templates/pg_users.yaml | 42 ++++++++++++------- playbooks.templates/system_files.yaml | 17 ++++++++ playbooks/create_project.yaml | 8 ++-- templates.vars/pg.yaml | 20 ++++----- 7 files changed, 90 insertions(+), 38 deletions(-) rename docu/{ => de}/70_postgresql.md (100%) rename templates.install/project_ansible.md => docu/de/90_wartung.md (78%) create mode 100644 playbooks.templates/system_files.yaml diff --git a/docu/70_postgresql.md b/docu/de/70_postgresql.md similarity index 100% rename from docu/70_postgresql.md rename to docu/de/70_postgresql.md diff --git a/templates.install/project_ansible.md b/docu/de/90_wartung.md similarity index 78% rename from templates.install/project_ansible.md rename to docu/de/90_wartung.md index 98218b7..a527607 100644 --- a/templates.install/project_ansible.md +++ b/docu/de/90_wartung.md @@ -1,8 +1,10 @@ -# Beschreibung der Ansible-Struktur von {{ project }} +# Wartung und Installation von {{ project }} + +Hier wird beschrieben, wie bestimmte Aufgaben mittels Ansible durchgeführt werden können. ## Wartung -### Benutzer -* neuer Benutzer: Änderung in vars/users.yaml +### Linux-Benutzer +- neuer Benutzer: Änderung in vars/users.yaml ``` ansible-playbook playbooks/i_11_user.yaml ``` @@ -25,7 +27,7 @@ ansible-playbook playbooks/i_80_firewalld.yaml ansible-playbook playbooks/i_60_postfix.yaml ``` -## PHP-Konfiguration-Änderung +### PHP-Konfiguration-Änderung - Änderung in vars/php.yaml eintragen ``` for VERS in 7.4 8.2 8.3; do @@ -33,12 +35,19 @@ for VERS in 7.4 8.2 8.3; do done ``` -## Neues Software-Paket +### Neues Software-Paket - Änderung in vars/packages.yaml ``` ansible-playbook playbooks/i_15_server_packages.yaml ``` +### Änderung bei /etc/fstab /etc/exports /etc/hosts +- Änderung in der Datei unter templates.local/system.files/ eintragen. +``` +ansible-playbook playbooks/system_files.yaml +``` + + ## Installation - Am besten zuerst das Kapitel "Wartung" durchgehen, dort sind die Dateien aufgeführt, in denen konfiguriert wird. - Nie in templates.fix konfigurieren: diff --git a/playbooks.templates/pg_dbs.yaml b/playbooks.templates/pg_dbs.yaml index 610caa5..7c34d43 100644 --- a/playbooks.templates/pg_dbs.yaml +++ b/playbooks.templates/pg_dbs.yaml @@ -5,9 +5,11 @@ - ../vars/pg_vault.yaml - ../vars/pg.yaml tasks: - - name: Create primary groups + - name: Create primary roles become: true become_user: postgres + vars: + ansible_ssh_pipelining: true community.postgresql.postgresql_user: name: "{{ item }}" role_attr_flags: NOLOGIN @@ -16,15 +18,33 @@ - name: Create PostgreSQL database become: true become_user: postgres + vars: + ansible_ssh_pipelining: true community.postgresql.postgresql_db: name: "{{ item }}" + owner: "{{ item }}" state: present with_items: "{{ pg_databases }}" - name: Create POSTGIS extension become: true become_user: postgres + vars: + ansible_ssh_pipelining: true community.postgresql.postgresql_ext: name: postgis db: "{{ item }}" state: present with_items: "{{ pg_databases }}" + - name: Grant all privileges on the database for the primary group + become: true + become_user: postgres + vars: + ansible_ssh_pipelining: true + community.postgresql.postgresql_privs: + db: "{{ item }}" + privs: ALL + type: database + roles: "{{ item }}" + state: present + with_items: "{{ pg_databases }}" + diff --git a/playbooks.templates/pg_users.yaml b/playbooks.templates/pg_users.yaml index a1f6515..eb3f6d4 100644 --- a/playbooks.templates/pg_users.yaml +++ b/playbooks.templates/pg_users.yaml @@ -26,49 +26,59 @@ - name: Create users without password become: true become_user: postgres + vars: + ansible_ssh_pipelining: true community.postgresql.postgresql_user: name: "{{ item.key }}" role_attr_flags: LOGIN password: "{{ my_random_value }}" state: present when: item.value == '' - loop: "{{ pg_users | dict2items }}" + with_items: "{{ pg_users | dict2items }}" - name: Create groups become: true become_user: postgres + vars: + ansible_ssh_pipelining: true community.postgresql.postgresql_user: - name: "{{ item.key }}" + name: "{{ item.group }}" role_attr_flags: NOLOGIN state: present - loop: "{{ pg_groups | dict2items }}" + with_items: "{{ pg_groups }}" - name: Create primary groups of the dbs become: true become_user: postgres + vars: + ansible_ssh_pipelining: true community.postgresql.postgresql_user: name: "{{ item }}" role_attr_flags: NOLOGIN state: present with_items: "{{ pg_databases }}" - - name: Grant all privileges on the database for the primary group + - name: Add users to groups become: true become_user: postgres - community.postgresql.postgresql_privs: - db: "{{ item }}" - privs: ALL - type: database - roles: "{ item }}" + vars: + ansible_ssh_pipelining: true + community.postgresql.postgresql_membership: + db: postgres # or the name of your DB + group: "{{ item.group }}" + target_roles: "{{ item.members }}" state: present - with_items: "{{ pg_databases }}" + with_items: "{{ pg_groups }}" - - name: Add users to groups + - name: Grant all privileges to admins group become: true become_user: postgres - community.postgresql.postgresql_membership: - db: postgres # or the name of your DB - group: "{{ item.key }}" - target_roles: "{{ item.value }}" + vars: + ansible_ssh_pipelining: true + community.postgresql.postgresql_privs: + db: postgres + privs: ALL + roles: "{{ pg_admins_group }}" state: present - with_dict: "{{ pg_groups }}" \ No newline at end of file + type: database + grant_option: true \ No newline at end of file diff --git a/playbooks.templates/system_files.yaml b/playbooks.templates/system_files.yaml new file mode 100644 index 0000000..c5f9daf --- /dev/null +++ b/playbooks.templates/system_files.yaml @@ -0,0 +1,17 @@ +--- +- name: Installs important files from /etc + hosts: all + tasks: + - name: Copies the system files + ansible.builtin.copy: + src: "../templates.local/system.files/{{ item }}" + dest: "/etc/{{ item }}" + owner: root + group: root + mode: '0644' + backup: yes + with_items: + - fstab + - hosts + - exports + diff --git a/playbooks/create_project.yaml b/playbooks/create_project.yaml index 6195e5c..60e29a7 100644 --- a/playbooks/create_project.yaml +++ b/playbooks/create_project.yaml @@ -134,10 +134,10 @@ delegate_to: localhost - name: create project specific files ansible.builtin.template: - src: "../templates.install/{{ item.src }}" + src: "{{ item.src }}" dest: "{{ base_ansible }}/{{ project }}/{{ item.path }}/{{ item.dest }}" with_items: - - { src: project_ansible.md, dest: "{{ project }}_ansible", path: docu } - - { src: project_cron.yaml, dest: "{{ project }}_cron", path: playbooks } - - { src: t_firewalld_local.yaml, dest: "t_firewalld_local.yaml", path: tasks } + - { src: ../docu/de/90_wartung.md, dest: "{{ project }}_ansible.md", path: docu } + - { src: ../templates.install/project_cron.yaml, dest: "{{ project }}_cron", path: playbooks } + - { src: ../templates.install/t_firewalld_local.yaml, dest: "t_firewalld_local.yaml", path: tasks } delegate_to: localhost diff --git a/templates.vars/pg.yaml b/templates.vars/pg.yaml index 8ad54e5..3275e5f 100644 --- a/templates.vars/pg.yaml +++ b/templates.vars/pg.yaml @@ -8,23 +8,19 @@ pg_additional_packages: - "postgresql-{{ pg_version }}-ogr-fdw" - "postgresql-{{ pg_version }}-mysql-fdw" -pg_databases: - - pggreenlab - - pggrlabtest - - # Users with password: # If password is empty the password is not known pg_users: - wk: '' - reinhard: '' - roman: '' + jonny: '' + dba: '' # Groups are roles without login rights. # Key: name of the role Value: the list of group members # Convention: each database has a group with the same name pg_groups: - admins: [wk, reinhard] - pgusers: [wk, reinhard, roman] - pggreenlab: [pgusers] - pggrlabtest: [pgusers] + - admins: [dba] + - pgusers: [jonny] + - dbexample: [admins, pgusers] + +pg_databases: + - dbexample -- 2.39.5