mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
commit
b3aba405dd
4 changed files with 64 additions and 26 deletions
38
examples/playbooks/postgresql.yaml
Normal file
38
examples/playbooks/postgresql.yaml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
##
|
||||||
|
# Example Ansible playbook that uses the PostgreSQL module.
|
||||||
|
#
|
||||||
|
# This installs PostgreSQL on an Ubuntu system, creates a database called
|
||||||
|
# "myapp" and a user called "django" with password "mysupersecretpassword"
|
||||||
|
# with access to the "myapp" database.
|
||||||
|
#
|
||||||
|
---
|
||||||
|
- hosts: webservers
|
||||||
|
sudo: True
|
||||||
|
gather_facts: False
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: ensure apt cache is up to date
|
||||||
|
action: apt update_cache=yes
|
||||||
|
- name: ensure packages are installed
|
||||||
|
action: apt pkg=$item
|
||||||
|
with_items:
|
||||||
|
- postgresql
|
||||||
|
- libpq-dev
|
||||||
|
- python-psycopg2
|
||||||
|
|
||||||
|
- hosts: webservers
|
||||||
|
sudo: True
|
||||||
|
sudo_user: postgres
|
||||||
|
gather_facts: False
|
||||||
|
|
||||||
|
vars:
|
||||||
|
dbname: myapp
|
||||||
|
dbuser: django
|
||||||
|
dbpassword: mysupersecreetpassword
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: ensure database is created
|
||||||
|
action: postgresql_db db=$dbname
|
||||||
|
|
||||||
|
- name: ensure user has access to database
|
||||||
|
action: postgresql_user db=$dbname user=$dbuser password=$dbpassword
|
|
@ -128,7 +128,7 @@ def main():
|
||||||
|
|
||||||
p = module.params
|
p = module.params
|
||||||
if p['package'] is None and p['update_cache'] != 'yes':
|
if p['package'] is None and p['update_cache'] != 'yes':
|
||||||
module.fail_json(msg='pkg=name and/or update-cache=yes is required')
|
module.fail_json(msg='pkg=name and/or update_cache=yes is required')
|
||||||
|
|
||||||
install_recommends = (p['install_recommends'] == 'yes')
|
install_recommends = (p['install_recommends'] == 'yes')
|
||||||
|
|
||||||
|
|
|
@ -52,9 +52,9 @@ def db_create(cursor, db):
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
loginuser=dict(default="postgres"),
|
login_user=dict(default="postgres"),
|
||||||
loginpass=dict(default=""),
|
login_password=dict(default=""),
|
||||||
loginhost=dict(default=""),
|
login_host=dict(default=""),
|
||||||
db=dict(required=True),
|
db=dict(required=True),
|
||||||
state=dict(default="present", choices=["absent", "present"]),
|
state=dict(default="present", choices=["absent", "present"]),
|
||||||
)
|
)
|
||||||
|
@ -67,9 +67,9 @@ def main():
|
||||||
state = module.params["state"]
|
state = module.params["state"]
|
||||||
changed = False
|
changed = False
|
||||||
try:
|
try:
|
||||||
db_connection = psycopg2.connect(host=module.params["loginhost"],
|
db_connection = psycopg2.connect(host=module.params["login_host"],
|
||||||
user=module.params["loginuser"],
|
user=module.params["login_user"],
|
||||||
password=module.params["loginpass"],
|
password=module.params["login_password"],
|
||||||
database="template1")
|
database="template1")
|
||||||
# Enable autocommit so we can create databases
|
# Enable autocommit so we can create databases
|
||||||
db_connection.autocommit = True
|
db_connection.autocommit = True
|
||||||
|
|
|
@ -33,10 +33,10 @@ def user_exists(cursor, user):
|
||||||
return cursor.rowcount > 0
|
return cursor.rowcount > 0
|
||||||
|
|
||||||
|
|
||||||
def user_add(cursor, user, passwd, db):
|
def user_add(cursor, user, password, db):
|
||||||
"""Create a new user with write access to the database"""
|
"""Create a new user with write access to the database"""
|
||||||
query = "CREATE USER %(user)s with PASSWORD '%(passwd)s'"
|
query = "CREATE USER %(user)s with PASSWORD '%(password)s'"
|
||||||
cursor.execute(query % {"user": user, "passwd": passwd})
|
cursor.execute(query % {"user": user, "password": password})
|
||||||
grant_privileges(cursor, user, db)
|
grant_privileges(cursor, user, db)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
@ -60,19 +60,19 @@ def revoke_privileges(cursor, user, db):
|
||||||
cursor.execute(query % {'user': user, 'db': db})
|
cursor.execute(query % {'user': user, 'db': db})
|
||||||
|
|
||||||
|
|
||||||
def user_mod(cursor, user, passwd, db):
|
def user_mod(cursor, user, password, db):
|
||||||
"""Update password and permissions"""
|
"""Update password and permissions"""
|
||||||
changed = False
|
changed = False
|
||||||
|
|
||||||
# Handle passwords.
|
# Handle passwords.
|
||||||
if passwd is not None:
|
if password is not None:
|
||||||
select = "SELECT rolpassword FROM pg_authid where rolname=%(user)s"
|
select = "SELECT rolpassword FROM pg_authid where rolname=%(user)s"
|
||||||
cursor.execute(select, {"user": user})
|
cursor.execute(select, {"user": user})
|
||||||
current_pass_hash = cursor.fetchone()[0]
|
current_pass_hash = cursor.fetchone()[0]
|
||||||
# Not sure how to hash the new password, so we just initiate the
|
# Not sure how to hash the new password, so we just initiate the
|
||||||
# change and check if the hash changed
|
# change and check if the hash changed
|
||||||
alter = "ALTER USER %(user)s WITH PASSWORD '%(passwd)s'"
|
alter = "ALTER USER %(user)s WITH PASSWORD '%(password)s'"
|
||||||
cursor.execute(alter % {"user": user, "passwd": passwd})
|
cursor.execute(alter % {"user": user, "password": password})
|
||||||
cursor.execute(select, {"user": user})
|
cursor.execute(select, {"user": user})
|
||||||
new_pass_hash = cursor.fetchone()[0]
|
new_pass_hash = cursor.fetchone()[0]
|
||||||
if current_pass_hash != new_pass_hash:
|
if current_pass_hash != new_pass_hash:
|
||||||
|
@ -103,17 +103,17 @@ def user_delete(cursor, user, db):
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
loginuser=dict(default="postgres"),
|
login_user=dict(default="postgres"),
|
||||||
loginpass=dict(default=""),
|
login_password=dict(default=""),
|
||||||
loginhost=dict(default=""),
|
login_host=dict(default=""),
|
||||||
user=dict(required=True),
|
user=dict(required=True),
|
||||||
passwd=dict(default=None),
|
password=dict(default=None),
|
||||||
state=dict(default="present", choices=["absent", "present"]),
|
state=dict(default="present", choices=["absent", "present"]),
|
||||||
db=dict(required=True),
|
db=dict(required=True),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
user = module.params["user"]
|
user = module.params["user"]
|
||||||
passwd = module.params["passwd"]
|
password = module.params["password"]
|
||||||
state = module.params["state"]
|
state = module.params["state"]
|
||||||
db = module.params["db"]
|
db = module.params["db"]
|
||||||
|
|
||||||
|
@ -121,9 +121,9 @@ def main():
|
||||||
module.fail_json(msg="the python psycopg2 module is required")
|
module.fail_json(msg="the python psycopg2 module is required")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
db_connection = psycopg2.connect(host=module.params["loginhost"],
|
db_connection = psycopg2.connect(host=module.params["login_host"],
|
||||||
user=module.params["loginuser"],
|
user=module.params["login_user"],
|
||||||
password=module.params["loginpass"],
|
password=module.params["login_password"],
|
||||||
database=db)
|
database=db)
|
||||||
cursor = db_connection.cursor()
|
cursor = db_connection.cursor()
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
@ -131,12 +131,12 @@ def main():
|
||||||
|
|
||||||
if state == "present":
|
if state == "present":
|
||||||
if user_exists(cursor, user):
|
if user_exists(cursor, user):
|
||||||
changed = user_mod(cursor, user, passwd, db)
|
changed = user_mod(cursor, user, password, db)
|
||||||
else:
|
else:
|
||||||
if passwd is None:
|
if password is None:
|
||||||
msg = "passwd parameter required when adding a user"
|
msg = "password parameter required when adding a user"
|
||||||
module.fail_json(msg=msg)
|
module.fail_json(msg=msg)
|
||||||
changed = user_add(cursor, user, passwd, db)
|
changed = user_add(cursor, user, password, db)
|
||||||
|
|
||||||
elif state == "absent":
|
elif state == "absent":
|
||||||
if user_exists(cursor, user):
|
if user_exists(cursor, user):
|
||||||
|
|
Loading…
Reference in a new issue