From 64ae2a8521e2e87d2288a1ebf3786a7721f8c41f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:01:16 +0100 Subject: [PATCH 01/28] configure postgres for services-bdd-ovh --- host_vars/services-bdd-ovh.adm.auro.re | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 host_vars/services-bdd-ovh.adm.auro.re diff --git a/host_vars/services-bdd-ovh.adm.auro.re b/host_vars/services-bdd-ovh.adm.auro.re new file mode 100644 index 0000000..18d6a15 --- /dev/null +++ b/host_vars/services-bdd-ovh.adm.auro.re @@ -0,0 +1,5 @@ +postgresql: + version: 11 + hosts: # dbname, username, CIDR ip addr, auth method + - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] + - [ "codimd", "codimd", "10.128.0.150", "md5" ] From a625a58ddd3b94b7e79782fa189d215b47a90112 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:01:32 +0100 Subject: [PATCH 02/28] create role postgresql_server --- roles/postgresql_server/handlers/main.yml | 6 + roles/postgresql_server/tasks/main.yml | 41 ++ .../templates/postgresql/pg_hba.conf.j2 | 103 +++ .../templates/postgresql/postgresql.conf.j2 | 694 ++++++++++++++++++ 4 files changed, 844 insertions(+) create mode 100644 roles/postgresql_server/handlers/main.yml create mode 100644 roles/postgresql_server/tasks/main.yml create mode 100644 roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 create mode 100644 roles/postgresql_server/templates/postgresql/postgresql.conf.j2 diff --git a/roles/postgresql_server/handlers/main.yml b/roles/postgresql_server/handlers/main.yml new file mode 100644 index 0000000..731acb9 --- /dev/null +++ b/roles/postgresql_server/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart postgresql + service: + name: postgresql + state: restarted + enabled: true diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml new file mode 100644 index 0000000..696be41 --- /dev/null +++ b/roles/postgresql_server/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Install postgresql + apt: + update_cache: true + name: postgresql + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Ensure main postgresql directory exists + file: + path: /etc/postgresql/{{ postgresql.version }}/main/ + state: directory + owner: postgres + group: postgres + mode: 0755 + recurse: yes + +- name: Ensure configuration directory exists + file: + path: /etc/postgresql/{{ postgresql.version }}/main/conf.d + state: directory + owner: postgres + group: postgres + mode: 0755 + +- name: Configuration of postgresql {{ postgresql.version }} + template: + src: postgresql/{{ item }}.j2 + dest: /etc/postgresql/{{ postgresql.version }}/main/{{ item }} + mode: 0640 + owner: postgres + group: postgres + loop: + - pg_hba.conf + - postgresql.conf + notify: + - restart postgresql + + diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 new file mode 100644 index 0000000..c9321ec --- /dev/null +++ b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 @@ -0,0 +1,103 @@ +# {{ ansible_managed }} + +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer + +{% for host in postgresql.hosts %} +host {{ host[0] }} {{ host[1] }} {{ host[2] }} {{ host[3] }} +{% endfor %} + + +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 md5 +host replication all ::1/128 md5 diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 new file mode 100644 index 0000000..768d3f0 --- /dev/null +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -0,0 +1,694 @@ +{{ ansible_header | comment }} + +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. +# All changes to this section REQUIRES restart + +# use data in another directory +data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main' +# host-based authentication file +hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf' + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' +# write an extra PID file + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +ssl = on +#ssl_ca_file = '' +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' +#ssl_crl_file = '' +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = replica # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +max_wal_size = 1GB +min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 10 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 10 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +# - Subscribers - + +# These settings are ignored on a publisher. + +#max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) +#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Paris' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +cluster_name = '{{ postgresql.version }}/main' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +stats_temp_directory = '/var/run/postgresql/{{ postgresql.version }}-main.pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, dmy' +#intervalstyle = 'postgres' +timezone = 'Europe/Paris' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'fr_FR.UTF-8' # locale for system error message + # strings +lc_monetary = 'fr_FR.UTF-8' # locale for monetary formatting +lc_numeric = 'fr_FR.UTF-8' # locale for number formatting +lc_time = 'fr_FR.UTF-8' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.french' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +include_dir = 'conf.d' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here From d14306a86c225d5676b691b1f212d15b4086d38e Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:08:05 +0100 Subject: [PATCH 03/28] fix syntax for CI --- roles/postgresql_server/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 696be41..9ccbd54 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -5,8 +5,8 @@ name: postgresql state: present register: apt_result - retries: 3 - until: apt_result is succeeded + retries: 3 + until: apt_result is succeeded - name: Ensure main postgresql directory exists file: From a4c393d3fb2d711eb1c31c539581cad0aa6ba1ae Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:10:06 +0100 Subject: [PATCH 04/28] fix yaml ci truthy value --- roles/ldap_client/tasks/main.yml | 2 +- roles/postgresql_server/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml index 94ed070..968b42f 100644 --- a/roles/ldap_client/tasks/main.yml +++ b/roles/ldap_client/tasks/main.yml @@ -21,4 +21,4 @@ user: root key: "{{ ssh_pub_keys }}" state: present - exclusive: True + exclusive: true diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 9ccbd54..9a42e8a 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -15,7 +15,7 @@ owner: postgres group: postgres mode: 0755 - recurse: yes + recurse: true - name: Ensure configuration directory exists file: From dbbaf0d26d4f1b457c504ccd53a525acc9897fd0 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:11:02 +0100 Subject: [PATCH 05/28] remove tailling whitespaces --- roles/postgresql_server/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 9a42e8a..7f119dd 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -24,7 +24,7 @@ owner: postgres group: postgres mode: 0755 - + - name: Configuration of postgresql {{ postgresql.version }} template: src: postgresql/{{ item }}.j2 @@ -37,5 +37,3 @@ - postgresql.conf notify: - restart postgresql - - From 8b9bef865e3719a93f5a969261c0fbbfa106aa1f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:26:18 +0100 Subject: [PATCH 06/28] postgresql listen on pseudo-address --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 768d3f0..f2d1b3e 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,6 +57,8 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - +listen_addresses = 0.0.0.0, [::] +# listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all From 1105ea88c189b11da1609ad556096072b8c25a19 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:40:17 +0100 Subject: [PATCH 07/28] rename VM to a simpler name (services-bdd-ovh -> bdd-ovh) --- host_vars/{services-bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename host_vars/{services-bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re} (100%) diff --git a/host_vars/services-bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re similarity index 100% rename from host_vars/services-bdd-ovh.adm.auro.re rename to host_vars/bdd-ovh.adm.auro.re From 6951e017b7a5378175d76990741d4b331b9b2a35 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:43:08 +0100 Subject: [PATCH 08/28] bdd config for synapse --- host_vars/bdd-ovh.adm.auro.re | 1 + 1 file changed, 1 insertion(+) diff --git a/host_vars/bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re index 18d6a15..df77200 100644 --- a/host_vars/bdd-ovh.adm.auro.re +++ b/host_vars/bdd-ovh.adm.auro.re @@ -3,3 +3,4 @@ postgresql: hosts: # dbname, username, CIDR ip addr, auth method - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] - [ "codimd", "codimd", "10.128.0.150", "md5" ] + - [ "synapse", "synapse", "10.128.0.56", "md5" ] From 0656dacbe84d13a9b5946ac07ff906ae6242022b Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:47:04 +0100 Subject: [PATCH 09/28] Add config for bdd local --- host_vars/bdd.adm.auro.re | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 host_vars/bdd.adm.auro.re diff --git a/host_vars/bdd.adm.auro.re b/host_vars/bdd.adm.auro.re new file mode 100644 index 0000000..d1e9353 --- /dev/null +++ b/host_vars/bdd.adm.auro.re @@ -0,0 +1,8 @@ +postgresql: + version: 11 + hosts: # dbname, username, CIDR ip addr, auth method + - [ "nextcloud", "nextcloud", "10.128.0.58", "md5" ] + - [ "gitea", "gitea", "10.128.0.60", "md5" ] + - [ "drone", "drone", "10.128.0.64", "md5" ] + - [ "wikijs", "wikijs", "10.128.0.66", "md5" ] + - [ "vote", "vote", "10.128.0.81", "md5" ] From 69c6d5b55d9f1967a7c82cd8cc7b1477919494f8 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:51:07 +0100 Subject: [PATCH 10/28] add and clean bdd hosts --- hosts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts b/hosts index 7cf9128..68488a0 100644 --- a/hosts +++ b/hosts @@ -29,7 +29,7 @@ stream.adm.auro.re re2o-server.adm.auro.re re2o-ldap.adm.auro.re re2o-db.adm.auro.re -services-bdd-local.adm.auro.re +#services-bdd-local.adm.auro.re backup.adm.auro.re services-web.adm.auro.re mail.adm.auro.re @@ -37,6 +37,8 @@ wikijs.adm.auro.re prometheus-aurore.adm.auro.re portail.adm.auro.re jitsi-aurore.adm.auro.re +bdd.adm.auro.re +bdd-ovh.adm.auro.re [aurore_testing_vm] pendragon.adm.auro.re @@ -49,7 +51,7 @@ horus.adm.auro.re [ovh_container] synapse.adm.auro.re -services-bdd.adm.auro.re +#services-bdd.adm.auro.re phabricator.adm.auro.re wiki.adm.auro.re www.adm.auro.re @@ -508,3 +510,7 @@ reverseproxy [reverseproxy] proxy-ovh.adm.auro.re proxy.adm.auro.re + +[bdd] +bdd.adm.auro.re +bdd-ovh.adm.auro.re From 76361de3f13ad14200e04311946b8307e66cb640 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:52:15 +0100 Subject: [PATCH 11/28] Add playbook for DBs --- bdd.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 bdd.yml diff --git a/bdd.yml b/bdd.yml new file mode 100644 index 0000000..485d0b4 --- /dev/null +++ b/bdd.yml @@ -0,0 +1,5 @@ +#!/usr/bin/env ansible-playbook +--- +# Install and configure bdd servers at Saclay and at OVH +- hosts: bdd + roles: postgresql_server From 879e0338574e61a9d14267929f6b5efb77cb5fab Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:21:19 +0100 Subject: [PATCH 12/28] Fix malformed role definition --- bdd.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bdd.yml b/bdd.yml index 485d0b4..7a0bf6c 100644 --- a/bdd.yml +++ b/bdd.yml @@ -2,4 +2,6 @@ --- # Install and configure bdd servers at Saclay and at OVH - hosts: bdd - roles: postgresql_server + roles: + - postgresql_server +... From 9ef6202fdf7da5f4c4fe4c378970bf504a35794f Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:23:52 +0100 Subject: [PATCH 13/28] Add configuration for users and databases --- roles/postgresql_server/defaults/main.yml | 4 ++++ roles/postgresql_server/tasks/main.yml | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 roles/postgresql_server/defaults/main.yml diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml new file mode 100644 index 0000000..643fc0a --- /dev/null +++ b/roles/postgresql_server/defaults/main.yml @@ -0,0 +1,4 @@ +--- +postgresql_db: [] +postgresql_users: [] +... diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 7f119dd..6748c04 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -37,3 +37,17 @@ - postgresql.conf notify: - restart postgresql + +- name: Create databases + postgresql_db: + name: "{{ item.name }}" + loop: "{{ postgresql_databases }}" + +- name: Create users + postgresql_user: + db: "{{ item.database }}" + name: "{{ item.name }}" + password: "{{ item.password }}" + priv: "{{ item.priv }}" + loop: "{{ postgresql_users }}" +... From f919ec689a57f4d7576f86cfa5f1493d60d78c38 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:25:36 +0100 Subject: [PATCH 14/28] =?UTF-8?q?Fix=20'ansible=5Fheader'=20=E2=86=92=20'a?= =?UTF-8?q?nsible=5Fmanaged'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index f2d1b3e..d2e1d29 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -1,4 +1,4 @@ -{{ ansible_header | comment }} +{{ ansible_managed | comment }} # ----------------------------- # PostgreSQL configuration file From 36b04239fd2c00947cc2cb97f1910004befbb049 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:34:58 +0100 Subject: [PATCH 15/28] Rename 'postgresql_db' to 'postgresql_databases' --- roles/postgresql_server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml index 643fc0a..89733f0 100644 --- a/roles/postgresql_server/defaults/main.yml +++ b/roles/postgresql_server/defaults/main.yml @@ -1,4 +1,4 @@ --- -postgresql_db: [] +postgresql_databases: [] postgresql_users: [] ... From 7a071552375f727678db742666fa06bfbf28db92 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:35:18 +0100 Subject: [PATCH 16/28] Install python3-psycopg2 (required by Ansible) --- roles/postgresql_server/tasks/main.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 6748c04..f4f3909 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -1,8 +1,10 @@ --- -- name: Install postgresql +- name: Install postgresql and psycopg2 apt: update_cache: true - name: postgresql + pkg: + - postgresql + - python3-psycopg2 state: present register: apt_result retries: 3 @@ -39,11 +41,15 @@ - restart postgresql - name: Create databases + become: true + become_user: postgres postgresql_db: - name: "{{ item.name }}" + name: "{{ item }}" loop: "{{ postgresql_databases }}" - name: Create users + become: true + become_user: postgres postgresql_user: db: "{{ item.database }}" name: "{{ item.name }}" From 8e855d7009f6ac7424874b9b2d2ea56c0deb5b70 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:36:10 +0100 Subject: [PATCH 17/28] Listen addresses must be quoted --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index d2e1d29..0df0512 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - -listen_addresses = 0.0.0.0, [::] +listen_addresses = '0.0.0.0, [::]' # listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; From 40eadf802c691772e141fbd998e74e4de5682dd1 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:58:40 +0100 Subject: [PATCH 18/28] Add template and no_log for postgresql_user --- host_vars/{bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re.yml} | 0 roles/postgresql_server/tasks/main.yml | 6 +++++- 2 files changed, 5 insertions(+), 1 deletion(-) rename host_vars/{bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re.yml} (100%) diff --git a/host_vars/bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re.yml similarity index 100% rename from host_vars/bdd-ovh.adm.auro.re rename to host_vars/bdd-ovh.adm.auro.re.yml diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index f4f3909..6be936f 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -17,7 +17,6 @@ owner: postgres group: postgres mode: 0755 - recurse: true - name: Ensure configuration directory exists file: @@ -45,6 +44,10 @@ become_user: postgres postgresql_db: name: "{{ item }}" + encoding: UTF-8 + lc_collate: en_US.UTF-8 + lc_ctype: en_US.UTF-8 + template: template0 loop: "{{ postgresql_databases }}" - name: Create users @@ -55,5 +58,6 @@ name: "{{ item.name }}" password: "{{ item.password }}" priv: "{{ item.priv }}" + no_log: true loop: "{{ postgresql_users }}" ... From 06b54d5f8987840fac19526925c9f3cbd64c9083 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 14:27:14 +0100 Subject: [PATCH 19/28] Use postgresql_privs --- roles/postgresql_server/tasks/main.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 6be936f..0dc5c1c 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -57,7 +57,17 @@ db: "{{ item.database }}" name: "{{ item.name }}" password: "{{ item.password }}" - priv: "{{ item.priv }}" no_log: true loop: "{{ postgresql_users }}" + +- name: Grant privileges to users + become: true + become_user: postgres + postgresql_privs: + db: postgres + type: database + role: "{{ item.name }}" + privs: "{{ item.privs | join(',') }}" + obj: "{{ item.database }}" + loop: "{{ postgresql_users }}" ... From bd05b702bb4d37755adad0f2fd7e46474d82b1b6 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:19:39 +0100 Subject: [PATCH 20/28] Use '::' in place of '[::]' --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 0df0512..bcab09c 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - -listen_addresses = '0.0.0.0, [::]' +listen_addresses = '0.0.0.0, ::' # listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; From 628e11488d55675913b060a466f05a0f7e115038 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:22:01 +0100 Subject: [PATCH 21/28] Switch postgresql to english --- .../templates/postgresql/postgresql.conf.j2 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index bcab09c..1085939 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -607,11 +607,10 @@ timezone = 'Europe/Paris' # encoding # These settings are initialized by initdb, but they can be changed. -lc_messages = 'fr_FR.UTF-8' # locale for system error message - # strings -lc_monetary = 'fr_FR.UTF-8' # locale for monetary formatting -lc_numeric = 'fr_FR.UTF-8' # locale for number formatting -lc_time = 'fr_FR.UTF-8' # locale for time formatting +lc_messages = 'en_US.UTF-8' +lc_monetary = 'en_US.UTF-8' +lc_numeric = 'en_US.UTF-8' +lc_time = 'en_US.UTF-8' # default configuration for text search default_text_search_config = 'pg_catalog.french' From 4f6eda832985edc2a721d0503c49119599916456 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:57:19 +0100 Subject: [PATCH 22/28] Use /run instead of /var/run to please systemd --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 1085939..f28c61e 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -47,7 +47,7 @@ data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main' hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf' # If external_pid_file is not explicitly set, no extra PID file is written. -external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' +external_pid_file = '/run/postgresql/{{ postgresql.version }}-main.pid' # write an extra PID file From d16f4441301a15e34f238e45335ad5ed98b3de68 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:59:21 +0100 Subject: [PATCH 23/28] Use a dict for HBA hosts --- host_vars/bdd-ovh.adm.auro.re.yml | 26 +++++- roles/postgresql_server/defaults/main.yml | 1 + .../templates/postgresql/pg_hba.conf.j2 | 91 +------------------ 3 files changed, 26 insertions(+), 92 deletions(-) diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index df77200..78aeff4 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -1,6 +1,22 @@ +--- postgresql: - version: 11 - hosts: # dbname, username, CIDR ip addr, auth method - - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] - - [ "codimd", "codimd", "10.128.0.150", "md5" ] - - [ "synapse", "synapse", "10.128.0.56", "md5" ] + version: 13 + +postgresql_hosts: + - database: etherpad + user: etherpad + net: 10.128.0.150/32 + method: md5 + - database: codimd + user: codimd + net: 10.128.0.150/32 + method: md5 + - database: synapse + user: synapse + net: 10.128.0.56/32 + method: md5 + - database: codimd + user: codimd + net: 127.0.0.1/32 + method: md5 +... diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml index 89733f0..8eb5639 100644 --- a/roles/postgresql_server/defaults/main.yml +++ b/roles/postgresql_server/defaults/main.yml @@ -1,4 +1,5 @@ --- +postgresql_hosts: [] postgresql_databases: [] postgresql_users: [] ... diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 index c9321ec..3a56905 100644 --- a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 @@ -1,81 +1,6 @@ -# {{ ansible_managed }} - -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the "Client Authentication" section in the PostgreSQL -# documentation for a complete description of this file. A short -# synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, -# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a -# plain TCP/IP socket. -# -# DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). -# -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. -# -# ADDRESS specifies the set of hosts the record matches. It can be a -# host name, or it is made up of an IP address and a CIDR mask that is -# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that -# specifies the number of significant bits in the mask. A host name -# that starts with a dot (.) matches a suffix of the actual host name. -# Alternatively, you can write an IP address and netmask in separate -# columns to specify the set of hosts. Instead of a CIDR-address, you -# can write "samehost" to match any of the server's own IP addresses, -# or "samenet" to match any address in any subnet that the server is -# directly connected to. -# -# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", -# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". -# Note that "password" sends passwords in clear text; "md5" or -# "scram-sha-256" are preferred since they send encrypted passwords. -# -# OPTIONS are a set of options for the authentication in the format -# NAME=VALUE. The available options depend on the different -# authentication methods -- refer to the "Client Authentication" -# section in the documentation for a list of which options are -# available for which authentication methods. -# -# Database and user names containing spaces, commas, quotes and other -# special characters must be quoted. Quoting one of the keywords -# "all", "sameuser", "samerole" or "replication" makes the name lose -# its special character, and just match a database or username with -# that name. -# -# This file is read on server startup and when the server receives a -# SIGHUP signal. If you edit the file on a running system, you have to -# SIGHUP the server for the changes to take effect, run "pg_ctl reload", -# or execute "SELECT pg_reload_conf()". -# -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make PostgreSQL -# listen on a non-local interface via the listen_addresses -# configuration parameter, or via the -i or -h command line switches. - - +{{ ansible_managed | comment }} +# TYPE DATABASE USER ADDRESS METHOD # DO NOT DISABLE! # If you change this first entry you will need to make sure that the @@ -86,18 +11,10 @@ # Database administrative login by Unix domain socket local all postgres peer -# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer -{% for host in postgresql.hosts %} -host {{ host[0] }} {{ host[1] }} {{ host[2] }} {{ host[3] }} +{% for host in postgresql_hosts %} +host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }} {% endfor %} - - -# Allow replication connections from localhost, by a user with the -# replication privilege. -local replication all peer -host replication all 127.0.0.1/32 md5 -host replication all ::1/128 md5 From 5871e1cfb8012e13359f633571b6589cb486c6dd Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 17:13:13 +0100 Subject: [PATCH 24/28] Add/Update password for postgres db codimd, etherpad and synapse --- group_vars/all/vault.yml | 361 ++++++++++++++++++++------------------- 1 file changed, 182 insertions(+), 179 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 1823262..f961428 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,180 +1,183 @@ $ANSIBLE_VAULT;1.1;AES256 -36323837313536343438346161633830326364666265343833323539626361653065363734393533 -3062363534346566626433663561313034323930623565640a363866396538623763393232383462 -61623430366665323931393339373665376536633631306639356435323939653434616163343365 -3463393937653666620a363639643662373365343261613831313165653837336461623135633062 -33313632363236633838303430656334383539323937333036396135313433306566353132386634 -35626431623730336635336136356437343639656331363462313064373038636439393631653264 -35666565626132653665336163363965326265356339623838326238303865643632663233313464 -64633434346635363033396265646661643766313339386337333030353561326165306663613834 -62393565343036366534666166323238653939616433343866326338313332623062366439346436 -38363930646639353263663666333332383632656261633038363030613334663239373134343138 -62386233653264623437656535316532306432626531623239323439666437643364643537666139 -36323262643662313261326434663931633031643061323438643335616534356464613837343632 -33643761306538623430633031626266363531353432373930343435613934626231363234336266 -33353962396435623836666664346666323564393135613865373966316266313336613538303263 -36646564623039366138306332383663363765653063313436366432333438386534616439326132 -36623234653633653931363939386265306439383030366539393836303164353232653939613231 -66383761373965663939613262323262373938663964373961633762356332663965363364623033 -31303236373864393039363366333732666438313061666534656434303634616235393336346532 -62613565396163313833383435656431663662626166666532396138636635643833303462623863 -62343634326536613030643663646134653131643232343033633234303234356239393264666435 -62323961346236366463613466376434333639373537376265356334623430633865353866616132 -33363437633365633062383939616134316165343939383730366231376338613638393633616634 -33313064346434343435313238333538363165333237653339653635643339623732656237343138 -33376231383832303561313633336533396139303666363365373765633836366434343466653736 -38653764353861333431633837646538303332613234633632363134313563663861326234663964 -39306364333031656634643737316562653738623436386366663034653230626632353162353565 -64613133356364366138636434333165666663633231626234326562636333666134626136656533 -33363830616637373831666230323432643863663166613061613839303538633133633466623161 -34373761313135616638336638353433393362633738313965333964376664616631333138383366 -66636463303637613263353038386436376331633539336639313264636261393037613536363233 -63363030323466316161623162626338353530326362653334326338366234316530336439356161 -61616161393966646235343064643934663830343738323231643165316338393233663432383235 -30393734643131326333626566303263313361653833363032373462386266616664636539303462 -37656566386236626564633065376666396261393132653639343931323637376333343966646666 -36643737396233653639356461666637346639663365396137336637343462616138643261636561 -66386433363734323363633135613636316537663139353838326139353966646431616135393730 -66353534313131646662323239353035636433306438326232633738343662643738373564653434 -39643636343530353664646565376161303139636264653431656630623761643234366538313135 -36633761623832306666316230313731306262333661313339623930636261663466636539643431 -66383464623433366462383363636239616635646533326531356635653664613737623636656164 -37363136323035333434646437366361356366313030353333666530366563343166636264323937 -63313033393264376138383437646235393938636466396333333561646330643438353931383033 -34383133616364666533333732613362646439373339616536353333656635666266356333373730 -38663036646530346635326337616630633031383766643832303565353162303364646365633831 -31623461323838366663643534323963643964363439356661373165643836383133663566623336 -61633431636635333239386662396663306130363864313362623832363065653265653332383537 -36353935656364396138336338383138393563363963393633616137613165333336656334633737 -33653739643438663665396165653430353535353866653563343336396461343036346534623531 -64303932643336393062343765346634663166663230343039366362326133393832313564316562 -36333733376664323531623031376138326663383037316435383938386561393030393061633738 -66386363383064353533306461393831646436396335313664303038316135373064646434336336 -66656135396662336461643266626537623533303761636166383761356339353533303631366461 -38396466323865616564656632623834376164623464323466613830313663633366376163656562 -64663662376264383330343863313134626637316133633531336534333261646631343532346436 -32616332653832613937393864316537363964373437393162653264643730326533623637353639 -66646265363463303562623935626166636463353966663233656335323338323466306334623464 -61626532356438393732646135373933636166326666316564336636313963336136373331636137 -63343964613663303665656237366463363264316134363063326263393233323263386230343761 -32656335353935313362323734613466633238386664346538356137343632623032366433393633 -65313435353334313730636264646237343230336262366163633232326639393330306637373534 -62343562343464326566326165653235353931326535626230656334353038623139643837346332 -35623133386336646535343435306538623962633030353136373831323063653261333930653166 -39326661323163636534633433663037363866646535353931336166653738306634386332646236 -39366139373933326538626166613634326333653330653636343230626138386466396466656532 -37383565366133626364393432313634303630316265373832656666623932363363613061316434 -62356239356531363236643039366437653762616364366332313833396661653863303138373262 -64323665656537333433346437613766613237356537646262353731653834373439343362356565 -61373530656134656134343763393263306165393635646538616635643136363636313030356562 -61326635373737376636383934366136396566623634653539346631333832343066373235613463 -64316536393433366336656563333733336461373033636466323936633138623465333239616538 -38383836303530356164333733333265396536333231313664633464313436653738616532363639 -33666133306562336637396133366230356162666639356238393265626164636631376539363738 -36383837636262373339313865663435643565343638313631666166636232613031306663653632 -37383430323366373163353235613138336666353430626262353830326362396265396639653635 -63383761623133383266653764613330646533396439646465343536313664666631633538626135 -32323437386531636435386161633437666133303565613139383839623530636137306531643765 -31326130376664613935613431356235656363306136643831663935383161313161303430386434 -31656364393534393666623935333237393264333839626136626531386364303431366432363037 -31663962633465353131663035656337636362313337303532396163316538613565626431623161 -66346533626135303937633364393533663134326139303661303239663332333637363866366631 -39663837393836303432383436643938613833653633663633373636623435663139303736666234 -66316365376266623235326265666438333735356638643332343438623436326561653634396638 -35393736393130373234316461336634323763396564613638393564366262376535666238353634 -66303964346537363161356238666135653666383534393338323331323364363439373839393335 -34363037306636363163626566366633336666396364646664346636613661346139326234636232 -37633033356438633833326231313733316531653137623263353765633432343637353931666437 -34336561316661393232613237353937366331643466363234383031303664386565303332663637 -64666364656166353938336665306232336338383161326331636363336634666436323532333361 -39313531633831633230656131306637356337346230343930663861383136303031666637636337 -36326439346566366461646561313665386163303634376361323033343538396138386166633166 -64393735313137653764323963323039306531656639306638663437353034363838393466353436 -34616335633235366634323233373537396130333938343133343265643665316438626635613136 -38383763646463356463326235313539356333633636303535333865393331623936633231616561 -64353337663665646333383830623966353134646563663832343839333039313130326634366162 -37363337303033393039313630333535616665643033616334646336366265373033626266383061 -39326366316663333530323632613462316538653966386463613439363137323139633232393565 -64373466333632613933356364333166303535643464393135366536326565333136656633313366 -61656361643866363931383231636636383434393637363965373836386433316564306430616233 -37653864363832363231643461343461323534616635663835386262383963376166666464313433 -65323231396162333937373261383336306665363936326237643537623235613337393738323037 -61653563333532626161343336643136663161663733346462343035373534363962616631333833 -63313633646166326538343366663865653737626162363463313862643661326231613437633964 -30643366346136653135626236663932303736643331323231366439306435643163633438353035 -32386434396638306465346165363938626135303134326335343739376563386566323964323661 -64636134306233383437656165626232643731313037316634633566646331383864343138386335 -61613562386138656339346665303962656330306261363330633161623063663433376537653037 -31633965633835366464373938343164396366393439626432336237353066376333623136333161 -34386537663964306434346364303637623264303063633531643361386437373766313336326330 -39326163633231663138393632343064306430396166663362316137616236306566663432373331 -65356661353133666138376137386363623133383338393561333365663337366637626132333735 -62383636383333323432363730353136333836636662656163323830643638623932353133313962 -33316563323865336239613466343034663730313633326364363432326433316233326166386132 -35393534343962353461303536386139373338336533653530383664303734656236646632353937 -31313563343439663461636336623364643130666330383932313839373161653433366564626530 -33303565333438323136343531313133653136633636346666316138356361326162393635376531 -36336463663863613661353664303135313233373561363866393832306333363361316462643165 -35666637663739613830386562646266643263633235623230336133653135376662643333363661 -30386531306335613538373635376664613434303833323835343235306230633038363339383432 -62623462313530393361323465353134623638363962383833373530346561303439363933646361 -39623037623835383366633635363636616330646164313664303037633665373463653233616432 -61303133663731646531616165376330333764313038353137666264346135353737613433363161 -32376365343265326239373764336466366131326661613730353536616639376364663139643138 -64353663643161653539336638336431393261343366343338396162666461356465303830363435 -30363330666563343732396262343034656264353237393238636436663661333431393332616561 -65653564353864646665306662393937623439353531613930643365313765313130336166363531 -35316537373237613364393263653764333736313563363362343436333162303464356637393261 -31376336373739626363613237633236356533646430653531656535333064313437613063383035 -63623333643461613364633538663462396138346537306538333132323231333864663632303364 -38343239613633666265303364353035313861323430666362333566363530626631333032633332 -33626364653239343436636234363934653730333839656333343161303633326530633432326231 -65303766633465396232306230343861363432393537306139663339316635643662306432373661 -37383361626261366561303632366663656135623730366462623964396332613764613636373736 -65386263353934653764636636316464303164363835313732383062356436366633616435616133 -62653361653965316332623266376636663131643464376362333061393964346265323034373962 -62333366643264656337366530303137656630666230376165633437653132303938616162346463 -31356235303039323937666134363133366632363937366662383561623764363132666634303030 -38616366666563613763623738393334363932393630303661626234626463633331643139366334 -65636661303730373264626132313835623436316561313064313062333137643737653130663835 -65323464383366393139646262626439656235306136663139323465363362633030363634636462 -32353536636538636637653834616566363833363639376666343864356231633737326130646433 -36613237323137356162386266373664653365653930623635393031386362633835383062613332 -34313166376362643338346630393132626364646539666530356637643864646136303164393130 -66616265653465626136333130653835636265383363666161316330396132356135396264323833 -31656434613535333138653733343432383331313766613966313834616665343732356430333135 -37336536363137373539303161346161343464613166663138373630646539316430633265643866 -33363335626232353736396531653065663735353039666434326465613139316266613239303263 -38646130356363643063653865656463643863396237656162303739343665333038383437663339 -39343161343666663731653265373531373465346438376463656535666136346334336431356536 -65656262383061386137373639356435323964613065613932386661386362363961656364633431 -31323037666465623466306430653133343836303330343337653131303630633231613161376636 -63386363373938396664633562313132643336353465303236313666653064626162323431303563 -62316366653735353038616537633036336430396365336433396138636465333061343164313464 -31306166396264303063366239333538366530333235646663656263613964613435326431303933 -65396137626634323432306439346364323039336366326562376531343938396632363330646538 -32386137333636323334666265383931653064303734316430393762333462396462396262343432 -39656437316564303833373132343162376238613531316465663634343934343564313336613330 -66633761353536313237363038336363376363623634373065383161666639323165383662373766 -39323361623930653764613566316462653730613632663130613039363330383533393865633233 -32613533306166633030313761376264646335356236616161666461363731313934346231376564 -31653065373237616562643739623432623132313965303161616162356439323064616331323136 -35666263373333336136336362626565363037643836346564336536633566636138396232333037 -63613134313130616432373838633964616634346132353061663337333662396339373665643030 -31323431366361643335386534393739656632386539356133613062653266643739313465653465 -63663438306362656436383634396461383233323766356632373133626139363165663734643835 -66613565353837373134373161656434396266316261643432323633393961633861313032623030 -32323830633038306166656164373465386334666266306361396266313764366136656139336562 -36326138636130383032663066363532303464386562643535383439363630643031386630373439 -31656636333034303131313433343236313661353961396533383839383734336461366164373539 -62386335623036646462306162326333666366366133633661353163386633663235646566333332 -65616533303636653066643339333765626139393561373663653663323536656433303561383738 -61636266643663363961636439303534316635383362616530656435643764383433323433613639 -36373864643164373364316536303962633533393866393965346261316632363338373065616436 -30653433386536386131643230333761363639326532333837623638643831383663333766616137 -34656665653239313936386337653435656435316261366137373138643663313630613863326261 -38336433633538393864356137616465343831626539323336626665663036653335616665323763 -32663661383966613362646431316333383466393531653364636462343634626564343438653332 -65656266626466323130363763346436333763343162373361326166636430333563373233313332 -37373032326665646265376135633765643466636533643965306161383962626533663333336536 -353133313336393639373965653035323366 +30333937303238376536303166643966383131366566613435346433313461333366656366333637 +3365373234323063303538386635323230616665663038390a636533363233303666333936613136 +35303931383338383035636639623238613338646264623939343539633037323264613036383266 +3339316238306263320a323761623938396364396638623461636136393361636237343936393336 +31376535623265313132366435306562626432326462396461643663636238653830373336373137 +35663261343964376137666361383662323964613737393431666635326132363930336236323731 +38666263656535643661646233363466363861653862663633353562373835356135653665376663 +32323161663736646263363863623061303339366339653931643632396566613537373230383535 +64643862313961623564336665356462393531313939613563323330343265366237643131633936 +36623434366366666431396337393766656537323465313531646561313465613838343839323532 +61386264363061303137363165356365643836646233333861326535343865303333616166643630 +35643665646437353762303331613032653130323930336263336334636661396262646138616231 +37363532366666323434343735643332386335383664363761373038373934653765653939353039 +32323663376431373664366236366439396234376139303164383935643431646330663134396365 +35363930336261316463353932376337323235333661633164373166343038376332626564626534 +35353637363939613131386336633261393531303235643933633264353935636366623433336366 +63396131313664626364393663343764663663373436623930343633333136353438653237626232 +37336235393037393330613433383564626263353939656265616166643733646661326135343563 +38646362373135386163333362643165373334633036346132373634616330313664346238646462 +32643634646464623535393864363565636139393562353364313264303264316431393938656338 +66636131646339343237393234316365323266356265626430376236363763303961376166313432 +62343833373565653965313463656530363432376130656630633336653766633433626134343463 +65633135353235666562306463383536373733303831383230353165623964356639376337386232 +36343639633539373538323465356436313266336364626131656462303238303338613131656465 +35636136643263313938613039306339643763343238336332663737373538653839313736616662 +39333437323563633136383737613063333931303736376235316636633030303637383939303235 +35323932336262343061666639646662353563383361313835343433343338373730303430646635 +64363833323264666533653466366665313438366635643333666432343832373162313364303863 +66393231353130323232656134633938626433303238386634383766386334653362333162616366 +38643730303835316161643766353436633862623264333731663632343161616634333239643133 +65346164386666356566636532616530363766653662306561343863383262316233356338633234 +35393064373538306633356538386261646232383064343565613966336436356637333932336564 +39336563306364316364646464663234386335623235656335306162633261393032386331636361 +39613263653838316238623230636637313061353037383534663836666637376132633738383032 +34643561366134663932376261306239326366323935313739633034343765343761396233646234 +37646363313463316538626539316365343839613039326261653839386630663863313964326665 +37306534636664333964653932653534346564323531316535633736373965643535396437656433 +33306536366634336166306235333735663933616635633561666331303530303630653537613063 +30633731383937346335393465656538623233346437323137373038633733386563313338393364 +36636666306238633166303032353163396365373231326232356366396263363464636436656262 +61363233663363613035663836646635303665626630643138663731656538383664306461616662 +37313630663130346637393366393930316336383838363431613339353434646164323338643564 +61333732333661323364336531343237643632353364336533633766316235363763353033656664 +65656532383266353264356465303135636561613038653435306633396461633038373035376164 +37366338646165333564613639633539353363653862393034313763333363396236633462396133 +35623932636164353739666433393465393031303337663239383538656537393365323164356232 +35326131326333303731623933363262356466663864333665633565623336346437613439316338 +64343466396331343035303532633632356532626133646136393061613431363762343339333238 +34616535633133666162316132366333663738656538353439313961323464666535333839383837 +34303331626539653163643539363763363538306238356332623661646436663635623364383730 +64623564386538666237303066383936666461616363343836366635313634653664656530326439 +36323764303130353731336333366438633737313535633361316330363436333032363630646337 +66626466363231393938386537633234623230323662346263643839333837346531323636623133 +62333438666562636230326530393535306465396334623464343330393336393934303336633237 +39653831333839316338346335336339646238343430356464663039396133343532363364346235 +30663739373466616434393230383832633137313936373331353637653866616532323239353237 +39663030373639613164313766623532383566373430383139666538373536643463303331346166 +38623762336630313439343263383833303762373030383035336538626162626164376133303633 +64373236653462393932633862363866386661356139663835336231316366656637303062323233 +32383131343561333361663466373964656364303235353531346661653431303234616464353236 +63653535363137333033633534616365363261353733336136333564303566393766643037316237 +37653732363230313031633433343230313839393135653137353734653435626431356539343364 +38383364353262303463323639373766323965336263363035623330303039613735343362353865 +34613332636366353333643533326164633637663061363965646464303162616132343330356131 +30613230636339653263343631643962623364356564333066306339626230306239653466306231 +61366437323639353563663666303933393535616136343736383133396238383466303663623132 +63616466643235623265343837386266333330633662613366616163666334643731656335323862 +61346432343366396664616531626530353139343763316530633766303139356536333439383663 +34306466353839653261633233353637353863666637313030383939336233353131313236343561 +31353166323062303238386439323834626537333862343733616536363165663133343531333630 +36383438656137336330353263356133333233303736366536316339656264346435323464643364 +33633262343666623761356131393464623433646437313161393965363132303537373537336166 +36383239386330313864323166386133313162383533643435356265316630386535663764326137 +37306365613463303539323837333539303262306331353332323931393161303663393765636339 +38363532333761323038346661346338323632343239336466643664356132393138386161353161 +35666435663231373065623337356630666132353165333962396635666336633739616562303638 +36313161363265643561656134363932616333306362303965306362343837333366363339323336 +61326239346330373833323465633961366335336530623834636232383638373761346461376234 +38613862386637306232386239353864306230666637333664386135393437653835343232666138 +63306263396337626565633736343865313237326336626333626639393233393864303662633766 +39643435313463326364633336613735323936356261656662396538326234613331356163383334 +63653562386636323834363962623335303636336138616137303230663336343130613537366231 +35366235346261646132396231616136363437636565383235656462366265353765326163373832 +33346265303964316336393837313161356366616134353733376130646234616137663162396530 +32633038313535313232336532356538393835303039343563363833373839663263363531356134 +66633761343066313333366663313961666536383865373766326563326634656335323232336231 +39663932666461623331343730623965396136616337643161353363316664623538316361303466 +34316636663138663033643964356161323730616333336333336239653237323235386531643235 +31363161396230656265616562346261656230366362303735326136613939633339393563316664 +65303065626463633862663837353636643030366463353638366563363631666264633564336261 +34333231323665666665613536336434653864366165613063653839643064383662613665663138 +31326134366164663639386261656430333966386432663666316333353165626463396264616462 +37643132633961323532353237383433326633383337313131643934663363633364393536343134 +30623137323038666239326535646534353734653234666566313334653462393338303962636564 +66303736333336336638386132343166613834386138633633343635613262613537346464313062 +36336533373035313135653234313832316337333738303836663039343139316633636331343862 +63373036363237393562363861333933303636623435353562363666643136353665303431613465 +64616230333230313632353364396565653337643333653933303733613761383138306433386363 +62343636316166376131363231623766383038663738666462316238626531383137336662656234 +65643265643631303364356232333535633931613236613137613435343061336362313332306138 +61663230316564323335383132363133333139353233636566663332356138303139363638336461 +63363063616136356333363465633137646234343036316463636130633566316364303662656461 +64333366363061623535346434613664343464666135316136363062333131363030326333316338 +64316133633735663234373030333836313130613663636234653033323030623263333839313139 +36626438386666333233356161643432613139313231316336396434663165643565336235323565 +62303735323966363235393334636232343966336535303863346362386365353166393965643335 +31363036623433313137336665313263663761383436396263396631316535363665633136373239 +33393739623438383466633830363135646536323935363963653536356334656438366338376264 +37326334656239666239376533366236306237306664666234343332646366393662343735356466 +32626364373362323136616663333136363561626337323962386439616237373861346662626165 +30383032663337633735613866663665623633356166623862303965313466623761646231633930 +63313432666435316662396534383632626333376162643132323766613832656635353161626637 +32343935363330666332613633363465643732333030356331363263333035323863633362653031 +63376539373865636366343862333861663137643666613732636538356637313966353461336462 +32626166643534333934666133376239363966393337356134633366306563303065316539663233 +36333337363337613764383162373536396234616336386233306630343762386132373135383131 +64663834656162306636356561303736353961373134323138376564363966336135323366333730 +31653965623962323439353234653439333563346636623762313565343961316666396161616330 +32306137353636323330373564653038343036356635346635343131326635643364306633356465 +34373965313561393966363363386261656638646237363233613863643839653731616330663666 +33653238366630323033353736323861376138313630376163343362643633643934663161373733 +33633164313562306237393363383262613038346535623166633533336438636362373033336231 +64303033303531306631323337306130393538356265313066396637633061333561313566326163 +34393530643532373666396130313231363765343739623239656235643637303062333838653661 +33316463656238316533343462366338336134326232333561383732353561306632616635343337 +30393131616132663065643366313937653138346637626665663739303866343939623564363761 +35373961326135336531356633356637646161613265633765313132613238373562363330386162 +66623230353564366635343332343564386161663438376431356232636237366437623864653530 +37666438633731366562666136323239623462376435346535313933633866343564626633366164 +34333431633939616238373561393830393130653366366361613465663538383639636230613566 +65626234386632353262303933363637303835646438613139373334366364313166613466663564 +34306564666463323432663234633561306164323036636339333963363036326432633538646362 +36643662616564316236323334613365333666613233383165326638336134393934646464303062 +65616537616538343866313763636164393236373334316234666564353639636330333332393833 +63353962623336653666613361326265353762636263346331396639373731323832396130386662 +62633030636537633265306239383466346636393436366135383434366439333434373532336530 +30616334613232653734656330633130373865303639656436346439316334383437626466313431 +37313664373561346130656337303161623635363434613732336531623366623265383130386430 +62323066663564626336343032313932373561646638616531343034306665383137633932646162 +38633131366331323836643164613430313565626332366637356262653936616664363036303939 +62383031373566643334353735616632663166663163343233326561633833363839303036623836 +61343039626566333238653235313238383239316535323965663465663634383039613436333735 +30633037663637663562666437376336613963356531333436363863313364383733306438326162 +33303763303063333264643434383164613863653939393531336361326264393332666163653464 +31376365633535326462323763626162313336396266353236646462643233613232666438383766 +31646331373331616262383666316561373061393966633935623464663565323062386462303738 +64393836666439346236323932336637646231363166363438373866633461633534383165383430 +30373437316530383565393439323335653438303561353463363261663135653361343166353533 +39623135386662663534613461643863343035663839616333343462643265636235316630633737 +31663233383332336235386133373236633866373865303231323637353933353336316538616431 +31613833356538333237306266303866373935343862663433303466376461393336636630343539 +66653965326165613862626135656163396330643535303339346263373235383262666330376333 +35633861316332646336303462303135646432353439343230333765666261633834353030383531 +64636335326166353730643764636262653730383235363765366234373738653062313039393530 +35373763313865366562386265666264326265666533613630623237626238383531363965333264 +65666233613061653763313964653632363539376133656362313533343033326135633734366561 +33643635313161376533653861303731373539323738643462643032306138346365613064323231 +39313161393362363263353064363536636532383435633638613239363463653862303333663065 +38303863323233623966363237376133663630356235333033643661633664346264643865353166 +66633937616236656135636265373334623461306362353032633765623930653331386534613631 +62623463306635383266666534303261326236343231306334373434316634666165353165396233 +61383038363134646633656163643732323764323462636464383139613531303333336137396464 +32363433633965393039343861663562376561313630646338363338333333663635663937633061 +66386164636166346634623832633333333261633864336535623732396434386531353232303534 +32303433663433383564323234396534633335623534306631353766613339366536393061363233 +34613061313238323136343638386139326130353863343131356565376632376466323666306639 +35333839313033326237643361393439336162663930333731313834623034336130383432653865 +30633461356439316530633063663732656234373436663463646566303861653039656139626165 +31356636363231393936633739393830616631666366396231613561656337363136386130366164 +38616338613737326137353765626433343336643237383239656362653035623065633333303535 +38613436646430333933613633653534643632623365353132343432336461383036646630313565 +35326633356539323433346434616137343833383739653562333265313833663537613235313130 +32613061333030353065373135346636373130326166356163396338396166356137613835333437 +33366162386662303839613938353962346634313730323635316231383431663233616232356565 +31313638353038636266613834663666636134353864333666623536346561336433373966303538 +31353037643737656334396233313131353166383633313531323939663237353563656565356665 +64336632396165376361376534623366393032626232346137663637393966336365373435646462 +39383939383663663562626564386432323837616438653531643737656636623234396530376433 +62323131356235616461383532363065633864396230313764326138363565373263616538303261 +37393139616236353239613130386637633231383235653439356139633033373635316364353731 +62656561366636393938656162666462653539313665353939336537666633663430363333653466 +6333613030663163343838306631313935323133303134646565 From b3fa8a455dbc47c32c09acbe9665a6e659951ac1 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 17:13:56 +0100 Subject: [PATCH 25/28] Add/Update password for postgres db codimd, etherpad and synapse --- group_vars/all/vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 599e834..4d85954 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -20,6 +20,7 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" +postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' From 630377edad07492ec340429901286d095b193f58 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 17:21:58 +0100 Subject: [PATCH 26/28] Create users and databases on bdd-ovh --- host_vars/bdd-ovh.adm.auro.re.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index 78aeff4..959dd82 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -19,4 +19,26 @@ postgresql_hosts: user: codimd net: 127.0.0.1/32 method: md5 + +postgresql_databases: + - synapse + - codimd + - etherpad + +postgresql_users: + - name: synapse + database: synapse + password: "{{ postgresql_synapse_passwd }}" + privs: + - ALL + - name: codimd + database: codimd + password: "{{ postgresql_codimd_passwd }}" + privs: + - ALL + - name: etherpad + database: etherpad + password: "{{ postgresql_etherpad_passwd }}" + privs: + - ALL ... From 6095d9cef99a8374b3b2a9a5a8518e9f8cebf321 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 18:18:08 +0100 Subject: [PATCH 27/28] Add 'no_log' for postgres passwords --- roles/postgresql_server/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 0dc5c1c..ed45e1a 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -69,5 +69,6 @@ role: "{{ item.name }}" privs: "{{ item.privs | join(',') }}" obj: "{{ item.database }}" + no_log: true loop: "{{ postgresql_users }}" ... From df4bee29808a3cd242675b662968d7ecfe57ab5c Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 20:14:02 +0100 Subject: [PATCH 28/28] Add kanboard database to bdd-ovh --- group_vars/all/vars.yml | 1 + group_vars/all/vault.yml | 367 +++++++++++++++--------------- host_vars/bdd-ovh.adm.auro.re.yml | 12 +- 3 files changed, 195 insertions(+), 185 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 4d85954..282dfd5 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -21,6 +21,7 @@ postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" +postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index f961428..db7cad5 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,183 +1,186 @@ $ANSIBLE_VAULT;1.1;AES256 -30333937303238376536303166643966383131366566613435346433313461333366656366333637 -3365373234323063303538386635323230616665663038390a636533363233303666333936613136 -35303931383338383035636639623238613338646264623939343539633037323264613036383266 -3339316238306263320a323761623938396364396638623461636136393361636237343936393336 -31376535623265313132366435306562626432326462396461643663636238653830373336373137 -35663261343964376137666361383662323964613737393431666635326132363930336236323731 -38666263656535643661646233363466363861653862663633353562373835356135653665376663 -32323161663736646263363863623061303339366339653931643632396566613537373230383535 -64643862313961623564336665356462393531313939613563323330343265366237643131633936 -36623434366366666431396337393766656537323465313531646561313465613838343839323532 -61386264363061303137363165356365643836646233333861326535343865303333616166643630 -35643665646437353762303331613032653130323930336263336334636661396262646138616231 -37363532366666323434343735643332386335383664363761373038373934653765653939353039 -32323663376431373664366236366439396234376139303164383935643431646330663134396365 -35363930336261316463353932376337323235333661633164373166343038376332626564626534 -35353637363939613131386336633261393531303235643933633264353935636366623433336366 -63396131313664626364393663343764663663373436623930343633333136353438653237626232 -37336235393037393330613433383564626263353939656265616166643733646661326135343563 -38646362373135386163333362643165373334633036346132373634616330313664346238646462 -32643634646464623535393864363565636139393562353364313264303264316431393938656338 -66636131646339343237393234316365323266356265626430376236363763303961376166313432 -62343833373565653965313463656530363432376130656630633336653766633433626134343463 -65633135353235666562306463383536373733303831383230353165623964356639376337386232 -36343639633539373538323465356436313266336364626131656462303238303338613131656465 -35636136643263313938613039306339643763343238336332663737373538653839313736616662 -39333437323563633136383737613063333931303736376235316636633030303637383939303235 -35323932336262343061666639646662353563383361313835343433343338373730303430646635 -64363833323264666533653466366665313438366635643333666432343832373162313364303863 -66393231353130323232656134633938626433303238386634383766386334653362333162616366 -38643730303835316161643766353436633862623264333731663632343161616634333239643133 -65346164386666356566636532616530363766653662306561343863383262316233356338633234 -35393064373538306633356538386261646232383064343565613966336436356637333932336564 -39336563306364316364646464663234386335623235656335306162633261393032386331636361 -39613263653838316238623230636637313061353037383534663836666637376132633738383032 -34643561366134663932376261306239326366323935313739633034343765343761396233646234 -37646363313463316538626539316365343839613039326261653839386630663863313964326665 -37306534636664333964653932653534346564323531316535633736373965643535396437656433 -33306536366634336166306235333735663933616635633561666331303530303630653537613063 -30633731383937346335393465656538623233346437323137373038633733386563313338393364 -36636666306238633166303032353163396365373231326232356366396263363464636436656262 -61363233663363613035663836646635303665626630643138663731656538383664306461616662 -37313630663130346637393366393930316336383838363431613339353434646164323338643564 -61333732333661323364336531343237643632353364336533633766316235363763353033656664 -65656532383266353264356465303135636561613038653435306633396461633038373035376164 -37366338646165333564613639633539353363653862393034313763333363396236633462396133 -35623932636164353739666433393465393031303337663239383538656537393365323164356232 -35326131326333303731623933363262356466663864333665633565623336346437613439316338 -64343466396331343035303532633632356532626133646136393061613431363762343339333238 -34616535633133666162316132366333663738656538353439313961323464666535333839383837 -34303331626539653163643539363763363538306238356332623661646436663635623364383730 -64623564386538666237303066383936666461616363343836366635313634653664656530326439 -36323764303130353731336333366438633737313535633361316330363436333032363630646337 -66626466363231393938386537633234623230323662346263643839333837346531323636623133 -62333438666562636230326530393535306465396334623464343330393336393934303336633237 -39653831333839316338346335336339646238343430356464663039396133343532363364346235 -30663739373466616434393230383832633137313936373331353637653866616532323239353237 -39663030373639613164313766623532383566373430383139666538373536643463303331346166 -38623762336630313439343263383833303762373030383035336538626162626164376133303633 -64373236653462393932633862363866386661356139663835336231316366656637303062323233 -32383131343561333361663466373964656364303235353531346661653431303234616464353236 -63653535363137333033633534616365363261353733336136333564303566393766643037316237 -37653732363230313031633433343230313839393135653137353734653435626431356539343364 -38383364353262303463323639373766323965336263363035623330303039613735343362353865 -34613332636366353333643533326164633637663061363965646464303162616132343330356131 -30613230636339653263343631643962623364356564333066306339626230306239653466306231 -61366437323639353563663666303933393535616136343736383133396238383466303663623132 -63616466643235623265343837386266333330633662613366616163666334643731656335323862 -61346432343366396664616531626530353139343763316530633766303139356536333439383663 -34306466353839653261633233353637353863666637313030383939336233353131313236343561 -31353166323062303238386439323834626537333862343733616536363165663133343531333630 -36383438656137336330353263356133333233303736366536316339656264346435323464643364 -33633262343666623761356131393464623433646437313161393965363132303537373537336166 -36383239386330313864323166386133313162383533643435356265316630386535663764326137 -37306365613463303539323837333539303262306331353332323931393161303663393765636339 -38363532333761323038346661346338323632343239336466643664356132393138386161353161 -35666435663231373065623337356630666132353165333962396635666336633739616562303638 -36313161363265643561656134363932616333306362303965306362343837333366363339323336 -61326239346330373833323465633961366335336530623834636232383638373761346461376234 -38613862386637306232386239353864306230666637333664386135393437653835343232666138 -63306263396337626565633736343865313237326336626333626639393233393864303662633766 -39643435313463326364633336613735323936356261656662396538326234613331356163383334 -63653562386636323834363962623335303636336138616137303230663336343130613537366231 -35366235346261646132396231616136363437636565383235656462366265353765326163373832 -33346265303964316336393837313161356366616134353733376130646234616137663162396530 -32633038313535313232336532356538393835303039343563363833373839663263363531356134 -66633761343066313333366663313961666536383865373766326563326634656335323232336231 -39663932666461623331343730623965396136616337643161353363316664623538316361303466 -34316636663138663033643964356161323730616333336333336239653237323235386531643235 -31363161396230656265616562346261656230366362303735326136613939633339393563316664 -65303065626463633862663837353636643030366463353638366563363631666264633564336261 -34333231323665666665613536336434653864366165613063653839643064383662613665663138 -31326134366164663639386261656430333966386432663666316333353165626463396264616462 -37643132633961323532353237383433326633383337313131643934663363633364393536343134 -30623137323038666239326535646534353734653234666566313334653462393338303962636564 -66303736333336336638386132343166613834386138633633343635613262613537346464313062 -36336533373035313135653234313832316337333738303836663039343139316633636331343862 -63373036363237393562363861333933303636623435353562363666643136353665303431613465 -64616230333230313632353364396565653337643333653933303733613761383138306433386363 -62343636316166376131363231623766383038663738666462316238626531383137336662656234 -65643265643631303364356232333535633931613236613137613435343061336362313332306138 -61663230316564323335383132363133333139353233636566663332356138303139363638336461 -63363063616136356333363465633137646234343036316463636130633566316364303662656461 -64333366363061623535346434613664343464666135316136363062333131363030326333316338 -64316133633735663234373030333836313130613663636234653033323030623263333839313139 -36626438386666333233356161643432613139313231316336396434663165643565336235323565 -62303735323966363235393334636232343966336535303863346362386365353166393965643335 -31363036623433313137336665313263663761383436396263396631316535363665633136373239 -33393739623438383466633830363135646536323935363963653536356334656438366338376264 -37326334656239666239376533366236306237306664666234343332646366393662343735356466 -32626364373362323136616663333136363561626337323962386439616237373861346662626165 -30383032663337633735613866663665623633356166623862303965313466623761646231633930 -63313432666435316662396534383632626333376162643132323766613832656635353161626637 -32343935363330666332613633363465643732333030356331363263333035323863633362653031 -63376539373865636366343862333861663137643666613732636538356637313966353461336462 -32626166643534333934666133376239363966393337356134633366306563303065316539663233 -36333337363337613764383162373536396234616336386233306630343762386132373135383131 -64663834656162306636356561303736353961373134323138376564363966336135323366333730 -31653965623962323439353234653439333563346636623762313565343961316666396161616330 -32306137353636323330373564653038343036356635346635343131326635643364306633356465 -34373965313561393966363363386261656638646237363233613863643839653731616330663666 -33653238366630323033353736323861376138313630376163343362643633643934663161373733 -33633164313562306237393363383262613038346535623166633533336438636362373033336231 -64303033303531306631323337306130393538356265313066396637633061333561313566326163 -34393530643532373666396130313231363765343739623239656235643637303062333838653661 -33316463656238316533343462366338336134326232333561383732353561306632616635343337 -30393131616132663065643366313937653138346637626665663739303866343939623564363761 -35373961326135336531356633356637646161613265633765313132613238373562363330386162 -66623230353564366635343332343564386161663438376431356232636237366437623864653530 -37666438633731366562666136323239623462376435346535313933633866343564626633366164 -34333431633939616238373561393830393130653366366361613465663538383639636230613566 -65626234386632353262303933363637303835646438613139373334366364313166613466663564 -34306564666463323432663234633561306164323036636339333963363036326432633538646362 -36643662616564316236323334613365333666613233383165326638336134393934646464303062 -65616537616538343866313763636164393236373334316234666564353639636330333332393833 -63353962623336653666613361326265353762636263346331396639373731323832396130386662 -62633030636537633265306239383466346636393436366135383434366439333434373532336530 -30616334613232653734656330633130373865303639656436346439316334383437626466313431 -37313664373561346130656337303161623635363434613732336531623366623265383130386430 -62323066663564626336343032313932373561646638616531343034306665383137633932646162 -38633131366331323836643164613430313565626332366637356262653936616664363036303939 -62383031373566643334353735616632663166663163343233326561633833363839303036623836 -61343039626566333238653235313238383239316535323965663465663634383039613436333735 -30633037663637663562666437376336613963356531333436363863313364383733306438326162 -33303763303063333264643434383164613863653939393531336361326264393332666163653464 -31376365633535326462323763626162313336396266353236646462643233613232666438383766 -31646331373331616262383666316561373061393966633935623464663565323062386462303738 -64393836666439346236323932336637646231363166363438373866633461633534383165383430 -30373437316530383565393439323335653438303561353463363261663135653361343166353533 -39623135386662663534613461643863343035663839616333343462643265636235316630633737 -31663233383332336235386133373236633866373865303231323637353933353336316538616431 -31613833356538333237306266303866373935343862663433303466376461393336636630343539 -66653965326165613862626135656163396330643535303339346263373235383262666330376333 -35633861316332646336303462303135646432353439343230333765666261633834353030383531 -64636335326166353730643764636262653730383235363765366234373738653062313039393530 -35373763313865366562386265666264326265666533613630623237626238383531363965333264 -65666233613061653763313964653632363539376133656362313533343033326135633734366561 -33643635313161376533653861303731373539323738643462643032306138346365613064323231 -39313161393362363263353064363536636532383435633638613239363463653862303333663065 -38303863323233623966363237376133663630356235333033643661633664346264643865353166 -66633937616236656135636265373334623461306362353032633765623930653331386534613631 -62623463306635383266666534303261326236343231306334373434316634666165353165396233 -61383038363134646633656163643732323764323462636464383139613531303333336137396464 -32363433633965393039343861663562376561313630646338363338333333663635663937633061 -66386164636166346634623832633333333261633864336535623732396434386531353232303534 -32303433663433383564323234396534633335623534306631353766613339366536393061363233 -34613061313238323136343638386139326130353863343131356565376632376466323666306639 -35333839313033326237643361393439336162663930333731313834623034336130383432653865 -30633461356439316530633063663732656234373436663463646566303861653039656139626165 -31356636363231393936633739393830616631666366396231613561656337363136386130366164 -38616338613737326137353765626433343336643237383239656362653035623065633333303535 -38613436646430333933613633653534643632623365353132343432336461383036646630313565 -35326633356539323433346434616137343833383739653562333265313833663537613235313130 -32613061333030353065373135346636373130326166356163396338396166356137613835333437 -33366162386662303839613938353962346634313730323635316231383431663233616232356565 -31313638353038636266613834663666636134353864333666623536346561336433373966303538 -31353037643737656334396233313131353166383633313531323939663237353563656565356665 -64336632396165376361376534623366393032626232346137663637393966336365373435646462 -39383939383663663562626564386432323837616438653531643737656636623234396530376433 -62323131356235616461383532363065633864396230313764326138363565373263616538303261 -37393139616236353239613130386637633231383235653439356139633033373635316364353731 -62656561366636393938656162666462653539313665353939336537666633663430363333653466 -6333613030663163343838306631313935323133303134646565 +65623030336636323834313162306633623333666663633162356162313233393137646365363161 +3334363038323835666431626538383433626162373330360a656162303733653437633637663535 +62626630663332373761656137633165666531303137303565313236663564623061643631373333 +3164306333653734350a333333653630616462386637613432623039303931393661393563306137 +37326564333837306230326637626131666232646564383130623137613939633163313532653836 +62393766623065376135343062346362623466336234633239343530366432313336653863346534 +34346563666638643136316236626561396534316332623730633936646631623866383631633763 +32306236316334626632393736643135306333363135333566353062653866313161653763646336 +34636465663639396335353562343936333263616363653535303934646361656135383938626134 +34376335303564623436643735363262346334316465366435373435343338373666383635393666 +36643032613636643138373432393739626230326437386366386132636535313137313765616464 +31623461373166613237356362663939323633653565623830303334353834363561373832623163 +35316137633630633736383265333666636436326433653134313038626132633537316162376539 +37323338333235333836326161396236666661636464373163333934376662636639356432366565 +63363266633266643332663934356564323466646666656530336662353336346333366639613130 +33633039343666633536616237386265313863323537353466363432303632323265656265323166 +33313135333932363934386432663863383836333862333162333935313562626430353663636335 +34653231343964376531306366313264363930613432343864396130653666636332366239636236 +33343431353737323534396235613931666262626430303637626236393134386136366164306138 +64396238363030616465303634366339353731363461383432353434373735336363656266316336 +66313064653233653965646630313632336536643530363562613039313439366437353663363265 +30386238363562326263303164366436653334316164646633356666366631653636303835303738 +39366163613434623861376138363134616662343231306536396531366433313963383234373764 +64326664343736663264626432643664326563383633353364383963353733343864373766666534 +34393638613864333265313732333632373565303537316463623337326363383539336566646664 +66363764323261323330346338336133346136623431616333373235313565643164613432613861 +61346137356133343063636562336633646537373666323763626430633439323632326635383562 +36373461623931613162663466333065336237656265366437663035663831616363383066623731 +62326462313238373631386362393737323731643865623763333833316637323533656562663536 +30326465323164356436326463386137336439326231623534326164323530303239363161643762 +61313261333265366631656631326366313464336264626163653363333565353137313863646631 +62636534346534336136643164383766323631353837326561616436633139653531356533303432 +32616434653237376664353134363464613231366136323330646439623132306464623138393162 +34613931633736633532346634303535366430323164313764653832336464303337626634313861 +37333863316666353935363663613531643039613534393539343762363732383362333639356435 +61303663363438383733636663346362373033383130636431386636616366666537393937396633 +33653836343865326433316233306661653831613239376561393834653032633462306238373730 +61336266333364616533633433383663363564373334313934633132626238303036326339313932 +37323435663537376563343336666262343065316436346663623432333064326136316630633763 +65343538313163346539346336643237663431623861653433616639333130643162366539633238 +61306335346366363935373438353765333238323037343033626132323730326437656163353765 +39343863363366343764613533346537363661353234646364663037623030306334653264386630 +36653030316134656236373336616435363337643637623539633865333963363137363433383338 +62636330626631393438326365396331656361646263343863326635393666383638636337343339 +64313462623564326462636131313163353036393938393634376436306163663863653462663431 +66363334353039303266333430316239646533653337383164303837396130333366353465643965 +35383939633336386537626662316263383331336565643237396334643737313232306464363638 +34393131656232323865333739666639346335646336376666643065353538653530323338356639 +64623965326161386430323337326433343334363435316237626666363161353362383361326438 +35336431653033333261396632393966653463366637636539663165356532616331633837343435 +66356536313037623139613966356139363737656437356238636433366635313137623639366230 +36373837383462623966343535383434633932656133326565353063343530363066343365323462 +32333666373263353063346535343639623230613733363832323636313830636234326436613438 +30363765356637626134353763663938376134653539336436336336303834633533616664376535 +32613061363262303839313062666261363032363364366662333364653532373163653434366261 +39336233313232393331303732333735346434656436353466313932656239306631383237626565 +63313166326538663732363438393263643533636536333665663038383739383334366136646564 +33383936393463323235623038393138386164656164623439393734656336343835313135393165 +37616232633036383237643730313061323563643163633662393334353133343730656630643762 +39333937303931666161613037313837343836643330356538343264633761343432373161393061 +63393933383238356235613663343362656466353330383333393636386438306161623434343836 +35313030383235663461306539663666393234306332306536653862616138656135393131343462 +61633735303134326639663061643935373533336430306538363365623063663536376234356363 +65653432636430333330303131633263386265386662656131353833393138643732356336376335 +31393438393734336465396633306565343139626135386432343061623232363337326664366632 +36613434616662373431613238326464396437363935646437306665313936323732396165633266 +33343166333665373937656338333930343338373061633639393463316538373630626561333761 +63323336643133323962613435303134613230343033666336646132303462323037383139656166 +31323038653738666463323164366662363138663833393637313437633861353462663935616632 +65653939353435653337353966373135333036653061333438353136616434643563393465323735 +65373230373036353466356338343835363035653031363864316232613232323365353932313061 +62626432303334646365616330626261633066306661303537353264653235643632386466336236 +30316261666461616337363562323865636234356638653661336261373761383365386639303638 +38663763313931323266373162303136323433656466393330646462643438336236613530363636 +35353763373463376531323536613563643865346334646164326561663962393034643438326437 +30306437343331346233383036656663613038623137363962626462613762653262633035623539 +31613932313237343263373333313434386562623465663365306433333635366339616333393430 +63626466333934336130313038626136626466323563323630373965303435626664633138333838 +37643538353138303332653435343139383265363933646134636236656131643932353932303135 +65353438656431613335653838656462333731316665303063623464316462633961656464313933 +36366161623661393865346162383966323531396432646432383663326231373162373462633539 +31303138626662326637376536303532393636326530366362336437633639306436366531313636 +31613332656466343832316632313161336135663661333739646136313137386634633066316535 +66613334303139353463613866323431613037333239353839623165356233653361613063646335 +33386263616164303631653162633330633136666635376635623437656263306466623462366563 +61636334616134376230343265623336373863303463623833663761333039333335626665613661 +62626133316338303333613863373663623166323438656566653936616532343065383232323437 +38353731643561663461336561313637656563333230353963366632396637333033303365626562 +65373463653735313732353165643530336232396562653030623037303463326565643465363764 +38316663356535373432656563336538633765393031663339666638366138346564366162303436 +66363164633432326632306561643662663265666465373537383335303432616138613939366133 +39396430386437353163323935366265306339326563343530366161333330376535313737396537 +39353330323938326662303863323738626535643465656438376339643437653639666133633663 +39303464326237653933616238663839313730343731383132613062613736376232646366346365 +37653136393335396338346536393865316134343365623338623761303661343637336332316535 +31633133356263336534643230383034383164396630343131396533313864333963316433366130 +38653461303736343861333161343832363934386230393662616463386534336264626363386562 +62633832316664323032353835663266653534393733343166303763333434323633616233656131 +37333266356337656532386336373563353634656265313061363063356637353366636236653333 +31643535373762353663613035316464323033303438623635336637636265363363393961396435 +33646438366139323230623235666630663863633961393036376463386538313633626163323365 +36633266646330623463336434363934376438326465303938316432643035373236626437663766 +36303737386132383261663764386333343532626334633961373666376232633739663164323132 +61323230316266333837363537316165376261363738363762373231356533666332376333663239 +30646161666434363236633432616163323530643766363533653733346436303461643235343038 +65663738633032643334303737666565666137616437613662363062636664326235663737613863 +37653164653437356136623563653238366236613964663337336132326232653762643363623664 +66656166346230643930653232323234653266393730323735636164303230623766393630393262 +63333661396231323430343462656339653466363562303830643233636164303162376631383733 +38346231623835333762656135663366616566313963323732663037323338326231613465343462 +65616432626432333538396336353965353636636339336239653536613865643265353939656333 +66663933343664366163323730336337356634656436326661336636313363663165336161396333 +31626163303863653332613733663666383234303164346564646531366261323262636263353036 +64666135336264343636396466396564303665623965346163373337376331396233396561613765 +32636331376665396132313839653232306535613737653936366438323962333235336530396338 +63633737633630646164376361363631623862643363363066376364653965313837373462393832 +66336138366132626536323766393832386261396436336537316661383633613065393032636530 +63323866643266666637363633616535613032653930663734636663363865336565663864356234 +34626262663363376436346463393164646534386135303065623462623861353133656437323861 +33623938366635343930633264303530323164396661393338303163386539353938373237633436 +35663762353762313935313832383338663430363865343537663530613761303239356563363533 +37306162663831663464316464303136396539343030303631613964313165396531303665653761 +61383061653364383962663138356366373039366139613536633936633739343133376337613038 +62393730636433613037383665303430663666363663646564343935313063386135323963623965 +35643734656336623961363432363362393132613432303239393761353136636265613334373634 +34396335663037383661663832373937653639633531653064303732656332643962643866306337 +34303232623963623562613162623562366539393464663966366464643639343432663338616331 +30323461396138663334396265313134646263613033353833656465633537356261366261393261 +39303764633636376438656435633737366464343630653735313630386539623462653133396161 +36353235343635386636646361623465323135323239613161346563343263646235326232353863 +62646434333866653830316166656439643464393337306132376433633439376131366664383464 +36393635343265333530653166306263383236656136313136376436393531653334323564663236 +30653235343233636334626330363031373433396565663439333033623062313261643632306164 +66616338633261356136313334313365356234316262313439623563383330356233363438313833 +63313131316461333438363939626636346463366665393433653036663931643537613162393561 +34626662303462343239313265653838313634323230656130373163313863313162383736363835 +39663337353638613836636263373136623266373732373665353164376534623732313532306366 +31353930343062653532386237616433373437663239636230386133393766376238353064656366 +61666637646433333366313661353438313337643861333932313662636462346463643664356165 +62373338313237353936636138666539643166626631646163653262343365326637626133353361 +33663961373334376137393036383833356361383539653362343866386438633366353439323832 +38663461313431636562613435303237363163323936323530393966663361326365623564633865 +66356433626637376238653865303236646433316164666366303131336331616562323865643566 +36643664363363323566353730303339666262663434393863376234656136643865653135383861 +61396366383939656130616661396263396331666137666662323932303032623162396633346335 +65326362353933663437356235656530343833313136313662643236626661653332613539393638 +62656232326238313333623263333366366533313335336330643666383033333038336164316135 +61346335633139303163326433353633616562363866396234636138386638356235343035363436 +35633737336262383264383065343234373534663564316133643738306638393539353136356630 +63613238663066666336626262343933346433393438356565646565613566386566336138386661 +30373162333837656131653238393533646663323730626538316437363865626335626635666437 +34366663636366303438373032343235333634666637666336313061663239316663613861646133 +30383639666362346634303437383035306661623735643139643062653836366631336261643137 +36393135633338646238653763613935366566363032343730313666656539353866643564336661 +61643261393134303362303666393465643933363962653734646664643033386263346566316332 +36633166356665666161616530356439653832323064633662656138356435386434336431396664 +34373737643936316133343364353165653130376434646639633866336536373534396235633035 +33333734343835323565323863316364613132656665356639623364376538613539626137353564 +66343833653435383465376332363533326661373333303435303562396366616231306463396562 +65353966613832386235646539643033653335376131333333646237393431363163643630353135 +35666264626564623732346565613662303938643034326130646332663530383136333865386266 +31313633613739633865363736646138353937306438646532363033383539613534666437663961 +61313632613433353437306233626463373335366564653661643038373338303937316366316332 +64386132326633306336653134333038316639363538653735383266366239663861333830656438 +34393734363665656337626461376234306632623937353863333531313231616365316431303732 +32323436663736396439396361663965653632333066373764353561303030666134383836393537 +65323038373363316537323533646566396431326634336564306562636232316563613734366339 +37326465623137303436346430333263373437656632373039303338626130333834663564633535 +39353865376134383637633866356536393766376132396666656235396363656635633630656165 +38303439626438623166326331373036386263393331366266356539333533323864613932643335 +36303537636131386231613062383163346664643261323263393264343862386562313931616261 +34666533613831343764663630623139616634636531393861306337636239346131323437396337 +61633064663938613135666334396330363463636166653966653333326235343563633834666634 +38353937646265363964626661343565306331646363303038666264613833653962663237353538 +64393465363061653837343131373566336139643632323461323635343535313164383766343233 +61393136636536366433333766303263663839383064323430366666646163663663316138663532 +66363061626363396561353435386266653832313430633337346234333430393338353632383335 +64323765636634303632663135306533366232333665383333383936653033373332333331656261 +37326164666235323538633963616562633938626131346266366531333133333832393966326637 +62376661383562633834353631393933626237316431366237613634356666343031623566666330 +61623137336433383139633233356263643237393966613366326632303865353866643332316662 +35343239643933313031656534336165666161393566636435663039653438643832636232386566 +34326266353631333731636433333639316638643162653234346365353762353333316138303861 +36353932656264336165363532313366636536386661663934363761653362623362346431336530 +63663064656539343361383963663366626566306431353238633832353335383535 diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index 959dd82..68faa14 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -15,15 +15,16 @@ postgresql_hosts: user: synapse net: 10.128.0.56/32 method: md5 - - database: codimd - user: codimd - net: 127.0.0.1/32 + - database: kanboard + user: kanboard + net: 10.128.0.150/32 method: md5 postgresql_databases: - synapse - codimd - etherpad + - kanboard postgresql_users: - name: synapse @@ -41,4 +42,9 @@ postgresql_users: password: "{{ postgresql_etherpad_passwd }}" privs: - ALL + - name: kanboard + database: kanboard + password: "{{ postgresql_kanboard_passwd }}" + privs: + - ALL ...