From f29fc5b11e9a873263dc67197e8169817f8af815 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Tue, 7 Jan 2025 10:33:12 +0100 Subject: [PATCH 1/9] use fully qualified module names --- handlers/main.yml | 2 +- tasks/configure.yml | 6 +++--- tasks/databases.yml | 2 +- tasks/initialize.yml | 8 ++++---- tasks/main.yml | 20 ++++++++++---------- tasks/setup-Archlinux.yml | 8 ++++---- tasks/setup-Debian.yml | 8 ++++---- tasks/users.yml | 2 +- tasks/users_props.yml | 6 +++--- tasks/variables.yml | 28 ++++++++++++++-------------- 10 files changed, 45 insertions(+), 45 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index cce42b72..2fc71bac 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart postgresql - service: + ansible.builtin.service: name: "{{ postgresql_daemon }}" state: "{{ postgresql_restarted_state }}" sleep: 5 diff --git a/tasks/configure.yml b/tasks/configure.yml index df434645..45eef5fd 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,6 +1,6 @@ --- - name: Configure global settings. - lineinfile: + ansible.builtin.lineinfile: dest: "{{ postgresql_config_path }}/postgresql.conf" regexp: "^#?{{ item.option }}.+$" line: "{{ item.option }} = '{{ item.value }}'" @@ -10,7 +10,7 @@ notify: restart postgresql - name: Configure host based authentication (if entries are configured). - template: + ansible.builtin.template: src: "pg_hba.conf.j2" dest: "{{ postgresql_config_path }}/pg_hba.conf" owner: "{{ postgresql_user }}" @@ -20,7 +20,7 @@ when: postgresql_hba_entries | length > 0 - name: Ensure PostgreSQL unix socket dirs exist. - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: "{{ postgresql_user }}" diff --git a/tasks/databases.yml b/tasks/databases.yml index e01d804d..26a66a66 100644 --- a/tasks/databases.yml +++ b/tasks/databases.yml @@ -1,6 +1,6 @@ --- - name: Ensure PostgreSQL databases are present. - postgresql_db: + community.postgresql.postgresql_db: name: "{{ item.name }}" lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}" lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}" diff --git a/tasks/initialize.yml b/tasks/initialize.yml index 8636a407..d2cd6f5f 100644 --- a/tasks/initialize.yml +++ b/tasks/initialize.yml @@ -1,13 +1,13 @@ --- - name: Set PostgreSQL environment variables. - template: + ansible.builtin.template: src: postgres.sh.j2 dest: /etc/profile.d/postgres.sh mode: 0644 notify: restart postgresql - name: Ensure PostgreSQL data directory exists. - file: + ansible.builtin.file: path: "{{ postgresql_data_dir }}" owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" @@ -15,12 +15,12 @@ mode: 0700 - name: Check if PostgreSQL database is initialized. - stat: + ansible.builtin.stat: path: "{{ postgresql_data_dir }}/PG_VERSION" register: pgdata_dir_version - name: Ensure PostgreSQL database is initialized. - command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}" + ansible.builtin.command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}" when: not pgdata_dir_version.stat.exists become: true become_user: "{{ postgresql_user }}" diff --git a/tasks/main.yml b/tasks/main.yml index ef531228..54b8fd5f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,27 +1,27 @@ --- # Variable configuration. -- include_tasks: variables.yml +- ansible.builtin.include_tasks: variables.yml # Setup/install tasks. -- include_tasks: setup-Archlinux.yml +- ansible.builtin.include_tasks: setup-Archlinux.yml when: ansible_os_family == 'Archlinux' -- include_tasks: setup-Debian.yml +- ansible.builtin.include_tasks: setup-Debian.yml when: ansible_os_family == 'Debian' -- include_tasks: setup-RedHat.yml +- ansible.builtin.include_tasks: setup-RedHat.yml when: ansible_os_family == 'RedHat' -- include_tasks: initialize.yml -- include_tasks: configure.yml +- ansible.builtin.include_tasks: initialize.yml +- ansible.builtin.include_tasks: configure.yml - name: Ensure PostgreSQL is started and enabled on boot. - service: + ansible.builtin.service: name: "{{ postgresql_daemon }}" state: "{{ postgresql_service_state }}" enabled: "{{ postgresql_service_enabled }}" # Configure PostgreSQL. -- import_tasks: users.yml -- import_tasks: databases.yml -- import_tasks: users_props.yml +- ansible.builtin.import_tasks: users.yml +- ansible.builtin.import_tasks: databases.yml +- ansible.builtin.import_tasks: users_props.yml diff --git a/tasks/setup-Archlinux.yml b/tasks/setup-Archlinux.yml index 6b8fe6eb..50c44964 100644 --- a/tasks/setup-Archlinux.yml +++ b/tasks/setup-Archlinux.yml @@ -1,21 +1,21 @@ --- - name: Ensure PostgreSQL Python libraries are installed. - pacman: + community.general.pacman: name: "{{ postgresql_python_library }}" state: present - name: Ensure PostgreSQL packages are installed. - pacman: + community.general.pacman: name: "{{ postgresql_packages }}" state: present - name: Ensure all configured locales are present. - locale_gen: "name={{ item }} state=present" + community.general.locale_gen: "name={{ item }} state=present" with_items: "{{ postgresql_locales }}" register: locale_gen_result - name: Force-restart PostgreSQL after new locales are generated. - systemd: + ansible.builtin.systemd_service: name: "{{ postgresql_daemon }}" state: restarted when: locale_gen_result.changed diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 1b540196..d3aa1e49 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,21 +1,21 @@ --- - name: Ensure PostgreSQL Python libraries are installed. - apt: + ansible.builtin.apt: name: "{{ postgresql_python_library }}" state: present - name: Ensure PostgreSQL packages are installed. - apt: + ansible.builtin.apt: name: "{{ postgresql_packages }}" state: present - name: Ensure all configured locales are present. - locale_gen: "name={{ item }} state=present" + community.general.locale_gen: "name={{ item }} state=present" with_items: "{{ postgresql_locales }}" register: locale_gen_result - name: Force-restart PostgreSQL after new locales are generated. - service: + ansible.builtin.service: name: "{{ postgresql_daemon }}" state: restarted when: locale_gen_result.changed diff --git a/tasks/users.yml b/tasks/users.yml index 6cbae015..80b6dedb 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -1,6 +1,6 @@ --- - name: Ensure PostgreSQL users are present. - postgresql_user: + community.postgresql.postgresql_user: name: "{{ item.name }}" password: "{{ item.password | default(omit) }}" login_host: "{{ item.login_host | default('localhost') }}" diff --git a/tasks/users_props.yml b/tasks/users_props.yml index 01592037..f5233ec9 100644 --- a/tasks/users_props.yml +++ b/tasks/users_props.yml @@ -1,6 +1,6 @@ --- - name: Ensure PostgreSQL users are configured correctly. - postgresql_user: + community.postgresql.postgresql_user: name: "{{ item.name }}" password: "{{ item.password | default(omit) }}" encrypted: "{{ item.encrypted | default(omit) }}" @@ -23,13 +23,13 @@ PGOPTIONS: "{{ (postgresql_auth_method == 'scram-sha-256') | ternary('-c password_encryption=scram-sha-256', '') }}" - name: Ensure PostgreSQL users do not use deprecated privileges settings - debug: + ansible.builtin.debug: msg "Postgresql user {{ item.name }} uses deprecated privileges settings. See https://github.com/geerlingguy/ansible-role-postgresql/issues/254" with_items: "{{ postgresql_users }}" when: item.priv is defined - name: Ensure PostgreSQL users privileges are configured correctly. - postgresql_privs: + community.postgresql.postgresql_privs: roles: "{{ item.roles }}" db: "{{ item.db }}" privs: "{{ item.privs | default(omit) }}" diff --git a/tasks/variables.yml b/tasks/variables.yml index 7e3a7a5d..34576985 100644 --- a/tasks/variables.yml +++ b/tasks/variables.yml @@ -1,72 +1,72 @@ --- # Variable configuration. - name: Include OS-specific variables (Debian). - include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + ansible.builtin.include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" when: ansible_os_family == 'Debian' - name: Include OS-specific variables (RedHat). - include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + ansible.builtin.include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml" when: - ansible_os_family == 'RedHat' - ansible_distribution != 'Fedora' - ansible_distribution != 'Amazon' - name: Include OS-specific variables (Amazon). - include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + ansible.builtin.include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" when: ansible_distribution == 'Amazon' - name: Include OS-specific variables (Fedora). - include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + ansible.builtin.include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" when: ansible_distribution == 'Fedora' - name: Define postgresql_packages. - set_fact: + ansible.builtin.set_fact: postgresql_packages: "{{ __postgresql_packages | list }}" when: postgresql_packages is not defined - name: Define postgresql_version. - set_fact: + ansible.builtin.set_fact: postgresql_version: "{{ __postgresql_version }}" when: postgresql_version is not defined - name: Define postgresql_daemon. - set_fact: + ansible.builtin.set_fact: postgresql_daemon: "{{ __postgresql_daemon }}" when: postgresql_daemon is not defined - name: Define postgresql_data_dir. - set_fact: + ansible.builtin.set_fact: postgresql_data_dir: "{{ __postgresql_data_dir }}" when: postgresql_data_dir is not defined - name: Define postgresql_bin_path. - set_fact: + ansible.builtin.set_fact: postgresql_bin_path: "{{ __postgresql_bin_path }}" when: postgresql_bin_path is not defined - name: Define postgresql_config_path. - set_fact: + ansible.builtin.set_fact: postgresql_config_path: "{{ __postgresql_config_path }}" when: postgresql_config_path is not defined - name: Define postgresql_unix_socket_directories_mode. - set_fact: + ansible.builtin.set_fact: postgresql_unix_socket_directories_mode: >- {{ __postgresql_unix_socket_directories_mode | default('02775') }} when: postgresql_unix_socket_directories_mode is not defined - name: Define postgresql_log_dir. - set_fact: + ansible.builtin.set_fact: # postgresql_global_config_options is an array but its keys are unique, so it can be converted to dict, # to easily get the value under the 'log_directory' key postgresql_log_dir: "{{ (postgresql_global_config_options | items2dict(key_name='option', value_name='value')).log_directory }}" - name: Define postgresql_effective_log_dir, if postgresql_log_dir is absolute - set_fact: + ansible.builtin.set_fact: postgresql_effective_log_dir: '{{ postgresql_log_dir }}' when: postgresql_log_dir is match("/") - name: Define postgresql_effective_log_dir, if postgresql_log_dir is relative - set_fact: + ansible.builtin.set_fact: postgresql_effective_log_dir: '{{ postgresql_data_dir }}/{{ postgresql_log_dir }}' when: postgresql_log_dir is not match("/") From 9171db4afbab3dacb00728b3506c853955044905 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 08:20:36 +0100 Subject: [PATCH 2/9] use fully qualified module name and added deprecated annotation for ansible.builtin.yum --- tasks/setup-RedHat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index d536bcb0..3f574c28 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -1,6 +1,6 @@ --- - name: Ensure PostgreSQL packages are installed. - yum: + ansible.builtin.yum: # FIXME: this should be migrated to ansible.builtin.dnf name: "{{ postgresql_packages }}" state: present enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}" @@ -10,7 +10,7 @@ exclude: python-unversioned-command - name: Ensure PostgreSQL Python libraries are installed. - yum: + ansible.builtin.yum: # FIXME: this should be migrated to ansible.builtin.dnf name: "{{ postgresql_python_library }}" state: present enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}" From 66f0d2274399d1a4d4e03f2d40eace1534be610d Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 08:26:31 +0100 Subject: [PATCH 3/9] lint: improved jinja2 spacing --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 718b3631..5e11a4a0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,7 +11,7 @@ postgresql_user: postgres postgresql_group: postgres # `md5` or `scram-sha-256` (https://www.postgresql.org/docs/10/auth-methods.html) -postgresql_auth_method: "{{ ansible_fips | ternary('scram-sha-256', 'md5') }}" +postgresql_auth_method: "{{ ansible_fips | ternary('scram-sha-256', 'md5') }}" postgresql_unix_socket_directories: - /var/run/postgresql From 2bcc6ef9ba98c2e2d424e946a0327c32dc0b77d4 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 08:55:41 +0100 Subject: [PATCH 4/9] prepare ansible-lint --- .ansible-lint | 9 +++++++++ tasks/initialize.yml | 4 ++-- tasks/setup-RedHat.yml | 4 ++-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 4b5e4fde..b9d9a5c9 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,13 @@ +--- +exclude_paths: + - molecule/ + - .github/ + - meta/ + skip_list: - 'yaml' - 'no-handler' - 'role-name' + - no-free-form + - name[missing] + - name[casing] diff --git a/tasks/initialize.yml b/tasks/initialize.yml index d2cd6f5f..2288fc05 100644 --- a/tasks/initialize.yml +++ b/tasks/initialize.yml @@ -19,7 +19,7 @@ path: "{{ postgresql_data_dir }}/PG_VERSION" register: pgdata_dir_version -- name: Ensure PostgreSQL database is initialized. +- name: Ensure PostgreSQL database is initialized. # noqa no-changed-when ansible.builtin.command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}" when: not pgdata_dir_version.stat.exists become: true @@ -28,7 +28,7 @@ vars: ansible_ssh_pipelining: true -- name: Ensure PostgreSQL log directory exists. +- name: Ensure PostgreSQL log directory exists. # noqa fqcn[action-core] file: path: "{{ postgresql_effective_log_dir }}" owner: "{{ postgresql_user }}" diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index 3f574c28..a769a636 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -1,5 +1,5 @@ --- -- name: Ensure PostgreSQL packages are installed. +- name: Ensure PostgreSQL packages are installed. # noqa fqcn[action-core] ansible.builtin.yum: # FIXME: this should be migrated to ansible.builtin.dnf name: "{{ postgresql_packages }}" state: present @@ -9,7 +9,7 @@ # and affects system behavior in multiple ways. exclude: python-unversioned-command -- name: Ensure PostgreSQL Python libraries are installed. +- name: Ensure PostgreSQL Python libraries are installed. # noqa fqcn[action-core] ansible.builtin.yum: # FIXME: this should be migrated to ansible.builtin.dnf name: "{{ postgresql_python_library }}" state: present From 3ee5b35a1543b0fbd18fcc2ce399d4263a14a2f3 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 21:31:28 +0100 Subject: [PATCH 5/9] use fqcn (fixed https://github.com/zerwes/ansible-fqcn-converter) --- tasks/initialize.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/initialize.yml b/tasks/initialize.yml index 2288fc05..29295b32 100644 --- a/tasks/initialize.yml +++ b/tasks/initialize.yml @@ -29,7 +29,7 @@ ansible_ssh_pipelining: true - name: Ensure PostgreSQL log directory exists. # noqa fqcn[action-core] - file: + ansible.builtin.file: path: "{{ postgresql_effective_log_dir }}" owner: "{{ postgresql_user }}" group: "{{ postgresql_group }}" From ecb3803268b3453d3f0e74d5283626a227e86281 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 21:37:47 +0100 Subject: [PATCH 6/9] add ansible-lint to workflow --- .github/workflows/ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8c2000f8..086f28c2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,10 +31,13 @@ jobs: - name: Install test dependencies. run: pip3 install yamllint - - name: Lint code. + - name: Lint code - yamllint. run: | yamllint . + - name: Lint code - ansible-lint + uses: ansible/ansible-lint@v24.12.2 + molecule: name: Molecule runs-on: ubuntu-latest From 0cef7a2f5779fd2fb6103908b3cb0aa2a40418a7 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 21:38:29 +0100 Subject: [PATCH 7/9] interim: run workflow on this dev branch too --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 086f28c2..2dcac54d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,7 @@ name: CI push: branches: - master + - use-fqcn schedule: - cron: "0 3 * * 5" From fd73eba5a3fe6f094f45f5df8c0dc98300e867c1 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 21:51:38 +0100 Subject: [PATCH 8/9] interim: debug --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2dcac54d..8071026e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,9 +35,13 @@ jobs: - name: Lint code - yamllint. run: | yamllint . + pwd + ls -la - name: Lint code - ansible-lint uses: ansible/ansible-lint@v24.12.2 + with: + working_directory: 'geerlingguy.postgresql' molecule: name: Molecule From c406593001ba3a887c3c0cb1771cc0f53cc9e590 Mon Sep 17 00:00:00 2001 From: Klaus Zerwes Date: Wed, 8 Jan 2025 22:04:14 +0100 Subject: [PATCH 9/9] debug molecule --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8071026e..2df4cb09 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,7 +47,7 @@ jobs: name: Molecule runs-on: ubuntu-latest strategy: - fail-fast: ${{ !contains(github.event_name, 'pull_request') }} + #fail-fast: ${{ !contains(github.event_name, 'pull_request') }} matrix: distro: - rockylinux9