ai-workspace-infra/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
557272bf88
playbooks/roles/vhosts/postgresql_service/tasks/main.yml
Haitao Pan 557272bf88 Make postgresql_service check-mode friendly
2026-04-05 19:15:50 +08:00

251 lines
9.9 KiB
YAML
Raw Blame History

---
- name: Ensure postgresql service base directory exists
ansible.builtin.file:
path: "{{ postgresql_service_base_dir }}"
state: directory
owner: root
group: root
mode: "0755"
- name: Ensure managed postgresql directories exist
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: "0755"
loop:
- "{{ postgresql_service_postgres_compose_dir }}"
- "{{ postgresql_service_postgres_compose_dir }}/env"
- "{{ postgresql_service_postgres_compose_dir }}/config"
- "{{ postgresql_service_stunnel_compose_dir }}"
- "{{ postgresql_service_stunnel_compose_dir }}/conf"
- "{{ postgresql_service_postgres_data_path }}"
- "{{ postgresql_service_postgres_init_scripts_dir }}"
- name: Check whether managed postgres env directory already exists on disk
ansible.builtin.stat:
path: "{{ postgresql_service_postgres_compose_dir }}/env"
register: postgresql_service_postgres_env_dir_stat
- name: Check whether managed postgres compose file already exists on disk
ansible.builtin.stat:
path: "{{ postgresql_service_postgres_compose_file }}"
register: postgresql_service_postgres_compose_file_stat
- name: Check whether managed postgres config directory already exists on disk
ansible.builtin.stat:
path: "{{ postgresql_service_postgres_compose_dir }}/config"
register: postgresql_service_postgres_config_dir_stat
- name: Check whether managed stunnel config directory already exists on disk
ansible.builtin.stat:
path: "{{ postgresql_service_stunnel_compose_dir }}/conf"
register: postgresql_service_stunnel_conf_dir_stat
- name: Check whether managed stunnel compose file already exists on disk
ansible.builtin.stat:
path: "{{ postgresql_service_stunnel_compose_file }}"
register: postgresql_service_stunnel_compose_file_stat
- name: Ensure shared Docker network exists for postgresql service
ansible.builtin.command: docker network inspect "{{ postgresql_service_shared_network }}"
changed_when: false
- name: Ensure postgres Docker network exists for postgresql service
ansible.builtin.command: docker network inspect "{{ postgresql_service_postgres_network }}"
register: postgresql_service_postgres_network_inspect
changed_when: false
failed_when: false
- name: Create postgres Docker network when missing
ansible.builtin.command: docker network create "{{ postgresql_service_postgres_network }}"
when: postgresql_service_postgres_network_inspect.rc != 0
- name: Check for managed postgres env file
ansible.builtin.stat:
path: "{{ postgresql_service_postgres_env_file }}"
register: postgresql_service_postgres_env_stat
- name: Check for legacy postgres env file
ansible.builtin.stat:
path: "{{ postgresql_service_postgres_legacy_env_file }}"
register: postgresql_service_postgres_legacy_env_stat
- name: Determine whether managed postgresql files can be written in this run
ansible.builtin.set_fact:
postgresql_service_postgres_env_writable: "{{ (not ansible_check_mode) or postgresql_service_postgres_env_dir_stat.stat.exists }}"
postgresql_service_postgres_env_editable: "{{ (not ansible_check_mode) or postgresql_service_postgres_env_stat.stat.exists }}"
postgresql_service_postgres_config_writable: "{{ (not ansible_check_mode) or postgresql_service_postgres_config_dir_stat.stat.exists }}"
postgresql_service_stunnel_config_writable: "{{ (not ansible_check_mode) or postgresql_service_stunnel_conf_dir_stat.stat.exists }}"
postgresql_service_postgres_runtime_executable: "{{ (not ansible_check_mode) or postgresql_service_postgres_compose_file_stat.stat.exists }}"
postgresql_service_stunnel_runtime_executable: "{{ (not ansible_check_mode) or postgresql_service_stunnel_compose_file_stat.stat.exists }}"
- name: Seed managed postgres env file from legacy deployment
ansible.builtin.copy:
src: "{{ postgresql_service_postgres_legacy_env_file }}"
dest: "{{ postgresql_service_postgres_env_file }}"
remote_src: true
owner: root
group: root
mode: "0600"
when:
- postgresql_service_postgres_env_writable
- not postgresql_service_postgres_env_stat.stat.exists
- postgresql_service_postgres_legacy_env_stat.stat.exists
- name: Render managed postgres env file from defaults
ansible.builtin.template:
src: postgres.env.j2
dest: "{{ postgresql_service_postgres_env_file }}"
owner: root
group: root
mode: "0600"
when:
- postgresql_service_postgres_env_writable
- not postgresql_service_postgres_env_stat.stat.exists
- not postgresql_service_postgres_legacy_env_stat.stat.exists
- name: Ensure managed postgres data path is present in env file
ansible.builtin.lineinfile:
path: "{{ postgresql_service_postgres_env_file }}"
regexp: '^PG_DATA_PATH='
line: "PG_DATA_PATH={{ postgresql_service_postgres_data_path }}"
state: present
when: postgresql_service_postgres_env_editable
- name: Ensure managed postgres local port is present in env file
ansible.builtin.lineinfile:
path: "{{ postgresql_service_postgres_env_file }}"
regexp: '^PG_LOCAL_PORT='
line: "PG_LOCAL_PORT={{ postgresql_service_postgres_port }}"
state: present
when: postgresql_service_postgres_env_editable
- name: Ensure managed postgres major tag is present in env file
ansible.builtin.lineinfile:
path: "{{ postgresql_service_postgres_env_file }}"
regexp: '^PG_MAJOR='
line: "PG_MAJOR={{ postgresql_service_postgres_major }}"
state: present
when: postgresql_service_postgres_env_editable
- name: Render managed postgresql.conf
ansible.builtin.template:
src: postgresql.conf.j2
dest: "{{ postgresql_service_postgres_config_file }}"
owner: root
group: root
mode: "0644"
when: postgresql_service_postgres_config_writable
- name: Render managed postgres compose file
ansible.builtin.template:
src: postgres-compose.yml.j2
dest: "{{ postgresql_service_postgres_compose_file }}"
owner: root
group: root
mode: "0644"
when: postgresql_service_postgres_config_writable
- name: Check stunnel certificate file
ansible.builtin.stat:
path: "{{ postgresql_service_stunnel_cert_file }}"
register: postgresql_service_stunnel_cert_stat
- name: Check stunnel key file
ansible.builtin.stat:
path: "{{ postgresql_service_stunnel_key_file }}"
register: postgresql_service_stunnel_key_stat
- name: Fail when stunnel certificate files are missing
ansible.builtin.fail:
msg: >-
stunnel certificate material is missing. Expected
{{ postgresql_service_stunnel_cert_file }} and {{ postgresql_service_stunnel_key_file }}.
when:
- not postgresql_service_stunnel_cert_stat.stat.exists or not postgresql_service_stunnel_key_stat.stat.exists
- name: Render managed stunnel config
ansible.builtin.template:
src: stunnel.conf.j2
dest: "{{ postgresql_service_stunnel_config_file }}"
owner: root
group: root
mode: "0644"
when: postgresql_service_stunnel_config_writable
- name: Render managed stunnel compose file
ansible.builtin.template:
src: stunnel-compose.yml.j2
dest: "{{ postgresql_service_stunnel_compose_file }}"
owner: root
group: root
mode: "0644"
when: postgresql_service_stunnel_config_writable
- name: Pull postgres image when enabled
ansible.builtin.command: docker compose -f "{{ postgresql_service_postgres_compose_file }}" pull postgres
args:
chdir: "{{ postgresql_service_postgres_compose_dir }}"
when:
- postgresql_service_postgres_pull_image | bool
- postgresql_service_postgres_runtime_executable
- name: Remove existing postgres container before managed recreate
ansible.builtin.shell: |
set -euo pipefail
ids="$(docker ps -aq --filter name=^/{{ postgresql_service_postgres_container_name }}$)"
if [ -n "${ids}" ]; then
docker rm -f ${ids}
fi
args:
executable: /bin/bash
register: postgresql_service_postgres_cleanup
changed_when: postgresql_service_postgres_cleanup.stdout | trim != ""
when: postgresql_service_postgres_runtime_executable
- name: Start managed postgres compose target
ansible.builtin.command: docker compose -f "{{ postgresql_service_postgres_compose_file }}" up -d --force-recreate --remove-orphans
args:
chdir: "{{ postgresql_service_postgres_compose_dir }}"
when: postgresql_service_postgres_runtime_executable
- name: Wait for postgres container health
ansible.builtin.command: >-
docker inspect --format={{ '{{' }}if .State.Health{{ '}}' }}{{ '{{' }}.State.Health.Status{{ '}}' }}{{ '{{' }}else{{ '}}' }}unknown{{ '{{' }}end{{ '}}' }}
{{ postgresql_service_postgres_container_name }}
register: postgresql_service_postgres_health
changed_when: false
retries: "{{ postgresql_service_postgres_wait_retries }}"
delay: "{{ postgresql_service_postgres_wait_delay }}"
until: postgresql_service_postgres_health.stdout | trim == 'healthy'
when: postgresql_service_postgres_runtime_executable
- name: Pull stunnel image when enabled
ansible.builtin.command: docker compose -f "{{ postgresql_service_stunnel_compose_file }}" pull stunnel
args:
chdir: "{{ postgresql_service_stunnel_compose_dir }}"
when:
- postgresql_service_stunnel_pull_image | bool
- postgresql_service_stunnel_runtime_executable
- name: Remove existing stunnel container before managed recreate
ansible.builtin.shell: |
set -euo pipefail
ids="$(docker ps -aq --filter name=^/{{ postgresql_service_stunnel_container_name }}$)"
if [ -n "${ids}" ]; then
docker rm -f ${ids}
fi
args:
executable: /bin/bash
register: postgresql_service_stunnel_cleanup
changed_when: postgresql_service_stunnel_cleanup.stdout | trim != ""
when: postgresql_service_stunnel_runtime_executable
- name: Start managed stunnel compose target
ansible.builtin.command: docker compose -f "{{ postgresql_service_stunnel_compose_file }}" up -d --force-recreate --remove-orphans
args:
chdir: "{{ postgresql_service_stunnel_compose_dir }}"
when: postgresql_service_stunnel_runtime_executable
Reference in New Issue View Git Blame Copy Permalink