diff options
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/knot-pg-backup.yml | 56 | ||||
-rw-r--r-- | ansible/knot.yml | 47 |
2 files changed, 56 insertions, 47 deletions
diff --git a/ansible/knot-pg-backup.yml b/ansible/knot-pg-backup.yml new file mode 100644 index 0000000..4d0cac1 --- /dev/null +++ b/ansible/knot-pg-backup.yml @@ -0,0 +1,56 @@ +--- +- hosts: + - knot + vars: + wal_g: /etc/postgresql/wal-g.env + wal_g_bin: /var/lib/postgresql/wal-g + pg_v: 15 + tasks: + - name: "mkdir {{ wal_g }}" + become: yes + file: + path: "{{ wal_g }}" + state: directory + mode: ug=rx,o= + owner: root + group: postgres + + + - name: Load values from../knot-pdb.sops.yml + community.sops.load_vars: + name: env + file: ../knot-pdb.sops.yml + + - name: Configure environment + become: yes + copy: + dest: "{{ wal_g }}/{{ item.file }}" + content: | + {{ item.content }} + owner: root + group: postgres + mode: g=r,u=r,o= + loop: + - {file: "AWS_ACCESS_KEY_ID", content: "{{ env.AWS_ACCESS_KEY_ID }}"} + - {file: "AWS_ENDPOINT", content: "{{ env.AWS_ENDPOINT }}"} + - {file: "AWS_REGION", content: "{{ env.AWS_REGION }}"} + - {file: "AWS_S3_FORCE_PATH_STYLE", content: "{{ env.AWS_S3_FORCE_PATH_STYLE }}"} + - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ env.AWS_SECRET_ACCESS_KEY }}"} + - {file: "WALG_S3_PREFIX", content: "{{ env.WALG_S3_PREFIX }}"} + - {file: "PGHOST", content: "/var/run/postgresql"} + + - name: /etc/postgresql/{{ pg_v }}/main/wal-g.conf + become: yes + copy: + dest: /etc/postgresql/{{ pg_v }}/main/wal-g.conf + content: | + archive_mode = yes + archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p' + archive_timeout = 60 + + - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf + become: yes + lineinfile: + path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf + regexp: wal-g.conf + line: "include = 'wal-g.conf'" diff --git a/ansible/knot.yml b/ansible/knot.yml index 796bdc1..9bd7632 100644 --- a/ansible/knot.yml +++ b/ansible/knot.yml @@ -22,50 +22,3 @@ - role: knot-misc tags: knot-misc become: true - tasks: - - tags: pg-backup - vars: - wal_g: /etc/postgresql/wal-g.env - wal_g_bin: /var/lib/postgresql/wal-g - block: - - name: "mkdir {{ wal_g }}" - become: yes - file: - path: "{{ wal_g }}" - state: directory - mode: ug=rx,o= - owner: root - group: postgres - - - name: Configure environment - become: yes - copy: - dest: "{{ wal_g }}/{{ item.file }}" - content: "{{ item.content }}" - owner: root - group: postgres - mode: g=r,u=r,o= - loop: - - {file: "AWS_ACCESS_KEY_ID", content: "{{ pg_backup_knot.sender.access_key }}"} - - {file: "AWS_ENDPOINT", content: "https://minio.trygvis.io"} - - {file: "AWS_REGION", content: "us-east-1"} - - {file: "AWS_S3_FORCE_PATH_STYLE", content: "true"} - - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ pg_backup_knot.sender.secret_key }}"} - - {file: "WALG_S3_PREFIX", content: "s3://{{ pg_backup_knot.bucket.name }}"} - - {file: "PGHOST", content: "/var/run/postgresql"} - - - name: /etc/postgresql/13/main/wal-g.conf - become: yes - copy: - dest: /etc/postgresql/13/main/wal-g.conf - content: | - archive_mode = yes - archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p' - archive_timeout = 60 - - - name: /etc/postgresql/13/main/postgresql.conf - become: yes - lineinfile: - path: /etc/postgresql/13/main/postgresql.conf - regexp: wal-g.conf - line: "include = 'wal-g.conf'" |