aboutsummaryrefslogtreecommitdiff
path: root/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'ansible')
-rw-r--r--ansible/knot-pg-backup.yml56
-rw-r--r--ansible/knot.yml47
2 files changed, 56 insertions, 47 deletions
diff --git a/ansible/knot-pg-backup.yml b/ansible/knot-pg-backup.yml
new file mode 100644
index 0000000..4d0cac1
--- /dev/null
+++ b/ansible/knot-pg-backup.yml
@@ -0,0 +1,56 @@
+---
+- hosts:
+ - knot
+ vars:
+ wal_g: /etc/postgresql/wal-g.env
+ wal_g_bin: /var/lib/postgresql/wal-g
+ pg_v: 15
+ tasks:
+ - name: "mkdir {{ wal_g }}"
+ become: yes
+ file:
+ path: "{{ wal_g }}"
+ state: directory
+ mode: ug=rx,o=
+ owner: root
+ group: postgres
+
+
+ - name: Load values from../knot-pdb.sops.yml
+ community.sops.load_vars:
+ name: env
+ file: ../knot-pdb.sops.yml
+
+ - name: Configure environment
+ become: yes
+ copy:
+ dest: "{{ wal_g }}/{{ item.file }}"
+ content: |
+ {{ item.content }}
+ owner: root
+ group: postgres
+ mode: g=r,u=r,o=
+ loop:
+ - {file: "AWS_ACCESS_KEY_ID", content: "{{ env.AWS_ACCESS_KEY_ID }}"}
+ - {file: "AWS_ENDPOINT", content: "{{ env.AWS_ENDPOINT }}"}
+ - {file: "AWS_REGION", content: "{{ env.AWS_REGION }}"}
+ - {file: "AWS_S3_FORCE_PATH_STYLE", content: "{{ env.AWS_S3_FORCE_PATH_STYLE }}"}
+ - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ env.AWS_SECRET_ACCESS_KEY }}"}
+ - {file: "WALG_S3_PREFIX", content: "{{ env.WALG_S3_PREFIX }}"}
+ - {file: "PGHOST", content: "/var/run/postgresql"}
+
+ - name: /etc/postgresql/{{ pg_v }}/main/wal-g.conf
+ become: yes
+ copy:
+ dest: /etc/postgresql/{{ pg_v }}/main/wal-g.conf
+ content: |
+ archive_mode = yes
+ archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p'
+ archive_timeout = 60
+
+ - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
+ become: yes
+ lineinfile:
+ path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
+ regexp: wal-g.conf
+ line: "include = 'wal-g.conf'"
diff --git a/ansible/knot.yml b/ansible/knot.yml
index 796bdc1..9bd7632 100644
--- a/ansible/knot.yml
+++ b/ansible/knot.yml
@@ -22,50 +22,3 @@
- role: knot-misc
tags: knot-misc
become: true
- tasks:
- - tags: pg-backup
- vars:
- wal_g: /etc/postgresql/wal-g.env
- wal_g_bin: /var/lib/postgresql/wal-g
- block:
- - name: "mkdir {{ wal_g }}"
- become: yes
- file:
- path: "{{ wal_g }}"
- state: directory
- mode: ug=rx,o=
- owner: root
- group: postgres
-
- - name: Configure environment
- become: yes
- copy:
- dest: "{{ wal_g }}/{{ item.file }}"
- content: "{{ item.content }}"
- owner: root
- group: postgres
- mode: g=r,u=r,o=
- loop:
- - {file: "AWS_ACCESS_KEY_ID", content: "{{ pg_backup_knot.sender.access_key }}"}
- - {file: "AWS_ENDPOINT", content: "https://minio.trygvis.io"}
- - {file: "AWS_REGION", content: "us-east-1"}
- - {file: "AWS_S3_FORCE_PATH_STYLE", content: "true"}
- - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ pg_backup_knot.sender.secret_key }}"}
- - {file: "WALG_S3_PREFIX", content: "s3://{{ pg_backup_knot.bucket.name }}"}
- - {file: "PGHOST", content: "/var/run/postgresql"}
-
- - name: /etc/postgresql/13/main/wal-g.conf
- become: yes
- copy:
- dest: /etc/postgresql/13/main/wal-g.conf
- content: |
- archive_mode = yes
- archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p'
- archive_timeout = 60
-
- - name: /etc/postgresql/13/main/postgresql.conf
- become: yes
- lineinfile:
- path: /etc/postgresql/13/main/postgresql.conf
- regexp: wal-g.conf
- line: "include = 'wal-g.conf'"