From d77a2af7acee55457f4cab5f3acc8e3060564196 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Wed, 20 Jan 2021 10:29:19 +0100
Subject: Minio + wal-g

---
 ansible/inventory-terraform               |  8 ++++++
 ansible/knot.yml                          | 47 +++++++++++++++++++++++++++++++
 ansible/terraform-to-ansible-inventory.py |  2 +-
 3 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100755 ansible/inventory-terraform

(limited to 'ansible')

diff --git a/ansible/inventory-terraform b/ansible/inventory-terraform
new file mode 100755
index 0000000..6eeba30
--- /dev/null
+++ b/ansible/inventory-terraform
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -euo pipefail
+
+basedir=$(dirname $0)
+
+(cd "$basedir/../terraform" && terraform output -json) |\
+    "$basedir/env/bin/python" "$basedir/terraform-to-ansible-inventory.py"
diff --git a/ansible/knot.yml b/ansible/knot.yml
index 9bd7632..796bdc1 100644
--- a/ansible/knot.yml
+++ b/ansible/knot.yml
@@ -22,3 +22,50 @@
     - role: knot-misc
       tags: knot-misc
       become: true
+  tasks:
+    - tags: pg-backup
+      vars:
+        wal_g: /etc/postgresql/wal-g.env
+        wal_g_bin: /var/lib/postgresql/wal-g
+      block:
+        - name: "mkdir {{ wal_g }}"
+          become: yes
+          file:
+            path: "{{ wal_g }}"
+            state: directory
+            mode: ug=rx,o=
+            owner: root
+            group: postgres
+
+        - name: Configure environment
+          become: yes
+          copy:
+            dest: "{{ wal_g }}/{{ item.file }}"
+            content: "{{ item.content }}"
+            owner: root
+            group: postgres
+            mode: g=r,u=r,o=
+          loop:
+            - {file: "AWS_ACCESS_KEY_ID", content: "{{ pg_backup_knot.sender.access_key }}"}
+            - {file: "AWS_ENDPOINT", content: "https://minio.trygvis.io"}
+            - {file: "AWS_REGION", content: "us-east-1"}
+            - {file: "AWS_S3_FORCE_PATH_STYLE", content: "true"}
+            - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ pg_backup_knot.sender.secret_key }}"}
+            - {file: "WALG_S3_PREFIX", content: "s3://{{ pg_backup_knot.bucket.name }}"}
+            - {file: "PGHOST", content: "/var/run/postgresql"}
+
+        - name: /etc/postgresql/13/main/wal-g.conf
+          become: yes
+          copy:
+            dest: /etc/postgresql/13/main/wal-g.conf
+            content: |
+             archive_mode = yes
+             archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p'
+             archive_timeout = 60
+
+        - name: /etc/postgresql/13/main/postgresql.conf
+          become: yes
+          lineinfile:
+            path: /etc/postgresql/13/main/postgresql.conf
+            regexp: wal-g.conf
+            line: "include = 'wal-g.conf'"
diff --git a/ansible/terraform-to-ansible-inventory.py b/ansible/terraform-to-ansible-inventory.py
index 25b402b..6e2e4a9 100644
--- a/ansible/terraform-to-ansible-inventory.py
+++ b/ansible/terraform-to-ansible-inventory.py
@@ -10,4 +10,4 @@ for k, v in blob.items():
   new[k] = v["value"]
 
 new = {"all": {"vars": new}}
-json.dump(new, fp=sys.stdout)
+json.dump(new, fp=sys.stdout, indent=2)
-- 
cgit v1.2.3