- name: misc packages tags: packages apt: name: "{{ item }}" install_recommends: no with_items: - python-psycopg2 - python3-psycopg2 - name: accounts for sz-ds tags: user block: - name: create sz-ds user user: name: sz-ds shell: "/bin/bash" createhome: no home: /opt/sz-ds system: yes - file: state: directory path: /opt/sz-ds owner: sz-ds mode: u=rwx,go= - file: state: directory path: /opt/sz-ds/bin - copy: src: opt/sz-ds/bash_profile dest: /opt/sz-ds/.bash_profile - name: flyway for sz-ds tags: flyway block: - name: mkdir /opt/sz-ds/flyway file: state: directory path: /opt/sz-ds/flyway - template: src: opt/sz-ds/bin/flyway.j2 dest: /opt/sz-ds/bin/flyway mode: a=rx - name: Download and extract Flyway {{ flyway_version }} unarchive: src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip" dest: /opt/sz-ds/flyway creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}" remote_src: yes - file: path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway" mode: a=rx # flyway.conf is created later - name: sz-ds database tags: sz-ds-pg become: yes become_user: postgres vars: ansible_ssh_pipelining: true block: - name: sz-ds postgresql_user: name: sz-ds role_attr_flags: "NOLOGIN" - name: sz-ds-flyway tags: update-password postgresql_user: name: sz-ds-flyway password: "{{ sz_ds_secret.db_password_flyway }}" encrypted: yes - name: sz-ds-web tags: update-password postgresql_user: name: sz-ds-web password: "{{ sz_ds_secret.db_password_web }}" encrypted: yes - name: sz-ds db postgresql_db: name: "sz-ds" encoding: "utf-8" owner: "sz-ds" - postgresql_privs: database: sz-ds state: present privs: USAGE type: schema objs: public roles: sz-ds-web,sz-ds-flyway