uclalib_postgres.yml

---
- name: uclalib_postgres.yml
  become: yes
  become_method: sudo
  hosts: all

  vars_files:
    - [ "vars/travis-builds/{{ travischeck }}", "vars/dspace_vars_private.yml" ]

  vars:
    iptables_alt_allowed_input_rules:
      - src_ip: 164.67.153.0/24
        protocol: tcp
        dest_port: 5432
    postgresql_version: 9.5
    postgresql_encoding: 'UTF-8'
    postgresql_locale: 'en_US.UTF-8'
    postgresql_ctype: 'en_US.UTF-8'
    postgresql_admin_user: "postgres"
    postgresql_default_auth_method: "md5"
    postgresql_service_enabled: true
    postgresql_pg_hba_default:
      - { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: trust, comment: 'PostgreSQL admin user' }
      - { type: local, database: all, user: all, address: '', method: md5, comment: 'Unix socket connections' }
      - { type: host, database: all, user: all, address: '127.0.0.1/32', method: md5, comment: 'IPv4 local connections' }
    postgresql_pg_hba_passwd_hosts:
      - t-w-dspace01.library.ucla.edu
      - p-w-dspace01.library.ucla.edu
    postgresql_listen_addresses:
      - "*"

    # create a postgresql user for dspace
    postgresql_users:
      - name: "{{ postgres_build['test']['dataden']['user']['username'] }}"
        pass: "{{ postgres_build['test']['dataden']['user']['password'] }}"
        encrypted: yes
      - name: "{{ postgres_build['test']['vsim']['user']['username'] }}"
        pass: "{{ postgres_build['test']['vsim']['user']['password'] }}"
        encrypted: yes
      - name: "{{ postgres_build['prod']['dataden']['user']['username'] }}"
        pass: "{{ postgres_build['prod']['dataden']['user']['password'] }}"
        encrypted: yes
      - name: "{{ postgres_build['prod']['vsim']['user']['username'] }}"
        pass: "{{ postgres_build['prod']['vsim']['user']['password'] }}"
        encrypted: yes

    # create a database for dspace
    postgresql_databases:
      - name: "{{ postgres_build['test']['dataden']['dbname'] }}"
        owner: "{{ postgres_build['test']['dataden']['user']['username'] }}"
        encoding: 'UTF-8'
        lc_collate: 'en_US.UTF-8'
        lc_ctype: 'en_US.UTF-8'
      - name: "{{ postgres_build['test']['vsim']['dbname'] }}"
        owner: "{{ postgres_build['test']['vsim']['user']['username'] }}"
        encoding: 'UTF-8'
        lc_collate: 'en_US.UTF-8'
        lc_ctype: 'en_US.UTF-8'
      - name: "{{ postgres_build['prod']['dataden']['dbname'] }}"
        owner: "{{ postgres_build['prod']['dataden']['user']['username'] }}"
        encoding: 'UTF-8'
        lc_collate: 'en_US.UTF-8'
        lc_ctype: 'en_US.UTF-8'
      - name: "{{ postgres_build['prod']['vsim']['dbname'] }}"
        owner: "{{ postgres_build['prod']['vsim']['user']['username'] }}"
        encoding: 'UTF-8'
        lc_collate: 'en_US.UTF-8'
        lc_ctype: 'en_US.UTF-8'

    # OPTIONAL: you can specify database extensions here (like pgcrypto, which is required for DSapce 6)
    postgresql_database_extensions:
      - db: "{{ postgres_build['test']['dataden']['dbname'] }}"
        extensions:
          - pgcrypto
      - db: "{{ postgres_build['test']['vsim']['dbname'] }}"
        extensions:
          - pgcrypto
      - db: "{{ postgres_build['prod']['dataden']['dbname'] }}"
        extensions:
          - pgcrypto
      - db: "{{ postgres_build['prod']['vsim']['dbname'] }}"
        extensions:
          - pgcrypto

    # database privileges for the dspace user
    postgresql_user_privileges:
      - name: "{{ postgres_build['test']['dataden']['user']['username'] }}"
        db: "{{ postgres_build['test']['dataden']['dbname'] }}"
        priv: "ALL"
        role_attr_flags: "CREATEDB"
      - name: "{{ postgres_build['test']['vsim']['user']['username'] }}"
        db: "{{ postgres_build['test']['vsim']['dbname'] }}"
        priv: "ALL"
        role_attr_flags: "CREATEDB"
      - name: "{{ postgres_build['prod']['dataden']['user']['username'] }}"
        db: "{{ postgres_build['prod']['dataden']['dbname'] }}"
        priv: "ALL"
        role_attr_flags: "CREATEDB"
      - name: "{{ postgres_build['prod']['vsim']['user']['username'] }}"
        db: "{{ postgres_build['prod']['vsim']['dbname'] }}"
        priv: "ALL"
        role_attr_flags: "CREATEDB"

    # drop a pgpass file in our own user folder, to make working with PostgreSQL via the command line slightly easier
#    template: src=templates/dspace_pgpass.j2 dest="~/.pgpass" mode=0600

  roles:
    - { role: uclalib_role_postgres }