forked from credativ/ansible-playbook-patroni-debian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
patroni.yml
106 lines (94 loc) · 2.82 KB
/
patroni.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
- name: Setup facts
hosts: "{{ dcs_servers_group }}", "{{ pgsql_servers_group }}"
handlers:
- include: handlers.yml
pre_tasks:
# even if --limit is used with ansible we need to collect the IPs of all
# the hosts, in order to be able to configure the DCS and the DB cluster
#
- name: Gather facts from ALL hosts (regardless of limit or tags)
setup:
delegate_to: "{{ item }}"
delegate_facts: True
when: hostvars[item]['ansible_default_ipv4'] is not defined
with_items: "{{ [ groups[dcs_servers_group], groups[pgsql_servers_group] ] | flatten }}"
tags: always
tasks:
- include: tasks/set_dcs_ips.yml
tags: always
# If you want to configure etcd with certificate based
# authentification, then you need to create and copy
# the certificates to the DCS servers and to the patroni
# servers.
#
# The certificates.yml playbook will set up a CA and
# create etcd certificates. You need to edit, configure
# and include that playbook here, if you want to have
# the certificates set up by that playbook.
#
# Please use a different mechanism for creating a CA,
# certificates and deploying them if this one doesn't
# fit you.
#
#- import_playbook: certificates.yml
- name: Deploy certificates
hosts: "{{ dcs_servers_group }}", "{{ pgsql_servers_group }}"
gather_facts: false
vars_files:
- vars.yml
handlers:
- include: handlers.yml
tasks:
- include: tasks/deploy_certificates.yml
when: use_certificates
# If you enable any of the "firewall" roles below, then
#
# * make sure you'll leave your access port (ssh or such) open
# * set default policy to deny
# * make sure you don't lock yourself out!
- name: Setup DCS servers
hosts: "{{ dcs_servers_group }}"
vars_files:
- vars.yml
handlers:
- include: handlers.yml
become: true
become_user: root
become_method: sudo
roles:
- {{ dcs }}
# enable access to dcs ports. Only implemented for etcd
# - "firewall/{{ dcs }}"
- name: Setup Postgres Servers
hosts: "{{ pgsql_servers_group }}"
handlers:
- include: handlers.yml
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yml
# TODO: do we need this here?
pre_tasks:
- name: Gather facts from ALL hosts (regardless of limit or tags)
setup:
delegate_to: "{{ item }}"
delegate_facts: True
when: hostvars[item]['ansible_default_ipv4'] is not defined
with_items: "{{ [ groups[dcs_servers_group], groups[pgsql_servers_group] ] | flatten }}"
tags:
- config
roles:
- role: consul
when: dcs == "consul"
- postgres
#- firewall/postgres
- patroni
#- firewall/patroni
# if you want to use Hetzner Floating or Failover IPs
#- vip-manager-hetzner
- name
# Enable correct access to patroni/postgres/etcd ports via
# ufw. You'll need to
#