From 37919e19d3545dfcc4a2ef6282f305e011feb306 Mon Sep 17 00:00:00 2001 From: Thomas Basler Date: Wed, 2 Oct 2024 23:19:54 +0200 Subject: [PATCH] pgadmin4: Add role to install and configure pgadmin4 --- roles/pgadmin4/defaults/main.yml | 10 ++ roles/pgadmin4/handlers/main.yml | 6 + roles/pgadmin4/meta/main.yml | 11 ++ roles/pgadmin4/tasks/main.yml | 119 +++++++++++++++++++ roles/pgadmin4/templates/config_system.py.j2 | 4 + roles/pgadmin4/templates/pgadmin4.service.j2 | 29 +++++ 6 files changed, 179 insertions(+) create mode 100644 roles/pgadmin4/defaults/main.yml create mode 100644 roles/pgadmin4/handlers/main.yml create mode 100644 roles/pgadmin4/meta/main.yml create mode 100644 roles/pgadmin4/tasks/main.yml create mode 100644 roles/pgadmin4/templates/config_system.py.j2 create mode 100644 roles/pgadmin4/templates/pgadmin4.service.j2 diff --git a/roles/pgadmin4/defaults/main.yml b/roles/pgadmin4/defaults/main.yml new file mode 100644 index 0000000..7da5e34 --- /dev/null +++ b/roles/pgadmin4/defaults/main.yml @@ -0,0 +1,10 @@ +--- + +pgadmin4_user: pgadmin4 +pgadmin4_db_database: pgadmin4 +pgadmin4_db_user: pgadmin4 +pgadmin4_db_password: xxxxx +pgadmin4_conf_dir: /etc/pgadmin + +pgadmin4_initial_user_email: admin@admin.com +pgadmin4_initial_user_password: admin42 diff --git a/roles/pgadmin4/handlers/main.yml b/roles/pgadmin4/handlers/main.yml new file mode 100644 index 0000000..c0bf955 --- /dev/null +++ b/roles/pgadmin4/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: Restart pgadmin4 + ansible.builtin.service: + name: pgadmin4 + state: restarted diff --git a/roles/pgadmin4/meta/main.yml b/roles/pgadmin4/meta/main.yml new file mode 100644 index 0000000..1cf895d --- /dev/null +++ b/roles/pgadmin4/meta/main.yml @@ -0,0 +1,11 @@ +--- + +galaxy_info: + author: Thomas Basler + description: Install PgAdmin4 + license: None + platforms: + - name: Debian + min_ansible_version: "2.4" + +dependencies: [] diff --git a/roles/pgadmin4/tasks/main.yml b/roles/pgadmin4/tasks/main.yml new file mode 100644 index 0000000..3a6355e --- /dev/null +++ b/roles/pgadmin4/tasks/main.yml @@ -0,0 +1,119 @@ +--- + +- name: PgAdmin 4 | add GPG signing key + become: true + ansible.builtin.apt_key: + url: "https://www.pgadmin.org/static/packages_pgadmin_org.pub" + state: present + validate_certs: true + tags: install + +- name: PgAdmin 4 | add official repository + become: true + ansible.builtin.apt_repository: + repo: "deb https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/bookworm pgadmin4 main" + state: present + filename: pgadmin4 + update_cache: true + tags: install + +- name: PgAdmin 4 | establish dependencies + become: true + ansible.builtin.apt: + name: "{{ item }}" + state: present + tags: install + loop: ["pgadmin4-server", "uwsgi-core", "uwsgi-plugin-python3", "python3-pexpect"] + +- name: PgAdmin 4 | Configure PostgreSQL database + community.general.postgresql_db: + name: "{{ pgadmin4_db_database }}" + template: template0 + encoding: utf8 + become: true + become_user: postgres + register: pgadmin4_db + +- name: PgAdmin 4 | Configure PostgreSQL user + community.general.postgresql_user: + db: "{{ pgadmin4_db_database }}" + name: "{{ pgadmin4_db_user }}" + password: "{{ pgadmin4_db_password }}" + become: true + become_user: postgres + +- name: PgAdmin 4 | Configure PostgreSQL user privileges + community.postgresql.postgresql_privs: + database: "{{ pgadmin4_db_database }}" + state: present + privs: ALL + type: database + role: "{{ pgadmin4_db_user }}" + become: true + become_user: postgres + +- name: PgAdmin 4 | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ pgadmin4_db_user }} + community.postgresql.postgresql_privs: + db: "{{ pgadmin4_db_database }}" + privs: ALL + type: schema + objs: public + role: "{{ pgadmin4_db_user }}" + become: true + become_user: postgres + +- name: Create user + ansible.builtin.user: + name: "{{ pgadmin4_user }}" + comment: "pgAdmin 4" + createhome: false + system: true + shell: "/sbin/nologin" + +- name: PgAdmin 4 | create config directory + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: "02775" + owner: "root" + group: "root" + with_items: + - "{{ pgadmin4_conf_dir }}" + +- name: PgAdmin 4 | install config file + ansible.builtin.template: + src: config_system.py.j2 + dest: "{{ pgadmin4_conf_dir }}/config_system.py" + owner: root + group: root + mode: "0644" + notify: Restart pgadmin4 + +- name: PgAdmin 4 | install systemd unit file + ansible.builtin.template: + src: pgadmin4.service.j2 + dest: "/etc/systemd/system/pgadmin4.service" + owner: root + group: root + mode: "0644" + notify: Restart pgadmin4 + +- name: PgAdmin 4 | enable service + ansible.builtin.service: + name: pgadmin4 + enabled: true + +- name: PgAdmin 4 | setup pgadmin # noqa: no-handler + ansible.builtin.expect: + command: /bin/bash -c "/usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py setup-db" + chdir: /usr/pgadmin4/web/ + echo: true + timeout: 300 + responses: + 'Email\ address:': "{{ pgadmin4_initial_user_email | trim }}" + 'Password:': "{{ pgadmin4_initial_user_password | trim }}" + 'Retype\ password:': "{{ pgadmin4_initial_user_password | trim }}" + 'Do\ you\ wish\ to\ continue\ \(y/n\)\?': "y" + 'Would\ you\ like\ to\ continue\ \(y/n\)\?': "y" + when: pgadmin4_db.changed + notify: Restart pgadmin4 diff --git a/roles/pgadmin4/templates/config_system.py.j2 b/roles/pgadmin4/templates/config_system.py.j2 new file mode 100644 index 0000000..5a56136 --- /dev/null +++ b/roles/pgadmin4/templates/config_system.py.j2 @@ -0,0 +1,4 @@ +LOG_FILE = '/var/log/pgadmin/pgadmin4.log' +CONFIG_DATABASE_URI = 'postgresql://{{ pgadmin4_db_user }}:{{ pgadmin4_db_password }}@localhost:5432/{{ pgadmin4_db_database }}' +SESSION_DB_PATH = '/var/lib/pgadmin/sessions' +STORAGE_DIR = '/var/lib/pgadmin/storage' \ No newline at end of file diff --git a/roles/pgadmin4/templates/pgadmin4.service.j2 b/roles/pgadmin4/templates/pgadmin4.service.j2 new file mode 100644 index 0000000..cfa45aa --- /dev/null +++ b/roles/pgadmin4/templates/pgadmin4.service.j2 @@ -0,0 +1,29 @@ +[Unit] +Description = PgAdmin4 uwsgi Service +After = network.target network-online.target +Wants = network-online.target + +[Service] +User={{ pgadmin4_user }} +StateDirectory=pgadmin +RuntimeDirectory=pgadmin4 +LogsDirectory=pgadmin +ExecStart=uwsgi \ + --socket /run/pgadmin4/pgadmin4.sock --chmod-socket=666 \ + --plugin python3 \ + -H /usr/pgadmin4/venv \ + --processes 1 \ + --threads 25 \ + --chdir /usr/pgadmin4/web/ \ + --manage-script-name \ + --mount /pgadmin4=pgAdmin4:app +ExecReload=/bin/kill -HUP $MAINPID +ExecStop=/bin/kill -INT $MAINPID +Restart=always +Type=notify +StandardError=syslog +NotifyAccess=all +KillSignal=SIGQUIT + +[Install] +WantedBy = multi-user.target \ No newline at end of file