AZURE-210 Deploy Crowd DC to Azure

2025-12-17 02:13:06 -06:00 · 2020-05-19 11:13:11 +01:00
parent 0fbc7609a1
commit e78af09b8b
37 changed files with 1396 additions and 200 deletions
--- a/roles/database_init/tasks/main.yml
+++ b/roles/database_init/tasks/main.yml
@@ -1,19 +1,20 @@
---
-
 - name: Create application DB user
  postgresql_user:
+    db: "{{ atl_db_root_db_name }}"
    login_host: "{{ atl_db_host }}"
-    login_user: "{{ atl_db_root_user }}"
+    login_user: "{{ atl_db_root_user_login }}"
    login_password: "{{ atl_db_root_password }}"
+    login_db: "{{ atl_db_root_db_name }}"
    port: "{{ atl_db_port }}"
    name: "{{ atl_jdbc_user }}"
    password: "{{ atl_jdbc_password }}"
    expires: 'infinity'
+    ssl_mode: 'require'

 - name: Collect dbcluster db_names
  postgresql_query:
    login_host: "{{ atl_db_host }}"
-    login_user: "{{ atl_db_root_user }}"
+    login_user: "{{ atl_db_root_user_login }}"
    login_password: "{{ atl_db_root_password }}"
    db: "{{ atl_db_root_db_name }}"
    query: "SELECT datname FROM pg_database;"
@@ -24,18 +25,18 @@
    - name: Update root privs for new user
      postgresql_privs:
        login_host: "{{ atl_db_host }}"
-        login_user: "{{ atl_db_root_user }}"
+        login_user: "{{ atl_db_root_user_login }}"
        login_password: "{{ atl_db_root_password }}"
        database: postgres
        roles: "{{ atl_db_root_user }}"
        objs: "{{ atl_jdbc_user }}"
        type: group

-# RDS does not allow changing the collation on an existing DB, it only allows collation change on creation of db. If the db already exists, we need the “create new application database” task to be skipped, idempotence can not be relied upon as we cant be certain the collation of the existing db
+    # RDS does not allow changing the collation on an existing DB, it only allows collation change on creation of db. If the db already exists, we need the “create new application database” task to be skipped, idempotence can not be relied upon as we cant be certain the collation of the existing db
    - name: Create new application database
      postgresql_db:
        login_host: "{{ atl_db_host }}"
-        login_user: "{{ atl_db_root_user }}"
+        login_user: "{{ atl_db_root_user_login }}"
        login_password: "{{ atl_db_root_password }}"
        port: "{{ atl_db_port }}"
        name: "{{ atl_jdbc_db_name }}"
@@ -53,7 +54,7 @@
 - name: Assert ownership of public schema
  postgresql_query:
    login_host: "{{ atl_db_host }}"
-    login_user: "{{ atl_db_root_user }}"
+    login_user: "{{ atl_db_root_user_login }}"
    login_password: "{{ atl_db_root_password }}"
    db: "{{ atl_jdbc_db_name }}"
    query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
@@ -61,7 +62,7 @@
 - name: Grant privs to root user on public schema
  postgresql_query:
    login_host: "{{ atl_db_host }}"
-    login_user: "{{ atl_db_root_user }}"
+    login_user: "{{ atl_db_root_user_login }}"
    login_password: "{{ atl_db_root_password }}"
    db: "{{ atl_jdbc_db_name }}"
    query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};"
@@ -69,7 +70,7 @@
 - name: Grant privs to application user on public schema
  postgresql_query:
    login_host: "{{ atl_db_host }}"
-    login_user: "{{ atl_db_root_user }}"
+    login_user: "{{ atl_db_root_user_login }}"
    login_password: "{{ atl_db_root_password }}"
    db: "{{ atl_jdbc_db_name }}"
-    query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"
+    query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"