mirror of
https://bitbucket.org/atlassian/dc-deployments-automation.git
synced 2025-12-13 16:33:08 -06:00
76 lines
2.9 KiB
YAML
76 lines
2.9 KiB
YAML
---
|
|
|
|
- name: Create application DB user
|
|
community.postgresql.postgresql_user:
|
|
login_host: "{{ atl_db_host }}"
|
|
login_user: "{{ atl_db_root_user }}"
|
|
login_password: "{{ atl_db_root_password }}"
|
|
port: "{{ atl_db_port }}"
|
|
name: "{{ atl_jdbc_user }}"
|
|
password: "{{ atl_jdbc_password }}"
|
|
expires: 'infinity'
|
|
|
|
- name: Collect dbcluster db_names
|
|
community.postgresql.postgresql_query:
|
|
login_host: "{{ atl_db_host }}"
|
|
login_user: "{{ atl_db_root_user }}"
|
|
login_password: "{{ atl_db_root_password }}"
|
|
db: "{{ atl_db_root_db_name }}"
|
|
query: "SELECT datname FROM pg_database;"
|
|
register: dbcluster_db_names
|
|
|
|
- block:
|
|
|
|
- name: Update root privs for new user
|
|
community.postgresql.postgresql_privs:
|
|
login_host: "{{ atl_db_host }}"
|
|
login_user: "{{ atl_db_root_user }}"
|
|
login_password: "{{ atl_db_root_password }}"
|
|
database: postgres
|
|
roles: "{{ atl_db_root_user }}"
|
|
objs: "{{ atl_jdbc_user }}"
|
|
type: group
|
|
|
|
# RDS does not allow changing the collation on an existing DB, it only allows collation change on creation of db. If the db already exists, we need the “create new application database” task to be skipped, idempotence can not be relied upon as we cant be certain the collation of the existing db
|
|
- name: Create new application database
|
|
community.postgresql.postgresql_db:
|
|
login_host: "{{ atl_db_host }}"
|
|
login_user: "{{ atl_db_root_user }}"
|
|
login_password: "{{ atl_db_root_password }}"
|
|
port: "{{ atl_db_port }}"
|
|
name: "{{ atl_jdbc_db_name }}"
|
|
owner: "{{ atl_jdbc_user }}"
|
|
encoding: "{{ atl_jdbc_encoding }}"
|
|
lc_collate: "{{ atl_jdbc_collation }}"
|
|
lc_ctype: "{{ atl_jdbc_ctype }}"
|
|
template: "{{ atl_jdbc_template }}"
|
|
register: db_created
|
|
when: "atl_jdbc_db_name not in (dbcluster_db_names.query_result | map(attribute='datname') )"
|
|
|
|
tags:
|
|
- new_only
|
|
|
|
- name: Assert ownership of public schema
|
|
community.postgresql.postgresql_query:
|
|
login_host: "{{ atl_db_host }}"
|
|
login_user: "{{ atl_db_root_user }}"
|
|
login_password: "{{ atl_db_root_password }}"
|
|
db: "{{ atl_jdbc_db_name }}"
|
|
query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
|
|
|
|
- name: Grant privs to root user on public schema
|
|
community.postgresql.postgresql_query:
|
|
login_host: "{{ atl_db_host }}"
|
|
login_user: "{{ atl_db_root_user }}"
|
|
login_password: "{{ atl_db_root_password }}"
|
|
db: "{{ atl_jdbc_db_name }}"
|
|
query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};"
|
|
|
|
- name: Grant privs to application user on public schema
|
|
community.postgresql.postgresql_query:
|
|
login_host: "{{ atl_db_host }}"
|
|
login_user: "{{ atl_db_root_user }}"
|
|
login_password: "{{ atl_db_root_password }}"
|
|
db: "{{ atl_jdbc_db_name }}"
|
|
query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"
|