infra/roles/pdns/tasks/postgresql-read.yml

37 lines
1 KiB
YAML
Raw Normal View History

2024-01-17 17:45:49 +00:00
- name: create db in postgres
community.postgresql.postgresql_db:
name: pdns
notify:
- create db schema
- meta: flush_handlers # schema must be created before permission grants happen
- name: create postgres pdns user
community.postgresql.postgresql_user:
name: pdns
db: pdns
password: "{{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}"
- name: grant postgres pdns user permissions
community.postgresql.postgresql_privs:
database: pdns
roles: pdns
type: "{{ item }}"
privs: all
objs: ALL_IN_SCHEMA
with_items: ["table", "sequence"]
- name: create subscription
community.postgresql.postgresql_subscription:
db: pdns
name: pdns_{{ ansible_hostname }}
publications: pdns
connparams:
host: 10.6.0.1
port: 5432
user: "replication"
password: "{{ lookup('ansible.builtin.password', 'secrets/pg-replication-password.txt', length=15) }}"
dbname: pdns
subsparams:
copy_data: true