Merge branch 'master' into fix_password_encryption

Author: egmont1227

.travis.yml

@@ -9,11 +9,10 @@ services:
 
 env:
   matrix:
-    - IMAGE_NAME="ubuntu:16.04-builded"
+## DISABLED ##    - IMAGE_NAME="ubuntu:16.04-builded"
     - IMAGE_NAME="debian:8-builded"
     - IMAGE_NAME="debian:9-builded"
     - IMAGE_NAME="centos:7-builded"
-    - IMAGE_NAME="centos:6-builded"
 ## DISABLED ##    - IMAGE_NAME="fedora:27-builded"
 install:
   - pip install ansible=="2.4.4.0" docker-py

README.md

@@ -1,4 +1,4 @@
-## ANXS - PostgreSQL [![Build Status](https://travis-ci.org/ANXS/postgresql.svg?branch=master)](https://travis-ci.org/ANXS/postgresql)
+## ANXS - PostgreSQL [![Build Status](https://travis-ci.com/ANXS/postgresql.svg?branch=master)](https://travis-ci.com/ANXS/postgresql)
 
 ---
 Help Wanted! If you are able and willing to help maintain this Ansible role then please open a GitHub issue. A lot of people seem to use this role and we (quite obviously) need assistance!
@@ -20,12 +20,32 @@ ansible-galaxy install ANXS.postgresql
 
 #### Example Playbook
 
-Including an example of how to use your role:
+An example how to include this role:
 
-    - hosts: postgresql-server
+```yml
+---
+- hosts: postgresql-server
+  roles:
+    - role: ANXS.postgresql
       become: yes
-      roles:
-         - { role: anxs.postgresql }
+```
+
+An example how to include this role as a task:
+
+```yml
+---
+- hosts: postgresql-server
+  tasks:
+    - block: # workaround, see https://stackoverflow.com/a/56558842
+        - name: PSQL installation and configuration
+          include_role:
+            name: ANXS.postgresql
+          vars:
+            postgresql_users:
+              - name: abc
+                password: abc
+      become: true
+```
 
 #### Dependencies
 
@@ -34,16 +54,13 @@ Including an example of how to use your role:
 
 #### Compatibility matrix
 
-| Distribution / PostgreSQL | <= 9.3 | 9.4 | 9.5 | 9.6 | 10 | 11 | 12 |
-| ------------------------- |:---:|:---:|:---:|:---:|:--:|:--:|:--:|
-| Ubuntu 14.04 | :no_entry: | :no_entry:| :no_entry:| :no_entry:| :no_entry:| :no_entry:| :no_entry:|
-| Ubuntu 16.04 | :no_entry: | :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:|
-| Debian 8.x | :no_entry: | :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:|
-| Debian 9.x | :no_entry: | :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:|
-| CentOS 6.x | :no_entry: | :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:|
-| CentOS 7.x | :no_entry: | :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:| :white_check_mark:|
-| CentOS 8.x | :no_entry: | :grey_question:| :grey_question:| :grey_question:| :grey_question:| :grey_question:| :grey_question:|
-| Fedora latest | :no_entry: | :x:| :x:| :x:| :x:| :x:| :x:|
+| Distribution / PostgreSQL | 9.5 | 9.6 | 10 | 11 | 12 | 13 |
+| ------------------------- |:---:|:---:|:--:|:--:|:--:|:--:|
+| Debian 8.x |  :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |:no_entry: |
+| Debian 9.x |  :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |:no_entry: |
+| CentOS 7.x |  :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |:no_entry: |
+| CentOS 8.x |  :grey_question: | :grey_question: | :grey_question: | :grey_question: | :grey_question: | :no_entry: |
+| Fedora latest | :x: | :x: | :x: | :x: | :x: | :x: |
 
 - :white_check_mark: - tested, works fine
 - :warning: - Not for production use
@@ -79,6 +96,7 @@ postgresql_databases:
     uuid_ossp: yes      # flag to install the uuid-ossp extension on this database (yes/no)
     citext: yes         # flag to install the citext extension on this database (yes/no)
     encoding: "UTF-8"   # override global {{ postgresql_encoding }} variable per database
+    state: "present"    # optional; one of 'present', 'absent', 'dump', 'restore'
     lc_collate: "en_GB.UTF-8"   # override global {{ postgresql_locale }} variable per database
     lc_ctype: "en_GB.UTF-8"     # override global {{ postgresql_ctype }} variable per database
 
@@ -93,7 +111,8 @@ postgresql_database_extensions:
 postgresql_users:
   - name: baz
     pass: pass
-    encrypted: yes  # if password should be encrypted, postgresql >= 10 does only accepts encrypted passwords, ansible module default
+    encrypted: yes  # if password should be encrypted, postgresql >= 10 does only accepts encrypted passwords
+    state: "present"    # optional; one of 'present', 'absent'
 
 # List of schemas to be created (optional)
 postgresql_database_schemas:

Vagrantfile

@@ -7,21 +7,24 @@ Vagrant.configure('2') do |config|
   config.ssh.insert_key = false
   config.ssh.private_key_path = '~/.vagrant.d/insecure_private_key'
 
-  config.vm.define 'ubuntu16.local' do |machine|
-
-    machine.vm.box = "bento/ubuntu-16.04"
-    machine.vm.network :private_network, ip: '192.168.88.10'
-    machine.vm.hostname = 'ubuntu16.local'
-
-    machine.vm.provision 'ansible' do |ansible|
-      ansible.playbook = 'tests/playbook.yml'
-      ansible.verbose = "vvv"
-      ansible.become = true
-      ansible.inventory_path = 'vagrant-inventory'
-      ansible.host_key_checking = false
-    end
-
-  end
+  #
+  # DISABLED
+  #
+  # config.vm.define 'ubuntu16.local' do |machine|
+  #
+  #   machine.vm.box = "bento/ubuntu-16.04"
+  #   machine.vm.network :private_network, ip: '192.168.88.10'
+  #   machine.vm.hostname = 'ubuntu16.local'
+  #
+  #   machine.vm.provision 'ansible' do |ansible|
+  #     ansible.playbook = 'tests/playbook.yml'
+  #     ansible.verbose = "vvv"
+  #     ansible.become = true
+  #     ansible.inventory_path = 'vagrant-inventory'
+  #     ansible.host_key_checking = false
+  #   end
+  #
+  # end
 
   config.vm.define 'jessie64.local' do |machine|
 
@@ -55,26 +58,10 @@ Vagrant.configure('2') do |config|
 
   end
 
-  config.vm.define 'centos6.local' do |machine|
-
-    machine.vm.box = "centos/6"
-    machine.vm.network :private_network, ip: '192.168.88.30'
-    machine.vm.hostname = 'centos6.local'
-
-    machine.vm.provision 'ansible' do |ansible|
-      ansible.playbook = 'tests/playbook.yml'
-      ansible.verbose = "vvv"
-      ansible.become = true
-      ansible.inventory_path = 'vagrant-inventory'
-      ansible.host_key_checking = false
-    end
-
-  end
-
   config.vm.define 'centos7.local' do |machine|
 
     machine.vm.box = "centos/7"
-    machine.vm.network :private_network, ip: '192.168.88.31'
+    machine.vm.network :private_network, ip: '192.168.88.30'
     machine.vm.hostname = 'centos7.local'
 
     machine.vm.provision 'ansible' do |ansible|
@@ -106,4 +93,4 @@ Vagrant.configure('2') do |config|
 ##
 ##  end
 
-end
+end

defaults/main.yml

@@ -140,7 +140,7 @@ postgresql_ssl_prefer_server_ciphers: on
 postgresql_ssl_ecdh_curve: "prime256v1"
 postgresql_ssl_min_protocol_version: "TLSv1"                        # (>= 12)
 postgresql_ssl_max_protocol_version: ""                             # (>= 12)
-postgresql_ssl_dh_params_file: ""                                   # (>= 10)  
+postgresql_ssl_dh_params_file: ""                                   # (>= 10)
 postgresql_ssl_passphrase_command: ""                               # (>= 11)
 postgresql_ssl_passphrase_command_supports_reload: off              # (>= 11)
 postgresql_ssl_renegotiation_limit: 512MB                           # amount of data between renegotiations
@@ -280,7 +280,6 @@ postgresql_commit_siblings:        5      # range 1-1000
 
 # - Checkpoints -
 
-postgresql_checkpoint_segments:          3     # (<= 9.4) in logfile segments, min 1, 16MB each
 postgresql_max_wal_size:                 1GB   # (>= 9.5)
 postgresql_min_wal_size:                 80MB  # (>= 9.5)
 postgresql_checkpoint_flush_after:       0     # (>= 9.6) 0 disables,
@@ -372,7 +371,7 @@ postgresql_wal_receiver_timeout: 60s
 # time to wait before retrying to retrieve WAL after a failed attempt
 postgresql_wal_retrieve_retry_interval: 5s # (>= 9.5)
 
-# - Subscribers - (>= 10) 
+# - Subscribers - (>= 10)
 
 # These settings are ignored on a publisher.
 

meta/main.yml

@@ -12,17 +12,18 @@ galaxy_info:
     versions:
     - jessie
     - stretch
-  - name: Ubuntu
-    versions:
-    - xenial
-    - bionic
+
   - name: EL
     versions:
     - 6
     - 7
 #
 # DISABLED
 #
+#  - name: Ubuntu
+#    versions:
+#    - xenial
+#    - bionic
 #  - name: Fedora
 #    versions:
 #    - 27
@@ -35,9 +36,9 @@ galaxy_info:
   - sql
   - postgis
   - debian
-  - ubuntu
   - centos
   - redhat
   - fedora
+  - ubuntu
 
 dependencies: []

tasks/databases.yml

@@ -14,7 +14,7 @@
     lc_ctype: "{{ item.lc_ctype | default(postgresql_ctype) }}"
     port: "{{postgresql_port}}"
     template: "template0"
-    state: present
+    state: "{{ item.state | default('present') }}"
     login_user: "{{postgresql_admin_user}}"
   become: yes
   become_user: "{{postgresql_admin_user}}"

tasks/users.yml

@@ -11,7 +11,7 @@
     password: "{{ item.pass | default(omit) }}"
     encrypted: "{{ item.encrypted | default(omit) }}"
     port: "{{postgresql_port}}"
-    state: present
+    state: "{{ item.state | default('present') }}"
     login_user: "{{postgresql_admin_user}}"
   no_log: true
   become: yes

templates/postgresql.conf-10.j2

@@ -87,7 +87,7 @@ ssl_cert_file = '{{postgresql_ssl_cert_file}}'		# (change requires restart)
 ssl_key_file = '{{postgresql_ssl_key_file}}'		# (change requires restart)
 ssl_ca_file = '{{postgresql_ssl_ca_file}}'			# (change requires restart)
 ssl_crl_file = '{{postgresql_ssl_crl_file}}'			# (change requires restart)
-password_encryption = {{ postgresql_password_encryption }}     # md5 or scram-sha-256
+password_encryption = {{postgresql_password_encryption}}     # md5 or scram-sha-256
 db_user_namespace = {{'on' if postgresql_db_user_namespace else 'off'}}
 row_security = {{'on' if postgresql_row_security else 'off'}}
 

templates/postgresql.conf-11.j2

@@ -87,7 +87,7 @@ tcp_keepalives_count = {{ postgresql_tcp_keepalives_count }}		# TCP_KEEPCNT;
 # - Authentication -
 
 authentication_timeout = {{ postgresql_authentication_timeout }}		# 1s-600s
-password_encryption = {{ postgresql_password_encryption }}		# md5 or scram-sha-256
+password_encryption = {{ postgresql_password_encryption }}     # md5 or scram-sha-256
 db_user_namespace = {{ 'on' if postgresql_db_user_namespace else 'off' }}
 
 # GSSAPI using Kerberos
@@ -169,7 +169,7 @@ effective_io_concurrency = {{ postgresql_effective_io_concurrency }}		# 1-1000;
 max_worker_processes = {{ postgresql_max_worker_processes }}		# (change requires restart)
 max_parallel_maintenance_workers = {{ postgresql_max_parallel_maintenance_workers }}	# taken from max_parallel_workers
 max_parallel_workers_per_gather = {{ postgresql_max_parallel_workers_per_gather }}	# taken from max_parallel_workers
-parallel_leader_participation = {{ 'on' if postgresql_parallel_leader_participation else 'off' }} 
+parallel_leader_participation = {{ 'on' if postgresql_parallel_leader_participation else 'off' }}
 max_parallel_workers = {{ postgresql_max_parallel_workers }}		# maximum number of max_worker_processes that
 					# can be used in parallel operations
 old_snapshot_threshold = {{ postgresql_old_snapshot_threshold }}		# 1min-60d; -1 disables; 0 is immediate
@@ -350,7 +350,7 @@ geqo_seed = {{ postgresql_geqo_seed }}			# range 0.0-1.0
 default_statistics_target = {{ postgresql_default_statistics_target }}	# range 1-10000
 constraint_exclusion = {{ postgresql_constraint_exclusion }}	# on, off, or partition
 cursor_tuple_fraction = {{ postgresql_cursor_tuple_fraction }}		# range 0.0-1.0
-from_collapse_limit = {{ postgresql_from_collapse_limit }} 
+from_collapse_limit = {{ postgresql_from_collapse_limit }}
 join_collapse_limit = {{ postgresql_join_collapse_limit }}		# 1 disables collapsing of explicit
 					# JOIN clauses
 force_parallel_mode = {{ 'on' if ( postgresql_force_parallel_mode | bool == true or postgresql_force_parallel_mode == 'on' ) else ( 'regress' if postgresql_force_parallel_mode == 'regress' else 'off' ) }}

templates/postgresql.conf-12.j2

@@ -89,7 +89,7 @@ tcp_user_timeout = {{ postgresql_tcp_user_timeout }}                   # TCP_USE
 # - Authentication -
 
 authentication_timeout = {{ postgresql_authentication_timeout }}		# 1s-600s
-password_encryption = {{ postgresql_password_encryption }}		# md5 or scram-sha-256
+password_encryption = {{ postgresql_password_encryption }}     # md5 or scram-sha-256
 db_user_namespace = {{ 'on' if postgresql_db_user_namespace else 'off' }}
 
 # GSSAPI using Kerberos
@@ -178,7 +178,7 @@ effective_io_concurrency = {{ postgresql_effective_io_concurrency }}		# 1-1000;
 max_worker_processes = {{ postgresql_max_worker_processes }}		# (change requires restart)
 max_parallel_maintenance_workers = {{ postgresql_max_parallel_maintenance_workers }}	# taken from max_parallel_workers
 max_parallel_workers_per_gather = {{ postgresql_max_parallel_workers_per_gather }}	# taken from max_parallel_workers
-parallel_leader_participation = {{ 'on' if postgresql_parallel_leader_participation else 'off' }} 
+parallel_leader_participation = {{ 'on' if postgresql_parallel_leader_participation else 'off' }}
 max_parallel_workers = {{ postgresql_max_parallel_workers }}		# maximum number of max_worker_processes that
 					# can be used in parallel operations
 old_snapshot_threshold = {{ postgresql_old_snapshot_threshold }}		# 1min-60d; -1 disables; 0 is immediate
@@ -403,7 +403,7 @@ geqo_seed = {{ postgresql_geqo_seed }}			# range 0.0-1.0
 default_statistics_target = {{ postgresql_default_statistics_target }}	# range 1-10000
 constraint_exclusion = {{ postgresql_constraint_exclusion }}	# on, off, or partition
 cursor_tuple_fraction = {{ postgresql_cursor_tuple_fraction }}		# range 0.0-1.0
-from_collapse_limit = {{ postgresql_from_collapse_limit }} 
+from_collapse_limit = {{ postgresql_from_collapse_limit }}
 join_collapse_limit = {{ postgresql_join_collapse_limit }}		# 1 disables collapsing of explicit
 					# JOIN clauses
 force_parallel_mode = {{ 'on' if ( postgresql_force_parallel_mode | bool == true or postgresql_force_parallel_mode == 'on' ) else ( 'regress' if postgresql_force_parallel_mode == 'regress' else 'off' ) }}