hailin
/
chatai
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
chatai/postgres_15.8.1.044/ansible/tasks/internal/admin-api.yml

98 lines
2.4 KiB
YAML
Raw Blame History

- name: adminapi - system user
user:
name: adminapi
groups: root,admin,envoy,kong,pgbouncer,postgres,postgrest,systemd-journal,vector,wal-g
append: yes
- name: Move shell scripts to /root dir
copy:
src: "files/admin_api_scripts/{{ item.file }}"
dest: "/root/{{ item.file }}"
mode: "0700"
owner: root
loop:
- { file: "grow_fs.sh" }
- { file: "manage_readonly_mode.sh" }
- { file: "pg_egress_collect.pl" }
- name: give adminapi user permissions
copy:
src: files/adminapi.sudoers.conf
dest: /etc/sudoers.d/adminapi
mode: "0644"
- name: perms for adminapi
shell: |
chmod g+w /etc
- name: Setting arch (x86)
set_fact:
arch: "x86"
when: platform == "amd64"
- name: Setting arch (arm)
set_fact:
arch: "arm64"
when: platform == "arm64"
- name: Download adminapi archive
get_url:
url: "https://supabase-public-artifacts-bucket.s3.amazonaws.com/supabase-admin-api/v{{ adminapi_release }}/supabase-admin-api_{{ adminapi_release }}_linux_{{ arch }}.tar.gz"
dest: "/tmp/adminapi.tar.gz"
timeout: 90
- name: adminapi - unpack archive in /opt
unarchive:
remote_src: yes
src: /tmp/adminapi.tar.gz
dest: /opt
owner: adminapi
- name: adminapi - config dir
file:
path: /etc/adminapi
owner: adminapi
state: directory
- name: adminapi - pg_upgrade scripts dir
file:
path: /etc/adminapi/pg_upgrade_scripts
owner: adminapi
state: directory
- name: Move shell scripts to /etc/adminapi/pg_upgrade_scripts/
copy:
src: "files/admin_api_scripts/pg_upgrade_scripts/{{ item.file }}"
dest: "/etc/adminapi/pg_upgrade_scripts/{{ item.file }}"
mode: "0755"
owner: adminapi
loop:
- { file: "check.sh" }
- { file: "complete.sh" }
- { file: "initiate.sh" }
- { file: "prepare.sh" }
- { file: "pgsodium_getkey.sh" }
- { file: "common.sh" }
- name: adminapi - create service file
template:
src: files/adminapi.service.j2
dest: /etc/systemd/system/adminapi.service
- name: adminapi - create service file for commence backup process
template:
src: files/commence-backup.service.j2
dest: /etc/systemd/system/commence-backup.service
- name: UFW - Allow connections to adminapi ports
ufw:
rule: allow
port: "8085"
- name: adminapi - reload systemd
systemd:
daemon_reload: yes
- name: adminapi - grant extra priviliges to user
shell: chmod 775 /etc && chmod 775 /etc/kong
Reference in New Issue View Git Blame Copy Permalink