Skip to content

refactor(ansible): bring our ansible up to modern ansible-lint standards #1809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Sep 30, 2025
Merged

refactor(ansible): bring our ansible up to modern ansible-lint standards #1809

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
07840c4
refactor(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Sep 25, 2025
89b311f
Merge branch 'develop' of github.com:supabase/postgres into ansible_c…
hunleyd Sep 25, 2025
61ba084
refactor(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Sep 26, 2025
991fed4
refactor(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Sep 26, 2025
812adc5
feat(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Sep 26, 2025
cfcca4a
fix(finalize-ami.yml): Need to split the ufw tasks back up since they…
hunleyd Sep 26, 2025
d884562
revert(setup-system.yml): revert to upstream in this PR
hunleyd Sep 26, 2025
bfb0a5d
fix(finalize-ami.yml): noextraspaces -> no_extra_spaces
hunleyd Sep 26, 2025
74048b1
Merge branch 'develop' of github.com:supabase/postgres into ansible_c…
hunleyd Sep 26, 2025
7371852
refactor(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Sep 26, 2025
0e1588e
refactor(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Sep 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 21 additions & 24 deletions ansible/tasks/fix-ipv6-ndisc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,30 @@
---
- name: fix Network - systemd timer file
copy:
dest: /etc/systemd/system/systemd-networkd-check-and-fix.timer
src: "files/systemd-networkd/systemd-networkd-check-and-fix.timer"
owner: root
group: root
mode: 0644

- name: fix Network - systemd service file
copy:
dest: /etc/systemd/system/systemd-networkd-check-and-fix.service
src: "files/systemd-networkd/systemd-networkd-check-and-fix.service"
owner: root
group: root
mode: 0644
- name: fix Network - systemd timer and service file
ansible.builtin.copy:
dest: "/etc/systemd/system/systemd-networkd-check-and-fix.{{ network_item }}"
group: 'root'
mode: '0644'
owner: 'root'
src: "files/systemd-networkd/systemd-networkd-check-and-fix.{{ network_item }}"
loop:
- service
- timer
loop_control:
loop_var: 'network_item'

- name: fix Network - detect script
copy:
dest: /usr/local/bin/systemd-networkd-check-and-fix.sh
src: "files/systemd-networkd/systemd-networkd-check-and-fix.sh"
owner: root
group: root
mode: 0700
ansible.builtin.copy:
dest: '/usr/local/bin/systemd-networkd-check-and-fix.sh'
src: 'files/systemd-networkd/systemd-networkd-check-and-fix.sh'
owner: 'root'
group: 'root'
mode: '0700'

- name: fix Network - reload systemd
systemd:
ansible.builtin.systemd_service:
daemon_reload: false

- name: fix Network - ensure systemd timer is installed but disabled
systemd:
name: systemd-networkd-check-and-fix.timer
ansible.builtin.systemd_service:
name: 'systemd-networkd-check-and-fix.timer'
enabled: false
147 changes: 77 additions & 70 deletions ansible/tasks/setup-docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,80 +1,87 @@
- name: Copy extension packages
copy:
src: files/extensions/
dest: /tmp/extensions/
when: debpkg_mode
- name: debpkg_mode actions
when:
- debpkg_mode
block:
- name: Copy extension packages
ansible.builtin.copy:
dest: '/tmp/extensions/'
src: 'files/extensions/'

# Builtin apt module does not support wildcard for deb paths
- name: Install extensions
shell: |
set -e
apt-get update
apt-get install -y --no-install-recommends /tmp/extensions/*.deb
when: debpkg_mode
- name: Install extensions
ansible.builtin.apt:
deb: "{{ deb_item }}"
force_apt_get: true
install_recommends: false
state: 'present'
update_cache: true
loop_control:
loop_var: 'deb_item'
with_fileglob:
- '/tmp/extensions/*.deb'

- name: pgsodium - determine postgres bin directory
shell: pg_config --bindir
register: pg_bindir_output
when: debpkg_mode

- set_fact:
pg_bindir: "{{ pg_bindir_output.stdout }}"
when: debpkg_mode
- name: pgsodium - determine PostgreSQL bin directory
ansible.builtin.command:
cmd: pg_config --bindir
changed_when: false
register: 'pg_bindir_output'

- name: store the PostgreSQL bin dir as a fact
ansible.builtin.set_fact:
pg_bindir: "{{ pg_bindir_output['stdout'] }}"

- name: pgsodium - set pgsodium.getkey_script
become: yes
lineinfile:
path: /etc/postgresql/postgresql.conf
state: present
# script is expected to be placed by finalization tasks for different target platforms
line: pgsodium.getkey_script= '{{ pg_bindir }}/pgsodium_getkey.sh'
when: debpkg_mode
- name: pgsodium - set pgsodium.getkey_script
ansible.builtin.lineinfile:
path: '/etc/postgresql/postgresql.conf'
# script is expected to be placed by finalization tasks for different target platforms
line: pgsodium.getkey_script= '{{ pg_bindir }}/pgsodium_getkey.sh'
state: 'present'
become: true

# supautils
- name: supautils - add supautils to session_preload_libraries
become: yes
replace:
path: /etc/postgresql/postgresql.conf
regexp: "#session_preload_libraries = ''"
replace: session_preload_libraries = 'supautils'
when: debpkg_mode or stage2_nix
- name: debpkg_mode or stage2_nix actions
when:
- (debpkg_mode or stage2_nix)
block:
# supautils
- name: supautils - add supautils to session_preload_libraries
ansible.builtin.replace:
path: '/etc/postgresql/postgresql.conf'
regexp: "#session_preload_libraries = ''"
replace: "session_preload_libraries = 'supautils'"
become: true

- name: supautils - write custom supautils.conf
template:
src: "files/postgresql_config/supautils.conf.j2"
dest: /etc/postgresql-custom/supautils.conf
mode: 0664
owner: postgres
group: postgres
when: debpkg_mode or stage2_nix
- name: supautils - write custom supautils.conf
ansible.builtin.template:
dest: '/etc/postgresql-custom/supautils.conf'
mode: '0664'
group: 'postgres'
owner: 'postgres'
src: 'files/postgresql_config/supautils.conf.j2'

- name: supautils - copy extension custom scripts
copy:
src: files/postgresql_extension_custom_scripts/
dest: /etc/postgresql-custom/extension-custom-scripts
become: yes
when: debpkg_mode or stage2_nix
- name: supautils - copy extension custom scripts
ansible.builtin.copy:
dest: '/etc/postgresql-custom/extension-custom-scripts'
src: 'files/postgresql_extension_custom_scripts/'
become: true

- name: supautils - chown extension custom scripts
file:
mode: 0775
owner: postgres
group: postgres
path: /etc/postgresql-custom/extension-custom-scripts
recurse: yes
become: yes
when: debpkg_mode or stage2_nix
- name: supautils - chown extension custom scripts
ansible.builtin.file:
group: 'postgres'
mode: '0775'
owner: 'postgres'
path: '/etc/postgresql-custom/extension-custom-scripts'
recurse: true
become: true

- name: supautils - include /etc/postgresql-custom/supautils.conf in postgresql.conf
become: yes
replace:
path: /etc/postgresql/postgresql.conf
regexp: "#include = '/etc/postgresql-custom/supautils.conf'"
replace: "include = '/etc/postgresql-custom/supautils.conf'"
when: debpkg_mode or stage2_nix
- name: supautils - include /etc/postgresql-custom/supautils.conf in postgresql.conf
ansible.builtin.replace:
path: '/etc/postgresql/postgresql.conf'
regexp: "#include = '/etc/postgresql-custom/supautils.conf'"
replace: "include = '/etc/postgresql-custom/supautils.conf'"
become: true

- name: Cleanup - extension packages
file:
path: /tmp/extensions
state: absent
when: debpkg_mode
ansible.builtin.file:
path: '/tmp/extensions'
state: 'absent'
when:
- debpkg_mode