From 5ce420045449dfd6d299f0c58f035da2ed6195a0 Mon Sep 17 00:00:00 2001
From: Douglas J Hunley <doug.hunley@gmail.com>
Date: Fri, 10 Oct 2025 09:42:20 -0400
Subject: [PATCH 1/4] refactor(ansible): bring our ansible up to modern
 ansible-lint standards

---
 ansible/tasks/setup-pgbouncer.yml | 187 +++++++++++++++---------------
 1 file changed, 94 insertions(+), 93 deletions(-)

diff --git a/ansible/tasks/setup-pgbouncer.yml b/ansible/tasks/setup-pgbouncer.yml
index 4381ba24d..5432c616d 100644
--- a/ansible/tasks/setup-pgbouncer.yml
+++ b/ansible/tasks/setup-pgbouncer.yml
@@ -1,135 +1,136 @@
 # PgBouncer
 - name: PgBouncer - download & install dependencies
-  apt:
+  ansible.builtin.apt:
     pkg:
       - build-essential
-      - libssl-dev
-      - pkg-config
       - libevent-dev
+      - libssl-dev
       - libsystemd-dev
-    update_cache: yes
+      - pkg-config
+    update_cache: true
     cache_valid_time: 3600
 
 - name: PgBouncer - download latest release
-  get_url:
-    url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
-    dest: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
+  ansible.builtin.get_url:
     checksum: "{{ pgbouncer_release_checksum }}"
+    dest: "/tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz"
     timeout: 60
+    url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
 
 - name: PgBouncer - unpack archive
-  unarchive:
-    remote_src: yes
-    src: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
-    dest: /tmp
-  become: yes
+  ansible.builtin.unarchive:
+    dest: '/tmp'
+    remote_src: true
+    src: "/tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz"
+  become: true
 
 - name: PgBouncer - configure
-  shell:
-    cmd: "./configure --prefix=/usr/local --with-systemd"
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - build
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - install
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-    target: install
-  become: yes
+  ansible.builtin.command:
+    cmd: './configure --prefix=/usr/local --with-systemd'
+  args:
+    chdir: "/tmp/pgbouncer-{{ pgbouncer_release }}"
+  become: true
+
+- name: PgBouncer - build and install
+  community.general.make:
+    chdir: "/tmp/pgbouncer-{{ pgbouncer_release }}"
+    target: "{{ pgbouncer_mak_item }}"
+  become: true
+  loop:
+    - 'all'
+    - 'install'
 
 - name: Create pgbouncer user
-  user:
-    name: pgbouncer
-    shell: /bin/false
-    comment: PgBouncer user
-    groups: postgres,ssl-cert
+  ansible.builtin.user:
+    comment: 'PgBouncer user'
+    groups: 'postgres,ssl-cert'
+    name: 'pgbouncer'
+    shell: '/usr/sbin/nolign'
+    state: 'present'
 
 - name: PgBouncer - create a directory if it does not exist
-  file:
-    path: /etc/pgbouncer
-    state: directory
-    owner: pgbouncer
-    group: pgbouncer
-    mode: '0700'
-
-- name: PgBouncer - create a directory if it does not exist
-  file:
-    state: directory
-    owner: pgbouncer
-    group: pgbouncer
-    path: '{{ item }}'
-    mode: '0775'
-  with_items:
-    - '/etc/pgbouncer-custom'
-
-- name: create placeholder config files
-  file:
-    path: '/etc/pgbouncer-custom/{{ item }}'
-    state: touch
-    owner: pgbouncer
-    group: pgbouncer
-    mode: 0664
+  ansible.builtin,file:
+    group: 'pgbouncer'
+    mode: "{{ pgbouncer_dir_item['mode'] }}"
+    owner: 'pgbouncer'
+    path: "{{ pgbouncer_dir_item['dir'] }}"
+    state: 'directory'
+  loop:
+    - "{ mode: '0700', dir: '/etc/pgbouncer'}"
+    - "{ mode: '0775', dir: '/etc/pgbouncer-custom'}"
+  loop_control:
+    loop_var: 'pgbouncer_dir_item'
+
+- name: create PgBouncer placeholder config files
+  ansible.builtin.file:
+    group: 'pgbouncer'
+    mode: '0664'
+    owner: 'pgbouncer'
+    path: "/etc/pgbouncer-custom/{{ pgbouncer_config_item }}"
+    state: 'touch'
+  loop_control:
+    loop_var: 'pgbouncer_config_item'
   with_items:
-    - 'generated-optimizations.ini'
     - 'custom-overrides.ini'
+    - 'generated-optimizations.ini'
     - 'ssl-config.ini'
 
 - name: PgBouncer - adjust pgbouncer.ini
-  copy:
-    src: files/pgbouncer_config/pgbouncer.ini.j2
-    dest: /etc/pgbouncer/pgbouncer.ini
-    owner: pgbouncer
+  ansible.builtin.copy:
+    dest: '/etc/pgbouncer/pgbouncer.ini'
     mode: '0700'
+    owner: 'pgbouncer'
+    src: 'files/pgbouncer_config/pgbouncer.ini.j2'
 
-- name: PgBouncer - create a directory if it does not exist
-  file:
-    path: /etc/pgbouncer/userlist.txt
-    state: touch
-    owner: pgbouncer
+- name: PgBouncer - create a userlist file if it does not exist
+  ansible.builtin.file:
     mode: '0700'
+    owner: 'pgbouncer'
+    path: '/etc/pgbouncer/userlist.txt'
+    state: 'touch'
       
 - name: import /etc/tmpfiles.d/pgbouncer.conf
-  template:
-    src: files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2
-    dest: /etc/tmpfiles.d/pgbouncer.conf
-  become: yes
+  ansible.builtin.template:
+    dest: '/etc/tmpfiles.d/pgbouncer.conf'
+    src: 'files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2'
+  become: true
 
 - name: PgBouncer - By default allow ssl connections.
-  become: yes
-  copy:
-    dest: /etc/pgbouncer-custom/ssl-config.ini
-    content: |
-      client_tls_sslmode = allow
+  ansible.builtin.lineinfile:
+    line: 'client_tls_sslmode = allow'
+    path: '/etc/pgbouncer-custom/ssl-config.ini'
+  become: true
 
 - name: Grant pg_hba and pgbouncer grp perm for adminapi updates
-  shell: |
-     chmod g+w /etc/postgresql/pg_hba.conf
-     chmod g+w /etc/pgbouncer-custom/ssl-config.ini
+  ansible.builtin.file:
+    mode: '0664'
+    path: "{{ pgbouncer_group_item }}"
+  loop:
+    - /etc/pgbouncer-custom/ssl-config.ini
+    - /etc/postgresql/pg_hba.conf
+  loop_control:
+    loop_var: 'pgbouncer_group_item'
 
 # Add fail2ban filter
 - name: import jail.d/pgbouncer.conf
-  template:
-    src: files/fail2ban_config/jail-pgbouncer.conf.j2
-    dest: /etc/fail2ban/jail.d/pgbouncer.conf
-  become: yes
+  ansible.builtin.template:
+    dest: '/etc/fail2ban/jail.d/pgbouncer.conf'
+    src: 'files/fail2ban_config/jail-pgbouncer.conf.j2'
+  become: true
 
 - name: import filter.d/pgbouncer.conf
-  template:
-    src: files/fail2ban_config/filter-pgbouncer.conf.j2
-    dest: /etc/fail2ban/filter.d/pgbouncer.conf
-  become: yes
+  ansible.builtin.template:
+    dest: '/etc/fail2ban/filter.d/pgbouncer.conf'
+    src: 'files/fail2ban_config/filter-pgbouncer.conf.j2'
+  become: true
 
 # Add systemd file for PgBouncer
-- name: PgBouncer - import postgresql.service
-  template:
-    src: files/pgbouncer_config/pgbouncer.service.j2
-    dest: /etc/systemd/system/pgbouncer.service
-  become: yes
+- name: PgBouncer - import pgbouncer.service
+  ansible.builtin.template:
+    dest: '/etc/systemd/system/pgbouncer.service'
+    src: 'files/pgbouncer_config/pgbouncer.service.j2'
+  become: true
 
 - name: PgBouncer - reload systemd
-  systemd:
-    daemon_reload: yes
+  ansible.builtin.systemd_service:
+    daemon_reload: true

From 541b909d43100190fabda8c17bfb00a4bd30c840 Mon Sep 17 00:00:00 2001
From: Douglas J Hunley <doug.hunley@gmail.com>
Date: Fri, 10 Oct 2025 11:06:01 -0400
Subject: [PATCH 2/4] fix(setup-pgbouncer): s/,/./

---
 ansible/tasks/setup-pgbouncer.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/tasks/setup-pgbouncer.yml b/ansible/tasks/setup-pgbouncer.yml
index 5432c616d..33f722c69 100644
--- a/ansible/tasks/setup-pgbouncer.yml
+++ b/ansible/tasks/setup-pgbouncer.yml
@@ -49,7 +49,7 @@
     state: 'present'
 
 - name: PgBouncer - create a directory if it does not exist
-  ansible.builtin,file:
+  ansible.builtin.file:
     group: 'pgbouncer'
     mode: "{{ pgbouncer_dir_item['mode'] }}"
     owner: 'pgbouncer'

From a0333c8900e8e18f33cd97e26a253b5e7c3d2fdf Mon Sep 17 00:00:00 2001
From: Douglas J Hunley <doug.hunley@gmail.com>
Date: Fri, 10 Oct 2025 11:30:12 -0400
Subject: [PATCH 3/4] fix(setup-pgbouncer): it helps to add
 loop_control/loop_var

---
 ansible/tasks/setup-pgbouncer.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ansible/tasks/setup-pgbouncer.yml b/ansible/tasks/setup-pgbouncer.yml
index 33f722c69..901e4734a 100644
--- a/ansible/tasks/setup-pgbouncer.yml
+++ b/ansible/tasks/setup-pgbouncer.yml
@@ -34,11 +34,13 @@
 - name: PgBouncer - build and install
   community.general.make:
     chdir: "/tmp/pgbouncer-{{ pgbouncer_release }}"
-    target: "{{ pgbouncer_mak_item }}"
+    target: "{{ pgbouncer_make_item }}"
   become: true
   loop:
     - 'all'
     - 'install'
+  loop_control:
+    loop_var: 'pgbouncer_make_item'
 
 - name: Create pgbouncer user
   ansible.builtin.user:

From 47ab241b10c38ef08985d713da4ca98df98fa598 Mon Sep 17 00:00:00 2001
From: Douglas J Hunley <doug.hunley@gmail.com>
Date: Fri, 10 Oct 2025 12:04:10 -0400
Subject: [PATCH 4/4] fix(setup-pgbouncer): use with_items instead of loop

---
 ansible/tasks/setup-pgbouncer.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ansible/tasks/setup-pgbouncer.yml b/ansible/tasks/setup-pgbouncer.yml
index 901e4734a..1315a40c8 100644
--- a/ansible/tasks/setup-pgbouncer.yml
+++ b/ansible/tasks/setup-pgbouncer.yml
@@ -50,18 +50,18 @@
     shell: '/usr/sbin/nolign'
     state: 'present'
 
-- name: PgBouncer - create a directory if it does not exist
+- name: Create PgBouncer directories if they does not exist
   ansible.builtin.file:
     group: 'pgbouncer'
     mode: "{{ pgbouncer_dir_item['mode'] }}"
     owner: 'pgbouncer'
     path: "{{ pgbouncer_dir_item['dir'] }}"
     state: 'directory'
-  loop:
-    - "{ mode: '0700', dir: '/etc/pgbouncer'}"
-    - "{ mode: '0775', dir: '/etc/pgbouncer-custom'}"
   loop_control:
     loop_var: 'pgbouncer_dir_item'
+  with_items:
+    - "{ mode: '0700', dir: '/etc/pgbouncer' }"
+    - "{ mode: '0775', dir: '/etc/pgbouncer-custom' }"
 
 - name: create PgBouncer placeholder config files
   ansible.builtin.file: