add support pgbackrest

For bootstrap a patroni cluster and create replicas from backups.

Author: vitabaks

add_pgnode.yml

@@ -11,8 +11,6 @@
     - vars/main.yml
     - vars/system.yml
     - "vars/{{ ansible_os_family }}.yml"
-  vars:
-    existing_pgcluster: true
 
   pre_tasks:
     - name: Checking Linux distribution
@@ -76,6 +74,31 @@
     - role: ntp
     - role: ssh-keys
 
+- hosts: pgbackrest:postgres_cluster
+  become: true
+  become_method: sudo
+  gather_facts: true
+  any_errors_fatal: true
+  vars_files:
+    - vars/main.yml
+    - "vars/{{ ansible_os_family }}.yml"
+  roles:
+    - role: pgbackrest
+      when: pgbackrest_install|bool
+
+- hosts: replica
+  become: true
+  become_method: sudo
+  gather_facts: true
+  any_errors_fatal: true
+  vars_files:
+    - vars/main.yml
+    - vars/system.yml
+    - "vars/{{ ansible_os_family }}.yml"
+  vars:
+    existing_pgcluster: true
+
+  roles:
     - role: wal-g
       when: wal_g_install|bool
 

deploy_pgcluster.yml

@@ -89,6 +89,29 @@
     - role: ntp
     - role: ssh-keys
 
+- hosts: pgbackrest:postgres_cluster
+  become: true
+  become_method: sudo
+  gather_facts: true
+  any_errors_fatal: true
+  vars_files:
+    - vars/main.yml
+    - "vars/{{ ansible_os_family }}.yml"
+  roles:
+    - role: pgbackrest
+      when: pgbackrest_install|bool
+
+- hosts: postgres_cluster
+  become: true
+  become_method: sudo
+  gather_facts: true
+  any_errors_fatal: true
+  vars_files:
+    - vars/main.yml
+    - vars/system.yml
+    - "vars/{{ ansible_os_family }}.yml"
+
+  roles:
     - role: wal-g
       when: wal_g_install|bool
 

inventory

@@ -36,12 +36,20 @@ replica
 # You can deploy the etcd cluster and the haproxy balancers on other dedicated servers. 
 
 
+# if pgbackrest_install: true and "repo_host" is set (in vars/main.yml)
+[pgbackrest]  # optional (Dedicated Repository Host)
+
+
 # Connection settings
 [all:vars]
 ansible_connection='ssh'
 ansible_ssh_port='22'
 ansible_user='root'
-ansible_ssh_pass='testpas'  # "sshpass" package is required for use "ansible_ssh_pass"
-#ansible_ssh_private_key_file=
+ansible_ssh_pass='secretpassword'  # "sshpass" package is required for use "ansible_ssh_pass"
+# ansible_ssh_private_key_file=
 # ansible_python_interpreter='/usr/bin/python3'  # is required for use python3
 
+[pgbackrest:vars]
+ansible_user='postgres'
+ansible_ssh_pass='secretpassword'
+

roles/patroni/tasks/main.yml

@@ -544,8 +544,8 @@
       command: "{{ postgresql_bin_dir }}/pg_isready -p {{ postgresql_port }}"
       register: pg_isready_result
       until: pg_isready_result.rc == 0
-      retries: 30
-      delay: 10
+      retries: 1000
+      delay: 30
       changed_when: false
   when: is_master == "true"
   tags: patroni, patroni_start_master
@@ -563,6 +563,8 @@
       become: true
       become_user: postgres
       command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -c 'SELECT pg_reload_conf()'"
+      register: psql_reload_result
+      changed_when: psql_reload_result.rc == 0
       failed_when: false  # exec pg_reload_conf on all running postgres (to re-run with --tag pg_hba).
   when: existing_pgcluster is not defined or not existing_pgcluster|bool
   tags: patroni, pg_hba, pg_hba_generate

roles/patroni/templates/patroni.yml.j2

@@ -33,6 +33,11 @@ bootstrap:
        recovery_target_action: promote
        recovery_target_timeline: latest
        restore_command: wal-g wal-fetch %f %p
+{% endif %}
+{% if patroni_cluster_bootstrap_method == 'pgbackrest' %}
+  pgbackrest:
+    command: /etc/patroni/pgbackrest_bootstrap.sh
+    keep_existing_recovery_conf: True
 {% endif %}
   dcs:
     ttl: {{ patroni_ttl |d(30, true) |int }}

roles/pgbackrest/tasks/main.yml

@@ -0,0 +1,106 @@
+---
+# yamllint disable rule:line-length
+
+- block:  # Debian pgdg repo
+    - name: Make sure pgdg apt key is installed
+      apt_key:
+        id: ACCC4CF8
+        url: http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc
+
+    - name: Make sure pgdg repository is installed
+      apt_repository:
+        repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
+
+    - name: Update apt cache
+      apt:
+        update_cache: true
+  environment: "{{ proxy_env | default({}) }}"
+  when:
+    - installation_method == "repo"
+    - ansible_os_family == "Debian"
+    - pgbackrest_install_from_pgdg_repo|bool
+  tags: pgbackrest, pgbackrest_repo, pgbackrest_install
+
+- block:  # RedHat pgdg repo
+    - name: Get pgdg-redhat-repo-latest.noarch.rpm
+      get_url:
+        url: "https://download.postgresql.org/pub/repos/yum/reporpms/EL-{{ ansible_distribution_major_version }}-x86_64/pgdg-redhat-repo-latest.noarch.rpm"  # noqa 204
+        dest: /tmp/
+        timeout: 30
+        validate_certs: false
+
+    - name: Make sure pgdg repository is installed
+      package:
+        name: /tmp/pgdg-redhat-repo-latest.noarch.rpm
+        state: present
+
+    - name: Clean yum cache
+      command: yum clean all
+      args:
+        warn: false
+      when: ansible_distribution_major_version == '7'
+
+    - name: Clean dnf cache
+      command: dnf clean all
+      args:
+        warn: false
+      when: ansible_distribution_major_version is version('8', '>=')
+  environment: "{{ proxy_env | default({}) }}"
+  when:
+    - installation_method == "repo"
+    - ansible_os_family == "RedHat"
+    - pgbackrest_install_from_pgdg_repo|bool
+  tags: pgbackrest, pgbackrest_repo, pgbackrest_install
+
+- name: Install pgbackrest
+  package:
+    name: pgbackrest
+    state: latest
+  tags: pgbackrest, pgbackrest_install
+
+- block:
+    - name: Ensure config directory exist
+      file:
+        path: "{{ pgbackrest_conf_file | dirname }}"
+        state: directory
+
+    - name: "Generate conf file {{ pgbackrest_conf_file }}"
+      template:
+        src: pgbackrest.conf.j2
+        dest: "{{ pgbackrest_conf_file }}"
+        owner: root
+        group: root
+        mode: 0644
+  when: "'postgres_cluster' in group_names"
+  tags: pgbackrest, pgbackrest_conf
+
+# if pgbackrest_repo_type: "posix" and pgbackrest_repo_host is set
+- import_tasks: ssh_keys.yml
+  when:
+    - pgbackrest_repo_type|lower != "s3"
+    - pgbackrest_repo_host is defined
+    - pgbackrest_repo_host | length > 0
+  tags: pgbackrest, pgbackrest_ssh_keys
+
+- block:  # if patroni_cluster_bootstrap_method: "pgbackrest"
+    - name: Make sure the pgbackrest bootstrap script directory exist
+      file:
+        dest: /etc/patroni
+        state: directory
+        owner: postgres
+        group: postgres
+
+    - name: Create /etc/patroni/pgbackrest_bootstrap.sh script
+      template:
+        src: templates/pgbackrest_bootstrap.sh.j2
+        dest: /etc/patroni/pgbackrest_bootstrap.sh
+        owner: postgres
+        group: postgres
+        mode: 0775
+  when:
+    - patroni_cluster_bootstrap_method is defined
+    - patroni_cluster_bootstrap_method == "pgbackrest"
+    - "'postgres_cluster' in group_names"
+  tags: pgbackrest, pgbackrest_bootstrap_script
+
+...

roles/pgbackrest/tasks/ssh_keys.yml

@@ -0,0 +1,78 @@
+---
+# yamllint disable rule:line-length
+
+- name: ssh_keys | Ensure ssh key are created for "{{ pgbackrest_repo_user }}" user on pgbackrest server
+  user:
+    name: "{{ pgbackrest_repo_user }}"
+    generate_ssh_key: true
+    ssh_key_bits: 2048
+    ssh_key_file: .ssh/id_rsa
+  when: "'pgbackrest' in group_names"
+
+- name: ssh_keys | Ensure ssh key are created for "postgres" user on database servers
+  user:
+    name: "postgres"
+    generate_ssh_key: true
+    ssh_key_bits: 2048
+    ssh_key_file: .ssh/id_rsa
+  when: "'postgres_cluster' in group_names"
+
+- name: ssh_keys | Get public ssh key from pgbackrest server
+  slurp:
+    src: "~{{ pgbackrest_repo_user }}/.ssh/id_rsa.pub"
+  register: pgbackrest_sshkey
+  changed_when: false
+  when: "'pgbackrest' in group_names"
+
+- name: ssh_keys | Get public ssh key from database servers
+  slurp:
+    src: "~postgres/.ssh/id_rsa.pub"
+  register: postgres_cluster_sshkey
+  changed_when: false
+  when: "'postgres_cluster' in group_names"
+
+- name: ssh_keys | Add pgbackrest ssh key in "~postgres/.ssh/authorized_keys" on database servers
+  authorized_key:
+    user: postgres
+    state: present
+    key: "{{ hostvars[item].pgbackrest_sshkey['content'] | b64decode }}"
+  loop: "{{ groups['pgbackrest'] }}"
+  when: "'postgres_cluster' in group_names"
+
+- name: ssh_keys | Add database ssh keys in "~{{ pgbackrest_repo_user }}/.ssh/authorized_keys" on pgbackrest server
+  authorized_key:
+    user: "{{ pgbackrest_repo_user }}"
+    state: present
+    key: "{{ hostvars[item].postgres_cluster_sshkey['content'] | b64decode }}"
+  loop: "{{ groups['postgres_cluster'] }}"
+  when: "'pgbackrest' in group_names"
+
+- name: known_hosts | Get public ssh keys of hosts (ssh-keyscan)
+  command: "ssh-keyscan -trsa -p {{ ansible_ssh_port | default(22) }} {{ item }}"
+  loop: "{{ groups['all'] }}"
+  register: ssh_known_host_keyscan
+  changed_when: false
+
+- name: known_hosts | add ssh public keys in "~postgres/.ssh/known_hosts" on database servers
+  become: true
+  become_user: postgres
+  known_hosts:
+    host: "{{ item.item }}"
+    key: "{{ item.stdout }}"
+    path: "~postgres/.ssh/known_hosts"
+  no_log: true
+  loop: "{{ ssh_known_host_keyscan.results }}"
+  when: "'postgres_cluster' in group_names"
+
+- name: known_hosts | add ssh public keys in "~{{ pgbackrest_repo_user }}/.ssh/known_hosts" on pgbackrest server
+  become: true
+  become_user: "{{ pgbackrest_repo_user }}"
+  known_hosts:
+    host: "{{ item.item }}"
+    key: "{{ item.stdout }}"
+    path: "~{{ pgbackrest_repo_user }}/.ssh/known_hosts"
+  no_log: true
+  loop: "{{ ssh_known_host_keyscan.results }}"
+  when: "'pgbackrest' in group_names"
+
+...

roles/pgbackrest/templates/pgbackrest.conf.j2

@@ -0,0 +1,10 @@
+[global]
+{% for global in pgbackrest_conf.global %}
+{{ global.option }}={{ global.value }}
+{% endfor %}
+
+[{{ pgbackrest_stanza }}]
+{% for stanza in pgbackrest_conf.stanza %}
+{{ stanza.option }}={{ stanza.value }}
+{% endfor %}
+

roles/pgbackrest/templates/pgbackrest_bootstrap.sh.j2

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+{% raw %}
+while getopts ":-:" optchar; do
+  [[ "${optchar}" == "-" ]] || continue
+  case "${OPTARG}" in
+    datadir=* )
+        DATA_DIR=${OPTARG#*=}
+        ;;
+    scope=* )
+        SCOPE=${OPTARG#*=}
+        ;;
+  esac
+done
+{% endraw %}
+
+{{ pgbackrest_patroni_cluster_bootstrap_command }}
+

tags.md

@@ -78,3 +78,9 @@
 - wal_g
 - - wal_g_install
 - - wal_g_conf
+- pgbackrest
+- - pgbackrest_repo
+- - pgbackrest_install
+- - pgbackrest_conf
+- - pgbackrest_ssh_keys
+- - pgbackrest_bootstrap_script