Implement the ability to deploy of cluster components on different servers.

By default, all cluster components will be deployed to PostgreSQL servers. But, you may need to distribute the cluster components (ex. etcd cluster nodes) to different servers.

Now you can deploy the etcd cluster and the haproxy balancers to other dedicated servers.

Author: vitabaks

README.md

@@ -176,7 +176,7 @@ See the vars/[main.yml](./vars/main.yml), [system.yml](./vars/system.yml) and ([
 After you successfully deployed your PostgreSQL HA cluster, you may need to scale it further. \
 Use the `add_pgnode.yml` playbook for this.
 
-> :grey_exclamation: This playbook does not scaling the etcd cluster.
+> :grey_exclamation: This playbook does not scaling the etcd cluster and haproxy balancers.
 
 During the run this playbook, the new nodes will be prepared in the same way as when first deployment the cluster. But unlike the initial deployment, all the necessary **configuration files will be copied from the master server**.
 

add_pgnode.yml

@@ -13,44 +13,71 @@
   vars:
     existing_pgcluster: true
 
-
   pre_tasks:
     - import_tasks: tasks/check_system.yml
 
-    - import_tasks: tasks/add-repository.yml
-      tags: [ add_repo ]
+    - import_tasks: tasks/hostname.yml
+      when: hostname is defined and hostname | length > 0
+      tags: hostname
 
-    - import_tasks: tasks/packages.yml
-      tags: [ install_packages ]
+    - name: Make sure the gnupg package is present
+      apt:
+        name: gnupg
+        state: present
+        update_cache: yes
+      environment: '{{ proxy_env | default({}) }}'
+      when: ansible_os_family == "Debian" and installation_method == "repo"
+      tags: [ add_repo, install_packages, install_postgres ]
 
-    - import_tasks: tasks/sudo.yml
-      tags: [ sudo, postgres_sudo ]
+    - name: Firewall | build a firewall_ports_dynamic_var
+      set_fact:
+        firewall_ports_dynamic_var: "{{ firewall_ports_dynamic_var |default([]) }} + {{ firewall_allowed_tcp_ports_for[item] }}"
+      loop: '{{ hostvars[inventory_hostname].group_names }}'
+      when: firewall_enabled_at_boot|bool
+      tags: firewall
+
+    - name: Firewall | build a firewall_rules_dynamic_var
+      set_fact:
+        firewall_rules_dynamic_var: "{{ firewall_rules_dynamic_var |default([]) }} + {{ firewall_additional_rules_for[item] }}"
+      loop: '{{ hostvars[inventory_hostname].group_names }}'
+      when: firewall_enabled_at_boot|bool
+      tags: firewall
 
   roles:
     - role: ansible-role-firewall
+      environment: '{{ proxy_env | default({}) }}'
+      vars:
+        firewall_allowed_tcp_ports: '{{ firewall_ports_dynamic_var | unique }}'
+        firewall_additional_rules: '{{ firewall_rules_dynamic_var | unique }}'
+      when: firewall_enabled_at_boot|bool
       tags: firewall
 
   tasks:
     - meta: flush_handlers
 
+    - import_tasks: tasks/add-repository.yml
+      tags: [ add_repo ]
+
+    - import_tasks: tasks/packages.yml
+      tags: [ install_packages ]
+
+    - import_tasks: tasks/sudo.yml
+      tags: [ sudo, postgres_sudo ]
+
     - import_tasks: tasks/configure.yml
       tags: configure
 
-    - import_tasks: tasks/patroni.yml
-      tags: patroni
-
     - import_tasks: tasks/pgbouncer.yml
       when: install_pgbouncer == "true"
       tags: pgbouncer
 
-    - import_tasks: tasks/haproxy.yml
-      when: with_haproxy_load_balancing == "true"
-      tags: load_balancing
-
     - import_tasks: tasks/vip-manager.yml
       when: with_haproxy_load_balancing != "true"
       tags: [ vip, vip_manager ]
 
+    - import_tasks: tasks/patroni.yml
+      tags: patroni
+
     # finish (info)
     - import_tasks: tasks/deploy_finish.yml
       tags: [ cluster_info, cluster_status ]

deploy_pgcluster.yml

@@ -1,58 +1,138 @@
 ---
 
-- name: Deploy PostgreSQL High-Availability Cluster (based on "Patroni" and "DCS(etcd)")
-  hosts: postgres_cluster
+- name: Deploy PostgreSQL High-Availability Cluster (based on "Patroni" and "DCS({{ dcs_type }})")
+  hosts: postgres_cluster:etcd_cluster:balancers
   become: true
   become_method: sudo
-  any_errors_fatal: true
   gather_facts: true
+  any_errors_fatal: true
   vars_files:
     - vars/main.yml
     - vars/system.yml
     - "vars/{{ ansible_os_family }}.yml"
 
-
   pre_tasks:
     - import_tasks: tasks/check_system.yml
 
-    - import_tasks: tasks/add-repository.yml
-      tags: [ add_repo ]
-
-    - import_tasks: tasks/packages.yml
-      tags: [ install_packages ]
+    - import_tasks: tasks/hostname.yml
+      when: hostname is defined and hostname | length > 0
+      tags: hostname
+
+    - name: Make sure the gnupg package is present
+      apt:
+        name: gnupg
+        state: present
+        update_cache: yes
+      environment: '{{ proxy_env | default({}) }}'
+      when: ansible_os_family == "Debian" and installation_method == "repo"
+      tags: [ add_repo, install_packages, install_postgres ]
+
+    - name: Firewall | build a firewall_ports_dynamic_var
+      set_fact:
+        firewall_ports_dynamic_var: "{{ firewall_ports_dynamic_var |default([]) }} + {{ firewall_allowed_tcp_ports_for[item] }}"
+      loop: '{{ hostvars[inventory_hostname].group_names }}'
+      when: firewall_enabled_at_boot|bool
+      tags: firewall
 
-    - import_tasks: tasks/sudo.yml
-      tags: [ sudo, postgres_sudo ]
+    - name: Firewall | build a firewall_rules_dynamic_var
+      set_fact:
+        firewall_rules_dynamic_var: "{{ firewall_rules_dynamic_var |default([]) }} + {{ firewall_additional_rules_for[item] }}"
+      loop: '{{ hostvars[inventory_hostname].group_names }}'
+      when: firewall_enabled_at_boot|bool
+      tags: firewall
 
   roles:
     - role: ansible-role-firewall
+      environment: '{{ proxy_env | default({}) }}'
+      vars:
+        firewall_allowed_tcp_ports: '{{ firewall_ports_dynamic_var | unique }}'
+        firewall_additional_rules: '{{ firewall_rules_dynamic_var | unique }}'
+      when: firewall_enabled_at_boot|bool
       tags: firewall
 
+
+- hosts: etcd_cluster
+  become: true
+  become_method: sudo
+  any_errors_fatal: true
+  gather_facts: true
+  vars_files:
+    - vars/main.yml
+    - vars/system.yml
+    - "vars/{{ ansible_os_family }}.yml"
+
   tasks:
     - meta: flush_handlers
 
-    - import_tasks: tasks/configure.yml
-      tags: configure
+    - import_tasks: tasks/timezone.yml
+      when: timezone is defined and timezone | length > 0
+      ignore_errors: yes
+      tags: [ timezone, configure ]
+
+    - import_tasks: tasks/ntp.yml
+      when: ntp_enabled is defined and ntp_enabled == "true"
+      ignore_errors: yes
+      tags: [ ntp, configure ]
 
     - import_tasks: tasks/etcd.yml
       when: dcs_exists == "false" and dcs_type == "etcd"
       tags: [ etcd, etcd_cluster ]
 
-    - import_tasks: tasks/patroni.yml
-      tags: patroni
 
-    - import_tasks: tasks/pgbouncer.yml
-      when: install_pgbouncer == "true"
-      tags: pgbouncer
+- hosts: balancers
+  become: true
+  become_method: sudo
+  any_errors_fatal: true
+  gather_facts: true
+  vars_files:
+    - vars/main.yml
+    - "vars/{{ ansible_os_family }}.yml"
+
+  tasks:
+    - meta: flush_handlers
 
     - import_tasks: tasks/haproxy.yml
       when: with_haproxy_load_balancing == "true" and cluster_vip | length > 0
       tags: load_balancing
 
+
+- hosts: postgres_cluster
+  become: true
+  become_method: sudo
+  any_errors_fatal: true
+  gather_facts: true
+  vars_files:
+    - vars/main.yml
+    - vars/system.yml
+    - "vars/{{ ansible_os_family }}.yml"
+
+  pre_tasks:
+    - meta: flush_handlers
+
+    - import_tasks: tasks/add-repository.yml
+      tags: [ add_repo ]
+
+    - import_tasks: tasks/packages.yml
+      tags: [ install_packages ]
+
+    - import_tasks: tasks/sudo.yml
+      tags: [ sudo, postgres_sudo ]
+
+    - import_tasks: tasks/configure.yml
+      tags: configure
+
+  tasks:
+    - import_tasks: tasks/pgbouncer.yml
+      when: install_pgbouncer == "true"
+      tags: pgbouncer
+
     - import_tasks: tasks/vip-manager.yml
       when: with_haproxy_load_balancing != "true" and cluster_vip | length > 0
       tags: [ vip, vip_manager ]
 
+    - import_tasks: tasks/patroni.yml
+      tags: patroni
+
     # optional
     - import_tasks: tasks/postgresql-users.yml
       when: is_master == "true" and postgresql_users | length > 0

group_vars/postgres_cluster renamed to group_vars/all

@@ -5,19 +5,37 @@
 # "postgresql_exists='true'" if PostgreSQL is already exists and runing
 # "hostname=" variable is optional (used to change the server name)
 
+# (if dcs_exists: 'false' and dcs_type: 'etcd')
+[etcd_cluster]  # recommendation: 3 or 5-7 nodes
+10.128.64.140
+10.128.64.142
+10.128.64.143
+
+
+# (if with_haproxy_load_balancing: 'true')
+[balancers]
+10.128.64.140
+10.128.64.142
+10.128.64.143
+
+
+# PostgreSQL nodes
 [master]
-10.128.64.140 postgresql_exists='false' hostname=pgnode01
+10.128.64.140 hostname=pgnode01 postgresql_exists='false'
 
 [replica]
 10.128.64.142 hostname=pgnode02
 10.128.64.143 hostname=pgnode03
 
-
 [postgres_cluster:children]
 master
 replica
 
 
+# In this example, all components will be installed on PostgreSQL nodes
+# You can deploy the etcd cluster and the haproxy balancers on other dedicated servers. 
+
+
 # Connection settings
 [all:vars]
 ansible_connection='ssh'

inventory

@@ -2,13 +2,6 @@
 
 # Debian Ubuntu
 - block:
-    - name: Make sure the gnupg package is present
-      apt:
-        force_apt_get: yes
-        name: gnupg
-        state: present
-      when: apt_repository_keys | length > 0 and apt_repository | length > 0
-
     - name: Add repository apt-key
       apt_key:
         url: "{{ item.key }}"
@@ -40,7 +33,7 @@
       when: yum_repository | length > 0
 
     # Install Epel Repository
-    - name: "install | get epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
+    - name: "install | get epel-release-latest rpm package"
       get_url:
         url: "http://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
         dest: /tmp/

tasks/add-repository.yml

@@ -1,11 +1,5 @@
 ---
 
-# Hostname
-- import_tasks: ../tasks/hostname.yml
-  when: hostname is defined and hostname | length > 0
-  ignore_errors: yes
-  tags: [ hostname, configure ]
-
 # Kernel
 - import_tasks: ../tasks/sysctl.yml
   when: sysctl_conf is defined and sysctl_conf | length > 0

tasks/configure.yml

@@ -274,6 +274,15 @@
   tags: haproxy
 
 # Configure
+- name: haproxy | make sure the kernel parameter "net.ipv4.ip_nonlocal_bind" are enabled
+  sysctl:
+    name: "net.ipv4.ip_nonlocal_bind"
+    value: "1"
+    sysctl_set: "yes"
+    state: "present"
+    reload: "yes"
+  tags: haproxy
+
 - name: haproxy | add haproxy group
   group:
     name: haproxy
@@ -350,6 +359,40 @@
   when: existing_pgcluster is defined and existing_pgcluster|bool
   tags: [ haproxy, haproxy_conf ]
 
+- name: haproxy | selinux | make sure the libsemanage-python, policycoreutils-python packages is present
+  package:
+    name: "{{ packages }}"
+    state: present
+    update_cache: yes
+  vars:
+    packages:
+     - libsemanage-python
+     - policycoreutils-python
+  environment: '{{ proxy_env | default({}) }}'
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version == '7'
+    - installation_method == "repo"
+    - haproxy_installation_method == "rpm"
+  tags: haproxy
+
+- name: haproxy | selinux | make sure the python3-libsemanage, python3-policycoreutils packages is present
+  package:
+    name: "{{ packages }}"
+    state: present
+    update_cache: yes
+  vars:
+    packages:
+     - python3-libsemanage
+     - python3-policycoreutils
+  environment: '{{ proxy_env | default({}) }}'
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version is version('8', '>=')
+    - installation_method == "repo"
+    - haproxy_installation_method == "rpm"
+  tags: haproxy
+
 - name: haproxy | selinux | set haproxy_connect_any flag to enable tcp connections
   seboolean:
     name: haproxy_connect_any
@@ -374,7 +417,6 @@
     enabled: yes
     state: restarted
   register: haproxy_restart_result
-  when: haproxy_conf_result.changed or haproxy_conf_prepare_result.changed
   tags: [ haproxy, haproxy_conf ]
 
 - name: haproxy | check HAProxy is started and accepting connections

tasks/haproxy.yml

@@ -90,7 +90,6 @@
     name: keepalived
     enabled: yes
     state: restarted
-  when: haproxy_check_result.changed or keepalived_conf_result.changed or keepalived_conf_prepare_result.changed
   tags: [ keepalived_restart, keepalived ]
 
 - name: wait for the cluster ip address (VIP) "{{ cluster_vip }}" is running