Chapter 21. Installing and configuring PostgreSQL by using the postgresql RHEL system role
As a system administrator, you can use the postgresql
RHEL system role to install, configure, manage, start, and improve performance of the PostgreSQL server.
21.1. The postgresql role variables
You can use the following variables of the postgresql
RHEL system role to customize the PostgreSQL server behavior.
postgresql_verison
You can set the version of the PostgreSQL server to any released and supported version of PostgreSQL on RHEL 8 and RHEL 9 managed nodes. For example:
postgresql_version: "13"
postgresql_password
Optionally, you can set a password for the
postgres
database superuser. By default, no password is set, and a database is accessible from thepostgres
system account through a UNIX socket. It is recommended to encrypt the password by using Ansible Vault. For example:postgresql_password: !vault | $ANSIBLE_VAULT;1.2;AES256;dev ....
postgresql_pg_hba_conf
The content of the
postgresql_pg_hba_conf
variable replaces the default upstream configuration in the/var/lib/pgsql/data/pg_hba.conf
file. For example:postgresql_pg_hba_conf: - type: local database: all user: all auth_method: peer - type: host database: all user: all address: '127.0.0.1/32' auth_method: ident - type: host database: all user: all address: '::1/128' auth_method: ident
postgresql_server_conf
The content of the
postgresql_server_conf
variable is added to the end of the/var/lib/pgsql/data/postgresql.conf
file. As a result, the default settings are overwritten. For example:postgresql_server_conf: ssl: on shared_buffers: 128MB huge_pages: try
postgresql_ssl_enable
To set up an SSL/TLS connection, set the
postgresql_ssl_enable
variable totrue
:postgresql_ssl_enable: true
and use one of the following approaches to provide a server certificate and a private key:
-
Use the
postgresql_cert_name
variable if you want to use an existing certificate and private key. -
Use the
postgresql_certificates
variable to generate a new certificate.
-
Use the
postgresql_cert_name
If you want to use your own certificate and private key, use the
postgresql_cert_name
variable to specify the certificate name. You must keep both certificate and key files in the same directory and under the same name with the.crt
and.key
suffixes.For example, if your certificate file is located in
/etc/certs/server.crt
and your private key in/etc/certs/server.key
, set thepostgresql_cert_name
value to:postgresql_cert_name: /etc/certs/server
postgresql_certificates
The
postgresql_certificates
variable requires alist
ofdict
in the same format as used by theredhat.rhel_system_roles.certificate
role. Specify thepostgresql_certificates
variable if you want the certificate role to generate certificates for the PostgreSQL server configured by the PostgreSQL role. In the following example, a self-signed certificatepostgresql_cert.crt
is generated in the/etc/pki/tls/certs/
directory. By default, no certificates are automatically generated ([]
).postgresql_certificates: - name: postgresql_cert dns: ['localhost', 'www.example.com'] ca: self-sign
postgresql_input_file
To run an SQL script, define a path to your SQL file by using the
postgresql_input_file
variable:postgresql_input_file: "/tmp/mypath/file.sql"
postgresql_server_tuning
By default, the PostgreSQL system role enables server settings optimization based on system resources. To disable the tuning, set the
postgresql_server_tuning
variable tofalse
:postgresql_server_tuning: false
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.postgresql/README.md
file -
/usr/share/doc/rhel-system-roles/postgresql/
directory
21.2. Introduction to the postgresql RHEL system role
To install, configure, manage, and start the PostgreSQL server using Ansible, you can use the postgresql
RHEL system role.
You can also use the postgresql
role to optimize the database server settings and improve performance.
The role supports the currently released and supported versions of PostgreSQL on RHEL 8 and RHEL 9 managed nodes.
21.3. Configuring the PostgreSQL server by using RHEL system roles
You can use the postgresql
RHEL system role to install, configure, manage, and start the PostgreSQL server.
The postgresql
role replaces PostgreSQL configuration files in the /var/lib/pgsql/data/
directory on the managed hosts. Previous settings are changed to those specified in the role variables, and lost if they are not specified in the role variables.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudo
permissions on them.
Procedure
Create a playbook file, for example
~/playbook.yml
, with the following content:--- - name: Manage PostgreSQL hosts: managed-node-01.example.com roles: - rhel-system-roles.postgresql vars: postgresql_version: "13"
Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.yml
Note that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.postgresql/README.md
file -
/usr/share/doc/rhel-system-roles/postgresql/
directory - Using PostgreSQL