Merge branch 'master' into console

vitabaks · Aug 1, 2024 · 1a4f412 · 1a4f412
2 parents 90ddb24 + 69a2c44
commit 1a4f412
Show file tree

Hide file tree

Showing 24 changed files with 236 additions and 137 deletions.
diff --git a/.config/python/dev/requirements.txt b/.config/python/dev/requirements.txt
@@ -1,3 +1,4 @@
+requests==2.31.0
 docker==6.1.3
 molecule==6.0.3
 molecule-plugins==23.5.3

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
@@ -52,9 +52,6 @@ jobs:
           - distro: centosstream9
             tag: latest
             namespace: glillico
-          - distro: centosstream8
-            tag: latest
-            namespace: glillico
 
     steps:
       - name: Set TERM environment variable

diff --git a/.github/workflows/molecule_pg_upgrade.yml b/.github/workflows/molecule_pg_upgrade.yml
@@ -48,9 +48,6 @@ jobs:
           - distro: centosstream9
             tag: latest
             namespace: glillico
-          - distro: centosstream8
-            tag: latest
-            namespace: glillico
 
     steps:
       - name: Set TERM environment variable

diff --git a/.github/workflows/schedule_pg_centosstream8.yml b/.github/workflows/schedule_pg_centosstream8.yml
diff --git a/README.md b/README.md
@@ -90,9 +90,8 @@ RedHat and Debian based distros (x86_64)
 ###### Supported Linux Distributions:
 - **Debian**: 10, 11, 12
 - **Ubuntu**: 20.04, 22.04
-- **CentOS**: 7, 8
-- **CentOS Stream**: 8, 9
-- **Oracle Linux**: 7, 8, 9
+- **CentOS Stream**: 9
+- **Oracle Linux**: 8, 9
 - **Rocky Linux**: 8, 9
 - **AlmaLinux**: 8, 9
 
@@ -109,7 +108,6 @@ _Table of results of daily automated testing of cluster deployment:_
 | Debian 12    | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/vitabaks/postgresql_cluster/schedule_pg_debian11.yml?branch=master)](https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_debian12.yml) |
 | Ubuntu 20.04 | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/vitabaks/postgresql_cluster/schedule_pg_ubuntu2004.yml?branch=master)](https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_ubuntu2004.yml) |
 | Ubuntu 22.04 | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/vitabaks/postgresql_cluster/schedule_pg_ubuntu2204.yml?branch=master)](https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_ubuntu2204.yml) |
-| CentOS Stream 8 | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/vitabaks/postgresql_cluster/schedule_pg_centosstream8.yml?branch=master)](https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_centosstream8.yml) |
 | CentOS Stream 9 | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/vitabaks/postgresql_cluster/schedule_pg_centosstream9.yml?branch=master)](https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_centosstream9.yml) |
 | Oracle Linux 8 | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/vitabaks/postgresql_cluster/schedule_pg_oracle_linux8.yml?branch=master)](https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_oracle_linux8.yml) |
 | Oracle Linux 9 | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/vitabaks/postgresql_cluster/schedule_pg_oracle_linux9.yml?branch=master)](https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_oracle_linux9.yml) |

diff --git a/molecule/tests/variables/asserts/wal_g_cron_jobs.yml b/molecule/tests/variables/asserts/wal_g_cron_jobs.yml
@@ -24,10 +24,10 @@
   run_once: true
   ansible.builtin.assert:
     that:
-      - wal_g_backup_command[0] == "[ $(curl -s -o /dev/null -w '%{http_code}' http://{{ inventory_hostname }}:{{ patroni_restapi_port }}) = '200' ]"
-      - wal_g_backup_command[1] == " && wal-g backup-push {{ postgresql_data_dir }} > {{ postgresql_log_dir }}/walg_backup.log 2>&1"
-      - wal_g_delete_command[0] == "[ $(curl -s -o /dev/null -w '%{http_code}' http://{{ inventory_hostname }}:{{ patroni_restapi_port }}) = '200' ]"
-      - wal_g_delete_command[1] == " && wal-g delete retain FULL 4 --confirm > {{ postgresql_log_dir }}/walg_delete.log 2>&1"
+      - wal_g_backup_command[0] == "curl -I -s http://{{ inventory_hostname }}:{{ patroni_restapi_port }} | grep 200"
+      - wal_g_backup_command[1] == " && {{ wal_g_path }} backup-push {{ postgresql_data_dir }} > {{ postgresql_log_dir }}/walg_backup.log 2>&1"
+      - wal_g_delete_command[0] == "curl -I -s http://{{ inventory_hostname }}:{{ patroni_restapi_port }} | grep 200"
+      - wal_g_delete_command[1] == " && {{ wal_g_path }} delete retain FULL 4 --confirm > {{ postgresql_log_dir }}/walg_delete.log 2>&1"
     fail_msg: "Test failed: wal_g_backup_command or wal_g_delete_command do not have the expected content."
     success_msg: "Test passed: wal_g_backup_command and wal_g_delete_command have the expected content."
 
@@ -45,7 +45,7 @@
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | Debian | Define Expected First wal_g_cron Job
   run_once: true
   ansible.builtin.set_fact: # yamllint disable rule:line-length
-    origin_wal_g_cron_jobs_create_job: "[ $(curl -s -o /dev/null -w '%{http_code}' http://{{ inventory_hostname }}:{{ patroni_restapi_port }}) = '200' ] && wal-g backup-push {{ postgresql_data_dir }} > {{ postgresql_log_dir }}/walg_backup.log 2>&1"
+    origin_wal_g_cron_jobs_create_job: "curl -I -s http://{{ inventory_hostname }}:{{ patroni_restapi_port }} | grep 200 && {{ wal_g_path }} backup-push {{ postgresql_data_dir }} > {{ postgresql_log_dir }}/walg_backup.log 2>&1"
 
 # 🖨️ Display the first wal_g_cron job for Debian for debugging purposes
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | Debian | Debug First wal_g_cron Job
@@ -66,7 +66,7 @@
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | Debian | Define Expected Second wal_g_cron Job
   run_once: true
   ansible.builtin.set_fact: # yamllint disable rule:line-length
-    origin_wal_g_cron_jobs_delete_job: "[ $(curl -s -o /dev/null -w '%{http_code}' http://{{ inventory_hostname }}:{{ patroni_restapi_port }}) = '200' ] && wal-g delete retain FULL 4 --confirm > {{ postgresql_log_dir }}/walg_delete.log 2>&1"
+    origin_wal_g_cron_jobs_delete_job: "curl -I -s http://{{ inventory_hostname }}:{{ patroni_restapi_port }} | grep 200 && {{ wal_g_path }} delete retain FULL 4 --confirm > {{ postgresql_log_dir }}/walg_delete.log 2>&1"
 
 # 🖨️ Display the second wal_g_cron job for Debian for debugging purposes
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | Debian | Debug Second wal_g_cron Job
@@ -97,7 +97,7 @@
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | RedHat | Define Expected First wal_g_cron Job
   run_once: true
   ansible.builtin.set_fact: # yamllint disable rule:line-length
-    origin_wal_g_cron_jobs_create_job: "[ $(curl -s -o /dev/null -w '%{http_code}' http://{{ inventory_hostname }}:{{ patroni_restapi_port }}) = '200' ] && wal-g backup-push {{ postgresql_data_dir }} > {{ postgresql_log_dir }}/walg_backup.log 2>&1"
+    origin_wal_g_cron_jobs_create_job: "curl -I -s http://{{ inventory_hostname }}:{{ patroni_restapi_port }} | grep 200 && {{ wal_g_path }} backup-push {{ postgresql_data_dir }} > {{ postgresql_log_dir }}/walg_backup.log 2>&1"
 
 # 🖨️ Display the first wal_g_cron job for RedHat for debugging purposes
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | RedHat | Debug First wal_g_cron Job
@@ -118,7 +118,7 @@
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | RedHat | Define Expected Second wal_g_cron Job
   run_once: true
   ansible.builtin.set_fact: # yamllint disable rule:line-length
-    origin_wal_g_cron_jobs_delete_job: "[ $(curl -s -o /dev/null -w '%{http_code}' http://{{ inventory_hostname }}:{{ patroni_restapi_port }}) = '200' ] && wal-g delete retain FULL 4 --confirm > {{ postgresql_log_dir }}/walg_delete.log 2>&1"
+    origin_wal_g_cron_jobs_delete_job: "curl -I -s http://{{ inventory_hostname }}:{{ patroni_restapi_port }} | grep 200 && {{ wal_g_path }} delete retain FULL 4 --confirm > {{ postgresql_log_dir }}/walg_delete.log 2>&1"
 
 # 🖨️ Display the second wal_g_cron job for RedHat for debugging purposes
 - name: Molecule.tests.variables.asserts.wal_g_cron_jobs | RedHat | Debug Second wal_g_cron Job

diff --git a/roles/confd/templates/haproxy.tmpl.j2 b/roles/confd/templates/haproxy.tmpl.j2
@@ -12,6 +12,10 @@ global
 defaults
     mode               tcp
     log                global
+    option             tcplog
+{% if haproxy_log_format is defined %}
+    log-format         '{{ haproxy_log_format }}'
+{% endif %}
     retries            2
     timeout queue      5s
     timeout connect    5s
@@ -32,7 +36,6 @@ listen master
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.master }}
 {% endif %}
     maxconn {{ haproxy_maxconn.master }}
-    option tcplog
     option httpchk OPTIONS /primary
     http-check expect status 200
     default-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions
@@ -53,7 +56,6 @@ listen master_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.master_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.master }}
-    option tcplog
     option httpchk OPTIONS /primary
     http-check expect status 200
     default-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions
@@ -68,7 +70,6 @@ listen replicas
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /replica?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -94,7 +95,6 @@ listen replicas_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /replica?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -114,7 +114,6 @@ listen replicas_sync
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_sync }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /sync{{ '?' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -140,7 +139,6 @@ listen replicas_sync_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_sync_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /sync{{ '?' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -160,7 +158,6 @@ listen replicas_async
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_async }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /async?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -186,7 +183,6 @@ listen replicas_async_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_async_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /async?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}

diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Gather facts for hosts postres_cluster
+- name: Gather facts from postgres_cluster hosts
   ansible.builtin.setup:
   delegate_to: "{{ item }}"
   delegate_facts: true

diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
@@ -12,6 +12,10 @@ global
 defaults
     mode               tcp
     log                global
+    option             tcplog
+{% if haproxy_log_format is defined %}
+    log-format         '{{ haproxy_log_format }}'
+{% endif %}
     retries            2
     timeout queue      5s
     timeout connect    5s
@@ -32,7 +36,6 @@ listen master
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.master }}
 {% endif %}
     maxconn {{ haproxy_maxconn.master }}
-    option tcplog
     option httpchk OPTIONS /primary
     http-check expect status 200
     default-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions
@@ -55,7 +58,6 @@ listen master_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.master_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.master }}
-    option tcplog
     option httpchk OPTIONS /primary
     http-check expect status 200
     default-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions
@@ -71,7 +73,6 @@ listen replicas
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /replica?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -99,7 +100,6 @@ listen replicas_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /replica?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -120,7 +120,6 @@ listen replicas_sync
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_sync }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /sync{{ '?' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -148,7 +147,6 @@ listen replicas_sync_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_sync_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /sync{{ '?' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -169,7 +167,6 @@ listen replicas_async
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_async }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /async?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}
@@ -197,7 +194,6 @@ listen replicas_async_direct
     bind {{ inventory_hostname }}:{{ haproxy_listen_port.replicas_async_direct }}
 {% endif %}
     maxconn {{ haproxy_maxconn.replica }}
-    option tcplog
     {% if balancer_tags | default('') | length > 0 %}
     option httpchk OPTIONS /async?lag={{ patroni_maximum_lag_on_replica }}{{ '&' + balancer_tags.split(',') | map('trim') | map('regex_replace', '([^=]+)=(.*)', 'tag_\\1=\\2') | join('&') }}
     {% else %}

diff --git a/roles/keepalived/defaults/main.yml b/roles/keepalived/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+
+keepalived_instances:
+  - name: VI_1
+    state: BACKUP
+    interface: "{{ vip_interface }}"
+    virtual_router_id: "{{ keepalived_virtual_router_id | default(123) }}"
+    priority: 100
+    advert_int: 2
+    check_status_command: /usr/libexec/keepalived/haproxy_check.sh
+    authentication:
+      auth_type: PASS
+      auth_pass: "1ce24b6e"
+    virtual_ipaddresses:
+      - "{{ cluster_vip }}"
diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml
@@ -27,7 +27,7 @@
           ansible_ssh_port | default(22)
         )
       }}
-  ignore_errors: true  # show the error and continue the playbook execution
+  ignore_errors: true  # noqa ignore-errors # show the error and continue the playbook execution
   listen: "restart keepalived"
 
 ...
diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml
@@ -28,6 +28,7 @@
     state: directory
     owner: root
     group: root
+    mode: "0750"
   tags: keepalived_conf, keepalived
 
 - name: Create vrrp_script "/usr/libexec/keepalived/haproxy_check.sh"
@@ -46,6 +47,9 @@
   ansible.builtin.template:
     src: templates/keepalived.conf.j2
     dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: "0644"
   notify: "restart keepalived"
   when: add_balancer is not defined or not add_balancer|bool
   tags: keepalived_conf, keepalived
@@ -88,13 +92,13 @@
   when: add_balancer is defined and add_balancer|bool
   tags: keepalived_conf, keepalived
 
-- name: selinux | change the keepalived_t domain to permissive
+- name: Selinux | Change the keepalived_t domain to permissive
   community.general.selinux_permissive:
     name: keepalived_t
     permissive: true
   when: ansible_selinux.status is defined and
         ansible_selinux.status == 'enabled'
-  ignore_errors: true
+  ignore_errors: true  # noqa ignore-errors
   tags: keepalived, keepalived_selinux
 
 ...