diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7738c287..161829f1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,6 +49,7 @@ jobs: # - distro: rockylinux9 - distro: debian11 - distro: debian12 + - distro: debian13 - distro: ubuntu2204 - distro: ubuntu2404 diff --git a/README.md b/README.md index fe3bba18..927001f4 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Ansible role which installs and configures PostgreSQL, extensions, databases and #### Installation -This has been tested on Ansible 2.4.0 and higher. +This has been tested on Ansible 2.5.0 and higher. To install: @@ -54,10 +54,12 @@ An example how to include this role as a task: #### Compatibility matrix + | Distribution / PostgreSQL | 11 | 12 | 13 | 14 | 15 | 16 | 17 | | ------------------------- | :--------: | :--------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | | Debian 11.x | :no_entry: | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | Debian 12.x | :no_entry: | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Debian 13.x | :no_entry: | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | Rockylinux 8.x | :no_entry: | :no_entry: | :warning: | :warning: | :warning: | :warning: | :warning: | | Rockylinux 9.x | :no_entry: | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :warning: | | Ubuntu 22.04.x | :no_entry: | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | diff --git a/defaults/main.yml b/defaults/main.yml index 689f285a..64d71a09 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -838,6 +838,7 @@ postgresql_install_repository: true # APT settings postgresql_apt_key_id: "ACCC4CF8" postgresql_apt_key_url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc" +postgresql_apt_repository_url: "https://apt.postgresql.org/pub/repos/apt" # postgresql_apt_keyring: "/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg" # repsoitory base diff --git a/molecule/README.md b/molecule/README.md index 27becf06..326b6ce5 100644 --- a/molecule/README.md +++ b/molecule/README.md @@ -14,6 +14,8 @@ The default distribution is ubuntu2204. You can override th with setting the env * fedora40 * debian11 * debian12 +======= +* debian13 * ubuntu2204 * ubuntu2404 @@ -45,6 +47,7 @@ The playbooks read variables from two files. One common vars file, and one with $ ls -1 tests/ | grep vars vars.Debian.11.yml vars.Debian.12.yml +vars.Debian.13.yml vars.Fedora.40.yml vars.Ubuntu.22.yml vars.Ubuntu.24.yml diff --git a/tasks/install_apt.yml b/tasks/install_apt.yml index 0c6e52b9..7b717cba 100644 --- a/tasks/install_apt.yml +++ b/tasks/install_apt.yml @@ -15,45 +15,48 @@ - curl - gnupg - lsb-release + - python3-debian state: present update_cache: true when: ansible_facts['pkg_mgr'] == 'apt' -# --- Derive the PGDG suite from the host codename --- -# Examples: bookworm -> bookworm-pgdg, bullseye -> bullseye-pgdg, jammy -> jammy-pgdg, noble -> noble-pgdg -- name: Compute PGDG suite from distribution codename - ansible.builtin.set_fact: - postgresql_apt_suite: "{{ ansible_facts['distribution_release'] }}-pgdg" - when: ansible_facts['pkg_mgr'] == 'apt' +- name: PostgreSQL | Add PostgreSQL repository (deb822) + ansible.builtin.deb822_repository: + name: postgresql + types: ["deb"] + uris: ["{{ postgresql_apt_repository_url }}"] + suites: ["{{ ansible_distribution_release }}-pgdg"] + components: ["main", "{{ postgresql_version }}"] + signed_by: "{{ postgresql_apt_key_url }}" + state: present + when: + - postgresql_install_repository + - ansible_facts.packages.apt is defined + - ansible_facts.packages.apt[0].version is version('2.4', '>=') -# --- Install the PGDG key into a keyring file --- -# This avoids deprecated apt_key usage and works with newer apt-secure expectations. -- name: Install PGDG keyring (dearmor GPG key into a file) - ansible.builtin.shell: | - install -d -m 0755 /usr/share/postgresql-common/pgdg - curl -fsSL {{ postgresql_apt_key_url }} \ - | gpg --dearmor -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg - args: - creates: /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg - when: ansible_facts['pkg_mgr'] == 'apt' +- name: PostgreSQL | Add PostgreSQL repository apt-key | apt + apt_key: + id: "{{ postgresql_apt_key_id }}" + url: "{{ postgresql_apt_key_url }}" + state: present + keyring: /etc/apt/trusted.gpg.d/postgresql.gpg + when: + - postgresql_apt_key_url is defined and postgresql_apt_key_url | length > 0 + - postgresql_apt_key_id is defined and postgresql_apt_key_id | length > 0 + - postgresql_install_repository + - ansible_facts.packages.apt[0].version is version('2.4', '<') -# --- Add the PGDG APT repository (HTTPS + signed-by) --- -# We explicitly build the repo line to ensure the correct suite and signed-by usage. -- name: Add PGDG APT repository - ansible.builtin.apt_repository: - repo: >- - deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg] - {{ postgresql_apt_repo_base }} - {{ postgresql_apt_suite }} main - filename: pgdg +- name: PostgreSQL | Add PostgreSQL repository | apt + apt_repository: + repo: "{{ postgresql_apt_repository }}" state: present when: - - ansible_facts['pkg_mgr'] == 'apt' - - (postgresql_install_repository | default(true)) | bool + - postgresql_apt_repository | default('') != '' + - postgresql_install_repository + - ansible_facts.packages.apt[0].version is version('2.4', '<') -# --- Optional pinning (preferences) --- -- name: Add APT preferences for PGDG (pinning) - ansible.builtin.template: +- name: PostgreSQL | Add PostgreSQL repository preferences | apt + template: src: etc_apt_preferences.d_apt_postgresql_org_pub_repos_apt.pref.j2 dest: /etc/apt/preferences.d/apt_postgresql_org_pub_repos_apt.pref when: @@ -74,7 +77,6 @@ - (postgresql_apt_dependencies | default([])) | length > 0 # --- Install PostgreSQL packages from PGDG --- -# Use default_release only if we know the suite; this avoids "invalid APT::Default-Release" errors. - name: Install PostgreSQL server/client/contrib ansible.builtin.apt: name: @@ -84,9 +86,6 @@ state: present update_cache: true cache_valid_time: "{{ apt_cache_valid_time | default(3600) }}" - default_release: >- - {{ postgresql_default_release - | default(postgresql_apt_suite | default(omit)) }} environment: "{{ postgresql_env | default({}) }}" when: ansible_facts['pkg_mgr'] == 'apt' diff --git a/tasks/main.yml b/tasks/main.yml index a9ce1524..4a0d264e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -30,6 +30,10 @@ - "{{ role_path }}/vars" tags: [always] +- name: Gather package facts + ansible.builtin.package_facts: + manager: apt + # --- Installers par famille/distro --- - name: Install on APT-based systems ansible.builtin.import_tasks: install_apt.yml diff --git a/tests/vars.Debian.13.yml b/tests/vars.Debian.13.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/tests/vars.Debian.13.yml @@ -0,0 +1 @@ +--- diff --git a/vars/Debian_22.yml b/vars/Debian_22.yml index 273f70e2..ca1d3942 100644 --- a/vars/Debian_22.yml +++ b/vars/Debian_22.yml @@ -3,4 +3,4 @@ postgresql_service_name: "postgresql" -postgresql_apt_repository: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/postgresql.gpg] http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main {{ postgresql_version }}" +postgresql_apt_repository: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/postgresql.gpg] {{ postgresql_apt_repository_url }}/ {{ ansible_distribution_release }}-pgdg main {{ postgresql_version }}" diff --git a/vars/trixie.yml b/vars/trixie.yml new file mode 100644 index 00000000..2be91a93 --- /dev/null +++ b/vars/trixie.yml @@ -0,0 +1,6 @@ +--- +# PostgreSQL vars for Debian Trixie (13) + +postgresql_ext_postgis_deps: + - "postgresql-{{postgresql_version}}-postgis-3" + - "postgresql-{{postgresql_version}}-postgis-3-scripts"