Update to 2021-12-01 19:13

roles/pgadmin4/defaults/main.yml

@@ -0,0 +1,38 @@
+---
+
+# You can deploy several instances of pgadmin4 on the same host
+# pga_id must be uniq for each instance
+pga_id: 1
+# The port on which this instance will listen
+pga_port: 5050
+# List of IP / CIDR for which the port will be opened
+pga_src_ip: []
+# Root dir where the app will be installed
+pga_root_dir: /opt/pgadmin4_{{ pga_id }}
+# Version to deploy
+pga_version: '6.2'
+# URL of the wheel
+pga_pip_url: https://ftp.postgresql.org/pub/pgadmin/pgadmin4/v{{ pga_version }}/pip/pgadmin4-{{ pga_version }}-py3-none-any.whl
+
+# When pg_auth is an empty list, pgAdmin will be in single user mode
+# You can set it to a list, eg
+# pga_auth:
+#   - oauth2
+#   - webserver
+#   - internal
+pga_auth: []
+
+# OIDC Auth (oauth2)
+pga_oidc_client_id: pgadmin4
+pga_oidc_display_name: SSO
+#pga_oidc_client_secret: XXXX
+pga_oidc_base_url: https://sso.{{ ansible_domain }}/oauth2
+pga_oidc_token_url: "{{ pga_oidc_base_url }}/token"
+pga_oidc_auth_url: "{{ pga_oidc_base_url }}/authorize"
+pga_oidc_userinfo_url: "{{ pga_oidc_base_url }}/userinfo"
+pga_oidc_scope: openid email profile
+
+# Webserver auth
+# Can be set to the header which carry the authenticated user name
+# Eg HTTP_X_FOWARDED_USER, REMOTE_USER etc.
+pga_webserver_header: HTTP_AUTH_USER

roles/pgadmin4/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+
+- name: restart pgadmin4
+  service: name=pgadmin4_{{ pga_id }} state=restarted
+  when: not pgadmin4_started.changed

roles/pgadmin4/meta/main.yml

@@ -0,0 +1 @@
+---

roles/pgadmin4/tasks/conf.yml

@@ -0,0 +1,37 @@
+---
+
+- name: Deploy local configuration
+  template: src=config_local.py.j2 dest={{ pga_root_dir }}/venv/lib/python3.6/site-packages/pgadmin4/config_local.py
+  notify: restart pgadmin4
+  tags: pgadmin4
+
+- name: Check if the config DB exists
+  stat: path={{ pga_root_dir }}/data/pgadmin4.db
+  register: pga_db
+  tags: pgadmin4
+
+- name: Initial setup of pgadmin4
+  expect:
+    command: "{{ pga_root_dir }}/venv/bin/python {{ pga_root_dir }}/venv/lib/python3.6/site-packages/pgadmin4/setup.py"
+    timeout: 120
+    echo: true
+    responses:
+      'Email address:\s?': "admin@{{ ansible_domain }}"
+      '(Retype )?[Pp]assword:\s?': "pgadmin"
+  become_user: pgadmin4_{{ pga_id }}
+  when:
+    - not pga_db.stat.exists
+    - pga_auth | length >= 1
+  tags: pgadmin4
+
+- name: Initial setup of pgAdmin4
+  command: "{{ pga_root_dir }}/venv/bin/python {{ pga_root_dir }}/venv/lib/python3.6/site-packages/pgadmin4/setup.py"
+  become_user: pgadmin4_{{ pga_id }}
+  when:
+    - not pga_db.stat.exists
+    - pga_auth | length < 1
+  tags: pgadmin4
+
+- name: Configure logrotate
+  template: src=logrotate.conf.j2 dest=/etc/logrotate.d/pgadmin4_{{ pga_id }}
+  tags: pgadmin4

roles/pgadmin4/tasks/directories.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Create directories
+  file: path={{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  with_items:
+    - path: "{{ pga_root_dir }}"
+      owner: pgadmin4_{{ pga_id }}
+      mode: 700
+    - path: "{{ pga_root_dir }}/sessions"
+      owner: pgadmin4_{{ pga_id }}
+    - path: "{{ pga_root_dir }}/data"
+      owner: pgadmin4_{{ pga_id }}
+    - path: "{{ pga_root_dir }}/logs"
+      owner: pgadmin4_{{ pga_id }}
+    - path: "{{ pga_root_dir }}/meta"
+      mode: 700
+    - path: "{{ pga_root_dir }}/backup"
+      mode: 700
+  tags: pgadmin4

roles/pgadmin4/tasks/facts.yml

@@ -0,0 +1,23 @@
+---
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+  tags: pgadmin4
+
+- name: Check if a 2.7 venv exists
+  stat: path={{ pga_root_dir }}/lib/python2.7
+  register: pga_venv_27
+  tags: pgadmin4
+
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ pga_root_dir }}"
+        - version: "{{ pga_version }}"
+    - set_fact: pga_install_mode={{ install_mode }}
+    - set_fact: pga_current_version={{ current_version | default('') }}
+  tags: pgadmin4

roles/pgadmin4/tasks/install.yml

@@ -0,0 +1,83 @@
+---
+
+- name: Install packages
+  yum: name={{ pgadmin4_packages }}
+  tags: pgadmin4
+
+- name: Install global python tools
+  pip: name=pexpect
+  tags: pgadmin4
+
+- name: Stop pgAdmin4
+  service: name=pgadmin4_{{ pga_id }} state=stopped
+  when: pga_venv_27.stat.exists
+  tags: pgadmin4
+
+- name: Remove the venv
+  file: path={{ pga_root_dir }}/{{ item }} state=absent
+  loop:
+    - lib
+    - lib64
+    - include
+    - bin
+  when: pga_venv_27.stat.exists
+  tags: pgadmin4
+
+- name: Wipe the venv on upgrade
+  file: path={{ pga_root_dir }}/{{ item }} state=absent
+  loop:
+    - lib
+    - lib64
+    - include
+    - bin
+    - venv
+  when: pga_install_mode != 'none'
+  tags: pgadmin4
+
+- name: Create the venv dir
+  file: path={{ pga_root_dir }}/venv state=directory
+  tags: pgadmin4
+
+- name: Create the virtualenv
+  pip:
+    name:
+      - pip
+      - virtualenv
+      - gunicorn
+      - futures
+      - psycopg2
+      - werkzeug
+      - ldap3
+    virtualenv: "{{ pga_root_dir }}/venv"
+    virtualenv_command: /usr/bin/virtualenv-3
+    virtualenv_python: /usr/bin/python3
+  notify: restart pgadmin4
+  tags: pgadmin4
+
+- name: Install pgadmin4
+  pip:
+    name: "{{ pga_pip_url }}"
+    virtualenv: "{{ pga_root_dir }}/venv"
+    virtualenv_command: /usr/bin/virtualenv-3
+    virtualenv_python: /usr/bin/python3
+  register: pga_pip
+  notify: restart pgadmin4
+  tags: pgadmin4
+
+- name: Deploy systemd unit
+  template: src=pgadmin4.service.j2 dest=/etc/systemd/system/pgadmin4_{{ pga_id }}.service
+  register: pga_systemd_unit
+  notify: restart pgadmin4
+  tags: pgadmin4
+
+- name: Reload systemd
+  command: systemctl daemon-reload
+  when: pga_systemd_unit.changed
+  tags: pgadmin4
+
+- name: Install backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/pgadmin4_{{ pga_id }} mode=755
+  loop:
+    - pre
+    - post
+  tags: pgadmin4

roles/pgadmin4/tasks/iptables.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Handle pgAdmin4 port
+  iptables_raw:
+    name: pga_port
+    state: "{{ (pga_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ pga_port }} -s {{ pga_src_ip | join(',') }} -j ACCEPT"
+  tags: pgadmin4

roles/pgadmin4/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+
+- include: facts.yml
+- include: user.yml
+- include: directories.yml
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: service.yml
+- include: write_version.yml

roles/pgadmin4/tasks/service.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Start and enable the daemon
+  service: name=pgadmin4_{{ pga_id }} state=started enabled=True
+  register: pgadmin4_started
+  tags: pgadmin4

roles/pgadmin4/tasks/user.yml

@@ -0,0 +1,10 @@
+---
+- name: Create a useraccount
+  user:
+    name: pgadmin4_{{ pga_id }}
+    comment: "PgAdmin4 User Account"
+    system: True
+    shell: /sbin/nologin
+    home: "{{ pga_root_dir }}"
+  tags: pgadmin4
+

roles/pgadmin4/tasks/write_version.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Write version
+  copy: content={{ pga_version }} dest={{ pga_root_dir }}/meta/ansible_version
+  tags: pgadmin4
+

roles/pgadmin4/templates/config_local.py.j2

@@ -0,0 +1,38 @@
+SERVER_MODE={{ (pga_auth | length >= 1) | ternary('True','False') }}
+DEFAULT_SERVER='0.0.0.0'
+DEFAULT_SERVER_PORT={{ pga_port }}
+DATA_DIR='{{ pga_root_dir }}/data'
+LOG_FILE='{{ pga_root_dir }}/logs/pgadmin4.log'
+STORAGE_DIR='{{ pga_root_dir }}/data'
+SQLITE_PATH='{{ pga_root_dir }}/data/pgadmin4.db'
+SECURITY_EMAIL_SENDER='pgadmin4@{{ ansible_domain }}'
+SESSION_DB_PATH='{{ pga_root_dir }}/sessions'
+CONSOLE_LOG_FORMAT='%(levelname)s\t%(name)s:\t%(message)s'
+SHOW_GRAVATAR_IMAGE=False
+SECURITY_EMAIL_SENDER='no-reply@{{ ansible_domain }}'
+UPGRADE_CHECK_ENABLED=False
+DEFAULT_BINARY_PATHS = {
+  "pg": "/usr/pgsql-14/bin/"
+}
+{% if pga_auth | length >= 1 %}
+AUTHENTICATION_SOURCES=['{{ pga_auth | join('\',\'') }}']
+{% endif %}
+{% if 'oauth2' in pga_auth %}
+OAUTH2_CONFIG=[{
+  'OAUTH2_NAME': 'oidc',
+  'OAUTH2_DISPLAY_NAME': '{{ pga_oidc_display_name }}',
+  'OAUTH2_CLIENT_ID': '{{ pga_oidc_client_id }}',
+  'OAUTH2_CLIENT_SECRET': '{{ pga_oidc_client_secret }}',
+  'OAUTH2_API_BASE_URL': '{{ pga_oidc_base_url }}',
+  'OAUTH2_TOKEN_URL': '{{ pga_oidc_token_url }}',
+  'OAUTH2_AUTHORIZATION_URL': '{{ pga_oidc_auth_url }}',
+  'OAUTH2_USERINFO_ENDPOINT': '{{ pga_oidc_userinfo_url }}',
+  'OAUTH2_SCOPE': '{{ pga_oidc_scope }}',
+  'OAUTH2_AUTO_CREATE_USER': True
+}]
+{% endif %}
+{% if 'webserver' in pga_auth %}
+WEBSERVER_AUTO_CREATE_USER=True
+WEBSERVER_REMOTE_USER='{{ pga_webserver_header }}'
+{% endif %}
+

roles/pgadmin4/templates/logrotate.conf.j2

@@ -0,0 +1,8 @@
+{{ pga_root_dir }}/logs/*.log {
+  daily
+  rotate 180
+  compress
+  notifempty
+  missingok
+  copytruncate
+}

roles/pgadmin4/templates/pgadmin4.service.j2

@@ -0,0 +1,25 @@
+[Unit]
+Description=pgAdmin4 server daemon
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User=pgadmin4_{{ pga_id }}
+Group=pgadmin4_{{ pga_id }}
+ExecStart={{ pga_root_dir }}/venv/bin/gunicorn --bind 0.0.0.0:{{ pga_port }} \
+          --workers=1 \
+          --threads=25 \
+          --chdir {{ pga_root_dir }}/venv/lib/python3.6/site-packages/pgadmin4 \
+          pgAdmin4:app
+ExecReload=/bin/kill -HUP $MAINPID
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=pgadmin4_{{ pga_id }}
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

roles/pgadmin4/templates/post-backup.j2

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -eo pipefail
+
+rm -f {{ pga_root_dir }}/backup/*

roles/pgadmin4/templates/pre-backup.j2

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -eo pipefail
+
+sqlite3 {{ pga_root_dir }}/data/pgadmin4.db .dump | zstd -c > {{ pga_root_dir }}/backup/pgadmin4.sql.zst

roles/pgadmin4/vars/RedHat-7.yml

@@ -0,0 +1,13 @@
+---
+
+pgadmin4_packages:
+  - gcc
+  - postgresql
+  - postgresql-devel
+  - postgresql14
+  - python3-virtualenv
+  - python3-pip
+  - python-setuptools # Needed for pip install expect
+  - python-pip        # Also needed to install expect
+  - krb5-devel
+  - sqlite

roles/pgadmin4/vars/RedHat-8.yml

@@ -0,0 +1,12 @@
+---
+
+pgadmin4_packages:
+  - gcc
+  - postgresql
+  - postgresql-devel
+  - postgresql14
+  - python3-virtualenv
+  - python3-pip
+  - python3-setuptools # Needed for pip install expect
+  - krb5-devel
+  - sqlite