Skip to content

Drop delegate_to for SSH jump host compatibility #1033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Drop delegate_to for SSH jump host compatibility #1033

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ccb2cea
fix delegate_to {{ group_name[0] }} bug
evgeny-bushuev-incountry May 30, 2025
7782035
fix delegate_to {{ group_name[0] }} bug 1
evgeny-bushuev-incountry May 30, 2025
bb2a604
fix delegate_to {{ group_name[0] }} bug 2
evgeny-bushuev-incountry May 30, 2025
e9c432f
Merge branch 'master' into delegate-to-fix
vitabaks Jul 15, 2025
ab85489
Merge branch 'master' into pr/1033
vitabaks Jul 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions automation/roles/confd/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
tags: confd_conf, confd

- block: # for add_balancer.yml
- name: "Fetch confd.toml, haproxy.toml, haproxy.tmpl conf files from {{ groups.balancers[0] }}"
- name: "Fetch confd.toml, haproxy.toml, haproxy.tmpl conf files from {{ inventory_hostname }}"
run_once: true
ansible.builtin.fetch:
src: "{{ item }}"
Expand All @@ -74,7 +74,7 @@
- /etc/confd/confd.toml
- /etc/confd/conf.d/haproxy.toml
- /etc/confd/templates/haproxy.tmpl
delegate_to: "{{ groups.balancers[0] }}"
when: "'balancers' in group_names"
Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case, there will be an error because there will be a new haproxy node in the group that we are adding.
It is necessary to get files from the first node of the group.

Copy link
Contributor Author

@evgeny-bushuev-incountry evgeny-bushuev-incountry May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if the first node in the group will be a new node?

Copy link
Contributor Author

@evgeny-bushuev-incountry evgeny-bushuev-incountry May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe this?

when:
- 'balancers' in group_names
- not new_node | bool

Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if the first node in the group will be a new node?

it is assumed that the user has read the documentation

all necessary configuration files will be copied from the first server listed in the "balancers" group in the inventory file.

Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe this?

I think it will work.


- name: Copy confd.toml, haproxy.toml, haproxy.tmpl conf files to replica
ansible.builtin.copy:
Expand Down
2 changes: 1 addition & 1 deletion automation/roles/copy/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@
flat: true
validate_checksum: true
loop: "{{ fetch_files_from_master }}"
delegate_to: "{{ groups.master[0] }}"
when:
- fetch_files_from_master is defined
- fetch_files_from_master | length > 0
- "'master' in group_names"
tags: fetch_files

- name: Copy files to all servers
Expand Down
4 changes: 2 additions & 2 deletions automation/roles/deploy_finish/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@
become_user: postgres
ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -Xc '\\du'"
register: users_result
delegate_to: "{{ groups.master[0] }}"
changed_when: false
ignore_errors: true
when: "'master' in group_names"
tags: users, users_list, cluster_info, cluster_status, point_in_time_recovery

- name: Get Postgres databases
Expand All @@ -21,9 +21,9 @@
become_user: postgres
ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -Xc '\\l'"
register: dbs_result
delegate_to: "{{ groups.master[0] }}"
changed_when: false
ignore_errors: true
when: "'master' in group_names"
tags: databases, db_list, cluster_info, cluster_status, point_in_time_recovery

- name: Get Postgres cluster info
Expand Down
4 changes: 2 additions & 2 deletions automation/roles/haproxy/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,15 +103,15 @@
tags: haproxy, haproxy_service, load_balancing

- block: # for add_balancer.yml
- name: "Fetch haproxy.cfg file from {{ groups.balancers[0] }}"
- name: "Fetch haproxy.cfg file from {{ inventory_hostname }}"
run_once: true
ansible.builtin.fetch:
src: /etc/haproxy/haproxy.cfg
dest: "{{ files_dir | default(playbook_dir ~ '/files') }}/haproxy.cfg"
validate_checksum: true
flat: true
notify: "restart haproxy"
delegate_to: "{{ groups.balancers[0] }}"
when: "'balancers' in group_names"
Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is necessary to fetch files from the first node of the group.


- name: Copy haproxy.cfg file to replica
ansible.builtin.copy:
Expand Down
4 changes: 2 additions & 2 deletions automation/roles/keepalived/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,14 @@
tags: keepalived_conf, keepalived

- block: # for add_balancer.yml
- name: "Fetch keepalived.conf conf file from {{ groups.balancers[0] }}"
- name: "Fetch keepalived.conf conf file from {{ inventory_hostname }}"
run_once: true
ansible.builtin.fetch:
src: /etc/keepalived/keepalived.conf
dest: "{{ files_dir | default(playbook_dir ~ '/files') }}/keepalived.conf"
validate_checksum: true
flat: true
delegate_to: "{{ groups.balancers[0] }}"
when: "'balancers' in group_names"
Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also - first node in the group.

Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
when: "'balancers' in group_names"
when: "'balancers' in group_names and inventory_hostname == groups['balancers'][0]"


- name: Copy keepalived.conf conf file to replica
ansible.builtin.copy:
Expand Down
4 changes: 2 additions & 2 deletions automation/roles/patroni/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@
dest: "{{ files_dir | default(playbook_dir ~ '/files') }}/patroni.yml"
validate_checksum: true
flat: true
delegate_to: "{{ groups.master[0] }}"
when: "'master' in group_names"

- name: Copy patroni.yml conf file to replica
ansible.builtin.copy:
Expand Down Expand Up @@ -965,7 +965,7 @@
dest: "{{ files_dir | default(playbook_dir ~ '/files') }}/pg_hba.conf"
validate_checksum: true
flat: true
delegate_to: "{{ groups.master[0] }}"
when: "'master' in group_names"

- name: Prepare PostgreSQL | copy pg_hba.conf file to replica
ansible.builtin.copy:
Expand Down
12 changes: 7 additions & 5 deletions automation/roles/pgbackrest/tasks/stanza_create.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,30 +36,32 @@
# The delegate_to parameter is used to execute the task on a different host than the one specified in the play's hosts parameter.
# In this case, the task is delegated to the first host in the pgbackrest group in the invetory.
- name: Get repo1-path value
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.set_fact:
repo1_path: "{{ pgbackrest_server_conf['global'] | selectattr('option', 'equalto', 'repo1-path') | map(attribute='value') | list | first }}"
when: pgbackrest_repo_type | lower == 'posix'
when:
- pgbackrest_repo_type | lower == 'posix'
- "'pgbackrest' in group_names"

- name: "Make sure the {{ repo1_path }} directory exists"
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.file:
path: "{{ repo1_path }}"
state: directory
owner: "{{ pgbackrest_repo_user }}"
group: "{{ pgbackrest_repo_user }}"
mode: "0750"
when: repo1_path | default('') | length > 0
when:
- repo1_path | default('') | length > 0
- "'pgbackrest' in group_names"

- name: Create stanza "{{ pgbackrest_stanza }}"
become: true
become_user: "{{ pgbackrest_repo_user }}"
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.command: "pgbackrest --stanza={{ pgbackrest_stanza }} --no-online stanza-create"
register: stanza_create_result
when: "'pgbackrest' in group_names"
Copy link
Owner

@vitabaks vitabaks May 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this condition will not work because only the postgres_cluster group is declared in PLAY.

- name: vitabaks.autobase.deploy_pgcluster | PostgreSQL Cluster Deployment
  hosts: postgres_cluster

In this case, you need a separate PLAY for the pgbackest group.

changed_when:
- stanza_create_result.rc == 0
- stanza_create_result.stdout is not search("already exists")
Expand Down
2 changes: 1 addition & 1 deletion automation/roles/pgbouncer/tasks/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"SELECT concat('\"', usename, '\" \"', passwd, '\"') FROM pg_shadow where usename != '{{ patroni_replication_username }}'"
register: pg_shadow_result
changed_when: false
delegate_to: "{{ groups.master[0] }}"
when: "'master' in group_names"

- name: "Generate {{ pgbouncer_conf_dir }}/userlist.txt"
become: true
Expand Down
7 changes: 4 additions & 3 deletions automation/roles/pgbouncer/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@
loop_control:
index_var: idx
label: "{{ 'pgbouncer' if idx == 0 else 'pgbouncer-%d' % (idx + 1) }}"
delegate_to: "{{ groups.master[0] }}"
when: "'master' in group_names"

- name: Fetch userlist.txt conf file from master
run_once: true
Expand All @@ -184,8 +184,9 @@
dest: "{{ files_dir | default(playbook_dir ~ '/files') }}/"
validate_checksum: true
flat: true
delegate_to: "{{ groups.master[0] }}"
when: not pgbouncer_auth_user|bool
when:
- not pgbouncer_auth_user|bool
- when: "'master' in group_names"
Copy link
Owner

@vitabaks vitabaks May 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bug :)

Suggested change
- when: "'master' in group_names"
- "'master' in group_names"


- name: Copy pgbouncer.ini file to replica
ansible.builtin.copy:
Expand Down
14 changes: 8 additions & 6 deletions automation/roles/update/tasks/pgbackrest_host.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,19 @@
- block:
- name: Gather facts from pgbackrest server
ansible.builtin.setup:
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
when: "'pgbackrest' in group_names"

- name: Update dnf cache
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.shell: dnf clean all && dnf -y makecache
args:
executable: /bin/bash
when: ansible_os_family == "RedHat" and not (skip_dnf_makecache | default(false) | bool)
when:
- (ansible_os_family == "RedHat" and not (skip_dnf_makecache | default(false) | bool))
- "'pgbackrest' in group_names"

- name: Update apt cache
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.apt:
update_cache: true
Expand All @@ -25,10 +25,11 @@
until: apt_status is success
delay: 5
retries: 3
when: ansible_os_family == "Debian"
when:
- ansible_os_family == "Debian"
- "'pgbackrest' in group_names"

- name: Install the latest version of pgbackrest package
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.package:
name: pgbackrest
Expand All @@ -37,6 +38,7 @@
until: update_pgbackrest_package is success
delay: 5
retries: 3
when: "'pgbackrest' in group_names"
Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this condition will not work because only the "primary:secondary" groups is declared in PLAY.

- name: "(1/4) PRE-UPDATE: Perform pre-update tasks"
  hosts: "primary:secondary"

In this case, you need a separate PLAY for the pgbackest group.

become: true
become_user: root
when:
Expand Down
12 changes: 7 additions & 5 deletions automation/roles/upgrade/tasks/post_upgrade.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,14 +122,13 @@
# pgBackRest (dedicated)
- block:
- name: pgbackrest | Check pg-path option
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.command: "grep -c '^pg[0-9]*-path=' {{ pgbackrest_conf_file | dirname }}/conf.d/{{ pgbackrest_stanza }}.conf"
register: pg_path_count
when: "'pgbackrest' in group_names"
changed_when: false

- name: pgbackrest | Update pg-path in pgbackrest.conf
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.replace:
path: "{{ pgbackrest_conf_file | dirname }}/conf.d/{{ pgbackrest_stanza }}.conf"
Expand All @@ -139,13 +138,16 @@
loop_control:
index_var: idx
label: "pg{{ idx + 1 }}-path={{ pg_new_datadir }}"
when: pg_path_count.stdout | int > 0
when:
- pg_path_count.stdout | int > 0
- "'pgbackrest' in group_names"

- name: pgbackrest | Upgrade stanza "{{ pgbackrest_stanza }}"
delegate_to: "{{ groups['pgbackrest'][0] }}"
run_once: true
ansible.builtin.command: "pgbackrest --stanza={{ pgbackrest_stanza }} --no-online stanza-upgrade"
when: pg_path_count.stdout | int > 0 and pgbackrest_stanza_upgrade | bool
when:
- pg_path_count.stdout | int > 0 and pgbackrest_stanza_upgrade | bool
- "'pgbackrest' in group_names"
Copy link
Owner

@vitabaks vitabaks May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this condition will not work because only the "primary:secondary" groups is declared in PLAY.

- name: "(6/6) POST-UPGRADE: Analyze a PostgreSQL database (update optimizer statistics) and Post-Upgrade tasks"
  hosts: "primary:secondary"
  ...

    - name: Running Post-Upgrade tasks
      ansible.builtin.include_role:
        name: vitabaks.autobase.upgrade
        tasks_from: post_upgrade

For this reason, delegate_to was used.

become: true
become_user: "{{ pgbackrest_repo_user }}"
ignore_errors: true # show the error and continue the playbook execution
Expand Down
2 changes: 1 addition & 1 deletion automation/roles/vip_manager/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
dest: "{{ files_dir | default(playbook_dir ~ '/files') }}/{{ vip_manager_conf | basename }}"
validate_checksum: true
flat: true
delegate_to: "{{ groups.master[0] }}"
when: "'master' in group_names"

- name: Copy "{{ vip_manager_conf | basename }}" conf file to replica
ansible.builtin.copy:
Expand Down