pgBackRest: Ensure directories exist with correct permissions (#704)

vitabaks · Jul 18, 2024 · 8c7d2b0 · 8c7d2b0
1 parent a7a116c
commit 8c7d2b0
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 6 deletions.
diff --git a/roles/pgbackrest/stanza-create/tasks/main.yml b/roles/pgbackrest/stanza-create/tasks/main.yml
@@ -12,7 +12,7 @@
         state: directory
         owner: postgres
         group: postgres
-        mode: "0755"
+        mode: "0750"
       when: repo1_path | length > 0
 
     - name: Create stanza "{{ pgbackrest_stanza }}"
@@ -47,7 +47,7 @@
         state: directory
         owner: "{{ pgbackrest_repo_user }}"
         group: "{{ pgbackrest_repo_user }}"
-        mode: "0755"
+        mode: "0750"
       when: repo1_path | length > 0
 
     - name: Create stanza "{{ pgbackrest_stanza }}"

diff --git a/roles/pgbackrest/tasks/main.yml b/roles/pgbackrest/tasks/main.yml
@@ -106,7 +106,31 @@
   tags: pgbackrest, pgbackrest_install
 
 - block:
-    - name: Ensure spool directory exist
+    - name: Ensure log directory exists
+      ansible.builtin.file:
+        path: "{{ item.value }}"
+        state: directory
+        owner: postgres
+        group: postgres
+        mode: "0755"
+      loop: "{{ pgbackrest_conf.global }}"
+      when: item.option == 'log-path'
+      loop_control:
+        label: "{{ item.value }}"
+
+    - name: Ensure repo directory exists
+      ansible.builtin.file:
+        path: "{{ item.value }}"
+        state: directory
+        owner: postgres
+        group: postgres
+        mode: "0750"
+      loop: "{{ pgbackrest_conf.global }}"
+      when: item.option == 'repo1-path' and pgbackrest_repo_host | length < 1
+      loop_control:
+        label: "{{ item.value }}"
+
+    - name: Ensure spool directory exists
       ansible.builtin.file:
         path: "{{ item.value }}"
         state: directory
@@ -118,12 +142,13 @@
       loop_control:
         label: "{{ item.value }}"
 
-    - name: Ensure config directory exist
+    - name: Ensure config directory exists
       ansible.builtin.file:
         path: "{{ pgbackrest_conf_file | dirname }}"
         state: directory
         owner: postgres
         group: postgres
+        mode: "0750"
 
     - name: "Generate conf file {{ pgbackrest_conf_file }}"
       ansible.builtin.template:
@@ -137,19 +162,45 @@
 
 # Dedicated pgbackrest server (if "repo_host" is set)
 - block:
-    - name: Ensure config directory exist
+    - name: Ensure log directory exists
+      ansible.builtin.file:
+        path: "{{ item.value }}"
+        state: directory
+        owner: "{{ pgbackrest_repo_user }}"
+        group: "{{ pgbackrest_repo_user }}"
+        mode: "0755"
+      loop: "{{ pgbackrest_server_conf.global }}"
+      when: item.option == 'log-path'
+      loop_control:
+        label: "{{ item.value }}"
+
+    - name: Ensure repo directory exists
+      ansible.builtin.file:
+        path: "{{ item.value }}"
+        state: directory
+        owner: "{{ pgbackrest_repo_user }}"
+        group: "{{ pgbackrest_repo_user }}"
+        mode: "0750"
+      loop: "{{ pgbackrest_server_conf.global }}"
+      when: item.option == 'repo1-path'
+      loop_control:
+        label: "{{ item.value }}"
+
+    - name: Ensure config directory exists
       ansible.builtin.file:
         path: "{{ pgbackrest_conf_file | dirname }}"
         state: directory
         owner: "{{ pgbackrest_repo_user }}"
         group: "{{ pgbackrest_repo_user }}"
+        mode: "0750"
 
-    - name: Ensure stanza config directory exist
+    - name: Ensure stanza config directory exists
       ansible.builtin.file:
         path: "{{ pgbackrest_conf_file | dirname }}/conf.d"
         state: directory
         owner: "{{ pgbackrest_repo_user }}"
         group: "{{ pgbackrest_repo_user }}"
+        mode: "0750"
 
     - name: "Generate global conf file {{ pgbackrest_conf_file }}"
       ansible.builtin.template: