Skip to content
This repository has been archived by the owner on Feb 16, 2024. It is now read-only.

Latest commit

 

History

History
38 lines (28 loc) · 1.31 KB

README.md

File metadata and controls

38 lines (28 loc) · 1.31 KB

Ansible Role: pgbouncer

Ansible role to compile and install pgbouncer (a reverse proxy for postgresql).

The password for pgbouncer_auth_user should be set in a separate var file and encrypted with Ansible vault (or similar):

pgbouncer_auth_password: "md5 hash of password, prefixed with the string: md5"

Databases for pgbouncer to connect to are specified as a list using the pgbouncer_databases var. Example:

pgbouncer_databases:
  - { name: 'mydb', host: '127.0.0.1', dbname: 'mydb', encoding: '{{ pgbouncer_default_client_encoding }}', auth_user: '{{ pgbouncer_auth_user }}', comment: 'My db' }

Dependencies

Target postgres databases must have a security definer function setup with pgbouncer_auth_user granted access to invoke it (more info here: https://pgbouncer.github.io/config.html):

CREATE SCHEMA pgbouncer AUTHORIZATION pgbouncer;
CREATE OR REPLACE FUNCTION pgbouncer.user_lookup(in i_username text, out uname text, out phash text)
RETURNS record AS $$
BEGIN
    SELECT usename, passwd FROM pg_catalog.pg_shadow
    WHERE usename = i_username INTO uname, phash;
    RETURN;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
REVOKE ALL ON FUNCTION pgbouncer.user_lookup(text) FROM public, pgbouncer;
GRANT EXECUTE ON FUNCTION pgbouncer.user_lookup(text) TO pgbouncer;

License

MIT / BSD