From 803dc8aa232399ac2681464f118fdeb51f313c20 Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 09:45:07 +0100 Subject: [PATCH 1/9] fix lsapd --- roles/openldap-server/templates/config.ldif.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openldap-server/templates/config.ldif.j2 b/roles/openldap-server/templates/config.ldif.j2 index 2322c8ee10..d09f8351a9 100644 --- a/roles/openldap-server/templates/config.ldif.j2 +++ b/roles/openldap-server/templates/config.ldif.j2 @@ -13,9 +13,9 @@ dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap -olcModuleLoad: {0}back_mdb.la -olcModuleLoad: {1}memberof.la -olcModuleLoad: {2}refint.la +olcModuleLoad: {0}back_mdb +olcModuleLoad: {1}memberof +olcModuleLoad: {2}refint # internal schema dn: cn=schema,cn=config From 84f26ce5ac9407adf59f8552e07fe449bfafc669 Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 16:45:13 +0100 Subject: [PATCH 2/9] add galaxy parts to venv --- collections/requirements.yml | 5 +++++ documentation/installer/basic-installation.md | 6 ++++++ scripts/install-ansible-from-venv.sh | 6 +++++- 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 collections/requirements.yml diff --git a/collections/requirements.yml b/collections/requirements.yml new file mode 100644 index 0000000000..bd6dd7fea9 --- /dev/null +++ b/collections/requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + - name: ansible.posix + - name: community.general + - name: community.postgresql diff --git a/documentation/installer/basic-installation.md b/documentation/installer/basic-installation.md index e1a84b2596..6737325a4f 100644 --- a/documentation/installer/basic-installation.md +++ b/documentation/installer/basic-installation.md @@ -52,6 +52,12 @@ Note that if your server is behind a proxy, you will have to set the proxy for p pip config set global.proxy http://YOUR-PROXY-NAME:YOUR-PROXY-PORT +Regardless of how Ansible is installed, make sure the required collections are available (they contain the `synchronize` and PostgreSQL modules used by the playbooks): + +```console +ansible-galaxy collection install -r collections/requirements.yml +``` + 4) Firewall Orchestrator installation ```console diff --git a/scripts/install-ansible-from-venv.sh b/scripts/install-ansible-from-venv.sh index 41d10c8d1c..bb8f95844c 100755 --- a/scripts/install-ansible-from-venv.sh +++ b/scripts/install-ansible-from-venv.sh @@ -6,6 +6,9 @@ # for this you also need access to pypi.org (either directly or through proxy) # for downloading ansible +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" + sudo apt install python3-venv -y python3 -m venv installer-venv source installer-venv/bin/activate @@ -14,5 +17,6 @@ then pip config set global.proxy $http_proxy fi pip config set global.default-timeout 3600 -pip install -r requirements.txt +pip install -r "${REPO_ROOT}/requirements.txt" pip install ansible +ansible-galaxy collection install -r "${REPO_ROOT}/collections/requirements.yml" From 93a6d6aab5d4ddb1599eb7b58a113d98d0e3c075 Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 17:11:43 +0100 Subject: [PATCH 3/9] fix ldap override config --- roles/openldap-server/templates/override.conf.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/openldap-server/templates/override.conf.j2 b/roles/openldap-server/templates/override.conf.j2 index 193fc43b01..3327d63958 100644 --- a/roles/openldap-server/templates/override.conf.j2 +++ b/roles/openldap-server/templates/override.conf.j2 @@ -2,4 +2,6 @@ ExecStartPre=/bin/mkdir -p /run/slapd ExecStartPre=/bin/chown openldap:openldap /run/slapd ExecStart= -ExecStart=/usr/sbin/slapd -u {{ openldap_server_user }} -g {{ openldap_server_user }} -h "ldap://{{ openldap_server }} ldaps:///" +Type=forking +PIDFile=/run/slapd/slapd.pid +ExecStart=/usr/sbin/slapd -F {{ openldap_server_app_path }}/slapd.d -u {{ openldap_server_user }} -g {{ openldap_server_user }} -h "ldap://{{ openldap_server }} ldaps:///" From c7d9dc58dcd2aacf9fc82de958145c655cfa8ebb Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 17:18:23 +0100 Subject: [PATCH 4/9] add ansible tmp dir --- roles/common/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index c1cc7ea128..807769a7fb 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -84,6 +84,16 @@ ssh_key_file: .ssh/id_rsa become: true + - name: ensure ansible remote tmp directory exists + file: + path: "/tmp/.ansible-{{ fworch_user }}/tmp" + state: directory + owner: "{{ fworch_user }}" + group: "{{ fworch_group }}" + mode: "0770" + recurse: true + become: true + - name: global apache config include_tasks: global-apache2-config.yml # vars: From 9f31be3d643411d03e04929fac976cab1656c9a4 Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 17:57:57 +0100 Subject: [PATCH 5/9] fix audit user rendering --- roles/middleware/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/middleware/tasks/main.yml b/roles/middleware/tasks/main.yml index 1e564f21b0..02c714abdf 100644 --- a/roles/middleware/tasks/main.yml +++ b/roles/middleware/tasks/main.yml @@ -159,7 +159,7 @@ bind_pw: "{{ ldap_manager_pwd }}" when: installation_mode == "new" -- name: Set {{ audit_user }} password in ldap +- name: Set audit user password in ldap ldap_passwd: dn: "uid={{ audit_user }},ou=tenant0,ou=operator,ou=user,{{ openldap_path }}" passwd: "{{ auditor_initial_pwd }}" From 27beec25c0f7581424590bb925dba05cf5d55081 Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 18:07:04 +0100 Subject: [PATCH 6/9] update ansible postgres db to dbname --- .../installer/ansible_conditional_vars.md | 2 +- roles/api/tasks/main.yml | 2 +- roles/common/tasks/uninstall.yml | 2 +- roles/database/tasks/create-ro-user.yml | 4 ++-- roles/database/tasks/create-users.yml | 6 +++--- roles/database/tasks/install-database.yml | 12 ++++++------ roles/database/tasks/main.yml | 4 ++-- roles/database/tasks/run-unit-tests.yml | 2 +- roles/database/tasks/upgrade-database.yml | 2 +- roles/finalize/tasks/main.yml | 2 +- roles/middleware/tasks/main.yml | 6 +++--- roles/middleware/tasks/upgrade/5.5.5.yml | 2 +- roles/sample-auth-data/tasks/auth_sample_data.yml | 14 +++++++------- roles/sample-auth-data/tasks/sample_owner_data.yml | 2 +- .../sample-data/tasks/create-demo-credentials.yml | 2 +- roles/sample-data/tasks/create-devices.yml | 12 ++++++------ .../sample-data/tasks/create-test-credentials.yml | 2 +- roles/tests-integration/handlers/main.yml | 4 ++-- roles/tests-integration/tasks/test-importer.yml | 4 ++-- 19 files changed, 43 insertions(+), 43 deletions(-) diff --git a/documentation/developer-docs/installer/ansible_conditional_vars.md b/documentation/developer-docs/installer/ansible_conditional_vars.md index 36aaad1800..56b8eb3ba5 100644 --- a/documentation/developer-docs/installer/ansible_conditional_vars.md +++ b/documentation/developer-docs/installer/ansible_conditional_vars.md @@ -6,7 +6,7 @@ Say you register a variable like this - name: check if there already is an ldap connection in DB postgresql_query: - db: fworchdb + dbname: fworchdb query: SELECT COUNT(*) FROM ldap_connection become: yes become_user: postgres diff --git a/roles/api/tasks/main.yml b/roles/api/tasks/main.yml index 0c1cf482eb..7da1e52ec4 100644 --- a/roles/api/tasks/main.yml +++ b/roles/api/tasks/main.yml @@ -92,7 +92,7 @@ - name: set grants for hasura schemas (after hasura install) postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: "GRANT USAGE ON SCHEMA {{ item }} TO dbbackupusers; Grant select on ALL TABLES in SCHEMA {{ item }} to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA {{ item }} GRANT SELECT ON TABLES TO group dbbackupusers;" become: true become_user: postgres diff --git a/roles/common/tasks/uninstall.yml b/roles/common/tasks/uninstall.yml index c5840040c8..3a6c403d6c 100644 --- a/roles/common/tasks/uninstall.yml +++ b/roles/common/tasks/uninstall.yml @@ -54,7 +54,7 @@ - name: check if db still exists postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: "select exists(SELECT datname FROM pg_catalog.pg_database WHERE lower(datname) = lower('fworchdb'))" register: db_exists diff --git a/roles/database/tasks/create-ro-user.yml b/roles/database/tasks/create-ro-user.yml index d971636257..a2fc8dac47 100644 --- a/roles/database/tasks/create-ro-user.yml +++ b/roles/database/tasks/create-ro-user.yml @@ -9,12 +9,12 @@ - name: GRANT ro user postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: GRANT CONNECT ON DATABASE {{ fworch_db_name }} TO {{ fwo_db_ro_user }} - name: GRANT ro user all access to schemata postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: | GRANT USAGE ON SCHEMA {{ item }} TO {{ fwo_db_ro_user }}; GRANT SELECT ON ALL TABLES IN SCHEMA {{ item }} TO {{ fwo_db_ro_user }}; diff --git a/roles/database/tasks/create-users.yml b/roles/database/tasks/create-users.yml index f0a716471d..4740132306 100755 --- a/roles/database/tasks/create-users.yml +++ b/roles/database/tasks/create-users.yml @@ -15,17 +15,17 @@ - name: add user dbbackup to group dbbackupusers postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: GRANT dbbackupusers TO dbbackup - name: add user fworchimporter to group configimporters postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: GRANT configimporters TO fworchimporter - name: add user fworch to group fworchadmins postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: GRANT fworchadmins TO fworch become: true diff --git a/roles/database/tasks/install-database.yml b/roles/database/tasks/install-database.yml index 3c8ade3f43..9c697fa0ac 100644 --- a/roles/database/tasks/install-database.yml +++ b/roles/database/tasks/install-database.yml @@ -56,7 +56,7 @@ - name: make sure sorting order of psql client and postgresql server match for databases to be created postgresql_query: login_user: postgres - db: postgres + dbname: postgres query: "ALTER DATABASE template1 REFRESH COLLATION VERSION" when: pg_version|int >= 15 @@ -67,7 +67,7 @@ - name: test module postgresql_query functionality (only works with ansible >= 2.8) in case of an error message you may run scripts/install-lastes-ansible.yml postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: 'select version()' register: test_query when: ansible_version.full is version ('2.8', '>=') @@ -82,7 +82,7 @@ - name: creating {{ fworch_db_name }}-db-model community.postgresql.postgresql_script: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/sql/creation/{{ item }}" loop: - fworch-create-tables.sql @@ -96,7 +96,7 @@ - name: add colors to the database postgresql_copy: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" copy_from: "{{ database_install_dir }}/csv/color.csv" dst: stm_color columns: @@ -109,7 +109,7 @@ - name: add error messages to the database postgresql_copy: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" copy_from: "{{ database_install_dir }}/csv/error.csv" dst: error columns: @@ -124,7 +124,7 @@ - name: add ip protocols to the database postgresql_copy: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" copy_from: "{{ database_install_dir }}/csv/ip-protocol-list.csv" dst: stm_ip_proto columns: diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 215bc281a6..46f9892d35 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -162,7 +162,7 @@ - name: check if database already exists postgresql_query: query: SELECT count(*) FROM pg_database WHERE datname='{{ fworch_db_name }}' - db: postgres + dbname: postgres register: db_exists become: true become_user: postgres @@ -194,7 +194,7 @@ - name: (re)defines functions and views (idempotent) community.postgresql.postgresql_script: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/sql/idempotent/{{ item }}" become: true become_user: postgres diff --git a/roles/database/tasks/run-unit-tests.yml b/roles/database/tasks/run-unit-tests.yml index 2bb0b30dc5..eaae631d92 100644 --- a/roles/database/tasks/run-unit-tests.yml +++ b/roles/database/tasks/run-unit-tests.yml @@ -14,7 +14,7 @@ - name: run db unit tests community.postgresql.postgresql_script: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/sql/test/{{ item }}" become: true become_user: "postgres" diff --git a/roles/database/tasks/upgrade-database.yml b/roles/database/tasks/upgrade-database.yml index 7625b248a9..04f7569f36 100644 --- a/roles/database/tasks/upgrade-database.yml +++ b/roles/database/tasks/upgrade-database.yml @@ -42,7 +42,7 @@ - name: install upgrades community.postgresql.postgresql_script: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/upgrade/{{ item }}.sql" loop: "{{ upgrade_files | community.general.version_sort }}" become: true diff --git a/roles/finalize/tasks/main.yml b/roles/finalize/tasks/main.yml index 964b360657..8215fbd7c4 100644 --- a/roles/finalize/tasks/main.yml +++ b/roles/finalize/tasks/main.yml @@ -71,7 +71,7 @@ - name: test whether demo data is present postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}' register: demo_data_present diff --git a/roles/middleware/tasks/main.yml b/roles/middleware/tasks/main.yml index 02c714abdf..a8feae1e37 100644 --- a/roles/middleware/tasks/main.yml +++ b/roles/middleware/tasks/main.yml @@ -170,7 +170,7 @@ - name: insert admin tenant0 to database postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant0') @@ -183,7 +183,7 @@ - name: add connection for internal ldap with encrypted passwords postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN PERFORM insertLocalLdapWithEncryptedPasswords ('{{ openldap_server }}', {{ openldap_port }}, @@ -197,7 +197,7 @@ - name: insert admin tenant0 to device mapping - tenant0 can see all devices postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_device LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant0') THEN INSERT INTO tenant_to_device (tenant_id, device_id) diff --git a/roles/middleware/tasks/upgrade/5.5.5.yml b/roles/middleware/tasks/upgrade/5.5.5.yml index 9994b60eb7..704d5848a6 100644 --- a/roles/middleware/tasks/upgrade/5.5.5.yml +++ b/roles/middleware/tasks/upgrade/5.5.5.yml @@ -1,6 +1,6 @@ - name: set ldap tenant level to 5 postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF EXISTS (SELECT * FROM ldap_connection diff --git a/roles/sample-auth-data/tasks/auth_sample_data.yml b/roles/sample-auth-data/tasks/auth_sample_data.yml index 3eef294910..395c22a7b9 100644 --- a/roles/sample-auth-data/tasks/auth_sample_data.yml +++ b/roles/sample-auth-data/tasks/auth_sample_data.yml @@ -2,7 +2,7 @@ - name: insert tenant tenant1{{ sample_postfix }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant1{{ sample_postfix }}') THEN @@ -13,7 +13,7 @@ - name: add device mapping for tenant tenant1{{ sample_postfix }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_device LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1{{ sample_postfix }}') THEN @@ -24,7 +24,7 @@ - name: add management mapping for tenant tenant1{{ sample_postfix }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1{{ sample_postfix }}') THEN @@ -39,7 +39,7 @@ - name: insert tenant tenant2{{ sample_postfix }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant2{{ sample_postfix }}') THEN @@ -50,7 +50,7 @@ - name: add device mapping for tenant tenant2{{ sample_postfix }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS @@ -63,7 +63,7 @@ - name: add management mapping for tenant tenant2{{ sample_postfix }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant2{{ sample_postfix }}') THEN @@ -78,7 +78,7 @@ - name: insert demo tenant network data postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant1_demo') THEN diff --git a/roles/sample-auth-data/tasks/sample_owner_data.yml b/roles/sample-auth-data/tasks/sample_owner_data.yml index 4c5342e2a1..bef70015b8 100644 --- a/roles/sample-auth-data/tasks/sample_owner_data.yml +++ b/roles/sample-auth-data/tasks/sample_owner_data.yml @@ -1,7 +1,7 @@ - name: adding demo owner data postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, app_id_external) diff --git a/roles/sample-data/tasks/create-demo-credentials.yml b/roles/sample-data/tasks/create-demo-credentials.yml index 11fb34f50e..c4b215c0c9 100644 --- a/roles/sample-data/tasks/create-demo-credentials.yml +++ b/roles/sample-data/tasks/create-demo-credentials.yml @@ -1,6 +1,6 @@ - name: insert demo import credentials postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='credential01_demo') THEN diff --git a/roles/sample-data/tasks/create-devices.yml b/roles/sample-data/tasks/create-devices.yml index a076891528..18eb21e215 100644 --- a/roles/sample-data/tasks/create-devices.yml +++ b/roles/sample-data/tasks/create-devices.yml @@ -27,7 +27,7 @@ - name: insert sample fortiOS management postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_fortigate_name }}') THEN @@ -37,7 +37,7 @@ - name: insert sample fortiOS gateway postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}') THEN @@ -52,7 +52,7 @@ - block: # demo only - name: insert demo check point R8x management {{ sample_checkpoint_name }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN @@ -64,7 +64,7 @@ - name: insert demo check point R8x gateway {{ sample_checkpoint_name }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ demo_cpr8x_name }}') THEN @@ -79,7 +79,7 @@ - block: # testing only - name: insert test check point R8x management {{ sample_checkpoint_name }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN @@ -89,7 +89,7 @@ - name: insert test check point R8x gateway {{ sample_checkpoint_name }} postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ sample_checkpoint_name }}') THEN diff --git a/roles/sample-data/tasks/create-test-credentials.yml b/roles/sample-data/tasks/create-test-credentials.yml index f07fa59f77..d8137ce3ce 100644 --- a/roles/sample-data/tasks/create-test-credentials.yml +++ b/roles/sample-data/tasks/create-test-credentials.yml @@ -1,6 +1,6 @@ - name: insert dummy test import credentials postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='{{ test_credential_name }}') THEN diff --git a/roles/tests-integration/handlers/main.yml b/roles/tests-integration/handlers/main.yml index 94330e2b16..66389cf1fa 100644 --- a/roles/tests-integration/handlers/main.yml +++ b/roles/tests-integration/handlers/main.yml @@ -9,7 +9,7 @@ - block: - name: delete test checkpoint R8x credentials cascading to deletion of mgmt and gw postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN DELETE FROM import_credential WHERE credential_name='{{ test_credential_name }}'; @@ -18,7 +18,7 @@ - name: delete tenants tenant1_test and tenant2_test postgresql_query: - db: "{{ fworch_db_name }}" + dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN DELETE FROM tenant WHERE tenant_name='tenant1{{ test_postfix }}' OR tenant_name='tenant2{{ test_postfix }}'; diff --git a/roles/tests-integration/tasks/test-importer.yml b/roles/tests-integration/tasks/test-importer.yml index 52d8a6f7b3..aba14b8c25 100644 --- a/roles/tests-integration/tasks/test-importer.yml +++ b/roles/tests-integration/tasks/test-importer.yml @@ -2,7 +2,7 @@ - name: find management id for checkpoint test postgresql_query: - db: fworchdb + dbname: fworchdb query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_checkpoint_name }}'; become: true become_user: postgres @@ -10,7 +10,7 @@ - name: find management id for fortigate test postgresql_query: - db: fworchdb + dbname: fworchdb query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_fortigate_name }}'; become: true become_user: postgres From 0048460df75419eb179f1ef25b4b4f95fb048f07 Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 18:08:34 +0100 Subject: [PATCH 7/9] avoid warning for ssh key generation --- roles/common/tasks/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 807769a7fb..07e0646967 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -71,6 +71,11 @@ state: present become: true + - name: check for existing ssh key for {{ fworch_user }} + stat: + path: "{{ fworch_home }}/.ssh/id_rsa" + register: fworch_existing_ssh_key + - name: add user {{ fworch_user }} user: name: "{{ fworch_user }}" @@ -79,7 +84,7 @@ home: "{{ fworch_home }}" shell: /bin/bash group: "{{ fworch_group }}" - generate_ssh_key: true + generate_ssh_key: "{{ not fworch_existing_ssh_key.stat.exists | default(false) }}" ssh_key_bits: 4096 ssh_key_file: .ssh/id_rsa become: true From 1e893b9523405bd5d3cf92fa53bf0dab0aa2401a Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 18:22:18 +0100 Subject: [PATCH 8/9] fix postgresql in ansible --- .../installer/ansible_conditional_vars.md | 2 +- roles/api/tasks/main.yml | 2 +- roles/common/tasks/uninstall.yml | 2 +- roles/database/tasks/create-ro-user.yml | 4 ++-- roles/database/tasks/create-users.yml | 6 +++--- roles/database/tasks/install-database.yml | 4 ++-- roles/database/tasks/main.yml | 2 +- roles/finalize/tasks/main.yml | 2 +- roles/middleware/tasks/main.yml | 6 +++--- roles/middleware/tasks/upgrade/5.5.5.yml | 2 +- roles/sample-auth-data/tasks/auth_sample_data.yml | 14 +++++++------- roles/sample-auth-data/tasks/sample_owner_data.yml | 2 +- .../sample-data/tasks/create-demo-credentials.yml | 2 +- roles/sample-data/tasks/create-devices.yml | 12 ++++++------ .../sample-data/tasks/create-test-credentials.yml | 2 +- roles/tests-integration/handlers/main.yml | 4 ++-- roles/tests-integration/tasks/test-importer.yml | 4 ++-- 17 files changed, 36 insertions(+), 36 deletions(-) diff --git a/documentation/developer-docs/installer/ansible_conditional_vars.md b/documentation/developer-docs/installer/ansible_conditional_vars.md index 56b8eb3ba5..e3bc5f770c 100644 --- a/documentation/developer-docs/installer/ansible_conditional_vars.md +++ b/documentation/developer-docs/installer/ansible_conditional_vars.md @@ -5,7 +5,7 @@ Say you register a variable like this - name: check if there already is an ldap connection in DB - postgresql_query: + community.postgresql.postgresql_query: dbname: fworchdb query: SELECT COUNT(*) FROM ldap_connection become: yes diff --git a/roles/api/tasks/main.yml b/roles/api/tasks/main.yml index 7da1e52ec4..39b56759fc 100644 --- a/roles/api/tasks/main.yml +++ b/roles/api/tasks/main.yml @@ -91,7 +91,7 @@ become: true - name: set grants for hasura schemas (after hasura install) - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: "GRANT USAGE ON SCHEMA {{ item }} TO dbbackupusers; Grant select on ALL TABLES in SCHEMA {{ item }} to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA {{ item }} GRANT SELECT ON TABLES TO group dbbackupusers;" become: true diff --git a/roles/common/tasks/uninstall.yml b/roles/common/tasks/uninstall.yml index 3a6c403d6c..936d47c9ac 100644 --- a/roles/common/tasks/uninstall.yml +++ b/roles/common/tasks/uninstall.yml @@ -53,7 +53,7 @@ when: pg_version|int >= 13 - name: check if db still exists - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: "select exists(SELECT datname FROM pg_catalog.pg_database WHERE lower(datname) = lower('fworchdb'))" register: db_exists diff --git a/roles/database/tasks/create-ro-user.yml b/roles/database/tasks/create-ro-user.yml index a2fc8dac47..b31e5053f6 100644 --- a/roles/database/tasks/create-ro-user.yml +++ b/roles/database/tasks/create-ro-user.yml @@ -8,12 +8,12 @@ role_attr_flags: LOGIN,NOSUPERUSER,INHERIT,NOCREATEDB,NOCREATEROLE - name: GRANT ro user - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: GRANT CONNECT ON DATABASE {{ fworch_db_name }} TO {{ fwo_db_ro_user }} - name: GRANT ro user all access to schemata - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: | GRANT USAGE ON SCHEMA {{ item }} TO {{ fwo_db_ro_user }}; diff --git a/roles/database/tasks/create-users.yml b/roles/database/tasks/create-users.yml index 4740132306..36a022a61d 100755 --- a/roles/database/tasks/create-users.yml +++ b/roles/database/tasks/create-users.yml @@ -14,17 +14,17 @@ loop: "{{ database_users }}" - name: add user dbbackup to group dbbackupusers - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: GRANT dbbackupusers TO dbbackup - name: add user fworchimporter to group configimporters - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: GRANT configimporters TO fworchimporter - name: add user fworch to group fworchadmins - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: GRANT fworchadmins TO fworch diff --git a/roles/database/tasks/install-database.yml b/roles/database/tasks/install-database.yml index 9c697fa0ac..3e64efaadc 100644 --- a/roles/database/tasks/install-database.yml +++ b/roles/database/tasks/install-database.yml @@ -54,7 +54,7 @@ # include add-tablespace.yml here - name: make sure sorting order of psql client and postgresql server match for databases to be created - postgresql_query: + community.postgresql.postgresql_query: login_user: postgres dbname: postgres query: "ALTER DATABASE template1 REFRESH COLLATION VERSION" @@ -66,7 +66,7 @@ state: present - name: test module postgresql_query functionality (only works with ansible >= 2.8) in case of an error message you may run scripts/install-lastes-ansible.yml - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: 'select version()' register: test_query diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 46f9892d35..bc73affe41 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -160,7 +160,7 @@ become: true - name: check if database already exists - postgresql_query: + community.postgresql.postgresql_query: query: SELECT count(*) FROM pg_database WHERE datname='{{ fworch_db_name }}' dbname: postgres register: db_exists diff --git a/roles/finalize/tasks/main.yml b/roles/finalize/tasks/main.yml index 8215fbd7c4..502984c51c 100644 --- a/roles/finalize/tasks/main.yml +++ b/roles/finalize/tasks/main.yml @@ -70,7 +70,7 @@ when: "'frontends' in group_names" - name: test whether demo data is present - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}' diff --git a/roles/middleware/tasks/main.yml b/roles/middleware/tasks/main.yml index a8feae1e37..8a4c4ae1d6 100644 --- a/roles/middleware/tasks/main.yml +++ b/roles/middleware/tasks/main.yml @@ -169,7 +169,7 @@ when: audit_user is defined and auditor_initial_pwd is defined and installation_mode=='new' - name: insert admin tenant0 to database - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS @@ -182,7 +182,7 @@ when: installation_mode == "new" - name: add connection for internal ldap with encrypted passwords - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -196,7 +196,7 @@ when: installation_mode == "new" - name: insert admin tenant0 to device mapping - tenant0 can see all devices - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_device LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant0') diff --git a/roles/middleware/tasks/upgrade/5.5.5.yml b/roles/middleware/tasks/upgrade/5.5.5.yml index 704d5848a6..f66ba40f16 100644 --- a/roles/middleware/tasks/upgrade/5.5.5.yml +++ b/roles/middleware/tasks/upgrade/5.5.5.yml @@ -1,5 +1,5 @@ - name: set ldap tenant level to 5 - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF EXISTS diff --git a/roles/sample-auth-data/tasks/auth_sample_data.yml b/roles/sample-auth-data/tasks/auth_sample_data.yml index 395c22a7b9..cdb2a81192 100644 --- a/roles/sample-auth-data/tasks/auth_sample_data.yml +++ b/roles/sample-auth-data/tasks/auth_sample_data.yml @@ -1,7 +1,7 @@ - block: - name: insert tenant tenant1{{ sample_postfix }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -12,7 +12,7 @@ END $do$ - name: add device mapping for tenant tenant1{{ sample_postfix }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -23,7 +23,7 @@ END $do$ - name: add management mapping for tenant tenant1{{ sample_postfix }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -38,7 +38,7 @@ END $do$ - name: insert tenant tenant2{{ sample_postfix }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -49,7 +49,7 @@ END $do$ - name: add device mapping for tenant tenant2{{ sample_postfix }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -62,7 +62,7 @@ when: sample_role_purpose is not match('test') - name: add management mapping for tenant tenant2{{ sample_postfix }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -77,7 +77,7 @@ END $do$ - name: insert demo tenant network data - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN diff --git a/roles/sample-auth-data/tasks/sample_owner_data.yml b/roles/sample-auth-data/tasks/sample_owner_data.yml index bef70015b8..62d95828a6 100644 --- a/roles/sample-auth-data/tasks/sample_owner_data.yml +++ b/roles/sample-auth-data/tasks/sample_owner_data.yml @@ -1,6 +1,6 @@ - name: adding demo owner data - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN diff --git a/roles/sample-data/tasks/create-demo-credentials.yml b/roles/sample-data/tasks/create-demo-credentials.yml index c4b215c0c9..bc7131c946 100644 --- a/roles/sample-data/tasks/create-demo-credentials.yml +++ b/roles/sample-data/tasks/create-demo-credentials.yml @@ -1,5 +1,5 @@ - name: insert demo import credentials - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN diff --git a/roles/sample-data/tasks/create-devices.yml b/roles/sample-data/tasks/create-devices.yml index 18eb21e215..d177490d07 100644 --- a/roles/sample-data/tasks/create-devices.yml +++ b/roles/sample-data/tasks/create-devices.yml @@ -26,7 +26,7 @@ - block: # demo & test - name: insert sample fortiOS management - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -36,7 +36,7 @@ END IF; END $do$ - name: insert sample fortiOS gateway - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -51,7 +51,7 @@ - block: # demo only - name: insert demo check point R8x management {{ sample_checkpoint_name }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -63,7 +63,7 @@ END $do$ - name: insert demo check point R8x gateway {{ sample_checkpoint_name }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -78,7 +78,7 @@ - block: # testing only - name: insert test check point R8x management {{ sample_checkpoint_name }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -88,7 +88,7 @@ END IF; END $do$ - name: insert test check point R8x gateway {{ sample_checkpoint_name }} - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN diff --git a/roles/sample-data/tasks/create-test-credentials.yml b/roles/sample-data/tasks/create-test-credentials.yml index d8137ce3ce..4addcb944f 100644 --- a/roles/sample-data/tasks/create-test-credentials.yml +++ b/roles/sample-data/tasks/create-test-credentials.yml @@ -1,5 +1,5 @@ - name: insert dummy test import credentials - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN diff --git a/roles/tests-integration/handlers/main.yml b/roles/tests-integration/handlers/main.yml index 66389cf1fa..a42e63d085 100644 --- a/roles/tests-integration/handlers/main.yml +++ b/roles/tests-integration/handlers/main.yml @@ -8,7 +8,7 @@ - block: - name: delete test checkpoint R8x credentials cascading to deletion of mgmt and gw - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN @@ -17,7 +17,7 @@ listen: "test importer handler" - name: delete tenants tenant1_test and tenant2_test - postgresql_query: + community.postgresql.postgresql_query: dbname: "{{ fworch_db_name }}" query: > DO $do$ BEGIN diff --git a/roles/tests-integration/tasks/test-importer.yml b/roles/tests-integration/tasks/test-importer.yml index aba14b8c25..486e10b13c 100644 --- a/roles/tests-integration/tasks/test-importer.yml +++ b/roles/tests-integration/tasks/test-importer.yml @@ -1,7 +1,7 @@ --- - name: find management id for checkpoint test - postgresql_query: + community.postgresql.postgresql_query: dbname: fworchdb query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_checkpoint_name }}'; become: true @@ -9,7 +9,7 @@ register: test_checkpoint_mgm_id - name: find management id for fortigate test - postgresql_query: + community.postgresql.postgresql_query: dbname: fworchdb query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_fortigate_name }}'; become: true From 1c3c1f35446f379672befd7aa366dc52a305b587 Mon Sep 17 00:00:00 2001 From: Tim Purschke Date: Tue, 18 Nov 2025 18:29:34 +0100 Subject: [PATCH 9/9] working on all OSes with login_db instead --- .../installer/ansible_conditional_vars.md | 2 +- roles/api/tasks/main.yml | 2 +- roles/common/tasks/uninstall.yml | 2 +- roles/database/tasks/create-ro-user.yml | 4 ++-- roles/database/tasks/create-users.yml | 6 +++--- roles/database/tasks/install-database.yml | 12 ++++++------ roles/database/tasks/main.yml | 4 ++-- roles/database/tasks/run-unit-tests.yml | 2 +- roles/database/tasks/upgrade-database.yml | 2 +- roles/finalize/tasks/main.yml | 2 +- roles/middleware/tasks/main.yml | 6 +++--- roles/middleware/tasks/upgrade/5.5.5.yml | 2 +- roles/sample-auth-data/tasks/auth_sample_data.yml | 14 +++++++------- roles/sample-auth-data/tasks/sample_owner_data.yml | 2 +- .../sample-data/tasks/create-demo-credentials.yml | 2 +- roles/sample-data/tasks/create-devices.yml | 12 ++++++------ .../sample-data/tasks/create-test-credentials.yml | 2 +- roles/tests-integration/handlers/main.yml | 4 ++-- roles/tests-integration/tasks/test-importer.yml | 4 ++-- 19 files changed, 43 insertions(+), 43 deletions(-) diff --git a/documentation/developer-docs/installer/ansible_conditional_vars.md b/documentation/developer-docs/installer/ansible_conditional_vars.md index e3bc5f770c..008ac98569 100644 --- a/documentation/developer-docs/installer/ansible_conditional_vars.md +++ b/documentation/developer-docs/installer/ansible_conditional_vars.md @@ -6,7 +6,7 @@ Say you register a variable like this - name: check if there already is an ldap connection in DB community.postgresql.postgresql_query: - dbname: fworchdb + login_db: fworchdb query: SELECT COUNT(*) FROM ldap_connection become: yes become_user: postgres diff --git a/roles/api/tasks/main.yml b/roles/api/tasks/main.yml index 39b56759fc..d8eca510da 100644 --- a/roles/api/tasks/main.yml +++ b/roles/api/tasks/main.yml @@ -92,7 +92,7 @@ - name: set grants for hasura schemas (after hasura install) community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: "GRANT USAGE ON SCHEMA {{ item }} TO dbbackupusers; Grant select on ALL TABLES in SCHEMA {{ item }} to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA {{ item }} GRANT SELECT ON TABLES TO group dbbackupusers;" become: true become_user: postgres diff --git a/roles/common/tasks/uninstall.yml b/roles/common/tasks/uninstall.yml index 936d47c9ac..92354ba8fd 100644 --- a/roles/common/tasks/uninstall.yml +++ b/roles/common/tasks/uninstall.yml @@ -54,7 +54,7 @@ - name: check if db still exists community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: "select exists(SELECT datname FROM pg_catalog.pg_database WHERE lower(datname) = lower('fworchdb'))" register: db_exists diff --git a/roles/database/tasks/create-ro-user.yml b/roles/database/tasks/create-ro-user.yml index b31e5053f6..c972b57354 100644 --- a/roles/database/tasks/create-ro-user.yml +++ b/roles/database/tasks/create-ro-user.yml @@ -9,12 +9,12 @@ - name: GRANT ro user community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: GRANT CONNECT ON DATABASE {{ fworch_db_name }} TO {{ fwo_db_ro_user }} - name: GRANT ro user all access to schemata community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: | GRANT USAGE ON SCHEMA {{ item }} TO {{ fwo_db_ro_user }}; GRANT SELECT ON ALL TABLES IN SCHEMA {{ item }} TO {{ fwo_db_ro_user }}; diff --git a/roles/database/tasks/create-users.yml b/roles/database/tasks/create-users.yml index 36a022a61d..68e4d280f8 100755 --- a/roles/database/tasks/create-users.yml +++ b/roles/database/tasks/create-users.yml @@ -15,17 +15,17 @@ - name: add user dbbackup to group dbbackupusers community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: GRANT dbbackupusers TO dbbackup - name: add user fworchimporter to group configimporters community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: GRANT configimporters TO fworchimporter - name: add user fworch to group fworchadmins community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: GRANT fworchadmins TO fworch become: true diff --git a/roles/database/tasks/install-database.yml b/roles/database/tasks/install-database.yml index 3e64efaadc..e6b8818d54 100644 --- a/roles/database/tasks/install-database.yml +++ b/roles/database/tasks/install-database.yml @@ -56,7 +56,7 @@ - name: make sure sorting order of psql client and postgresql server match for databases to be created community.postgresql.postgresql_query: login_user: postgres - dbname: postgres + login_db: postgres query: "ALTER DATABASE template1 REFRESH COLLATION VERSION" when: pg_version|int >= 15 @@ -67,7 +67,7 @@ - name: test module postgresql_query functionality (only works with ansible >= 2.8) in case of an error message you may run scripts/install-lastes-ansible.yml community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: 'select version()' register: test_query when: ansible_version.full is version ('2.8', '>=') @@ -82,7 +82,7 @@ - name: creating {{ fworch_db_name }}-db-model community.postgresql.postgresql_script: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/sql/creation/{{ item }}" loop: - fworch-create-tables.sql @@ -96,7 +96,7 @@ - name: add colors to the database postgresql_copy: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" copy_from: "{{ database_install_dir }}/csv/color.csv" dst: stm_color columns: @@ -109,7 +109,7 @@ - name: add error messages to the database postgresql_copy: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" copy_from: "{{ database_install_dir }}/csv/error.csv" dst: error columns: @@ -124,7 +124,7 @@ - name: add ip protocols to the database postgresql_copy: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" copy_from: "{{ database_install_dir }}/csv/ip-protocol-list.csv" dst: stm_ip_proto columns: diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index bc73affe41..b4ef04b7b5 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -162,7 +162,7 @@ - name: check if database already exists community.postgresql.postgresql_query: query: SELECT count(*) FROM pg_database WHERE datname='{{ fworch_db_name }}' - dbname: postgres + login_db: postgres register: db_exists become: true become_user: postgres @@ -194,7 +194,7 @@ - name: (re)defines functions and views (idempotent) community.postgresql.postgresql_script: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/sql/idempotent/{{ item }}" become: true become_user: postgres diff --git a/roles/database/tasks/run-unit-tests.yml b/roles/database/tasks/run-unit-tests.yml index eaae631d92..be600f019d 100644 --- a/roles/database/tasks/run-unit-tests.yml +++ b/roles/database/tasks/run-unit-tests.yml @@ -14,7 +14,7 @@ - name: run db unit tests community.postgresql.postgresql_script: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/sql/test/{{ item }}" become: true become_user: "postgres" diff --git a/roles/database/tasks/upgrade-database.yml b/roles/database/tasks/upgrade-database.yml index 04f7569f36..64901c6d9a 100644 --- a/roles/database/tasks/upgrade-database.yml +++ b/roles/database/tasks/upgrade-database.yml @@ -42,7 +42,7 @@ - name: install upgrades community.postgresql.postgresql_script: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" path: "{{ database_install_dir }}/upgrade/{{ item }}.sql" loop: "{{ upgrade_files | community.general.version_sort }}" become: true diff --git a/roles/finalize/tasks/main.yml b/roles/finalize/tasks/main.yml index 502984c51c..8e238715b7 100644 --- a/roles/finalize/tasks/main.yml +++ b/roles/finalize/tasks/main.yml @@ -71,7 +71,7 @@ - name: test whether demo data is present community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}' register: demo_data_present diff --git a/roles/middleware/tasks/main.yml b/roles/middleware/tasks/main.yml index 8a4c4ae1d6..d935b09fc1 100644 --- a/roles/middleware/tasks/main.yml +++ b/roles/middleware/tasks/main.yml @@ -170,7 +170,7 @@ - name: insert admin tenant0 to database community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant0') @@ -183,7 +183,7 @@ - name: add connection for internal ldap with encrypted passwords community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN PERFORM insertLocalLdapWithEncryptedPasswords ('{{ openldap_server }}', {{ openldap_port }}, @@ -197,7 +197,7 @@ - name: insert admin tenant0 to device mapping - tenant0 can see all devices community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_device LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant0') THEN INSERT INTO tenant_to_device (tenant_id, device_id) diff --git a/roles/middleware/tasks/upgrade/5.5.5.yml b/roles/middleware/tasks/upgrade/5.5.5.yml index f66ba40f16..5601f9c2da 100644 --- a/roles/middleware/tasks/upgrade/5.5.5.yml +++ b/roles/middleware/tasks/upgrade/5.5.5.yml @@ -1,6 +1,6 @@ - name: set ldap tenant level to 5 community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF EXISTS (SELECT * FROM ldap_connection diff --git a/roles/sample-auth-data/tasks/auth_sample_data.yml b/roles/sample-auth-data/tasks/auth_sample_data.yml index cdb2a81192..f38f1e0c95 100644 --- a/roles/sample-auth-data/tasks/auth_sample_data.yml +++ b/roles/sample-auth-data/tasks/auth_sample_data.yml @@ -2,7 +2,7 @@ - name: insert tenant tenant1{{ sample_postfix }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant1{{ sample_postfix }}') THEN @@ -13,7 +13,7 @@ - name: add device mapping for tenant tenant1{{ sample_postfix }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_device LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1{{ sample_postfix }}') THEN @@ -24,7 +24,7 @@ - name: add management mapping for tenant tenant1{{ sample_postfix }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1{{ sample_postfix }}') THEN @@ -39,7 +39,7 @@ - name: insert tenant tenant2{{ sample_postfix }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant2{{ sample_postfix }}') THEN @@ -50,7 +50,7 @@ - name: add device mapping for tenant tenant2{{ sample_postfix }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS @@ -63,7 +63,7 @@ - name: add management mapping for tenant tenant2{{ sample_postfix }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant2{{ sample_postfix }}') THEN @@ -78,7 +78,7 @@ - name: insert demo tenant network data community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant1_demo') THEN diff --git a/roles/sample-auth-data/tasks/sample_owner_data.yml b/roles/sample-auth-data/tasks/sample_owner_data.yml index 62d95828a6..7de35fdf9d 100644 --- a/roles/sample-auth-data/tasks/sample_owner_data.yml +++ b/roles/sample-auth-data/tasks/sample_owner_data.yml @@ -1,7 +1,7 @@ - name: adding demo owner data community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, app_id_external) diff --git a/roles/sample-data/tasks/create-demo-credentials.yml b/roles/sample-data/tasks/create-demo-credentials.yml index bc7131c946..9a0944076a 100644 --- a/roles/sample-data/tasks/create-demo-credentials.yml +++ b/roles/sample-data/tasks/create-demo-credentials.yml @@ -1,6 +1,6 @@ - name: insert demo import credentials community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='credential01_demo') THEN diff --git a/roles/sample-data/tasks/create-devices.yml b/roles/sample-data/tasks/create-devices.yml index d177490d07..c635141d8c 100644 --- a/roles/sample-data/tasks/create-devices.yml +++ b/roles/sample-data/tasks/create-devices.yml @@ -27,7 +27,7 @@ - name: insert sample fortiOS management community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_fortigate_name }}') THEN @@ -37,7 +37,7 @@ - name: insert sample fortiOS gateway community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}') THEN @@ -52,7 +52,7 @@ - block: # demo only - name: insert demo check point R8x management {{ sample_checkpoint_name }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN @@ -64,7 +64,7 @@ - name: insert demo check point R8x gateway {{ sample_checkpoint_name }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ demo_cpr8x_name }}') THEN @@ -79,7 +79,7 @@ - block: # testing only - name: insert test check point R8x management {{ sample_checkpoint_name }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN @@ -89,7 +89,7 @@ - name: insert test check point R8x gateway {{ sample_checkpoint_name }} community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ sample_checkpoint_name }}') THEN diff --git a/roles/sample-data/tasks/create-test-credentials.yml b/roles/sample-data/tasks/create-test-credentials.yml index 4addcb944f..fe6dea16e9 100644 --- a/roles/sample-data/tasks/create-test-credentials.yml +++ b/roles/sample-data/tasks/create-test-credentials.yml @@ -1,6 +1,6 @@ - name: insert dummy test import credentials community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='{{ test_credential_name }}') THEN diff --git a/roles/tests-integration/handlers/main.yml b/roles/tests-integration/handlers/main.yml index a42e63d085..18d79cd661 100644 --- a/roles/tests-integration/handlers/main.yml +++ b/roles/tests-integration/handlers/main.yml @@ -9,7 +9,7 @@ - block: - name: delete test checkpoint R8x credentials cascading to deletion of mgmt and gw community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN DELETE FROM import_credential WHERE credential_name='{{ test_credential_name }}'; @@ -18,7 +18,7 @@ - name: delete tenants tenant1_test and tenant2_test community.postgresql.postgresql_query: - dbname: "{{ fworch_db_name }}" + login_db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN DELETE FROM tenant WHERE tenant_name='tenant1{{ test_postfix }}' OR tenant_name='tenant2{{ test_postfix }}'; diff --git a/roles/tests-integration/tasks/test-importer.yml b/roles/tests-integration/tasks/test-importer.yml index 486e10b13c..abf7f5cbf5 100644 --- a/roles/tests-integration/tasks/test-importer.yml +++ b/roles/tests-integration/tasks/test-importer.yml @@ -2,7 +2,7 @@ - name: find management id for checkpoint test community.postgresql.postgresql_query: - dbname: fworchdb + login_db: fworchdb query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_checkpoint_name }}'; become: true become_user: postgres @@ -10,7 +10,7 @@ - name: find management id for fortigate test community.postgresql.postgresql_query: - dbname: fworchdb + login_db: fworchdb query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_fortigate_name }}'; become: true become_user: postgres