• in tasks/replica.yml data directory will be cleaned (delete entire directory) and recreate again.
• but the next step is Create base backup which will fail saying no pg_hba.conf found (no postgresql.conf as well)

TASK [samdoran.pgsql_replication : Clear out data directory] ************************************************
changed: [node05-db.lab.local]

TASK [samdoran.pgsql_replication : Create empty data directory] *********************************************
changed: [node05-db.lab.local]

TASK [samdoran.pgsql_replication : Create base backup] ******************************************************
fatal: [node05-db.lab.local]: FAILED! => {"changed": false, "cmd": "pg_basebackup -X stream -D /var/opt/rh/rh-postgresql10/lib/pgsql/data -h 10.6.1.204 -U replicator", "msg": "[Errno 2] No such file or directory", "rc": 2}

Thank you for sharing this role.

Info:
ansible 2.9.3
ansible tower 3.6.1
3x Ansible nodes
2x db node (1x master and 1x replica)
Tower is running fine.

Issue:
using ansible-role-pgsql-replication to enable streaming replication on replica node. (using sample playbook as used in repo) But playbook fails at nginx role.

TASK [nginx : place self-signed SSL certificates] ***********************************************************
fatal: [node05-db.lab.local]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'tower_cert'\n\nThe error appears to be in '/home/ansible/ansible-tower-setup-3.6.1-1/roles/nginx/tasks/tasks.yml': line 84, column 11, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n        - name: place self-signed SSL certificates\n          ^ here\n"}

Observation

• we are using hosts: database_replica in playbook (Hence the playbook will not consider any other hosts, that's fine).
• But this will skip - name: slurp self-signed SSL key task because the node is not master node (when: inventory_hostname == groups['tower'][0])
• and the tower_cert variable will be undefined because of that; hence next block will fail with undefined variable (- name: Copy the cert we just created to additional hosts)

Any workaround ?

Do we really need nginx on database_replica node ?

First of all, thanks for fixing those old issues and all worked well.
I was installing another one yesterday and used the latest from Galaxy.

Noticed 3 erros and I have added all those in a page with temp fix what I have used.
Could you please have a look and fix if possible ?

All fixes here : Issues and Fixes for Ansible PostgreSQL Repliction Role

(I hesitated to raise a PR as I am not sure those real fixes or any other workarounds avaialable)

Thanks

The Tower setup process does not configure streaming replica configuration/hot standby configurations, How to enable Streaming replication enabled and configured from the asnible Tower database can be replicated to high availability instance instead of using external database

TASK [samdoran.pgsql_replication : Add trust in pg_hba.conf] ************************************************************
fatal: [support2]: FAILED! => {"msg": "Invalid data passed to 'loop', it requires a list, got this instead: 192.168.1.148. Hint: If you passed a list/dict of just one element, try adding wantlist=True to your lookup invocation or use q/query instead of lookup."}.

I could fix the error by changing the code to

- name: Add trust in pg_hba.conf
  lineinfile:
    state: present
    dest: "{{ pgsqlrep_data_path }}/pg_hba.conf"
    regexp: 'host.*replication.*{{ item }}/32.*trust'
    line: 'host    replication    {{ pgsqlrep_user }}  {{ item }}/32 trust'
  loop:
    - "{{ pgsqlrep_replica_address | list | join }}"
  notify: restart postgresql

This line is very dangerous: depending on variable pgsqlrep_data_path, it could delete the whole filesystem!
You should test whether pgsqlrep_data_path is defined and not empty, for instance with:

- name: Clear out data directory
  shell: rm -rf {{ pgsqlrep_data_path }}/*
  when: pgsqlrep_data_path is defined and pgsqlrep_data_path|length > 0

In your pgsql_versions.yml task file, your parser doesn't handle PgSQL when version is 4 chars:

I suggest to find a more reliable way to parse PgSQL version

We should probably include a little information on how to use this with the bundled install. Would your preference be to add the bundle_install: True parameter on the command line, or to add it as a playbook var? I can update the doc.

In the README example of the failover playbook the role name uses a - not an _

- name: Get the current PostgreSQL Version
     import_role:
       name: samdoran.pgsql-replication

Solution:
re-write 3rd line as:

name: samdoran.pgsql_replication

(Nice work BTW, worked flawlessly on a Tower 3.4.1 cluster)

I think pgsqlrep_data_path should not be used for this.

I tried to understand where this configuration folder comes from. I'm not familiar with molecule, but it seems there is a problem with your repository. There is a weird folder containing (old ?) config: ./molecule/default/postgres/vars/Ubuntu.yml for instance.

pg_conf_dir seems to be declared but not used, is it referring to an old version (which shouldn't have been committed?)

Thanks

The use of replication slots makes streaming replication more tolerant to connectivity issues between the master and replica. Without replication slots if a replica is unable to connect to the master for a long enough time then the replica will become out of sync and need to be manuall re-synced. Replication slots allow the master to keep track of what updates the replica has missed and will allow the replica to re-sync automatically when connectivity is restored.

The nginx role was refactored and there are some issues with missing variables (web_server_ssl_cert/web_server_ssl_key, aw_group), directories (/etc/tower does not exist), etc.

seems to be that the nginx_exec_vars_only var is now meaningless (unused in the new nginx role).