matrix-docker-ansible-deploy/roles/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2

-- `CREATE USER` does not support `IF NOT EXISTS`, so we use this workaround to prevent an error and raise a notice instead.
-- Seen here: https://stackoverflow.com/a/49858797
DO $$
BEGIN
  CREATE USER {{ additional_db.username }};
  EXCEPTION WHEN DUPLICATE_OBJECT THEN
  RAISE NOTICE 'not creating user {{ additional_db.username }}, since it already exists';
END
$$;

-- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes
-- TODO - we should escape quotes in the password.
ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.password }}';

-- This will generate an error on subsequent execution
CREATE DATABASE {{ additional_db.name }} WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER {{ additional_db.username }};

-- This is useful for changing the database owner subsequently
ALTER DATABASE {{ additional_db.name }} OWNER TO {{ additional_db.username }};
Do not use the postgresql_user/postgresql_db modules While these modules are really nice and helpful, we can't use them for at least 2 reasons: - for us, Postgres runs in a container on a private Docker network (`--network=matrix`) without usually being exposed to the host. These modules execute on the host so they won't be able to reach it. - these modules require `psycopg2`, so we need to install it before using it. This might or might not be its own can of worms. 2020-12-13 22:25:13 +00:00			-- `CREATE USER` does not support `IF NOT EXISTS`, so we use this workaround to prevent an error and raise a notice instead.
			`-- Seen here: https://stackoverflow.com/a/49858797`
			`DO $$`
			`BEGIN`
			`CREATE USER {{ additional_db.username }};`
			`EXCEPTION WHEN DUPLICATE_OBJECT THEN`
Don't mention Postgres roles, just say users 2020-12-14 08:04:37 +00:00			`RAISE NOTICE 'not creating user {{ additional_db.username }}, since it already exists';`
Do not use the postgresql_user/postgresql_db modules While these modules are really nice and helpful, we can't use them for at least 2 reasons: - for us, Postgres runs in a container on a private Docker network (`--network=matrix`) without usually being exposed to the host. These modules execute on the host so they won't be able to reach it. - these modules require `psycopg2`, so we need to install it before using it. This might or might not be its own can of worms. 2020-12-13 22:25:13 +00:00			`END`
			`$$;`

			`-- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes`
			`-- TODO - we should escape quotes in the password.`
Use "password" for additional Postgres databases, not "pass" Being more explicit sounds better. 2020-12-13 22:43:03 +00:00			`ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.password }}';`
Do not use the postgresql_user/postgresql_db modules While these modules are really nice and helpful, we can't use them for at least 2 reasons: - for us, Postgres runs in a container on a private Docker network (`--network=matrix`) without usually being exposed to the host. These modules execute on the host so they won't be able to reach it. - these modules require `psycopg2`, so we need to install it before using it. This might or might not be its own can of worms. 2020-12-13 22:25:13 +00:00
			`-- This will generate an error on subsequent execution`
			`CREATE DATABASE {{ additional_db.name }} WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER {{ additional_db.username }};`

			`-- This is useful for changing the database owner subsequently`
			`ALTER DATABASE {{ additional_db.name }} OWNER TO {{ additional_db.username }};`