ansible-role-postgresql
An Ansible role that automates PostgreSQL server installation and configuration on RHEL/CentOS and Debian/Ubuntu systems. It handles database creation, user management, authentication rules, and service state through declarative YAML configuration.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | geerlingguy/ansible-role-postgresql |
| Owner | geerlingguy |
| Primary language | Jinja |
| License | MIT — OSI-approved |
| Stars | 656 |
| Forks | 414 |
| Open issues | 9 |
| Latest release | Unknown |
| Last updated | 2026-05-19 |
| Source | https://github.com/geerlingguy/ansible-role-postgresql |
What ansible-role-postgresql is
Jinja-based Ansible role providing idempotent PostgreSQL deployment with support for global configuration options, host-based authentication (pg_hba.conf), database/user provisioning, and privilege management via ansible-postgresql modules. Requires root access and Python psycopg2 library.
Get the ansible-role-postgresql source
Clone the repository and explore it locally.
git clone https://github.com/geerlingguy/ansible-role-postgresql.gitcd ansible-role-postgresql# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Role requires become: yes (sudo/root access) to install packages and manage system services; ensure Ansible user has passwordless sudo configured.
- Python psycopg2 library must match Python version used by Ansible (python-psycopg2 for Python 2, python3-psycopg2 for Python 3).
- Default hba_entries should be reviewed and customized for your authentication strategy; blindly overriding may lock out access.
- Custom log_directory paths are created by the role; ensure the specified path exists or the role will create it with default permissions.
- PostgreSQL service state (started/stopped) and enable flags are controlled via variables; verify postgresql_service_enabled aligns with desired boot behavior.
When to avoid it — and what to weigh
- Non-Linux Operating Systems — Role is designed only for RHEL/CentOS and Debian/Ubuntu. Windows, macOS, or BSD deployments are not supported.
- Complex PostgreSQL Clustering or Replication — Role handles single-server setup; does not provide built-in support for streaming replication, Patroni, or advanced high-availability configurations.
- Version-Specific Advanced Tuning — While OS-specific variables are detected, the role may not expose all PostgreSQL configuration options needed for deep performance tuning or version-specific features.
- Passwordless Authentication Across Networks — Role defaults to peer/md5 authentication suitable for local or simple setups; complex Kerberos or LDAP integration requires manual post-configuration.
License & commercial use
Licensed under MIT (permissive open-source license).
MIT license permits commercial use, modification, and redistribution with attribution. No commercial restrictions apply. However, confirm with your legal team if bundling with proprietary software.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
Default authentication uses peer (local) and md5 (network); md5 is cryptographically weak by modern standards—consider upgrading hba_entries to scram-sha-256 in PostgreSQL 10+. Passwords can be passed as variables; use Ansible vault or secret managers to avoid plaintext in playbooks. postgres_users_no_log defaults to true to avoid logging sensitive credentials. No built-in SSL/TLS configuration for pg_hba; manual postgresql.conf tuning is required for encrypted connections.
Alternatives to consider
geerlingguy/ansible-role-mysql
Similar Ansible role by the same author for MySQL/MariaDB if PostgreSQL is not the target database.
CloudFormation/Terraform PostgreSQL resources
Cloud-native infrastructure-as-code for AWS RDS PostgreSQL or cloud provider managed services; reduces operational overhead vs. self-hosted.
Patroni + Ansible
Specialized HA/replication framework for PostgreSQL if multi-node failover or streaming replication is required beyond basic setup.
Build on ansible-role-postgresql with DEV.co software developers
This role accelerates infrastructure-as-code deployments. If you're building multi-environment database pipelines, we can help integrate it into your CI/CD or cloud strategy.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
ansible-role-postgresql FAQ
Does this role handle PostgreSQL upgrades?
Can I use this role to manage an existing PostgreSQL installation?
What if I need to deploy PostgreSQL with specific tuning (work_mem, shared_buffers, etc.)?
Is this role suitable for production?
Work with a software development agency
Adopting ansible-role-postgresql is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source databases software in production.
Need PostgreSQL Automation for Your Stack?
This role accelerates infrastructure-as-code deployments. If you're building multi-environment database pipelines, we can help integrate it into your CI/CD or cloud strategy.