DEV.co
Open-Source Databases · geerlingguy

ansible-role-postgresql

An Ansible role that automates PostgreSQL server installation and configuration on RHEL/CentOS and Debian/Ubuntu systems. It handles database creation, user management, authentication rules, and service state through declarative YAML configuration.

Source: GitHub — github.com/geerlingguy/ansible-role-postgresql
656
GitHub stars
414
Forks
Jinja
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorygeerlingguy/ansible-role-postgresql
Ownergeerlingguy
Primary languageJinja
LicenseMIT — OSI-approved
Stars656
Forks414
Open issues9
Latest releaseUnknown
Last updated2026-05-19
Sourcehttps://github.com/geerlingguy/ansible-role-postgresql

What ansible-role-postgresql is

Jinja-based Ansible role providing idempotent PostgreSQL deployment with support for global configuration options, host-based authentication (pg_hba.conf), database/user provisioning, and privilege management via ansible-postgresql modules. Requires root access and Python psycopg2 library.

Quickstart

Get the ansible-role-postgresql source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/geerlingguy/ansible-role-postgresql.gitcd ansible-role-postgresql# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Infrastructure-as-Code Database Setup

Codify PostgreSQL configuration across development, staging, and production environments with consistent, repeatable deployments managed through Ansible playbooks.

Multi-Server Database Clusters

Deploy and configure PostgreSQL on multiple hosts simultaneously, managing socket directories, authentication rules, and service states at scale.

Automated Database Provisioning Pipelines

Integrate into CI/CD workflows to create databases, users, and assign privileges automatically as part of application deployment.

Implementation considerations

  • Role requires become: yes (sudo/root access) to install packages and manage system services; ensure Ansible user has passwordless sudo configured.
  • Python psycopg2 library must match Python version used by Ansible (python-psycopg2 for Python 2, python3-psycopg2 for Python 3).
  • Default hba_entries should be reviewed and customized for your authentication strategy; blindly overriding may lock out access.
  • Custom log_directory paths are created by the role; ensure the specified path exists or the role will create it with default permissions.
  • PostgreSQL service state (started/stopped) and enable flags are controlled via variables; verify postgresql_service_enabled aligns with desired boot behavior.

When to avoid it — and what to weigh

  • Non-Linux Operating Systems — Role is designed only for RHEL/CentOS and Debian/Ubuntu. Windows, macOS, or BSD deployments are not supported.
  • Complex PostgreSQL Clustering or Replication — Role handles single-server setup; does not provide built-in support for streaming replication, Patroni, or advanced high-availability configurations.
  • Version-Specific Advanced Tuning — While OS-specific variables are detected, the role may not expose all PostgreSQL configuration options needed for deep performance tuning or version-specific features.
  • Passwordless Authentication Across Networks — Role defaults to peer/md5 authentication suitable for local or simple setups; complex Kerberos or LDAP integration requires manual post-configuration.

License & commercial use

Licensed under MIT (permissive open-source license).

MIT license permits commercial use, modification, and redistribution with attribution. No commercial restrictions apply. However, confirm with your legal team if bundling with proprietary software.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Default authentication uses peer (local) and md5 (network); md5 is cryptographically weak by modern standards—consider upgrading hba_entries to scram-sha-256 in PostgreSQL 10+. Passwords can be passed as variables; use Ansible vault or secret managers to avoid plaintext in playbooks. postgres_users_no_log defaults to true to avoid logging sensitive credentials. No built-in SSL/TLS configuration for pg_hba; manual postgresql.conf tuning is required for encrypted connections.

Alternatives to consider

geerlingguy/ansible-role-mysql

Similar Ansible role by the same author for MySQL/MariaDB if PostgreSQL is not the target database.

CloudFormation/Terraform PostgreSQL resources

Cloud-native infrastructure-as-code for AWS RDS PostgreSQL or cloud provider managed services; reduces operational overhead vs. self-hosted.

Patroni + Ansible

Specialized HA/replication framework for PostgreSQL if multi-node failover or streaming replication is required beyond basic setup.

Software development agency

Build on ansible-role-postgresql with DEV.co software developers

This role accelerates infrastructure-as-code deployments. If you're building multi-environment database pipelines, we can help integrate it into your CI/CD or cloud strategy.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

ansible-role-postgresql FAQ

Does this role handle PostgreSQL upgrades?
No. The role installs and configures a single PostgreSQL version. Upgrades must be managed separately (e.g., pg_upgrade, manual migration). The role is idempotent for the version specified in OS-specific variables.
Can I use this role to manage an existing PostgreSQL installation?
Partially. The role can add databases, users, and privileges to an existing server, but it assumes root access and may reset configuration files. Test on a copy first or use ansible --check to preview changes.
What if I need to deploy PostgreSQL with specific tuning (work_mem, shared_buffers, etc.)?
Add custom entries to postgresql_global_config_options in your playbook vars. The role merges these with defaults and writes to postgresql.conf.
Is this role suitable for production?
Yes, for single-server deployments. For HA/clustering, consider combining with Patroni or using managed PostgreSQL services. Always test configuration changes in non-production environments first.

Work with a software development agency

Adopting ansible-role-postgresql is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source databases software in production.

Need PostgreSQL Automation for Your Stack?

This role accelerates infrastructure-as-code deployments. If you're building multi-environment database pipelines, we can help integrate it into your CI/CD or cloud strategy.