From dff8f432f434b5865fc2bfe38e11208814f90225 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 18 Feb 2025 14:39:16 +0100
Subject: [PATCH 01/22] Added additional variables to control every main
 feature

This would allow dynamically selecting what features to run instead of relying on tags

[skip ci]
---
 defaults/main.yml |  5 +++++
 tasks/main.yml    | 25 ++++++++++++++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index bd16213..45d4493 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -342,3 +342,8 @@ postgresql_https_pkg_proxy: ''
 # Confirm twice that postgresql should be uninstalled
 postgresql_uninstall_1: false
 postgresql_uninstall_2: false
+
+
+postgresql_install: true
+postgresql_manage_objects: true
+postgresql_configure: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 3351322..8cd0e6d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,12 +14,14 @@
 
 - name: Import installation tasks
   ansible.builtin.import_tasks: install.yml
+  when: postgresql_install | bool
   tags:
     - install
     - installation
 
 - name: Import initialization tasks
   ansible.builtin.import_tasks: initialize.yml
+  when: postgresql_install | bool
   tags:
     - init
     - initialize
@@ -34,6 +36,7 @@
 
 - name: Import configuration tasks
   ansible.builtin.import_tasks: configure.yml
+  when: postgresql_configure | bool
   tags:
     - config
     - configure
@@ -69,13 +72,17 @@
 
 - name: Import user management tasks
   ansible.builtin.import_tasks: users.yml
-  when: not postgresql_replication or postgresql_replication_role == "primary"
+  when:
+    - postgresql_manage_objects
+    - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
     - user
     - users
 
 - name: Import tablespace tasks
   ansible.builtin.import_tasks: tablespaces.yml
+  when:
+    - postgresql_manage_objects
   tags:
     - tblspc
     - tablespace
@@ -83,7 +90,9 @@
 
 - name: Import databases tasks
   ansible.builtin.import_tasks: databases.yml
-  when: not postgresql_replication or postgresql_replication_role == "primary"
+  when:
+    - postgresql_manage_objects
+    - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
     - db
     - database
@@ -91,7 +100,9 @@
 
 - name: Import ownerships and privileges tasks
   ansible.builtin.import_tasks: ownerships.yml
-  when: not postgresql_replication or postgresql_replication_role == "primary"
+  when:
+    - postgresql_manage_objects
+    - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
     - owner
     - owners
@@ -102,7 +113,9 @@
 
 - name: Import extensions tasks
   ansible.builtin.import_tasks: extensions.yml
-  when: not postgresql_replication or postgresql_replication_role == "primary"
+  when:
+    - postgresql_manage_objects
+    - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
     - ext
     - extension
@@ -110,7 +123,9 @@
 
 - name: Import sql script and queries tasks
   ansible.builtin.import_tasks: sql.yml
-  when: not postgresql_replication or postgresql_replication_role == "primary"
+  when:
+    - postgresql_manage_objects
+    - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
     - query
     - script

From 93a76441fc7fe52cb6fcec2ced0e6776b6b7673b Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 18 Feb 2025 15:05:44 +0100
Subject: [PATCH 02/22] Update [skip ci]

---
 defaults/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 45d4493..cbc9c76 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -347,3 +347,4 @@ postgresql_uninstall_2: false
 postgresql_install: true
 postgresql_manage_objects: true
 postgresql_configure: true
+postgresql_initialize: true

From c39f669b50c7c1ce7c4c88dd7857ecb05912fe0e Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 18 Feb 2025 17:16:27 +0100
Subject: [PATCH 03/22] Update [skip ci]

---
 tasks/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 8cd0e6d..53981b3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -21,7 +21,7 @@
 
 - name: Import initialization tasks
   ansible.builtin.import_tasks: initialize.yml
-  when: postgresql_install | bool
+  when: postgresql_initialize | bool
   tags:
     - init
     - initialize
@@ -45,7 +45,7 @@
 - name: Import primary replication tasks
   ansible.builtin.import_tasks: replication-primary.yml
   when:
-    - postgresql_replication
+    - postgresql_replication and postgresql_configure_replication
     - postgresql_replication_role == "primary"
   tags:
     - repli
@@ -54,7 +54,7 @@
 - name: Import replica replication tasks
   ansible.builtin.import_tasks: replication-replica.yml
   when:
-    - postgresql_replication
+    - postgresql_replication and postgresql_configure_replication
     - postgresql_replication_role == "replica"
   tags:
     - repli

From 1381180e9c454a4c3f09f7b0f5d20e646fbf1072 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Wed, 19 Feb 2025 20:25:07 +0100
Subject: [PATCH 04/22] Added comments for features control variables

---
 defaults/main.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index cbc9c76..3bd8244 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -343,8 +343,13 @@ postgresql_https_pkg_proxy: ''
 postgresql_uninstall_1: false
 postgresql_uninstall_2: false
 
-
+# Controls PostgreSQL packages installation 
 postgresql_install: true
+# Controls engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
 postgresql_manage_objects: true
+# Controls configuration
 postgresql_configure: true
+# Controls cluster initialization
 postgresql_initialize: true
+# Controls actual postgresql replication configuration 
+postgresql_configure_replication: true

From 1e068c0e11991080733d3b79b759aae82249f7ff Mon Sep 17 00:00:00 2001
From: Mensah David Assigbi <50207516+davidassigbi@users.noreply.github.com>
Date: Fri, 28 Feb 2025 11:40:31 +0100
Subject: [PATCH 05/22] Update README.md

[skip ci]
---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index 8202cdf..21186e8 100644
--- a/README.md
+++ b/README.md
@@ -109,6 +109,7 @@ These variables are translated to environnement variables `http_proxy` and `http
 
 ### Installation
 ----
+By default installation is enabled (`postgresql_install: true`)
 _default PostgreSQL version is 15_
 PostgreSQL and locales installation.
 
@@ -572,6 +573,16 @@ postgresql_tempfile_mode: '0644'
 postgresql_tempfile_owner: root
 postgresql_tempfile_group: root
 
+# Controls running tasks handling: postgreSQL packages installation 
+postgresql_install: true
+# Controls running tasks handling: cluster initialization
+postgresql_initialize: true
+# Controls running tasks handling: engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
+postgresql_manage_objects: true
+# Controls running tasks handling: configuration
+postgresql_configure: true
+# Controls running tasks handling: actual replication configuration 
+postgresql_configure_replication: true
 ```
 
 ### Uninstallation

From df0b1e06089af361b10f992018bebcf0e917ab27 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Fri, 28 Feb 2025 11:43:47 +0100
Subject: [PATCH 06/22] Made feature control variables comments more consistent

[skip ci]
---
 defaults/main.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 3bd8244..56a23fe 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -343,13 +343,13 @@ postgresql_https_pkg_proxy: ''
 postgresql_uninstall_1: false
 postgresql_uninstall_2: false
 
-# Controls PostgreSQL packages installation 
+# Controls running tasks handling: postgreSQL packages installation 
 postgresql_install: true
-# Controls engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
+# Controls running tasks handling: cluster initialization
+postgresql_initialize: true
+# Controls running tasks handling: engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
 postgresql_manage_objects: true
-# Controls configuration
+# Controls running tasks handling: configuration
 postgresql_configure: true
-# Controls cluster initialization
-postgresql_initialize: true
-# Controls actual postgresql replication configuration 
+# Controls running tasks handling: actual replication configuration 
 postgresql_configure_replication: true

From 88c79c19d06149ee1059bfd77601dd56f9630781 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Fri, 28 Feb 2025 12:37:58 +0100
Subject: [PATCH 07/22] feat: Added a var _postgresql_apt_repo_template_path to
 allow further customization for the repo source on debian-like systems

---
 tasks/debian/install.yml | 4 ++--
 vars/main.yml            | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/tasks/debian/install.yml b/tasks/debian/install.yml
index 7f78723..f958572 100644
--- a/tasks/debian/install.yml
+++ b/tasks/debian/install.yml
@@ -1,13 +1,13 @@
 ---
 - name: Add postgresql repository
   ansible.builtin.template:
-    src: etc/apt/sources.list.d/pgdb.list.j2
+    src: "{{ _postgresql_apt_repo_template_path }}"
     dest: /etc/apt/sources.list.d/pgdg.list
     owner: root
     group: root
     mode: "644"
 
-- name: Add postgreqsl repository signing key
+- name: Add postgresql repository signing key
   ansible.builtin.uri:
     url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
     dest: /etc/apt/trusted.gpg.d/pgdb.asc
diff --git a/vars/main.yml b/vars/main.yml
index 6018f02..f1a85dd 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -30,6 +30,7 @@ _postgresql_config_change_handler_state: reloaded
 _postgresql_service_state: started
 
 _postgresql_apt_mirror_url: http://apt.postgresql.org/pub/repos/apt
+_postgresql_apt_repo_template_path: templates/etc/apt/sources.list.d/pgdb.list.j2
 _postgresql_repo_rpm_url: "https://download.postgresql.org/pub/repos/yum/reporpms/{{ (ansible_distro == 'fedora') | ternary('F', 'EL') }}-{{ ansible_distribution_major_version }}-x86_64/pgdg-{{ (ansible_distro == 'fedora') | ternary('fedora', 'redhat') }}-repo-latest.noarch.rpm"
 _postgresql_unix_socket_directories_mode: "{{ postgresql_unix_socket_directories_mode | d('2775', true) }}"
 _postgresql_service_path: "{{ postgresql_service_path | d('', true) }}"

From 9f96e5474a9f6d446be50c251ca7b19bef2214a7 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Thu, 6 Mar 2025 14:21:23 +0100
Subject: [PATCH 08/22] Add postgresql_conn_vars and used it on all postgresql
 modules

---
 defaults/main.yml             | 19 ++++++++++++
 tasks/configure.yml           | 24 +++++++++++++--
 tasks/databases.yml           | 56 ++++++++++++++++++++++-------------
 tasks/extensions.yml          | 20 ++++++++-----
 tasks/install.yml             |  2 ++
 tasks/ownerships.yml          | 38 ++++++++++++++++--------
 tasks/redhat/install.yml      |  2 +-
 tasks/replication-primary.yml | 26 ++++++++++++++--
 tasks/replication-replica.yml | 30 ++++++++++++++++---
 tasks/setup-vars.yml          | 14 +++++++++
 tasks/sql.yml                 | 36 ++++++++++++++--------
 tasks/tablespaces.yml         | 19 ++++++++----
 tasks/users.yml               | 36 ++++++++++++++--------
 13 files changed, 241 insertions(+), 81 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 56a23fe..27d7250 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -353,3 +353,22 @@ postgresql_manage_objects: true
 postgresql_configure: true
 # Controls running tasks handling: actual replication configuration 
 postgresql_configure_replication: true
+
+# PostgreSQl connection vars object
+postgresql_conn_vars:
+  # ca_cert: null # alias ssl_rootcert
+  ca_cert: "{{ inventory_hostname }}" # alias ssl_rootcert
+  connect_params: null
+  login_host: null
+  login_password: null
+  login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
+  login_user: "{{ postgresql_user }}"
+  login_port: "{{ postgresql_port }}"
+  session_role: null
+  ssl_cert: null
+  ssl_key: null
+  ssl_mode: null
+#     # login_db: "{{ item.db | default(omit) }}"
+#     # trust_input: "{{ item.trust_input | d(omit) }}"
+
+#     # maintenance_db: postgres (on database module)
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 885f512..cf491cd 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -1,4 +1,13 @@
 ---
+- name: Define pg_conn_vars anchor
+  when: false
+  ansible.builtin.set_fact:
+    _: &pg_conn_vars
+
+
+# - name: Import tasks
+#   ansible.builtin.import_tasks: tasks/define_pg_conn_vars.yml
+
 - name: Configure global settings.
   ansible.builtin.lineinfile:
     dest: "{{ _postgresql_config_path }}/postgresql.conf"
@@ -59,9 +68,18 @@
 - name: Retrieve settings requiring a restart
   community.postgresql.postgresql_query:
     query: select name from pg_settings where pending_restart='true';
-    port: "{{ postgresql_port }}"
-    login_user: "{{ postgresql_user }}"
-    login_unix_socket: "{{ postgresql_unix_socket_directories[0] }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   register: _postgresql_res_pending_params
   changed_when: postgresql_config_change_allow_restart and _postgresql_res_pending_params.rowcount > 0
   become: true
diff --git a/tasks/databases.yml b/tasks/databases.yml
index 2f0ba29..e89a19d 100644
--- a/tasks/databases.yml
+++ b/tasks/databases.yml
@@ -6,16 +6,8 @@
     lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}"
     encoding: "{{ item.encoding | default('UTF-8') }}"
     template: "{{ item.template | default('template0') }}"
-    login_host: "{{ item.login_host | default('localhost') }}"
-    login_password: "{{ item.login_password | default(omit) }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    port: "{{ postgresql_port }}"
     owner: "{{ item.owner | default(postgresql_user) }}"
     state: "{{ item.state | default('present') }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     force: "{{ item.force | d(omit) }}"
     target: "{{ item.target | d(omit) }}"
     target_opts: "{{ item.target_opts | d(omit) }}"
@@ -24,6 +16,18 @@
     tablespace: "{{ item.tablespace | d(omit) }}"
     dump_extra_args: "{{ item.dump_extra_args | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_databases }}"
   become: true
   become_user: "{{ postgresql_user }}"
@@ -38,13 +42,19 @@
     owner: "{{ item.owner | d(omit) }}"
     state: "{{ item.state | d(omit) }}"
     cascade_drop: "{{ item.cascade_drop | d(omit) }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_schemas }}"
   no_log: "{{ postgresql_users_no_log }}"
   become: true
@@ -68,13 +78,19 @@
     truncate: "{{ item.truncate | d(omit) }}"
     state: "{{ item.state | d(omit) }}"
     cascade: "{{ item.cascade | d(omit) }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_tables }}"
   no_log: "{{ postgresql_users_no_log }}"
   become: true
diff --git a/tasks/extensions.yml b/tasks/extensions.yml
index cd7050f..49a213e 100644
--- a/tasks/extensions.yml
+++ b/tasks/extensions.yml
@@ -3,19 +3,23 @@
   community.postgresql.postgresql_ext:
     name: "{{ item.name }}"
     db: "{{ item.db }}"
-    login_host: "{{ item.login_host | default('localhost') }}"
-    login_password: "{{ item.login_password | default(omit) }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    port: "{{ postgresql_port }}"
     state: "{{ item.state | d('present') }}"
     schema: "{{ item.schema | d('public') }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     cascade: "{{ item.cascade | d(omit) }}"
     version: "{{ item.version | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   register: _ext_mgmt_res
   changed_when:
     - _ext_mgmt_res.changed
diff --git a/tasks/install.yml b/tasks/install.yml
index d80e1b3..2d95dca 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -42,6 +42,7 @@
     extra_args: --upgrade
     virtualenv: "{{ _postgresql_virtualenv_path }}"
     virtualenv_command: python3 -m venv
+  become: true
   become_user: "{{ postgresql_user }}"
   when: not ansible_check_mode
   environment: "{{ _postgresql_general_proxy_env | ansible.builtin.combine({'PATH': _postgresql_pythonized_path}) }}"
@@ -53,5 +54,6 @@
   ansible.builtin.pip:
     name: "{{ _postgresql_dependencies_pip_packages }}"
     virtualenv: "{{ _postgresql_virtualenv_path }}"
+  become: true
   become_user: "{{ postgresql_user }}"
   environment: "{{ _postgresql_general_proxy_env | ansible.builtin.combine({'PATH': _postgresql_pythonized_path}) }}"
diff --git a/tasks/ownerships.yml b/tasks/ownerships.yml
index 265950e..7f15a45 100644
--- a/tasks/ownerships.yml
+++ b/tasks/ownerships.yml
@@ -7,13 +7,19 @@
     obj_type: "{{ item.obj_type | d(omit) }}"
     reassign_owned_by: "{{ item.reassign_owned_by | d(omit) }}"
     fail_on_role: "{{ item.fail_on_role | d(omit) }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_ownerships }}"
   no_log: "{{ postgresql_users_no_log }}"
   become: true
@@ -34,14 +40,20 @@
     db: "{{ item.db | d(omit) }}"
     target_roles: "{{ item.target_roles | d(omit) }}"
     state: "{{ item.state | default('present') }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    fail_on_role: "{{ item.fail_on_user | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    fail_on_role: "{{ item.fail_on_user | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_privs }}"
   no_log: "{{ postgresql_users_no_log }}"
   become: true
diff --git a/tasks/redhat/install.yml b/tasks/redhat/install.yml
index cbcd517..1aa4a71 100644
--- a/tasks/redhat/install.yml
+++ b/tasks/redhat/install.yml
@@ -55,7 +55,7 @@
   ansible.builtin.dnf:
     name: gcc
     state: present
-   
+
 - name: Ensure PostgreSQL packages (including locales) are installed.
   ansible.builtin.dnf:
     name: "{{ _postgresql_packages + postgresql_locale_packages }}"
diff --git a/tasks/replication-primary.yml b/tasks/replication-primary.yml
index 5873fe1..09646f7 100644
--- a/tasks/replication-primary.yml
+++ b/tasks/replication-primary.yml
@@ -12,6 +12,18 @@
     expires: infinity
     role_attr_flags: REPLICATION
     state: present
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   no_log: "{{ postgresql_users_no_log }}"
   become: true
   become_user: "{{ postgresql_user }}"
@@ -27,9 +39,19 @@
     state: "{{ item.state | d(omit, true) }}"
     db: "{{ item.db | d(omit, true) }}"
     output_plugin: "{{ item.output_plugin | d(omit, true) }}"
-    port: "{{ postgresql_port }}"
     immediately_reserve: "{{ item.immediately_reserve | d(omit, true) }}"
-    login_unix_socket: "{{ postgresql_unix_socket_directories[0] }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   become: true
   become_user: "{{ postgresql_user }}"
   vars:
diff --git a/tasks/replication-replica.yml b/tasks/replication-replica.yml
index 126b8b3..9be3ce9 100644
--- a/tasks/replication-replica.yml
+++ b/tasks/replication-replica.yml
@@ -2,8 +2,18 @@
 - name: Check replication status on replica
   community.postgresql.postgresql_query:
     query: select * from pg_stat_wal_receiver
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    port: "{{ postgresql_port | default(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   register: _postgresql_replication_check
   become: true
   become_user: "{{ postgresql_user }}"
@@ -71,8 +81,20 @@
         name: "{{ postgresql_replication_slot }}"
         slot_type: physical
         state: present
-        port: "{{ postgresql_replication_primary_port }}"
-        login_unix_socket: "{{ postgresql_unix_socket_directories[0] }}"
+        # connection options, possibly lookup the conn_vars for the primary to use the actual primary conn vars and not assume they will largely be similar
+        ca_cert: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ca_cert | d(omit, true) }}"
+        connect_params: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.connect_params | d(omit, true) }}"
+        login_host: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_host | d(omit, true) }}"
+        login_password: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_password | d(omit, true) }}"
+        login_unix_socket: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+        login_user: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_user | d(omit, true) }}"
+        # login_port: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_port | d(omit, true) }}"
+        session_role: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.session_role | d(omit, true) }}"
+        ssl_cert: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+        ssl_key: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ssl_key | d(omit, true) }}"
+        ssl_mode: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ssl_mode | d(omit, true) }}"
+        # connection options
+        login_port: "{{ postgresql_replication_primary_port }}"
       delegate_to: "{{ postgresql_replication_primary_inventory_name | d(omit, true) }}"
       become: true
       become_user: "{{ postgresql_user }}"
diff --git a/tasks/setup-vars.yml b/tasks/setup-vars.yml
index 5ca4a7b..82742f5 100644
--- a/tasks/setup-vars.yml
+++ b/tasks/setup-vars.yml
@@ -36,3 +36,17 @@
   when:
     - postgresql_replication
     - postgresql_replication_hba_entries | d([], true) | length == 0
+
+- name: Set postgresql_conn_vars to make it available later in hostvars
+  ansible.builtin.set_fact:
+    postgresql_conn_vars: "{{ postgresql_conn_vars }}"
+  # no_log: true
+
+# - name: Show delegated_to facts
+#   delegate_to: "{{ (hostvars.keys() | list)[1] }}"
+#   ansible.builtin.debug:
+#     var: v
+#   vars:
+#     v:
+#       ca_cert: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ca_cert | d(omit, true) }}"
+
diff --git a/tasks/sql.yml b/tasks/sql.yml
index 5cd49d9..3269ac1 100644
--- a/tasks/sql.yml
+++ b/tasks/sql.yml
@@ -8,13 +8,19 @@
     autocommit: "{{ item.autocommit | d(omit) }}"
     encoding: "{{ item.encoding | d(omit) }}"
     search_path: "{{ item.search_path | d(omit) }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_queries }}"
   no_log: "{{ postgresql_users_no_log }}"
   become: true
@@ -32,13 +38,19 @@
     positional_args: "{{ item.positional_args | d(omit) }}"
     encoding: "{{ item.encoding | d(omit) }}"
     search_path: "{{ item.search_path | d(omit) }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_scripts }}"
   no_log: "{{ postgresql_users_no_log }}"
   changed_when: false
diff --git a/tasks/tablespaces.yml b/tasks/tablespaces.yml
index 188ced3..16c46b0 100644
--- a/tasks/tablespaces.yml
+++ b/tasks/tablespaces.yml
@@ -1,3 +1,4 @@
+---
 - name: Manage tablespaces location.
   ansible.builtin.file:
     path: "{{ item.location }}"
@@ -27,13 +28,19 @@
         set: "{{ ((item.state | d('present')) == 'present') | ternary(item.set | d(omit), omit) }}"
         owner: "{{ ((item.state | d('present')) == 'present') | ternary(item.owner | d(omit), omit) }}"
         location: "{{ ((item.state | d('present')) == 'present') | ternary(item.location | d(omit), omit) }}"
-        port: "{{ postgresql_port }}"
-        login_user: "{{ item.login_user | default(postgresql_user) }}"
-        login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
-        ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-        ca_cert: "{{ item.ca_cert | d(omit) }}"
-        session_role: "{{ item.session_role | d(omit) }}"
         trust_input: "{{ item.trust_input | d(omit) }}"
+        # connection options
+        ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+        connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+        login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+        login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+        login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+        login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+        login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+        session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+        ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+        ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+        ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
       register: tbspc_mgmt_res
       failed_when:
         - tbspc_mgmt_res.failed
diff --git a/tasks/users.yml b/tasks/users.yml
index d39f88a..fd837f2 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -3,22 +3,28 @@
   community.postgresql.postgresql_user:
     name: "{{ item.name }}"
     password: "{{ item.password | default(omit) }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
     encrypted: "{{ item.encrypted | default(omit) }}"
     role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
     db: "{{ item.db | default(omit) }}"
     state: "{{ item.state | default('present') }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
     fail_on_user: "{{ item.fail_on_user | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     expires: "{{ item.expires | d(omit) }}"
     no_password_changes: "{{ item.no_password_changes | d(omit) }}"
     conn_limit: "{{ item.conn_limit | d(omit) }}"
     comment: "{{ item.comment | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # Connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_users }}"
   loop_control:
     label: "{{ item.name }}"
@@ -37,15 +43,21 @@
     groups: "{{ item.groups }}"
     target_roles: "{{ item.target_roles }}"
     state: "{{ item.state | default('present') }}"
-    port: "{{ postgresql_port }}"
-    login_user: "{{ item.login_user | default(postgresql_user) }}"
-    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
     db: "{{ item.db | default(omit) }}"
-    ssl_mode: "{{ item.ssl_mode | d(omit) }}"
-    ca_cert: "{{ item.ca_cert | d(omit) }}"
     fail_on_role: "{{ item.fail_on_user | d(omit) }}"
-    session_role: "{{ item.session_role | d(omit) }}"
     trust_input: "{{ item.trust_input | d(omit) }}"
+    # connection options
+    ca_cert: "{{ postgresql_conn_vars.ca_cert | d(omit, true) }}"
+    connect_params: "{{ postgresql_conn_vars.connect_params | d(omit, true) }}"
+    login_host: "{{ postgresql_conn_vars.login_host | d(omit, true) }}"
+    login_password: "{{ postgresql_conn_vars.login_password | d(omit, true) }}"
+    login_unix_socket: "{{ postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
+    login_user: "{{ postgresql_conn_vars.login_user | d(omit, true) }}"
+    login_port: "{{ postgresql_conn_vars.login_port | d(omit, true) }}"
+    session_role: "{{ postgresql_conn_vars.session_role | d(omit, true) }}"
+    ssl_cert: "{{ postgresql_conn_vars.ssl_cert | d(omit, true) }}"
+    ssl_key: "{{ postgresql_conn_vars.ssl_key | d(omit, true) }}"
+    ssl_mode: "{{ postgresql_conn_vars.ssl_mode | d(omit, true) }}"
   loop: "{{ postgresql_memberships }}"
   no_log: "{{ postgresql_users_no_log }}"
   become: true

From 9d03281138e97c9ce7d2236ae404523f2b92d160 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Thu, 6 Mar 2025 14:53:32 +0100
Subject: [PATCH 09/22] Removed unused tasks

---
 tasks/configure.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/tasks/configure.yml b/tasks/configure.yml
index cf491cd..c833c98 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -1,13 +1,4 @@
 ---
-- name: Define pg_conn_vars anchor
-  when: false
-  ansible.builtin.set_fact:
-    _: &pg_conn_vars
-
-
-# - name: Import tasks
-#   ansible.builtin.import_tasks: tasks/define_pg_conn_vars.yml
-
 - name: Configure global settings.
   ansible.builtin.lineinfile:
     dest: "{{ _postgresql_config_path }}/postgresql.conf"

From b3d56ab66413c4c6b9a0e435b7d082bb4e76817a Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Thu, 6 Mar 2025 15:39:49 +0100
Subject: [PATCH 10/22] test PG17

---
 .github/workflows/molecule.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index ddeeece..dcfc3c1 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -55,7 +55,7 @@ jobs:
       matrix:
         scenario: ${{ fromJson(needs.setup.outputs.scenarios) }}
         postgresql_version:
-          - 16
+          - 17
         config:
           - name: rocky8
             image: "rockylinux"

From 0153907413d19f2c86b2016fd43c6897c3e95859 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Fri, 21 Mar 2025 12:51:40 +0100
Subject: [PATCH 11/22] Added additionnal control variables

---
 defaults/main.yml | 14 +++++++++-----
 tasks/main.yml    | 41 +++++++++++++++++++++++++++++++++++------
 2 files changed, 44 insertions(+), 11 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 27d7250..c418752 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -343,7 +343,7 @@ postgresql_https_pkg_proxy: ''
 postgresql_uninstall_1: false
 postgresql_uninstall_2: false
 
-# Controls running tasks handling: postgreSQL packages installation 
+# Controls running tasks handling: postgreSQL packages installation
 postgresql_install: true
 # Controls running tasks handling: cluster initialization
 postgresql_initialize: true
@@ -351,17 +351,21 @@ postgresql_initialize: true
 postgresql_manage_objects: true
 # Controls running tasks handling: configuration
 postgresql_configure: true
-# Controls running tasks handling: actual replication configuration 
+# Controls running tasks handling: actual replication configuration
 postgresql_configure_replication: true
 
+# Controls installation when running it for patroni
+postgresql_is_patroni: false
+# Whether to essentially not run any tasks after installation
+postgresql_only_install: false
+
 # PostgreSQl connection vars object
 postgresql_conn_vars:
-  # ca_cert: null # alias ssl_rootcert
-  ca_cert: "{{ inventory_hostname }}" # alias ssl_rootcert
+  ca_cert: null # alias ssl_rootcert
   connect_params: null
   login_host: null
   login_password: null
-  login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
+  login_unix_socket: "{{ postgresql_unix_socket_directories[0] | d(null, true) }}"
   login_user: "{{ postgresql_user }}"
   login_port: "{{ postgresql_port }}"
   session_role: null
diff --git a/tasks/main.yml b/tasks/main.yml
index 53981b3..32c8718 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,14 +14,23 @@
 
 - name: Import installation tasks
   ansible.builtin.import_tasks: install.yml
-  when: postgresql_install | bool
+  when:
+    - postgresql_install | bool
   tags:
     - install
     - installation
 
+- name: Set fact for ending role
+  ansible.builtin.set_fact:
+    _postgresql_end_role: "{{ postgresql_install and postgresql_only_install }}"
+
+
 - name: Import initialization tasks
   ansible.builtin.import_tasks: initialize.yml
-  when: postgresql_initialize | bool
+  when:
+    - not _postgresql_end_role
+    - not postgresql_is_patroni | bool
+    - postgresql_initialize | bool
   tags:
     - init
     - initialize
@@ -29,14 +38,20 @@
 
 - name: Import auto tunning tasks
   ansible.builtin.import_tasks: autotune.yml
-  when: postgresql_autotune | bool
+  when:
+    - not _postgresql_end_role
+    - not postgresql_is_patroni | bool
+    - postgresql_autotune | bool
   tags:
     - auto-tune
     - autotune
 
 - name: Import configuration tasks
   ansible.builtin.import_tasks: configure.yml
-  when: postgresql_configure | bool
+  when:
+    - not _postgresql_end_role
+    - not postgresql_is_patroni | bool
+    - postgresql_configure | bool
   tags:
     - config
     - configure
@@ -45,6 +60,8 @@
 - name: Import primary replication tasks
   ansible.builtin.import_tasks: replication-primary.yml
   when:
+    - not _postgresql_end_role
+    - not postgresql_is_patroni | bool
     - postgresql_replication and postgresql_configure_replication
     - postgresql_replication_role == "primary"
   tags:
@@ -54,6 +71,8 @@
 - name: Import replica replication tasks
   ansible.builtin.import_tasks: replication-replica.yml
   when:
+    - not _postgresql_end_role
+    - not postgresql_is_patroni | bool
     - postgresql_replication and postgresql_configure_replication
     - postgresql_replication_role == "replica"
   tags:
@@ -62,17 +81,22 @@
 
 - name: Import backup tasks
   ansible.builtin.import_tasks: backup.yml
-  when: postgresql_backup | bool
+  when:
+    - not _postgresql_end_role
+    - postgresql_backup | bool
   tags: backup
 
 - name: Import vacuum tasks
   ansible.builtin.import_tasks: vacuum.yml
-  when: postgresql_vacuum | bool
+  when:
+    - not _postgresql_end_role
+    - postgresql_vacuum | bool
   tags: vacuum
 
 - name: Import user management tasks
   ansible.builtin.import_tasks: users.yml
   when:
+    - not _postgresql_end_role
     - postgresql_manage_objects
     - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
@@ -82,6 +106,7 @@
 - name: Import tablespace tasks
   ansible.builtin.import_tasks: tablespaces.yml
   when:
+    - not _postgresql_end_role
     - postgresql_manage_objects
   tags:
     - tblspc
@@ -91,6 +116,7 @@
 - name: Import databases tasks
   ansible.builtin.import_tasks: databases.yml
   when:
+    - not _postgresql_end_role
     - postgresql_manage_objects
     - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
@@ -101,6 +127,7 @@
 - name: Import ownerships and privileges tasks
   ansible.builtin.import_tasks: ownerships.yml
   when:
+    - not _postgresql_end_role
     - postgresql_manage_objects
     - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
@@ -114,6 +141,7 @@
 - name: Import extensions tasks
   ansible.builtin.import_tasks: extensions.yml
   when:
+    - not _postgresql_end_role
     - postgresql_manage_objects
     - not postgresql_replication or postgresql_replication_role == "primary"
   tags:
@@ -124,6 +152,7 @@
 - name: Import sql script and queries tasks
   ansible.builtin.import_tasks: sql.yml
   when:
+    - not _postgresql_end_role
     - postgresql_manage_objects
     - not postgresql_replication or postgresql_replication_role == "primary"
   tags:

From f441ef6b7d5486289c55bd1d0b4f9a87abbb1d47 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Thu, 27 Mar 2025 21:58:34 +0100
Subject: [PATCH 12/22] Added control variables documentation and patroni
 integration in readme

---
 .gitignore        |  1 +
 README.md         | 74 ++++++++++++++++++++++++++++++++---------------
 defaults/main.yml | 34 +++++++++++-----------
 3 files changed, 69 insertions(+), 40 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1f274fa..a281698 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 .vscode/
 test.yml
 env/
+.ansible/
diff --git a/README.md b/README.md
index 21186e8..7ee5ccf 100644
--- a/README.md
+++ b/README.md
@@ -59,23 +59,24 @@ ansible-galaxy install claranet.postgresql
 
 ### Available features and tags
 -----
-This role support the following features and tags in the following order during execution:
-Feature                             | Tag
+This role support the following features and tags along with control variables in the following order during execution:
+
+Feature                             | Control variable(s) | Tag(s)
 ------------------------------------|---------------------
-Uninstallation                      | uninstallation
-Installation                        | install, installation
-Datadir initialization              | init,initialize,initialise
-Auto tune (with pg-config.org)      | autotune, auto-tune
-Configuration                       | config, configure, configuration
-Replication                         | repli, replication
-Vacuum                              | vacuum
-Backup                              | backup
-User & membership management        | user, users
-Tablespace management               | tblspc, tablespace, tablespaces
-Database management                 | db, database, databases
-Ownership & privileges management   | owner, owners, ownership, priv, privs, privileges
-Extensions management               | ext, extension, extensions
-SQL code executions                 | query, script
+Uninstallation                      | postgresql_uninstall_1,postgresql_uninstall_2 | uninstallation
+Installation                        | postgresql_install | install, installation
+Datadir initialization              | postgresql_initialize | init,initialize,initialise
+Auto tune (with pg-config.org)      | postgresql_autotune | autotune, auto-tune
+Configuration                       | postgresql_configure | config, configure, configuration
+Replication                         | postgresql_replication,postgresql_configure_replication | repli, replication
+Vacuum                              | postgresql_vacuum | vacuum
+Backup                              | postgresql_backup | backup
+User & membership management        | postgresql_manage_objects | user, users
+Tablespace management               | postgresql_manage_objects | tblspc, tablespace, tablespaces
+Database management                 | postgresql_manage_objects | db, database, databases
+Ownership & privileges management   | postgresql_manage_objects | owner, owners, ownership, priv, privs, privileges
+Extensions management               | postgresql_manage_objects | ext, extension, extensions
+SQL code executions                 | postgresql_manage_objects | query, script
 
 
 Linux/PostgreSQL versions supported
@@ -109,12 +110,11 @@ These variables are translated to environnement variables `http_proxy` and `http
 
 ### Installation
 ----
-By default installation is enabled (`postgresql_install: true`)
-_default PostgreSQL version is 15_
+_default PostgreSQL version is 16_
 PostgreSQL and locales installation.
 
 ```yaml
-postgresql_version: "15"
+postgresql_version: "16"
 
 # Debian only. Used to generate the locales used by PostgreSQL databases.
 postgresql_locales:
@@ -125,8 +125,33 @@ postgresql_locales:
 postgresql_locale_packages:
   - glibc-langpack-en
   - glibc-langpack-fr
+
+# Controls running tasks handling: postgreSQL packages installation
+postgresql_install: true
+```
+
+
+### Patroni integration
+----
+When using Patroni to manage PostgreSQL replication, Patroni expects PostgreSQL packages be installed upfront. 
+However once the Patroni cluster is bootstrapped, the underlying PostgreSQL instances can be managed just like any other regular replication.
+
+In order to install PostgreSQL pacakges before bootstrapping a Patroni cluster this role can be invoked with the following variables which will cause the role to only perform installation.
+
+```yaml
+postgresql_is_patroni: true
+postgresql_install: true
+postgresql_only_install: true
 ```
 
+
+After Patroni bootstrap this role can be invoked with the following combination of variables to essentially skip the packages installation and manage the cluster like a pre configuration replication setup:
+```yaml
+postgresql_is_patroni: true
+postgresql_install: false
+```
+
+
 ### Configuration 
 ----
 Example for configuration related variables:
@@ -153,7 +178,8 @@ postgresql_hba_raw: |
 
 # Allow service restart for configuration changes that require it
 postgresql_config_change_allow_restart: true
-
+# Controls running tasks handling: configuration
+postgresql_configure: true
 ```
 
 _Notes:_
@@ -256,8 +282,12 @@ postgresql_pg_basebackup_walmethod: stream  # none/stream/fetch
 postgresql_pg_basebackup_args: ""
 
 # Actual pg_basebackup built with the previous parameters
-# DO NOT override this variable except you know what you are doing 
+# DO NOT override this variable unless you know what you are doing 
 postgresql_pg_basebackup_cmd: {{ _postgresql_bin_path }}/pg_basebackup --no-password --host {{ postgresql_replication_primary_address }} --port {{ postgresql_replication_primary_port }} --username {{ postgresql_replication_user }} --pgdata {{ _postgresql_data_dir }} --checkpoint {{ postgresql_pg_basebackup_checkpoint }} {{ (postgresql_replication_slot != '') | ternary('--slot ' ~ postgresql_replication_slot, '') }} --wal-method {{ postgresql_pg_basebackup_walmethod }} --write-recovery-conf --verbose --progress {{ postgresql_pg_basebackup_args }}
+
+# Controls running tasks handling: actual replication configuration
+# DO NOT override this variable unless you know what you are doing
+postgresql_configure_replication: true
 ```
 
 ### Vacuum
@@ -573,8 +603,6 @@ postgresql_tempfile_mode: '0644'
 postgresql_tempfile_owner: root
 postgresql_tempfile_group: root
 
-# Controls running tasks handling: postgreSQL packages installation 
-postgresql_install: true
 # Controls running tasks handling: cluster initialization
 postgresql_initialize: true
 # Controls running tasks handling: engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
diff --git a/defaults/main.yml b/defaults/main.yml
index c418752..49ff748 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,6 +5,10 @@ postgresql_version: 16
 postgresql_debug: false
 
 # Postgresql installation related variables
+# Controls running tasks handling: postgreSQL packages installation
+postgresql_install: true
+# Controls running tasks handling: cluster initialization
+postgresql_initialize: true
 # Debian only. Used to generate the locales used by PostgreSQL databases.
 postgresql_locales:
   - 'en_US.UTF-8'
@@ -20,6 +24,8 @@ postgresql_enablerepo: ""
 
 
 # Configuration related variables
+# Controls running tasks handling: configuration
+postgresql_configure: true
 postgresql_port: 5432
 postgresql_listen_addresses: 0.0.0.0
 postgresql_max_connections: 100
@@ -105,6 +111,9 @@ postgresql_service_state: started
 postgresql_service_enabled: true
 
 
+# PosgreSQL objects management
+# Controls running tasks handling: engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
+postgresql_manage_objects: true
 # Manage tablespaces
 postgresql_tablespaces: []
   # - name: ssd
@@ -199,8 +208,10 @@ postgresql_replication_slots: []
 # Replication related variables
 # Activate postgresql replication
 postgresql_replication: false
+# Controls running tasks handling: actual replication configuration
+postgresql_configure_replication: true
 # Server role in the replication process
-postgresql_replication_role: "" # primary/replica
+postgresql_replication_role: ""  # primary/replica
 postgresql_replication_user: replication_user
 postgresql_replication_password: password
 # Address/DNS name of the primary server used in the pg_basebackup
@@ -343,25 +354,17 @@ postgresql_https_pkg_proxy: ''
 postgresql_uninstall_1: false
 postgresql_uninstall_2: false
 
-# Controls running tasks handling: postgreSQL packages installation
-postgresql_install: true
-# Controls running tasks handling: cluster initialization
-postgresql_initialize: true
-# Controls running tasks handling: engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
-postgresql_manage_objects: true
-# Controls running tasks handling: configuration
-postgresql_configure: true
-# Controls running tasks handling: actual replication configuration
-postgresql_configure_replication: true
 
-# Controls installation when running it for patroni
+# Tells the role that the PostgreSQL instance is managed by Patroni therefore automatically disabling some features initialization,auto tuning,regular configuration, actual replication configuration
 postgresql_is_patroni: false
-# Whether to essentially not run any tasks after installation
+# When combined with postgresql_install:true, this essentially skips all remaining tasks after packages installation
 postgresql_only_install: false
 
 # PostgreSQl connection vars object
+# This variable is used to feed common connection parameters when calling community.postgresql modules
+# to manage database objects (users, databases, schemas, etc..)
 postgresql_conn_vars:
-  ca_cert: null # alias ssl_rootcert
+  ca_cert: null   # alias ssl_rootcert
   connect_params: null
   login_host: null
   login_password: null
@@ -372,7 +375,4 @@ postgresql_conn_vars:
   ssl_cert: null
   ssl_key: null
   ssl_mode: null
-#     # login_db: "{{ item.db | default(omit) }}"
-#     # trust_input: "{{ item.trust_input | d(omit) }}"
 
-#     # maintenance_db: postgres (on database module)

From 9c245066b73242f9c1c5863a48b16f90892dd392 Mon Sep 17 00:00:00 2001
From: Mensah David Assigbi <50207516+davidassigbi@users.noreply.github.com>
Date: Thu, 27 Mar 2025 22:23:48 +0100
Subject: [PATCH 13/22] Include missing tag always to _postgresql_end_role set
 fact

---
 tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 32c8718..ddc6a9c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,7 +23,7 @@
 - name: Set fact for ending role
   ansible.builtin.set_fact:
     _postgresql_end_role: "{{ postgresql_install and postgresql_only_install }}"
-
+  tags: always
 
 - name: Import initialization tasks
   ansible.builtin.import_tasks: initialize.yml

From 6f1fced2b7be98bafdce233f44100e2db2accdc0 Mon Sep 17 00:00:00 2001
From: Mensah David Assigbi <50207516+davidassigbi@users.noreply.github.com>
Date: Fri, 28 Mar 2025 09:16:53 +0100
Subject: [PATCH 14/22] Update README.md

[skip ci]
---
 README.md | 53 +++++++++++++++++++++++++++--------------------------
 1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/README.md b/README.md
index 7ee5ccf..5cb136b 100644
--- a/README.md
+++ b/README.md
@@ -14,13 +14,14 @@ Install and configure PostgreSQL server on Debian and RedHat systems using this
 ## Table of Contents
 
 1. [Role Requirements](#warning-requirements)
-2. [Role Dependencies](#arrows_counterclockwise-dependencies)
+2. [Role Dependencies](#arrows_counterclockwise-collection-dependencies)
 3. [Role Installation](#zap-role-installation)
 4. [Features and Tags](#available-features-and-tags)
 6. [Supported Linux/PostgreSQL Versions](#linuxpostgresql-versions-supported)
 5. [Role features in use](#role-features-in-use)
     - [Proxy usage](#proxy-usage)
     - [Installation](#installation)
+    - [Patroni integration](#patroni-integration)
     - [Configuration](#configuration)
     - [Auto tuning](#auto-tuning)
     - [Physical replication](#physical-replication)
@@ -61,37 +62,37 @@ ansible-galaxy install claranet.postgresql
 -----
 This role support the following features and tags along with control variables in the following order during execution:
 
-Feature                             | Control variable(s) | Tag(s)
-------------------------------------|---------------------
-Uninstallation                      | postgresql_uninstall_1,postgresql_uninstall_2 | uninstallation
-Installation                        | postgresql_install | install, installation
-Datadir initialization              | postgresql_initialize | init,initialize,initialise
-Auto tune (with pg-config.org)      | postgresql_autotune | autotune, auto-tune
-Configuration                       | postgresql_configure | config, configure, configuration
+Feature                             | Control variable(s)                                     | Tag(s)
+------------------------------------|---------------------------------------------------------|------------------------
+Uninstallation                      | postgresql_uninstall_1,postgresql_uninstall_2           | uninstallation
+Installation                        | postgresql_install                                      | install, installation
+Datadir initialization              | postgresql_initialize                                   | init,initialize,initialise
+Auto tune (with pg-config.org)      | postgresql_autotune                                     | autotune, auto-tune
+Configuration                       | postgresql_configure                                    | config, configure, configuration
 Replication                         | postgresql_replication,postgresql_configure_replication | repli, replication
-Vacuum                              | postgresql_vacuum | vacuum
-Backup                              | postgresql_backup | backup
-User & membership management        | postgresql_manage_objects | user, users
-Tablespace management               | postgresql_manage_objects | tblspc, tablespace, tablespaces
-Database management                 | postgresql_manage_objects | db, database, databases
-Ownership & privileges management   | postgresql_manage_objects | owner, owners, ownership, priv, privs, privileges
-Extensions management               | postgresql_manage_objects | ext, extension, extensions
-SQL code executions                 | postgresql_manage_objects | query, script
+Vacuum                              | postgresql_vacuum                                       | vacuum
+Backup                              | postgresql_backup                                       | backup
+User & membership management        | postgresql_manage_objects                               | user, users
+Tablespace management               | postgresql_manage_objects                               | tblspc, tablespace, tablespaces
+Database management                 | postgresql_manage_objects                               | db, database, databases
+Ownership & privileges management   | postgresql_manage_objects                               | owner, owners, ownership, priv, privs, privileges
+Extensions management               | postgresql_manage_objects                               | ext, extension, extensions
+SQL code executions                 | postgresql_manage_objects                               | query, script
 
 
 Linux/PostgreSQL versions supported
 -----
 
-Linux/PostgreSQL  |  12  |  13  |  14  |  15  | 16
-------------------|:----:|:----:|:----:|:----:|:----:
-Debian 11         | Yes  | Yes  | Yes  | Yes  |  Yes 
-Debian 12         | Yes  | Yes  | Yes  | Yes  |  Yes 
-Ubuntu 20.04      | Yes  | Yes  | Yes  | Yes  |  Yes 
-Ubuntu 22.04      | Yes  | Yes  | Yes  | Yes  |  Yes 
-Ubuntu 24.04      | Yes  | Yes  | Yes  | Yes  |  Yes 
-RockyLinux 8.9    | Yes  | Yes  | Yes  | Yes  |  Yes 
-RockyLinux 9.3    | Yes  | Yes  | Yes  | Yes  |  Yes 
-Fedora 38         | No   | No   | No   | No   |  No  
+Linux/PostgreSQL  |  12  |  13  |  14  |  15  | 16   |  17
+------------------|:----:|:----:|:----:|:----:|:----:|:----:
+Debian 11         | Yes  | Yes  | Yes  | Yes  |  Yes |  Yes
+Debian 12         | Yes  | Yes  | Yes  | Yes  |  Yes |  Yes
+Ubuntu 20.04      | Yes  | Yes  | Yes  | Yes  |  Yes |  Yes
+Ubuntu 22.04      | Yes  | Yes  | Yes  | Yes  |  Yes |  Yes
+Ubuntu 24.04      | Yes  | Yes  | Yes  | Yes  |  Yes |  Yes
+RockyLinux 8.9    | Yes  | Yes  | Yes  | Yes  |  Yes |  Yes
+RockyLinux 9.3    | Yes  | Yes  | Yes  | Yes  |  Yes |  Yes
+Fedora 38         | No   | No   | No   | No   |  No  |  No
 
 ## Role features in use
 

From 066a6e5b945feaf967bace4b3711172466605101 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 8 Apr 2025 11:46:59 +0200
Subject: [PATCH 15/22] Removed need to use postgresql_replication when using
 postgresql_is_patroni making the required parameters clearer

---
 README.md      |  4 +---
 tasks/main.yml | 10 +++++-----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 5cb136b..6ec5a1d 100644
--- a/README.md
+++ b/README.md
@@ -608,9 +608,7 @@ postgresql_tempfile_group: root
 postgresql_initialize: true
 # Controls running tasks handling: engine specific objects like databases,users,tablespaces,ownerships,extensions,sqlquery executions
 postgresql_manage_objects: true
-# Controls running tasks handling: configuration
-postgresql_configure: true
-# Controls running tasks handling: actual replication configuration 
+# Controls running tasks handling: actual replication configuration
 postgresql_configure_replication: true
 ```
 
diff --git a/tasks/main.yml b/tasks/main.yml
index ddc6a9c..4bb3238 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -98,7 +98,7 @@
   when:
     - not _postgresql_end_role
     - postgresql_manage_objects
-    - not postgresql_replication or postgresql_replication_role == "primary"
+    - not (postgresql_replication or postgresql_is_patroni) or postgresql_replication_role == "primary"
   tags:
     - user
     - users
@@ -118,7 +118,7 @@
   when:
     - not _postgresql_end_role
     - postgresql_manage_objects
-    - not postgresql_replication or postgresql_replication_role == "primary"
+    - not (postgresql_replication or postgresql_is_patroni) or postgresql_replication_role == "primary"
   tags:
     - db
     - database
@@ -129,7 +129,7 @@
   when:
     - not _postgresql_end_role
     - postgresql_manage_objects
-    - not postgresql_replication or postgresql_replication_role == "primary"
+    - not (postgresql_replication or postgresql_is_patroni) or postgresql_replication_role == "primary"
   tags:
     - owner
     - owners
@@ -143,7 +143,7 @@
   when:
     - not _postgresql_end_role
     - postgresql_manage_objects
-    - not postgresql_replication or postgresql_replication_role == "primary"
+    - not (postgresql_replication or postgresql_is_patroni) or postgresql_replication_role == "primary"
   tags:
     - ext
     - extension
@@ -154,7 +154,7 @@
   when:
     - not _postgresql_end_role
     - postgresql_manage_objects
-    - not postgresql_replication or postgresql_replication_role == "primary"
+    - not (postgresql_replication or postgresql_is_patroni) or postgresql_replication_role == "primary"
   tags:
     - query
     - script

From 19a12583339d55b5dde3dd0a282b6f0b2dab8b81 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Thu, 17 Apr 2025 09:00:21 +0200
Subject: [PATCH 16/22] chore: Update molecule job to run on Ubuntu 22.04 as
 Ubuntu 20 runners are deprecated

---
 .github/workflows/molecule.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index dcfc3c1..9da955d 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -49,7 +49,7 @@ jobs:
     needs:
       - lint
       - setup
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:

From c89aaf90151e908043e59e0bd0b50f547b618071 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Thu, 17 Apr 2025 09:50:30 +0200
Subject: [PATCH 17/22] docs: Include postgresql_conn_vars documentation

---
 .github/workflows/molecule.yml |  2 +-
 README.md                      | 22 +++++++++++++++++++---
 defaults/main.yml              | 32 +++++++++++++++-----------------
 3 files changed, 35 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 9da955d..d5cf624 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -55,7 +55,7 @@ jobs:
       matrix:
         scenario: ${{ fromJson(needs.setup.outputs.scenarios) }}
         postgresql_version:
-          - 17
+          - 16
         config:
           - name: rocky8
             image: "rockylinux"
diff --git a/README.md b/README.md
index 6ec5a1d..cba3edd 100644
--- a/README.md
+++ b/README.md
@@ -64,12 +64,12 @@ This role support the following features and tags along with control variables i
 
 Feature                             | Control variable(s)                                     | Tag(s)
 ------------------------------------|---------------------------------------------------------|------------------------
-Uninstallation                      | postgresql_uninstall_1,postgresql_uninstall_2           | uninstallation
+Uninstallation                      | postgresql_uninstall_1, postgresql_uninstall_2           | uninstallation
 Installation                        | postgresql_install                                      | install, installation
 Datadir initialization              | postgresql_initialize                                   | init,initialize,initialise
 Auto tune (with pg-config.org)      | postgresql_autotune                                     | autotune, auto-tune
 Configuration                       | postgresql_configure                                    | config, configure, configuration
-Replication                         | postgresql_replication,postgresql_configure_replication | repli, replication
+Replication                         | postgresql_replication, postgresql_configure_replication | repli, replication
 Vacuum                              | postgresql_vacuum                                       | vacuum
 Backup                              | postgresql_backup                                       | backup
 User & membership management        | postgresql_manage_objects                               | user, users
@@ -610,6 +610,22 @@ postgresql_initialize: true
 postgresql_manage_objects: true
 # Controls running tasks handling: actual replication configuration
 postgresql_configure_replication: true
+
+# PostgreSQl connection vars object
+# This variable is used to feed common connection parameters when calling community.postgresql modules
+# to manage database objects (users, databases, schemas, etc..)
+postgresql_conn_vars:
+  ca_cert: null   # alias ssl_rootcert
+  connect_params: null
+  login_host: null
+  login_password: null
+  login_unix_socket: "{{ postgresql_unix_socket_directories[0] | d(null, true) }}"
+  login_user: "{{ postgresql_user }}"
+  login_port: "{{ postgresql_port }}"
+  session_role: null
+  ssl_cert: null
+  ssl_key: null
+  ssl_mode: null
 ```
 
 ### Uninstallation
@@ -626,7 +642,7 @@ If you want to uninstall a Postgresql installation with this role, set both vari
   gather_facts: true
 
   vars:
-    postgresql_version: "15"
+    postgresql_version: "16"
 
     # Run debug tasks withint the role 
     postgresql_debug: true
diff --git a/defaults/main.yml b/defaults/main.yml
index 49ff748..55e8fbc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -109,6 +109,21 @@ postgresql_group: postgres
 postgresql_service_state: started
 # Whether or not to enable the postgresql service after installation
 postgresql_service_enabled: true
+# PostgreSQl connection vars object
+# This variable is used to feed common connection parameters when calling community.postgresql modules
+# to manage database objects (users, databases, schemas, etc..)
+postgresql_conn_vars:
+  ca_cert: null   # alias ssl_rootcert
+  connect_params: null
+  login_host: null
+  login_password: null
+  login_unix_socket: "{{ postgresql_unix_socket_directories[0] | d(null, true) }}"
+  login_user: "{{ postgresql_user }}"
+  login_port: "{{ postgresql_port }}"
+  session_role: null
+  ssl_cert: null
+  ssl_key: null
+  ssl_mode: null
 
 
 # PosgreSQL objects management
@@ -359,20 +374,3 @@ postgresql_uninstall_2: false
 postgresql_is_patroni: false
 # When combined with postgresql_install:true, this essentially skips all remaining tasks after packages installation
 postgresql_only_install: false
-
-# PostgreSQl connection vars object
-# This variable is used to feed common connection parameters when calling community.postgresql modules
-# to manage database objects (users, databases, schemas, etc..)
-postgresql_conn_vars:
-  ca_cert: null   # alias ssl_rootcert
-  connect_params: null
-  login_host: null
-  login_password: null
-  login_unix_socket: "{{ postgresql_unix_socket_directories[0] | d(null, true) }}"
-  login_user: "{{ postgresql_user }}"
-  login_port: "{{ postgresql_port }}"
-  session_role: null
-  ssl_cert: null
-  ssl_key: null
-  ssl_mode: null
-

From 6c9675b90637dc9c19eefe976c4e2445525458a7 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 29 Apr 2025 13:48:26 +0200
Subject: [PATCH 18/22] fix: applying suggestions

---
 README.md                     |  2 +-
 tasks/replication-replica.yml |  2 --
 tasks/setup-vars.yml          | 11 +----------
 3 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index cba3edd..8efd5b9 100644
--- a/README.md
+++ b/README.md
@@ -644,7 +644,7 @@ If you want to uninstall a Postgresql installation with this role, set both vari
   vars:
     postgresql_version: "16"
 
-    # Run debug tasks withint the role 
+    # Run debug tasks within the role
     postgresql_debug: true
 
     # Configuration
diff --git a/tasks/replication-replica.yml b/tasks/replication-replica.yml
index 9be3ce9..8bf4ce6 100644
--- a/tasks/replication-replica.yml
+++ b/tasks/replication-replica.yml
@@ -88,12 +88,10 @@
         login_password: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_password | d(omit, true) }}"
         login_unix_socket: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_unix_socket | d(omit, true) }}"
         login_user: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_user | d(omit, true) }}"
-        # login_port: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.login_port | d(omit, true) }}"
         session_role: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.session_role | d(omit, true) }}"
         ssl_cert: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ssl_cert | d(omit, true) }}"
         ssl_key: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ssl_key | d(omit, true) }}"
         ssl_mode: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ssl_mode | d(omit, true) }}"
-        # connection options
         login_port: "{{ postgresql_replication_primary_port }}"
       delegate_to: "{{ postgresql_replication_primary_inventory_name | d(omit, true) }}"
       become: true
diff --git a/tasks/setup-vars.yml b/tasks/setup-vars.yml
index 82742f5..15156d1 100644
--- a/tasks/setup-vars.yml
+++ b/tasks/setup-vars.yml
@@ -40,13 +40,4 @@
 - name: Set postgresql_conn_vars to make it available later in hostvars
   ansible.builtin.set_fact:
     postgresql_conn_vars: "{{ postgresql_conn_vars }}"
-  # no_log: true
-
-# - name: Show delegated_to facts
-#   delegate_to: "{{ (hostvars.keys() | list)[1] }}"
-#   ansible.builtin.debug:
-#     var: v
-#   vars:
-#     v:
-#       ca_cert: "{{ hostvars[postgresql_replication_primary_inventory_name].postgresql_conn_vars.ca_cert | d(omit, true) }}"
-
+  no_log: "{{ postgresql_debug }}"

From 7e06dd7706cdf39b35f17c2805273eaaadb4bb6c Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 29 Apr 2025 14:42:01 +0200
Subject: [PATCH 19/22] test: ci failing on gcc installation on random
 container

---
 .github/workflows/molecule.yml | 36 +++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index d5cf624..c531c39 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -57,27 +57,27 @@ jobs:
         postgresql_version:
           - 16
         config:
-          - name: rocky8
-            image: "rockylinux"
-            tag: "8.9"
+          # - name: rocky8
+          #   image: "rockylinux"
+          #   tag: "8.9"
           - name: rocky9
             image: "rockylinux"
             tag: "9.3"
-          - name: debian11
-            image: "debian"
-            tag: "11"
-          - name: debian12
-            image: "debian"
-            tag: "12"
-          - name: ubuntu20
-            image: "ubuntu"
-            tag: "20.04"
-          - name: ubuntu22
-            image: "ubuntu"
-            tag: "22.04"
-          - name: ubuntu24
-            image: "ubuntu"
-            tag: "24.04"
+          # - name: debian11
+          #   image: "debian"
+          #   tag: "11"
+          # - name: debian12
+          #   image: "debian"
+          #   tag: "12"
+          # - name: ubuntu20
+          #   image: "ubuntu"
+          #   tag: "20.04"
+          # - name: ubuntu22
+          #   image: "ubuntu"
+          #   tag: "22.04"
+          # - name: ubuntu24
+          #   image: "ubuntu"
+          #   tag: "24.04"
 
     steps:
       - name: checkout

From 790a3897406ede35505436e5ec6c3af54eceee1d Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 29 Apr 2025 14:49:07 +0200
Subject: [PATCH 20/22] test: ci failing on gcc installation on random
 container

---
 .github/workflows/molecule.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index c531c39..09f57b0 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -61,8 +61,8 @@ jobs:
           #   image: "rockylinux"
           #   tag: "8.9"
           - name: rocky9
-            image: "rockylinux"
-            tag: "9.3"
+            image: "rockylinux/rockylinux"
+            tag: "9.5"
           # - name: debian11
           #   image: "debian"
           #   tag: "11"

From 4a62f3a825beff6c389012c0ccbb577dc048a927 Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 29 Apr 2025 15:51:25 +0200
Subject: [PATCH 21/22] test: ci failing on gcc installation on random
 container

---
 .github/workflows/molecule.yml | 36 +++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 09f57b0..da08efd 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -57,27 +57,27 @@ jobs:
         postgresql_version:
           - 16
         config:
-          # - name: rocky8
-          #   image: "rockylinux"
-          #   tag: "8.9"
+          - name: rocky8
+            image: "rockylinux"
+            tag: "8.9"
           - name: rocky9
             image: "rockylinux/rockylinux"
             tag: "9.5"
-          # - name: debian11
-          #   image: "debian"
-          #   tag: "11"
-          # - name: debian12
-          #   image: "debian"
-          #   tag: "12"
-          # - name: ubuntu20
-          #   image: "ubuntu"
-          #   tag: "20.04"
-          # - name: ubuntu22
-          #   image: "ubuntu"
-          #   tag: "22.04"
-          # - name: ubuntu24
-          #   image: "ubuntu"
-          #   tag: "24.04"
+          - name: debian11
+            image: "debian"
+            tag: "11"
+          - name: debian12
+            image: "debian"
+            tag: "12"
+          - name: ubuntu20
+            image: "ubuntu"
+            tag: "20.04"
+          - name: ubuntu22
+            image: "ubuntu"
+            tag: "22.04"
+          - name: ubuntu24
+            image: "ubuntu"
+            tag: "24.04"
 
     steps:
       - name: checkout

From 99fba94ec300a8c10142525fe415592b8584628c Mon Sep 17 00:00:00 2001
From: David ASSIGBI <david.assigbi@fr.clara.net>
Date: Tue, 29 Apr 2025 16:16:20 +0200
Subject: [PATCH 22/22] test: ci failing on gcc installation on random
 container

---
 .github/workflows/molecule.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index da08efd..ef42adf 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -58,8 +58,8 @@ jobs:
           - 16
         config:
           - name: rocky8
-            image: "rockylinux"
-            tag: "8.9"
+            image: "rockylinux/rockylinux"
+            tag: "8.10"
           - name: rocky9
             image: "rockylinux/rockylinux"
             tag: "9.5"