xoxys.postgres/tasks/config.yml

---
- block:
  - name: Setup global config file
    template:
      src: postgresql/data/postgresql.conf.j2
      dest: "{{ __postgres_config_path }}/postgresql.conf"
      mode: 0600
    notify: __postgres_restart

  - name: Create local users for pam auth
    user:
      name: "{{ item.name }}"
      password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
      state: "{{ item.state | default('present') }}"
    with_items: "{{ postgres_users }}"
    no_log: True
    when: item.pam_user | default(False)

  - name: Setup client authentication
    template:
      src: postgresql/data/pg_hba.conf.j2
      dest: "{{ __postgres_config_path }}/pg_hba.conf"
      mode: 0600
    notify: __postgres_restart
  become: True
  become_user: root

- name: Force all notified handlers to activate pg_hba.conf
  meta: flush_handlers

- name: Ensure PostgreSQL users are present
  postgresql_user:
    name: "{{ item.name }}"
    password: "{{ 'md5' + (item.password + item.name) | hash('md5') }}"
    encrypted: "{{ item.encrypted | default('yes') }}"
    priv: "{{ item.priv | default(omit) }}"
    role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
    db: "{{ item.db | default(omit) }}"
    login_host: "{{ item.login_host | default('localhost') }}"
    login_password: "{{ item.login_password | default(omit) }}"
    login_user: "{{ item.login_user | default(postgres_user) }}"
    login_unix_socket: "{{ item.login_unix_socket | default(postgres_socket_directories[0]) }}"
    port: "{{ item.port | default(omit) }}"
    state: "{{ item.state | default('present') }}"
  no_log: True
  with_items: "{{ postgres_users }}"
  become: true
  become_user: "{{ postgres_user }}"
add postgresql.conf templating 2018-10-16 20:53:36 +02:00			`---`
			`- block:`
			`- name: Setup global config file`
			`template:`
			`src: postgresql/data/postgresql.conf.j2`
			`dest: "{{ __postgres_config_path }}/postgresql.conf"`
			`mode: 0600`
			`notify: __postgres_restart`
fix typo; notify restart after changing pg_hba 2018-10-17 22:26:30 +02:00
create linux users for pam auth 2018-10-22 22:10:06 +02:00			`- name: Create local users for pam auth`
			`user:`
			`name: "{{ item.name }}"`
use idempotent salt 2018-10-22 23:33:14 +02:00			`password: "{{ item.password \| password_hash('sha512', 65534 \| random(seed=inventory_hostname) \| string) }}"`
add state to pam users 2018-10-22 22:35:27 +02:00			`state: "{{ item.state \| default('present') }}"`
create linux users for pam auth 2018-10-22 22:10:06 +02:00			`with_items: "{{ postgres_users }}"`
fix password handling 2018-10-22 23:05:52 +02:00			`no_log: True`
create linux users for pam auth 2018-10-22 22:10:06 +02:00			`when: item.pam_user \| default(False)`

force password auth for all users as default 2018-10-17 22:19:04 +02:00			`- name: Setup client authentication`
			`template:`
fix typo; notify restart after changing pg_hba 2018-10-17 22:26:30 +02:00			`src: postgresql/data/pg_hba.conf.j2`
force password auth for all users as default 2018-10-17 22:19:04 +02:00			`dest: "{{ __postgres_config_path }}/pg_hba.conf"`
			`mode: 0600`
fix typo; notify restart after changing pg_hba 2018-10-17 22:26:30 +02:00			`notify: __postgres_restart`
add postgresql.conf templating 2018-10-16 20:53:36 +02:00			`become: True`
			`become_user: root`
multiple fixes in user handling 2018-10-18 22:59:39 +02:00
re-add force handler 2018-10-18 23:13:48 +02:00			`- name: Force all notified handlers to activate pg_hba.conf`
			`meta: flush_handlers`

multiple fixes in user handling 2018-10-18 22:59:39 +02:00			`- name: Ensure PostgreSQL users are present`
fix module name 2018-10-18 23:09:06 +02:00			`postgresql_user:`
multiple fixes in user handling 2018-10-18 22:59:39 +02:00			`name: "{{ item.name }}"`
fix idempotency 2018-10-25 23:40:05 +02:00			`password: "{{ 'md5' + (item.password + item.name) \| hash('md5') }}"`
multiple fixes in user handling 2018-10-18 22:59:39 +02:00			`encrypted: "{{ item.encrypted \| default('yes') }}"`
			`priv: "{{ item.priv \| default(omit) }}"`
			`role_attr_flags: "{{ item.role_attr_flags \| default(omit) }}"`
			`db: "{{ item.db \| default(omit) }}"`
			`login_host: "{{ item.login_host \| default('localhost') }}"`
			`login_password: "{{ item.login_password \| default(omit) }}"`
fix variables 2018-10-18 23:07:39 +02:00			`login_user: "{{ item.login_user \| default(postgres_user) }}"`
			`login_unix_socket: "{{ item.login_unix_socket \| default(postgres_socket_directories[0]) }}"`
multiple fixes in user handling 2018-10-18 22:59:39 +02:00			`port: "{{ item.port \| default(omit) }}"`
			`state: "{{ item.state \| default('present') }}"`
fix password handling 2018-10-22 23:05:52 +02:00			`no_log: True`
fix variables 2018-10-18 23:07:39 +02:00			`with_items: "{{ postgres_users }}"`
multiple fixes in user handling 2018-10-18 22:59:39 +02:00			`become: true`
fix variables 2018-10-18 23:07:39 +02:00			`become_user: "{{ postgres_user }}"`