xoxys.postgres/tasks/config.yml

---
- block:
    - name: Setup global config file
      template:
        src: postgresql/data/postgresql.conf.j2
        dest: "{{ __postgres_config_path }}/postgresql.conf"
        mode: 0600
      notify: __postgres_restart

    - name: Create local users for pam auth
      user:
        name: "{{ item.name }}"
        password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
        state: "{{ item.state | default('present') }}"
      loop: "{{ postgres_users }}"
      loop_control:
        label: "{{ item.name }}"
      when: item.pam_user | default(False)

    - name: Setup client authentication
      postgresql_pg_hba:
        dest: "{{ __postgres_config_path }}/pg_hba.conf"
        contype: "{{ item.contype | default('local') }}"
        users: "{{ item.users | default(['all']) | join(',') }}"
        address: "{{ item.address | default('all') }}"
        databases: "{{ item.databases | default(['all']) | join(',') }}"
        method: "{{ item.auth_method | default('md5') }}"
        state: "{{ item.state | default('present') }}"
      loop: "{{ postgres_hba_entries + postgres_hba_entries_extra }}"
      loop_control:
        label: "{{ item.address | default('samehost') }}:{{ item.databases | default(['all']) | join(',') }}:{{ item.users | default(['all']) | join(',') }}"
      notify: __postgres_restart
  become: True
  become_user: root
add postgresql.conf templating 2018-10-16 20:53:36 +02:00			`---`
			`- block:`
add iptables task 2018-10-26 21:56:47 +02:00			`- name: Setup global config file`
			`template:`
			`src: postgresql/data/postgresql.conf.j2`
			`dest: "{{ __postgres_config_path }}/postgresql.conf"`
			`mode: 0600`
			`notify: __postgres_restart`
fix typo; notify restart after changing pg_hba 2018-10-17 22:26:30 +02:00
add iptables task 2018-10-26 21:56:47 +02:00			`- name: Create local users for pam auth`
			`user:`
			`name: "{{ item.name }}"`
			`password: "{{ item.password \| password_hash('sha512', 65534 \| random(seed=inventory_hostname) \| string) }}"`
			`state: "{{ item.state \| default('present') }}"`
remove old loop syntax 2019-08-27 22:55:28 +02:00			`loop: "{{ postgres_users }}"`
add loop control and remove no_log 2019-10-27 16:56:16 +01:00			`loop_control:`
			`label: "{{ item.name }}"`
add iptables task 2018-10-26 21:56:47 +02:00			`when: item.pam_user \| default(False)`
create linux users for pam auth 2018-10-22 22:10:06 +02:00
add iptables task 2018-10-26 21:56:47 +02:00			`- name: Setup client authentication`
remove pg_hba template and switch to module 2019-10-23 09:44:56 +02:00			`postgresql_pg_hba:`
add iptables task 2018-10-26 21:56:47 +02:00			`dest: "{{ __postgres_config_path }}/pg_hba.conf"`
remove pg_hba template and switch to module 2019-10-23 09:44:56 +02:00			`contype: "{{ item.contype \| default('local') }}"`
remove wrong bracket 2019-10-23 09:48:39 +02:00			`users: "{{ item.users \| default(['all']) \| join(',') }}"`
remove wrong bracket 2019-10-23 09:54:14 +02:00			`address: "{{ item.address \| default('all') }}"`
remove wrong bracket 2019-10-23 09:48:39 +02:00			`databases: "{{ item.databases \| default(['all']) \| join(',') }}"`
remove pg_hba template and switch to module 2019-10-23 09:44:56 +02:00			`method: "{{ item.auth_method \| default('md5') }}"`
			`state: "{{ item.state \| default('present') }}"`
add postgres_hba_entries_extra 2019-10-23 10:00:52 +02:00			`loop: "{{ postgres_hba_entries + postgres_hba_entries_extra }}"`
remove pg_hba template and switch to module 2019-10-23 09:44:56 +02:00			`loop_control:`
remove wrong bracket 2019-10-23 09:54:14 +02:00			`label: "{{ item.address \| default('samehost') }}:{{ item.databases \| default(['all']) \| join(',') }}:{{ item.users \| default(['all']) \| join(',') }}"`
add iptables task 2018-10-26 21:56:47 +02:00			`notify: __postgres_restart`
add postgresql.conf templating 2018-10-16 20:53:36 +02:00			`become: True`
			`become_user: root`