remove pg_hba template and switch to module
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Robert Kaussow 2019-10-23 09:44:56 +02:00
parent ef9d32cb82
commit 0ce0c47c97
3 changed files with 30 additions and 16 deletions

View File

@ -48,6 +48,23 @@ postgres_users: []
# @end # @end
postgres_hba_entries: postgres_hba_entries:
- {type: local, database: all, user: all, auth_method: peer} - contype: local
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5} databases:
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5} - all
users:
- all
auth_method: peer
- contype: host
databases:
- all
users:
- all
address: "127.0.0.1/32"
auth_method: md5
- contype: host
databases:
- all
users:
- all
address: '::1/128'
auth_method: md5

View File

@ -17,10 +17,17 @@
when: item.pam_user | default(False) when: item.pam_user | default(False)
- name: Setup client authentication - name: Setup client authentication
template: postgresql_pg_hba:
src: postgresql/data/pg_hba.conf.j2
dest: "{{ __postgres_config_path }}/pg_hba.conf" dest: "{{ __postgres_config_path }}/pg_hba.conf"
mode: 0600 contype: "{{ item.contype | default('local') }}"
users: "{{ item.users | default(['all'])) | join(',') }}"
address: "{{ item.address | default('samehost') }}"
databases: "{{ item.databases | default(['all'])) | join(',') }}"
method: "{{ item.auth_method | default('md5') }}"
state: "{{ item.state | default('present') }}"
loop: "{{ postgres_hba_entries }}"
loop_control:
label: "{{ item.address | default('samehost') }}:{{ item.databases | default(['all'])) | join(',') }}:{{ item.users | default(['all'])) | join(',') }}"
notify: __postgres_restart notify: __postgres_restart
- name: Open ports in iptables - name: Open ports in iptables

View File

@ -1,10 +0,0 @@
{{ ansible_managed | comment }}
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
# TYPE DATABASE USER ADDRESS METHOD
{% for client in postgres_hba_entries %}
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
{% endfor %}