remove pg_hba template and switch to module
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
ef9d32cb82
commit
0ce0c47c97
@ -48,6 +48,23 @@ postgres_users: []
|
|||||||
# @end
|
# @end
|
||||||
|
|
||||||
postgres_hba_entries:
|
postgres_hba_entries:
|
||||||
- {type: local, database: all, user: all, auth_method: peer}
|
- contype: local
|
||||||
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
|
databases:
|
||||||
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
|
- all
|
||||||
|
users:
|
||||||
|
- all
|
||||||
|
auth_method: peer
|
||||||
|
- contype: host
|
||||||
|
databases:
|
||||||
|
- all
|
||||||
|
users:
|
||||||
|
- all
|
||||||
|
address: "127.0.0.1/32"
|
||||||
|
auth_method: md5
|
||||||
|
- contype: host
|
||||||
|
databases:
|
||||||
|
- all
|
||||||
|
users:
|
||||||
|
- all
|
||||||
|
address: '::1/128'
|
||||||
|
auth_method: md5
|
||||||
|
|||||||
@ -17,10 +17,17 @@
|
|||||||
when: item.pam_user | default(False)
|
when: item.pam_user | default(False)
|
||||||
|
|
||||||
- name: Setup client authentication
|
- name: Setup client authentication
|
||||||
template:
|
postgresql_pg_hba:
|
||||||
src: postgresql/data/pg_hba.conf.j2
|
|
||||||
dest: "{{ __postgres_config_path }}/pg_hba.conf"
|
dest: "{{ __postgres_config_path }}/pg_hba.conf"
|
||||||
mode: 0600
|
contype: "{{ item.contype | default('local') }}"
|
||||||
|
users: "{{ item.users | default(['all'])) | join(',') }}"
|
||||||
|
address: "{{ item.address | default('samehost') }}"
|
||||||
|
databases: "{{ item.databases | default(['all'])) | join(',') }}"
|
||||||
|
method: "{{ item.auth_method | default('md5') }}"
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
loop: "{{ postgres_hba_entries }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.address | default('samehost') }}:{{ item.databases | default(['all'])) | join(',') }}:{{ item.users | default(['all'])) | join(',') }}"
|
||||||
notify: __postgres_restart
|
notify: __postgres_restart
|
||||||
|
|
||||||
- name: Open ports in iptables
|
- name: Open ports in iptables
|
||||||
|
|||||||
@ -1,10 +0,0 @@
|
|||||||
{{ ansible_managed | comment }}
|
|
||||||
# PostgreSQL Client Authentication Configuration File
|
|
||||||
# ===================================================
|
|
||||||
#
|
|
||||||
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
|
|
||||||
|
|
||||||
# TYPE DATABASE USER ADDRESS METHOD
|
|
||||||
{% for client in postgres_hba_entries %}
|
|
||||||
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
|
|
||||||
{% endfor %}
|
|
||||||
Loading…
Reference in New Issue
Block a user