force password auth for all users as default
This commit is contained in:
parent
dc21d09988
commit
719585da34
|
@ -28,3 +28,8 @@ postgres_tls_source_use_content: False
|
|||
postgres_tls_source_use_files: True
|
||||
postgres_tls_cert_source: mycert.pem
|
||||
postgres_tls_key_source: mykey.pem
|
||||
|
||||
postgresql_hba_entries:
|
||||
- {type: local, database: all, user: all, auth_method: md5}
|
||||
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
|
||||
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
|
||||
|
|
|
@ -6,5 +6,10 @@
|
|||
dest: "{{ __postgres_config_path }}/postgresql.conf"
|
||||
mode: 0600
|
||||
notify: __postgres_restart
|
||||
- name: Setup client authentication
|
||||
template:
|
||||
src: postgresql/data/pq_hba.conf.j2
|
||||
dest: "{{ __postgres_config_path }}/pg_hba.conf"
|
||||
mode: 0600
|
||||
become: True
|
||||
become_user: root
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
{{ ansible_managed | comment }}
|
||||
# PostgreSQL Client Authentication Configuration File
|
||||
# ===================================================
|
||||
#
|
||||
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
|
||||
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
{% for client in postgresql_hba_entries %}
|
||||
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
|
||||
{% endfor %}
|
Loading…
Reference in New Issue