force password auth for all users as default
This commit is contained in:
parent
dc21d09988
commit
719585da34
@ -28,3 +28,8 @@ postgres_tls_source_use_content: False
|
|||||||
postgres_tls_source_use_files: True
|
postgres_tls_source_use_files: True
|
||||||
postgres_tls_cert_source: mycert.pem
|
postgres_tls_cert_source: mycert.pem
|
||||||
postgres_tls_key_source: mykey.pem
|
postgres_tls_key_source: mykey.pem
|
||||||
|
|
||||||
|
postgresql_hba_entries:
|
||||||
|
- {type: local, database: all, user: all, auth_method: md5}
|
||||||
|
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
|
||||||
|
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
|
||||||
|
@ -6,5 +6,10 @@
|
|||||||
dest: "{{ __postgres_config_path }}/postgresql.conf"
|
dest: "{{ __postgres_config_path }}/postgresql.conf"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
notify: __postgres_restart
|
notify: __postgres_restart
|
||||||
|
- name: Setup client authentication
|
||||||
|
template:
|
||||||
|
src: postgresql/data/pq_hba.conf.j2
|
||||||
|
dest: "{{ __postgres_config_path }}/pg_hba.conf"
|
||||||
|
mode: 0600
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
10
templates/postgresql/data/pg_hba.conf.j2
Normal file
10
templates/postgresql/data/pg_hba.conf.j2
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
# PostgreSQL Client Authentication Configuration File
|
||||||
|
# ===================================================
|
||||||
|
#
|
||||||
|
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
|
||||||
|
|
||||||
|
# TYPE DATABASE USER ADDRESS METHOD
|
||||||
|
{% for client in postgresql_hba_entries %}
|
||||||
|
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
|
||||||
|
{% endfor %}
|
Loading…
Reference in New Issue
Block a user