ansible/xoxys.postgres
1
0
Fork 0
Code Issues Pull Requests Releases Activity

add iptables task

Browse Source
This commit is contained in:
Robert Kaussow 2018-10-26 21:56:47 +02:00
parent 2b5552a892
commit ecb0f0e575
2 changed files with 28 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -13,6 +13,7 @@ postgres_log_filename: postgresql.log
postgres_log_rotation_age: 1d postgres_log_rotation_age: 1d
postgres_log_rotation_size: 0 postgres_log_rotation_size: 0
postgres_iptables_enabled: False
postgres_connection_port: 5432 postgres_connection_port: 5432
postgres_connection_addresses: postgres_connection_addresses:
- localhost - localhost

47
tasks/config.yml
View File

@ -1,27 +1,34 @@
--- ---
- block: - block:
- name: Setup global config file - name: Setup global config file
template: template:
src: postgresql/data/postgresql.conf.j2 src: postgresql/data/postgresql.conf.j2
dest: "{{ __postgres_config_path }}/postgresql.conf" dest: "{{ __postgres_config_path }}/postgresql.conf"
mode: 0600 mode: 0600
notify: __postgres_restart notify: __postgres_restart
- name: Create local users for pam auth - name: Create local users for pam auth
user: user:
name: "{{ item.name }}" name: "{{ item.name }}"
password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}" password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
with_items: "{{ postgres_users }}" with_items: "{{ postgres_users }}"
no_log: True no_log: True
when: item.pam_user | default(False) when: item.pam_user | default(False)
- name: Setup client authentication - name: Setup client authentication
template: template:
src: postgresql/data/pg_hba.conf.j2 src: postgresql/data/pg_hba.conf.j2
dest: "{{ __postgres_config_path }}/pg_hba.conf" dest: "{{ __postgres_config_path }}/pg_hba.conf"
mode: 0600 mode: 0600
notify: __postgres_restart notify: __postgres_restart
- name: Open ports in iptables
iptables_raw:
name: allow_postgres_port
state: present
rules: '-A INPUT -m state --state NEW -p tcp --dport {{ postgres_connection_port }} -j ACCEPT'
when: postgres_iptables_enabled
become: True become: True
become_user: root become_user: root