add iptables task
This commit is contained in:
parent
2b5552a892
commit
ecb0f0e575
|
|
@ -13,6 +13,7 @@ postgres_log_filename: postgresql.log
|
||||||
postgres_log_rotation_age: 1d
|
postgres_log_rotation_age: 1d
|
||||||
postgres_log_rotation_size: 0
|
postgres_log_rotation_size: 0
|
||||||
|
|
||||||
|
postgres_iptables_enabled: False
|
||||||
postgres_connection_port: 5432
|
postgres_connection_port: 5432
|
||||||
postgres_connection_addresses:
|
postgres_connection_addresses:
|
||||||
- localhost
|
- localhost
|
||||||
|
|
|
||||||
|
|
@ -1,27 +1,34 @@
|
||||||
---
|
---
|
||||||
- block:
|
- block:
|
||||||
- name: Setup global config file
|
- name: Setup global config file
|
||||||
template:
|
template:
|
||||||
src: postgresql/data/postgresql.conf.j2
|
src: postgresql/data/postgresql.conf.j2
|
||||||
dest: "{{ __postgres_config_path }}/postgresql.conf"
|
dest: "{{ __postgres_config_path }}/postgresql.conf"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
notify: __postgres_restart
|
notify: __postgres_restart
|
||||||
|
|
||||||
- name: Create local users for pam auth
|
- name: Create local users for pam auth
|
||||||
user:
|
user:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
|
password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
|
||||||
state: "{{ item.state | default('present') }}"
|
state: "{{ item.state | default('present') }}"
|
||||||
with_items: "{{ postgres_users }}"
|
with_items: "{{ postgres_users }}"
|
||||||
no_log: True
|
no_log: True
|
||||||
when: item.pam_user | default(False)
|
when: item.pam_user | default(False)
|
||||||
|
|
||||||
- name: Setup client authentication
|
- name: Setup client authentication
|
||||||
template:
|
template:
|
||||||
src: postgresql/data/pg_hba.conf.j2
|
src: postgresql/data/pg_hba.conf.j2
|
||||||
dest: "{{ __postgres_config_path }}/pg_hba.conf"
|
dest: "{{ __postgres_config_path }}/pg_hba.conf"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
notify: __postgres_restart
|
notify: __postgres_restart
|
||||||
|
|
||||||
|
- name: Open ports in iptables
|
||||||
|
iptables_raw:
|
||||||
|
name: allow_postgres_port
|
||||||
|
state: present
|
||||||
|
rules: '-A INPUT -m state --state NEW -p tcp --dport {{ postgres_connection_port }} -j ACCEPT'
|
||||||
|
when: postgres_iptables_enabled
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue