multiple fixes in user handling
This commit is contained in:
parent
dfaa71b52a
commit
f96dbc53f7
@ -5,7 +5,7 @@ postgres_repository_filename: "Postgresql-{{ postgres_version | regex_replace('\
|
||||
postgres_user: postgres
|
||||
postgres_group: postgres
|
||||
|
||||
# available postgresql.conf options
|
||||
# Available postgresql.conf options
|
||||
postgres_log_destination:
|
||||
- stderr
|
||||
postgres_log_directory: log
|
||||
@ -21,6 +21,7 @@ postgres_socket_directories:
|
||||
|
||||
postgres_password_encryption: md5
|
||||
|
||||
# Enable and setup ssl transport security
|
||||
postgres_tls_enabled: False
|
||||
postgres_tls_cert_filename: "mycert.pem"
|
||||
postgres_tls_key_filename: "mykey.pem"
|
||||
@ -29,7 +30,21 @@ postgres_tls_source_use_files: True
|
||||
postgres_tls_cert_source: mycert.pem
|
||||
postgres_tls_key_source: mykey.pem
|
||||
|
||||
postgresql_hba_entries:
|
||||
- {type: local, database: all, user: all, auth_method: md5}
|
||||
postgres_users: []
|
||||
# - name: jdoe #required; the rest are optional
|
||||
# password: # defaults to not set
|
||||
# encrypted: # defaults to 'yes'
|
||||
# priv: # defaults to not set
|
||||
# role_attr_flags: # defaults to not set
|
||||
# db: # defaults to not set
|
||||
# login_host: # defaults to 'localhost'
|
||||
# login_password: # defaults to not set
|
||||
# login_user: # defaults to '{{ postgres_user }}'
|
||||
# login_unix_socket: # defaults to 1st of postgres_socket_directories
|
||||
# port: # defaults to not set
|
||||
# state: # defaults to 'present'
|
||||
|
||||
postgres_hba_entries:
|
||||
- {type: local, database: all, user: all, auth_method: peer}
|
||||
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
|
||||
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
|
||||
|
@ -15,3 +15,30 @@
|
||||
notify: __postgres_restart
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- name: Ensure linux user '{{ postgresql_users }}' is present
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
with_items: "{{ postgresql_users }}"
|
||||
when: item.name == postgres_user
|
||||
|
||||
- name: Ensure PostgreSQL users are present
|
||||
postgresql_user:
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password | default(omit) }}"
|
||||
encrypted: "{{ item.encrypted | default('yes') }}"
|
||||
priv: "{{ item.priv | default(omit) }}"
|
||||
role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
|
||||
db: "{{ item.db | default(omit) }}"
|
||||
login_host: "{{ item.login_host | default('localhost') }}"
|
||||
login_password: "{{ item.login_password | default(omit) }}"
|
||||
login_user: "{{ item.login_user | default(postgresql_user) }}"
|
||||
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
|
||||
port: "{{ item.port | default(omit) }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
with_items: "{{ postgresql_users }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
become: true
|
||||
become_user: "{{ postgresql_user }}"
|
||||
|
@ -5,6 +5,6 @@
|
||||
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
|
||||
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
{% for client in postgresql_hba_entries %}
|
||||
{% for client in postgres_hba_entries %}
|
||||
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
|
||||
{% endfor %}
|
||||
|
Loading…
Reference in New Issue
Block a user