--- - block: - name: Setup global config file template: src: postgresql/data/postgresql.conf.j2 dest: "{{ __postgres_config_path }}/postgresql.conf" mode: 0600 notify: __postgres_restart - name: Create local users for pam auth user: name: "{{ item.name }}" password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}" state: "{{ item.state | default('present') }}" with_items: "{{ postgres_users }}" no_log: True when: item.pam_user | default(False) - name: Setup client authentication template: src: postgresql/data/pg_hba.conf.j2 dest: "{{ __postgres_config_path }}/pg_hba.conf" mode: 0600 notify: __postgres_restart become: True become_user: root - name: Force all notified handlers to activate pg_hba.conf meta: flush_handlers - name: Ensure PostgreSQL users are present postgresql_user: name: "{{ item.name }}" password: "{{ 'md5' + (item.password + item.name) | hash('md5') }}" encrypted: "{{ item.encrypted | default('yes') }}" priv: "{{ item.priv | default(omit) }}" role_attr_flags: "{{ item.role_attr_flags | default(omit) }}" db: "{{ item.db | default(omit) }}" login_host: "{{ item.login_host | default('localhost') }}" login_password: "{{ item.login_password | default(omit) }}" login_user: "{{ item.login_user | default(postgres_user) }}" login_unix_socket: "{{ item.login_unix_socket | default(postgres_socket_directories[0]) }}" port: "{{ item.port | default(omit) }}" state: "{{ item.state | default('present') }}" no_log: True with_items: "{{ postgres_users }}" become: true become_user: "{{ postgres_user }}"