41 lines
1.6 KiB
YAML
41 lines
1.6 KiB
YAML
---
|
|
- block:
|
|
- name: Setup global config file
|
|
template:
|
|
src: postgresql/data/postgresql.conf.j2
|
|
dest: "{{ __postgres_config_path }}/postgresql.conf"
|
|
mode: 0600
|
|
notify: __postgres_restart
|
|
|
|
- name: Create local users for pam auth
|
|
user:
|
|
name: "{{ item.name }}"
|
|
password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
|
|
state: "{{ item.state | default('present') }}"
|
|
loop: "{{ postgres_users }}"
|
|
no_log: True
|
|
when: item.pam_user | default(False)
|
|
|
|
- name: Setup client authentication
|
|
postgresql_pg_hba:
|
|
dest: "{{ __postgres_config_path }}/pg_hba.conf"
|
|
contype: "{{ item.contype | default('local') }}"
|
|
users: "{{ item.users | default(['all'])) | join(',') }}"
|
|
address: "{{ item.address | default('samehost') }}"
|
|
databases: "{{ item.databases | default(['all'])) | join(',') }}"
|
|
method: "{{ item.auth_method | default('md5') }}"
|
|
state: "{{ item.state | default('present') }}"
|
|
loop: "{{ postgres_hba_entries }}"
|
|
loop_control:
|
|
label: "{{ item.address | default('samehost') }}:{{ item.databases | default(['all'])) | join(',') }}:{{ item.users | default(['all'])) | join(',') }}"
|
|
notify: __postgres_restart
|
|
|
|
- name: Open ports in iptables
|
|
iptables_raw:
|
|
name: allow_postgres_port
|
|
state: present
|
|
rules: '-A INPUT -m state --state NEW -p tcp --dport {{ postgres_connection_port }} -j ACCEPT'
|
|
when: postgres_iptables_enabled | bool
|
|
become: True
|
|
become_user: root
|