Use ssl for the replication connection if possible

2021-04-06 14:52:22 +02:00 · 2021-04-06 14:52:22 +02:00 · ebec0f1c0a
parent 8e5010fd65
commit ebec0f1c0a
1 changed files with 32 additions and 0 deletions
--- a/tasks/postgresql-streaming-replication.yml
+++ b/tasks/postgresql-streaming-replication.yml
@ -35,6 +35,22 @@
      state: present
    loop: '{{ psql_streaming_replication_hosts }}'
    notify: Reload postgresql
+    when: not psql_enable_ssl
+
+  - name: Configure the replication user permissions
+    postgresql_pg_hba:
+      dest: '{{ psql_conf_dir }}/pg_hba.conf'
+      contype: hostssl
+      users: '{{ psql_streaming_replication_user }}'
+      address: '{{ item }}'
+      databases: 'replication'
+      #method: 'scram-sha-256'
+      method: 'md5'
+      state: present
+    loop: '{{ psql_streaming_replication_hosts }}'
+    notify: Reload postgresql
+    when: psql_enable_ssl
+
  when: ansible_distribution_file_variety == "Debian"
  tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_hba', 'postgresql_replication' ]

@ -52,5 +68,21 @@
      state: present
    loop: '{{ psql_streaming_replication_hosts }}'
    notify: Reload postgresql
+    when: not psql_enable_ssl
+
+  - name: Configure the replication user permissions
+    postgresql_pg_hba:
+      dest: '{{ psql_el_conf_dir }}/pg_hba.conf'
+      contype: hostssl
+      users: '{{ psql_streaming_replication_user }}'
+      address: '{{ item }}'
+      databases: 'replication'
+      #method: 'scram-sha-256'
+      method: 'md5'
+      state: present
+    loop: '{{ psql_streaming_replication_hosts }}'
+    notify: Reload postgresql
+    when: psql_enable_ssl
+
  when: ansible_distribution_file_variety == "RedHat"
  tags: [ 'postgresql', 'postgres', 'pg_conf', 'pg_hba', 'postgresql_replication' ]