Flush handlers after configuring pg_hba.

2023-10-25 16:29:36 +02:00 · 2023-10-25 16:29:36 +02:00 · fd68e8d04a
parent a6f71dda75
commit fd68e8d04a
1 changed files with 21 additions and 8 deletions
--- a/tasks/configure-access.yml
+++ b/tasks/configure-access.yml
@ -1,8 +1,6 @@
 ---
 - name: configure-access | Configure accesses on Deb/Ubuntu
  when: ansible_distribution_file_variety == "Debian"
-  become: true
-  become_user: postgres
  tags: ['postgresql', 'postgres', 'pg_hba', 'pg_db']
  block:
    - name: configure-access | Give access to the remote postgresql client
@ -14,6 +12,9 @@
        databases: '{{ item.0.name }}'
        # method: 'scram-sha-256'
        method: 'md5'
+        owner: root
+        group: postgres
+        mode: "0640"
        state: "{{ item.0.state | default('present') }}"
      with_subelements:
        - '{{ psql_db_data | default([]) }}'
@ -33,8 +34,14 @@
        databases: 'replication'
        method: 'peer'
        state: present
+        owner: root
+        group: postgres
+        mode: "0640"
      notify: Reload postgresql

+    - name: configure-access | Flush handlers
+      ansible.builtin.meta: flush_handlers
+
 - name: configure-access | Configure accesses on EL
  when: ansible_distribution_file_variety == "RedHat"
  block:
@ -51,8 +58,6 @@
      tags: ['postgresql', 'postgres', 'pg_hba', 'pg_db', 'firewall', 'iptables_rules']

    - name: configure-access | Give access to the remote postgresql client
-      become: true
-      become_user: postgres
      community.postgresql.postgresql_pg_hba:
        dest: '{{ psql_el_conf_dir }}/pg_hba.conf'
        contype: '{% if psql_force_ssl_client_connection %}hostssl{% else %}host{% endif %}'
@ -62,6 +67,9 @@
        # method: 'scram-sha-256'
        method: 'md5'
        state: "{{ item.0.state | default('present') }}"
+        owner: root
+        group: postgres
+        mode: "0640"
      with_subelements:
        - '{{ psql_db_data | default([]) }}'
        - allowed_hosts
@ -73,8 +81,6 @@

    # No conditionals, it is required to perform base backups when the WAL archive is active
    - name: configure-access | Remove the ident authentication for the local connections
-      become: true
-      become_user: postgres
      community.postgresql.postgresql_pg_hba:
        dest: '{{ psql_el_conf_dir }}/pg_hba.conf'
        contype: 'local'
@ -82,11 +88,12 @@
        databases: 'all'
        method: 'ident'
        state: absent
+        owner: root
+        group: postgres
+        mode: "0640"
      notify: Reload postgresql

    - name: configure-access | Give local access with replication privileges to the postgres user
-      become: true
-      become_user: postgres
      community.postgresql.postgresql_pg_hba:
        dest: '{{ psql_conf_dir }}/pg_hba.conf'
        contype: 'local'
@ -94,4 +101,10 @@
        databases: 'replication'
        method: 'peer'
        state: present
+        owner: root
+        group: postgres
+        mode: "0640"
      notify: Reload postgresql
+
+    - name: configure-access | Flush handlers
+      ansible.builtin.meta: flush_handlers