ansible-roles/postgresql/tasks/configure-access.yml

---
#
# To give postgresql access to remote clients you need to define something like that:
#
# psql_db_data:
#    - { name: 'db_name', user: 'db_user', pwd: 'db_pwd', allowed_hosts: [ '146.48.123.17/32', '146.48.122.110/32' ] }
#
- name: Give access to the remote postgresql client
  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
  with_subelements: 
    - psql_db_data
    - allowed_hosts
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
    - item.1 is defined
  notify: Reload postgresql
  tags:
    - postgresql
    - postgres
    - pg_hba

- name: We want postgres listen on the public IP
  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = '*'"
  notify: Restart postgresql
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
  tags:
    - postgresql
    - postgres
    - pg_conf

- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = 'localhost'"
  notify: Restart postgresql
  when:
    - not psql_listen_on_ext_int
    - psql_db_data is defined
  tags:
    - postgresql
    - postgres
    - pg_conf

- name: Log the connections
  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_connections.*$" line="log_connections = on"
  notify: Restart postgresql
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
  tags:
    - postgresql
    - postgres
    - pg_conf

- name: Log the disconnections
  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_disconnections.*$" line="log_disconnections = on"
  notify: Restart postgresql
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
  tags:
    - postgresql
    - postgres
    - pg_conf

- name: Log the hostnames
  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_hostname.*$" line="log_hostname = on"
  notify: Restart postgresql
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
  tags:
    - postgresql
    - postgres
    - pg_conf

- name: Set the correct permissions to the postgresql files
  file: dest=/etc/postgresql/{{ psql_version }}/main/{{ item }} owner=root group=postgres mode=0640
  with_items:
    - pg_hba.conf
    - postgresql.conf
  tags:
    - postgresql
    - postgres
    - pg_hba
Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00			`---`
			`#`
			`# To give postgresql access to remote clients you need to define something like that:`
			`#`
			`# psql_db_data:`
			`# - { name: 'db_name', user: 'db_user', pwd: 'db_pwd', allowed_hosts: [ '146.48.123.17/32', '146.48.122.110/32' ] }`
			`#`
			`- name: Give access to the remote postgresql client`
			`lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"`
			`with_subelements:`
			`- psql_db_data`
			`- allowed_hosts`
			`when:`
			`- psql_listen_on_ext_int`
			`- psql_db_data is defined`
			`- item.1 is defined`
			`notify: Reload postgresql`
			`tags:`
			`- postgresql`
			`- postgres`
			`- pg_hba`

			`- name: We want postgres listen on the public IP`
			`lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.$" line="listen_addresses = ''"`
			`notify: Restart postgresql`
			`when:`
			`- psql_listen_on_ext_int`
			`- psql_db_data is defined`
			`tags:`
			`- postgresql`
			`- postgres`
			`- pg_conf`

			`- name: If postgresql is only accessed from localhost make it listen only on the localhost interface`
			`lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = 'localhost'"`
			`notify: Restart postgresql`
			`when:`
			`- not psql_listen_on_ext_int`
			`- psql_db_data is defined`
			`tags:`
			`- postgresql`
			`- postgres`
			`- pg_conf`

			`- name: Log the connections`
			`lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_connections.*$" line="log_connections = on"`
			`notify: Restart postgresql`
			`when:`
			`- psql_listen_on_ext_int`
			`- psql_db_data is defined`
			`tags:`
			`- postgresql`
			`- postgres`
			`- pg_conf`

			`- name: Log the disconnections`
			`lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_disconnections.*$" line="log_disconnections = on"`
			`notify: Restart postgresql`
			`when:`
			`- psql_listen_on_ext_int`
			`- psql_db_data is defined`
			`tags:`
			`- postgresql`
			`- postgres`
			`- pg_conf`

			`- name: Log the hostnames`
			`lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_hostname.*$" line="log_hostname = on"`
			`notify: Restart postgresql`
			`when:`
			`- psql_listen_on_ext_int`
			`- psql_db_data is defined`
			`tags:`
			`- postgresql`
			`- postgres`
			`- pg_conf`

			`- name: Set the correct permissions to the postgresql files`
			`file: dest=/etc/postgresql/{{ psql_version }}/main/{{ item }} owner=root group=postgres mode=0640`
			`with_items:`
			`- pg_hba.conf`
			`- postgresql.conf`
			`tags:`
			`- postgresql`
			`- postgres`
			`- pg_hba`