Manage the postgresql firewalld rule directly in the postgresql role.

2019-11-19 13:48:53 +01:00 · 2019-11-19 13:48:53 +01:00 · 27a82ad239
parent 659e50755e
commit 27a82ad239
2 changed files with 7 additions and 0 deletions
--- a/library/roles/postgresql/defaults/main.yml
+++ b/library/roles/postgresql/defaults/main.yml
@ -229,3 +229,4 @@ pg_backup_use_auth: "no"
 pg_backup_pass_file: /root/.pgpass
 pg_backup_use_nagios: "yes"

+postgresql_firewalld_zone: '{{ firewalld_default_zone }}'
--- a/library/roles/postgresql/tasks/configure-access.yml
+++ b/library/roles/postgresql/tasks/configure-access.yml
@ -1,4 +1,10 @@
 ---
+- name: Open the postgresql service to a specific zone.
+  firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
+  when:
+    - psql_listen_on_ext_int | bool
+    - firewalld_enabled | bool
+
 - name: Give access to the remote postgresql client
  lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
  with_subelements: