Manage the postgresql firewalld rule directly in the postgresql role.

This commit is contained in:
Andrea Dell'Amico 2019-11-19 13:48:53 +01:00
parent 659e50755e
commit 27a82ad239
2 changed files with 7 additions and 0 deletions

View File

@ -229,3 +229,4 @@ pg_backup_use_auth: "no"
pg_backup_pass_file: /root/.pgpass
pg_backup_use_nagios: "yes"
postgresql_firewalld_zone: '{{ firewalld_default_zone }}'

View File

@ -1,4 +1,10 @@
---
- name: Open the postgresql service to a specific zone.
firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
when:
- psql_listen_on_ext_int | bool
- firewalld_enabled | bool
- name: Give access to the remote postgresql client
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
with_subelements: