From e53c5a3f631518045a096db51d885593067597be Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 22 Jun 2015 14:49:59 +0200 Subject: [PATCH] library/roles/postgresql: Fix the configuration tasks to use the configfile module library/roles/iptables: Create rules for postgresql even if the service listens on localhost only. --- iptables/templates/iptables-rules.v4.j2 | 1 + postgresql/defaults/main.yml | 4 ++-- postgresql/tasks/configure-access.yml | 18 +++++++----------- postgresql/templates/pg_backup-default.j2 | 2 +- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2 index 5de5308..a0f60d2 100644 --- a/iptables/templates/iptables-rules.v4.j2 +++ b/iptables/templates/iptables-rules.v4.j2 @@ -57,6 +57,7 @@ {% endfor %} {% endfor %} {% endif %} +-A INPUT -m state --state NEW -s {{ ansible_default_ipv4.address }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT -A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP {% endif %} diff --git a/postgresql/defaults/main.yml b/postgresql/defaults/main.yml index add4550..59e9204 100644 --- a/postgresql/defaults/main.yml +++ b/postgresql/defaults/main.yml @@ -1,13 +1,13 @@ --- -pg_use_postgresql_org_repo: False +pg_use_postgresql_org_repo: True # 9.3 is the default version for Ubuntu trusty # It is highly recommended to use the postgresql.org repositories # # See the features matrix here: http://www.postgresql.org/about/featurematrix/ # -psql_version: 9.3 +psql_version: 9.4 psql_db_host: localhost psql_db_port: 5432 psql_db_size_w: 150000000 diff --git a/postgresql/tasks/configure-access.yml b/postgresql/tasks/configure-access.yml index 903dac2..bc6c71e 100644 --- a/postgresql/tasks/configure-access.yml +++ b/postgresql/tasks/configure-access.yml @@ -21,7 +21,7 @@ - pg_hba - name: We want postgres listen on the public IP - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = '*'" + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=listen_addresses value="*" notify: Restart postgresql when: - psql_listen_on_ext_int @@ -32,7 +32,7 @@ - pg_conf - name: If postgresql is only accessed from localhost make it listen only on the localhost interface - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = 'localhost'" + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=listen_addresses value="localhost" notify: Restart postgresql when: - not psql_listen_on_ext_int @@ -43,29 +43,25 @@ - pg_conf - name: Log the connections - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_connections.*$" line="log_connections = on" + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_connections value="on" notify: Restart postgresql - when: - - psql_listen_on_ext_int - - psql_db_data is defined + when: psql_db_data is defined tags: - postgresql - postgres - pg_conf - name: Log the disconnections - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_disconnections.*$" line="log_disconnections = on" + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_disconnections value="on" notify: Restart postgresql - when: - - psql_listen_on_ext_int - - psql_db_data is defined + when: psql_db_data is defined tags: - postgresql - postgres - pg_conf - name: Log the hostnames - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_hostname.*$" line="log_hostname = on" + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_hostname value="on" notify: Restart postgresql when: - psql_listen_on_ext_int diff --git a/postgresql/templates/pg_backup-default.j2 b/postgresql/templates/pg_backup-default.j2 index 6858224..c9264b8 100644 --- a/postgresql/templates/pg_backup-default.j2 +++ b/postgresql/templates/pg_backup-default.j2 @@ -7,7 +7,7 @@ LOG_DIR={{ pg_backup_logdir }} LOG_FILE={{ pg_backup_logfile}} N_DAYS_TO_SPARE={{ pg_backup_retain_copies }} BUILD_DBLIST={{ pg_backup_build_db_list }} -DB_LIST={{ pg_backup_db_list }} +DB_LIST="{{ pg_backup_db_list }}" PG_USE_AUTH={{ pg_backup_use_auth }} PG_PASS_FILE={{ pg_backup_pass_file }} BACKUPDIR={{ pg_backup_destdir }}