From 27a82ad23922baf6a67a3a97a282d344be7a7a26 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 19 Nov 2019 13:48:53 +0100 Subject: [PATCH] Manage the postgresql firewalld rule directly in the postgresql role. --- library/roles/postgresql/defaults/main.yml | 1 + library/roles/postgresql/tasks/configure-access.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/library/roles/postgresql/defaults/main.yml b/library/roles/postgresql/defaults/main.yml index a674771f..1cff820d 100644 --- a/library/roles/postgresql/defaults/main.yml +++ b/library/roles/postgresql/defaults/main.yml @@ -229,3 +229,4 @@ pg_backup_use_auth: "no" pg_backup_pass_file: /root/.pgpass pg_backup_use_nagios: "yes" +postgresql_firewalld_zone: '{{ firewalld_default_zone }}' diff --git a/library/roles/postgresql/tasks/configure-access.yml b/library/roles/postgresql/tasks/configure-access.yml index 74384a17..384aa723 100644 --- a/library/roles/postgresql/tasks/configure-access.yml +++ b/library/roles/postgresql/tasks/configure-access.yml @@ -1,4 +1,10 @@ --- +- name: Open the postgresql service to a specific zone. + firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True + when: + - psql_listen_on_ext_int | bool + - firewalld_enabled | bool + - name: Give access to the remote postgresql client lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" with_subelements: