diff --git a/postgresql/files/pgpool-letsencrypt-acme.sh b/postgresql/files/pgpool-letsencrypt-acme.sh index 4093f67b..38ac48b9 100644 --- a/postgresql/files/pgpool-letsencrypt-acme.sh +++ b/postgresql/files/pgpool-letsencrypt-acme.sh @@ -21,6 +21,7 @@ fi echo "Copy the key file" >> $LE_LOG_DIR/pgpool2.log cp ${LE_CERTS_DIR}/privkey ${PGPOOL2_KEYFILE} chmod 440 ${PGPOOL2_KEYFILE} +chown root ${PGPOOL2_KEYFILE} chgrp postgres ${PGPOOL2_KEYFILE} echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log diff --git a/postgresql/files/postgresql-letsencrypt-acme.sh b/postgresql/files/postgresql-letsencrypt-acme.sh index 571cc2d7..a84824c9 100644 --- a/postgresql/files/postgresql-letsencrypt-acme.sh +++ b/postgresql/files/postgresql-letsencrypt-acme.sh @@ -21,6 +21,7 @@ fi echo "Copy the key file" >> $LE_LOG_DIR/postgresql.log cp ${LE_CERTS_DIR}/privkey ${POSTGRESQL_KEYFILE} chmod 440 ${POSTGRESQL_KEYFILE} +chown root ${POSTGRESQL_KEYFILE} chgrp postgres ${POSTGRESQL_KEYFILE} echo "Reload the postgresql service" >> $LE_LOG_DIR/postgresql.log diff --git a/postgresql/tasks/pgpool-letsencrypt-acmetool.yml b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml index dc2f333d..5da2a8e7 100644 --- a/postgresql/tasks/pgpool-letsencrypt-acmetool.yml +++ b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml @@ -2,6 +2,7 @@ - name: Create the acme hooks directory if it does not yet exist file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root when: + - psql_pgpool_service_install - pgpool_letsencrypt_managed - letsencrypt_acme_install tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ] @@ -9,6 +10,7 @@ - name: Install a script that fix the letsencrypt certificate for postgresql and then reload the service copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555 when: + - psql_pgpool_service_install - pgpool_letsencrypt_managed - letsencrypt_acme_install tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]