library/roles/postgresql: Fix the configuration tasks to use the configfile module

library/roles/iptables: Create rules for postgresql even if the service listens on localhost only.

iptables/templates/iptables-rules.v4.j2

@@ -57,6 +57,7 @@
 {% endfor %}
 {% endfor %}
 {% endif %}
+-A INPUT -m state --state NEW -s {{ ansible_default_ipv4.address }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
 -A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
 {% endif %}
 

postgresql/defaults/main.yml

@@ -1,13 +1,13 @@
 ---
 
-pg_use_postgresql_org_repo: False
+pg_use_postgresql_org_repo: True
 
 # 9.3 is the default version for Ubuntu trusty
 # It is highly recommended to use the postgresql.org repositories
 #
 # See the features matrix here: http://www.postgresql.org/about/featurematrix/
 #
-psql_version: 9.3
+psql_version: 9.4
 psql_db_host: localhost
 psql_db_port: 5432
 psql_db_size_w: 150000000

postgresql/tasks/configure-access.yml

@@ -21,7 +21,7 @@
     - pg_hba
 
 - name: We want postgres listen on the public IP
-  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = '*'"
+  action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=listen_addresses value="*"
   notify: Restart postgresql
   when:
     - psql_listen_on_ext_int
@@ -32,7 +32,7 @@
     - pg_conf
 
 - name: If postgresql is only accessed from localhost make it listen only on the localhost interface
-  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = 'localhost'"
+  action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=listen_addresses value="localhost"
   notify: Restart postgresql
   when:
     - not psql_listen_on_ext_int
@@ -43,29 +43,25 @@
     - pg_conf
 
 - name: Log the connections
-  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_connections.*$" line="log_connections = on"
+  action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_connections value="on"
   notify: Restart postgresql
-  when:
+  when: psql_db_data is defined
-    - psql_listen_on_ext_int
-    - psql_db_data is defined
   tags:
     - postgresql
     - postgres
     - pg_conf
 
 - name: Log the disconnections
-  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_disconnections.*$" line="log_disconnections = on"
+  action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_disconnections value="on"
   notify: Restart postgresql
-  when:
+  when: psql_db_data is defined
-    - psql_listen_on_ext_int
-    - psql_db_data is defined
   tags:
     - postgresql
     - postgres
     - pg_conf
 
 - name: Log the hostnames
-  lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_hostname.*$" line="log_hostname = on"
+  action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key=log_hostname value="on"
   notify: Restart postgresql
   when:
     - psql_listen_on_ext_int

postgresql/templates/pg_backup-default.j2

@@ -7,7 +7,7 @@ LOG_DIR={{ pg_backup_logdir }}
 LOG_FILE={{ pg_backup_logfile}}
 N_DAYS_TO_SPARE={{ pg_backup_retain_copies }}
 BUILD_DBLIST={{ pg_backup_build_db_list }}
-DB_LIST={{ pg_backup_db_list }}
+DB_LIST="{{ pg_backup_db_list }}"
 PG_USE_AUTH={{ pg_backup_use_auth }}
 PG_PASS_FILE={{ pg_backup_pass_file }}
 BACKUPDIR={{ pg_backup_destdir }}