91 lines
3.7 KiB
YAML
91 lines
3.7 KiB
YAML
|
---
|
||
|
- name: Open the postgresql service to a specific zone.
|
||
|
firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
|
||
|
when:
|
||
|
- psql_listen_on_ext_int | bool
|
||
|
- firewalld_enabled | bool
|
||
|
|
||
|
- name: Give access to the remote postgresql client
|
||
|
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||
|
with_subelements:
|
||
|
- '{{ psql_db_data | default([]) }}'
|
||
|
- allowed_hosts
|
||
|
when:
|
||
|
- psql_listen_on_ext_int | bool
|
||
|
- psql_db_data is defined
|
||
|
- item.1 is defined
|
||
|
- not psql_force_ssl_client_connection | bool
|
||
|
notify: Reload postgresql
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||
|
|
||
|
- name: Give access to the remote postgresql client, force ssl
|
||
|
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||
|
with_subelements:
|
||
|
- '{{ psql_db_data | default([]) }}'
|
||
|
- allowed_hosts
|
||
|
when:
|
||
|
- psql_listen_on_ext_int | bool
|
||
|
- psql_db_data is defined
|
||
|
- item.1 is defined
|
||
|
- psql_force_ssl_client_connection | bool
|
||
|
notify: Reload postgresql
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||
|
|
||
|
# No conditionals, it is needed to perform base backups when the WAL archive is active
|
||
|
- name: Give local access with replication privileges to the postgres user
|
||
|
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
|
||
|
notify: Reload postgresql
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||
|
|
||
|
- name: Set the postgresql listen port
|
||
|
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
|
||
|
register: restart_postgresql
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||
|
|
||
|
- name: We want postgres listen on the public IP
|
||
|
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
|
||
|
register: restart_postgresql
|
||
|
when:
|
||
|
- psql_listen_on_ext_int | bool
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||
|
|
||
|
- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
|
||
|
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
|
||
|
register: restart_postgresql
|
||
|
when:
|
||
|
- not psql_listen_on_ext_int | bool
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||
|
|
||
|
- name: Log the connections
|
||
|
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on"
|
||
|
register: restart_postgresql
|
||
|
when: psql_db_data is defined
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||
|
|
||
|
- name: Log the disconnections
|
||
|
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on"
|
||
|
register: restart_postgresql
|
||
|
when: psql_db_data is defined
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||
|
|
||
|
- name: Log the hostnames
|
||
|
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on"
|
||
|
register: restart_postgresql
|
||
|
when:
|
||
|
- psql_listen_on_ext_int | bool
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||
|
|
||
|
- name: Set the correct permissions to the postgresql files
|
||
|
file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
|
||
|
with_items:
|
||
|
- pg_hba.conf
|
||
|
- postgresql.conf
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|
||
|
|
||
|
- name: Restart the postgresql server after changing parameters that need a restart
|
||
|
service: name=postgresql state=restarted
|
||
|
when:
|
||
|
- restart_postgresql is changed
|
||
|
ignore_errors: True
|
||
|
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]
|