ansible-role-postgresql/tasks/postgresql-ssl-config.yml

---
- block:
    - name: Setup SSL in the postgresql configuration
      become: True
      become_user: postgres
      action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
      with_items: '{{ psql_conf_ssl_parameters }}'
      notify: Restart postgresql
      when: ansible_distribution_file_variety == "Debian"

    - name: Setup SSL in the postgresql configuration
      become: True
      become_user: postgres
      action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
      with_items: '{{ psql_conf_ssl_parameters }}'
      notify: Restart postgresql
      when: ansible_distribution_file_variety == "RedHat"

    - name: Create the pki directory to store the postgresql key
      file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750

    - name: Create a postgres accessible ssl key file if it does not exist
      copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True

  when: psql_enable_ssl
  tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]


- block:
    - name: Disable SSL in the postgresql configuration
      become: True
      become_user: postgres
      action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
      with_items: '{{ psql_conf_disable_ssl_parameters }}'
      notify: Restart postgresql
      when: ansible_distribution_file_variety == "Debian"

    - name: Disable SSL in the postgresql configuration
      become: True
      become_user: postgres
      action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
      with_items: '{{ psql_conf_disable_ssl_parameters }}'
      notify: Restart postgresql
      when: ansible_distribution_file_variety == "RedHat"

  when: not psql_enable_ssl
  tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]
Import the old role, Ubuntu only. 2020-06-03 19:53:13 +02:00			`---`
			`- block:`
			`- name: Setup SSL in the postgresql configuration`
			`become: True`
			`become_user: postgres`
Add support for CentOS. 2020-07-30 14:14:39 +02:00			`action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"`
Import the old role, Ubuntu only. 2020-06-03 19:53:13 +02:00			`with_items: '{{ psql_conf_ssl_parameters }}'`
			`notify: Restart postgresql`
Add support for CentOS. 2020-07-30 14:14:39 +02:00			`when: ansible_distribution_file_variety == "Debian"`

			`- name: Setup SSL in the postgresql configuration`
			`become: True`
			`become_user: postgres`
			`action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"`
			`with_items: '{{ psql_conf_ssl_parameters }}'`
			`notify: Restart postgresql`
			`when: ansible_distribution_file_variety == "RedHat"`
Import the old role, Ubuntu only. 2020-06-03 19:53:13 +02:00
			`- name: Create the pki directory to store the postgresql key`
			`file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750`

			`- name: Create a postgres accessible ssl key file if it does not exist`
			`copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True`

			`when: psql_enable_ssl`
			`tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]`


			`- block:`
			`- name: Disable SSL in the postgresql configuration`
			`become: True`
			`become_user: postgres`
Add support for CentOS. 2020-07-30 14:14:39 +02:00			`action: configfile path={{ psql_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"`
			`with_items: '{{ psql_conf_disable_ssl_parameters }}'`
			`notify: Restart postgresql`
			`when: ansible_distribution_file_variety == "Debian"`

			`- name: Disable SSL in the postgresql configuration`
			`become: True`
			`become_user: postgres`
			`action: configfile path={{ psql_el_conf_dir }}/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"`
Import the old role, Ubuntu only. 2020-06-03 19:53:13 +02:00			`with_items: '{{ psql_conf_disable_ssl_parameters }}'`
			`notify: Restart postgresql`
Add support for CentOS. 2020-07-30 14:14:39 +02:00			`when: ansible_distribution_file_variety == "RedHat"`
Import the old role, Ubuntu only. 2020-06-03 19:53:13 +02:00
			`when: not psql_enable_ssl`
			`tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]`