Ensure the correct permissions of the config files.
This commit is contained in:
parent
c103c9bdf0
commit
f3c6ddd67b
|
@ -2,7 +2,7 @@
|
|||
- name: Configure accesses on Deb/Ubuntu
|
||||
block:
|
||||
- name: Give access to the remote postgresql client
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
|
@ -15,7 +15,7 @@
|
|||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
- name: Give access to the remote postgresql client, force ssl
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
|
@ -29,7 +29,7 @@
|
|||
|
||||
# No conditionals, it is needed to perform base backups when the WAL archive is active
|
||||
- name: Give local access with replication privileges to the postgres user
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
|
||||
lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" owner=root group=postgres mode='0440'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
|
@ -44,7 +44,7 @@
|
|||
- firewalld_enabled
|
||||
|
||||
- name: Give access to the remote postgresql client
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
|
@ -57,7 +57,7 @@
|
|||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
- name: Give access to the remote postgresql client, force ssl
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" owner=root group=postgres mode='0440'
|
||||
with_subelements:
|
||||
- '{{ psql_db_data | default([]) }}'
|
||||
- allowed_hosts
|
||||
|
@ -71,12 +71,12 @@
|
|||
|
||||
# No conditionals, it is needed to perform base backups when the WAL archive is active
|
||||
- name: Remove the ident authentication for the local connections
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local.*?all.*?ident$" state=absent
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local.*?all.*?ident$" state=absent owner=root group=postgres mode='0440'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
- name: Give local access with replication privileges to the postgres user
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
|
||||
lineinfile: name={{ psql_el_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer" owner=root group=postgres mode='0440'
|
||||
notify: Reload postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
||||
|
||||
|
|
|
@ -52,6 +52,10 @@
|
|||
notify: Restart postgresql with pgpool config
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]
|
||||
|
||||
- name: Ensure that the postgresql config file has the correct permissions
|
||||
file: dest={{ psql_conf_dir }}/postgresql.conf owner=root group=postgres mode='0440
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf', 'pgpool' ]
|
||||
|
||||
- name: Add the pgpool postgres extensions to the template1 dbs
|
||||
become: True
|
||||
become_user: postgres
|
||||
|
|
Loading…
Reference in New Issue