library/roles/postgresql: Fix the ssl key permissions.

This commit is contained in:
Andrea Dell'Amico 2017-01-19 16:43:04 +01:00
parent 5ffd2eee27
commit 4edbd0350a
3 changed files with 4 additions and 0 deletions

View File

@ -21,6 +21,7 @@ fi
echo "Copy the key file" >> $LE_LOG_DIR/pgpool2.log echo "Copy the key file" >> $LE_LOG_DIR/pgpool2.log
cp ${LE_CERTS_DIR}/privkey ${PGPOOL2_KEYFILE} cp ${LE_CERTS_DIR}/privkey ${PGPOOL2_KEYFILE}
chmod 440 ${PGPOOL2_KEYFILE} chmod 440 ${PGPOOL2_KEYFILE}
chown root ${PGPOOL2_KEYFILE}
chgrp postgres ${PGPOOL2_KEYFILE} chgrp postgres ${PGPOOL2_KEYFILE}
echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log

View File

@ -21,6 +21,7 @@ fi
echo "Copy the key file" >> $LE_LOG_DIR/postgresql.log echo "Copy the key file" >> $LE_LOG_DIR/postgresql.log
cp ${LE_CERTS_DIR}/privkey ${POSTGRESQL_KEYFILE} cp ${LE_CERTS_DIR}/privkey ${POSTGRESQL_KEYFILE}
chmod 440 ${POSTGRESQL_KEYFILE} chmod 440 ${POSTGRESQL_KEYFILE}
chown root ${POSTGRESQL_KEYFILE}
chgrp postgres ${POSTGRESQL_KEYFILE} chgrp postgres ${POSTGRESQL_KEYFILE}
echo "Reload the postgresql service" >> $LE_LOG_DIR/postgresql.log echo "Reload the postgresql service" >> $LE_LOG_DIR/postgresql.log

View File

@ -2,6 +2,7 @@
- name: Create the acme hooks directory if it does not yet exist - name: Create the acme hooks directory if it does not yet exist
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
when: when:
- psql_pgpool_service_install
- pgpool_letsencrypt_managed - pgpool_letsencrypt_managed
- letsencrypt_acme_install - letsencrypt_acme_install
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ] tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]
@ -9,6 +10,7 @@
- name: Install a script that fix the letsencrypt certificate for postgresql and then reload the service - name: Install a script that fix the letsencrypt certificate for postgresql and then reload the service
copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555 copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
when: when:
- psql_pgpool_service_install
- pgpool_letsencrypt_managed - pgpool_letsencrypt_managed
- letsencrypt_acme_install - letsencrypt_acme_install
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ] tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]