From b585baee9be96a9f1c4636d3ad3df7a7086ac5cc Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 12 Dec 2019 13:53:24 +0100
Subject: [PATCH] postgresql and postgresql db: fix the letsencrypt
 configuration, new default version.

---
 library/roles/postgresql-db/defaults/main.yml         |  2 +-
 library/roles/postgresql/defaults/main.yml            |  4 ++--
 .../postgresql/files/postgresql-letsencrypt-acme.sh   | 11 ++---------
 3 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/library/roles/postgresql-db/defaults/main.yml b/library/roles/postgresql-db/defaults/main.yml
index 6e5d1871..0e597f3f 100644
--- a/library/roles/postgresql-db/defaults/main.yml
+++ b/library/roles/postgresql-db/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 psql_db_port: 5432
-psql_version: 9.6
+psql_version: 11
 psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main'
 psql_force_ssl_client_connection: False
 
diff --git a/library/roles/postgresql/defaults/main.yml b/library/roles/postgresql/defaults/main.yml
index 1cff820d..44ab1490 100644
--- a/library/roles/postgresql/defaults/main.yml
+++ b/library/roles/postgresql/defaults/main.yml
@@ -12,7 +12,7 @@ psql_pgpool_pkg_state: installed
 #
 # See the features matrix here: http://www.postgresql.org/about/featurematrix/
 #
-psql_version: 10
+psql_version: 11
 psql_db_host: localhost
 psql_db_port: 5432
 psql_db_size_w: 150000000
@@ -66,7 +66,7 @@ postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}'
 psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
 psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
 psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
-psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
+psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain'
 psql_conf_ssl_parameters: 
   - { name: 'ssl', value: 'true' }
   - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' }
diff --git a/library/roles/postgresql/files/postgresql-letsencrypt-acme.sh b/library/roles/postgresql/files/postgresql-letsencrypt-acme.sh
index a3c227ea..1d3a2674 100644
--- a/library/roles/postgresql/files/postgresql-letsencrypt-acme.sh
+++ b/library/roles/postgresql/files/postgresql-letsencrypt-acme.sh
@@ -12,23 +12,16 @@ DATE=$( date )
 [ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
 echo "$DATE" >> $LE_LOG_DIR/postgresql.log
 
-if [ -f /etc/default/letsencrypt ] ; then
-    . /etc/default/letsencrypt
-else
-    echo "No letsencrypt default file" >> $LE_LOG_DIR/postgresql.log
-fi
-
 echo "Copy the key file" >> $LE_LOG_DIR/postgresql.log
 cp ${LE_CERTS_DIR}/privkey  ${POSTGRESQL_KEYFILE}
 chmod 440 ${POSTGRESQL_KEYFILE}
 chown root ${POSTGRESQL_KEYFILE}
 chgrp postgres ${POSTGRESQL_KEYFILE}
 
+# We assume we are dealing with postgresql 10 or later
 echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log
 if [ -x /bin/systemctl ] ; then
-    systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
-else
-    service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1
+    systemctl reload postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
 fi
 
 echo "Done." >> $LE_LOG_DIR/postgresql.log